Reliability Modeling and Analysis of a Diesel Engine Design Phase Based on 4F Integration Technology

Abstract

As one of the most important components within a vehicle, diesel engines have high requirements for reliability due to the harsh operating environments. However, previous studies have mainly focused on the reliability assessment of diesel engines, while less research has been conducted on the modeling of the diesel engine reliability analysis and its management. For this reason, this paper proposes a comprehensive method for reliability analysis and its management based on the use of 4F integration technology in the early stages of diesel engine design. First of all, an expert group used FEMCA (failure mode, effects and criticality analysis) and FHA (functional hazard analysis) to find the most harmful level of fault mode. At the same time, a new method for the repair of dynamic fault trees to find the weak links at the component level was developed. Finally, a FRACAS (fracture report analysis and corrective action system) was used during the above analysis process. By applying this method to the reliability assessment of a diesel engine in the design stage, the problems of failure information feedback and the reuse of failure information in the actual reliability assessment can be solved.

1. Introduction

Vehicle diesel engines [1] are mainly used in the transportation industry and represent the main driving force for heavy vehicles. A variety of factors are considered when selecting a diesel engine for a heavy vehicle, including the reliability and availability of the engine, the maintenance and installation costs of the engine, and the running costs of the engine. However, the operating and maintenance costs of each diesel engine are very important for vehicle operation. This is why transport companies are committed to developing and improving engine performance to suit their operations and optimize engine performance control. Improving engine performance is the key to ensuring the best results during use and predicting faults in time to extend the service life of the vehicle. Therefore, it is necessary to focus on improving the reliability of vehicle diesel engines. The most effective way to improve the working reliability of a diesel engine is to introduce the concept of reliability at the design stage [2] and to prevent potential hazards by using the corresponding reliability calculations and analyses (reducing the costs of product manufacture and improving the reliability of the product life cycle in the process). In this regard, the reliability analysis and its management at the design stage are particularly important. Therefore, in this study, 4F integration technology was used to control the reliability of a diesel engine at the design stage.

Various methods for evaluating the qualitative analyses of faults in new systems exist in the literature. The most commonly used qualitative fault analysis methods are FMECA and FHA [3,4], which help analysts to systematically identify fault modes and assess their hazards. These two methods usually rely on the experience of the researchers who are involved in the development of new systems to determine the degree of damage that is caused by new system failure modes. FMECA is an inductive and unstructured method for identifying failure modes and design weaknesses [5], while FHA is a method for identifying the fault effects of each function at each operational stage and classifying the severity of those fault effects [6]. Therefore, FMECA conducts a failure hazard analysis for the design phase of new systems, while FHA focuses on assessing the hazards that are associated with the system operations.

On the other hand, FTA and FRACAS [7] are also commonly used tools for the reliability evaluation of new systems. The former is a bottom-up approach that uses logic gates and event causes to simulate failure relationships between the entire system and its components [8]. This enables the determination of the time at which the entire system least expects to suffer a fault, using quantitative reliability information (e.g., failure rate) for each component as the input. A FRACAS [9], however, is a reliability technology that plans, organizes, and procedurally investigates, verifies, analyzes, and corrects faults after system failures, guarantees the accuracy of fault cause analyses and the effectiveness of corrective measures, implements closed-loop controls for faults, and completely eliminates the causes of the faults. The essence of a FRACAS is to report product faults accurately, identify the cause of the faults through analysis, and determine, implement, and verify corrective measures in time to reduce or prevent the recurrence of the faults. Therefore, the purpose of establishing a [10] FRACAS is to carry out strict zero management for faults that occur during product development and production. Reporting, finding the cause, and correcting and preventing duplication are required in time to increase product reliability and ensure that product reliability and maintainability.

Different applications of FMECA within vehicle system reliability assessment can be found in the relevant literature. Among them, Sharma presented a literature review on the application development of FMECA [11]. In particular, an excellent FMECA team was mentioned in the paper who efficiently identified the faults in a new system design. As mentioned earlier, the advantages of using FMECA in the reliability evaluation process are that it can identify the root causes of the failures and develop corrective actions, as well as helping the reliability analysis to be conducted efficiently through interventions at the system design stage. For example, in the failure analysis of a heavy-duty diesel engine piston [12], the use of FMECA to identify the piston failure modes reduced the engine maintenance costs. In addition, scholars [13] have also assessed the risks of vehicles in operation. Scholars have also used fuzzy FMECA to identify the potential failure modes and hazards of a vehicle turbocharger [14] and a fighter engine [15]. Lastly, FMECA was applied to identify the failure modes and hazards of key components in an automotive diesel engine [16].

FHA is widely used for the risk assessment of new systems [17]. The authors of [18,19] summarized the advantages and disadvantages of using FHA in the application process. In air transportation, it provides reliable references for civil aviation flight safety to improve the safety and reliability of aircraft resistance runway mechanisms [20] and aviation aircraft systems [21]. Similarly, FHA can minimize the time that is required for civil aircraft airworthiness qualification and improve safety [22]. In addition, combined with gray system theory [23], FHA was used to establish a comprehensive application method for the safety assessment of aircraft landing gear. Lastly, the combination of FHA and system theoretical process analysis (STPA) was applied to the risk assessment of new electric vertical lift vehicles [24] in the operational stage.

FTA has a wide range of applicability within the existing literature [25]. Many studies have described the applicability of this method [26,27]. In the field of road traffic, FTA was used for the risk assessment of a gantry crane system [28], including the power system of the crane, to meet the safety requirements of the vehicle during operation. Others have also combined FTA with the Monte Carlo algorithm [29] for the risk assessment of rail vehicles, thereby minimizing the stopping time and improving the reliability of the rail vehicles. In [30], Huang analyzed the reliability of unmanned vehicles by combining state transition diagrams with FTA in order to solve the problems that are encountered in the concept design stage of unmanned vehicles, which provided some references for the design and analysis of unmanned vehicle systems. Lastly, Hu [31] used FTA to assess the potential failure risks of key power equipment in EVs and put forward comprehensive and forward-looking development recommendations for improving the safety of EVs.

