Optimal Task Abort and Maintenance Policies Considering Time Redundancy

Abstract

For many practical systems that are required to perform critical tasks, it is commonly observed that tasks can be performed multiple times within a limited time to improve task success probability. Such property is referred to as time redundancy. This paper contributes by studying the optimal adaptive maintenance and the task abort strategies of continuously degraded systems considering two kinds of time redundancy to improve system safety and task reliability. The task abort decision is considered dynamically according to the degradation level and the number of task attempts. Task success probability and system survival probability under two kinds of time redundancy are evaluated using an event-based numerical algorithm. The optimal imperfect maintenance and task abort thresholds are investigated dynamically in each attempt to minimize the expected total cost of maintenance, task failure and system failure. The established model in this study is illustrated by numerical results.

1. Introduction

Various practical systems are commonly required to perform specific tasks within a certain duration. Task success probability (TSP), the probability of completing a required task with or without deadlines, is a core metric to evaluate the performance during task execution [1,2,3,4,5,6,7]. Existing models on task based systems are mainly devoted to the evaluation and maximization of TSP [8,9,10]. However, there are often situations where the survival of the system from failure is more crucial than the successful completion of the required tasks, since the failure of these systems will cause huge economic losses and major environmental hazards [11,12,13,14]. For example, due to external influences (such as extreme natural conditions), when the risk of failure reaches a high level, the drones are designed to abnegate the surveillance task and immediately start rescue procedures [15]. As system failures in critical engineering applications often result in huge damages and casualties, it is pivotal to implement a detailed task abort policy to balance the trade-off between TSP and system survival probability (SSP), thereby minimizing the expected total cost of task failures and system failures.

Time redundancy is commonly incorporated into task execution to improve the TSP of task-critical systems. Time redundancy allows systems to execute tasks multiple times during a constrained time. For instance, satellites can perform the task of transiting information between the spacecraft and the ground observation station multiple times within a given time window [16]. There exist two types of time redundancy according to the criteria of task success: in type I time redundancy (ITR), systems should continually run for a period of time greater than a specified value; in type II time redundancy (IITR), task success requires that the cumulative operating time be larger than the required value [8].

In addition to task termination and time redundancy, preventive maintenance is another critical factor influencing TSP and SSP. Task abort policy and time redundancy are designed during task execution while preventive maintenance is taken before or after task execution. Preventive maintenance is crucial to ensure the highly reliable performance during task execution. To improve the TSP and SSP of safety-critical systems, an effective preventive maintenance scheme considering task abort and time redundancy should be developed.

Despite the significant theoretical advancement in the optimization of abort policy, the effect of time redundancy on the TSP and SSP under different abort and maintenance policies has not been explored. In real-world applications, time redundancy can enhance the system performance significantly and consequently influence the decision-making process. Taking into account the time redundancy when the abort and maintenance decisions are made will lead to more effective and beneficial task abort policies. To further advance the state of the art of evaluating and enhancing system performance during task execution, this paper contributes by modeling dynamic condition-based task termination and maintenance strategies considering two types of time redundancy. The results indicate that by introducing time redundancy into the abort and maintenance decision making, the SSP and TSP can be significantly improved. In summary, our contributions to existing theoretical and practical research on risk control are summarized as follows:

• Dynamic preventive maintenance and task abort policies are designed that vary with the number task attempts;
• TSP and SSP are derived under proposed preventive maintenance and task abort policies considering ITR and IITR;
• The optimal preventive maintenance and abort thresholds minimizing the expected cost of preventive maintenance, task failure and system failure are studied.

The rest of this paper is organized as follows. Section 2 conducts a thorough literature review on task abort, time redundancy and maintenance planning. Section 3 characterizes the monotone degradation behavior and develops maintenance and task abort policies considering ITR and IITR. The MSP and SSP are evaluated under ITR and IITR in Section 4 and Section 5, respectively. Section 6 studies the optimal maintenance and abort thresholds. The obtained results is illustrated with a case study in Section 7. We conclude the research in Section 8 discussing the conclusion and future research directions.

2. Literature Review

Intensive efforts have been dedicated to modeling task abort policy with the aim of balancing the TSP and SSP under different types of system and mission characteristics. The optimal task abort strategy for unmanned aerial vehicles (UAVs) modeled by single-component systems under external shocks was studied in [15,17,18,19,20], where the task abort was determined by a threshold of the number of external shocks. In [21], the multi-state shock models were considered, and each shock may lead to the degradation of the system to a worse performance level and eventually cause system failure. The system state was used in the decision optimization problem, and the trade-off between TSP and SSP was studied. In addition to the shock-based abort decision making, other criteria can also be used to guide the termination strategy of safety-critical systems. For systems with a defective state, the duration of defective state [22] and warning signal [23] can be used to guide abort decision making. For systems subject to minor and catastrophic failures, the number of minimal repairs can be chosen as the decision variable of the termination strategy [24,25]. The abort modeling for systems with continuous degradation is drawing increasing attention thanks to the wide application of sensor technologies in safety-critical systems [26,27,28,29,30].

As an extension of abort policies for single-component systems, the pioneering work of the optimal task termination strategy for multi-component systems was conducted by Myers [12], which considered the hot standby system and developed strategy of task termination by taking the number of failed components as a decision variable. The rescue procedure in multi-component systems is commonly triggered by a certain number of failed components or external shocks to avoid costly consequences. Levitin et al. [31] generalized the model in [12] to the case of different components and proposed an adaptive termination strategy. Filene and Daly [32] characterized the effect of task termination strategy on TSP and SSP in distributed computer systems. Peng [33] designed the termination strategy of a multi-cooperative UAVs subject to external shocks. The optimal routing, aborting, and hitting strategies of UAVs were investigated in [34,35]. Levitin [36] calculated TSP and SSP considering the fault propagation effect. Levitin [21] considered several subtasks performed by different groups of units, and the optimal subtask assignment and optimal termination strategy between units is studied. The joint optimization of mission abort and component switching policies for multi-state warm standby systems was studied in [19].

The above-mentioned references have considered termination policies allowing only one attempt to complete a task. However, for systems performing critical tasks, time redundancy is commonly taken into consideration to improve their TSP. Reliability modeling of time redundancy has received considerable research attention in the past several years. In [10,37], the TSP and optimal maintenance policy under ITR were modeled and analyzed. The abort modeling incorporating time redundancy is a rather new topic. In [38], the optimal termination strategy was studied for single-component systems with a fixed number of attempts to complete the task. In [21], optimal abort rules for multi-component systems with multiple allowed attempts were considered. The optimal mission abort policies under ITR and IITR were investigated in [16]. Compared with the existing literature with constant abort thresholds, the abort threshold varies with the task attempts due to time redundancy.

