ML20126K736
| ML20126K736 | |
| Person / Time | |
|---|---|
| Site: | Browns Ferry  |
| Issue date: | 12/16/1980 |
| From: | Horton W, Lobner P, Varnado G SANDIA NATIONAL LABORATORIES, SCIENCE APPLICATIONS INTERNATIONAL CORP. (FORMERLY |
| To: | |
| Shared Package | |
| ML20126K728 | List: |
| References | |
| SAND81-0062, SAND81-0062-R01, SAND81-62, SAND81-62-R1, NUDOCS 8105210095 | |
| Download: ML20126K736 (244) | |
Text
{{#Wiki_filter:. SAND 81-0062 O 4 ; DRAFT-INFORAAL MAT CONTAIN ERRots NOTANDYgTppt. ~C (f#l NARY AND ORRECTED. FL AS SUC)8 l I 1N.WOUSE PRIVATE DefTR$UTION AND NOT FOR EXTWNAL RELEASEW!THOUT @NSENT O,F AUTHgRS. DRAFT l. FAULT TREE ANALYSIS PROCEDURES FOR THE INTERIM RELIABILITY EVALUATION PROGRAM (IREP) , (Revision 1) i G. Bruce Varnado Sandia National Laboratories William Horton Peter Lobner Science Applications, Inc. Decenter 16, 1980 8105210884 DRAFT. INFORMAL AND PRELIMtNARY AND AS SUCW T' r MAY CONTAIN ERRORS NOT YET CORRECTEC IN.WOUSE PRIVATE DISTRIBUTION ANL 6CT ICA EXTERNAL RELEASE TITHOUT CCH5ENT OF AUTWORS. j
CONTENTS ( pcGE
.i SECTION 1
i 1 INTRODUCTION. . . . . . . . . . . . . . . . . . . . . . . . . 1
- 1.1 Purpose. . . . . . . . . . . . . . . . . . . . . . . . .
, i 2 1.2 Modular Logic Modeling Approach. . . . . . . . . . . . . a i-
- 1.3 Basic Nomenclature Constraints . . . . . . . . . . . . .
6 2 FLUID SY3 TEM MODULAR LOGIC PROCEDURE. . . . . . . . . . . . . 5 2.1 Nomenciature for Fluid System Modular Logic Modules. . . 13 2.2 Procedure for Faule Tree Construction. . . . , . . . . .
~
2.3 Rules for Fault Tree Development . .....
~~
3 FLUID SYSTEM SEGMENT MCDULAR LOGIC PROCEDURES . . . . . . . . 52 3.1 Nomenclature for Fluid System. Segment Legi: Modules. . .
- 5 3.2 Use of the Modular Segment Logic . . .
69 4 FLUID SYSTEM COMPONENT MODULAR LOGIC PROCEDURES . . . . . 60 4.1 Nomenclature for Fluid System Cerconent L cic Modules. . 4.2 Valves . . . . . . . . . . . . . . . . . . . . . . . . . ~~ 4.2.1 Motor-Operated Valve (MOV). . . . . . . . . . . . 4.2.2 Pneumatic / Hydraulic Valve (NV) . . . . . . . . . . 69 4.2.3 Solenoid-Operated Valve (50V) . . . . . . . . . . i. 71- . 4.2.4 Manual Valve (XV) . . . . . . . . . . . . . . . . 73 4.2.5 Check Valve (CKV) . . . . . . . . . . . . . . . . l 73 4.2.6 Safety / Relief Valve (SRV) . . . . . . . . . . . .
- ntinue:/. . .
. . . . . - - ,. _ . - . . _ . , . , . . - . _ . - . . . . .,. --,~,_. - . _ . . . - . . . _ . , , . . - - -
._ A "** A -~ - - - . _
2. CONTENTS (Continued) t i Pa3E SECTION 78 4.3. Pumps. . . . . . . . . . . . . . . . . . . . . . . . . . 75 4.3.1 Motor-Driven Pump (MCP)'. . . . . . . . . . . . . 31 4.3.2 Turbine-Driven Pump (TOP) . . . . . . . . . . . .
- t. 84 4.4 Heat Exchangers. . . . . . . . . . . . . . . . . . . . .
4.5 Tanks. . . . . - on 4.5 Piping.......'****' e
- Cv r s..c.
n :u.- .-..
.e n.e. pn.
- . ... c v.i. v-.n...:.
.e -: v.u . Lnco..- se..a
. m.er-92 5.1 N men:12ture for Cemcene.t 5;;;0rt Syster. M dular L:gi:.
.... )':
5.2 Electric Power Systar. . . . . . . . ..... 1:2 5.2.1 Less of Ele:tric Power to a Com; nent . . . . . 5.2.2 Ci rcui t B reak e r ( C3 ) . . . . . . . . . . . . . . . $" .I 15 5.2.3 Loss of Power at a Bus . . . . . . . . . . . . . 5.2.4 Loss of Power from AC Sources . . . . . . . . . . ICE 115 5.2.5 Loss of Power from CC Sources . . . . . . . . .
. . . . . . . . . . 120 5.3 Control Power System . . . . . . .
12 2 ; 5.4 Actuati on Sys tem . . . . . . . . . . . . . . . . . . . 122 5.5 Room Cooling and Ventilation System . . . . . . . . . 129 5.5.1 Room Cooling or Ventilation SysteT. Faults . . . 131 5.5.2 Ventilation Fan (FAN) . . . . . . . . . . . . . i 133 4 5.5.3 Ventilation Dameer (DPR) . . . . . . . . . . . . continued /. . . iii
CONTENTS (Continued) i i PAGE SECTION 137 6 ' COMPONENT UNAVAILABILITY DUE TO TEST OR MAINTENANCE. . .
. . . . . . . . 139 7 EXAMPLE FLUID SYSTEM FAULT TREE DEVELOPMENT 7.1 Examcle Application of Fluid System Modular Legic Pro- 13 cedures using Rules in Section 2. . . . . . . . . . . .
7.2 Partial Fault Tree Devele:eent Resulting from Acclica- 162 l tion of Fluid System Fault Tree Procedures. . . . . . . / 7.3 Example Applicatien of Modular Logic for Segments, 166 Cce;cnents anc Supccrt Systems. . . . . . . . . . . . . l l' 5 iv
I t l
- 1. INTRODUCTION
\
( tree This report summarizes the procedures to be used for fault development in the initial stages of the Interim Reliability Evaluation
- Program (IREP). The procedures outlined are preliminsry in nature and may not adequately cover all situations which will arise in the course of the will hel p provide some prog ram. However, these prelimina ry procedures of detail, and controlling consi stency in a nalytical a pp r0a c h , - level a ssumptions used in the development of logic model s for the initial- oltnts Re fi nements will be made as re fi ned methods are studied in IREP.
devel ooed. be re spon sibl e fo-For each plant a fa ul t tree team will
-ses.
developing fault trees for system failures as dictated in the event The fault tree team must interface closely witn the event tree team to Voce r logi: (system fait u-e assure that the medel s a re comoa ti ol e . tree *eam. criteria) will be defined through consultation witn the event System fa ul t logic will be deveicoed in a modula r accroa:h tha t wi'1 facilitate handling the detailed model s. 1.1 PURPOSE The fiult trees developed in IREP will be used to: the
- e Quanti fy the probability of occurrence of secuences in event trees.
components (ones tha t drive failure e Dete rmi ne cri tical probabili ti e s) . e Assess common mode failure effects, j e Assess human error contributions to failure probability. 8 4
e cha racte ri stic s
' The purposes outlined above imply some general First, the trees must include of the fault trees produced in this study.
g to identi fy components of i nterest in the pl a nt. sufficient detail explicitly identify dependencies such as shared Second, the trees must Thi rd , human j and support systems. components, common power supplies, An important considerations interactions must be explicitly identified.
' in this area will be the impact on system failures of plant ope ra ti ng
- procedures and test and maintenance activities, The approach taken in IREP will be to concentrate the fault tree i The fault trees shoul d development on the hardware in the plant systems. l f component faul ts. Common
. accurately represent system failures in tems o the eval ua ti on of the mode and human error effects will be assessed in on the mecha ni stic pa rt of the problem should trees. Concentra ti ng fo r di f ferenc ,' j provide a set of basic fault trees that have broad utility In order to assure that the fault trees produced in ki nd s of a nalyse s .
the medul a r 10gic modeli ng recuf-ed cha n cte ri sti c s , IEEP have the accroach discussed in the next section will be used. 1.2 MODULAR LOGIC MCCELING APPRCACH numoer of features i n come , Hucl ea r power plants have a As a resul t, cne including similar system configurations and components. It is faul t trees for di f ferent plants will have similar structures. logic possible to develop modular logic models which represent the failure for many commonly occurring plant features and to define procedures to aid needed to buil d the analyst in gathering the plant-speci fic infomation The use of this modular detail ed fault trees from the modular submodels. logic modeling approach overcome s many of the limita ti ons commonly with the use of fault tree analysis in modeling large systems. associated noroug-In particular, it: (1) makes it pnctical for someone who has a knowledge of pl ant systems, but ha s limited knowledge of fault teee detailed trees, (2) reduces analysis techniques, to efficiently develop the time required to develop specific trees, and (3) gnatly improves tne j consistency with which analyses are done on different olants. 2
The first step in the fault tree development is the de fi ni tion of the top event. This will generally be sta ted in terms of the [' The fault tree and occurrenc'e of an event on the functional event tree. on the failure criteria for the
. event tree teams will have to a gree logic i systems that provide the function in order to assure that the UDoer The fsul t tree team structure for the fault tree is properly represented.
, Some members t
will then develop the detailed logic models for each system. tree team will be responsible for developing trees for all to the fa ult powe r , component cool i ng , etc., I the support systems such as electrical The modular which plug into the trees developed for the major systems. g' of the forn and logic models in the following figures provide exsmples l evel of detail of the models to be used in IREP for system and component failures. The fault tree team should use tne se consistency model in tne deuiled s tofruit tne maximum extent possible in order to assure trees. To apply the moduise fault tree deveicoment scorosch, toe system will be divided into piping segments, and the fault logic for the system as de'inec will be developed in tems of failures of the pioing segmencs Detailed fault logic for tne oicing segments wil' te
. by a set of rules. be adjusted te deve10 ped by the use of standardiced sub-trees which can His properly represent the soeci fi c characteristics of eachfaul segment.
t trees fo-modular approach will allow flexibility in use of the di f ferent analyse s as it will be possibl e to ta il or the l ev el of development of the logic to the specific analytical gcals. been have Common components, such ss valves and oum:s, The cla ssi fied according to type and sub-tree s develoeed for es:n.
~
analyst must edit the component tree by addi ng a cc ropri s te labels and del eti ng any events that do not apply to the pa rticular comoonent unne-l abel s a re acclied :: study. Care must be tden to assure that unique each component. A component must have the same label wherever it soceses the $3me in trees for the clant and no two different components can have label . The modul ar logic devel opment procedures s ee spolied in an the system i ters tive fa shi on as nece ssa ry to adequa tel y desc ribe In developing the fault tree for a het chs rseteristics and dependencies.
' removal system, for example, one might i denti fy an event relsted to 3
i l i' Devel opment , failure of a pump or other component which requires cooling. l of the of the loss of pump cooling . event may necessitate the application For some systems this repeated same procedure to the suppo rt system. application must be continued out to the ultimate heat sink. { trees
' After the fault tree analyst completes the development of trees would be submitted to a computer analyst for
; for s' system, the se ,
' conversion to computer input data. The modular logic models are stored on computer files and can be called up on a computer gnphics display system the requi red I as the computer analyst selects the appropriate trees, adds label s, and deletes any branches not needed for the specific plant under
. study. The computer analyst will also prepare the input for tree s not covered by the modul a r logic models.and will genente plots of all the analyst for review trees. The plots will be returned to the fault tree and correction.
The events for which procedures are speci fied in thi s reoc-t involve faults which occur in fluid systems and sssociated succort systems Two type s of coolant systems are common i n (e.g., el ec tric powe r) . source such nuclea r power plants. Ocen loop systems dew cociant from a as a tank and su:oly tne coolant to a heat source with no return oatn for ( fo r Closed loco systens circulate coolant from a heat sink the coolant. cooling tower, or large bocy of water) to a exampl e , a heat ex c ha nger, Fa ul t tree dev el ocment heat source (perhaps another heat exc ha nger) . procedums for these two kinds of systems are discussed in Section 2. 1.3 BASIC NOMENCLATURE CONSTRAINTS The constraints on the sice and fomat of event labelstniand s event fault tree s genen ted usi ng descriptions are imposed to make the nomenclature compatible with SETS, a fault tree analysis code.
- The fa ul t tree event labels are ifmited to a string of sixteen The letters of the alphabet, the numbers ze ro througn
. (16) cha racters. The string ni ne , and the dash or hyphen (-) are allowable charactees.
OMEGA is the only combination of chancters that is not allowed due to its f special meani ng in SETS. No blank chancters are Demitted between tw0 non-blank chancters in the event label . 4
ofghty Fault' tree-event descrip21ons are limited to a' string of an added constraint that the string can be divided (80 ) cha racters wi th each. Blank cha rscters into four (4) strings of twenty (20) characters can be used and count as a character in figuring the size of the string, i The letters of the al phabet, the numbers zero through ni ne , most punctua tion ma rks , and blanks are allomble characters. The period ( .
- and.the dollar. sign ($) are not to be used in the string.
I 3 e 4 5 e m ' u n ,+,-c m
l l l I
- 2. FLUID SYSTEM MODULAR LOGIC PROCEDURE l 1
( i
! develop a flui d This section describes the procedures used to down to a pipe segment level . The procedures recuire system fa ul t tree knowledge of the failure criteria of the system as given by the event tree Develcoment development and by operational characteristics of the system.
down to a component l evel is di scussed in of the system fault tree Sections 3 and 4 4 2.1 NOMENCLATURE FOR FLUID SYSTEM MODULAR LOGIC MODU Thi s section describes the nomenclatu*e used tres in the event and the event descriptions for the top event of a fluid system lfault evel . events of the tree down to a system segment for i nte rmediate rules for fl ui d system fa ul t tree
- and Thi s nomenclature is used in tne is divided into two subsections dealin; # tn con struc ti on. The section top event nomenclature and intermediate event nemenclature.
Nomenclature for Fluid System Fault Tree Too Events 2.1.1 The event label for a fluid system top event is of tne form FSSF-NCFMT The label is read as " failure of FSS to perform function using N of 9 tyce T components" . is an abbreviated form of the fluid system name. The code FSS For example, the Auxiliary Feedwater System may have an F55 cod Codes for systems not 1
' Codes for othe r systems are listed in Table 2-1.
. listed in the table can be developed by the analyst as long as t*e resulting codes are unique for the plant being analyzed.
4 6
\
Table 2-1. System Identifiers. APPLICABLE SYSTEM. SYSTEM NAME NUCLEAR IDENTIFIER PLANTS Reactor Coolant System
. PWR and BWR RCS.
ECI Emergency Core Cooling System (Injection Mode) ECR Emergency Core Cooling System (Recirculatien Mode) RHR Residual Heat Removal System CIS Centainment Iselation System CS Centainment Spray System CCU Centainment Atmosphere Cleanuc RPS Reactor Protection System ESF Engineered Safety Feature Actuation Syste- . IE Class IE Portien of On-Site Electric Pcwer Sjste-NIE Non-class IE Portion of On-Site Electric Pcwer System FHS Fuel Handling System NFS New Fuel Storage System SFS Spent Fuel Storage System FPC Spent Fuel Pool Cooling Systen CCW Component Cooling Water System CHW Chilled Water System NHV Norval Heating, Ventilation or Air Cenditioning Syster i EHV Emergency Heating, Ventilation or Air Conditioning
! System PCS Power Conversion System .
RW Radioactive Waste System 7 - . . _ _ _ . . - -- . . , ._ _ _- . _ _ ~ . - . . . . _ - . - . _ . _ _ . . _ _ . _. _
l Table 2-1. System Identifiers (Continued). -! 1 SYSTEM NAME APPLICABLE SYSTEM NUCLEAR IDENTIFIER PLANTS Auxiliary Feedwater System PWR Only AFW Chemical and Volume Control System CVC i Reactor Core Isciation Cocling Syster . BWR Only. RCI . Control Red Drive Hydraulic Syster CRM Stancby Licuic Con:r:1 System SLC Stancby Gas Tres: ment System SGT
- sciati:n Condenser System ISO j Su:pressien Pool Coo'iing Syste- (I' Se:ars:s # :-
SPC the RPR System) l m S a
For The . code T is a designator representing a component type. example, P would be used for pumps, H for heat exchangers, I for injection lines, and T for ta nks. Used in conjunction with the NOFM code, the success criteria of the system can be sta ted . Thus, if an Auxilia ry Feedwater System needs to cool one of two steam generators using one of two pumps, the event label for the top event may be: AFWF-10F2H-10F 2P The event description of the top event may read nearly the same as the event label . This is not a requirement, but the text should convey the same ides as the system success criteria. As a n e xt-tol e , the above event label may have an event' description of: FAILURE OF AFWS T3 COOL 1 0F 2 STM GEN WITH 10F 2 PUMPS If the success criteria of tne too event is more c:mo'ex than be can be stated'in just two NCFMT codes, then the followirg crecedu-e cea (1) Make the top event a simpl e sta tament : f :ne system fail ure , used: as is ne: essa y (2) solit the success criteria into as many subgrouping and have these feed the top event as intermediate events with less comolex success criteria. func tion may be As an example, a contai nment heat removal performed by more than one system. These systems may have interdeoendent spray pumos may be a decua te to cool success criteria. One of two I contai nment if three of four emergency fan coolers are also coerating faor9 tso of two spray pumps may be satisfactory wi th only one of fou-cool ers. The top event may simply be failure of the Containment Heat ) inputs
' Removal System. This event could be made an OR gate wi th two {
g-i ndicating the two different combinations of pumos and fan coolers that Each of these events may then be made into AND gates witn are successful. two inputs i ndicati ng the subsystem success criteria . Thi s exampl e i s c ri te ria illustrated in Figure 2.1. Thus, a complex fluid system success can be model ed usi ng logical combi na tions of simolier system su::ess l 9
,A 2-- . i4 - TM
$B '
~
tx 0Itx
'"; p i
s=I. A s~ 12: 'L sag -~ je !C s~ ;e , ml w
#1}
y3
. IK ; ,,,,,a =
as* Q
- - ,= >
81$'t g- it ,
' = l' I !' klt I c'C ll'$ 5 GEEt O*E -
. l4 h' , I .
; --- 1;
,*{- t I,m,, -E mumum=
i
,- a b
! ISI % *-
i s-l 'd- 4 E 3x y' l lh* i 573:- ,- l' { ' Z
-=
'N
_= ee i f
=
g" 1l)
'==
- 2 -
I$ ll l l. E_
-d I.. 'r
~t wi I_ :
=-g se il i it i
_CJ y 22 W E Il ; o 0 '1 i'
- 21r "t., -
8E'
>=,
5~ - s 3
=a f =;3 si
- 2:- -
g;,
~
g
#a 5~'
c 15s> St r3 8"=L 'yI
=
I!. j. I os- l-E2.=
=i:3 l!i
* =! - lljT'
*:. = j w -e
- t f
h *3 - i .: 5* Ici 553 lEi
~~
I J e e e f 10
wi thi n cri teria . Care.must be taken to assure that no divisions are made Thus, the Auxiliary Feedwater System success criteria stated a system. earlier cannot be subdivided into a steam generator success criteria and a The division can only take place at system levels; pump success criteria. not within systems. 2.1.2 Nomenclature for Fluid System Fault Tree Intermediate Events _ The fluid system fault tree as developed usi ng the rul e s fo r IREP fault tree development is based on defining the logical relationsnio A fluid system segment is any section of pioing of fluid system segments. Thus, a segment which lies between two pioing junctures or intersections. tube which has has no interconnecting piping and can be thought of as a inputs and ha s outouts at ocoosite ends. A segment may contain n uf d system components such as pumps, valves, bett exchangers or tanks. The fault tree development for the system di spl ays tne log 4c associated wi th segment fa ul ts in the system which letd to a system t re develooed h il ure . The lowest level events in the system fault tree the fl ui d system segment modular logic mocel ( see event transfers to fall into one of tn ee Section 3). The remaining intermediate _ events general categories as discussed below. The fi rst general ca tegory of i ntermedia te events i s o' t-e fonn: FOP -END-F SS-S S S The nex The first three letters stand for "bult occurs prior to the".