In the existing studies, a FRACAS has often been used in the development and design of new complex systems [32] to facilitate fault management during system operation or maintenance. The FRACAS has often been used in combination with other reliability assessment methods in many of the existing studies and its compatibility has been documented in many references [33,34]. In the aerospace industry, a FRACAS was used to control the reliability of unmanned aerial vehicles [35] throughout their life cycle. In addition, the reliability control of locomotives and vehicles was carried out by combining a FRACAS with the FMECA method [36]. As a result, the surface method provided an increase in true reliability with the best turnaround time. Lastly, a FRACAS was combined with the FTA–FMECA method to control the reliability of a vehicle power system [37]. The test showed that this method provides a theoretical basis and technical support for the elimination of early faults in electromechanical products.

As shown in Table 1, when evaluating the safety and reliability of a new system, the combination of FTA and FMECA has been a necessary step at the design stage, but this technology has only been applied at the “primary stage”. In another study, when the comprehensive application method of FTA–FMECA was used to evaluate the reliability of a robot system [38], it could not be fed back in time in the later reliability analysis, thus highlighting the reliability problem of the system throughout its whole life cycle. In addition, this technology lacks comprehensiveness in terms of all of the risks in the analysis of different safety and risk assessments [39].

Table 1. Assessment tools for system safety and reliability.

References	Tool	System
[12]	FMECA	Diesel engine
[13]	FMECA	Vehicle
[14]	FMECA	Vehicle turbocharging
[15]	FMECA	Fighter engine
[16]	FMECA and FTA	Power plant
[20]	FHA	Aircraft resistance runway
[21]	FHA	Aircraft control system
[22]	FHA	Aircraft flight system
[23]	FHA	Aircraft landing gear
[24]	FHA	New electric vertical lift vehicles
[25]	FTA	Automatic driving vehicle control
[26]	FTA	Diesel engine turbocharging
[27]	FTA	Diesel fuel system
[28]	FTA	Gantry crane
[32]	FRACAS	Ship weapon system
[33]	FRACA and FMECA	Shipborne combat system
[34]	FRACA and FMECA	Aviation industry management system
[35]	FRACAS	UAV
[36]	FRACA and FMECA	Rail vehicle
[37]	FRACA, FMECA, and FTA	Vehicle power system

It can be inferred from the literature that the design stage of a new vehicle diesel engine needs to systematically identify risks and provide timely feedback across its whole life cycle. For the fault analysis of newly developed highly complex systems, only using a single “F” technology often leads to the following difficulties: when FMEA is applied to a complete system, it may be difficult to achieve a sufficient analysis depth to fully understand the fault behaviors; FHA pays too much attention to functions and often ignores other types of hazards; FTA has a heavy workload when analyzing a complete system; FTA relies too much on expert experience when setting top events; and a FRACAS is inefficient at evaluating failures when analyzing new systems. Therefore, the fault analysis of newly developed highly complex systems requires a more integrated hybrid method. In terms of the application of the existing “4F” technology, Zhang [40] expounded its necessity for the reliability analysis of new systems.

Therefore, in this study, 4F integration technology was adopted for the reliability analysis of a new diesel engine in the design stage. This paper is the first to use 4F integrated technology to evaluate the reliability of a vehicle diesel engine. FMECA was used to identify the functional hazards of the diesel engine, FHA was used to evaluate the failure mode analysis of the diesel engine, the failure mode was quantified by FTA, and a FRACAS was used to manage the analysis conclusions of the above technologies. The purpose of this study was to evaluate the fault hazards of the diesel engine so as to formulate corrective measures to prevent accidents. In the upcoming sections, the methods that were used in the diesel engine reliability analysis are described and the main research results are introduced and then discussed.

2. RDFTA (Repairable Dynamic Fault Tree Analysis)

This section discusses the reliability analysis of a repairable system using FTA, deduces new qualitative and quantitative RDFTA formulae on the basis of previous equations, and provides the specific process of the RDFTA reliability analysis. Bobbio et al. [41] proposed the concept of a “repair box” on the basis of a Dugan dynamic fault tree for system reliability analysis. The authors of [42,43] introduced the repair rate into the repair box and used it for the reliability analysis of mechanical and software systems, but the repair box only established a delayed FTA mechanism for the repair and maintenance time of a single component within the system and did not consider the equivalent repair rate. The RDFTA proposed in this section considers the failure rate and maintenance rate (following the index distribution) of a repairable system at the same time, which is consistent with the life cycle of a repairable system in practice.

2.1. OR Logic Gate of RDFTA

In the modeling of a repairable system, the reliability calculation formulae of the OR gate and the AND gate of a general repairable system are temporarily adopted [44]. $S_{x(i)}(t)$ represents the normal working probability of the OR gate input event $x_i(t)$ at time t, $F_{xi(t)}(t)$ is the failure state probability of the OR gate input event $x_i(t)$ at time t, ${\mu }_{x(i)}$ is the maintenance rate of the input event $x_i(t)$, and ${\lambda }_{x(i)}$ is the failure rate of the input event $x_i(t)$. $S_y(t)$ represents the normal working probability of the OR gate output event $y(t)$ at time t, $F_y(t)$ is the failure state probability of the OR gate output event $y(t)$ at time t, ${\mu }_y$ is the maintenance rate of the output event $y(t)$, and ${\lambda }_y$ is the failure rate of the output event $y(t)$ (Figure 1).

Figure 1. The RDFTA OR logic gate.

• Quantitative operation rule

In the OR logic gate, the input event $x_i(t)(i=1,2,\dots ,n)$ and output event $y(t)$ have two states: state 0 is the normal working state, while state 1 is the fault state. According to the relationship between the input and output events $x_i(t)$ and $y(t)$, a list of the quantitative operation rules of the OR gate can be obtained, as shown in Table 2.

Table 2. The quantitative operation rules of the OR gate.

Number	${\mathit{x}}_1(\mathit{t})$	${\mathit{x}}_2(\mathit{t})$	…	${\mathit{x}}_{\mathit{n}}(\mathit{t})$	$\mathit{y}(\mathit{t})$
1	0	0	…	0	0
2	0	1	…	1	1
3	1	0	…	0	1
…	…	…	…	…	…
$2^{n+1}$	1	1	…	1	1

2.

