Reliability Analysis of Multi-Rotor Drone Electric Propulsion System Considering Controllability and FDEP

Abstract

The electric propulsion system serves as the power source for multi-rotor drones, helping them complete various maneuvering actions. The reliability of this system directly affects whether the drone can successfully complete its mission. The multi-rotor drone propulsion system is a k-out-of-n system with functional dependence (FDEP). With the insufficient basis for selecting k-values, the problem of incalculable reliability caused by computational space explosion due to voting gates, and the uncertain impact of functional dependence on system reliability, we propose a reliability evaluation method based on controllability theory and BN (Bayesian network) reconstruction. The drone is dynamically modeled, and a control model is built, and k-values are selected through different failure combination controllability evaluations. We model the system with BN, use functional dependent components as BN node inputs, and reconstruct BN via an adder model to solve the problem of exponential growth in the conditional probability table. This paper analyzes system reliability, safety, and the impact of FDEP on the system, and conducts component importance analysis. The result provides important reference for the reliability, safety assessment, and dynamic maintenance processes of multi-rotor drone.

1. Introduction

The increasing popularity of rotor craft has resulted in our growing utilization in both civilian and military field [1], including search, rescue operations, agricultural irrigation, cargo transportation and manned flights [2]. The propulsion system is a pivotal component of the drone system. The failure of the propulsion system directly leads to the crash of the drone, posing a huge threat to the safety of ground personnel and property. Therefore, it is necessary to analyze the propulsion system of the drone [3]. Its normal operation must be based on the operation of the power system and communication lines, so that the propulsion system is in a FDEP state with multiple systems [4].

Multi-rotor drones are equipped with multiple propulsion units, constituting a redundant system, regarded as a k-out-of-n system. Consequently, determining the propulsion system’s reliability necessitates prior analysis of its reliability objectives—specifically, solving for the optimal k-value.

Table 1. Comparison of reliability target selection for drone propulsion system.

Reference	Approach	Attitude
2016, Hua et al. [5]	Reliability target selection based on the concept of moment difference	Hover
2018, Endharta et al. [6]	Reliability targets selection based on system contribution ratio	Hover
2019, Guo et al. [7]	Reliability targets selection based on symmetry judgment criteria	Ascend or Descend
2023, Cho et al. [8]	Reliability targets selection based on the balance condition of the center of gravity	Hover

compiles methodologies from existing literature, contrasting diverse k-value selection criteria and their corresponding reliability targets.

The existing literature on DRONE reliability objectives neglects critical flight attitudes such as roll, pitch, and yaw during normal operation. Reliability targets derived solely from moment differences, symmetry constraints, and center of gravity balance may inadequately represent the full flight envelope. To address this gap, we develop a dynamic model grounded in controllability analysis, considering the drone’s different flight attitude.

Chamseddine [9] et al. based on Kalman’s classical controllability theory, did the assessment of controllability involves the rank test of the controllability matrix. However, as was noted in their study, the classical theory stipulates that the origin must be an interior point of the reachable control constraints set, which is not always the case when the rotor fails. Brammer [10] et al. presented a sufficient and necessary condition for the controllability of linear autonomous systems with positive constraints, which can be used to analyze the controllability of a multi-rotor system. Du [11] et al. discussed the optimal design problem of multi-rotor drone based on controllability, and a complete multi-rotor system model was derived considering drone dynamics for different mission requirements. Ghosh et al. [12] considered the significance of controllability for different mission requirements, and performed a reliability analysis of a quadrotor drone with different configurations based on Markov’s method. This analysis demonstrated that the reliability of a multi-rotor drone is contingent not only on its components, but also on its mission and payload.

For system reliability studies considering FDEP, separate FDEP gates are incorporated within the dynamic fault tree to characterize its dynamic property [13]. Zhang et al. [14] presented the k-out-of-n system reliability assessments with FDEP often neglect analysis of flexible component support relations, causing inaccuracies. They proposed a novel PTVDDBN–HDFS method integrating a Parameter Time-Varying Discrete Dynamic Bayesian Network (PTVDDBN) with a Hungarian algorithm enhanced by Depth-First Search (DFS). Boudali and Dugan [15] proposed a novel reliability modeling and analysis framework based on Bayesian Networks (BN). The capability of this framework was verified by defining the discrete-time BN reliability form and converting the DFT with FDEP gates to a BN model. Liu et al. [16] presented traditional Markov methods for FDEP with imperfect coverage, which are inefficient. Based on the total probability theorem and divide-and-conquer, it decouples FDEP and imperfect coverage effects from system combination. The method is efficient, accurate, handled any failure distribution, and overcomes Markov limitations.

The proliferation of drone applications necessitates increased rotor configurations and larger-scale propulsion systems. In fault tree-based safety and reliability analysis [1], system scalability inversely impacts computational efficiency, potentially causing combinatorial explosion. This inefficiency stems from the Boolean logic foundation of fault trees: expanding system size exponentially increases Boolean operator complexity and computational demands. The Boolean satisfiability problem (SAT) [17] determines whether there exists a model for a given Boolean formula. Although the problem has proved to be NP-complete [18], modern SAT solvers can handle large problems with tens of thousands of variables, such as bounded model checking [19], planning [20], and sampling [21].

At the same time, part of the research is based on the MCSs (Minimum Cut Sets) of the complex event fault tree for simplified processing. Luo et al. [22] presented a new method for computing MCSs based on SAT, namely SATMCS. Specifically, given a fault tree, they iteratively search for a cut set based on the conflict-driven clause learning framework. By exploiting local propagation graph, which characterizes the partial failure propagation based on the cut set, we provide efficient algorithms for extracting an MCS. Jacob et al. [23] developed the direct evaluation method to analyze the large systems with FTA (Fault Tree Analysis). The aforementioned goal has been achieved by a thorough search of independence in the fault tree and making use of hash tables and dynamic memory. Moreover, our solution is applicable to any standard fault tree, regardless of the number of children per gate.