In addition to task termination and time redundancy, preventive maintenance is another critical factor influencing TSP and SSP. Planing maintenance action in an optimal way can not only enhance system reliability performance but also reduce the system operation cost. According to the effect of maintenance actions, existing maintenance policies can be classified into perfect maintenance and imperfect maintenance [39,40,41,42,43]. Perfect maintenance restores the system “as good as new”, and the maintenance effect of imperfect maintenance is worse than that of perfect maintenance. Under an age-based preventive maintenance policy, a product is maintained at a certain age or upon failure, whichever occurs first. The rapid development of sensing technology makes it possible to monitor the condition of the system in a much easier way, which facilitates modeling the system degradation paths through random processes such as the Wiener process and gamma process. For systems with measurable degradation, condition-based maintenance is more effective than age-based maintenance in reducing the risk of failure [44,45,46,47,48,49]. In existing models, the joint effects of time redundancy, preventive maintenance and task abort on TSP and SSP have not been considered.

3. Problem Formulation

We consider safety critical systems whose degradation is stochastically increasing. Due to the monotonicity of the degradation path, the degradation process is modeled by homogeneous Gamma processes $\left\{Y\left(t\right),t\ge 0\right\}$ with shape function $\alpha t$ and scale parameter $\beta$. That is, $\left\{Y\left(t\right),t\ge 0\right\}$ possesses the following properties:

• $Y\left(0\right)=0$ with probability one.
• For $u<v$, the degradation increment in time interval $(u,v)$, $Y\left(v\right)-Y\left(u\right)$ follows Gamma distribution with the distribution function $G_{\left(\alpha \right(v-u),\beta )}\left(y\right)$ given as

  $${\displaystyle G_{\left(\alpha \right(v-u),\beta )}\left(y\right)=1-\frac{\mathsf{\Gamma }\left(\alpha \right(v-u),\beta y)}{\mathsf{\Gamma }\left(\alpha \right(v-u\left)\right)},}$$

  (1)

  and probability density function $g_{\alpha (v-u),\beta }\left(y\right)$

  $${\displaystyle g_{\left(\alpha \right(v-u),\beta )}\left(y\right)=\frac{{\beta }^{\alpha (v-u)}{y}^{\alpha (v-u)-1}{e}^{-\beta y}}{\mathsf{\Gamma }\left(\alpha \right(v-u\left)\right)}.}$$

  (2)
  Here, $\mathsf{\Gamma }\left(u\right)$ and $\mathsf{\Gamma }(u,v)$ are the Gamma function and incomplete Gamma function, which are, respectively, defined as

  $$\left\{\begin{array}{c}{\displaystyle \mathsf{\Gamma }\left(u\right)={\int }_0^{\infty }{v}^{u-1}{e}^{-v}dv,}\hfill \\ {\displaystyle \mathsf{\Gamma }(u,v)={\int }_v^{\infty }{z}^{u-1}{e}^{-z}dz.}\hfill \end{array}\right.$$

  (3)
• $Y\left(t\right)$ has independent increments over disjoint intervals.

System failure emerges once the degradation level reaches the threshold D. To this end, the random system lifetime can be defined as the first hitting time of the degradation process $Y\left(t\right)$ with respect to the failure threshold D. For the considered system, SSP is measured through the probability that no catastrophic failure occurs during task execution. To enhance the SSP under continuous degradation, a task can be terminated if the degradation level exceeds a specified level and starts a rescue procedure immediately. The duration for the rescue procedure started at time t is increasing in t, which is denoted as $\varphi \left(t\right)$. Let $\epsilon$ be the time after which the task success takes less time than the rescue procedure. Namely, $\varphi \left(t\right)+t>\tau ,\forall t>\epsilon .$ Thus, for $t>\epsilon$, the task will not be aborted.

For systems executing critical tasks, time redundancy is another commonly adopted method to improve TSP and SSP. With time redundancy, the task can be executed multiple times by the required deadline $\widehat{\tau }$. Let K be the maximum number of attempts by time $\widehat{\tau }$. The mission succeeds if in any attempt $k\le K$, the system completes the task within the time deadline $\widehat{\tau }$. The following two common types of time redundancy are considered in the established models:

• Task success under ITR: the continuous operating time should exceed a threshold $\tau$$(\tau <\widehat{\tau })$;
• Task success under IITR: the cumulative operating time should exceed a threshold $\tau$$(\tau <\widehat{\tau })$.

A crucial problem in designing the task termination policy is balancing TSP and SSP. Considering the time redundancy property, to achieve more accurate risk evaluation and control, a dynamic task termination policy is proposed where the control limit for task termination varies with attempts. Specifically, in the ith attempt, the task is terminated, and a rescue procedure is started if the degradation level is larger than the threshold $d_i$. Let $T_{d_i}$ be the duration from the beginning of the ith attempt to the task termination instant if abort threshold $d_i$ is adopted, which is defined as the first hitting time of $Y\left(t\right)$ with respect to the termination threshold $d_i$. By Equation (2), the cumulative distribution function of $T_{d_i}$, $F_{T_{d_i}}\left(t\right)$, is given as

$$F_{T_{d_i}}\left(t\right)=P(Y\left(t\right)>d_i)={\int }_{d_i}^{\infty }{g}_{\alpha t,\beta }\left(y\right)dy=\frac{\mathsf{\Gamma }(\alpha t,\beta d_i)}{\mathsf{\Gamma }\left(\alpha t\right)}.$$

(4)

In addition to task abort and time redundancy, a preventive maintenance policy is incorporated to enhance the TSP and SSP. To be specific, upon the completion of a rescue procedure, imperfect maintenance is carried out whose effect is characterized by the maintenance degree $\lambda$. Given the degradation level at the completion of a rescue y, the degradation after preventive maintenance is reduced to $\lambda y$ with $0\le \lambda \le 1$. The case of $\lambda =1$ implies that no maintenance action is performed and $\lambda =0$ corresponds to replacement. The preventive maintenance cost associated with maintenance degree $\lambda$ and degradation y is denoted by $c_p(\lambda ,y)$, which is increasing in y and decreasing in $\lambda$. When $\lambda =1$, no maintenance is performed, and thus, $c_p(1,y)=0$.

Figure 1 illustrates the multiple attempts under ITR and IITR. It can be seen from Figure 1a that under IITR, the task is terminated in attempt 1, and the degradation after rescue completion is below the failure threshold. Thus, the system survives the rescue process. After the first attempt, imperfect maintenance is carried out to reduce the degradation level. The operating time in the first attempt are accumulated, and the task succeeds in attempt 2 before the task abort time $T_2$. Figure 1b shows a sample path under ITR where the task is aborted in attempt 1 and attempt 2 and the continuous operating time reaches $\tau$ in the third attempt.

4. TSP and SSP under ITR

In this section, TSP and SSP are derived under ITR considering the proposed dynamic abort and maintenance policies. Since multiple attempts can be executed until task success, an event transition-based numerical algorithm is adopted to evaluate the TSP and SSP.

