The present invention relates to an apparatus for simulating the failure or satisfactory operation of a logic system. This apparatus makes it possible to simulate a system incorporating a plurality of interconnected logic components, by subjecting the latter to events, such as failures or repairs. These events are simulated by combined level 0 and level 1 logic signals in sequences. These simulation signals make it possible to determine the sequences for which the bringing into a failure or satisfactory repair operation state of one or more components of the system leads to the failure or satisfactory repair operation of the system or vice versa.
It is known that for simulating the failure or satisfactory operation of a mechanical, hydraulic or similar system, it is often necessary to replace this system by a simulation apparatus incorporating a group of logic means equivalent to the components of the system. Each of these means comprises simulation inputs to which are applied simulation signals, whose logic states respectively represent either the failure, or the satisfactory repair operation of the components which is wished to simulate. These logic means are interconnected in such a way that on one common output, signals resulting from the simulation of the failures or satisfactory repair operations of the different components have a logic state corresponding either to the failure state, or to the satisfactory operation state of the simulated system.
Thus, the apparatus according to the invention makes it possible to simulate all the systems able to operate on the basis of the reception in sequence of combined level 0 or 1 logic signals.
It is known that the failure or satisfactory operation of the components of a system can be simulated by signals occurring either simultaneously, or separately. The failure of a system is studied by applying level 0 or 1 signals to the inputs of a simulation apparatus in order to simulate the failure (breakdown) or satisfactory operation (repair) of the corresponding components of the system. For each of the combinations of logic simulation signals applied to the inputs of the simulation apparatus, the response of the apparatus (logic level 0 or 1) of the output signal thereof) is analysed, to establish whether it is a question of a combination of logic signals which may or may not lead to the failure of the system. The list of combinations of level 0 or 1 logic signals associated with the responses of the apparatus makes it possible to analyze the simulated system for reliability studies.
These simulation apparatuses are particularly useful in nuclear power stations, aircraft, oil field investigation systems, etc, in which it is necessary to use security or control systems having a high degree of reliability and consequently, for this reason, redundant channels. The latter make it possible to ensure that a failure of one of the components of one of the channels does not prevent the system from triggering the desired security or control action. These redundant channels also make it possible to repair or check one or more channels, without preventing the desired security or control action during said check or repair.
Different methods have been used for analyzing the reliability of control or security systems. Unfortunately, these methods generally use the so-called failure tree principle, which requires the use of a power computer, when the system to be checked is complex. These difficulties are described in the article by P.K. ANDOW entitled "Difficulties in fault tree synthesis for process plant", published in the Journal IEEE Transactions on Reliability, Vol. R29, April 1980, pp. 2 to 9.
The difficulties appearing in the reliability analysis of a system on the basis of the failure tree of this system can be surmounted as a result of the use of wired simulation apparatuses or circuits equivalent to the system to be analyzed. These circuits are described e.g. in the article entitled "Verification of fault tree analysis", published in the Journal EPRI-NP-1570, Vols 1 and 2, May 1981 by the Electric Power Research Institute. These simulation apparatuses or devices make it possible to obviate the design of a failure tree of a system. However, they have very limited performance characteristics, because they only permit a reliability study of systems having at the most 20 components.
More recently, a combined logic signal generator has been developed, which makes it possible to investigate the reliability of systems on the basis of simulation circuits or apparatuses. This generator is described in the article by A. LAVIRON, entitled "ESCAF-Failure simulation and reliability calculation device" 2nd National Reliability Conference, Birmingham, England, Vol. 2 March 1979, pp. 6C/4/1 - 6C/4/10. This combined logic signal generator makes it possible to study the reliability of complex systems via logic simulation circuits or apparatuses. On N of its outputs, it supplies all the possible combinations of P logic signals of level 1 and N-p logic signals of level 0. As a function of sought reliability tests, these logic signals are applied to the inputs of components of the simulation apparatus, so as to simulate either the satisfactory operation of each component for example (logic level 0 of the signal applied to one input of the component), or the failure of each component (logic level 1 applied to the input of said component). These logic signals simulating the failure or satisfactory operation of one or more components of the simulated systems make it possible to observe on the output of the simulation apparatus whether the failure or satisfactory operation of one or more components of the system leads to the failure (breakdown) or satisfactory operation (repair) of said system. The aforementioned generator only permits the simulation of events (failure or satisfactory operation of components of a system) which occur simultaneously for investigations in which the arrival order of the events is not significant. This generator, which constitutes an obvious advance compared with simulation systems using power computers (e.g. of the CRAY I type) still does not make it possible to simulate events (failure or satisfactory operation of components of a system), which occur successively or sequentially. However, it is often necessary in a reliability study of the system to involve failure or satisfactory operation sequences in which the order of arrival of the events is of great importance for the reliability study. The simulation technique (failure tree) used with the aforementioned generator cannot then be used. These known techniques require the drawing up of a MARKOV diagram, which is generally very complex and which cannot be prepared for a system which has numerous components.
More recently, a combined logic signal sequential generator has been developed and is described in U.S. patent application Ser. No. 746,307 filed on June 19, 1985 in the name of the same Applicant. It makes it possible to supply combined simulation signals in sequence.