The quantitative calculation formula of the OR gate is as follows:

$$\left\{\begin{array}{c}{S}_y\left(t\right)={\displaystyle \prod _{i=1}^n}{S}_{x\left(i\right)}\left(t\right)=S_{x\left(1\right)}\left(t\right)\times S_{x\left(2\right)}\left(t\right),...,S_{x\left(n\right)}\left(t\right)\\ F_y\left(t\right)=1-S_y\left(t\right)\\ {\lambda }_y={\displaystyle \sum _{i=1}^n}{\lambda }_{x\left(i\right)}={\lambda }_{x\left(1\right)}+{\lambda }_{x\left(2\right)}\dots +{\lambda }_{x\left(n\right)}\\ {\mu }_y=\frac{{\lambda }_y\times S_y\left(t\right)}{F_y\left(t\right)}\end{array}\right.$$

(1)

2.2. AND Logic Gate of RDFTA

$S_{x(i)}(t)$ represents the normal working probability of the AND gate input event $x_i(t)$ at time t, $F_{xi(t)}(t)$ is the failure state probability of the AND gate input event $x_i(t)$ at time t, ${\mu }_{x(i)}$ is the maintenance rate of the input event $x_i(t)$, and ${\lambda }_{x(i)}$ is the failure rate of input event $x_i$. $S_y(t)$ represents the normal working probability of the AND gate output event $y(t)$ at time t, $F_y(t)$ is the failure state probability of the AND gate output event $y(t)$ at time t, ${\mu }_y(t)$ is the maintenance rate of the output event $y(t)$, and ${\lambda }_y(t)$ is the failure rate of the input event $y(t)$ (Figure 2).

Figure 2. The RDFTA AND logic gate.

• Quantitative operation rule

In the AND logic gate, the input event $x_i(t)(i=1,2,\dots ,n)$ and output event $y(t)$ have two states: state 0 is the normal working state, while state 1 is the fault state. According to the relationship between the input and output events $x_i(t)$ and $y(t)$, a list of the quantitative operation rules of the AND gate can be obtained, as shown in Table 3.

Table 3. The quantitative operation rules of the AND gate.

Number	${\mathit{x}}_1(\mathit{t}{)}_1$	${\mathit{x}}_2(\mathit{t})$	…	${\mathit{x}}_{\mathit{n}}(\mathit{t})$	$\mathit{y}(\mathit{t})$
1	0	0	…	0	0
2	0	1	…	1	1
3	1	0	…	0	1
…	…	…	…	…	…
$2^{n+1}$	1	1	…	1	1

2.

The quantitative calculation formula of the AND gate is as follows:

$$\left\{\begin{array}{c}{F}_y\left(t\right)={\displaystyle \prod _{i=1}^n}{F}_{x\left(i\right)}\left(t\right)=F_{x\left(1\right)}\left(t\right)\times F_{x\left(2\right)}\left(t\right),...,F_{x\left(n\right)}\left(t\right)\\ S_y\left(t\right)=1-F_y\left(t\right)\\ {\mu }_y={\displaystyle \sum _{i=1}^n}{\mu }_{x\left(i\right)}={\mu }_{x\left(1\right)}+{\mu }_{x\left(2\right)}\dots +{\mu }_{x\left(n\right)}\\ {\lambda }_y\left(t\right)=\frac{{\mu }_y\times F_y\left(t\right)}{S_y\left(t\right)}\end{array}\right.$$

(2)

When the AND and OR logic gates of the RDFTA are quantitatively calculated, the failure rate ${\lambda }_{x(i)}$ and maintenance rate ${\mu }_{x(i)}$ of the corresponding components are imported into Formula (3) for pretreatment:

$$A_T=\frac{{\mu }_{x(i)}+{\lambda }_{x(i)}\cdot e^{-({\lambda }_{x(i)}+{\mu }_{x(i)})t}}{{\lambda }_{x(i)}+{\mu }_{x(i)}}.$$

(3)

2.3. CSP Logic Gate of RDFTA

$S_{x(i)}(t)$ represents the normal working probability of the CSP gate input event $x_i(t)$ at time t, $F_{x(i)}(t)$ is the failure state probability of the CSP gate input event $x_i(t)$ at time t, ${\mu }_{x(i)}$ is the maintenance rate of the input event $x_i(t)$, and ${\lambda }_{x(i)}$ is the failure rate of the input event $x_i(t)(i=2)$. $S_y(t)$ represents the normal working probability of the CSP gate output event $y(t)$ at time t, $F_y(t)$ is the failure state probability of the CSP gate output event $y(t)$ at time t, ${\mu }_y$ is the maintenance rate of the output event $y(t)$, and ${\lambda }_y$ is the failure rate of the output event $y(t)$.

A conversion rate matrix can be derived from Figure 3 as follows:

$$A=\left[\begin{array}{ccc}-\lambda & \lambda & 0\\ \mu & -\lambda -\mu & \lambda \\ 0& \mu & -\mu \end{array}\right].$$

(4)

Figure 3. The transformation of the CSP gate into a Markov model.

According to the Formula State Matrix (4), the differential Equation (5) can be solved:

$$\left\{\begin{array}{l}\left(P_0^{\prime }(t),P_1^{\prime }(t),P_2^{\prime }(t)\right)=\left(P_0(t),P_1(t),P_2(t)\right)A\hfill \\ \left(P_0(0),P_1(0),P_2(0)\right)=(1,0,0)\hfill \end{array}\right.,$$

(5)

where $P_0^{\prime }(t),P_1^{\prime }(t),P_2^{\prime }(t)$ is the derivative of $P_0(t),P_1(t),P_2(t)$.

As can be seen from Figure 3, $S_y(t)=P_0(t)+P_1(t)$.

• Quantitative operation rule

In the CSP logic gate, the input event $x_i(t)(i=1,2,\dots ,n)$ and output event $y(t)$ have two states: state 0 is the normal working state, while state 1 is the fault state. According to the relationship between the input and output events $x_i(t)$ and $y(t)$, a list of the quantitative operation rules of the CSP gate can be obtained, as shown in Table 4.

Table 4. The quantitative operation rules of the CSP gate.

Number	${\mathit{x}}_1(\mathit{t})$	${\mathit{x}}_2(\mathit{t})$	$\mathit{y}(\mathit{t})$
1	0	0	0
2	1	0	0
3	1	1	1

2.