4.1. TSP Evaluation under ITR

Under ITR, the continuous operating time should exceed a threshold $\tau$$(\tau <\widehat{\tau })$. Let $T_k$ and $Y_k$ be random variables representing the remaining time for task execution and degradation level before the kth attempt. Let $q_k(t,y)$ be the joint pdf of $T_k$ and $Y_k$. A new system starts operation with the the remaining task execution time $\widehat{\tau }$ at time 0. Therefore, by definition of $q_k(t,y)$, the corresponding probability mass function of $Y_0$ and $T_0$ can be given as follows

$$q_0(t,y)=\left\{\begin{array}{c}1,t=\widehat{\tau },y=0,\hfill \\ 0,\mathrm{otherwise}.\hfill \end{array}\right.$$

Since both the task abort and maintenance policies are dependent on the number of attempts, in the $(k-1)$th attempt, if abort threshold $d_{k-1}$ and maintenance degree ${\lambda }_{k-1}$ are adopted, then the rescue initiated time and rescue completion time are $T_{d_{k-1}}$ and $T_{d_{k-1}}+\varphi \left(T_{d_{k-1}}\right)$, respectively. Let $H_{k-1}$ denote the abort and preventive maintenance policies during the $(k-1)$th attempt. The degradation level at the beginning of the kth attempt can be recursively determined by

$$Y_k={\mathbf{I}}_{\left(H_{k-1}=(d_{k-1},{\lambda }_{k-1})\right)}{\lambda }_{k-1}(Y_{k-1}+{\Delta }_{d_{k-1}}),$$

(5)

where $\mathbf{I}\left(A\right)$ denotes the indicator function of event A and ${\Delta }_{d_{k-1}}$ is the degradation increment during the $(k-1)$th attempt if that abort threshold $d_{k-1}$ is taken. Given the elapsed time of the $(k-1)$th attempt ${\tilde{T}}_{d_{k-1}}$, the remaining time for task execution at the beginning of the kth task is given as

$$T_k=T_{k-1}-{\tilde{T}}_{d_{k-1}}.$$

(6)

Let $g_{k-1}(\tilde{t},\tilde{y})$ be the joint probability density function of the operating time and degradation increment of the $(k-1)$th attempt. By Equations (5) and (6), given the degradation increment $\tilde{y}$ and operating time $\tilde{t}$ of the $(k-1)$th attempt, then the degradation and remaining task execution time before the $(k-1)$th attempt are ${\displaystyle \frac{y}{{\lambda }_{k-1}}}-\tilde{y}$ and $t+\tilde{t}$, respectively. Thus, one can obtain the overall unconditional probability density function $q_k(t,y)$ recursively as

$$q_k(t,y)={\mathbf{I}}_{\left(H_{k-1}=(d_{k-1},{\lambda }_{k-1})\right)}\underset{0}{\overset{min\left(\tau ,\left(\widehat{\tau }-t\right)\right)}{\int }}\underset{0}{\overset{y/{\lambda }_{k-1}}{\int }}{q}_{k-1}\left(t+\tilde{t},\frac{y}{{\lambda }_{k-1}}-\tilde{y}\right)g_{k-1}(\tilde{t},\tilde{y})d\tilde{y}d\tilde{t}.$$

In what follows, we focus on deriving the expression for $g_{k-1}(\tilde{t},\tilde{y})$. Note that the Gamma process $Y\left(t\right)$ is a jump process and has an infinite number of jumps in finite intervals, and the degradation level at time $T_{d_{k-1}}$ is not exactly $d_{k-1}$ but attains it with a non-degenerative random overshoot. By Bertoin [50], the joint probability density function of $T_{d_{k-1}}$ and $Y\left(T_{d_{k-1}}\right)$ can be given as

$$f_{(T_{d_{k-1}},Y\left(T_{d_{k-1}}\right))}(t,y)={\int }_0^{\infty }{\mathbf{I}}_{(d_{k-1}\le y<d_{k-1}+s)}{g}_{(\alpha t,\beta )}(y-s)\mu \left(ds\right),$$

(7)

where $\mu \left(ds\right)$ is the Levy measure of Gamma process with parameters $\alpha$ and $\beta$ given by

$$\mu \left(ds\right)=\frac{\alpha e^{-\beta s}}{s},s>0.$$

Since the task is aborted at the $(k-1)$th attempt, if the elapsed time of the $(k-1)$th attempt is $\tilde{t}$, then $T_{d_{k-1}}+\varphi \left(T_{d_{k-1}}\right)=\tilde{t}$. By Equation (7), the expression for $g_{k-1}(\tilde{t},\tilde{y})$ can be obtained using the property of independent increment of Gamma process

$$\begin{array}{cc}\hfill g_{k-1}(\tilde{t},\tilde{y})& ={\mathbf{I}}_{\left(t+\varphi \left(t\right)=\tilde{t}\right)}{f}_{(T_{d_{k-1}},Y\left(T_{d_{k-1}}\right))}(t,y)g_{\left(\alpha \varphi \left(t\right),\beta \right)}(\tilde{y}-y)\hfill \\ \hfill & ={\int }_0^{\infty }{\mathbf{I}}_{\left(t+\varphi \left(t\right)=\tilde{t}\right)}{\mathbf{I}}_{(d_{k-1}\le y<d_{k-1}+s)}{g}_{(\alpha t,\beta )}(y-s)g_{\left(\alpha \varphi \left(t\right),\beta \right)}(\tilde{y}-y)\mu \left(ds\right).\hfill \end{array}$$

(8)

Under ITR, if the task succeeds at the kth attempt by time $\widehat{\tau }$, then the remaining time for task execution before the kth attempt should be larger than the task duration $\tau$, and no system failure occurs at the kth attempt (the rescue initiated time in the kth attempt, $T_{d_k}$, is larger than $\epsilon$, and the system lifetime $L_{d_k}$ is greater than the task duration $\tau$, i.e., $T_{d_k}>\epsilon$ and $L_{d_k}>\tau$). Then, the probability that the task is completed at the kth attempt under ITR is given as

$$\begin{array}{c}\hfill R_I\left(k\right)=\underset{\tau }{\overset{\widehat{\tau }}{\int }}\underset{0}{\overset{d_k}{\int }}{\mathbf{I}}_{\left(H_k=(d_k,{\lambda }_k)\right)}P(T_{d_k}>\epsilon ,L_{d_k}>\tau |Y_k=y)q_k(t,y)dydt.\end{array}$$

(9)