When voting gates are present in the fault tree, the system still faces space explosion problems due to the complexity of the selection logic. Xiang et al. [24] proposed a set of reduction rules to simplify the voting gates without direct expanding. They also proposed a concept of minimal cut vote (MCV) denoting a k/n gate, in which the MCSs of fault trees can be evaluated and weeded more efficiently, and the result can be represented in a more compact form. Wang [25] proposed a new decomposition algorithm based on an expanded combination formula which can decompose the voting gates more quickly while the space and time complexity is lower than the traditional expansion was proposed. The above literature does not take into account how the system’s reliability is resolved when the voters are present concurrently with complex failure events. The literature is summarized in

Table 2. Comparison of reliability calculations for complex systems with voting gate.

Reference	Whether the Failure Event Is Complex and the Approach	Whether the Voting Door Exists and the Approach
2021, Luo et al. [5]	Yes, proposed a new MCS calculation method based on iterative search cut to extract MCS and complete reliability calculation	No
2021, Jacob et al. [5]	Yes, proposed DE method to reduce the number of recursive calls through deep search, completing reliability calculations	No
2011, Xiang et al. [5]	No	Yes, proposed a method to simplify the voting gate but not deploy it directly
2015, Wang et al. [5]	No	Yes, proposed a mathematical method of replacing voting logic with AND OR logic

.

Based on the above literature analysis, Section 2 is based on the controllability analysis, considering the different attitude of drone flight, to accurately determine the value of k. Section 3 introduces function dependence nodes, explores the effect of FDEP on system reliability, and constructs the system reliability model based on the adder model while considering complex failure events and voting gates, and solves the space explosion problem by reconfiguring the Bayesian network. Section 4 takes the propulsion system of a 16 (2 × 8) coaxial rotor drone as an example to verify the accuracy and practicality of the proposed reliability algorithm.

2. Multi-Rotor Drone Controllability Modeling

To satisfy stringent airworthiness certification requirements for multi-rotor drones, the reliability assessment necessitates a highly conservative approach. The drone’s propulsion system functions as a k-out-of-n system. While industry practices typically select the k-value based on factors like take-off weight and symmetry axis configurations [5], this approach proves inadequate to meet the overly conservative reliability demands encountered during research and development. To overcome this limitation, we develop precise drone dynamics and control models through controllability analysis. This analysis explicitly considers the drone’s controllability in roll, yaw, pitch, and other axes, thereby enabling the precise determination of the k-value for the k-out-of-n propulsion system.

2.1. Drone Control Modeling

As illustrated in Figure 1, there exists a wide variety of multi-rotor drones, characterized by differing rotor counts and configurations. It is evident that there are discrepancies in configuration and performance between the various configurations. However, these configurations can all be modeled by the general form of Equation (1) [26].

$$\dot{x}=Ax+B\left(F-G\right)$$

(1)

With:

$$\begin{array}{l}x={[\begin{array}{cccccccc}h& \varphi & \theta & \psi & v_h& p& q& r\end{array}]}^T\in {ℝ}^8\\ F={[\begin{array}{cccc}T& L& M& N\end{array}]}^T\in {ℝ}^4\\ G={[\begin{array}{cccc}{m}_{a}g& 0& 0& 0\end{array}]}^T\in {ℝ}^4\\ A=\left[\begin{array}{cc}{0}_{4\times 4}& I_4\\ 0& 0\end{array}\right]\in {ℝ}^{8\times 8}\\ B=\left[\begin{array}{c}0\\ J_f^{-1}\end{array}\right]\in {ℝ}^{8\times 4}\\ J_f=\mathrm{diag}\left(-m_a,J_x,J_y,J_z\right)\end{array}.$$

h, ϕ, θ, Ψ—the altitude, the roll angle, the pitch angle, the yaw angle of the drone.

v_h—the vertical speed of the drone.

p, q, r—the roll angular velocity, the pitch angular velocity, the yaw angular velocity of the drone.

T—the thrust generated by the rotor blades of the drone.

L, M, N—the three-axis moments of the drone.

m_a—the mass of the drone.

J_x, J_y, J_z—the moment of inertia of the drone.

There are four control inputs to the multi-rotor drone: total thrust, T, and three-axis moments, L, M, and N. The four control inputs are generated by the motor thrust and counter-torque moments, respectively [27].

(1)

Lift generated by rotor

In accordance with the principle of rotor aerodynamics, it is generally accepted that the lift generated by the rotor is proportional to the square of its rotational speed. The proportionality coefficient k₁ is defined as the lift coefficient, Ω_m is the rotational speed of the mth rotor. Any drone configuration in Figure 1 can be modeled similarly below, we use coaxial 2 × 8 rotors as an example here. Therefore, the projection of the lift generated by 16 rotors in the fuselage coordinate system can be expressed as follows:

$$F_m=k_1{\mathsf{\Omega }}_m^2,m=1,2,\cdots ,16.$$

(2)

For a 16-rotor drone, the total thrust generated by the propulsion system equals the sum of the individual propeller thrusts. Propeller thrust is defined as the force perpendicular to the propeller plane. These combined forces provide lift, translational thrust, and generate moments enabling airframe pitch and roll maneuvers. The total thrust T is expressed as follows:

$$T={\displaystyle \sum }_{m=1}^{16}{F}_m=k_1\left(\begin{array}{l}{\mathsf{\Omega }}_1^2+{\mathsf{\Omega }}_2^2+{\mathsf{\Omega }}_3^2+{\mathsf{\Omega }}_4^2+\\ {\mathsf{\Omega }}_5^2+{\mathsf{\Omega }}_6^2+{\mathsf{\Omega }}_7^2+{\mathsf{\Omega }}_8^2+\\ {\mathsf{\Omega }}_9^2+{\mathsf{\Omega }}_{10}^2+{\mathsf{\Omega }}_{11}^2+{\mathsf{\Omega }}_{12}^2+\\ {\mathsf{\Omega }}_{13}^2+{\mathsf{\Omega }}_{14}^2+{\mathsf{\Omega }}_{15}^2+{\mathsf{\Omega }}_{16}^2\end{array}\right).$$