The quantitative calculation formula of the CSP gate is as follows:

$$\left\{\begin{array}{c}{S}_y\left(t\right)=1-P_2\left(t\right)=\frac{\lambda \mu +{\mu }^2}{{\lambda }^2+\lambda \mu +{\mu }^2}-\frac{{\lambda }^2\left(s_2{e}^{s_{1}t}-s_1{e}^{s_{2}t}\right)}{s_1{s}_2\left(s_1-s_2\right)}\\ F_y\left(t\right)=\frac{{\lambda }^2}{s_1{s}_2}+\frac{{\lambda }^2}{s_1\left(s_1-s_2\right)}{e}^{s_{1}t}+\frac{{\lambda }^2}{s_2\left(s_2-s_1\right)}{e}^{s_{2}t}\\ {\lambda }_y={\displaystyle \sum _{i=2}^n}{\lambda }_i\\ {\mu }_y\left(t\right)=\frac{{\lambda }_y\times S_y\left(t\right)}{(1-S_y\left(t\right))}\end{array}\right.$$

(6)

where $\mathsf{\Delta }(s)=s^2+2(\lambda +\mu )s+\left({\lambda }^2+\lambda \mu +{\mu }^2\right)$, $s_1,s_2$ are the two roots of $\mathsf{\Delta }(s)=0$, and $s_1,s_2=-(\lambda +\mu )\pm \sqrt{\lambda \mu }<0$.

2.4. Feedback Logic Gate of RDFTA

The failure of a component within a diesel engine system occurs and triggers event $x_3(t)$, i.e., when event $x_3(t)$ occurs, the failure of components $x_1(t)$ and $x_2(t)$ also occurs. This is generally used to describe the relationship between the feedback link and the failure of components in the pathway. For example, in a diesel engine system, the feedback control relationship between the electronic control system and each subsystem of the diesel engine uses a feedback logic gate. The electronic control system is represented by event $x_3(t)$, while the subsystem is represented by events such as $x_1(t)$ and $x_2(t)$.

$S_{x(i)}(t)$ represents the normal working probability of the FB gate input event $x_i(t)$ at time t, $F_{x(i)}(t)$ is the failure state probability of the FB gate input event $x_i(t)$ at time t, ${\mu }_{x(i)}$ is the maintenance rate of the input event $x_i(t)$, and ${\lambda }_{x(i)}$ is the failure rate of the input event $x_i(t)(i=3)$. $S_y(t)$ represents the normal working probability of the FB gate output event $y(t)$ at time t, $F_y(t)$ is the failure state probability of the FB gate output event $y(t)$ at time t, ${\mu }_y$ is the maintenance rate of the output event $y(t)$, and ${\lambda }_y$ is the failure rate of the output event $y(t)$.

A conversion rate matrix can be derived from Figure 4 as follows:

$$A=\left[\begin{array}{ccccc}-{\lambda }_1-{\lambda }_2-{\lambda }_3& {\lambda }_2& 0& {\lambda }_1& {\lambda }_3\\ {\mu }_2& -{\lambda }_1-{\mu }_2-{\lambda }_3& {\lambda }_1& 0& {\lambda }_3\\ 0& {\mu }_1& -{\mu }_1-{\lambda }_3-{\lambda }_2& {\mu }_2& {\lambda }_3\\ {\mu }_1& 0& {\lambda }_2& -{\mu }_1-{\lambda }_3-{\lambda }_2& {\lambda }_3\\ {\mu }_3& {\mu }_3& {\mu }_3& {\mu }_3& -4{\mu }_3\end{array}\right].$$

(7)

Figure 4. The transformation of the feedback gate into a Markov model.

According to the Formula State Matrix (7), the differential Equation (8) can be solved:

$$\left\{\begin{array}{l}\left(P_0^{\prime }(t),P_1^{\prime }(t),P_2^{\prime }(t),P_3^{\prime }(t),P_4^{\prime }(t)\right)=\left(P_0(t),P_1(t),P_2(t),P_3(t),P_4(t)\right)A\hfill \\ \left(P_0(t),P_1(t),P_2(t),P_3(t),P_4(t)\right)=(1,0,0,0,0)\hfill \end{array}\right..$$

(8)

According to the definition of availability, the system fault status is $P_4(t)$, i.e., only $P_4(t)$ can be solved:

$$P_4(t)={\lambda }_3\frac{e^{-t\left({\lambda }_2+{\mu }_3\right)}\left(e^{t\left({\lambda }_2+{\mu }_2\right)}-1\right)}{4\left({\lambda }_3+{\mu }_3\right)}.$$

(9)

• Quantitative operation rule

In the FB logic gate, the input event $x_i(t)(i=1,2,\dots ,n)$ and output event $y(t)$ have two states: state 0 is the normal working state, while state 1 is the fault state. According to the relationship between the input and output events $x_i(t)$ and $y(t)$, a list of the quantitative operation rules of the FB gate can be obtained, as shown in Table 5.

Table 5. The quantitative operation rules of the FB gate.

Number	${\mathit{x}}_1(\mathit{t})$	${\mathit{x}}_2(\mathit{t})$	${\mathit{x}}_3(\mathit{t})$	$\mathit{y}(\mathit{t})$
1	0	0	0	0
2	0	1	0	0
3	1	1	0	1
4	1	0	0	1
5	0	0	1	1
6	0	1	1	1
7	1	0	1	1
8	1	1	1	1

2.

The quantitative calculation formula of the FB gate is as follows:

$$\left\{\begin{array}{c}{S}_y(t)=1-P_4(t)=\frac{\left(3+e^{-t\left({\lambda }_2+{\mu }_3\right)}\right)\times {\lambda }_3+4{\mu }_3}{4\left({\lambda }_3+{\mu }_3\right)}\\ F_y(t)=P_4(t)={\lambda }_3\frac{\left(e^{-t\left({\lambda }_3+{\mu }_2\right)}\left(e^{t\left({\lambda }_3+{\mu }_2\right)}-1\right)\right.}{4\left({\lambda }_3+{\mu }_3\right)}\\ {\lambda }_y={\lambda }_1\times {\lambda }_2+{\lambda }_3\\ {\mu }_y(t)=\frac{{\lambda }_y\times S_y(t)}{\left(1-S_y(t)\right)}\end{array}\right..$$

(10)

2.5. RDFTA Priority AND Logic Gate

The priority AND gate logically conforms to the AND gate, but the events occur in a certain order. As can be seen from Figure 5, state 4 represents the output event fault and only the success probability of state 4. The output event $y(t)$ only occurs when the basic events $x_1(t)$ and $x_2(t)$ occur and when event $x_1(t)$ occurs before event $x_2(t)$.