' three letters, END, will indicate which end of the fluid system segment is segment, END will be either OUT, for the output side of the o f- i nte re st. FSS stands for the nuid system or IN, for the input side of the segment. fo r tne code name ( see Tabl e 2-1).
The last three letters a re a code If the code is for s segment i denti fier or the cro sstie identi fi er. Thus, the crosstie identifier, it will be of the form CTX or crosstie X. event label: FOP-IN-AFW-0 ( 11 l
is read as "hult occurs prior to the input of Auxiliary Feedwater System of segment 0" . The event description is nearly equivalent to the reading the event label as follows: FAULT OCCURS PRIOR TO THE INPUT OF AUX FEED SYSTEM SEGMENT 0 The next general category of intermediate events is of the foc9: ALIGN -F LT -X-F 55 Thi s event is used as a "too" event of system failures whi:5 ? suits f-em si n;! e ouno alignment faul ts. Examples of alignment fa ul ts i n:1 ude a attemoting to provide flow to two heat exchangers wnen it is only designed fl ow fecn the same header to ha ndl e fl ow to one , or two pumos drawi ng ;- Tne A :9e which was designed for adequate flow to only a single puno. f a ul t. The text of e label is simply a numoer to identi fy the alignment event descriotion is as f:1' ws: SYSTEM ALIGNMEMT FAULT X LEADS TO FLUID SYSTEM FAILURE in the event description are repit:ec by the The words " FLUID SYSTEM" 1 sol e. appropriate system name corresponding to the FSS code in the event l These events only feed the top event of the system fault tree. The last genersi category of intermediate events is of the fo m: I IN-FEED-FSS-CTX !
\
- into is used as an aid in developing the logic for input flow '
Thi s event i- The X in the code CTX signifies an identifier fo r a c ro ssti e
' c ro ssti e s . The same c ro ssti e i n arrangement and is only used as a dummy identifier.
and t9us may a system may have multiple uses of this intermediate event i 12
- -- . - - F- *r+ ,u,
have multiple dummy identi fiers. The event description for this event is a s follows: t INADEQUATE FEED DUE 6 TO FAULT IN FLUID SYSTEM CROSSTIE SOURCE X The lowest level of developed events in the system fs ul t tree
-1 are transfers to the . fluid system segment modular logic. These events are of the fonns: l F AULT -F SS-SSS of DIVRT SS-SSS The-event descriptions for the above events are as follows:
CCuP3NENT FAULT OCCUS.S IN CLUID SYSTEM SEGMENT 555 DIVERTED FLOW OCOURS IN FLUID SYSTEM SEGMENT 555 fl ow , cumo The " component fault occurs
- event usually represents blocked failures, or heat exchanger failures. The " diverted flow occu*s" even*.
models open flow patns or pipe ruoture s that reduce fl ow in recuf*ec system flow paths. 2.2 PROCEDURE FOR FAULT TREE CONSTRUCTION
*The procedures to be used to develop a fluid system fault tree down to the pipe segment level are as follows:
o O O 13
Step 1.- Obtain the P&I drawing for the system of interest. From the P&I drawi ng dete rmi ne ' what other fluid systems interface with the system P C' system of i ntere st and obtsi n the interfacing dra wi ng s. j Step 2. Simpli fy the system pi pi ng by eliminating from considerstion followi ng f those pipe segments which fall into ei ther of the I categorie s. I r
. A. Pipe segments which can, in no nenner, imps:t system performance signi ficantly. Interfacing pioing wi th :ne:k valves such that no fl ow :sn be dive
- ed from the main -
system is pi pi ng of thi s type. Al so , pi pi r.g whi:n interfaces with the main system piping and is less tnsn a/3 the dismeter of main system ci oi ng shou'd no t nave significant imos:t on system perf0r ance. B. Pice segnents centsi ni ng no-mall y closec ma nuti valves whi:h could only improve system pe r fo rma nce if c:eaet. ! Cro ss-ti e s , test and by:sss lines often fs11 into ini s cstegory. It is important that the lines :an have n:- adverse impset on the system. It is intended tnst no o pe ra to rs credit be taken for manus 1 valve maniculation by in response to accidents unless it is a normal ocersting procedure. onl y contai s Step 3. Prepare a simplified deswing of the system which to be analyzed in the fsult pi pi ng and components which are tree. Pipe segments wh :h are identi fied in Step 2 shoul d no: be shown in the simpli fied d ra wi ng . It may be possiele to g redena simply mark up the P&1 drawing of the system rsther than the system. However, additional information will be out on t9e d rs wi ng a nd ma y be di f fi c ul t to rea d on s P 41 d ra wi ng . i ( i g b 1
l Step 4. At each point in the simplified system diagram where two or more pi pe s i ntersect, indicate the juncture by drswing a dot. Esch juncture of ' ' det ropresents a node in the system indicating the three or more pipe segments. Each fluid system segment should be labeled with a unique identi fier for the system. Identi fiers can be as simple as A, B, C, etc. Step 5. Give a brie f description of the system success or failure j the criteris in the top event of the system fault _ tree based on event tree team output. For open loop systems, develop a input to failure logic for the discharge ends of the system as the top event. For closed loop systems, develop a failure logic the for the pipe segments containing the heat sinks a s input to top event. I:2: 5. Sta rting 'with the fluid system segments develooed in Stec 5 and conti nue using the fault tree teeminology given in Section 2.1, development of tne system fault tree by wo-king b9ck throug* tme m
- 3. d to the system to th'a coc11nt S0urces in ocen 1000 systems Rul es f:-
stt rti ng system segments in clo sed 1000 systems. fault tree development are given in Section 2.3. As tne tree is devel oped , mark the rule number toolied to each node in the system on the simplified system diagrim. Thi s silows a rs ei d check of the assumptions used in the system fa ul t tree dev elopment. Step 7. Develop fault logic for each pi pe segment usi ng the ge-eric
" COMPONENT FAULT OCCURS IN FLUID SYSTEM SEGMENT XXX" fault tree as discussed in Section 3.
2.3 RULES FOR FAULT TREE DEVELOPMENT
- i. segments The system fsult tree is developed usi ng the pi pe
! The normal logic for failure identified in the simplified system drawing.
,, Other fsilure mecht ni sms s ee
; is assumed to be a loss of flow event. This ot9e*
i i denti fied for soecial cases of system picing er-ingements. 15 P a
These di f ferent functional failure mechanism is a diverted flow fault. failures are impo rtant i ri the development of component failure modes within pipe segments. For example, a loss of flow event, which is covered I in the " component fault occurs. . . " development, would occur if a vs1ve flow event, in the pipe segment failed in a closed position. A diverted which is covered in the " diverted flow occurs. . ." development, would fl ui d system se g'he nt occur if a valve failed in the open position in a 1 tha t c reates an alternate flow path and reduces flow in snother required l system segment. Care should be taken to use the a pprooria te devel opment indicated in the foll owi ng rul es to assure prope r fa ul t tree as
' devel opment.
The rules for fault tree development sooly to two general of:ing The two ge"e"si
$ arrangements and three more speci fic piping schemes.
piping schemes desi with multiple input segments into s node with a single output segment and a single input segment into a node with multiple output wi th tvee segments. The three more specific ciping a rn ngements desi distinct types of crosstie pioing schemes. Rul e s 1 and 2 spoly to nodes with multiple inputs and a single
- en output. The rules are stated in ter-ns of only two inout segments but be extrapolsted to cover esses of three or .cre inputs.
Rul es 3, 4, 5, and 6 apply to nodes witn s single input and mul tiple outouts. Again, these rules are stated in tems of only two output segments and can be extracolated to cover three or more output cases. Rules 7 and 8 apply to a piping scheme were two lines of a system a re c ro sstied by a si ngl e pipe segment. A crosstie is s pipe segment in which flow can be expected to be go in either direction tvougr the pipe depending on the system alignment. Rules 9 and 10 deal with a more complex crosstie genngement. Thi s is s Three input segments are crosstied to two outout segments.
' common piping scheme when a system has three redundant cumos sucolying two j
distinct trains of the system. l
' Rules 11 and 12 are similar to rules 9 and 10 but s poly to a
. crosstie arra ngement where two input segments sucoly three cutout One to segments. This is usus11y the piping scheme used to succly water
/
pump suction of three redundant pumos from two sources. , 16 1
in the followi ng text. Each rul e is discussed in detail Examples are given to allow the users to understa nd the a ssumotions Soeci fic faul t tree developments a re provided a ssociated with each rul e. to be used as modular logic models when constructing system fault trees, i - 3sA9
! $ l W lCo#Q~EhS igj CHihhG N ; r AA A m sul. ncaah oy G s t ussy w
k ]xte fab 5 hA%/ly M fk fy e d
; ofes u t~
H s;cact/9 - s st aJd& nme ua%
/oaWe~ . ~
a%- % 66 sny9 ara % ceaalwaffen.5
. A l
an gs e ca4x - 1 17
4 Rule 1. Redundant input pipe stgments A and B with si ngl e output pi pe
- segment C.
i
' A C
m
'l I B m r
\
' Thi s rule . apolies to a reistively common situation in 9uclear power plant systems. Often redundant oumos dis:hsrge into a comnon heade- '
and i nto a single injection line. Isolation valves in many systems are arranged in a partilel piping scheme for wnich this rul e is a col i:a cl e . Other. exampl e s are easy to fi nd . Thus, ci ce segments A in: 5d Dice segment C may no: pr:bably contain either isointion valves or cumes. contgin any :om; nents in many :sses. The rul e assumes that, flow from either ei:e segment A or ei:e
- ne needs of ci;e seg-ent :. M so , c' :e segment B is sufficient to mee:
segment A snd pi pe segment B :snnot be used to divert flow fr:m.twa system. Thus, no reverse flow is allowed in any of the cipe segments. The assumptions of this rule lead to the followi ng conclusion. In order to have a fsilure of this mini-system, either cice segment C must f1:w. fail to have flow or both pipe segments A snd 3 must fail to feed Fault tree deveicoment for this mini-system is shown in Figure 2.2. 0, 4 9 i 6 e 1B
1
.i 4
t e 1 . .... -, e ..w i.
=c C
e ee O 4 I" l =
- e
*a 5 83.
s E _ ;8g - y
*23 5-s E - iI -
'., .5I l'l64 -
' ITC L s E
- 5. 2. . w
$Ema
- E2g
;3 Alc 1.
f t - z 5{g
- -= bi . '
h kE 3I5 ' k!- .-l -
.i
- - ~ .S wa'
! a - g* . . =a" hg{ b*
4 *3 S k S-( - ti GC3 j5; 0 "I5 me - 81 <%4 :. aE3 h }.
-1 r'*
I se. . ::
-e
,l, yi g
e 3
.E-e L, a*
J 85 :=
- 5=5s -E O =
252 1
$-~ E i
~C U e
.5e $N w
L e. 6 e t I o 19
1 l 1 1 Rul e 2. Non- redunda nt i nput pi pe segments A and B with single output ' g pipe segment C. C A m
' B m 1 cossitie Rule 2 is less common than rule 1 in sa fety systems.
exampl e of s pi pi ng se neme fo r wni ch thi s rul e i s s pol i: sol e i s the : a se T ra de-o f f s between va ri ous hign of a multiple success criteria system. for LOCA mitigation sometimes yielo and low Dressure response systems to botn oce-ste combinations which require two normally redundant pum:s For example, an ECCS res:ense may recuire 1 of 2 fo r successful resconse. as in CVCS pum:s and 1 of 2 HPSI oumos or may recuire 2 of 2 HPS! pum:s, These HP5! pumps may nave 5 i :i n; seme recent We stinghouse de si g ns . Pi:e segments A and 3, header arrsngement for whien rule 2 is accli:sble. in the re fo re , will probably contain pumps and pipe segment C may not :entt any components. De i A snd This rule assumes that flow from both pipe segment Si nc e f' ow segment B is necessary to meet the needs of oice segment C. sny seg-en: from both pipe segments A and B is required, reverse flow in would be an automatic fsilure in this system. The a ssumptions of this rule lesd to the following :enclus'ca. In order to have a failure of this mini-system, failure of either ci re segment A or pipe segment B to feed flow or of pipe segment C is to have flo is all that is necessary. Fault tree development for this mini-system shown in Figure 2.3.
)
l i l i 20 l
1
- l
" .I-l f
l 6 ! 4
+
e e 6 9 4 5 E d . .W 2
- C e
a m t 4
-. N jaS ~ G:
~
- b -
.2 -l E
$- 'O I'.2'. L
'j w ca w e
ed C. S
* - s r
ll
. 2 ,m:::
!5 m Il 1; 3 !. ...
--s 'i t tri U! I IIf g8ag - t' 3 -
C V '5h[ i l M :.
-e_ y~ U
~23- {2d
-3
* ~ 2, w a-i I. -c EE l +
b as.
-+
end p c
~
2 5
- 3. . . O
$"- d *
#3" C ew
- g3 - .
-Es .s s.* i ~
E. !, h, b It i w
~i .li.h
--# Gume 4
e h I s 8
- 4. '
21 - - . . - _ . - . . . . . . . - . . . . . _ . ~ . . . . . _ . . _ . _ . . . _ . . . _ . . _ _ . _ _ . . _ . _ . _ _ . . _ . . .._ . . .
I Full capacity input pipe segment A with two output pioe segments Rule 3. B and C. i A_ m B
.1 C
- m i
This rule is another which apolies to a relatively common oicing scheme. Examples of this case are numerous. In an Auxilia ry Feedwate" System, a si ngl e condensa te stenge tank is the sour:e for two pumes. Isolation valves in pan 11e1 arrangements would use this rul e fo r their input fl ow. Many ECCS systems will have redundant pumos dnwi ng from i single source. Components are very likely to occur in eine seg ents 3 and C and could be valves and/or oumes. Pice segment A could contain almost any component type or no components at t l depending on the 1001(cation. i This arrangement is also apolicaole to cumo discharge headers. The rule assumes that oice seg-ent A :an sucoly adequste feed to both oipe segment B and pipe segment C simultaneously. Thi s 9eens t99 t
. fl ow oc:urri ng in both pi pe segments B ant C would not imoa:t syste-a s sa-o:i:n pe rfo ma nce . Inherent in this assumption is tne adci:ional that no diversion paths exist downstream of either pipe segment B or cice segments di rectl y .
segment C which would impact only one of the two pipe
. Tha t is, sny diversion paths downstream of these pipe segments must draw from both segments equally. This rule does not cover the case whe*e a diversion path exists off of pipe segment C which would indirectly divert flow from pipe segment B due to pipe segment C being at a lower cressure.
( The assumptions of this rule lead to the following conclusions. In order to have a failure of pipe segment B output, either nice se; ent B
~
must fail to have flow or pipe segment A must fail to feed fl ow snd tne status of pipe segment C is not of concern. 1.ikewise in order to have a
!" failure of pipe segment C output, either pipe segme t+, C must fail to have i flow or pi pe segment A must fail to feed flow snd the status o f oi ce
' segment B is not of concern. Fault tree develooment for this mini-sys tem i ts shown in Figure 2.4 22
i t t bO 1 E w* d S *
+
8 8m as
- M e "e"m 3e i e
e I 1 , l *h
- 3
- g- :
t
- a. e d O i
S b emh l #1 gE es* a _ gg
=, :
i
*r l ,"a !
.x 5 : M* ,
e . 3 _E , 'I - o
.* g
- g ,my *A O % a gd 4 , p y
.-r i -
- g. *m= l' b6 } i
- e
-mS f " ,*
y
* ! sl' ?
<a C m =
- s. _, _5 .
n-g .b. # c, @ , i
*E ..g ==- ;-
.,. 5 .. i . ,. * -
l l J .Y.
. e C - . l l3
-a =
g m =a tg .- _ i ~~
- 05
=N aee kl*g 0
*e. l 'g ffE.. .
en
-erd> 4 d
w W b a, eWF h E M
- f GR tune a
4
)
==
b
4 a. , e - . . --g- . - - -sa. . . . .,+-q. a. m e- .s u b -h' .4 ! i 4 .)- 5 ee & T C 9 9 9 0 y C 3 e9 6 W < M 3 3 $ 'C
', .=;
[
=
m M a
"S Q S
- I er -g al -
(*a p +W"O,
'.W .O 33 " . :El gim
- L
-Es s= i w
-5, ;I -
*j; a
3 ?l s
~E I '. =
.., md W , K
~
$* 8
#4 3 g$ 'I' e = ".l" 3M 3 f game W{y
=
l"h1 1 m.-
" Z lgg F >
-
- t *;
e .l n b 5 ,P ,y l ""
-e -e i Wgg U l\e. -
n $ h. I m--- m M. V. . ISS l-> w f** 5-a w lsx-# e W fu b U h. 7
.e
+
+
M e 4 l 1 I i
a Rule 4 Hsif capacity input pipe segment A with two output pipe segments
. 8 and C.
A B i m C i 4 This rule is applicable to an uncommon pioing arrangement. If a si ngl e source of fl ui d is i na detus te to meet the needs of two cumos ope ra ti ng simul ta neou sl y i n pa ral l el , thi s rul e is a ppl icabl e . Anothe-example may include a case where a single pump or heat exchanger output is only meant to feed a single icoc inc cannot ha ndl e the load of two pa rall el' l oops - a dequs tely. Thi s rul e assumes tha t oice segmen:
- cin either sucoly ci:e segment B or pipe segment C sdecuttely, but cannot suco1y both 4:ecuttely.
Diversion paths downstream of oice segments B snd C a re not o f con:ern i-this arrangement since these pipe segmer.ts just by themselves can divert flow from each other. The assumptions-of this rule lead to the following conclusions. In order to have a failure of oice segment B outout, either pice segment 3 must fail to have flow or pipe segment A must fail to feed flow. Al so, i n order to have a failure of pice segment C output, either pi pe segment : must fail to have fl ow or pipe segment A must fail to feed n cw. Ir addition, the mini-system will fail if both oi ce segment 9 and ci ce segment C divert fl ow or allow fl ow at the same time. Frui t tree development for this mini-system is shown in Figure 2.4 and in Figure 2.5. Figure 2.5 is the additional development needed to cover the diverted flow portion of the fault logic as comoa red to rul e 3. t l l 25
,. a.., .', dvA.- k nA,-4+- 4 e.p .s L.- J s- ----+4 ,-4.u 4- J .,_ y a2-e mA,s I, ^
I a 0
.. g
( c 1 m S es E'## S W W = f . .C.
-2 = e e
m = 1 i Pt 9$ X e gaa
- h. ,,I I
~
- w
=y; t
- 1*. ;>
-e f-. '
~
E oq- e E. I .h.i m ' ci, 5 m . ( j Ea w ( p g g i abo Y C.
),$l 1 ,
h'
.e g-I .o.
' 'l -.W 3g I'.
E 1,x 4=zW 'm. s
. 'l 2 m y,u y
' ;:9 ;-, s ;.
,l . 1 - M. , i s
. . f84 e
- _* l"i
- yg la.
