ML19011A429
| ML19011A429 | |
| Person / Time | |
|---|---|
| Issue date: | 01/16/2019 |
| From: | Office of Nuclear Regulatory Research |
| To: | |
| Nathan Siu 415-0744 | |
| Shared Package | |
| ML19011A416 | List:
|
| References | |
| Download: ML19011A429 (35) | |
Text
Modeling Plant and System Response Lecture 4-2 1
Key Topics
- Considerations in modeling process
- Principal modeling tools
- Event trees
- Fault trees
- Methods of analysis
- Linked fault trees
- Event trees with boundary conditions
- Useful tools 2
Overview
Resources
- American Nuclear Society and the Institute of Electrical and Electronics Engineers, PRA Procedures Guide, NUREG/CR-2300, January 1983.
- W.E. Vesely, et al., Fault Tree Handbook, NUREG-0492, January 1981.
- R.E. Barlow and F. Proschan, Statistical Theory of Reliability and Life Testing: Probability Models, Second Edition, To Begin With, Silver Spring, MD, 1975.
3 Overview
Standard Framework for Plant/System Analysis 4
Introduction
Preliminary Remarks
- Greater variability (art) in modeling post-initiator response than in initiators (at least for operating NPP PRAs)*
- Principal tools (event trees and fault trees) are standard but analysts have modeling choices
- Analysis scope
- Level of detail
- Simplifications
- Parsing of sequence elements
- Method of analysis 5
- There are exceptions (e.g., modeling of LOOP)
Introduction
Preliminary Remarks (cont.)
- No one right way, but current processes (e.g., peer reviews, benchmarking, NRC review questions) tend to reduce variability in approaches.
- The act of modeling improves understanding - PRA owners derive maximum benefit if theyre involved in the analysis.
6
- There are exceptions (e.g., modeling of LOOP)
Introduction
Cautions
- System details can be intimidating to the uninitiated.
- Need to understand how system works before figuring out how it might fail.
- Time required to develop understanding can be significant.
- Many attempts to automate model construction, none yet satisfactory. Increasing importance for organizations that cycle staff through PRA department.
- Many models already exist.
- Existing models provide templates for new modeling efforts, also serve as points of comparison
- Need to be careful of biases from the anchoring and adjustment heuristic (Lecture 2-3) 7 Introduction
Example Choices
- Analysis scope (given overall project scope)
- Time (e.g., pre-initiator processes, mission time)
- Space (e.g., single unit vs. multi-unit, regional hazards)
- Organization (e.g., plant staff only, offsite organizations)
- Level of detail
- Piece-part vs. component vs. super-component/module/train
- Sub-task vs. task vs. human failure event (Lecture 5-2) 8 Modeling Process
Example Choices (cont.)
- Simplifications
- Unlikely failures and failure combinations (e.g.,
locked manual valves, multiple instrument line valves)
- Failures that should have little effect on performance (e.g., non-safety strip chart recorder)
- Uncredited recovery actions (e.g., untrained, non-proceduralized actions)
- Independence of events (Lecture 6-1)
- Treatment of uncertainty (e.g., Point estimate vs.
full characterization) 9 Modeling Process
Example Choices (cont.)
- Simplifications - Miniflow Test Line Example 10 Should the miniflow test line (and valve MV2) be included in the fault tree?
Why or why not?
P1 P2 MV1 CV MV2 T
Miniflow Test Line Modeling Process
Example Choices (cont.)
- Parsing
- System-based event trees vs. functional event tree vs. no event tree
- Human failure events in event trees or fault trees
- Note:
- Difficulty is conserved
- Results should be the same, given the same modeling assumptions. However, risk communication can be affected 11 Modeling Process
Guiding Principles in Choosing
- Availability and quality of supporting evidence
- Required degree of realism
- Key dependencies
- PRA-user confidence 12 Important: choices => responsibility
- Document understanding and assumptions
- Be able to defend analysis - take ownership Modeling Process
Analysis Methods and Models
- Linked fault tree vs event tree with boundary conditions
- Logic modeling vs object-oriented simulation (Lecture 9-3)
- Static vs dynamic (Lecture 9-3) 13 Analysis Methods and Models
Linked Fault Tree Example 14 P3 VA P1 P2 VA System 1 System 2 1
2 3
No CD Late CD = IE S1 S2 Early CD Initiating Event Analysis Methods and Models Overbar for success.
Also slash (/).