Figure 5. The transformation of the priority AND logic gate into Markov models.

In Figure 5, $S_{x(i)}(t)$ represents the normal working probability of the PAND gate input event $x_i(t)$ at time t, $F_{x(i)}(t)$ is the failure state probability of the PAND gate input event $x_i(t)$ at time t, ${\mu }_{x(i)}$ is the maintenance rate of the input event $x_i(t)$, and ${\lambda }_{x(i)}$ is the failure rate of the input event $x_i(t)$. $S_y(t)$ represents the normal working probability of the PAND gate output event $y(t)$ at time t, $F_y(t)$ is the failure state probability of the PAND gate output event $y(t)$ at time t, ${\mu }_y(t)$ is the maintenance rate of the output event $y(t)$, and ${\lambda }_y(t)$ is the failure rate of the output event $y(t)$.

A conversion rate matrix can be derived from Figure 5 as follows:

$$A=\left[\begin{array}{ccccc}-{\lambda }_1-{\lambda }_2& {\lambda }_1& {\lambda }_2& 0& 0\\ {\mu }_1& -{\lambda }_2-{\mu }_1& 0& {\lambda }_2& 0\\ {\mu }_2& 0& -{\mu }_2-{\lambda }_1& 0& {\lambda }_1\\ 0& {\mu }_2& 0& -{\mu }_2& 0\\ 0& 0& {\mu }_1& 0& -{\mu }_1\end{array}\right].$$

(11)

According to the Formula State Matrix (11), the differential Equation (12) can be solved:

$$\left\{\begin{array}{l}\left(P_0^{\prime }(t),P_1^{\prime }(t),P_2^{\prime }(t),P_3^{\prime }(t),P_4^{\prime }(t)\right)=\left(P_0(t),P_1(t),P_2(t),P_3(t),P_4(t)\right)A\hfill \\ \left(P_0(t),P_1(t),P_2(t),P_3(t),P_4(t)\right)=(1,0,0,0,0)\hfill \end{array}\right..$$

(12)

• Quantitative operation rule

In the priority AND logic gate, the input event $x_i(t)(i=2)$ and output event $y(t)$ have two states: state 0 is the normal working state, while state 1 is the fault state. The state in which $x_1(t)$ fails before $x_2(t)$ is recorded as 2. According to the relationship between the input and output events $x_i(t)$ and $y(t)$, a list of the quantitative operation rules of the priority AND can be obtained, as shown in Table 6.

Table 6. The quantitative operation rules of the priority AND gate.

Number	${\mathit{x}}_1(\mathit{t})$	${\mathit{x}}_2(\mathit{t})$	$\mathit{y}(\mathit{t})$
1	0	0	0
2	0	1	1
3	1	0	1
4	1	1	0
5	2	1	1

2.

The quantitative calculation formula of the priority AND gate is as follows:

$$\left\{\begin{array}{c}{S}_y\left(t\right)={\displaystyle \sum _{i=0}^n}{P}_i\left(t\right),(n<4)\\ F_y\left(t\right)=P_4\left(t\right)\\ {\lambda }_y={\displaystyle \sum _{i=1}^n}{\lambda }_i\\ {\mu }_y\left(t\right)=\frac{{\lambda }_y{\displaystyle \sum _{i=0}^n}{P}_i\left(t\right)}{S_y\left(t\right)}\end{array}\right.$$

(13)

2.6. FTA Qualitative Analysis of Repairable Systems

2.6.1. Minimum Cut Set Algorithm for RDFTA

The minimum cut set algorithm for RDFTA aims to find the sets of all failure event combinations in the RDFTA, including the static and dynamic transformation method, the uplink and downlink method, the binary decision diagram transformation method, the sequence operator method, and the topological sorting method [45]. The static and dynamic transformation method is usually selected for calculation using the following formula:

$$\varphi (x)={\displaystyle \coprod _{j=1}^l{\displaystyle \prod _{i\in C_j}{x}_i}},$$

(14)

where $i$ is the number of vectors of the basic event $x_i$, $j$ is the number of minimum cut sets, $C_j$ is the minimum cut set of $x_i$, and $\varphi (x)$ is the structure function of the RDFTA.

2.6.2. Component Importance for RDFTA

The component importance for RDFTA is the quantification of the importance of each component within the system, including the probability importance and structural importance [46]. Generally, the probability importance is calculated using Equation (15):

$$I_R(j)=\frac{\partial h(R)}{\partial R_j},j=1,\dots ,n,$$

(15)

where $I_R(j)$ is the probability importance of component $j$, $h(R)$ is the reliability function of component $j$, and $R_j$ is the minimal path set of component $j$.

Through the probability importance ranking results, the weak links of reliability in the system design scheme can be found and hence, corresponding compensation measures can be put forward to support the formulation of a reliability growth scheme.

2.7. Reliability Analysis Process of RDFTA

In the reliability analysis process of RDFTA, the quantitative and qualitative analysis results of the RDFTA are obtained. The existing RDFTA reliability analysis process is not suitable for considering the failure rate and maintenance correlation of repairable systems at the same time. Therefore, using the new RDFTA logic gate, a new RDFTA reliability analysis process framework for repairable systems was proposed, as shown in Figure 6.

Figure 6. The reliability analysis process framework of the RDFTA method.

In the next section, the application of 4F integration technology to the reliability analysis of a diesel engine at the design stage is introduced.

3. 4F Integration Technology

This section introduces the reliability analysis method that is based on 4F integrated technology. Section 3.1 explains the application process of 4F integrated technology to the reliability assessment of diesel engines, redefining the depth of various technical analyses of the diesel engine and the harsh definitions of the fault modes. Subsequently, the application process of a FRACAS to 4F integration technology is introduced in Section 3.2. Finally, the FMECA–FHA model is introduced in Section 3.3 and the harmfulness of the fault modes is evaluated using the prefabrication of the preliminary comparison method within the FHA. The 4F integration technology proposed in this section is mainly controlled by the reliability issues that are encountered by new model equipment during the design phase of planning and ensures that the quality retrospective is available throughout the full life cycle.