-.T' ..=. ltt. assas
..OW
, '}:l" w
W4ee M j
- p=
4 6- .-e -
- 3E A t
- 3:
.,3 ]4$
- i. v^
- Se7 ti =
g ! y! t M 1 ai
. .a!b t, s-as.
a6 +, w - s: 0
.7 4
f e 4
' ^$
4. e 1+.e-v- +r e + w *s - n-~ -w--w er vr-, ow.-+w ,r-v,*-> - - <2-----,--mtv s- , - w .-r . - +- . . --m,v -- 3 - 2 - =--,-- e
l c l Rule 5. Input pipe segment A wi th output pi pe segment B and wi th t f' diversion path segment C. i t B ; A-r m v. m C l i r 1 l i i Rul e 5 applies to systems in which fluid diversion paths exist. the l Diversion paths provide a means of rerouting flow from vital as-ts of j system to non-vital pa rts o f the system, to other non-vital systems, or Injection lines out of the system via pipe ruptures or relie f valves. into a system which has faulty check valves may provide a diversion patn. l is another divarsion pata. Stuck open relief valves in a system Dioing By-pa ss or test lines which are failed open may divert flow from neat l exchangers or cause cumps to continuously recirculate their own discha ;e, f rom c:Me-LOCAs in an injection line of the ECO3 system may divert flow injection lines. This rule assumes that pice segment s can adepuntely sucoly cice ; Once oice segment B as long as pipe segment C is not a diversion path. segment C is an open line or allow flow, pipe segment A ca n no longer j adequately supply pipe segment B. The a ssumpti ons of this rule lead to the following conclusion. In order to have a failure of pipe segment B output, eitner pipe segment 3 must fail to have flow or pipe segment a sust fail to feed flow or cice
- t ul t tree segment C must fail in a manner so as to divert fl ow .
development for this mini-system is shown in Figure 2.6.
)
t. 6 e
- 1 27
' W ---- , __ , _ _ _ _ _ _
e 1 0-1
.0 l
1 t b' k l
.4
(,' C 3 i m N e I w ' I c W !$g ,- '$:- O
=
a-e e- % l Eet $ IIE ej L
=
- 5c
- i .
e -
- C.
o t [ x s a lii! ii = a, e i [ m w
$3
-.e sr oe
-er* ,,
oo 1 5.* 2 g i5 ! '% i i.
- 5. 3.3 .. -Eee. E roe -
wg Ig-I, ee.s .5 "5 .-aE 'z l g'~ l. ,=-
* ~
- g-5 e-
' 505 Y
_lh w a.s= P. 6 O
- l Q
= .D. 4 d .
1 # N
-3 "g :
l.. g, - e- 0 55 il (% # I.v- 5 5 M s :- l l l i l i e k i (. C
. . . . a
Rule 5. Full capacity input pipe segment A with two output Dipe segments l I B and 'C' and diversion downstream of only pipe segment C. f i l
- 4, 1 B
Am, m r f I C m This rule is an extension of rul e 3. It a;olies to pi pi ng schemes in which flow is se pa rated to go to two di f ferent pa rts o f a I system and where a diversion path exists in one of those twc pa rts. As an exampl e , a pump discharge line may split into two flow paths going to two sepa ra te heat exchange-s. In one of the paths to a heat ex:hange , 3 .9 inj ection line from a supoort system acts as a diversion path due to a failure of a check valve. Or in one of tne oaths to a heat ex:ha nge r , a i relie f valve on the line fail 5 open and diverts fl ow . The main distinction between this rule and rule 5 is that the diversion takes cla:e in piping whi:h may be fa r removed from tne node being evaluated. This rule assumes that pipe segment A can adequately sucoly Seth pipe segment 3 and pipe segment C simultaneously. It al so assumes tha*. a diversion path exists downstream of pipe segment C which will indirectly divert flow from pipe segment B due to the lower oressure in pipe segmen: C. It then assumes that pipe segment A can no longer sucoly adeouste feed to pi pe segment B. The assumptions of this rule lead to the fo11cwing concl usi o n s. In order to have a failure of pipe segment B output, eithe- pipe segmen: 3 must fail to have flow or pioe segment A must fail to feed flow or oi ce in segment C, and other piping in the downstream diversion path must fail e l' a manner so as to divert flow. Also, in order to have a failure of oi ce
' segment C output, ei ther pipe segment C must fail to have flow or ci:e
, segment A must fail to feed flow. A partial faul t tree develooment is f,
shown in Figure 2.7. 29 V p"T=* g- = wg-r-'*m 9 ? see*=- y-g w e S--+- - + 3 r T -.i - - - *
- -------r -
0 f ia f k. g se<=w = P-== P P w e4 5 .. m "" m sem 9 * *!
- C_
= a ..
.. e_
- :ii y
.-- K.
r O - !!! $.;j 0
= .. :s.
t_ c rg-rt:= r 2 3 1; l S. E. :- zes - t a _ 7 1 m E T y. ( p 1 .. f g . ga }A -
-e= 'Cl .g q= =E . ..
*-2 l.: .-
E.
,3=3 pC!
i
/ ]s si:
1. p-C r',: 3 :-C 1 s. 5=g lit' s"' ,a A E E "mS 33' ; C_.
;.a_r c, I I ca . f.
S LJ , k f Mr Q
"s-P e l l
.m E= .m4 4
!w. y
- $Ef" =i -
!!!ss 40 !
~
gra e o N
;5E .h 5$5 hi, .
a1C f-c ese
~ b I
~~* :
.7 m
i i b 0
~0 I
(
.g
Rule 7. Two full capacity input pipe segments A and S with two output i pipe segments C and D and with crosstie pipe segment E. A m C r r E i D B - This rule applies to mest of the crosstied pi pi ng schemes in powe r pl a nts . Often, redundant loops or trains of sa fety systems sre sa fety , o pe ribil i ty , and c rossti ed in thi s manner to add to the testability of the system. Contai nment spray systems o f ten have 3 sor3y hetders. Many
- rosstie downstream of their cumos and before the Usus11y, ECCS systems have crosstie arrangements downstregn of tne cumes.
will centsi n pipe segments A and 3 will centain pumos and oice segment E ma nus1 valves or remotely controlled vs1ves. Dice segments C and D could have components of various tyoes or may contain no components at 311. This rule assumes tnat eitner pice se; ment A o- pd ce segment E 9 or can sucoly adequate feed to either pipe segment C or cice segment downstream of both. The rule also assumes that no diversion paths exist pipe segments C or D that would impact only one of these two pioe segments di rectl y. The assumptions of this rule lead to the following conclusions. In order to have a failure of pipe segment C outout, eitner pipe segment C either must fail to have flow or pipe segment A must fail to feed flow as pipe segment E fails to have flow or pipe segment B fails to feed flow snd
~
Al so , i n o rder to have n the status of pipe segment 0 is of no concern. failure of pipe segment D outout, either pipe segment D must fail to have either pipe segment E flow or pipe segment B must fail to feed flow ss
?'
- fails to have flow or pipe segment A fails to feed flow snd the status o#
A partial fsult tree develcoment of t515 pipe segment C is of no concern. mini-system is shown in Figure 2.B. 31
~ ~ ~ ~ ~ " - - - ^ . + . , . . __, ,.
G 9 8 8 0 0 9 M ## $ S t.f emp 85 a
* =
ew m W g
=
E- m_6 . *
$*= e ~
~ #
B_5 "t ~ .C '. .. l " *
* - $5" tl l -
ga Ir? l
.a. *! =..
I .a w . 857 IM E
- e
's! --' -
Eo N 4
..m.
p Q an mz ef I-r yg. f', ' eE.
- ===
E y.=.a b @ a n .! , <- , ,:
. l ..
= g. gm.
**# O
$g 3 *"" m. =8 'I .=
w .- lewa'1 .,
- a. .*.
..w
&.=E th* u" w<*
g= em. I V We ,
# M' meu h.
.-2 +-
3.5
;8
-Es i . s! "
-"5'" .%
' i l !, **
.- = Zi :: ~o
=
~
. 5 f. N
[ ".!3R L., _f. i.
-w
_I .r, 3 e.s, g .
*wS t- {
i
,S ', -
- 85--5 &g Q . #5{
5- ' C' . ,
= .3 e
- ;fs I;ei ~
" e -
'5,.'. ] w .Is-- i-i' 6
) 2 =*
. , . = _e-
== .3 w B e-
- )
e.e.> 0 N Cw' 6 . O
~~'
w-e a.
- O.
h .S _.- -_ . _ _ . ,_ _ .__. . . . _ , ~ , _ . - _ , . . . . . . . , _ . . . , , - - . . . _ ,
r. t I I.
. ........s. -
e# aawa e O
=
a 5 e - l s-l Q
= e GEE .
1 ~ 5 cc
= :=z
=#z 1 t
- O 2a -
"r t. =, 3 1 U
i 53 e 1 .= Esa ~ t=*
-s Ae
- 0! g 3 3 e E2;
!a w
s!! a
'k
>- e-l, rI 1::
a -r *. Ii w y . f E-a 5.
..- #. O i
- -3 r
-g e m. a 3-.. c
*15- ;, e a
'I , .
E -E --i t i
- y. A i
- .=
3=#3 1
" a"a
= 'f l ,:
a! e,; c c a e g -o: - {C
- -e-a "E -
-1 .
fe, I .g~ - 0;* l- / , Sr. -
- I ;fs ;:e , ,
y ,r --
! >. - as -
1g1: ga, j l g*c z
* }$
, L;
- -=
..e
.est ,' E I . ,i
} C
- = e, ias ii **#
i.s.e*T _5 .j' ( """
,{,
.s I p
/ . *
**=
- 11.g {j= j
-- og C
a
.-- g-$ wg l he@ >
/
g 8 os 8 1-; .:
- sz {1;
,)
*E:
s- ,E *"" i 353 L,,,, i 2 Aunut r w 8
-e- w =
EE < q e
- :-5" "::, v -
.zm El 1 ""
C#z E;
"E3 :- ,
35% e i 5 0 t e
+
0 t 4 ee l I I I
)
,.. . . ., . - . . , . - . - ~ . - . , . . . - . . . . _ . . ,, , . . - , _ . . _ , . _ , , . - . , . - . _ . -- ..
i I Rule 9. Three full capacity input oipe segments A, B, and C wi th two
! output pi pe segments D and E and with crosstie cipe segments F and G.
A m m D l r - F B m k
' G C E This rule often is appli:able to component cooling water systems or se rvice wa ter systems. It may al so be used in some ECCS systems.
Usually, pipe segments A, B, and C contain cumos which feed two locos of the system. The pump in pipe segment B is a third-of-a-kind cumo or swing pump whi:h can be powered by either load group or electric power divi si on of the pl ant . In an ECCS system, injection by any pume by any route may be su::essful. In :ocling water systems, :sre must be tsken to assure tha t a- si ngle pump with split flow can adecustely cool the two locos o f i the system. This arrangement may also cover cooling water systems w*e-e pi pe segments A, B, and C are the heat sources of the system and oice segments D and E are pump suction return lines. This rule assumes that either pipe segment A or oipe segment B or pi pe segment C can supply adequate feed to either pipe segment 3 o-( pipe segment E or both. The rule al so assumes that no diversio n oaths exi st downstream of pi pe segment 0 or E that would imoa:t only one o' these two pipe segments directly. The assumptions of this rule lead to the following concl usi o n s . In order to have a failure of pipe segment D output, either pipe segment 3 f must fail to have flow or pipe segment A must fail to feed flow as ei tne r i pi pe segment F fail s to have flow or pipe segment B fails to feed flow while either pipe segment G fails to have flow or pipe segment C fail s to l Simil a rl y, feed fl ow and the status of pipe segment E is of no concern.
- in order to have a failure of pipe segment E output, either cipe segment E
) must fail to have flow or oice segment C must fail to feed flow s s eitner 35
fails to feod fl ow
-l pipe segment G fails to have' flow or pipe segment B .
'- whil e either pipe segment F fails to have now or pipe sgement A A rti31 pa fails to no conern.
; feed flow and the ststus of pice segment 0 is of fault tree development of this mini-system is.shown in Figure 2.10.
y s t I i
?
l l i 1
%M -
f I l 4 4 T e e o e e e e a E ese 4 S . es ( - aus as e se 4 O. O e3
= e - C)
*e -
=
5E.
.e
. c 1.*
#G
- m. r e.s w (-
muummu g ese w
-T_
wg' .'.t'
'O' 4-5- e - a e .- 3E-l8 ';
wi 3
, c, K.EC
. , Li 5= , g Ee
- y ,-=, w{ g
= .F
- S ." a-O C a gj -
F g e, E!t W. I - - . f3C s
>r s -
i I
- -: l 5f^
j *,' t< L 3g# j"?
,EE A E
,E 8 *
; -I. !. O e - - i_1 ll E" 3
.I -eI I -
.E-#I I =. .; . ,f
, Y
-g$a a -
I y "e Er" 1'$l j..
$*=
a 4e
- = -
e _ 'c
-; l "
(in3 L-- i s i L"-' ." S
'if it 3! c is
;; 5 Ei
- ;I$}'
. . , . , , il, y
- : -i *"# u.a. * -
4 l -e ah
.E . tu.i f g=* e-
$a %
H. i ,2 0 u,
" .i h'g . o
$$N $
I I
!. a-- c y\ -
lGE .-
..s; :
e Q 6 eir 9
)
a e e 1 3,/ l 1 1 1
l l l i l l l 1 I e 9 i 4 8 9 4 0 0 8 9 8
'g - . -
e g.w m; i 7 O
-5 m
o en SM emi -! g C a n C a E5 w E* s - s
-3* C' C
- a R - -
g7 ls-- - 5- )I k, =" s 2
-g o ~ *
"a Ngy-* *
~- l L 85 2. C ja *1 Cf
_ eB e , g. 5G ~ 5$0- $Ej Ih, i r- E s 7 85:-e r IN8 ;- ; _$ 85.
--e> ~
;2s , e s. .
T E=
$ - . i a--i "* ,:<
-- ~
e55- -
$, " mEh 7 f r j!r.v "he t o - I5=
7 ' *: 0. .
=
a r ,.
. f
.g.
-- . l.i .
w
--e -m s ( ,
Ege7 $ a e5 - -
/
53
~Es 5'
=
0 g r g EIC
.-+
l e T 6 C e I
~ t een
'ensus i
l l sc i 1
' ~ ~ '
- mr, w ..,y,, , ,7---*- r --e- -- , , , , , , ,
i l
\
l l Rul e 10. Three hal f ca paci ty input pioe segments A, B, and C with two i~ output pipe segments 0 and E and with crosstie pipe segments F and G. A , , D j F , B 1 1 G (
; ? !
Rule 10 is acolicable to many component cooling water system anc service water ~ systems. Pumos located in the cipe segments A, 3, and C , feed fl ow to twc sepa rate trains or loops o f the system. Each oumo i s si:ed to handle the load of only one 1000 and not of two locos. Thus, i pump tryi ng to provide flow :: two loops woule diminis, tne hea t rem:va', capability of the system enoug* to hil the components o- systems .hi:- a re being servi:ed. Thi s rule assumes that any of 19e three input oice segments A, B, or C can adequately sucoly feed to e .ner oi se segment D or oi ce segment E but not both unl ess two or more input oice segments are available. Diversion paths downstream of pioe segments 0 and E are not of concern in this case due to the lack of redundancy in inputs. The assumotions of this rule lead to the following conclusions. The results of rule 9 are applicable with the addition of the foll owi ng: the mini-system would fail if pipe segment 0, oice segment E, pipe segment F, and pipe segment G all divert flow or allow flow at the same time wi tn the fail ure of any two of pipe segments A, B, or C to feed flow. The additional fault tree development required over rule 9 is shown in Figure 2.11. I ( 23 1
a - - . S O ~e 1 l 6 Ic e a 2. e gas - 4
*,t :
5 Q
- -r 1 at: g
-a 1
}'
eeeaeeeeeae ;;g g gs........~ C c. 0 p.=
= o .-
- . E
- 5 g ~
_m .P W
-eli
% at t- .
tis ls s,:.; $
!"_i
. 2
-E6 i
; :- I a er El -, 8 =r =
E; ;I+i 1 Gi g 5 5 :C e *5 e w'I a .t# :0 jw O Y. - 1 . Q >
< c
- - e-
=
Hi . i - so u.. g "!
= 87 E!* ln. -l *'
l t e O 6 i,) 73E
- ** m3 j1 1 j ',.
-, j :5.;..
-$h i 6
! =i : : :, "-- "N -
~ Es. 1
,g "c:: -
. , ~ .,r;r.J. l-g-- j l.l. / : ". =
;cs jiei v. -
.l, ar - c - "1:.i .- =5 =. o, %,
*-et n 5. ,,
i, ,=a 1,2: s.s
,s . .
e
.I$
I g I' t3 , 3,,
)
NoE!
--~
' 3It p,[ _~ EE!.
. w E
C e m
" r 9 .-
t C_ T 5:. e, f T
* :_ j 0 -
,4 c
~ - .
~
.s .
es i, ' . . a* E' eEf
. i %. .
-{s
=.E s
353
;d 3 3;:
5 g L, N L-I ..O. n 0 O I e el B.g h en - l
- -3 53
.- Q
=es Is.
s u -- g 50h
' 333 6
s c 40 . 1 1 1 1
- I I
l i i I l Rule 11. Two full caoacity input pipe segments A and 3 with three output { pipe segments C, D, and E and with crosstie pipe segments F and G.
; A m m C F
- D G
B E 7 As in Rule 9, Rule 11 is apolicable to conconent cooling water systems or service water systems or some ECCS systems. Thi s a rra ngement is usually associated with the oumo suction hender where cice segments C, 0, and E centsin pumos and oice segments A and 8 see either return lines or se pa ra te coolant sources. Pipe segment D contains a swing cuno wei:5 can be powered by eitner electric 00wer division of the clant. This rul e must te ca re fully applied to assure that either pipe segment A or B can adequstely feed tne suction of more than one cumo. Thi s a rra ngenent m.s y al so be found in the nest source header for some cooling water systems, Thi s rul e assumes that either pipe segment A or pipe segment 3 can suoply adequste feed to either pipe segment C or pi pe segment D or j pi pe segment E or any combination of the three. The rule al so sssumes that no diversion paths exist downstream of pipe segments C, 0, or E tnat would impact only one of these three pipe segments directly. The assumptions of this rule lead to the following conclusions.
; In order to have a failure of pipe segment C output, either pipe segment :
~
must fail to have flow or pipe segment A must fail to feed flow a s eitner pi pe segme nt F fa il s to ha ve fl ow o r pi pe se gme nt G f a il s to ha v e fl ow o' pipe segment B fails to feed flow and the status of pipe segment 0 or E is not of concern. Al so, in order to ha ve a fail ure of oi ce segment D l output, ei the r ci pe segment D must fail to have flow or either oice i segment A must fail to feed flow or pipe segment F must fail to have flow as either pi pe segment B fail s to feed flow or pipe segment G fail s to ( ha ve fl ow a nd the sts tus o f pi ce segment C or E is not of conce-n. 41
Finally, in order to have s fsilure of pipe segment E output, eitner pipe flow segment E must fail to have flow or pipe segment B must fail to feed
- as either pi pe segment G fails to have flow or pipe segment F fails to
, and the sta tus of pi pe have flow or pipe segment A fails to feed flow segment 'C or D is not of concern. A pa rtial fault tree development of i
this mini-system is shown in Figure 2.12. i 9 s t, f T' t i l l l l 4:
m l s .E i i i E 9 e 4 4 8 4 9 O
/
E # 4 S W to t$ es >
- 5$
C
.~ ** .
emie O 5 " g- - O o. m g 0 i - e io, ,, B I. . . "E- O g,
.* I r .
m 8 **
==
em . e*
~
Asmani g g. P ' 1*. L
-g- ,5 .e7 m- (-. -
E7
*s 36- .4 g
id. p a.s h- flI,_) M
$ wh I
=
EE-- - -- lO I
"w
.3, -
E 5 m,
.=,
weg uX 6- E AC~ hPE3z. l h
- g
-= 1:t 2 ,I iI C ar$ I -t af i-
. !, (
c
. l ) -' '- :S l,iCi -.- 1 a s. . L. , /
i ,
-33 ;,l .C / I_g 88
' P. i.A- f.
e5s # 1 , 3.g
===
igi { .7 a-
- } ; > vv/o-5g w, L st- .> See ?* ! -W
- 8) ES-
-tp gl 5 8, a" *
$" jg ==
IT
-5g - **
d i f, "" = - 4I$a
- jt IOS w I
""# - %3M i g5 I
.h$ e* ,*
l5m e
- =s sss 5.ie s
0 *== W g,g '2 j *o Pl b ge- a l C E L7 E *E. . {,.il 033 -
.v al sE*- =T i.
l a_ _ t_ N
-g' ,s;
~ -
5=
-3,. ik, -
N KE'-e
- g .