Due to the property of stationary increments of Gamma process, the degradation increment in time interval $(s,t)$, $Y\left(t\right)-Y\left(s\right)$ follows Gamma distribution with a shape parameter $\alpha (t-s)$ and scale parameter $\beta$. Based on the distribution function of the degradation increment $Y\left(t\right)-Y\left(s\right)$ in Equation (2) and the joint probability density function of $T_i$ and $X\left(T_i\right)$ in Equation (7), we have

$$\begin{array}{cc}\hfill & P(T_{d_k}>\epsilon ,L_{d_k}>\tau |Y_k=y)\hfill \\ \hfill & =P(T_{d_k}>\tau )+P(\epsilon <T_{d_k}\le \tau ,L_{d_k}>\tau )\hfill \\ \hfill & =P\left(Y\left(\tau \right)-Y\left(0\right)<d_k-y\right)+\underset{\epsilon }{\overset{\tau }{\int }}\underset{d_k}{\overset{D}{\int }}P\left(Y\left(\tau \right)-Y\left(\tilde{t}\right)<D-y\right)f_{\left(T_{d_k},Y\left(T_{d_k}\right)\right)}(\tilde{t},\tilde{y})d\tilde{y}d\tilde{t}\hfill \\ \hfill & =1-\frac{\mathsf{\Gamma }\left(\alpha \tau ,\beta \left(d_k-y\right)\right)}{\mathsf{\Gamma }\left(\alpha \tau \right)}+\underset{\epsilon }{\overset{\tau }{\int }}\underset{d_k}{\overset{D}{\int }}\left(1-\frac{\mathsf{\Gamma }(\alpha (\tau -\tilde{t}),\beta (D-\tilde{y}))}{\mathsf{\Gamma }\left(\alpha (\tau -\tilde{t})\right)}\right)f_{\left(T_{d_k},Y\left(T_{d_k}\right)\right)}(\tilde{t},\tilde{y})d\tilde{y}d\tilde{t}.\hfill \end{array}$$

(10)

Based on Equation (10), the probability that the task is completed at the kth attempt under ITR is given as

$$R_I\left(k\right)=\underset{\tau }{\overset{\widehat{\tau }}{\int }}\underset{0}{\overset{d_k}{\int }}{\mathbf{I}}_{\left(H_k=(d_k,{\lambda }_k)\right)}\left(\begin{array}{c}1-{\displaystyle \frac{\mathsf{\Gamma }(\alpha \tau ,\beta \left(d_k-y\right))}{\mathsf{\Gamma }\left(\alpha \tau \right)}}\hfill \\ {\displaystyle +\underset{\epsilon }{\overset{\tau }{\int }}\underset{d_k}{\overset{D}{\int }}\left(1-{\displaystyle \frac{\mathsf{\Gamma }(\alpha (\tau -\tilde{t}),\beta (D-\tilde{y}))}{\mathsf{\Gamma }\left(\alpha (\tau -\tilde{t})\right)}}\right)f_{\left(T_{d_k},Y\left(T_{d_k}\right)\right)}(\tilde{t},\tilde{y})d\tilde{y}d\tilde{t}}\hfill \end{array}\right)q_k(t,y)dydt.$$

Since the number of attempts until task success is mutually exclusive, by the law of total probability, the TSP under ITR can be obtained as

$$R_I=\sum _{k=1}^K{R}_I\left(k\right).$$

4.2. SSP Evaluation under ITR

The system survives the task under the condition that it completes either the task or the rescue process. Consequently, SSP is the sum of TSP and rescue success probability. If the system survives after making k attempts before time $\widehat{\tau }$, then we have that the task is aborted at the kth attempt and the rescue procedure succeeds, i.e., $T_{d_k}<\epsilon$ and $T_{d_k}+\varphi \left(T_{d_k}\right)<L_{d_k}$, and the remaining time after the kth rescue should be smaller than $\tau$ such that no further attempt is made, i.e., $t-\left(T_{d_k}+\varphi \left(T_{d_k}\right)\right)<\tau$. Thus, the probability that the system survives after k attempts is given by

$$\begin{array}{c}\hfill S_k=\underset{\tau }{\overset{\widehat{\tau }}{\int }}\underset{0}{\overset{d_k}{\int }}{\mathbf{I}}_{\left(H_k=(d_k,{\lambda }_k)\right)}P(T_{d_k}<\epsilon ,t-\tau <T_{d_k}+\varphi \left(T_{d_k}\right)<L_{d_k}|Y_k=y)q_k(t,y)dydt.\end{array}$$

(11)

In accordance with the property of independent and stationary increments of Gamma process, given the degradation and remaining task execution time at the beginning of the kth attempt, the probability that the system survives after the kth attempt is given by

$$\begin{array}{cc}\hfill & P(T_{d_k}<\epsilon ,t-\tau <T_{d_k}+\varphi \left(T_{d_k}\right)<L_{d_k}|Y_k=y)\hfill \\ \hfill & =\underset{\zeta }{\overset{\epsilon }{\int }}\underset{d_k}{\overset{D}{\int }}P\left(T_{d_k}+\varphi \left(T_{d_k}\right)<L|T_{d_k}=\tilde{t},Y\left(T_{d_k}\right)=\tilde{y}\right)f_{\left(T_{d_k},Y\left(T_{d_k}\right)|Y_k=y\right)}(\tilde{t},\tilde{y})d\tilde{y}d\tilde{t}\hfill \\ \hfill & =\underset{\zeta }{\overset{\epsilon }{\int }}\underset{d_k}{\overset{D}{\int }}P\left(Y\left(\tilde{t}+\varphi \left(\tilde{t}\right)\right)-Y\left(\tilde{t}\right)<D-\tilde{y}\right)f_{\left(T_{d_k},Y\left(T_{d_k}\right)|Y_k=y\right)}(\tilde{t},\tilde{y})d\tilde{y}d\tilde{t}\hfill \\ \hfill & =\underset{\zeta }{\overset{\epsilon }{\int }}\underset{d_k}{\overset{D}{\int }}\left(1-\frac{\mathsf{\Gamma }(\alpha \varphi \left(\tilde{t}\right),\beta (D-\tilde{y}))}{\mathsf{\Gamma }\left(\alpha \varphi \left(\tilde{t}\right)\right)}\right)f_{\left(T_{d_k},Y\left(T_{d_k}\right)|Y_k=y\right)}(\tilde{t},\tilde{y})d\tilde{y}d\tilde{t},\hfill \end{array}$$

(12)

where $\zeta$ satisfies $t-\zeta -\varphi \left(\zeta \right)=\tau$ and

$$f_{\left(T_{d_k},Y\left(T_{d_k}\right)|Y_k=y\right)}(\tilde{t},\tilde{y})={\int }_0^{\infty }{\mathbf{I}}_{(d_{k-1}\le \tilde{y}<d_{k-1}+s)}{g}_{(\alpha \tilde{t},\beta )}(\tilde{y}-y-s)\mu \left(ds\right).$$