(3)

(2)

Moments generated by rotor

The projection of the moment generated by each rotor lift on each airframe coordinate system can be expressed as:

$$H_{1m}=L_m\times F_m,i=1,2,\cdots ,16.$$

(4)

L_m denotes the coordinates of the rotor center on the fuselage coordinate system, and r denotes as the distance of the rotor center relative to the barycenter of the drone; the rotor layout of the 16-rotor drone is shown in Figure 2. Consequently, the lift moment produced by the rotor can be expressed as follows:

$$H_1=\left[\begin{array}{c}{M}_{1x}\\ M_{1y}\\ M_{1z}\end{array}\right]=\left[\begin{array}{c}-r{k}_1{\displaystyle {\displaystyle \sum }_{m=1}^{16}}{\mathsf{\Omega }}_1^2\times sin{\theta }_m\\ r{k}_1{\displaystyle {\displaystyle \sum }_{m=1}^{16}}{\mathsf{\Omega }}_1^2\times sin{\theta }_m\\ 0\end{array}\right].$$

(5)

(3)

Antitorque moment generated by the rotor

The rotation of the rotor also creates an antitorque moment with a magnitude proportional to the square of the rotor rotational speed. The resultant moment of all antitorques provides the airframe with a yawing moment of rotation in the plane of the propeller [28]. The scale coefficient k₂ is called the drag coefficient. Within the airframe’s coordinate system, the counter-torque moment generated by the 16 rotors is expressed as follows:

$$\left\{\begin{array}{l}{H}_{2m}=\left[\begin{array}{c}0\\ 0\\ k_2{\mathsf{\Omega }}_n^2\end{array}\right],m=1,4,5,8,9,12,13,16\hfill \\ H_{2m}=\left[\begin{array}{c}0\\ 0\\ -k_2{\mathsf{\Omega }}_n^2\end{array}\right],m=2,3,6,7,10,11,14,15\hfill \end{array}\right..$$

(6)

Therefore, the resultant moment of the rotor acting in the fuselage coordinate system is expressed as follows:

$$H=\left[\begin{array}{c}L\\ M\\ N\end{array}\right]=H_1+{\displaystyle \sum }_{i=1}^{16}{H}_{2m}.$$

(7)

The control efficiency model of the co-axial 16-rotor drone can be derived from Equations (3) and (7) and expressed as follows:

$$\left[\begin{array}{c}T\\ L\\ M\\ N\end{array}\right]=\left[\begin{array}{ccccc}{k}_1& k_1& & k_1& k_1\\ -r{k}_{1}sin{\theta }_1& -r{k}_{1}sin{\theta }_2& & -r{k}_{1}sin{\theta }_{15}& -r{k}_{1}sin{\theta }_{16}\\ r{k}_{1}cos{\theta }_1& r{k}_{1}cos{\theta }_2& \dots & r{k}_{1}cos{\theta }_{15}& r{k}_{1}cos{\theta }_{16}\\ k_2& -k_2& & k_2& -k_2\end{array}\right]\left[\begin{array}{c}{\mathsf{\Omega }}_1^2\\ {\mathsf{\Omega }}_2^2\\ \dots \\ {\mathsf{\Omega }}_{16}^2\end{array}\right].$$

(8)

The 4 × 16 matrix in Equation (8) is the control efficiency matrix B_f.

$$B_f=\left[\begin{array}{ccccc}{k}_1{n}_1& k_1{n}_1& & k_1{n}_1& k_1{n}_1\\ -r{n}_1{k}_{1}sin{\theta }_1& -r{n}_1{k}_{1}sin{\theta }_2& & -r{n}_1{k}_{1}sin{\theta }_{15}& -r{n}_1{k}_{1}sin{\theta }_{16}\\ r{n}_1{k}_{1}cos{\theta }_1& r{n}_1{k}_{1}cos{\theta }_2& \dots & r{n}_1{k}_{1}cos{\theta }_{15}& r{n}_1{k}_{1}cos{\theta }_{16}\\ k_2{n}_1& -k_2{n}_1& & k_2{n}_1& -k_2{n}_1\end{array}\right]={\left[\begin{array}{c}{b}_1\\ b_2\\ \dots \\ b_{16}\end{array}\right]}^T$$

(9)

The b_m denotes the contribution factor of the mth rotor to the total thrust or torque, and the parameter n_m is used to characterize the failure of the rotor. When the mth rotor fails, n_m = 0.

Equation (1) has the following two constraints, with F = [0,Ω²_m] as the set of speeds that can be output:

$$\left\{\begin{array}{l}\mathsf{\Omega }=\left\{F\right|F=B_{f}f,f\in \mathcal{F}\}\\ U=\left\{u\right|u=F-G,F\in \mathsf{\Omega }\}\end{array}\right..$$

(10)

The classical controllability theory of linear systems typically assumes that the origin is an interior point in the set of control constraints U. In such cases, the full rank of the rows of the matrix C (A,B) is a sufficient condition for controllability. However, in the event of rotor failure, the origin may not be attributable to the set of control constraints U. Other additional conditions are therefore required to prove the controllability of the system (1).

2.2. Controllability Analysis of a Multi-Rotor Drone

In this section, the controllability of the system (1) is studied based on the positive controllability theory. The application of the positive controllability theorem to Equation (1) necessitates the satisfaction of two conditions. Firstly, C (A,B) must be row-full rank. Secondly, for all of u in the control constraints U, there exists no real eigenvector v in A^T satisfying v^TBu ≤ 0.