Fault Tree for System 1 Assume Each pump can supply the necessary flow (i.e., the pumps are redundant), so system failure requires both pumps to fail The pumps and the valve have the same electric power source (EP) 15 System 1 Failure Failure of Both Pumps Failure of Pump 1 EP P1 Failure of Pump 2 EP P2 Failure of Valve A EP VA Analysis Methods and Models
Boolean Operators, Laws, etc AND: also and multiplication symbols (e.g., * )
OR: also U V and addition symbols (e.g., +)
NOT: also / and overscore
= True,
=
,
,
,
,
=
=
, =
16 Analysis Methods and Models
Application: Fault Tree to Boolean System 1 failure:
More generally, a fault tree can be drawn as the conjunction/union (OR) of all of the minimal cut sets where MCSi is the disjunction/intersection (AND) of the basic elements in the MCS 17 1 =
1 2
= 1 2 1 2
=
=
=1
Analysis Methods and Models
Simplification via Boolean Reduction 18 Analysis Methods and Models
Application: Fault Tree to Success Tree, Minimal Cut Sets to Minimal Path Sets 19 OR OR AND AND Success Failure Success Failure MCS = {EP}, {VA}, {P1, P2}
MPS = {/EP, /VA, /P1}, {/EP, /VA}, /P2}
Analysis Methods and Models
Linked Fault Tree 20 System 1 System 2 1
2 3
No CD Late CD Early CD Initiating Event S2 = IE [{/EP, /VA, P1} U {/EP, /VA}, /P2}] [{EP} U {VA} U {P3}]
= IE [{/EP, /VA, P1} U {/EP, /VA}, /P2}] {P3}
Cut Sets: {IE, /EP, /VA, /P1, P3}, {IE, /EP, /VA, /P2, P3}
Analysis Methods and Models
System 1 System 2 1
2 3
No CD Late CD Early CD Electric Power 4
Early CD Initiating Event Event Tree w/Boundary Conditions Example 21 f1 = P{/EPlIE}
f2 = P{/S1l/EP,IE}
f3 = P{S2l/S1,/EP,IE}
Conditional split fraction Analysis Methods and Models l2 = l1 f1 1 f2 f3 2 = 1, 2 1,,
= //1 2 (conditions are understood)
Reminder - Conditional Probability
- Definition
- Venn Diagram 22
A given B => B is assumed to be true B
A
A given B =>
The universe of possibilities is reduced to B Analysis Methods and Models
Linked Fault Trees vs Event Trees w/Boundary Conditions
- Linked fault trees
- Used by most PRA software
- Focus on modeling top events; fault tree software deals with logic-based dependencies
- Special basic event or post-processing rules needed to address other dependencies
- Qualitative information: sequence cut sets, cut sets
- Event trees with boundary conditions
- Less used
- Can be used with reliability block diagrams (discussed later)
- Focus on conditional probabilities, dependencies
- Qualitative information: sequences 23 Analysis Methods and Models
Useful Tools for Plant Modeling
- Event Sequence Diagrams (ESDs)
- Dependency Matrices
- Note: tools are useful for
- Documenting understanding of system
- Supporting learning by doing (active learning) 24 Useful Tools
Event Sequence Diagrams
- Flowchart representing potential scenarios
- Not necessary for simple problems but
- Helps structure thinking regarding myriad possibilities
- Can provide a more literal, richer scenario picture (story) than event trees
- Key parameters and indications
- Important trends
- Loops
- Modeling assumptions
- Documents understanding 25 Useful Tools
ESD Concept 26 Probabilistic Risk Assessment Procedures Guide for NASA Managers and Practitioners, NASA/SP-2011-3421, 2nd ed., 2011 Useful Tools
ESD Example (NPP) 27 American Nuclear Society and the Institute of Electrical and Electronics Engineers, PRA Procedures Guide, NUREG/CR-2300, January 1983.
American Nuclear Society and the Institute of Electrical and Electronics Engineers, PRA Procedures Guide, NUREG/CR-2300, January 1983.
Useful Tools
Dependency Matrices Tool to help understand and document functional dependencies between systems (and even trains)
Example:
28 Support Systems Frontline Systems OP AC-A AC-B SW-A SW-B LPI-A LPI-B LPR-A LPR-B OP X
AC-A X
X X
X AC-B X
X X
X SW-A (1)
X X
X SW-B (1)
X X
X (1) Failure of service water leads to loss of EDG cooling and eventual LOSW (if offsite power is not available).
Useful Tools
System Modeling Tools
- Fault Trees
- Reliability Block Diagrams
- Object-Oriented Simulation (Lecture 9-3) 29 Analysis Methods and Models
Reliability Block Diagrams Success-oriented, quantitative reliability models 30 B1 B2 B3 B5 B6 B4 1 +
2 1 + 1 3 2 + 2 4 = 3 5 = 1 6 = 2 1 = 1 2 = 2 3 4 = 2 4 6 3 = 5 6 4 = 3 4 5
1
1 where
=1 5
=1 5
min cut upper bound rare event Analysis Methods and Models
Comment - Details Matter Including the same component in different system models is OK (software algorithms will do Boolean reduction) but errors in labeling can cause errors in results.
Example: What happens if the analyst for System 1 labels Valve A as S1-VA and the analyst for System 2 labels that valve as S2-VA?
31 P3 VA P1 P2 VA System 1 System 2 Analysis Methods and Models
Knowledge Check
- MCS if each pump can provide 100% flow?
- MCS if each pump can provide 50% flow?
32 P1 P2 MV1 CV MV2 T
Knowledge Check (cont.)
33 P1 P2 MV1 CV MV2 T
P2 MV1 MV2 4160 VAC BY 480 VAC BZ 4160/480 VAC XT P1 Now what are the minimal cut sets?
Bus Breaker Transformer Load
Thought Exercise The plant manager, whos been working at the plant for 40 years, looks at your fault tree for the boiler. He sees that the manual valve at the bottom of the boiler is a single point failure (i.e., a single element MCS). He growls at you Whaddya mean, the valve is going to disappear? And anyways theres no such thing as a random failure!
Whats your response? Hint: There are a number of reasonable choices, but Im just doing my job, is probably not one.
34
Closing Remarks
- Rare events => need to search for potential contributors
- Formal tools (e.g., MLDs, ESDs) can:
- help the analyst think about the problem, aid the search process, and increase degree of completeness
- document the analysts understanding and key modeling assumptions
- Examples from past studies provide useful guidance; beware of treating them as templates 35