3.1. Application Process of 4F Integration Technology

The developed reliability evaluation method for diesel engine systems that is based on 4F includes four steps, as shown in Figure 7. These steps ensure that the method identifies the fault hazards of the reliability and safety of the system, in addition to evaluating the functional faults with high hazards and the availability of key components. The fault physics of the key fault components are analyzed and a FRACAS puts forward corresponding compensation measures. First, experts meet to discuss the implementation of the FMECA–FHA model, in which the FMECA evaluates the system-level reliability function failures and the FHA evaluates the system-level safety function failures to identify all function failure modes. At the same time, the fault information base is compared using a FRACAS to see whether there are similar fault modes. When there are similar cases, the existing fault handling cases are evaluated to simplify the analysis process. When there are no similar cases, the second step is performed. In the second step, the failure modes that are classified as severity I or II are taken as the top events of the FTA for a component-level fault quantitative analysis. In the third step, after obtaining the minimum cut set at the component level according to the new FTA, the FMECA is used to analyze the fault mechanisms of key components. In the fourth step, the FRACAS conducts the fault management and control of the FMECA, FHA, and FTA–FMECA models across the whole life cycle of the system. To report all faults within the system in time at the design stage, effective corrective measures are formulated and implemented, the effectiveness of those corrective measures is verified, the recurrence of faults is prevented, major hidden dangers are eliminated, and the zero control of faults is realized. In short, the stages and the analysis depth that are used to evaluate the safety and reliability of diesel engines at the early stages of design are shown in Figure 7.

Figure 7. The 4F integration technology analysis process.

3.2. Application of a FRACAS to 4F Integration Technology

As shown in Figure 8, the purpose of the FRACAS is to ensure that any failure modes that are generated in the design stage of a diesel engine are controlled and that there are sufficient safeguarding measures in place to reduce the harm that could be caused by those failure modes. The failure modes in the manufacturing process and the product use process were not within the scope of this paper. A seminar was held with vehicle drivers, diesel engine manufacturers, and scholars within this field and the failure modes of previous generation models were also considered. On the basis of the original fault database, it can filter out the repetitive known faults, thereby improving the working efficiency of analysts. According to [47], Figure 8 is the application process of the FRACAS method.

Figure 8. The FRACAS analysis process within 4F integration technology.

3.3. FMECA–FHA Integration Model

Due to the existence of safety failure modes and reliability failure modes in diesel engine systems, the previous fault input of this method is the FMECA–FHA analysis result at the system level. The FMECA describes the structure and function of the whole system. In addition, the FMECA can identify system-level reliability failure modes and evaluate the criticality of each failure mode. The failure modes are quantified by a risk priority number (RPN). In Formula (16), the RPN [48] is the product of three indicators (usually rated from 1 to 10): (1) severity S, (2) the possibility of occurrence O, and (3) fault detection D. From a comparison of the PRN of each failure mode, the key failure modes are obtained. Therefore, this can be used as the basis for a system-level reliability evaluation of diesel engines.

$$RPN=S\cdot O\cdot D.$$

(16)

On the basis of the FMECA, the FHA of the FMECA–FHA model uses the rank comparability method [49] to rank the hazard degree of the diesel engine safety failure modes. According to MIL-STD-1180 (the US Army ground vehicle safety standard) [50], the following parameters are selected: $v_1$ is the injury degree caused by the failure, $v_2$ is the economic loss caused by the failure, and $v_3$ is the maintenance cost caused by the failure. The frequency of failure $v_4$ is taken as the index of the safety assessment. The score of each index is determined according to the scores from experts and the weight of the score is distributed according to the experience of the experts. The rank is calculated according to $n$ evaluation indices ($V_i=\{v_1,v_2,\dots ,v_n\}$), from which the $R_i$ of M failure modes is obtained. The RSR of each failure mode is calculated using Equation (17) and the cumulative frequency $probi{t}_i$ of each failure mode can be obtained. Finally, the ranking value ${\mathrm{WRSR}}_i$ of the hazard degree of the failure modes is calculated using Equation (18).

$$RS{R}_i=\frac{1}{mn}{\displaystyle \sum _{j=1}^m}{R}_{ij}$$

(17)

$${ \mathrm{WRSR}}_i=\mathrm{a}+\mathrm{b}\times {\mathrm{Probit}}_i,$$

(18)

where a and b are constants.

Finally, according to the analysis results of the FMECA–FHA integrated model, the most severe fault mode is used as the input for the FRACAS to judge the worst fault mode. The FMECA–FHA integrated model can simultaneously consider the reliability and safety problems in the primary stages of diesel engine design, making the system-level fault analysis of diesel engines more comprehensive. As shown in the schematic diagram of the FMECA–FHA model in Figure 9, the FHA carries out the safety analysis and modeling at the system/function level, while the FMECA carries out the reliability analysis and modeling at the system/function level. Finally, according to the severity principle, the severity of the fault mode is redivided. The failure modes of severity I and II are used as the input of the FIF.

Figure 9. A schematic diagram of the FMECA–FHA integrated model.

The fault cause analysis module in the FRACAS uses the FMECA–FHA model to replace the causes of the faults. The purpose of the FTA is to express the components within each subsystem graphically and quantitatively, while the FMECA conducts a fault cause analysis at the physical level for key components according to the quantitative results of the FTA. Section 2 proposed that an RDFTA can be applied as an alternative to an FTA in order to overcome the disadvantage of the maintenance rate not being considered in the analysis of repairable systems by a traditional dynamic FTA, thus bringing the calculation results of the RDFTA more in line with the actual situations of repairable systems. In the next section, the key findings of an application of 4F integration technology to the diesel engine reliability analysis method are introduced.

4. Case Study: Reliability Analysis of a Diesel Engine

4.1. Diesel Engine System Analysis

The complex system that was analyzed in this case study was a diesel engine in a harsh environment. The diesel engine consisted of several important subsystems: a fixed parts system, motion system, fuel supply system, intake and exhaust system, lubrication system, cooling system, starting system, and electric control system. The motion system was composed of a crankshaft mechanism, piston mechanism, connecting rod mechanism, valve mechanism, and transmission. Figure 10 shows the interaction relationships among the diesel engine subsystems and Figure 11 shows the corresponding relationships between the diesel engine function levels and result levels. When even one of the seven subsystems failed, the whole system failed; hence, the reliability relationships among the subsystems could be considered as a series (as shown in Figure 11).

Figure 10. A schematic diagram of the diesel engine composition system.

Figure 11. The corresponding relationships between the product function level and the structure level of diesel engines.