According to Equations (11) and (12), the probability that the system survives after k attempts under ITR in Equation (11) is given by

$$\begin{array}{c}\hfill S_I\left(k\right)=\underset{\tau }{\overset{\widehat{\tau }}{\int }}\underset{0}{\overset{d_k}{\int }}{\mathbf{I}}_{\left(H_k=(d_k,{\lambda }_k)\right)}\underset{\zeta }{\overset{\epsilon }{\int }}\underset{d_k}{\overset{D}{\int }}\left(1-\frac{\mathsf{\Gamma }(\alpha \varphi \left(\tilde{t}\right),\beta (D-\tilde{y}))}{\mathsf{\Gamma }\left(\alpha \varphi \left(\tilde{t}\right)\right)}\right)f_{\left(T_{d_k},Y\left(T_{d_k}\right)|Y_k=y\right)}(\tilde{t},\tilde{y})d\tilde{y}d\tilde{t}{q}_k(t,y)dydt.\end{array}$$

Since the number of attempts until rescue success is mutually exclusive, the SSP under ITR can be obtained by the law of total probability as

$$S_I=\sum _{k=1}^K{S}_I\left(k\right).$$

5. TSP and SSP under IITR

In this section, TSP and SSP are derived under IITR considering the dynamic abort and maintenance policies. Similar to the derivation of TSP and SSP under ITR, the recursive method is adopted to evaluate the TSP and SSP.

5.1. TSP Evaluation under IITR

Under IITR, the cumulative operating time should exceed a threshold $\tau$$(\tau <\widehat{\tau })$. Let $T_k$, $Y_k$, and $M_k$ be random variables representing the remaining time for task execution, degradation level, and cumulative operating time before the kth attempt. Let $q_k(t,y,m)$ be the joint pdf of $T_k$, $Y_k$, and $M_k$. A new system starts operation with the the remaining task execution time $\widehat{\tau }$ and cumulative operating 0 at the beginning of the first attempt. Therefore, by definition of $q_k(y,t,m)$, the corresponding probability mass function of $T_0$, $Y_0$ and $M_0$ can be given as

$$q_0(t,y,m)=\left\{\begin{array}{c}1,t=\widehat{\tau },y=0,m=0\hfill \\ 0,\mathrm{otherwise}.\hfill \end{array}\right.$$

Let $g_{k-1}(\tilde{t},\tilde{y},\tilde{m})$ be the joint probability density function of the operating time, degradation increment and time in task of the $(k-1)$th attempt. Given the degradation increment y, operating time s and time in task m of the $(k-1)$th attempt, then the degradation, remaining task execution time and cumulation time in task before the $(k-1)$th attempt are ${\displaystyle \frac{y}{{\lambda }_{k-1}}}-\tilde{y}$, $t+\tilde{t}$ and $m-\tilde{m}$, respectively. Thus, one can obtain the overall unconditional probability density function $q_k(y,t,m)$ recursively as

$$q_k(t,y,m)={\mathbf{I}}_{\left(H_{k-1}=(d_{k-1},{\lambda }_{k-1})\right)}\underset{0}{\overset{\tau -m}{\int }}\underset{0}{\overset{y/{\lambda }_{k-1}}{\int }}\underset{0}{\overset{min(\tau ,\left(\widehat{\tau }-t\right))}{\int }}{q}_{k-1}\left(t+\tilde{t},\frac{y}{{\lambda }_{k-1}}-\tilde{y},m-\tilde{m}\right)g_{k-1}(\tilde{y},\tilde{t},\tilde{m})d\tilde{t}d\tilde{y}d\tilde{m}.$$

Under IITR, if k attempts are made until task success before time $\widehat{\tau }$, then the remaining time for task execution before the kth attempt should be greater than the time required to finish the remaining task, and the cumulative operating time is larger than $\tau$ after the kth attempt. There exist two possible scenarios for task success. In scenario 1, the cumulative operating time exceeds $\tau$ before the abort time $T_{d_k}$. In scenario 2, the cumulative operating time is smaller than $\tau$ before the abort time $T_{d_k}$ but is larger than $\tau$ before failure occurrence. Thus, the probability that the task is completed at the kth attempt under IITR is given as

$$\begin{array}{cc}\hfill R_{II}\left(k\right)& =\underset{0}{\overset{\tau }{\int }}\underset{\tau }{\overset{\widehat{\tau }}{\int }}\underset{0}{\overset{d_k}{\int }}{\mathbf{I}}_{\left(H_k=(d_k,{\lambda }_k)\right)}P(T_{d_k}>\epsilon ,L_{d_k}>\tau -m|Y_k=y)q_k(t,y,m)dydtdm\hfill \\ \hfill & =\underset{\tau -\epsilon }{\overset{\tau }{\int }}\underset{\tau }{\overset{\widehat{\tau }}{\int }}\underset{0}{\overset{d_k}{\int }}{\mathbf{I}}_{\left(H_k=(d_k,{\lambda }_k)\right)}P(T_{d_k}\ge \tau -m|Y_k=y)q_k(t,y,m)dydtdm\hfill \\ \hfill & +\underset{0}{\overset{\tau -\epsilon }{\int }}\underset{\tau }{\overset{\widehat{\tau }}{\int }}\underset{0}{\overset{d_k}{\int }}{\mathbf{I}}_{\left(H_k=(d_k,{\lambda }_k)\right)}P(\epsilon <T_{d_k}<\tau -m,L_{d_k}>\tau -m|Y_k=y)q_k(t,y,m)dydtdm.\hfill \end{array}$$

(13)

According to the distribution function of the degradation increment in Equation (2) and the joint probability density function of $T_{d_k}$ and $X\left(T_{d_k}\right)$ in Equation (7), the probability that the mission is completed before reaching the abort threshold $d_k$ is

$$P(T_{d_k}>\tau -m|Y_k=y)=1-\frac{\mathsf{\Gamma }(\alpha (\tau -m),\beta \left(d_k-y\right))}{\mathsf{\Gamma }\left(\alpha \right(\tau -m\left)\right)},$$

(14)

and the probability that the mission is completed after reaching the abort threshold $d_k$ is

$$\begin{array}{cc}\hfill & P(\epsilon <T_{d_k}<\tau -m,L_{d_k}>\tau -m|Y_k=y)\hfill \\ \hfill & =\underset{\epsilon }{\overset{\tau -m}{\int }}\underset{d_k}{\overset{D}{\int }}P\left\{Y(\tau -m)-Y\left(\tilde{t}\right)<D-\tilde{y}\right\}{f}_{\left(T_{d_k},Y\left(T_{d_k}\right)|Y_k=y\right)}(\tilde{t},\tilde{y})d\tilde{y}d\tilde{t}\hfill \\ \hfill & =\underset{\epsilon }{\overset{\tau -m}{\int }}\underset{d_k}{\overset{D}{\int }}\left(1-\frac{\mathsf{\Gamma }(\alpha (\tau -m-\tilde{t}),\beta (D-\tilde{y}))}{\mathsf{\Gamma }\left(\alpha (\tau -m-\tilde{t})\right)}\right)f_{\left(T_{d_k},Y\left(T_{d_k}\right)|Y_k=y\right)}(\tilde{t},\tilde{y})d\tilde{y}d\tilde{t}.\hfill \end{array}$$

(15)

Based on the expression in Equations (14) and (15), the probability that the task is completed at the kth attempt under IITR can be derived as

$$\begin{array}{cc}\hfill R_{II}\left(k\right)& =\underset{0}{\overset{\tau -\epsilon }{\int }}\underset{\tau }{\overset{\widehat{\tau }}{\int }}\underset{0}{\overset{d_k}{\int }}{\mathbf{I}}_{\left(H_k=(d_k,{\lambda }_k)\right)}\left(1-\frac{\mathsf{\Gamma }(\alpha (\tau -m),\beta \left(d_k-y\right))}{\mathsf{\Gamma }\left(\alpha \right(\tau -m\left)\right)}\right)q_k(t,y,m)dydtdm\hfill \\ \hfill & +\underset{\tau -\epsilon }{\overset{\tau }{\int }}\underset{\tau }{\overset{\widehat{\tau }}{\int }}\underset{0}{\overset{d_k}{\int }}{\mathbf{I}}_{\left(H_k=(d_k,{\lambda }_k)\right)}\underset{\epsilon }{\overset{\tau -m}{\int }}\underset{d_k}{\overset{D}{\int }}\left(1-\frac{\mathsf{\Gamma }(\alpha (\tau -m-\tilde{t}),\beta (D-\tilde{y}))}{\mathsf{\Gamma }\left(\alpha (\tau -m-\tilde{t})\right)}\right)f_{\left(T_{d_k},Y\left(T_{d_k}\right)|Y_k=y\right)}(\tilde{t},\tilde{y})d\tilde{t}d\tilde{y}{q}_k(t,y,m)dydtdm.\hfill \end{array}$$

Since the number of attempts until task success is mutually exclusive, by the law of total probability, the TSP under IITR can be obtained as

$$R_{II}=\sum _{k=1}^K{R}_{II}\left(k\right).$$

5.2. SSP Evaluation under IITR

According to the time redundancy property, if the system survives after making k attempts before time $\widehat{\tau }$, then the task is aborted at the kth attempt, i.e., $T_{d_k}<\epsilon$ and $T_{d_k}+\varphi \left(T_{d_k}\right)<L_{d_k}$, and the remaining time for task execution after the completion of the kth rescue procedure should be smaller than the remaining task time, i.e., $t-\varphi \left(T_{d_k}\right)<\tau -m$. Based on the probability density function of $T_i$, the probability that the system survives after k attempts under IITR is given by

$$\begin{array}{c}\hfill S_{II}\left(k\right)=\underset{0}{\overset{\tau }{\int }}\underset{\tau }{\overset{\widehat{\tau }}{\int }}\underset{0}{\overset{d_k}{\int }}{\mathbf{I}}_{\left(H_k=(d_k,{\lambda }_k)\right)}P\left(T_{d_k}<\epsilon ,T_{d_k}+\varphi \left(T_{d_k}\right)<L,t-\varphi \left(T_{d_k}\right)<\tau -m|Y_k=y\right)q_k(t,y,m)dydtdm.\end{array}$$

(16)

By the distribution of the degradation increment in Equation (2) and the joint probability density function of $T_{d_k}$ and $Y\left(T_{d_k}\right)$ in Equation (7), it follows that

$$\begin{array}{cc}\hfill & P\left(T_{d_k}<\epsilon ,T_{d_k}+\varphi \left(T_{d_k}\right)<L,t-\varphi \left(T_{d_k}\right)<\tau -m|Y_k=y\right)\hfill \\ \hfill & =\underset{\psi }{\overset{\epsilon }{\int }}\underset{d_k}{\overset{D}{\int }}P\left\{T_{d_k}+\varphi \left(T_{d_k}\right)<L|T_{d_k}=\tilde{t},Y\left(T_{d_k}\right)=\tilde{y}\right\}{f}_{\left(T_{d_k},Y\left(T_{d_k}\right)|Y_k=y\right)}(\tilde{t},\tilde{y})d\tilde{y}d\tilde{t}\hfill \\ \hfill & =\underset{\psi }{\overset{\epsilon }{\int }}\underset{d_k}{\overset{D}{\int }}P\left\{Y\left(\tilde{t}+\varphi \left(\tilde{t}\right)\right)-Y\left(\tilde{t}\right)<D-\tilde{y}\right\}{f}_{\left(T_{d_k},Y\left(T_{d_k}\right)|Y_k=y\right)}(\tilde{t},\tilde{y})d\tilde{y}d\tilde{t}\hfill \\ \hfill & =\underset{\psi }{\overset{\epsilon }{\int }}\underset{d_k}{\overset{D}{\int }}\left(1-\frac{\mathsf{\Gamma }(\alpha \varphi \left(\tilde{t}\right),\beta (D-\tilde{y}))}{\mathsf{\Gamma }\left(\alpha \varphi \left(\tilde{t}\right)\right)}\right)f_{\left(T_{d_k},Y\left(T_{d_k}\right)|Y_k=y\right)}(\tilde{t},\tilde{y})d\tilde{y}d\tilde{t},\hfill \end{array}$$

(17)

where $\psi$ satisfies $t-\varphi \left(\psi \right)=\tau -m$. Using Equation (17), the probability that the system survives after k attempts under IITR can be given as

$$S_{II}\left(k\right)=\underset{0}{\overset{\tau }{\int }}\underset{\tau }{\overset{\widehat{\tau }}{\int }}\underset{0}{\overset{d_k}{\int }}{\mathbf{I}}_{\left(H_k=(d_k,{\lambda }_k)\right)}\underset{\psi }{\overset{\epsilon }{\int }}\underset{d_k}{\overset{D}{\int }}\left(1-\frac{\mathsf{\Gamma }(\alpha \varphi \left(\tilde{t}\right),\beta (D-\tilde{y}))}{\mathsf{\Gamma }\left(\alpha \varphi \left(\tilde{t}\right)\right)}\right)f_{\left(T_{d_k},Y\left(T_{d_k}\right)|Y_k=y\right)}(\tilde{t},\tilde{y})d\tilde{y}d\tilde{t}{q}_k(t,y,m)dydtdm.$$