W b
- M 4
( a. t 9 a-
#d e
- _ a-
' i f. M 0 e om
'8 g 3e es y u
.ummma
- tw g l -W s=3 we g e~ e e e e e e -
Ig5 5l' a sg...- ~ .
. ~
[:s. 5e ., f e
! =. g
_a - . C2 I e 5 kE". )e - C a ** I '* =
=
-- E$
-22~
e -: . -- c 5: ,eI - ab.) a= .aEm-- l i 9 g a f g e,3g E } e- )I . Wr en o_m Gm* U m I, . e - .s. v w aI ,I ' -
- 5 -
I _t s #
;bl E 'h. CJ e m .s , s. t:
i . m - v* W c:
=r Ee a .a. e . ci En o* l N C
#yI .' "
& W- m- l 035 ' i, t -
a I f>_g'a b [
- .z. i g ,e- lel
-O Nm W SE h
mse e19 _.- g's s .. 557 - 0
'E*;
W ~ I:t -$(O .4
$3g L$,-
l
-Es 3>
3 E I
"_ i r ' ',e_ f 8
1 8
.i
,I &
g (*:E
-# 6 1
=
f c Ig.7 g l I5 , 1:5. a -- ,-
-o Io 1: I' -*!$: - -
ogg gs- l a-3
- 4-QI I.;.
.s
-fS. lsi
~
- d EEs I s- ar. a
==
)y -- %w
-t Sy 3 l ,ii ic
= =
I- ,d { -( >5 Q
. . {
w .e
- f. - .
- l !at
. 3 *ll - E*; I ,s; .. ,
- _a -=-
aC ..- N L
-is :.. '".
"~= 1; S= r
&?$
.-e 1;
.a i i
N.-= e 0 L
=
E 1 8 i 6 i 1 r h 1 l 4 4 w ee
- . . , , _ . , . . - - _ , , , - _ . . ., _ . . _ . . . _ . . . . . . . . - . . . _ , _ _ - . . . , , . . . _ . . . _ _ _ _ _ . . . .. m.,., . . , . ..m._ - - - -
Rul e 12. Two limited capacity input pipe segments A and B wi th three e output pi pe segments C, 0, and, E snd with crosstie pipe segments F and G. C A . _ m i - - g F m 0 j , G 3 ? 0 L This rule is acclicable to component cooling water systems and service wa te r systems. Pumps located in pipe segments C, D, and E draw Each sove?,s is water from two loops or sources in pipe segments A and G. sized to feed one ;umo and cannot handle the simultanecus suction of two pumos. This rule assumes that eitner pice segment A or oice segment 3 can ' adequa tely supply feed to any a f the output ci te seg-ent C. O, snd E, one pipe segment it a ti me . but cannot sucoly the needs of more than of cence-n Diversion paths downstream of pipe segments C, 3, and E see n0: in tnis case due to the lack of redundancy in inputs. The sssumptions of this rule lead to the following concl usi on s. The results of Rule 11 are applicable with the addition of the fo11cwing: pi ce segment C, ci te this mini-system would fail if pi pe segment C, F, and pipe segment G all divert flow or allow segment E, pi pe segment Al so, other combina tions of diversion and ci os flow'at the same time. segment failures l ead to the failure of the mini-system. This logic is shown in the additional fault tree development recuired over rule 11 whi:n is shown in Figure 2.13. 9 W _ . . . _ . . _ . . . - _ . . , . . . , . . _ _ _ _ . . _ _. _ , ~ ,
i. 4 h a 1 -
.~ '
+
33 s
' - 35 -
2,
=
=, s s, s.
=
.. ;s=
- 1s-1
[
, 33: w
. . ' a.3 s :I3 ..: . L
- , .ss t
~
=
ils t 8 F c' im i P ass - a s. . _ i.I
. ..- =. 6,_ , .., :,s_*
c
. I..j =e t-.
' f a.g
=.ss y
n
,y;
.s. .e '
D,,:
- n. - :s
- ! Ls,:
at
=,,
.,=
s- i;; .
- _#5 I- t.
=
- lt .!! . -
= 2 := o' i me: J a. s. . ~
1 i=sg 5 1,
<?
.c r:- ,
s ie :-- - a
,I=g 53 =f- i' i Q~} -} -
i-
=
. li!:: .
g i4 i l , s . ': s: a -- l ns
- =-
- i. i .'
se: l- .. . .
. !;i .:A" M.S I _' s
?.
_ If! M. . - }
- !!j
- .V it,
; iv e ,
=,s ,. -
;:2 -
3
- z. es:
, t.
Is: - -*= I g: ,n
- 1. ..
w 45::, 1 .., i p t s
- C, 3.s3.t e a . L,
$.-s I , ,
y _!' -
*- =
. 1 :} , ,a.S .
.ss ==n ! c ,
I1
- 7. g
- ti.
a-- ( ,g i l 2. _ ll t
- t
' : .; A -
h l"-(:r } .,!,- I B**
! -:<4; T
- _= -:
a-: I
' :13
** ' '5.; = -1, O e 6 #
I *$= l 5. ", 32.' Iin -- 4 I"!! E U U 4. J 3wp . - s. 3a= ::
- =5 r.:sv c:
6 . > ..
=,e i E!
A . "z %_
, = i 3' i
g ,
.3
- l$., ;.. g '
I.!: !.,e ,:s i,s:o
.a _,
- =
15 =,. .s: l 1-8 .s .
=3= gt -=
- 35 f' l6 E
. s:- Q ., II l',; - A T
r s.: *- C
~
!.!i,
= )Ll..s.EKO.
=,s 1 S.
~ *f= ,E:
E
.5 ,:
gIE 5 .
.:s
.nz
.J,:.
-i O-F
=,3 Sj J
*g= i-a
!.5,- : I(=* i 1
k o
/
J l 4#
** )
. _ -- . . - _ . . , - _ . ~ . . _ ..- _.- - _ ... . _ -.
- M 4F.E 4
i i I i-
]
r_r *:3.- s'.O t l' E ge s$5 5 g u L .' c -
..............,x- -3 . sj f9 .
.s,.... ;- 7 -
=
E- y igf 1 C c
; 7 .o c Lt me* ,
]*>
5** 1 I
*5I
,J f' Q C
o Q f:! = 5g j*,Q ' ans .; O I3 g
.s> I Ijf I! w l {_E!
i g.3 s I'5 . 8 es _J m l g!% J' sus - U
^
=
F ,- 0 F , .-, . . W ' 5 II t
$.e f g J E,liW - : , O:b) r 5
'I j l! f ~ 'E ! E- 3.
} '? O.
~
o sa . F = 1 Is:'s :
- t. :-r A !
as: j,_- - l.!
' r {I- ,$ , ,c; i E I
i . 'f ,H:, ~ .5- s .. . .;
!, _..1
.=
3 l $$5 j.-,$'I J 1 $4 lj. I' I -
, _. !. . n 7 l, e_ N.
; i ,
i ~
!f ; 65g. *{ I I a a.
d =c, ,
- q. I _
I
.5, I i !, i, 5=c '
I~ l
*** 2I" =b= {5 f i ee .. ^ -
l 5fE l If et=
-l[L'lyr l )
j l s
' -s!
s_ - Gs -
=
~
l p .a g
- 7 ..E:
!_m!!. ' .E. -
r, m - s 4- 2 l j;a 3 , .I3 ; o 5j, It l,l l 1,: 3 j 5 l235
. t; {;
..s.
L ; a
- 5.5 pigt =~
-g3 .
r gj ' 5.EE >L i, i I_ ( I. r -3 l.'.i. m3 4-l gg; ._ Y
--5
- 2. . -
' ;Ey :.. "g ,
- 3. :nn f
E l f'
- :1; *
!C- Q
== r I E * ! =c J
=
5*J e - .4 gjg :{ -
= g ;- ?'!
s.: sa E,
.5 m b -
=a, e: I 3
- r-
-t a.
gI.E ~g af. 85* g! S ' ; s . j:; +l ),.
- J
~
H jig gg- U. 6 * '.
.s.
,nf . . &. . .
I l I k~~')~ . I
]
A7 I , _ . , , . - - - , - , , , _ , - . . - _ . . . _ . , . . . . _ . _ . _ - _ . . _ , . . . ~ . . , . _ _ .._. .- __. -
U 4
-e:
r;; sz,
.g o
es is 2a ls=-=- 'C" x--
..... ....... -m= a -
,. =.....- ...... -
=- w -
t . 1sx 1.5- -
- r =. . .
s J _
= --
=. .
.=..
-.s
.-=
,.:: o
=
.3, ui -=
is 2 c
. :-, jui . j!5 is5 a: L ~
ses. b' - v
=
=
I u
.- n' s
.- i g
a!j _fjj g _ .njj g%,3
- .s> ,.
c. e
-a \-. =.
=-. m.
w 30 l -
!*s- .. 1 - ., 0
{ -. a5- . !-f a n::r[ IT- ::: .= e"I .; p _t
.. .I ss 1; - --
--_r e 1:w - _
r.
,f:
i
- .es:-
l,.-- t .
- i -
>i- g125 s5
-.s # .L1 ,
,1 z=
- n. -
p _ st= iw 3
-a ie - -
.s-
- s:
- H:s i- t l ss
;; e 3 :-
.s.
/ =-
J e_- . - - 81 1 -
- .re i! s Issa u;- . -- u Issa ss. .l: .
z= :
-a c - ..
3 ! -= s 2_-
\=e:t - -:
ess c i,ni
-e l-l .
m e. as-
- ., .z- -g n:b. .
- o
-l __ .
_ :-5
.za i.: i 2s3 g- g;r,i N
=.s-
'E' .s=
- - i i.:: .
r =- a .I :53 d b~ l
- s. L I )
s53 L.,
!!5 5 m_.
e O -
. ;=
I .--, ,, 1 -t e ge=, p: ;
; esa a ss-.
t -
-4
-a- C sza! '
- i s-585 y - !+- ,
ef. -e 1 G I
*c a
e 1
+ - - - - - - - - . . . _ , . . . _ , _ , _ . "' 'w .y_, __f
1 l
. As a summa ry o f the above twel ve _ rul es , the foll owi ng li sti ng i s provided. The notation used in the. listing is described below.
i !
' + is a logical OR operation i
- is a logi:a1 AND operation i i A indicates the failure of pipe segment A to have flow
's A indi:ates the f ailure of pipe segmer,t A to feed flow
.t f*:, Or ;
A' indicates that pice segment A i s di s erti ng ! allowing flow
' IU U '"'" U I"' 5
- 5 ^ ' f SYS '3 t ' '"05 *"' 2' i"0" ol d prior to the scolication of a rule t
- event c' tne sytem te tne' events which in:ut the SYS"'*
a fte r . the acclication of a rule The twelve rules for fault tree development are presented in brief form as follows. Rul e 1. Redundant incuts A snd 3 with single outcut C use C = C+(A*B) e Rul e 2. Non-redundant inputs A and B with single outout C use C = C+A+B r
?
~t
'$ f
(
- 49
- ....,.--y..m-~..-, o.mm,. , . , - , w- ,,w., ,-y ---,,,,.,-.w.,,..,-,.
..,e.w ,,w ,.._y,w.-.... rem..,4_,.w.-#.,.-,.e- - . .. , , . . . . . . - -- -
e Rule 3. Full capacity input A with tito' outputs B and C use B = B+A and C = C+A f Rule 4. Hal f capacity input A with two outputs B and C use ' .3 = SYS # B'= B+A and C = C+A and SYS new ol d
! Rule 5. Input A with output B and diversion outout C use B =-B+A+C' i
Rule 6. ~ull capacity input A with two outputs B and C and diverted flow downstream of C use -
.B_ = B _A- ( C ' *0 : VERT ) a nd _C = C _A Rule 7. Two full caea:ity inputs A and B wi*h two outou*s C and 3 an cross-tie E use C = C-(A*(I-3)) and D = D+(B'(E-A))
Rule B. Two hal f - capacity i nputs A and B with two outputs C and D anc cross-tie E use C = C+( A*(E+B)) and D = D-(B*(E+A)) and
= SYS +
SYS new old (C'*D'*E'*(A-BI) a9t E Rule 9. Three full capacity inputs A, B and C with two outputs D and cross-ties F and G use D,=D+(A*(F+(5'(G$))))andE,=E+(l'(G-(B'(F*i1))) , l e i
?
30 w W re*** ra * 'r- 73st--+ e- W F*
capacity inputs A, B and C with two outputs D and E Rule 10. Three hal f and cross-ties F and G use D_ = 0+( A*(F+(B*(G$1))) and E = E+(C*(G+(B'(F+A)))) and
= SYS + ' SYS new ol d (D ' *E ' *F ' *G ' *( ( B*C )+ ( A*C)+ ( A* B t
and E Rule 11. Two full capacity inputs A and B with three outouts C, D and cross-ties F and G use C = C+(A*(B+F'+G)) and D = 0+(( A+F)*(B+G))- and E = E + (B'( A+F +G I ) limited capacity inouts A and B wsth three cutouts C, 0 and Rule 12. Two E and cross-ties F and G use C = C + ( A* ( B ~ -G )) a nd D = 0+(( A+F)*(B+G)) and E = E-(B'( A :-G)) and
+
= SYS SYS new ol d (C ' *3 ' *E ' *F '"3 ' ) + *
(O'*D'*F'*(B+(A*El-!A*S'l+(E*SII) *
+
(D'*E'*G'*(A+(B*C)+(B*F')+( *F))) (C'*E'*F'*G'*(A+B))-- 5 i e w
- _ . _ . . ~ . _ . . _ - - . - _ __ _ _ _ _
- 3. FLUID SYSTEM SEGMENT MODULAR. LOGIC PROCEDURES fo r beginning the Thi s section describes a sta nda rd model development of a fault tree for a fluid system segment. As discussed in two Section 2, each " segment" defines a portion of a fluid system between nodes. 'The nodes have been selected so' that the potential. effects o f ;
can
' failure of-any small piping connecting to a segment between the nodes be negl ec ted. A segment is the re fore a linear array of fluid system components.
The fluid system segment modular logic is presented in Fi gure 3.1. This modular logic includes all tyoes of com enents tnat are likely Faul ts a ssocia ted wi t, these to be encountered in a flui d system. compone?ts a re combined under a simol e "0R" gate. Further development of tre fluid system segment fluit tree 's based on the fluid system com: nen: logic modul es tnat a re presented in Section 4, the secoort system locd: modules that are presented in Sec ti on 5, anc e t"e - sueco-syste-sub-tree s devel oped by the a nal yst. Modular logi: is al so oroviced in or Section 6 to de scribe equi pment unavailability due to te sti ng maintenance. This is an input to the component logic modules. 3.1 NOMENCLATURE FOR FLUID SYSTEM SEGMENT LOGIO MODULES labels This section describes the nomenclature used in the event for the events in the fluid system segment modular logic. The section is divided into three sub sections dealing wi th various aspects of event labeli ng.
!a 3.1.1 Comoonent Identi fication for Maior comoonents The identi fier for most major components in thi s fs ui t tree methodol ogy is of the fo rm COMPIDEN. This eight (B) che 3cter : ode is tne l ea d g -: ; ,
used to define the system, the conconent number, and 52
,i 1
- .c .
1,8
-!O mi
- y[l I Ew t.
.e 1 s: -
3' 0 : E: : :i 81 - s-
, a r L8 3
g .l--
- !. (- ..............
=
1 _ i s s e : : r i g l_ i_ =-=eti E b c 2 E e
- - s'$$$.$$.
e = = ..= _ $ .$ $._v!. ! E= ;E f
- e I
. 0 s 1. -
W3 { u - is
==
U;:
=
. .=
1 ;
. , ,, e it v -
,e:
, =
. _ .t s i 3 i!.:
- 8
=
s.
.,= is:
=
s;
.:-.s i - x 1 >
-5 ._Js
> a*
v-1.s_ sm t
-
- J-o
.o -- 5: -
=
- s er
,=
g
=> ,=a =. Iq;,
Ej g a _J e: ; 5- 5 :::
;3_ m
@g
- . v
!s :!. C
, - =
, n
- a. u! =-
[ , -
!. =
g
..:= =. ,.
, --o, O a,- g. s -
-3 ,, .
e e r:s < - E.s s ra : . 3 zs-et [1 1o
- Is it '
i
- e i rr U .
t i i -; O - ; !O
- s- r l2:
g e gl
- .1
>~ l*-
r 3.
i nstrumenta tion channel , or electric power division associated with the f y component. The first three letters of the code, CG'i, sre used to desi g m te The codes defined in Table 2-1 the system to which the component belongs. The next four letters, can be used as substitutions for the code COM. This number often can PIDE, are used to designate the component number. be extracted directly from the system P&I drawing. The last letter in the code, N, is used to designate the load group of the portion of electric If no l oa d g roup is power system associated wi th the component. X, i s used to signi fy thi s associated wi th the component, the code, i
' ab sence.
Codes used for load groups should be of the form A, B, C, a nd D. In thi s case , letter Some plants use numbrs to designate lead groups. load substitutions may be advantageous to allow easier recognition of tne group frem the component number. Thus, the substitution for CCMP! DEN for a motor-ope sted valve number "HVa312" in an Auxilia ry Feedwater System whi:h is ecsered by division 3 of the electric power system would be: AFWa3123 Simila rly , a manual valve number HVa021 in the same system would hsve 1 COMPIDEN substitution of: AFW4021X The code, COMPIDEN, may sopear in many forms in the fa ul t tree modul ar logic model . Codes COMPIDXV, COMPIDTP, etc. all signi fy the ss e of sub sti tutio n s code but are distinctive to allow proper identification when using the component modular fault logic. 3.1.2 Comeonent identi fication for Pioing l The identi fier fo r pi pi ng is a shorter version of tne c:ce
'. in COMP 10EN.