In the next section, the FMECA–FHA analysis was conducted first and then the FTA method was applied to deal with the fault mode of hazard 1 and its evaluation. The key components in the minimum cut set that was obtained from the FTA analysis were used in the FMECA physical fault analysis.

4.2. FMECA–FHA Analysis Results

Once all system functions were determined, the functional failure of each subsystem could be judged. Firstly, a system-level FMECA was executed to identify the functional failure modes, which could be defined as the failures of main system functions, and to estimate their impacts, causes, and risks. Then, a system-level FHA was performed to identify the impacts of the functional failure modes on safety. Table 7 reports the quantitative evaluation of the FMECA of each subsystem in the diesel engine, which was analyzed by experts as being responsible for diesel engine maintenance. In particular, the input data collection stage was judged in a meeting with relevant experts. The expert group conducted a quantitative evaluation of the FMECA factors of each subsystem. Three experts who had been working in this field for 15, 10, and 5 years were invited and the scoring weights of the three experts were 0.4, 0.3, and 0.3, respectively. The expert group scored the system-level failure modes to determine their priority.

Table 7. The FMECA system-level results.

System	Failure Mode	S	O	D	RPN
Pressurization and intake and exhaust system	Compressor failure	4	6	3	108
Control system	Sensor failure	6	5	3	90
Fastener system	Cylinder head failure	7	1	7	49
Moving parts system	Linkage failure	5	7	2	70
Fuel supply system	Fuel injection pump failure	4	3	6	72
Cooling system	Water pump failure	6	2	2	24
Lubrication system	Filter failure	4	5	2	40

As shown in Table 7, the subsystem with the most serious functional failure at the system level was the pressurization and intake and exhaust system. Thus, the failure impacts of the components in that subsystem were further investigated. In the next step, a system-level safety analysis was carried out. The combination of the FHA and RSR in Section 3 was used to score the degree of injury $v_1$ that would be caused to personnel by each failure mode, the economic loss $v_2$ that would be caused by each failure, the maintenance cost $v_3$ that would be caused by failure, and the frequency $v_4$ of the failure according to the expert group.

As shown in Table 8, the expert group evaluated the impacts of the system-level failure modes on safety and the ranking results of the risk assessment of each failure mode was obtained at the system level using the FHA evaluation method that was discussed in Section 3.

Table 8. The expert evaluation results of each failure mode.

Failure Mode	Personal Injury	Economic Loss	Maintenance Costs	Frequency of Occurrence
Supercharger system fault	74	78	84	68
Control system failure	65	74	75	59
Fastener system failure	40	60	40	42
Moving parts system fault	42	57	34	44
Fuel supply system failure	44	20	57	32
Cooling system failure	47	27	42	36
Lubrication system	35	34	29	31

By comparing the analysis results of the FMECA–FHA model in Table 7 and Table 9, the severity of the failure modes of each subsystem could be determined. It can be seen that the comprehensive severity of the failure of the control system, as well as those of the supercharger and the intake and exhaust systems, of the diesel engine was the highest. In order to reduce the workload, the RDFTA model of the faults in the control system, as well as those of the pressurization and intake and exhaust systems, was established as the top event.

Table 9. The FHA sorting results.

Failure Mode	RSR Value	RSR Ranking	RSR Fitting Value	Grading Level
Supercharger system fault	1.000	1	0.951	4
Control system failure	0.833	2	0.760	3
Fastener system failure	0.417	4	0.467	2
Moving parts system fault	0.417	4	0.467	2
Fuel supply system failure	0.375	6	0.278	2
Cooling system failure	0.458	3	0.627	3
Lubrication system	0.214	7	0.234	2

4.3. Establishment of RDFTA for the Diesel Engine at the Component Level

The electronic control system of a diesel engine is a device that monitors its operational state. During the operation of a diesel engine, the electronic control system can monitor changes in the diesel engine operation in real time, provide timely feedback on the conditions that are caused by the diesel engine, and take corresponding measures to alleviate those conditions. The working principles of the intake and exhaust and supercharger systems are as follows: the exhaust pipe is connected to the turbine shell and high-temperature exhaust gas that has a certain pressure and flow rate and is discharged from the engine impacts the turbine in a certain direction through the turbine shell, causing the turbine to rotate at a high speed. Higher pressures lead to greater temperatures and speeds of the exhaust gas, as well as a higher turbine speed. The exhaust gas is then finally discharged into the atmosphere. The compressor impeller that is coaxial with the turbine shaft also sucks the air that is passing through the air filter into the compressor at the same speed. The interactions between the pressurization and electronic control system components are shown in Figure 12.

Figure 12. A schematic diagram of the pressurization and electronic control systems.

According to the comprehensive severity score of the FMECA–FHA model, the RDFTA (with the diesel engine supercharger and electronic control system failures as the top events) was produced. Figure 12 indicates the following faults: a system fault T; an output fault of the pressurization and intake and exhaust systems T_1; an exhaust manifold fault A; a fault in the exhaust bypass valve B; an exhaust system failure C; a turbine failure D; a compressor failure E; an air filter failure F; a pressurization system failure G; an air intake system failure H; a control system failure T_2; a power failure I; a startup fault J; a controller failure K; and an actuator failure 50. Table 10 shows the reliability parameters of the pressurization, intake and exhaust, and control systems.

Table 10. The RDFTA reliability parameters of the pressurization and control system components.

RDFTA Number	Unit Name	Failure Rate ${10}^{-3}({\mathit{h}}^{-1}{)}^{ }$	Maintenance Rate $({\mathit{h}}^{-1})$	RDFTA Number	Unit Name	Failure Rate ${10}^{-3}({\mathit{h}}^{-1})$	Maintenance Rate $({\mathit{h}}^{-1})$
$x_1$	Air input	0.32	0.92	$x_{13}$	Air flow sensor	0.08	0.4
$x_2$	Engine exhaust gas input	0.75	1.48	$x_{14}$	Air inlet heating device	0.03	0.98
$x_3$	Air filter	0.34	1.65	$x_{15}$	Start signal	0.082	1.3
$x_4$	Exhaust manifold	0.28	0.9	$x_{16}$	Control signal	0.07	1.5
$x_5$	Bypass valve control device	0.25	0.74	$x_{17}$	Pedal signal	0.05	0.8
$x_6$	Exhaust bypass valve	0.75	1.4	$x_{18}$	Dialogue device	0.064	0.5
$x_7$	Turbine	7.8	1.5	$x_{19}$	Power supply	0.04	0.6
$x_8$	Rotor shaft	0.2	0.8	$x_{20}$	Emergency power supply	0.04	0.6
$x_9$	Compressor	0.42	0.85	$x_{21}$	Controller	0.05	1.5
$x_{10}$	Intercooler	0.3	0.5	$x_{22}$	Sensor system	0.01	0.85
$x_{11}$	Intake manifold	0.31	0.73	$x_{23}$	Actuator	0.022	0.96
$x_{12}$	Intake bypass valve	0.53	0.97