In a similar manner, the SSP under ITR can be obtained by the law of total probability as

$$S_{II}=\sum _{k=1}^{\infty }{S}_{II}\left(k\right).$$

6. Optimal Abort and Maintenance Policies

The TSP increases as the abort limits increase while the SSP is decreasing in the abort thresholds due to increased failure risk caused by larger task execution duration. Thus, it is of practical value to find the optimal task abort thresholds to balance the trade-off between TSP and SSP. A commonly used criterion characterizing such optimization problem is economic loss. The cost during the task execution includes the maintenance cost before each attempt, task failure cost and system failure cost. Denote the random maintenance cost over task execution by W. Let $c_m$ and $c_s$ be the task failure cost and system failure cost, respectively. Based on the expressions for TSP and SSP, the expected total cost under ITR during task execution can be given as

$$E\left(C_I\right)=c_m(1-R_I)+c_s(1-S_I)+E\left(W_I\right),$$

(18)

and the expected total cost under IITR during task execution can be given as

$$E\left(C_{II}\right)=c_m(1-R_{II})+c_s(1-S_{II})+E\left(W_{II}\right).$$

(19)

In what follows, we focus on deriving the expected maintenance cost during task execution under two types of time redundancy. Let $w_I\left(j\right)$ and $w_{II}\left(j\right)$ be the maintenance cost at the jth attempt under ITR and IITR, respectively. By the law of conditional expectation, the expected maintenance cost under ITR is

$$E\left(W_I\right)=\sum _{k=1}^K\sum _{j=1}^{k-1}{R}_I\left(k\right)w_I\left(j\right).$$

(20)

In a similar manner, the expected maintenance cost under IITR is

$$E\left(W_{II}\right)=\sum _{k=1}^K\sum _{j=1}^{k-1}{R}_{II}\left(k\right)w_{II}\left(j\right).$$

Note that the maintenance cost is related to both the degradation before maintenance and the maintenance degree. Given the degradation level y at the beginning of the jth attempt, then the degradation after the rescue of the $(k-1)$th attempt is ${\displaystyle \frac{y}{{\lambda }_{k-1}}}$. The expected maintenance cost at the jth attempt under ITR is

$$w_I\left(j\right)=\underset{\tau }{\overset{\widehat{\tau }}{\int }}\underset{0}{\overset{d_j}{\int }}{\mathbf{I}}_{\left(H_{j-1}=(d_{j-1},{\lambda }_{j-1})\right)}{c}_p\left({\lambda }_{j-1},\frac{y}{{\lambda }_{j-1}}\right)q_j(t,y)dydt.$$

(21)

By (20) and (21), the expected maintenance cost under ITR is

$$E\left(W_I\right)=\sum _{k=1}^{\infty }\sum _{j=1}^{k-1}\underset{\tau }{\overset{\widehat{\tau }}{\int }}\underset{0}{\overset{d_j}{\int }}{R}_I\left(k\right){\mathbf{I}}_{\left(H_{j-1}=(d_{j-1},{\lambda }_{j-1})\right)}{c}_p\left({\lambda }_{j-1},\frac{y}{{\lambda }_{j-1}}\right)q_j(t,y)dydt.$$

The expected maintenance cost under IITR is given in a similar manner as

$$E\left(W_{II}\right)=\underset{0}{\overset{\tau }{\int }}\underset{\tau }{\overset{\widehat{\tau }}{\int }}\underset{0}{\overset{d_k}{\int }}{\mathbf{I}}_{\left(H_{j-1}=(d_{j-1},{\lambda }_{j-1})\right)}{c}_p\left({\lambda }_{j-1},\frac{y}{{\lambda }_{j-1}}\right)q_j(t,y,m)dydtdm.$$

Since the calculation of TSP and SSP involves reserve function, a numerical method is designed to obtain the value of TSP and SSP, and then, the optimal abort thresholds and maintenance degrees can be solved by efficient heuristic algorithms. The following section evaluates the performance of the proposed abort and maintenance policies numerically.

7. Case Study

7.1. Background

This section applies the developed abort and maintenance strategies to the cooling system in chemical reactors studied by Cha et al. [24] to illustrate the proposed risk assessment method and the performance of the optimal policies. Cooling systems are widely used in chemical reactors, which are required to keep temperatures at required levels, and their failures will lead to the dramatic fluctuation in temperature and ultimate reactor damage, resulting in huge economic loss and serious environmental and personal harm. Thus, the performed cooling task can be terminated to avoid the serious failure consequences. Additionally, routine preventive maintenance is critical to improve the TSP and SSP of the cooling system. The development of optimal maintenance and task termination strategies for cooling systems is of crucial importance in engineering practice. Crack degradation caused by corrosion is the most common internal failure mode of a typical cooling system. To characterize the monotone degradation behavior, the degradation process is modeled by a homogeneous Gamma process with D = 20 mm, $\alpha =1.2,\beta =0.4$.

Assume that the allowable time for performing the cooling task is 30 h. The time for a single cooling task is 15 h. When the system degradation at each attempt exceeds a threshold, the cooling task is suspended, and rescue will be carried out whose duration at time is t is $\varphi \left(t\right)=0.5t$. Then, we can calculate the maximum abort time $\epsilon$ in each attempt as 10 h. When the time in task is greater than 10 h, the task takes less time to complete the rescue; that is, if the rescue starts after 10 h, the task will not be suspended. After each rescue, the imperfect maintenance is carried out with cost function $c_p(\lambda ,y)=20y(1-\lambda )$. In this section, the TSP and SS of the cooling system are numerically tested by a numerical integration method. Then, the optimal maintenance and abort thresholds under dynamic policy are studied.

7.2. Evaluation of TSP and SSP

This section uses a forward numerical algorithm to evaluate TSP and SSP based on the backward equations. First, we define the discretized time interval and degradation level. The running time of Matlab on a Pentium 3.2GHz PC is approximately 1500 s under the current parameter setting. Figure 2 shows the TSP and SSP under a single task attempt. The solid line represents the SSP, and the dotted line denotes the TSP. It can be observed that the TSP goes up as the degradation-based abort threshold increases. Such variation is due to the fact that under a larger value of task abort threshold, the task can continue for a relatively longer duration, and the corresponding TSP is larger, but the probability of occurrence of system failure will increase for a longer task duration. Hence, SSP decreases with task abort threshold. Figure 2 shows that TSP remains at a low level when the abort threshold is less than 8 and then increases significantly since the probability of completing the mission is very small when the abort threshold takes a low value. When the task abort threshold is 0, a task is aborted immediately before mission execution, and the corresponding SSP and TSP are 1 and 0, respectively. When the task abort threshold is 20, the TSP and SSP are the same value, since the task is never aborted. In this case, SSP equals the TSP.

7.3. Optimal Task Abort and Maintenance Policies

We further consider optimal task abort and maintenance policies under different types of time redundancy. This section investigates the variation of the optimal solution with respect to allowable time and task duration. The cost of a task failure and system failure are assumed to be 500 and 1700, respectively.

Table 1. Optimal solution under ITR given different allowable time and task duration.