This code, PIP 10, appears in the event label PP DIPID ~ snd The first letter of the code, P, i s the event description of that event. Eacn system in the plant is 3 ssigne: used as a designator for the system. 5:
Thi s system code is the an a rbitra ry but unique one l etter code. The next four letters fo the code,1910, are used to substitution for P. t represent the pi pe segment nunber from the system Pal drawing. Thus, a pipe 031 in a Reactor Coolant System whose one letter code is C would have 1 a PIPID code substitution of: C031 3.1.3. Component Type Codes for Maior Comoonents The identi fier COMPIDEN as discussed in Section 3.1.1 did net number, and load indicate the type of component, but only its system, g rouo . A ccmponent type code is added in the event label s to su: 1y a.d additional information dealing with the general category o f :om:enent other specific details associated with the component. The code, TYP, ,i s the general form of the ccaconent ty:e ::ce and it accears in the event lacels as: COMP!0E N-TYP The first letter o f tne c0de, T, is used to desi;r. ate a gene-a1 cla ss of ecmoonents. For esample, P indicates pump, H indicates heat exch19;e , V indicates motor-coersted valve. The next two letters of the code, YP, may For be used to speci fy subclasses of components or fault information. components such as valves which can change oosition, the code, YP, is used The letters to indicate the normal and failed position of the component. 0 and C represent open and closed, respectively. A moto r-coe rs ted valve number HV3210 in the Emergency Core Cooling System which is oowered by woul d be indi:ated load group A and is normally closed and fails closed as: ECI3210 A-VCC
. such as pumps, heat For components which do not cha nge po si tion to excha nge rs, ta nk s , etc., the two additional l etters a re used
*e additionally speci fy the component tyoe. These letters allo-
- =
e distinction between motor-driven and turbine-driven pumos by using the codes PMD and PTD. Component type codes for fluid system components are shown in Table 3-1. The letters XX in the valve codes represent the g normal and failed position of the comoonent. Table 3-1. al so ha s a col umn showi ng a code fo r sub sti tuti o n i n event descriptions or text. Thi s sub sti tution will be discussed in Section 5. 3.2 USE OF THE MODULAR SEGMENT LOGIC The procedures to be followed to develop a valid fault tree for in Figure an actual fluid system segment using the modular segment logic 3.1 are as follows: . A. Cttain a cocy of the moduise segnent logic. B. Enter the system identi fie rs (FLU *] SYSTEM and FSS) and tne segment identi fie r (555) in the dats block. Section 3 . '. describes the standard event nemenclature to be used. C. Identi fy the types of fluid system components that see inclucec manual valve, in the segment (e.g., moto r-dri v en pumo, motor-ooe rs ted val ve , ci pi ng , etc . ) . Delete all components from the moduise logic diagram that are not found in the segment. Thi s is accompli shed by striking through the components to be deleted from Figure 3.1.
~
D. Identi fy the functional failure into which the segment tree will feed. Functional failures a re di scussed in Section 2 sec fa il ure modes include " flow blocked" and " n ow diverted". Tne of components in the segment must be related to this functional i fail ure . (e.g., when the functional hilure is " flow bl ocked" , the fail ure mode fo r valves in the segment will be to f3il cl o sed . When the functiomi failure is "new diverted", a valve in the segment will likely have to fail ocen) . Co* a " Po* ii
- '= -w.. . , ,
- Table 3-1. Component and Event Identifiers for Fluid System Components.
.i SUBSTITUTION SUESTITUTION COMPONENT FOR COMP IN FOR TYP IN COMPONENT IDENTIFICATION EVENT TEXT EVENT LABEL CODE e MOV VXX Motor-Operated Valve COMPIDEN NV NXX Pneumatic / Hydraulic Valve COMPIDEN SOV SXX Solenoid-Operated Valve COMPIDEN XV XXX COMPIDEN Manual Valve CKV CXX COMPIDEN Check Valve SRV RCX Safety / Relief Valve CCMP! EN MDP PC Mo:cr-Driven Pump COMPIDEN TOP PTD Turbine-Driven Pump COMPIDEN HTX HTX Heat Exchanger COMPIDEN J TANK TNK COMPIDEN Tank PP PIPID PIPE Pipe
.t
a diverted" functional failure, the top event of the modul a r segment logic is (nodi fled to read ' DIVERTED FLOW OCCURS' rather becomes l than ' COMPONENT WAULT OCCURS' and the event label ' t
'01VRT-FSS-SSS ' ra ther tha n 'F AU'.T-FSS-SSS ' .
E. The data block should now be completed, giving the comoonent identification of a11 components in the segment and' the no mal and assumed failed position of all valves in the segment. Agai n of the s*anda-d consul t Sec tion 3.1 for a desc ri ption If more than one component of a given nomencl a ture to be used. tyce is present in a single segment (e.g., two moto r-coe rs ted g valves), the identi fica tion and. assumed failed cosition (if acclicable) of each should be listed. F. The modular logic should now be obtained and comoleted for es:n comoonent in the fluid system secment. Comoonent modular logi: is discussed in Section 4 i
- r
- 4. FLUID SYSTEM COMPONENT MODULAR LOGIC PROCEDURES 9
This section presents modular component fault logic and standard event nomenclature and discusses the use of this modular logic to complete the fault tree for a fluid system segment described in Section
- 3. The fl uid system components for which modul a r logic is developed include Each logic modul e valves, pumps, heat exchangers, ta nks a nd oi ci ng .
includes the following tyoes of events if they may contribute to comoonent failure or to its unavailability for accident mitigation: e Local fa ul ts e Support system faul ts e Component unavailaoility due to testing or maintenance e Operator error in response to an accicen: Local _ faults include a cotentially wide variety o f failures t93: occur at the component in que sti o n. This is considered to be a casic cower, cont"o1 event. Suecort system faults include faults in el ec tric powe r , actua ti on, room ventilation, cooling water, lubrication, control prevents a and other systems whose failure either directly or indirectly component from performing as required to mitigate tne consecuences of an coae , acc.i dent. Modul a r fa ul t logic for el ectric powe r , control ac tua tion and room cooling and ventilation systems are presentec in Other supoort systems are left as undevelooed events in t9e Section 5. modul ar component faul t logic. The analyst should determine tne need :: supeort syste-develop these events further. .n i the devel opment of a i j sub- tree , the anal yst shoul d conti nue to apoly the modul a r 10;4 c I methodology discussed in this report. 59
Component unavailability due to test or maintena nce includes failure to restore proper component alignment foll owi ng te sti ng or mai ntena nce. Operstor error in response to an accident generally model s i an erroneous input to an actuation system by in operster in the con:rc1 room. 4.1 NOMENCLATURE FOR FLUID SYSTEM COMPONENT LOGIC MODULES This section describes the nomenclature used in the event label s f o r. the component modular fault logic. Two genersi event types are found in the component modular logic. These are component oriented events and supoort system oriented events.
' The component oriented events have labels of the form:
COMP: DEN-TY?-FNC The code :NC i s a The codes CCMP! DEN and TYP were dis:ussed in Secti:n 3. func ti o nal string of three chars:ters wti h is used to desi g na te the failure of the component. Some substitutions for FNC a re CE, for 0:e-3:o-error, LF, for local fault, and UTM, for unavailability due to test or mai ntena nce . The se codes gene rs11y match the text in the event desc ri ptio n. The succort system oriented events have label s of the form: SY-FNCT-CCMPIDEN l system. The SY code indicates that the event is associated witn a support Development of a sub-tree by the analyst may be recuired for tnis type o' 1 function oerfo rmed oy the l event. The FMC code is a descriptor for the support system. Examples of FNC codes in this case are PHS, for one u9t ti :
, f- l or hydraulic power source, CCW, for component cooling water, and L'JB, j component l ub ricati on. Agai n , the FNC codes generally match the event description text. The T code (last char 5cter of FNCT) is the first lette-of the TYP code discussed previously and indicates the general cone nen-i tyoe.
6C
1 p 4.2 YALVES followi ng tyee s u Modular fault logic has been developed for the of valves commonly found in nuclear power plant fluid systems:
)
e Motor-operated valves e Pneumatic or hydraulic valves ) e Solenoid-opersted valves e t%nual valves e Check valves e Sa fety/ relief valves The develcpment of the modula r logic for each valve tyoe is discussed in more detail in the following sections. 4.2.1 Motor-Ocerated Vs1ve (MOV) The modular logic for the failure of a moto r-ope ra ted valve fa ul ts , el ectric power system faul ts, ec (Figure 4.1) inciudes l ocal a ri si ng f-:- conditions of unavailability for accident mitigation The se contributors to moto r-ope ra ted valve maintena nce or te sti ng . I failure are discussed in more detail below. I A. Local Faults - Types of failures that may be considered as 10:3 1 (1) mechanical fa ul ts , (2) motor fa ul ts , faul ts i nclude the control system, (3) valve limit switch faults that affect and (4) electrical faults in the MOV junction box. B. Electric Power Faults - Two classes of electric power faults a-e included in the MOV logic medule; faults that fail a val ve in its original position and ftults that cause unintended actuation devel oped fo r a of a valve. Only one of these faults will be Table 4-1 sumsrizes the technique to be used pa rti cul a r ev'ent. I . 61 1
1
~
1 E
< 1 l
\
( 1 e I E et 9 g
- 3"E-
- - . - e, I .
r e
-5 g 5
=
f 1- m e - w
-z! g o j 35: 5 lei s e 5. -
E nso > s
,I w.
E: Q -g f z
.,,=_
l'E i
\ ==.o t' ga:I -1 -**
i f B= .: g > k 2-5 ' i
." *-S m38 gg
~
L
~
g E!! b:l - S 6
"5
, C-I I. E 5 k 1
4 s 2-- 5*= 1 i..
\s-1
\
5 u = 1-= i;[O
 5.3. , ( - ( see Figure 5.6). Its development is discussed in Section As summarized in Table 4-2, this event thould be deleted from f
'the logic module when the failed posi tion of the solenoid-operated valve being modeled is different tnan its
( fail-sa fe position. In this case, control power is likely to be i required to hold the valve out of its fail-sa fe position. Actuation System Faults - Modular logic is provided for tnis i D.
- j event (see Figure 5.7). Its development is discussed in Section 5.4.
i Unavailability Due to Test or Maintenance - Modul ar logic is E. Its devel opment is provided for this event (see Figure 6.1). discussed in Section 6. t 4.2.4 Manual Valve (XV) The modular logic for the fhilvre of a manual valve (Figure 4.5) faul ts and conditions of unavailability a ri si ng fron includes local maintenance, testing or ope rator error. These contributors to manual j valve failure are discussed in more detail below. i. A. Local Faults - This is a mechanical fa ul t tha t re sul ts in a l I manual valve being unable to perform as required to mitigate the l consequences of an accident (e.g., valve plugging, loss of valve l disc, frozen valve operating mechanism, etc.) t i 7)
--- , ,,n-
A B .,+, -* h- - f i i I e e e ,- i g
= =
-t J.:t 2 b.::1 .
)
i C p- -
.=== ich s
l.. j,l- 1 g_ w. ". ,
=
h 5
- i. I: *l.s )- !.!. -
e l S
= 3 s^ ;
s I= , M
' =1 T-E h" (
,k 6 1-I
,;, , M
) 5 :-
so-
.: ^
tiV 2 is t E,! $ G i I E;l I_55-1 M._ ,
~_5 a- Ekl b R" -;
k t W
.se
==
C 1 E 3
+
unum 8" W . g s ks E,l
*3 t GJ
!. rI se -_.
h b i. e l I l L I l 1 72 t t
+
1
. ~ . . -. .-- - _ _ _, _ -._.. ,. . - . . . . . . - - , , _ . - . . - , . , . . , - , . , - . . . _ . ~ _ _ ,-- ._ . ,
i
- 1
- Modular logic is j
'B. Unavailability Due to Test or Maintenance l Its development is
{' provided for thi s event (see Figure 6.1). f
- discussed in Section 6.
i, trea ted C. Operator Error in Response to an Accident - This may be It will generally relate to local manual as a basic event.
'. operator actions taken from outside the control room.
4.2.5 Check Valve (CKY) 4.6) { The modular logic for the failure of g check valve (Figure Such faults would typically be mechanical in only includes local faults. ope n te r na ture. Msintenance and testing activities during opention and erro r should not a f fect check valves. These events are therefo I included in the check valve modular logic. ( l 4.2.6 Sa fety/ Relief Valve (SRV) sa fety/ relie f val ve The modular logic for the fail ure of a and mecha ni cally-ope rated SRVs (Figure 4.7) is a pplicabl e to
' power-operated SRVs. This logic module includes more events than are
' applicable to any single type of sa fety/ relief valve, therefore some i
events must be del eted by the anal yst, depending on the type of
' safety / relief valve being modeled, and the functional failure to which S COMPDEN-ROX failure is contributing. In addition, the logic under event Tabl e must be speci fied based on the functional failure being modeled.
to be used unde-4-3 identifies the events to be deleted and the logic During clant COMPIDEN-RCX, based on the preceed#ng considentions. [ event operation, an SRV would not likely be rendered unavailable due to test or maintena nce. Thi s type of event is tnerefore not included in the SRV modular fault logic. fsiled Note in the data block in Figure 4.7 that the nonnal and
valve positions are li sted a s "CX" ra the r tha n "isXX" a s wi th mo st o the r a ssumed to be
[ valves. The nornal position of a sa fety/ relief valve I closed, therefore the a'nalyst need only specify the failed position of th t
- 73 I
I 1 l l l
- l l.
l 1 6 m 4 e 1 . . g a 4 g*
** e en aus 6
h a suum A men , y W
\ = , .
C = 6 E- -
- h
- J:n; cE 5, ,.* . -
i y ( g
! 5! fs i eu;
. t 4j rs I*!
j
, sr .E
** I EE _:
i g W C e e N. s h
! '.u.
m 7 b 4 i.
.i 9
0 1 1
- 74 t
I
\ .
=
9 i E
- slC .
II wxy E' i Iuy. -
!!S .]
I i .1
~
E sn --- -tc ng is O
- I g -
i s-s- Is
*=
ll i jI . s e 53 39 I 6 4 i c
.A e
- . g e I *
!;}
jr! [ ~).
. g s -! Es. .'
-! - c.
i
,'.a i.Q 1: . sg c I"1 :: - z- a-
- !E -
*! t ,5 <$ >
32
*-- , e.
,d g. -
= -
, 0 a
,i
' =*
\-,
O m I EIb i.$li [
- - w 4
,"- p S3 - 3 j I
- e. =,
3a s g:
~.
f I:s v gE* 1 e E 9 e
# c x a
- +
C e 5., . g
~
hk E 3
=
a g =e c a
. - 3 . = =
'. a, e 31 C!=.
1 E-. - n m r=s-n'il 3 LI [e - sE--
. &a 1 .a EE-19
=
,g
=
sE 3* 3* b r ti 3-i l: g-5
*1 B
W-*f
- 3 .WB s --
se- :. fr.z. =s e :. : 1 l =e lg
,1,*
.r,.;
-E 1
t-
/.
i I
l' . ( ' Table 4-3. Identification of Logic and Events to be Deleted from SRV Modular Logic Based on Functional Failure and Valve Type. L. . I
;i FUNCTIONAL APPLICATION OF SRV
' MODULAR LOGIC I FAILURE TO FAILURE TO
'I MODULAR LOGIC PROVIDE DEPRES- INADVERTENT TYPE OF SRV EVENT PROVIDE OVER- OPENING PRESSURE PRO- SURIZATION f TECTION CAPABILITY Mechanically NotApplicable(1) Delete
.' COMPIDEN-RCX-PORV Delete Operated Only Delete _
i Pneumatically COMPIDEN-RCX-MECH 1 Delete COMPIDM-RCbCU Delete Hydra?i cally Operated SY-PHSR-C0fPIDEN j
)
Delete i CD E DE M X- E H Delete l Solenoid COMPIDEN-RCX-CTP
' Pilot Delete Delete Delete Operated SY-PHSR-COMPIDEN
, OR OR AND Logic of Top Gate l i An SRV that only operates mechanically does not
" Notes: (1)
- generally function in a depressurization role unless it can be operated manually.
1 I l l l' . 1 ,~ I
.. 76
. l 1
1 hd b valve. The contributors to 'sa fegy/nlief vain Mun an more detail below.
- Thi s A.
Local Faults Af fecting Mechanical Actuation CaosbilitV_
, It event is applicable to all types of sa fety/relie f valves.
i includes mechanical faults of the valve. This event should be
, deleted from the modular logic when the functional failure being l As used herein, modeled is loss of depressurization capability.
pressure depressurization implies maintaining the SRY open at a below its acchanical actuation setpoint. A power actuator (e.g. is required to pneumatic / hydraulic or solenoid pilot) (
' accomplish this function.
- This event .
i B. Local Faults Af fecting Power Actuation Caotbility valves. It is only applicable to power-operated sa fety/ relief fa ul ts , and depending on valve type, may
; includes mechanical include local pneumatic, hydraulic or electrical faults.
C. Control Ci rcuit Faults _ - Thi s event is only a pplicabl e te
~
powe r-ope rs ted sa fety/relie f ' val ve s. ~ Develooment of a sub-tree The relationsnip of the controi may be required for this event. power and actua ti on systems is ci rcuit to the control I illustrated in Figure 4.3. power-D. Loss of Control power - This event is only applicable to I Modular logic is provided for opera ted sa fety/ relie f valves. A Its development is discussed in Section 5 . 3 .' b this event. power-ope rated sa fety/relie f valve will generally fail closed This event shul d , there S re following loss of control power. { logic module when the functional failure be del eted from the In thi s ca se , being modeled is inadvertent opening of an SRV. L 1 it is likely that control power must be available to maintain
;' the SRV open.
I . i 77 _________._____-.___m- _ _ . - _ _ _ _ _ _ _ _ _
E. Actuation System Faults - This event is only a pplicable to Modular logic is provided power- operated sa fety/mlief valves. Its development is discussed for this event (see Figure 5.7).
" in Section 5.4. <- - This event is Pneumatic or Hydraulic Power Source Faults b ,,
F. It applicable to pneumatic-hydraulic safety / relief valves only. y deleted for other types of SRVs. This event affects I should be pressure bel ow its the ability of an SRY to opera te at a ( mechanical operating setpoint. Loss of the pneumatic or of [ hydraulic power source will generally not a ffect the ability mechanically and provide a pressure relief an SRV to ope ra te f function at high pressure.
.[' .
the logic modul e when the This event should be deleted fro'n i failure being modeled is inadvertent cower actuat on e fun:tional In this case the pneumatic or hydraulic power sour:e 3 o f a n SRY. must be available to maintain the valve in the open position. o . 4.3 PUMPS Modular faul t logic has been developed for the following tyoes of pumps comonly found in nuclear power plant fluid systems: e Motor-driven pumps e Turbine-driven pumps e for each pump tyoe is The development of the modular logic { discussed in more detail in the following sections. I 4.3.1 Motor-Driven Pumo (MDP) The modular )ogic for the failure of a motor-driven component coolingpump (Fig 4.8) includes local fruits, lubrication system faults, water system faults, room cooling or ventilation system faults, elect-ic I ' 78
3 l i I l t 9 l 18 [ l
}. 1?
<- ist gh' '
;l 111-
.s -1 111 d
\ .
e e s-t g et
- 1. in 1.=,h
$_5 .
g= [.;I . e I I
. =
L L c.- 55 .
- c g3 ; c 0 -
55 $ q*Ew { u 55 C
=c !"J 3
F ji.i . tj L e t, c 1
- b igt ~
"k y- ', I ~
h J C :
}r 5 i O 4 d -- 1 !:E,
= s r -
In 5
$N;g v '
~
s E s- ..
.s 3 e
=
E e I *
, aj =,
i = 1 e
!l 8 E> ..
5 a 1 5 a-
=.
t
=
a ; C
}E== -
y ,
. . q c ie na ,.
w_~~ ~2 ae i ( eW k E.
*w I : s I 6 e
C i-ei
~U Is E
*E 1 G 1
- 11-o i
-: n
e i l accident I power system faults and conditions of unavailability for l mitiga tion ari sing from maintenance ' or testing. These contributors to bel ow. motor-driven pump failure are discussed in more detail A. Local Faults _ - Types of failures that may be considered as local fa ul ts , (2 ) moto r fa ul ts , faul ts include (1) pump mechanical protection conta cts , (3) faults in the motor thennai {- (4) electrical faults in the motor function box, (5) faults that cause pump cavitation, and (6) some auxiliary system hults. l t sub-tree may be B. Lubrication System Faults - Development of a fa ul ts ma y be {8- requi red for thi s event. Lubrica tion system SY l.UBP-COMP CEN may be considered as local faults, and event from the logic modul e, when the pump and motor have t del eted i sel' contained oil systems that do not require external power or
; control (e.g., a ring-oil system for large horizontal ;uros and moto rs) .
of a sub-C. Cemoonent Cooling Water System Faults - Deve1ooment tree may be requi red for tnis event. Component cooling water j fa ul ts , and event
- system faults may be consi dered as local SY-CCWP-COMPIDEN may be deleted from the logic module when the from the pump pump and motor are cooled by wa ter diverted di scha rge. This type of cooling water system does not reouire external power or control . Event SY-CCWP-COMPIDEN may al so be J
deleted from the logic module for small motor-driven pumps that do not require component cooling water.
- Modul a r logic is D. Room Cooling or Ventilation System Faults Its development is provided for thi s event (see Figure 5.8).
discussed in Section 5.5. ROOMRRR is the identi fier for the room in which the motor-driven pump is located. The room cooling or ventilation system is not required initially for motor-d[-iven pump operation. Conti nued ope ra tion o f a l a rge t
,.' 80 1
se
I 8 l pump without room cooling or ventila% ion will likely result in a l significant increase in room tempera ture tha t may lead to of the motor-driven pump. This event t eventual f%ilure ($Y-VHF-RDOMRRR) may be deleted from the logic modul e if the motor-driven pump can withstand the anticipated environmental conditions followi ng the f%ilure of all room cooling and [
- ventilation systems.
- Modular logic is provided for loss of E. Loss of Electric Power _ Its development I
electric power to a component (see Figure 5.1). (* The actuation and control systems is discussed in Section 5.1. for a motor-driven pump interface with the electric power supoly j and are there fore devel oped under event
' for the pump,
- COMPIDEN-?MD-E PL .
t
- Mcdul a r logic is F. Unavailability Due to Test or Haintenance Its deve1coment is provided fo r thi s event ( see Figure 6.11.
discussed in Section 6. 4.3.2 Turbine Driven Pumo (TDP) The modular logic for the failure of a turoine-driven pun:
, (Fi gure 4.9) includes local faults, lubricationventilation system faults, componen:
system fs ul ts ,
' cooling water system faults, room cooling or turbine regulation system faults, turbine steam sucoly system faults and a ri si ng from conditions of unavailability for accident mitiga tion maintenance or testing.
These contributors to turbine-driven pume failure The actuation system ic not included b are discussed in more detail below. The actuttien system di rectly i n the turbine-driven pump logic module. an i nput to valves in the will appear in support system sub-trees as { turbine steam supply system and oil pump ( s) in some nonsel f-contsiaed . i lubrication or hydraulic oil systems, t ( i e I
\
81 b
~
, , ~
~..
.-n . . .
W M
l l 1 l 1 l e i
~l f,
4 0 m
.W a
- SE-I
- 1,5 3 - 55 V^
- I * - , .
e
\* g .
s
$ IC e gg -
11 2 c
- 5.
- h (5
* \C g *s c
- 3 8* 13 ' 5 te- .1' r 4 M -s .
- 11 - bgg t.
1 E >
~1 \-\ -
~
gE w 1 9". 0 u C, I'.I ] . 5 =
- g :
'- 5 .",
\ 1=. 1 3 {p 1
# t=
$ \,&' e
=c
- 1-- -- a w f
12 55 \k z . n .
'ni IE !! 55 5 us.
~~
tt q., g2
.a 3 30 e II 4 W; I ~ s -
-- E t>
J
% k'E g >s .3 n
- = d . 5
. a - e T-3 g- ,,
;=*
*# - '8" c- , - 3 W
11 5 g
- g. 3 {,g -
e-C m, ,. -
*** ~1 -:
31 x - 3 s. . Wz w eE e (
. - 3: e p gs e gC 3 Ge 8 0
- b
- 2 (
I" .5 b 6 g Y O a ;I C* s, ' . ,, e a
. o'
.1 7 i
3 :
~ * *
<~ n g\
i ( g- d t
\ 9
\
f [ 9 0 a.
\
p
)
4
- , . - --,,-----r, ,, ,--,_v -
! l i
-Local Faults - Types of failures that may be considered as locai l A.
( fa ul ts , l faul ts include (1) pump and turbine mechanical I (2) faults that cause pump cavitation, (3) faults of protective devices that a re integral with the turbine-driven pump system (e.g., t ( mechanical overspeed tri p) , and - (4) some auxilia ry fa ul ts. f .
~
Lubrication System Faults - Development of a sub-tree may be B. required for this event. Lubrication system faul ts may be considered as local faults, and event SY-LUBP-COMPIDEN may be l I' deleted from the tree, when the pump, turbine drive and governor have sel f-contained oil systems that do not require external and turoine power or control -(e.g., a ring-oil system for pump bea ring lubrication and a gea r or sha ft-driven pump supolying i the governor hydnulic system). i A turbi ne-dri ven pu9 C. Comeonent Cooling Water System Faults - { typically requi res a cooling water system. Development of a i , sub-tree may be required for thi s event. Component c0 clin;
' water system faults may be considered as local faults, and event the SY-CCWP-COMPIDEN may be deleted from the logic module, when 2 pump and turbine are cool ed by water diverted from the cum:
discha rge. This type of cooling water system decs not recuice external power or control. Room Cooling or Ventilation System Faults
- Modul a r logic is D.
l Its devel opment is provided for this event (see Figure 5.8). discussed in Section 5.5. ROOMRRR is the identi fier for tne room in which the turbine-driven pump is located. 8 I The room cooling or ventilation system is not required initially for turbine-driven pump operation. Continued coerstion of the { pump without room cooling or ventilation will likely result in a i significant increase in room temperature and humidity (e.g., due to steam leakage from the turbine glard seals and steam chest l drains and ',high tempera ture of any exposed turbine or steam ( i
'. 83 t
l envi ronmenul supply / exhaust system pa rts) . These adverse Thi s conditions may cause a failure of the turbine-driven pump. module if
' event (SY-VHF-ROOMRRR) any be deleted from the logic the turbine-driven pump and necessary auxiliary systems (e.g.,
l I. lubrication and regulating system) can withstand the anticipated conditions following the failure of all adverse envi ronmental 1
- room cooling and ventilation systems.
I L. , Turbine Regulation System Faults - Development of a sub-tree may E. I' be required for this event. This sub-tree should include faults in the system that provides the control input to the turbine governor val ve , and faults in the control power system (e.g., j I typically 120 VAC or 125 VDC). I a sub-tree , F. Turbine Steam Sueoly System Faults - Development of i may be requi red for thi s event. This sub-tree should include loss of the steam source itsel f, and inadequate flow from the i. steam source due to failure of valves in the steam supply oatn, including the trip throttle and governor valves tha t are f immediate vicinity of the typi cally located in the turbine-driven pump. The turbine-driven pump actua tion system
' interfaces with valves in the steam sucoly system. .
- A modular logic is
-G. Unavailability Due to Test or Maintenance Its devel opment is provided for this event (see Figure 6.1).
discussed in Section 6. 4.4 HEAT EXCHANGER (HTX) The modular logic for the failure of a heat exchanger (Figure f blockage of flow on the , 4.10) model s two different functional failures: ! heat exchanger and inadequate heat removal via the i primary side of the one of these failure I heat exchanger. There may be occasions when only faul t tree being developed. For exampl e, e' modes is applicable to the during the injection phase of Emergency Core Cooling System (ECCS) , operation, some PWR plants route injection flow through the Residual Heat i
/
, ,.' BA
\
* ~ _ _
J 1 I -(. e
==
a ef 8 -8 :
- 3
- =
gi!
!.o
- tz _ .
"i t
l- III d -
e.1 a=
- E, C
W Y
- e
- q. s u sw _ C
.,- E.i g #
5"O f I -- - 2 -- # t " $ ~. l8 1 W [5s
.i .ym ss. a g 5 .5 I
y' i 1 hl - a o r:: n - gg e! i [- - z,r1 !c 1 / o ,
- =
_1 H. 2 -
-: sm, s =
g.. \ 3= i s ., .g - , v
< 33r ;g! ,. 3 : -,
Is..t
- la e. n.
t ] w C y i 1 e- = ( I.!: 1, C - I
=
l . e _ 3 .: . I l ~I, E i { lo g e l'
~I 5
- "f 2a -{
y -s, gy h
=
e r= g:_ , i : w
. m g ,. a_ , j 1-
; !I
- . la! d 5 E
i 4
).
I 5 i w. l . 1 L
]
.g. s: l Removal (RHR) system heat exchangers. During the inj ection period, the-function of the heat excha nger is not required. This heat removal for l function is requi red , however, when the ECCS is later aligned In cases similar to the above example, the heat exchanger f., recirculation. . in an ECCS-injection modular logic should be simplified for application The fault tree by deleting event COMPIDEN-HTX-IHR and its development. COMPIDE N-HT X-FB . i heat exchanger modular logic then reduces to basic event
" The' full heat exchanger logic module should be used for apolication in an Analysts should review othe r hea t ECCS-rteircul ation fa ul t tree. nuclear plant systems to determine if l exchanger applications in
{ modul e is necessa ry in the l' simplification of the heat exchanger logic system fault model . The heat exchanger logic module includes local faults, faults in
- f. systems and condi tions of seconda ry-si de heat excha nger cooling f- unavailability for accident mitigation a ri si ng from mai ntena nce or
{ te sti ng . These contributors to heat exchanger fsilure a re discussed in i more detail below, i . i n H' X - This fsult is s' blockage
' A. Local Fault thst Blocks Flow of the primary side of a heat excha nge r by mea ns of fo rei g n ma terial or any other conditions that significantly degrade Failure the of fl ow.
ability of the heat exchanger to pgss rated pressure boundary is not included the pa ssive heat excha nger among potential local faults to be considered.
- Thi s B.
Local Faults Causing Inadecuate Heat Removal via HTX fault includes fouling of heat transfer surfaces, air binding of 1,
' a heat excha nger, and any other prima ry or seconda ry-si de conditions that si gni ficantly degrade the ability of tne hest fl ui d . Failure
{ exchanger to remove heat from the primary-side of the passive heat exchanger pressure boundary is not included among potential local faults to be considered. ( , Y , 5 , l I - 86 {
~ . - - .. . _ . . .
l C. Secondary-Side Cooling System Faults - Develop.ent of a sub-treo ( may be required for this event. This sub-tree should model the (. the complete heat transfer path from heat exchanger COMPIDEN to environment (e.g., the ultimate heat sink).
- A heat exchanger is D. Unavailability Due to Test or Maintenance _
typically taken out of service for te sti ng or maintena nce by closing valves and isolating the heat excha nger from the remainder of the associated fluid systems. Such activities a re [ I re fl ected in the logic modules for valves. The heat exchanger j ' test or maintena nce, however, is likel y to establi sh the t duration of such required abnornal system alignments. l'
; Its Modular logic is provided for this event (see Figure 6.1). .
development is discussed in Section 6. f 4.5 TANX (TNK) fsilure of s tank (Fi gure 4.11) The modular logic for the g failure of systems to provide tani heating er includes l ocal fa ul ts , for accident mi tiga tion pressurization and conditions of unavailability i ari sing from maintenance or testing. These contribut:rs to tank failure are discussed in more detail below. A. Local Faults - This type of failure is typically mecha nical It does not, l (e.g., vent blocked, outl et line pl ugged) . f. however, include the failure of the pa ssive ta nk pressure
' - ' bounda ry .
B. Systems to Provide Tank Heating Fail _ - Development of a sub-tree may be required for this event. It acolies only to tank s tnat , elevated fluid temperature to keep dissolved must mai ntai n an for other chemicals in solution. This event should be deleted ta nk s.
\
i
..- g7 t
=W i
I f ($ E 5 3:: I .= - s
;O E-I t*-
~= EIg I
i lii d i_
- M W
- V g
*s '"
L C ~ I e
~ u.
. 525- ial m
g!= 1g t i ;
-:t 53 l,t: -
re: T! - c
=3. lt O 7""-
n
#6
.g ii g ..
w
- E I
- l.1 o'
& 3 g = g e I8 %. - - - -
"t iE.
i-- = . E w E
- g- E 5
j l{ 6 -Igg, l5'3 1 - a a e j__ --s jg: -: C
-- e: ~
S**= 1 1~2; Y .
$$d 9-ang ns. O I-I -
vf ,
~z ..
Eo-W D 1 NYN 7 j9 s C 5 If N
- 3. El
-- a
~
ei 85, E =.=. g 8 = Lw s
-J
)
h
\
1 a e SS
\
t
6 Loss of tank heating and decreasing nuid temperature may causo , ta nk. This the gredual crystalization of chemicals within the } 8 may eventually lead to the formation of chunks of chemicals that may block the tank outlet. Alternatively, the concentration of tank solution may eventually be sufficiently chemical s in the fluid system reduced due to crystalization that the associated I sa fety function can no longer adequately be perfomed (e.g., core suberiticality with the aid of boron inj ection) . The failure of a tank heating system is not likely to have an Thi s
!mmediate effect on the associated tank and fluid system.
event may be deleted from the logic module if' the time for an j I- ta nk hea ti ng is unsafe condition to develop due to failure of
' long in compa ri son to the time scale of other events that are included in the fault tree.
l of a C. Systeps to Provide Tank Pressurization Fail - Development It toolies only to sub-tree may be requi red for this event. Thi s
' tanks that a re maintained above atmospheric pressure.
event may be del eted for ta nks that operate at atmospheric pressure. Thi s event incl udes the inadvertent opening of a f ta n< sa fety/ relie f valve. The system for cressurizing a tank need not be included in the sub-tree development if the ta nk is Loss of pressurized and then isolated from the pressure source. under the pressure source (e.g., high pressure nitrogen system) thi s circumstance woul d not impact a tank that was previously i pressurized if the tank can perform its intended sa fety function without being recharged. t - A tank is tyoically D. Unavailability Due to Test or Maintenance taken out of service for testing or maintenance by cl o si ng I valves and isolating the ta nk from the remainder of the associated fluid system (s). Such activities are re fl ected in The test or mai ntenance o f a ta nk , logic modules for valves. l t I
.' 89 0
l
. of such requi red however, is likely to establish the duration abnorval system alignments.
The Modular logic is provided for this event (see Figure 6.1). I i development of this sub-tree is discussed in Section 6. p. 6 k.6 PIPING (PP) 4.12) only The modular logic for the failure of piping (Figure Two di f fe rent potential failure modes a re includes local faul ts. included, however, as discussed below. Note that the section of pi pi ng t being modeled .is identified by means of the five charseter code PIPID. i A. Flow in Picing Blocked - This event includes blockage of flow in , or o the r
' a section of piping due to orifice plugging, free:ing Event PP -P IPID-B LK ma y be deleted if flow credibl e cause.
' blockage is not considered to be a credible event.
, is incl uded onl y i B. Flow in Pipin; Diverted by LOCA - This event for sections of piping that are potential sources of a loss of
{ Coolant Accident (I.0C A), Passive pressure boundary f ail ure is not considered in pi pe sections that are not potential LOC A g PP-PIPID-LOC A may be sources. For these pipe sections, event del eted. I i { t
\
l
\
\ .
t - 4
. 90
\ ~
l 1
t *
- 4. .
W i
\ g -
- C i
i Eh
\.t
\ =:e 4% V
- C e
\ oE-s' .;
= p
- Ea T e.
\ ___
n n 55
~
s \ C 1 }~ : y ' S
,\
.i, ff 8
"E k "
"W
$ " g, \ Ik .~
1; i
~-
~
I le. 3 I I
, i
'tl ' 4 j
h ' !$ $5 I v. !;i n Y l il. z
!U 3 '
"o (s) .
C
; ~
L I T c.: h~ t Z L l i
\
4 I i i I i
~
\ .
\
91
\-
,i
. l
'{ e-I i 1 5. COMPONENT SUPPORT SYSTEM MODULAR LOGIC PROCEDURES i b o l-
' The fluid system component modular fa ul t logic presented in Section 4- requires the consideration of the effects of failure of a variety of support systems on each component. Table 5-1 sumarizes the se support system requirements. As indicated in Table 5-1 and in the modular to logic for each component, the fault logic for many support systems are The methodology discussed in
' be developed enti rely by the anal yst.
analyst to develoo Sections 2-4 is applicable and should be used by the fluid support systems (e.g., component cooling water, the. sub-trees fo r
. lubrication, etc.) . followi ng This section provides moduist fa ul t logic fo r the i support systems:
i , i e Electric power system e- Control power system o Actuation system
\
I e Room cooling or ventilation system. i t 5.1 NOMENCLATURE FOR COMPONENT SUPPORT SYSTEM MODULAR LOG Thi s section presents the nomenclature used in the event label s {, modul a r log 1 .
' and the event description for the component support system l i faul t trees. The discussion is divided into three main a rea s:
I nomenclature associated with bus identification, nomenclature associated l with support system component identification, and nomenclature associated l j. J. with ventilation sytems. l l 92 i . . .2-. - . , , . . - - - . . _ _ . . , - - - -_- --
- .- _ . - - -r. --
I . Table 5-1. Sumary of Support System Faults included in the Modular Fluid .. System Component fault Logic. i POTENTI AL SilPPORT SYSTEM FAtM.TS DEVELOPMENT COMPONENT EVENT LABEL f' NAMC C0HelDEN-VXX-EPL Modular Logic Motor-Operated Valve loss of Electric Power (1) COMPIDCB-fl0C Modular Logtc Circutt Breaker..
- i. ..
t SY-PilSN-COMPIDEN By Analyst (2) Pneumatic /ilydraulic Pneumatic /llydraulic Power Valve Source COMPIDEN-NXX-CC By Analyst
' Control Circuit COMPIDEN-MXX-CIP Modular Logic 0 Control Power l
COMPIDEN-NXX-AS Modular Logic l Actuation i COMPIDEN-SXX-CC By Analyst Solenold-Operated Valve Control Circuit COMPIDEN-SXX-CTP Modular Logic Control Power COMPIDEN-SXX-AS Modular Logic Actuation None Manual Valve
~~~
Hone Check Valve i
- ~
Sumar'y of Support System Faults l'ncluded in the Modular Fluid Table 5-1. System Component fault logic (Continued). POTEllTIAL StlPPORT SYSTEM FAULTS DEVELOPMENT COMPONENT EVENT LABEL - NAME By Analyst (2) SY-PilSR COMPIDEN Pneumatic /flydraulic Power Safety / Relief Valve Source By Analyst . COMPIDEN-RCX-CC
- . Control Circuit Modular Logic
; COMPIDEN-RCX-CTP Control Power 1
4 Modular Logic , COMPIDEN-RCX- AS Actuation By Analyst (2) SY-LUBP-COMPIDEN Motor-Driven Pump Lubrication By Analyst (2) SY-CCWP-COMPIDEN Component Cooling Water Modular Logic SY-VHF-ROOMRRR Room Cooling Modular Logic COMPIDEN-PMD-EPL Loss of Electric Power (1) l SY-LUBP-COMPIDEN By Analyst (2) Turbine-Driven Pump Lubrication By Analyst (2) SY-CCWP-COMPIDEN Component Cooling Water Modular Logic SY-VHF-ROOMRRR Room Cooling O L _- _ . - _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _________~_As. _ _ _ _ .--_n.___ _A.__ ___-_____h__h_.-_____.._.A__ . _ _ _ _ . _ _ _ _ _ . _ _ _ _ _ . _ - _ _ _
Table 5-1. Summary of Support System Faults Included in the Modular Fluid. System Cowponent fault Logic (Continued). I POTENTIAL SUPPORT SYSTEM FAtiLTS DEVELOPMENT I COMPONENT NAME EVENT LABEL SY-REGP-COMP 10EN By Analyst i Turbine-Driven Pung Turbine Regulation SY-TSSP-COMPIDEN By Analyst (2)
,' '(Continued) Turbine Steam Supply SY-SSCil-COMPIDEN By Analyst (2)
Heat Exchanger Secondary-Side Cooling System I SY41TGT-COMPIDEN By Analyst (2) Tank fleating
- Tank SY-PSFT-COMPIDEN By Analyst (2)
Tank Pressurization y None Piping l s Note: (1) Control power control circuit and automatic actuation and remote-manual actuation j systems interfacefaults within these the systems electric power system supplying a are therefore developed under with the component itself. 4 events COMPIDEN-TYP-EPL and COMPIDCB-BXX. (2) The analyst should utilire the modular logic described in Sections 2-6 of this report in the development of the sub-tree for these support system faults.
! t-
k 5.1.1 'Nomencla2ure for Bus identification p- bus The event label for the identification of an electric power l .' gl is of the fom: YOLTLG-BUSID L The first four lette rs o f ' the code, VOLT, are used to designate the voltage of the bus. The next two letters, LG, are used to indicate the
' load group, instrumentation caannel, or electric power division associated and can with the bus. The code BUSID is used to identify the bus number
[U be used in a manner similar to th* way in which PIPID was used to identify a Class piping in Section 3. Thus, a 480 VAC bus in the B load group of
! IE Electric Power System with system code E, and which is labeled on the one-line system diagnm as Bus 12A may have an identification code of:
480A-E12A
' 5.1.2 Nomenclature for Suecort System Components in Non ~1uid Syste.s fe m Event labels.for most non-fluid system com;onents are of a simila r to BUSID and PIPID. The standard fem may be snown as SCNUM where 5 is a single letter code for the system associated with the comoorent and used to indicate the component number from a one-line the code CNUM .i s the component
{ diagnm or from a P&I drswi ng . Table 5-2 shows t identi fication codes of typical sucoort system comoonents and the event l label indicator of component type. The event label s a re of the form: TYP-SCNUM-FNC Each portion of the above code has been previously discussed. The support system fault tree development often must ce ference This is done using the COMPIDEN code j back to the original component. l Thi s code is
- l. along with a code to represent component types, COMP.
code, TYP, and is in a more readable fem. slightly di f ferent from the Thi s code is t- Substitutions for this code are shown in Tables 3-1 and 5-2. t used only in the event tiescriptions or text. I
. 96 1
-l-c l' Table 5-2. Component and Event Identifiers for Support System
' Components.
i SUBSTITUTION SUBSTITUTION CDMPONENT FOR COMP IN FOR TYP IN COMPONENT IDENTIFICATION EVENT TEXT EVENT LABEL CODE f. BUS BUS - Bus BUSID (. J l' CB BXX COMPIDCB l' Circuit Breaker CABL CA CBLID r Electrical Cable l BAT BAT Battery BATID XFMR TF TFMID Transformer f 3CHG BC Battery Charger BCHID i TSW SW TSWID Transfer Switch i INV INV INVID
' Inverter i DGN DGN i COMPIDEN I Diesel Generator l
i FAN FAN COMPIDEN Fan i DPR DXX Damper COMPIDEN I J f L. [* . L . 97 1 l l
t.- Note in Table 5-2 that circuit breakers use the code COMP 3003 This is to allow the for identification rather than a five letter code. a nalyst to have the option of relating circuit breakers which are used to r-t actua te pumps, motor-opera ted valves, or dampers wi th the actua ted component. For a MOV with code: AFV4321B-VCC the circuit breaker may have the code: l< t AFW4321B-800 l
' In this manner, the circuit breaker is directly related to the conoonent between the
/
which it actuates. The TYP codes -VCC and -300 discriminate I motor-operated valve and its circuit breC<er. i I 5.1.3 Nomenclature for Ventilation Syste The only new code used in ventilation system fault trees is the i , code: I
' ROOMERR These seven characters are used to designate the name or identi ficati on I
For example, a pump room for code of the pa rticul se room of interest. train A of the ECCS, may have its code written as: ECIPMDA ( Thus the femi of the code may be: l FSSTYPL l
\
where FSS identi fies the system, TYP identi fies the component and L is the { Use X for rooms that L divi sion associated wf",th the component in the room. f r have more than one division located in the same area. I 1-
- < gg i
l 1 5.2 ELECTR2C P0' DER SYSTEM l ( The modular faul t logic for the el ectric power system is encountered first as an i.9put to the fault logic modules for electrically powered components (e.g., a motor-operated valve or a motor-driven. Dump). The modul ar logic presented in this section continues the develonnent of ' electrical system faults from a component back to its ultimate source of AC
- or DC power (e.g., a diesel generator, a battery or off-site power).
l Thi s type of develooment is compl eted for each electrically powered l component. In actual practice , it is likely that the entire electric power system fault tree will be developed at one time. l
' In this section, the term " bus" is used as a generic te r-n tha t encompa sses a va riety of electric power distribution system comonents, l and secondary including motor control centers, distribution load centers unit substations. Similarly, the ter-n " circuit breaker" is also a generic meto" ter-n that refers to mediun voltage switchgear, circuit breakers and l The te m sta rte r units in lower voltage portions of the electric system.
" load group" is considered to be synonymous with " electrical division."
This section includes the following electric power system fault j . logic medules: e Loss of el ectric power to a com:enent (which describes which electrical faults between a component and the bus to it is connected), o Ci rcui t b reake r fa ul ts ( thi s is an electrical component system fault that is an input to several of the electrical fault logic modules). e Loss of electric power at a bus (which describes electrical faults at a bus or loss of electrical power from AC and/or ) ( DC sources to the bus). i l j e loss of powe r from AC sources (which is one input to the < loss of electric power at a bus. Loss of power from a f i diesel generator is included in this logic module). e Loss of power from DC sources (which is the second inout to l the loss of electric power at a bus. Loss o f power from a I battery is included in this logic module). f l .
.e 99 f'
1
- . _ _ , ~ _ _ _ _ . _ _ . _ _ _ __
i l l 5.2.1 Loss of Electric Power to a Component l L-The modular logic for loss of el ectric power to a component (Figure 5.1) includes faults in the electric power cable between the faults in the component and the electrical bus supplying the component, l ci rcui t breaker that connects the component to its bus, and loss of power 1 a componen.
)
at the bus. These contributors to loss of electric power to are discussed in more detail below. Note in the data block in Figure 5.1 that the codes COMPIDEN, COMP and TYP are the component identi fiers for the component requiring electric power. I A Power Cable Faults
- CBLID is the identifier of the electric A fault in thi s power cable between the component and its bus.
cable is treated as a basic event. .
- Modul ar logic is provided for this B. Circuit Breaker Faults event (see Figure 5.2). Its develoement is discussed in Section
{ 5.2.2. COMPIDCB is the identifier for the circuit breaker tnat
! electrically connects a comconent to its bus. To rel ate a ci rcuit breaker to the component it is serving, the analyst may
' state that COMPIDCB= COMP! DEN. The code TYP in the top event
' label and the code BXO in the circuit breaker label will discriminate between the two events.
i po si tio n XO is the two character code that describes the nomal l ( fi rst character) and the failed position (second character) of the circuit breaker. It is assumed that the necessa ry failed po sition of the circui t breake r will be open, therefore the "0". The second character of the code is al ready listed as the data block to identi fy the nomal a nalyst should compl ete fo r l for open or "C" I position of the circuit breaker using "0" 1 closed. i
- Modular logic is provided for this event C. Loss of Power at Bus (see Figure 5.3). Its development is discussed in Section 5.2.3. BUSI'D is the identifier of the bus to which comoenent I
100 l
nd I . I l' I . 8 4 4 6 e e 9 6
= gee- :a ergf E,,,
I 5 3 l g 5_ a 2 J,:' I 11 O. e E ,J 1.) nO G e lg ' -
$ .$ 'LJ E I w C
f
- e *,J g = # C I
="*
!bj b= - c 2 =5 L O :::.
- t ', a ^ s =
2g s)
- - ~a
-- / s- ~
~Q
- LU O
I "OE as.-
!$I
,3 ;
9 3l
= ,
gzt
.& H! i.; 1 C - .
vsa.; I .
?5 c ,0 s .,
,g I
. I. s. .
1
.-., E g-a I, wm gm sg lWa E I
o c,e n,& h-
~ -
6
=
c I I I i 4
' l 101
.. v'---y-._ ., _.
! 1 i The code COMPIDEN is connected via circuit breaker COMP 1DCB. VDLTLG indicates the voltage (first four characters) and load group (last two characters) of bus BUSID. j 5.2.2 Circuit Breakers (CB) The modular logic for the failure of an electric powe r circuit breaker (Fi gure 5.2) includes local fa ul ts , control circuit faults, I-control power system faults, actuation system fa ul ts and conditions of 3 unavailability for accident miti gation arising from mai ntena nce or discussed in te sti ng . These contributors to circuit breaker failure are more detail below. In Figure 5.2, the code "COMPIDC3" represents the component The code "XX" repre sents tne
! identification of the circuit b rea ke r.
- nomal ci rcui t breaker position (first X) and the failed circuit breaker "0"
I position (second X). These should be replaced by the analyst with an fo r " o pe n" or a "C" for " closed", a s a poropria ta. The ty:es of failu-es that are developed in the circuit breaker modular logic must be consistent Table 5-3 wi th the assumed failed po si tion of tne circui t breake r. identifies the events to be deleted from the circuit oreaker mcdular le;'c based on the failure mode being medeled. A. Local Faults - Types of failures that may be considered as local fa ul ts faults include (1) mechanical faults, and (2) electrical wi thi n the circuit breaker enclosure, including those affecting protective relays and other control circuit components.
- Devel opment of a sub-tree may be B. Control Circuit 'Faul ts for thi s event. The control circui t includes i
requi red and other electrical protective circuitry, interlock circuitry
- circuitry, exclusive of any automatic or remote-manual actuation
- l. All circuit breakers have a control circuit to provide systems.
Thi s may take the form of overcurrent, 1 for fa ul t 1. sol ati on. i. undervoltage'c thermal overloa d or other sui tabl e protective devices. Note that much of this type of control circuitry may i i 1
l l l
! I i
l . l 28 I:: ,
. - i=_
.,!! E o l
._s
. efi -
r E: 1 w d
~
a we e.. i n ,c
~
"!.. V
((
,m ,
u If }jl u L; "e 4 I w c:
- e. M
=
' ~
$ [ 5 u E, ' :
L '
- f E..- ,*
,3l/Ng C
, *! "G, g ~ u
.' Eg t w w
>g
.t 3-1 V
-t l
- 2. 1- '$ i 57 g eS .
Go '* )
- "5
=
s E l . : I
* . =,
+ 2,5* -
v
=
p g . y C* C b : $ ~
* ' =
E! ca . as. . ,*
- 3:a N,
*- 21 =E
-e W gIl.
s$ =a
- Y 6 g g
- c U IE a o
u y E
.)
Eo k=
! aI 3 -
EE-s W
*5 8*
U.
, =: 3 8 l $$ ei
- ej ,i
= =.
- 3. s_:
$;i as =
l- vg m 3 I . A s 1 i I t 103 0 3
- - = - ~ . .
i
' Table 5-3. Identification of Events to be Deleted from Circuit Breaker Modular Logic Based on the Failure Mode of
{ the Circuit Breaker, I l l I I CIRCUIT BREAKER POSITI0t1 (1) ( Nermal C C l' O O O O C C f A! O AI Fail-Safe MODULAR LOGIC 0 AI O AI O f EVENi I 0 0 C C Failed O C C O I I Celete Celete Delete Celete j COMPIDCB-BXX-CTP i 8 Notes: (1) Circuit Breaker position codes are as follows: 0 = Open C = Closed AI = Fail as-is Some circuit breakers may remain in their original Some positien may trio following loss of control power (fail as-is).It is assumed that no open (fail open).cuit breakers will fail closed following loss of contr I L 1 {
\
' 10c I
I
= - --
e w a r
' I
- i encl o sure . A i be physically located within the circuit breaker fault in thi s circuitry and my therefore be considered as a local fault, and event COMPIDCB-BXX-CC may be deleted from thi s i
{ t logic module. circuits may include auxiliary I Some circuit breaker control contacts that are controlled by an external remote actua tion i system or an interlock logic (e.g., a pump or valve pemissive i circuit) that is separate from the actuation system. Control
'j logic faul ts not associated wi th a remote actuation system The should be developed under thi s event ( COMPIDCB-B XX-CC ) .
actua tion system is an input to the control system, but faults associated with the actuation system are developed se:>s ra tel y I under event COMPIDCB-3XX-AS. C. Loss of Control Power - Modular logic is provided for this event (see Figure 5.6) Its development is discussed in Section 5.3. The inclusion of this event in the logic modul e shoul d be consi stent wi th the assumed fail ed De sition of the cireui po e r i breaker and its design resconse fellowing loss of control ( see Tabl e 5-3 ) . For example, if the circuit breaker is assumed to fail in tne closed position, but is designed to fail open upon loss of control power, then loss of control power (event modul e . In COMPIDCB-BXX-CTP) should be deleted from the logic
' thi s case, control power would likely be required to maintain the circuit breaker out of its fail-safe position.
This event may be deleted for ci rcuit breake rs that do not power. Such circuit requi re an external source of control k by breakers power their control circuits from the connected bus mMns of an internal step-down transformer. The failure of such nn internal control power system may be treated as a control or a local fault, and event COMPIOCB-BXX-CTP may
' riccui t faul t l~ be deleted from this logic module.
l
' . - 103
, _. , , ,, - . . . -, .r-
i J D. Actuation System Faults _ -Modular logic is provided for 9.hi s event (see Figure 5.7). It: development is discussed in Section g the input 5.4. The circuit breaker actuation system generates to the control circuit for nomal and emergency circuit breaker opera tion. This event may be deleted if a manually ope ra tec
] circuit breaker is being modeled.
I - Modul a r logic is E. Uravailability Due to Test or Maintenance L Its development is provided for this event (see Figure 6.1). g l' discussed in Section 6. k 5.2.3 Loss of Power at a Bus at a bus (Figure 5.21 The modul a r logic fo r loss of power of includes local faults, room cooling or ventilation system faults, loss sources supplyi ng the bus and conditiens of pcwe# from el ectrical :-
; from mai ntena nc e
' unavailability for accident miti ga tion a ri si ng to loss of power at a bus are discussed in testing. The se contribut:rs i more deuil below, i
A. Local Faults - Types of failures that ".ay be considered as local faul ts inchide (1) mechanical faults of the bus that a ffect its l electrical perfomance, and (2) electrical faults within the bus enclosure, i
- Modul a r l ogic is B. Room Cooling or Ventilation System Faults _
- ' Its devel opment is provided for this event (see Figure 5.8).
ROOMRRR is the identi fier for the di scussed in Section 5.5. i room in which the bus is located. The room cooling or ventilation system is not required initially Conti nued opera tion of some for adequa te bus ope ra tion. r00m portions of the electric power distribution system without likely re sul t in a significant cooling or '. ventilation will l increase in kom temperature tha t may l ea d to the eventual t 106 j l
- 1 e
i ( l Op
.= -
=
( 8
- '9 jf -
{- Es,
-n s= I.a g _
I f .:2 -i ga .= i 2gE 1g. - 10 - l t. s: n
.c
= g.g a c .
I2g- E L $15 i e 2 ft: C ( i e w 9 d b L f to-
- 5 i sN '*f ~
I A
.g 'rr
-f E ,- flQ- c Is i a ,:
s: ls. t_ s- ,# #E gg is ii i 1 55 I. e
. , Z_ ,' 69 C ,
a ("! - g as- = 3 g d I -
- w. I E * :
- ifj p., sa r .
!a L si We f'
- ! = .
-1 : i .
is_ h'j; o - f,_. o . z g;. p a v
! ~,
iie II -
?
,i sg t i -
e g e m
- E_. e 4
b 5
- = h m e.
- c e
- ..f ; w I o
- = ..
l II i
)d E i -
1 . t
'g 107 l
i _ -.. . _ . , _ ,__m,. , , - . , ,, . . _ _ . ._ . _ _ . , , . ,.
i system components. Thi s event failure of- distribution - (SY-VHF-ROOMRRR) my be deleted from the logic module i f the bus
- in question can withstand the anticipated adverse environmental room cooling and conditions followi ng the failure of all ventilation systems.
l L
- This event models the loss of Loss of Power from All Sources C.
(AC sources power from all potential sources of power to a bus and DC sources within the nuclear plant, and cross-ties to other loss of power sour:esh The generic logic for developing the t power frem AC and DC sources is described in Sections 5.2.4 and be requi red 5.2.5 rsspectively. Development of a sub-tree may ( Event to model the loss of power via a c ro ss- ti e . exists , i BUS-BUSID-XTJ. may be deleted if no cross-tie ca; ability at the bus in question.
- Modul a r 1:g': is
' O. Unavailability Due to Test or Maintenance provided for this event (see figure 6.1). Its devel ovent is discussed in Se: tion 6.
[' 5.2.4 Loss of Power from AC Sources r The logic modul e for loss of AC sources to a bus (Figure 5.4) { models the loss of the following AC sources: i s Of f-site power
! 4 Diesel generator e Another on-site bus for a speci fic bus i s des:ribed l The development of this logic module l below.
t'
- l. .
# 108
{ i y e- , --4 y w -- m-,, ,-e <---av-- 1,.--,--r , , , , ,,-ma ,,- ae--,n
\ I E 5 ( is ! ji a
- 8 1
0 - i.sg-io-
=
l mf - g
,t- se* ,
.. s..=3 -
gs 8 ( -
. -g3i, 2 s_g ! e-25.
.g c-s y !
III gg. I-[ 225W!gIeeg ggg s e-g as 5 u._I p-
- s s.
'(
g g me!
--g 5 g
I, Ia: c5 . .
!! h b
=
j v i 3 i i M E S u , l
- 2 !_ !, e I! :E: wm n
;* t :**
reg ,,
. G ' -
( s*2 *== w Za6* .e : a3e ig l-
~
jeg
'I d .I ,
t : c i E. I
$52 h lC 51. :- j- ut i I.G .
e e.
.lj -
r . i :s I;,.f_ "e, _ ~
< v;.
I~ n.
' 5, '
p- gg
',jj ( L ~
4 a-a= ; ae je { af,
,k j5I L s
- r ff
' h.!
7 - ir
~ =
~~
,h_ F *. . _a. ,
w
- lEl C 0 5 6) Ili -
~II 3.3 j_., I g
I- . 0 T ~, t i Ie f. s. m
=
em un'* ammune a ,e
'5 l
~.3$
3- h; s t
.! e e!5-M s 8
- ! h, .
, g2 .
-e e g
( ~~ a hl- g - e - 8 5. _. g Eg g - EE ts. g g gg ,,,. a
- g yg _
'e I ,: g e,s1
- I:.
l . =- !!! :
- f!!
( I 109
.- ,n ., -e,,- ,-n. , - e e --.w, , - - - - - -
I I 1 k k i E.
~~ - es I is *:
{ . 6 8 I. II. I_,0
. v. 8i s{ l' $3 83
}" E; !
- . in
- E-
=la s r.,
[
..I
==8
,x. .
. s.s.
a- s I
..= .
I =2ga 52' 5. e , ss : .;[ s6
. =; '/ - git . -
j' s. 8s
- sisi :-
- EE e
.!!3
! il . -
r o v s =
=
G
- = es .
E s s:
- s a
.l . i' <
1 gl s: a 35= -
+
.* ,- . , ~
=
E-. . ,
,1 s em c
s 't, w 1 s.e g
- ggs ii =t g r=
g e
- . s-l
- I2
=5 ~- cN l
]T= .E."-
! 88 ~
8 3 t-gs
.!!=
2 q
?. ' C.