However, in practice, it is not feasible to verify all of u in the control constraints U individually. For this reason, an equivalent formulation is proposed and defined as the available control authority index (ACAI) [29], which is formulated as follows:

$$\rho \left(X,\partial \mathsf{\Omega }\right)\triangleq \left\{\begin{array}{c}min\left\{\parallel X-F\parallel :X\in \mathsf{\Omega },F\in \partial \mathsf{\Omega }\right\}\\ -min\left\{\parallel X-F\parallel :X\in {\mathsf{\Omega }}^C,F\in \partial \mathsf{\Omega }\right\}\end{array}\right..$$

(11)

The assessment of capability is achieved through the calculation of the Available Control Authority Index (ρ) for each failure combination, thereby determining the drone’s capacity to remain operational within the specific failure combination.

In contrast to the classical Kalman controllability analysis with the rank tests, the ACAI is derived from a linearized dynamic model of the drone in a hovering scenario. The four control channels are as follows: altitude, roll, pitch, and yaw. The set of control constraints centered on X is defined as the largest closed sphere in four-dimensional space, ρ is the distance measured from X to δΩ, which is essentially the radius of the largest closed sphere in the reachable control set, X represents the form of moment that can be provided by some combination of failures, as mentioned in Equation (10). Ω is the set of reachable controls, with boundaries defined as δΩ, and Ω^c is the complementary set of Ω in which the drone is no longer able to control. As the value of ρ increases, the ability of the drone to control the four channels is greater, and a system is defined as being controllable if and only if ρ ≥ 0; this also indicates that the system is able to maintain stability of the system by varying the rotor’s rotation speed.

3. Reliability Modeling Considering FDEP

Voting systems exhibit functional redundancy due to their multi-component architecture. This complexity leads to FDEP relationships between distinct component types, represented by FDEP gates in dynamic fault tree models [30]. FDEP describes scenario where System F becomes unavailable upon failure of triggering System T, despite no intrinsic failure within System F itself. When incorporating System T directly into System F’s intermediate events during fault tree modeling, the failure probability of System F becomes overestimated [31]. Such overestimation compromises the reliability of fault tree solutions for system design optimization. Consequently, exploring alternative reliability modeling methods for FDEP systems becomes essential. We propose Bayesian Networks (BN) as a rigorous solution.

3.1. BN Modeling

A Bayesian network (BN) consists of nodes {X₁, …, X_n} and directed arcs between them. Each node X_i is a random variable. If there is an arc from node X_i to node X_j, then node X_i is the parent node of node X_j and node X_j is the child node of node X_i. A directed arc describes the conditional probability transformation relationship between nodes and is represented by a conditional probability table (CPT) [32].

P_a(X_i) the set of parent nodes of X_i, P_r[X_i| P_a(X_i)] is conditional probability given the set of its parent nodes of X_i [33]. In this paper, the node state is defined as a discrete quantity, indicating that the node is in a working or failed state. The joint probability of its non-empty parent node is denoted as:

$$P_r\left[X_i,P_a\left(X_i\right)\right]=P_r\left[X_i\mid P_a\left(X_i\right)\right]\times P_r\left[P_a\left(X_i\right)\right].$$

(12)

Following the extraction of the joint probability as outlined in Equation (12), the subsequent formula is employed to calculate the marginal probability of the child nodes:

$$P_r\left(X_i\right)={\displaystyle \sum }_{P_a\left(X_i\right)}{P}_r\left[X_i,P_a\left(X_i\right)\right].$$

(13)

In Bayesian Networks (BN), directed arcs between nodes are quantified through conditional probability functions, typically structured as conditional probability table (CPT). As a static modeling framework, BN is restricted to assessing system reliability at discrete time points. To characterize the temporal evolution of component behaviors, the model extends to Dynamic Bayesian Networks (DBN), enabling analysis of dynamic failure dependencies over continuous time horizons.

We present a k-out-of-n system with FDEP, consisting of a trigger component and a functional component. Denoted T_i and F_i, respectively, the components are in binary states, where 1 indicates a working state and 0 indicates a failed state. The failure probability of each component studied in this paper is exponential. The state transfer probability P_i of the components is therefore shown in Equation (14).

$$p_i=1-e^{-{\lambda }_i\mathsf{\Delta }t}$$

(14)

λ_i is the failure rate of the component and Δt is the fundamental time interval.

When accounting for FDEP, the availability of component F_i depends not only on its intrinsic state but also on the status of its triggering component T_i, as depicted in Figure 3. Consequently, k-out-of-n systems exhibiting FDEP characteristics cannot establish the triggering component as a direct fault tree bottom event for the functional component. Such conventional modeling neglects the dynamic failure propagation mechanism between triggering and functional components.

3.2. Dynamic BN Modeling with FDEP

In a DBN model, time is divided into successive time instants, treating a static BN at a particular time as a time slice. Each time slice characterizes the state of units, sub-systems, and systems at a particular time instant.

The node X_i extends to X_i(t), and the DBN model can be decomposed into two BN slices (B(t), B(t + 1)). With t = 0, B(0) is a priori network, representing the probability distribution of the initial state of the system. The probability from B(t) to B(t + 1). Simulates the transition of the unit’s state over time [34].

To consider the impact of FDEP on the reliability of propulsion systems, the triggering component and the functional component are used as parent nodes. Instead of being the bottom event of the electric propulsion unit, affecting the normal operation of the electric propulsion unit through AND-OR logic, this will lead to an overestimation of the failure probability of the electric propulsion unit. If we consider the triggering component as the parent node in BN, it can ensure the independence of the electric propulsion unit, as the triggering component affects the operation of the electric propulsion unit through conditional probability as shown in Equation (12) with Pa(N₁) = {T₁, F₁, F₂}, and we can obtain P_r(N₁) through Equation (13) as illustrated in Figure 4. The “1” in Figure 4 represents a dynamic update process of the BN.

With the basic time interval Δt, since the failure probability is the exponential distribution, the transition relationship between the trigger component nodes within the slice is expressed as follows:

$$p_T^i=\left\{\begin{array}{l}Pr\{T_i\left(t\right)=1|T_i\left(t-1\right)=1\}=e^{-{\lambda }_i^T\mathsf{\Delta }t}=e^{-{\lambda }_i^T}\hfill \\ Pr\{T_i\left(t\right)=0|T_i\left(t-1\right)=1\}=1-e^{-{\lambda }_i^T\mathsf{\Delta }t}=1-e^{-{\lambda }_i^T}\hfill \\ Pr\{T_i\left(t\right)=0|T_i\left(t-1\right)=0\}=1\hfill \\ Pr\{T_i\left(t\right)=1|T_i\left(t-1\right)=0\}=0\hfill \end{array}\right..$$

(15)

The transition relationship between the functional components nodes within the slice is expressed as follows:

$$p_F^i=\left\{\begin{array}{l}Pr\{F_i\left(t\right)=1|F_i\left(t-1\right)=1\}=e^{-{\lambda }_i^F\mathsf{\Delta }t}=e^{-{\lambda }_i^F}\hfill \\ Pr\{F_i\left(t\right)=0|F_i\left(t-1\right)=1\}=1-e^{-{\lambda }_i^F\mathsf{\Delta }t}=1-e^{-{\lambda }_i^F}\hfill \\ Pr\{F_i\left(t\right)=0|F_i\left(t-1\right)=0\}=1\hfill \\ Pr\{F_i\left(t\right)=1|F_i\left(t-1\right)=0\}=0\hfill \end{array}\right..$$

(16)

λ_i^T, λ_i^F are the failure probabilities of the trigger component and the functional component, respectively.

3.3. BN Reconstruction Based on Adder Modeling

It is evident that the BN possesses the capacity for reasoning about probabilities and the computation of posterior probabilities. However, convergent BN structures, such as the BN in Figure 5, cannot be analyzed due to the increased number of parent nodes and the presence of voting gates [35].

The converged BN structure has a CPT size that grows exponentially with the number of parent nodes, but the problem of exponential growth of CPT can be solved by realizing inference through causal independence between nodes.

To solve the problem of exponential growth of CPT, the temporal model of noise adder based on Heckerman [36] is used to realize the reconstruction of BN structure. The noise adder is defined as follows: in the convergent BN structure as in Figure 5, there are n binary random variables [C₁…C_n] with states 1 (system normal operation) and 0 (system failure), which affect the random variable, where denotes a counter with fixed domain [0, n]. The counter is given a 1 if the state of C_i is true. The model simulates the causal effect of variables C₁ through C_n on variable k through the overall effect of the contributing variable E_i on the combined parent node with domain [0, i]. Heckerman defines the CPT of the contributing variable as follows:

$$\left\{\begin{array}{l}P\left(E_i=k+1|E_{i-1}=k,C_i=true\right)=1\hfill \\ P\left(E_i=k|E_{i-1}=k,C_i=false\right)=1\hfill \\ i\in \left[1,n\right]\hfill \end{array}\right..$$

(17)

A voting gate can be represented by a convergent BN structure [37], where the convergent node is K, a binary random variable, denoting the availability of the system with at least k components available. The following equation shows the probabilistic model of voting gate based on BN:

$$P\left(K=true|c_1,\dots ,c_n\right)=\left\{\begin{array}{cc}1\hfill & {\displaystyle {\displaystyle \sum }_{i=1}^n}t\left(c_i\right)\ge k\\ 0\hfill & others\end{array}\right..$$

(18)

The t(x) is an indicator function that takes the value of 1 if and only if it is true, and 0 in other cases.

According to the full probability formula of BN in Equation (13), the marginal probability of K = true is obtained as follows:

$$\begin{array}{c}P\left(K=true\right)={\displaystyle {\displaystyle \sum }_{c_1,\dots ,c_n}}P(K=true|c_1,\dots ,c_n)P\left(c_1\right)\dots P\left(c_n\right)\end{array}.$$

(19)

However, when the probability of Equation (18) is 1, the summation value of t(c_i) exhibits many possibilities, and only one CPT cannot completely describe its probability model, so variable intermediate variables H are needed to replace the state of summation value of t(c_i). The probability model is split, and the CPT logic of the variables H is as follows:

$$P(H=h|c_1,\dots ,c_n)=\left\{\begin{array}{cc}1\hfill & {\displaystyle {\displaystyle \sum }_{i=1}^n}t\left(c_i\right)=h\\ 0\hfill & others\end{array}\right..$$

(20)

Since H is a random variable affected by the state of the parent node, so its marginal probability distribution is as follows:

$$P\left(H=h\right)={\displaystyle \sum }_{c_1+\dots +c_n=h}P\left(H=h|c_1,\dots ,c_n\right)\times P\left(C_1=c_1\right)\times \dots \times P\left(C_n=c_n\right).$$

(21)

Since it is necessary to model the probability of a voting gate, the probabilistic relationship between K and N is modeled as follows:

$$P\left(K=true\right)={\displaystyle \sum }_{h\in \left[0,n\right]}P(K=true|H=h)\times \underset{A}{\underbrace{{\displaystyle \sum }_{c_1+\dots +c_n=h}P\left(H=h|c_1,\dots ,c_n\right)\times P\left(c_1\right)\dots P\left(c_n\right)}}$$

(22)

Equation (22) demonstrates that the challenge of exponential growth in the Conditional Probability Table (CPT) size has been transferred to variable H. Consequently, the voting gate selection logic can be reformulated as the adder structure in Figure 6, while Equation (22)’s probabilistic model becomes mathematically equivalent to Heckerman’s adder model.

$$A=P\left(Y_0=0\right)\times {\displaystyle \sum }_{y_1\dots y_n=h}{\displaystyle \prod }_{i\in \left[1,n\right]}P(Y_i=y_i|Y_{i-1}=y_{i-1},C_i=c_i),$$

(23)

where the set of conditional probability equations is

$$\left\{\begin{array}{c}P(Y_i=0|Y_{i-1}=y_{i-1},C_i=0)=1\hfill \\ P(Y_i>0|Y_{i-1}=y_{i-1},C_i=0)=0\hfill \\ \begin{array}{l}P(Y_i=y_{i-1}+1|Y_{i-1}=y_{i-1},C_i=1)=1\hfill \\ P(Y_i\ne y_{i-1}+1|Y_{i-1}=y_{i-1},C_i=1)=0\hfill \\ \begin{array}{l}P(Y_i=h|Y_{i-1}=k,C_i=c_i)=1\hfill \\ P\left(Y_i<h|Y_{i-1}=k,C_i=c_i\right)=0\hfill \end{array}\hfill \end{array}\hfill \end{array}\right..$$

(24)

The value space of Y_i in CPT is {0, 1, …, h}, and its value condition is

$$y_i=\left\{\begin{array}{ll}0\hfill & c_i=0,y_{i-1}<h\hfill \\ h\hfill & c_i=0,y_{i-1}=h\hfill \\ y_{i-1}+1\hfill & c_i=1,y_{i-1}<h\hfill \\ h\hfill & c_i=1,y_{i-1}=h\hfill \end{array}\right..$$

(25)

The contributing variable E_i in the adder has n states and conditionally dependents on the E_i−1 variable, which has n − 1 states, so its CPT scales O(n²), while the number of contributing variables in the adder is n. Thus, the overall space complexity of the probabilistic k-out-of-n model is O(n³). The space complexity is reduced from exponential to polynomial by reconfiguring the BN through the adder, so that the problem of CPT explosion of the voting gate due to the high number of parent nodes can be ignored and the subsequent computation can be completed.

3.4. Multi-Rotor Drone Reliability Assessment Framework

When some multi-rotor drone propulsion units fail, the remaining thrust units may be unable to generate sufficient thrust and torque for translational and rotational control, potentially leading to loss of controllability. Thus, a controllability analysis must evaluate residual thrust/torque to determine system reliability. During drone design, propulsion system components are typically diversified to prevent common-cause failures [38] and accommodate k-value constraints. This heterogeneity yields distinct failure rates per thrust unit, necessitating explicit analysis of time-dependent system reliability. This study employs Bayesian Network (BN) modeling to address this reliability analysis. The framework in Figure 7 formalizes the reliability assessment workflow for multi-rotor drone propulsion systems, with the decision logic applicable to arbitrary drone configurations.

4. Case Study Analysis

Figure 8 illustrates the power unit configuration for a 16-rotor drone as an engineering prototype. The propulsion system consists of 16 power units arranged in a 2 × 8 co-axial circular layout (Figure 2). Each power unit exhibits functional dependencies with its power battery and communication module. This k-out-of-n system requires careful k-value selection during reliability analysis. To address computational explosion in the voting gate, we implement the adder principle, while incorporating trigger units within the Bayesian Network (BN) structure to model functional dependency impacts on system reliability.

4.1. Determination of k-Value in k-Out-of-n System

In the rotor configuration of Figure 2, the gray rotor indicates counterclockwise rotation, and the white rotor indicates clockwise rotation.

Table 3. Basic Physical Parameters of Drone.

Parameters	Description	Value
m (kg)	Mass	160 kg
Fmax (N)	Maximum thrust of propulsion unit	150 N
r (m)	Rotor distance from the center of the fuselage	0.5 m
k1 (N/rpm2)	Propeller thrust coefficient	8.5 × 105
k2 (N/rpm2)	Propeller drag coefficient	1.06 × 104

shows the basic physical parameters of the drone. In order to study the propulsion system reliability, it is necessary to firstly analyze the propulsion system’s different failure state controllability degree, and complete the selection of k-value.

Based on the geometrical distribution of the rotor blades with Equations (8) and (9) the 16 rotors drone configuration b_f matrix can be obtained.

$$b_f=\left[\begin{array}{cccccccccccccccc}1& 1& 1& 1& 1& 1& 1& 1& 1& 1& 1& 1& 1& 1& 1& 1\\ 0& 0& -{\displaystyle \frac{\sqrt{2}}{2}}& -{\displaystyle \frac{\sqrt{2}}{2}}& -1& -1& -{\displaystyle \frac{\sqrt{2}}{2}}& -{\displaystyle \frac{\sqrt{2}}{2}}& 0& 0& {\displaystyle \frac{\sqrt{2}}{2}}& {\displaystyle \frac{\sqrt{2}}{2}}& 1& 1& {\displaystyle \frac{\sqrt{2}}{2}}& {\displaystyle \frac{\sqrt{2}}{2}}\\ 1& 1& {\displaystyle \frac{\sqrt{2}}{2}}& {\displaystyle \frac{\sqrt{2}}{2}}& 0& 0& -{\displaystyle \frac{\sqrt{2}}{2}}& -{\displaystyle \frac{\sqrt{2}}{2}}& -1& -1& -{\displaystyle \frac{\sqrt{2}}{2}}& -{\displaystyle \frac{\sqrt{2}}{2}}& 0& 0& {\displaystyle \frac{\sqrt{2}}{2}}& {\displaystyle \frac{\sqrt{2}}{2}}\\ -1& 1& 1& -1& -1& 1& 1& -1& -1& 1& 1& -1& -1& 1& 1& -1\end{array}\right]$$

(26)

The controllability efficiency matrix B_f is calculated from the following Equation (27) with b_f:

$$\left\{\begin{array}{l}M=diag\left[\begin{array}{ccc}{k}_1& r\times k_1& \begin{array}{cc}r\times k_1& k_2\end{array}\end{array}\right]\hfill \\ B_f=M\times b_f\hfill \end{array}\right..$$

(27)

Using the ACAI parameters and determination criteria from Section 1, we calculate the controllability degree of propulsion systems under various failure combinations (Figure 9). Controllable states appear above the horizontal threshold line, while uncontrollable states fall below. Analysis shows that with five rotor failures, the propulsion system becomes uncontrollable (controllability degree < 0), which may lead to the drone not being able to carry out a normal landing or, possibly, a crash. To ensure strict operational safety, the k-value is conservatively set to 4. This 4-out-of-16 system configuration guarantees normal operation with up to 4 rotor failures. To mitigate common cause failures [38], we implement component diversification by selecting four distinct propulsion unit types. This strategy maintains system controllability even if all units of one type fail simultaneously.

4.2. Propulsion System BN Model

When using BN for reliability analysis of the system, the dynamic fault tree model of the system is first mapped to the BN model, and due to the characteristics of FDEP, we need fault tree modeling of different systems, and the fault tree model 1 with “More than 4 propulsion units failed” as the top event is shown in Figure 10a, the fault tree model 2 with “Loss of bus communication” as the top event is shown in Figure 10b, and the fault tree model 3 with “Battery pack loss of power” as the top event is shown in Figure 10c [39].

The propulsion unit comprises propellers, motors, and motor controllers. Failure of any component renders the propulsion unit inoperative. When more than four propulsion units fail, the drone becomes uncontrollable due to propulsion system failure. To enable quantitative reliability assessment, failure probabilities for three fault tree basic events were derived from GJB/Z299C-2006 [40], Electronic Parts Reliability Data [41], and engineering practice (

Table 4. Electric propulsion system bottom event and failure rate.

Serial Number	Failure Event	Failure Rate λ/h
X1	Blade damage	3.15 × 10−6
X2	Loose or broken rotor connector	5.97 × 10−6
X3	Spindle failure	6.63 × 10−5
X4	Transmission failure	6.65 × 10−4
X5	Insulation failure	7.41 × 10−4
X6	Winding Failure	1.66 × 10−5
X7	Electrical faults inside the motor	6.75 × 10−4
X8	Broken rotor bar or bearing	6.95 × 10−4
X9	Cooling loss	9.05 × 10−4
X10	Thermal runaway	7.76 × 10−5
X11	Transformer failure	9.91 × 10−5
X12	Broken solder joints on circuit boards	8.58 × 10−6
X13	Driver circuit power element failure	9.27 × 10−4
X14	Optocoupler Failure	9.32 × 10−5
X15	Hall Current Sensor Failure	8.21 × 10−6
X16	Logic Gate Chip Failure	7.79 × 10−4
X17	Diode failure	8.12 × 10−6
X18	Broken or loose signal cable	9.15 × 10−5

,

Table 5. Power battery bottom event and failure rate.

Serial Number	Failure Event	Failure Rate λ/h
Y1	Power Battery Management Unit malfunction causing contactor disconnection	4.58 × 10−3
Y2	Power Battery contactor control model connector failure	7.15 × 10−4
Y3	Power Battery Contactor Failure	4.28 × 10−4
Y4	Abnormal melting of power battery fuse	7.16 × 10−5
Y5	Loss of protection in case of short circuit of equipment connected to PDU1 (Power Distribution Unit)	7.22 × 10−5
Y6	No power output from PDU1	6.09 × 10−5
Y7	Abnormal disconnection of the PDU1 fuse of the power battery management unit	8.04 × 10−6
Y8	Loss of protection in case of short circuit of equipment connected to PDU2	7.22 × 10−5
Y9	No power output from PDU1	6.09 × 10−5
Y10	Abnormal disconnection of the PDU1 fuse of the power battery management unit	8.04 × 10−6
Y10	Power Battery Management Unit malfunction causing contactor disconnection	4.58 × 10−3

and

Table 6. Communication unit bottom event and failure rate.

Serial Number	Failure Event	Failure Rate λ/h
Z1	Main CAN communication bus termination resistor failure	8.94 × 10−5
Z2	Short in main CAN communication bus harness	7.33 × 10−5
Z3	Main CAN communication bus output connector failure	9.21 × 10−4
Z4	Motor control unit main CAN communication failure	3.21 × 10−3
Z5	Backup CAN communication bus termination resistor failure	8.94 × 10−5
Z6	Backup CAN Communication Bus Harness Short Circuit	7.33 × 10−5
Z7	Backup CAN communication bus output connector failure	9.21 × 10−4
Z8	Motor control unit backup CAN communication failure	3.21 × 10−3

). With FAA “AC 25.1309-1B” guidelines [42], failure rates for “average probability per flight hour” calculations must represent mature constant failure rates: excluding infant mortality and wear-out phases of the bathtub curve. Consequently, our analysis exclusively considers the random failure period, justifying the use of exponential distributions for all component failure rates below.

During the drone design process, in order to prevent single-point failure and common cause failure leading to catastrophic events, four different types of motors are selected to provide power among the 16 propulsion units. Based on the discriminative logic in Figure 3, N_i need to be added to the BN model to represent the available propulsion units. Based on the modeling logic in Figure 4. T denotes the power battery or communication unit, K denotes the propulsion unit, which means that up to 4 rotors fail out of 16 rotors, showing the reliability of the system. The BN model of the propulsion system of drone is shown in Figure 11.

The time slice length is needed in the modeling of dynamic BN, assuming that the average flight time of the multi-rotor drone is 1 h. So we set the interval to 1 h, with Δt = 1, based on the modeling in Section 3.2, to obtain the system conversion probability, dynamizing the BN based on the transformation relationship in Figure 4.

After completing the establishment of CPT based on the fault tree logic, the priori probability of the parent node can be solved, as shown in

Table 7. Reliability of each component.