The quantitative reliability analysis of the supercharger, intake and exhaust, and control systems was carried out using the Monte Carlo simulation method [51]. In Formula (19), the availability formula of each unit within the system was obtained according to the failure rate $\lambda$ and maintenance rate $\mu$ of the constituent units in the system, which were then input into the simulation to generate a 0–1 evenly distributed random number array. It was then judged whether each unit had failed, according to the unit availability and the random number group. According to the minimum cut set and the minimum path set of the system and the fault condition of the system unit, it was determined whether the system was faulty. The system was simulated m times and the number of times that the system was in a successful state $M$ was recorded. When the number of simulations $m$ was large enough, the calculation of the reliability and availability of the system was closer to reality.

$$A_R=\frac{\mu }{\lambda +\mu }+\frac{\lambda }{\lambda +\mu }{e}^{-(\lambda +\mu )t},$$

(19)

where t is the time variable (h).

In $1,2,3,\dots ,30h$, the simulation times of $M=1\times {10}^4$ and $M=1\times {10}^6$ were set per hour to obtain the simulated availability of the FTA’s top events. A comparison between the RTFA and the MC–FTA is shown in Figure 11 and Figure 12.

Figure 13 and Figure 14 show that the probability of the RDFTA and Monte Carlo calculation outputs was similar and that their reliability conclusions were basically the same. This showed that the reliability analysis method of RDFTA is feasible and correct. From the RDFTA minimum cut set algorithm (Equation (13)), the following could be established: K1 = {$x_1$}; K2 = {$x_3$}; K3 = {$x_7$}; K4 = {$x_8$}; K5 = {$x_{16}$}; K6 = {$x_{23}$}; K7 = {$x_{15}$}; K8 = {$x_{17}$}; K9 = {$x_2$}; K10 = {$x_2$,$x_5$}; K11 = {$x_2$,$x_5$}; K12 = {$x_4$,$x_2$}; K13 = {$x_4$,$x_5$}; K14 = {$x_4$,$x_6$}; K15 = {$x_{19}$,$x_{20}$}; K16 = {$x_{23}$,$x_{18}$}; K17 = {$x_9$,$x_{10}$,$x_8$ }; K18 = {$x_{22}$,$x_{21}$,$x_{23}$}; and K19 = {$x_{11}$,$x_{12}$,$x_{13}$,$x_{14}$}.

Figure 13. A comparison to the Monte Carlo algorithm.

Figure 14. A comparison to the Monte Carlo algorithm.

The probability importance of each minimum cut set could be obtained from the RDFTA probability importance algorithm (Equation (16)) as follows: K1 = 0.0368; K2 = 0.0392; K3 = 0.898; K4 = 0.023; K5 = 0.000806; K6 = 0.000253; K7 = 0.000944; K8 = 0.000576; K9 = 0.0000647; K10 = 0.0000216; K11 = 0.0000647; K12 = 0.0000242; K13 = 0.00000806; K14 = 0.0000242; K15 = 1.84 × 10⁻⁹; K16 = 1.62 × 10⁻⁹; K17 = 2.9 × 10⁻⁹; K18 = 1.27 × 10⁻¹⁵; and K19 = 4.54 × 10⁻¹⁶.

Compared to the results of the minimum cut set importance, the K3 minimum cut set was the weak link at the diesel engine component level. The FMECA physical fault analysis was used for K3.

4.4. FMECA Physical Fault Analysis

In this section (the third and deepest analysis), a physical analysis of the failures was performed. According to the results of the RDFTA analysis, the turbine was the most critical part of the engine. The FMECA of the failing physical level of the turbine was carried out as described below and the results are shown in Table 11.

Table 11. The physical-level failures according to the FMECA.

System	Subsystem/Component	Failure Mode	Reason	O	S	D	RPN
Pressurization system	Turbine	Resonance fracture of turbine blade	Aerodynamic load instability	7	6	4	128
Pressurization system	Turbine	Fatigue creep fracture of impeller blade root	High-temperature creep fracture	6	4	3	72

During the operation of a turbocharger, the blades of the turbine are subjected to the action of periodic forces, i.e., the exciting forces that cause the blades to vibrate. When the frequency of the exciting force is equal to or is an integer multiple of the natural frequency of the blade, the blade resonates. When the blade resonates, the stress increases sharply and the blade eventually breaks due to fatigue. When one of the blades of a turbine breaks, the adjacent blades (or even all of the blades) can become damaged in a short period of time, causing the whole turbocharger to fail.

5. Conclusions

In this paper, we put forward a reliable analysis method that is based on 4F integrated technology, according to the characteristics of the four reliability analysis methods of FHA, FTA, FTA, and FRACAS. We conducted systematic research on a new type of diesel engine in terms of a reliability analysis of the design stage of the planning. The 4F integration framework improved efficiency in the following ways: first, it determined the priority of each failure mode according to the RPN in the FMECA and the RSR in the FHA; at the component level, the RDFTA model could be used to identify the worst component, according to the characteristics of the repairable system; at the physical level of failure, an FMECA was used to assess the root cause of the failure and its hazard level; a FRACAS was used to control the faults that were identified by the above methods throughout the design phase cycle and propose compensation measures to facilitate the continuous optimization of the reliability of the new system. The FRACAS results are shown in Appendix A. The advantages of this approach are that the analysis process is simple, it does not take much time (i.e., it is efficient), and it enables users to find all of the relevant failure modes (i.e., it is effective).

In future work on the analysis of fault data, the fuzzy set theory could be combined to reduce the uncertainty of the subjective evaluation. In addition, only cold logic doors have been derived in the RDFTA method and the reserve system also has two parts: warm spare parts and hot spare parts. The next step is to conduct corresponding research on the reliability analysis of mildly hot storage agencies.