Example: Modeling Non-Fatal Failure Modes

By default, any failure modes that are added to a Reliability element are automatically added as Internal Requirements in the element's "Operating Requirements" tree. In particular, GoldSim automatically inserts a "Not" condition in the internal requirements portion of the requirements tree: Not ~Failed[n], where n is the failure mode.

This implies that the failure mode is assumed to be fatal to the component (i.e., if the failure mode occurs, the component itself fails and is no longer operative). That is, by default, whenever you add a failure mode, GoldSim treats it as if it is a fatal failure mode.

In some cases, however, the failure mode may not be fatal to the component (i.e., when the failure mode occurs, it does not cause the component itself to fail). This type of situation can be modeled by simply removing references to non-fatal failure modes from the Requirements tree.

Let's consider two examples.

First, let's consider a case where you are modeling a component that gets turned On and Off, and a particular failure mode causes the component to fail On (i.e., it continues to operate, but it is "stuck" On and cannot be turned Off).

The model file FailsOn.gsm, found in the Reliability Examples folder in your GoldSim directory (accessed by selecting File | Open Example... from the main menu), illustrates such a case. In this model, the component is turned on every ten days, and turned off 5 days after being turned on. A single failure mode is defined. It is not fatal to the component (it has been removed from the Internal Requirements). However, when defining the Off trigger for the component, the failure mode is directly referenced as a Required Condition:

In the realization A single model run within a Monte Carlo simulation. It represents one possible path the system could follow through time. below, you will see that the component successfully turns on and off several times, but due to the occurrence of a failure around 50 days, it is "stuck" in the On position and never turns off again:

Now let's consider second example where a failure, while not fatal, reduces the capacity or performance of some internal component of the system. The model file FailedOutput.gsm, found in the Reliability Examples folder in your GoldSim directory (accessed by selecting File | Open Example... from the main menu), illustrates such a case.

In this model, a component has a single failure mode that is not fatal, but it does impact the throughput of material through the component. This is done by referencing the failure state variable The output of an element in GoldSim whose value is computed based on the historical value of the element’s inputs (as opposed to only being a function of the current value of the element’s inputs). State variables have well-defined initial conditions. Feedback loops can only be created if they contain at least one state variable. in an If statement describing the throughput:

The failure mode reduces the throughput from 1000 m3/hr to 400 m3/hr. The failure is assumed to be exponential with a rate of once every 30 days. It is repaired in approximately 5 days. A typical realization of the throughput is shown below: