Abstract. In this paper we present a new modelling approach for dependability evaluation and sensitivity analysis of Scheduled Maintenance Systems, based on a Deterministic and Stochastic Petri Net approach. The DSPN approach offers significant advantages in terms of easiness and clearness of modelling with respect to the existing Markov chain based tools, drastically limiting the amount of user-assistance needed to define the model. At the same time, these improved modelling capabilities do not result in additional computational costs. Indeed, the evaluation of the DSPN model of SMS is supported by an efficient and fully automatable analytical solution technique for the time-dependent marking occupation probabilities. Moreover, the existence of such explicit analytical solution allows to obtain the sensitivity functions of the dependability measures with respect to the variation of the parameter values. These sensitivity functions can be conveniently employed to analytically evaluate the effects that parameter variations have on the measures of interest.
Systems with Multiple Phases and Multiple MissionsWith the increasing complexity and automation encountered in systems of the nuclear, aerospace, transportation, electronic, and many other industrial fields, the deployment of processing systems in charge of performing a multiplicity of different control and computational activities is becoming common practice. Very often, the system and its external environment can be altered during the operation, in a way that the behaviour during a time interval can be completely different from that within other periods.The operational scenario devised for the Scheduled Maintenance System (SMS) problem is a typical one in the context of the on-board aeroplane control systems. SMS are to be used during their life-time for multiple missions. The system is run for a finite number of missions, and then it has to pass a maintenance check. Such maintenance can be more or less extensive and accurate. Typically, it is the case that after a prefixed number of missions the system is completely checked, so that all its components are as good as new ones after that. Moreover, other kinds of maintenance actions are usually performed between two major checks. For instance, some highly critical components could be checked and possibly repaired after each mission, and