Average probability of a dangerous failure on demand: Different modelling methods, similar results
This work provides practical guidance for engineers in functional safety by showing that method choice should balance effort and objectives, rather than rely on dogmatic assumptions, though it is incremental as it compares existing techniques without introducing new ones.
The paper compared four modeling methods for estimating the average probability of dangerous failure on demand (PFDavg) in safety-critical systems, finding that all methods yielded very similar results, with differences likely due to modeling assumptions rather than inherent accuracy.
According to the IEC 61508 functional safety standard, it is required to estimate the achieved safety integrity of the system due to random hardware failures. For a safety function operating in a low demand mode, this measure is the average probability of a dangerous failure on demand (PFDavg). In the present paper, four techniques have been applied to various configurations of a case study: fault tree analyses supported by GRIF/Tree, multi-phase Markov models supported by GRIF/Markov, stochastic Petri nets with predicates supported by GRIF/Petri, and approximate equations (developed by DNV and different from those given in IEC 61508) supported by OrbitSIL. It is shown that all these methods yield very similar results for PFDavg, taking the characteristics required by the standard into account. The choice of a method should therefore not be determined by dogmatic assumptions, but should result of a balance between modelling effort and objectives, given the system properties. For this task, a discussion about pros and cons of each method is proposed.