Motor	Propulsion Unit 1	Propulsion Unit 2	Propulsion Unit 3	Propulsion Unit 4	Power Battery	Communication Unit
Reliability (1 h)	0.9951	0.9945	0.9937	0.9932	0.9981	0.9997

. Due to the number of intermediate nodes is 16, when solving the a posteriori probability of its children node K, the size of CPT is 2¹⁶, which will lead to space explosion, computational load, and other problems that cannot be effectively solved. In order to solve the CPT space explosion, we use the adder model for N_i and K.

4.3. Reliability and Safety Analysis

4.3.1. Multi-Rotor Drone Safety Analysis

Leveraging the computational framework established in Section 2, the top event failure probability is computed via the adder model. This approach exploits causal independence between input events to reduce the Conditional Probability Table (CPT) spatial complexity from exponential to polynomial order for large-scale k-out-of-n systems. Our calculated failure probability for the top event is 1.407 × 10⁻⁷. Per drone airworthiness requirements, the catastrophic failure conditions require both qualitative and quantitative assessment. For operations in sparsely populated areas, the quantitative safety objective is 1 × 10⁻⁶ per flight hour. The computed result (1.407 × 10⁻⁷ < 1 × 10⁻⁶) satisfies this safety threshold, thereby meeting airworthiness certification requirements.

4.3.2. Analysis of FDEP’s Impact on Reliability

Figure 12 shows the results of the cumulative probability calculation of the system states. Under the modeling of the adder, the failures of 16 rotors are simplified into 17 system states, state0 indicates 0 rotor working and state1 indicates 1 rotor working. As the number of rotor failures increases, the system degrades and its probability of being in a good state gradually decreases, while the probability of being in a poor state increase.

To further investigate the effect of FDEP on the reliability of the system, the reliability curve of the system is plotted as shown in Figure 13.

Figure 13 shows the results of changes in system reliability over time, based on the reliability curve, the time at which its curve inflection point occurs helps operators determine an appropriate maintenance schedule, the accelerated degradation of system reliability after 40 h when considering the effects of FDEP, and the requirement for major repairs or unit replacements after 40 h of drone operation to ensure high system reliability. When FDEP is not considered, system reliability is underestimated if the trigger component is treated as a series parallel system of functional components, but the trigger a component is designed only to provide auxiliary functions, affecting functional components in the form of conditional probabilities as an independent variable in the computing logic of the adder model, rather than directly affecting functional components as a series parallel system in the fault tree, resulting in the reliability of functional components being underestimated.

4.3.3. Motor Importance Analysis

Analyzing component-to-system reliability relationships requires criticality assessment via Birnbaum importance metrics [43]. This quantifies individual motor reliability contributions to overall system reliability, enabling maintenance teams to prioritize high-impact components. The inflection point in the importance curve further serves as a proactive maintenance scheduling trigger for system dynamic changes.

Importance analysis is performed for the ith motor (F_i(t)), its importance is calculated as shown in Equation (28), and the results are shown in Figure 14:

$$I_{F_i}^B\left(t\right)=Pr\{K\left(t\right)=1|F_i\left(t\right)=1\}-Pr\{K\left(t\right)=1|F_i\left(t\right)=0\}.$$

(28)

Combined with Table 7, it can be seen from Figure 14a that Class 4 motor have the highest reliability and their importance has been kept high in the early stage of system operation. After the inflection point, the importance of Class 1 motors, which have the lowest reliability, accounts for a higher percentage, due to the fact that the system relies on the high reliability motors to maintain redundancy in the early stage of system operation. However, as the low reliability motors gradually fail, the remaining low reliability motors become the weak part of the system reliability, and their impact (importance) increases, so that an inflection point occurs.

This phenomenon reflects the dynamic characteristics of bottleneck transfer in the redundant system. The inflection point corresponds to a time of 52.5 h in Figure 14a without considering functional dependence, while the inflection point corresponds to a time of 37.5 h in Figure 14b, indicating that the functional dependence characteristics have a significant impact on the dynamic changes in the propulsion system. The inflection point of the importance curve can guide the dynamic adjustment of the maintenance strategy, and the maintenance resources should be allocated to the high-reliability motors with greater importance in the early operation period, and when the operation time is close to the inflection point, the maintenance resources need to be allocated to the low-reliability motors with lower importance, so as to avoid the rapid degradation of the system reliability after the inflection point, and to ensure the high reliability of the system.

5. Conclusions

The expanding operational scope of drones necessitates increased rotor configurations, which introduces computational complexity explosion in propulsion system reliability analysis. Simultaneously, determining the maximum tolerable rotor failures becomes essential for defining reliability objectives. Crucially, propulsion system functionality depends on power and communication systems, creating inherent functional dependencies. This paper addresses these challenges through the following:

(1)

A reliability analysis method of propulsion system based on controllability is proposed for these problems, the k-value is scientifically selected. We complete its control model construction by modeling the dynamics of the airframe and conservatively seeking the k-value by taking into account the controllability analysis of the drone in the case of roll, yaw, pitch, and so on.

(2)

Due to the selection logic brought by the voting gate, the fault tree, plain BN cannot be analyzed. Through adder modeling, the BN structure is reconstructed to reduce the space complexity from exponential to polynomial, so as to solve the problem of CPT explosion brought by a large number of parent nodes.

(3)

The system reliability considering FDEP was calculated. By comparative analysis, we find that the system reliability would be underestimated if the trigger component is used as a series parallel system of function components. At the same time, the importance of different motors is analyzed, and the curve inflection point can guide the dynamic adjustment of maintenance strategy.

Our methodology establishes reliable objectives for drone propulsion systems grounded in control theory principles, applicable across diverse drone configurations. We resolve computational complexity explosion from excessive rotors, eliminating rotor count constraints in reliability analysis. The resultant reliability and criticality curves enable dynamic maintenance scheduling to sustain system reliability. Crucially, functional dependence analysis demonstrates that propulsion system reliability can only be accurately quantified through independent system evaluation, otherwise, reliability would be artificially underestimated.