(Allowable Time $\widehat{\mathit{\tau }}$, Task Duration $\mathit{\tau }$)	Allowed Attempts K = 2	Allowed Attempts K = 3	Allowed Attempts K = 4
(30 h, 15 h)	$(13.2,0;13.2)$	$(15.1,0.23;13.7;0;12.8)$	$(15.7,0.21;14.0,0.30;13.7,0;12.6)$
(35 h, 15 h)	$(13.9,0;13.9)$	$(15.2,0.27;14.4;0;13.5)$	$(16.0,0.26;15.0;0.31;14.2;0;13.4)$
(40 h, 15 h)	$(14.2,0;14.2)$	$(15.5,0.29;14.7;0;14.1)$	$(16.1,0.27;15.3,0.35;14.6,0;14.0)$
(45 h, 15 h)	$(14.7,0;14.7)$	$(15.8,0.32;15.0;0;14.3)$	$(16.5,0.30;15.7;0.38;15.0;0;14.2)$
(50 h, 15 h)	$\left(15.3,0;15.3\right)$	$\left(16.9,0.35;15.6;0;14.5\right)$	$\left(17.7,0.32;16.8,0.43;15.4,0;14.3\right)$
(30 h, 10 h)	$(13.7,0;13.7)$	$(15.4,0.28;13.8;0;13.3)$	$(16.3,0.26;14.5,0.15;14.1,0;12.9)$
(30 h, 15 h)	$(13.2,0;13.2)$	$(15.1,0.23;13.7;0;12.8)$	$(15.7,0.21;14.0,0.15;13.7,0;12.6)$
(30 h, 20 h)	$(12.9,0;12.9)$	$(14.3,0.21;13.4;0;12.5)$	$(15.1,0.15;13.5,0.12;13.2,0;12.1)$
(30 h, 25 h)	$(12.2,0;12.2)$	$(14.0,0.10;13.1;0;11.9)$	$(14.6,0.11;13.1,0.10;12.8,0;11.1)$

shows how the optimal abort and maintenance decisions under ITR vary with the change of different time deadlines and task duration. It shows that given a fixed task duration and number of attempts, the abort threshold is nondecreasing when the time deadline increases. One possible source for such variation is that when the time deadline is small, the abort should be conducted earlier during the first several attempts to save time for the rescue procedure and subsequent attempts. With the increase of time deadline, it is optimal to delay mission abort due to the need for more time for the rescue procedure and following task execution. Similarly, we can observe from Table 1 that given a fixed number of attempts, the abort threshold decreases when the task duration increases. Because when the mission duration is small, the abort should be conducted at a later stage to improve TSP. With the increase of task duration, it is optimal to advance task abort to improve SSP. For a fixed time deadline and task duration, the abort threshold decreases with the increase of task attempts. One explanation is that the task should be terminated earlier to save time for rescue and improve SSP in the last few attempts.

We can observe that given fixed amounts of allowable time, task duration and allowed attempts, the optimal $\lambda$ decreases with the increase of task attempts to reduce the total cost. To be specific, in the first few task attempts, it is optimal to perform imperfect maintenance to reduce maintenance cost, while with the increase of task attempts, it is optimal to perform perfect maintenance to improve TSP and SSP. Given a fixed task duration and number of attempts, the optimal $\lambda$ increases when the allowable time increases due to the increased TSP.

Table 2. Optimal solution under IITR given different time deadlines.

(Allowable Time $\widehat{\mathit{\tau }}$, Task Duration $\mathit{\tau }$)	Allowed Attempts K = 2	Allowed Attempts K = 3	Allowed Attempts K = 4
(30 h, 15 h)	$(12.7,0.15;12.5)$	$(14.6,0.28;13.3;0;12.3)$	$(15.1,0.45;13.6,0.38;13.3,0.31;12.1)$
(35 h, 15 h)	$(13.2,0.20;12.9)$	$(15.0,0.30;13.7;0.11;13.2)$	$(15.7,0.43;14.5;0.40;13.5;0.36;12.6)$
(40 h, 15 h)	$(14.0,0.25;13.3)$	$(15.3,0.39;14.3;0.24;13.8)$	$(15.8,0.47;15.1;0.42;14.0;0.37;12.9)$
(45 h, 15 h)	$(14.3,0.41;13.8)$	$(15.1,0.43;14.8;0.37;14.0)$	$(16.4,0.48;15.6;0.43;14.5;0.39;13.2)$
(50 h, 15 h)	$\left(14.7,0.44;14.1\right)$	$\left(16.4,0.51;15.0;0.44;14.2\right)$	$\left(17.2,0.52;16.3,0.51;15.0,0.46;13.9\right)$
(30 h, 10 h)	$(13.5,0.20;13.1)$	$(15.2,0.33;13.5;0;13.0)$	$(16.1,0.49;14.2,0.40;13.6,0.31;12.5)$
(30 h, 15 h)	$(12.7,0.15;12.5)$	$(14.6,0.28;13.3;0;12.3)$	$(15.1,0.45;13.6,0.34;13.3,0.30;12.1)$
(30 h, 20 h)	$(12.3,0;12.1)$	$(14.1,0.22;13.4;0;12.1)$	$(14.7,0.30;13.2,0.21;13.0,0;11.4)$
(30 h, 25 h)	$(12.0,0;11.8)$	$(13.7,0.18;13.0;0;11.6)$	$(14.3,0.27;12.8,0.17;12.5,0;10.8)$

shows how the optimal abort and maintenance decisions under IITR vary with the change of different time deadlines and task duration. Comparing Table 1 and Table 2, it can be found that under IITR, the optimal $\lambda$ increases under IITR, since the completed work can be accumulated under IITR. Thus, it is optimal to conduct imperfect maintenance to save the maintenance cost. The abort threshold under ITR is lager than that under IITR. Under IITR, the completed task in different attempts can be accumulated under IITR, resulting in higher TSP. Consequently, the task under IITR can be aborted earlier due to higher TSP.

8. Conclusions, Limitations, and Future Research

This paper advances the state of the art of task termination by studying the joint optimal task abort and maintenance policies for task-based systems with a stochastic degradation process. The tasks can be executed multiple attempts by a deadline. TSP and SSP are evaluated considering ITR and IITR with different task success criteria. Based on the system degradation process and time redundancy properties, dynamic task abort and preventive maintenance policies are designed via considering the degradation level, remaining amount of time for task execution and cumulative operating time. TSP and SSP are evaluated by an event transition-based numerical algorithm. Based on the proposed framework, cost models are constructed to characterize total cost due to maintenance, task failure and system malfunction. The optimal thresholds and performance of the policies under ITR and IITR are investigated. The results indicate that both TSP and SSP under IITR are better than that under ITR.

The limitations of the current study and a number of corresponding future research directions are summarized as follows. Firstly, we assume that both the maintenance and abort thresholds are related to the number of task attempts. Future study can be devoted to considering the maintenance and abort thresholds related to the remaining task to be completed. Secondly, maintenance time is assumed to negligible in this study. The case of time-consuming maintenance activities is worth investigating, which is more practical in engineering practice. Last but not least, the current research can be extended to the case where a certain amount of work is required to complete the task.