2=
!!5 msg Ih i-6Y e :.-
".,~*
3 z. - sis F (
!, ! ,.- 4'
!s! I 33sg .: ;j -
' je
~; ,I
. I, .{
i g-l i48
=
'l s =.1
!3I- ts:
l--
.I, E" . j : ,
-* 1*
e< l ggs; ) ! e s.g . s, j' - t=
.s .* - ~ .,.=
'*iE i!I
- I i . e !. ! I.
gig 6 5 s-- 3.3a U-n gg
- . j l= g s .a l- .; -
- s. ..: 5 vu ~
lI q) n! !
.: - =
6 , i.- 8 = i. g gg, :: . ij i 8: g :: :ss ;i e l
!!E v . s_
q:i.i - 8
~~
=s
!ig ! "'1.h ! C
' !!'5. .
. 5 =
~. s ..
8ss [: !, !! 'l5
=g!! Iu
!l$! .$ ,=2
..~
#e$
. - :g3 3-5
- s-!.
c' ! Ej L
!{ - !$r$ ,
l { j 5.5 .I
. .. f5
-s s2 s* I 4
I *g 8i 55 d i I .
\
1
- 110 t
i
, , , . _ - A
i 1
)
~ \
i i ( (
\
n 1-e
=
3 r 1. a- E ' .; e l & 4 t I. E
=* 15 v I - 5 . ,i, h
. l -
v
*l It
( so - l,t LJ
) wm s
e-s e -
-E s- c e.
I . t, 9 a! F" 'E! E e 6 e
- s !
- 3, =. Iwa :
I' OO
; in Yg t- = w .:
- g 3- 8
-= : .-
3~!
-E- '3j 0-
,:s su
= -s I- - =
E
.=
n,. l
--s= .., y =1=.- c, --4 )= i
- { - ,
$$$3 C EU 1 3 ., e5
- c :
"$ ,[ =
g a n - e G ~~
=.-
/
=*
i h 9 EE g ~
" a
.f 2 s: ,
C
?.!. .
e
- =
s! 1i; W
,=, u -E 6
5 s = ag-] el C -
. - g e su. 1 ' g'\ 3 -
\, s w
-1C, wa
.I'i
- e
- - H. -
1" lli 2 E, c = g k 1 l . f 4 4 l .
\
A. Simpli fication of the Logic Module by Deleting AC Sources that will fi rst i Do Not Interface Directly with the Bus - An analyst use this logic module to complete the development of the loss of As the electric power at a bus serving a particular component. logic modules for loss of electric power have been constructed, the analyst must then work through the electric power system from the component bus to its ultimate AC power sources (the (- All intervening buses I diesel generator and/or off-site power). and el ectrical components are al so model ed by applying and (Figure reapplying the logic modules for circuit breaker faults 5.2) and loss of power at a bus (Mgure 5.3). By way of example, note that the development of loss of power i from AC sources for most buses will not include loss of off-site loss of power from a diesel power (event BUS-BUSID-OSP-L) or generator (event BUS-BUSID-0G-L). Loss of o f f- si te cower is only included in the develetrient of the loss of AC s:ueces to the first on-site bus encountered by incoming power from the o f f- si te g ri d . All other buses that distribute power from the from the of f-site grid should be assumed to receive tneir power located imediately :bove the distributW. system.
- on-si te bus The logic module for loss of AC sources to these buses therefore BUS-BUSID-ACB-L , " Loss o f includes the development of event power from an on-site bus".
generstor is onl y Simila rly, loss of power from a diesel included in the devel opment of the loss of AC sources to the ( i" diesel generator bus. This bus senes as the interface between
~
the diesel generator and the remainder of the Class IE electric As in the previous case, all other power distribution system. buses that distribute Class IE cower from the the diesel generator on-si te bus I should be assumed to receive their power from located imediately above in the distribution system.
\- -
t . 112
i B. Developnent of Loss of Power free an On-Si te Bus - Most f ' electrical buses in a plant are supplied from another hus, and will therefore require development of this portion of the logic module. ' Faults associated with a variety of el ectric system components are listed under event LPFB-BACID-BUSID as potential contributors to loss of power from one bus (BACID) to anothe r An analyst should review the electric system diagram (BUSID). (- and only include those components actually found between the two I buses. Cable, transfomer, battery chstger and transfer switch faults may generally be considered as basic events. The generic l ci rcuit breake r logic module (see Figure 5.2) may be used to expand the development of circuit breaker faults. Note that the fail ed po sition of ci rcui t breaker COMPIDAC is assumed to be
' ope n. The analyst need only identi fy the nomal position of the The modular logic fcr loss of power at a bus ci rcui t b reake r.
devel opment of (see Figure 5.3) should be used to continue the
+
loss of el ec tric power from the next higher bus until tne powe r or the ultimate source of AC power is reached (off-site diesel gentrator).
- This event ,ay be C. Development of Loss of Off-Site Power treated as a basic event, therefore development is not required.
A logic D. Development of Loss of Power from a Diesel Generator - modul e is provided to model the less of power from a diesel fa ul ts genentor, (see Figure 5.4). This logic module includes in the power cable between the diesel generator and the supplied I bus (a basic event), diesel output circuit breaker fa ul ts (an event which can be developed using the circuit breaker logic module in Figure 5.2) and faults that a ffect diesel genen to r
/
ope ra ti on. Note that the normal and failed positions of the already ifsted as diesel generator output circuit breaker are
! fstled open) in Figure 5.4. Faults that "00" ( noma 11y ope n ,
affect diesel, generator operation include local diesel generator faul ts , diesel auxiliary system faults, (lubrication, fuel oil, l cc,mbustion air intake and exhaurt, air sta rt , cooling wa te r, i (
- 113 i ,
i
- I 4
l 1 1 l ventilation, diesel engine and genera tor control, room j ( actuation, and control power system faults) and conditions of I unavailabiilty for accident mitigation arising from maintenance. i diesel testi ng or opera ter error, These contributors to generator failure are discussed in more detail below.
. l j
- 1. Local Faults - Types of failures that may be considered as local faults include (1) mechanical faults, (2) electrical
( faul ts in the genera to r, and (3) a variety of faults in - f ( pa rt l auxiliary systems and equipment that are physically a of the diesel generator or its equiement module. j j Lubrication System Faults - Deveicoment of a sub-tree may
- 2. '
! l be required for thi s event. Many lubrication system faults 1 j
may be considered as local faults. The sub-tree snould, however, model interfaces between the l ub rica tion systen and the appropriate AC and/or 00 electric power system. j Fuel Oil System Faults - Development of s sub-tree may be 3. required for this event. Many fuel oil system fa ul ts may The sub-tree shoul d , be considered as local fa ul ts. oil however, include the fuel oil day tank, and the fuel transfer and storage system (if long-ter-n diesel operation l is to be model ed) . In addi ti o n, i nterface s wi th tne appropriate AC and/or DC electric power system should be model ed. ( I o
- These !
- 4. Combustion Air Intake and Exhaust System Faults !
generally may be consi dered as l ocal faults, and event l If SY-AIED-COMPIDEN may be deleted from the logic module. ' l
\
l this approach does not provide adequate modeling of systen This l faults, development of a sub-tree would be required. \ l t' sub-tree, would tyoically i nclude mechanical failures of
}' f componefits such as intake mu f fl ers, damoers and intake I
~
f l i I
. 114 l
\, i i
' screens. Thi s system does not generally require electric
/
' power for operation. i i
be
- 5. Air Start System hults - Development of a sub-tree may
' requi red for this event. Many air start system faults may be considered as local faults. The air sta rt accumulator volume should be adequate to stsrt a diesel engine without the need for recharging. Therefore, the sub-tree need not include the compressor system for recha rging the air I
l accumul ators.
. Cooling Water System - Development of s sub-tree may be 6.
requi red for this event. Many cooling water system faults I may be considered as local fa ul ts. The sub-tree should ( model all heat transfer loops between the diesel generator i and the environment (the ultimate heat sink). i
- 7. Diesel Room 'lentilation System Faults - Deveicoment of n j Due to the i
sub-tree may be requi red for thi's e ve".t . with complexity of a diesel room ventilation system (e.g., mul ti pl e fa n s) , the logic medul e fo r room cooling and l ventilation system faults discussed in Section 5.5 is not a pplicabl e . The fan and damper logic modules presented in f that section are applicable, and may be used by the analyst
' in the development of the sub-tree for diesel room I ventilation system faults.
I i
' The room ventilation system is not required ini tially for Conti nued operation of th?
diesel generator ope rati on. diesel generator without room cooling or ventil ation will ( resul t in a signi ficent i nc rea se i n room temperature. fail ure These adverse environmental conditions may cause a of the diesel generator by disabling one or more of its auxiliary systems.
\
-: us i
"*" ~' -*w . 4- , . . _ , , , ,
t-
- 8. Diesel Engine and Generator Control System Faults
,.0 Development of a sub-tree may be required for this event.
i l 9, Actuation System Faults - The actuation system provides 3n __ input to the engine and generator control system to command l I' the startup of the diesel generator. Both automKtic and systems must be di sabl ed. remote manual actua tion
-{ the se faults may be Development of sub-tree s to model i
recui red. I i thi s
- 10. Loss of Control Power - Modular logic is provided for event (see Figure 5.6). Its develocment is discussed in f Section 5.3.
Modul a r logi:
- 11. Unavailability Due to Test or Haintenance -
( see Figure 6.11. !ts is provided for thi s e v e a,t j i develegnert is discussed in Section 6.
- This may be
'l 12. Ocerator Error in Rescorse to an A::ident It will generally relate to treated as a ba sic event.
remote-manual operator actions in the control rocn.
- 5. 2. 5 ' Loss of Power from DC Sources (Fi gure 5,5) bus The logic module for loss of DC sources to a j
' models the loss of the following DC sources:
I
~e Battery e Another on-site bus l logic for a specific bus is described
' The developnent of thi s modul ar bel ow.
(- 1 . i
\
i
.-- 116
\
i
i 1 l i e:,,,iv'i.ii.i g 11gs. - t
. 1 S '
Z. m le 1, . IO
- ,, .e -
e 1S 2 a
\.
., 35
\
~ B *.
g -1
% st*
3 g
- sil e
3
.{ *k .a F
~
- n=
*I s, gh I.O t
(v s ** k ** s. s 11 s E3 - {-s 3*t
-t ko g tt w
\ ~'
I C5 4 ,1 2,
- -;1 d'.
r: 6 !
'E\
^
Esi , f 1
@\5\
5 *Re $ 1 - \': ., ze $g3 . t - 11 - *
* , r - /2
= : - ;-
- k.e E-A o
is - [i- \i -
.:'=t I ,O i .
N. !.c
$1> C n N l
=E 1,; . i .-
\
{ 'i (" . # h3 "" c"
e f ' =
- E-
=
5 E B -
- e
$c f p;:;}
s e a g . I f . 4 t 4
- 118 l ,
yygy p.--y-' q r wgi.%- + w -e.v. - + w r--w - %
-- 1-- --
w . I Sources That A. . Simplification of the Logie Module by Deleting DC fi Interface Directly with the Bus - An analyst will first Do Not use this logic module to complete the development of the loss of I, As the i electric power at a bus serving a particular component. constructed, logic modules for loss of electric power have been l I- the analyst must then work through the electric power system
, DC power sources (the from the component bus to its ultimate
( battery) . i
- f. All intervening buses and electrical components are also modeled j'
by applying and reapplying the logic modules for circuit breaker > faults (Figure 5.2) and loss of power at a bus (Figure 5.3). By way of example, note that the develment ofloss loss of power of power
" from DC sources for most buses will not include from a battery (event BJ3-3USID-3 AT-L). Loss of power from a
' battery is only included in the deve' m ent of loss of DC sources to a battery bus. Thi s bus serves as an interfa:e between a battery and the re .ai nde* of the :: di stribution ,
i system. Other buses that di stribute p:we r from DC sources the ' on- si te bus should be assumed to receive their power from located intnediately above in the distribution system. B. Development of Loss of Power from DC Bus - Faults associated a re listed under with a variety of electric system components - event BUS-BUSID-DC3-L as potential contributors to be lossA of power ' from one DC bus (BDCID) to another bus (BUS 10) which may
;, An analyst should review the electric system diagram and i' or DC.
found between the two only include those components actually power cabl e, inverter, and transfer switch fselts may buses. l The circuit breake r generally be considered as basic events. logic module -(see Fi gure 5.2) may be used to expsnd the Note that the failed '
- development of circuit breaker faults. The position of c.ircuit breaker CDMPIDDC is assumed to be open.
of the circui t analyst need [only identi fy the nonnal position The logic modul e for loss of power at a bus (see i b reaker. I - . , -. m . . . _ . _ . . . , , _ . . . , , . . - . . . _ ,m,.,_, . - ,,...,_ ,,.~., _ _ _ , _ . . . , . . . _ . . _ , _ _ _ - . . - . . . . _ . _ . , _ . . - _ . - . _ . .
i 4 of loss Figure 5.3) should be used to continue the development
' of electric power from the next higher bus until the battery is .
reached. is C. Development of Loss of Power from a Bettery - A logic module (see Figure provided to model the loss of power from a battery. (a 5.5). The logic module includes local faults of the battery
~
ba sic' event), faults in the power cable between the battery and breake r the battery bus (a basic event), battery output circuit faults and conditions of unavailability for accident mitigation
, Circuit breaker faults may arising from maintenance or testing.
be furthe r dev eloped using the modular logic in Figure 5.2. h Note that the failed position of circuit breake r COMP!DBT is assumed to be open. The analyst need only identify the nor nal
! Msintenance and position (e.g., closed) of the circuit breaker.
testing unavailability may be further devel oped usi ng tne modular logic in Figure 6.1. 5.3 CONTROL POWER SYSTEM to the compoaent The relationship of the control power system actuation system is illustrated in Figure 4.3. control ci rcui t and the thst requi re Loss of control power need only be developed for componer.ts ' powe r. In this case, the control power an external _ source of control ' system is potentially complex, and may be a source of common mode failu l ' for some components may have an internal source of The control circui ts control power (e.g. Some motor sta rte r units or swi tchget r that s ee { In this case, control power I herein generically named " circuit breakers). ' integral ps et of the is typically derived vis a transfomer that is an
; Faults associated with this type of control power source
( control circuit. Loss of control power (event are best treated as control circuit faults.
' COMPIDEN-TYP-CTP) should then be deleted from the affected compone modul e. power to a component I
The modular logic for loss of contre 1 power cable between the (Fi gure 5.6) include's faul ts in the control h control circuit for the component being actua ted (COMP! DEN) and its 6 g 120 I _ .. _ _ _ - - _ . _ . . . _ . _ . _ _ _ _ _ _ . _ _ _ _ _ ._ _ ._ ~. ._
-k A 6
i L 1 s I I
=
e b 0 0 2
- C t- 5 g t e e a e a e e e
= 2 -
!,!12-222kg
- a. !,
. l,5 e
6 i JC' g 3 w r
- n. c w Idi g C L a '
h2A j}:'l a w t C l # C W
- P y
f se a 3"
~*
5 e lt le 1- )' I ft
=! ..
$ c
-t 3 -
= ( cs , ,s .
E.ss
* 'E ,- =
3.== I-! E *. 4t e
' -t' 2a .: .
i6 I h.si $, It 5-1 - U esem
.I 0 l*
4 m 9
- g..
.gg
. to C
6
$k ""
h sf-v ::
-5: ._E
-I:
sI :.I. w i 1 . I I I i 9 I e t' l l
- .- 121 l _
I associated control power bus, faults in the con 2rol powgr circuit breaker and loss of power at the control power bus. These contributors to loss of
!l control power are discussed in more detail below. 1
( l l A. Control Power Cable Faults
- CBLID is the identifier of the control power cable between the component control ci rcui t and
( i its control power bus. A fault in this cable is treated as a basic event. I is the I B. Control Power Circuit Breaker Faults, - COMPIOCB identifier of the circuit breaker that electrically connects the (
, power bus. X3 is the two I control circuit to its contrei cha ra c ter code that describes the noms 1 and fiiled position of l
( the circuit breaker. It is assumed tha t the ci rcui t bresker must fail ope n, the re fo re the analyst neeri only identi fy its normal po sition. Because of the reistively sim:le configuestion of thi s tyoe of ci rcui t breaker, a circuit breaker fault is If tne analyst determines tnac considered te be a basic event. a more detsil ed development of control power circuit breaker discussed fa ul ts i s wa rra nted , the ci rcui t b rea ke r logic medul e I in Section 5.2.2 may be apolied. 1 C. Loss of Power at Bus - Modular logic is provided for thit event (see Figure 5.3). Its devel opment is discussed in Sec ti n 5 2.3. BUSID is the identifier of the conte:1 power bus wMeh f directly supelies the control circuit for component COMPIDEN. indicates the voltage ( first four charsete-s) The code VOLTLG f and load graue (last two characters) of bus BUSID.
< 5.4 ACTUATION SYSTEM The relationship of the actuation system to the component control circuit and the control power system is illustrated in Figure 4.3.
The modular logic for l actua tion system fa ul ts (Figure 5.7) includes t
' actuation system faults that fail a component in its origins 1 oosition and I
i
- 122 l
l 1
m a h 6 l.' e e s-1 i . t f -. .5 h 3 l < 13. k 8 E5 m ; i * ,,,,,,,
~
*i 3EI i
E' f a=. ,
- r. s - #3 -
l I s
$.u- "I *
- s. 5
....** ggg: {
l EI$iaE
=s --
N~ 3-M= i f
- i i !-=, 1' g ;cas E.
,I
= ,!
i
=*td
- s5 '
tl: '" a I t. , _ l
=~=
$$ ~- 1*I N l
, ~ s
$5 ,=: = =
e
--=s C 1g55 , I+
e, s
- +.4 g
-z.:5 - m. *;
~
a -- h 1
< < )
# l r i 19 O l 1 w . i
= I!I e] '
Ef [ ii I *SEE U f ,Y - ~
.s j ,= a. af ig . 5 :,
a a =3 """"
$$ $ w o 1 2b ]
l
- t z . , l,EV 52 3g--la D. *=, - i
- ,01I = = ,.i! i - E i
lI' l E w^
"t_'s @
l t
=. *s . sv J r- e .-
a : > ! r .9
=
e
/
5 %, s -g 9 1
'g i g m, r
b .a 3 ; #
- w
= i, s e -3 E ;.
- g= ,
cy 15, #gs- E +
- g .h
=ca:-g
#E
;.s.
i
- _g*t a mi \l' g ; .- l s-I - I ~h j:e 1 J.
.! ,r, g=
1-t;
- ' (1. I , ,
~4 g "- .,
z _ Tr-
'1-t r' 2
g
=8 x ss e'Es J i E h
O
=
w $
!E f,; 5 b a
l e :=
- s :=
x l A .b L
! . : _ i.1v
.I C=,$
IT 1 ess- 1 w. I"58 a 8 i s lSi u
-- _ - - - _ - _ - - ^ - -'--"- -----__ _ _ _ _
$ .. . n. . a
.~a .- -.
4 l 4 1 i 3 9 (tifflDIN
- I 'itW
- 4 At*10 M itt4titul 115 14 ,g,,
- I Ate i\ 16tal S All (ter (LIMritWh IM iii -
Uli11.14Aa foiiiIese c
--~ r_____
\ l entia's i.aaw ._I '
toeicen i.eutt j I i t _ l tuAo V ed en t% ! .0% of automat:( intlH S Ald li Attgenttese Stif(n tem e (0pr tostlf44 t ? I [s_, in,i Jg.i.i.M.- [ haiisa'iii*si ~1 m Sii estilt t
- 8*
TL ! F.
. _ . . - - - - r
-l ---
i . is in mua in l ,ow ,,, o,, .sii, . I ggy , tauvile .%d.ipd
. .-8k a p i uA .
e ter i'.4 se i = i g- . - . l se Mfjf teru 114le ,) {innar#. n _ _} 4 us win i i
.u as n y, . mi.., so, i,,, .
ems. ::: io ei in i . ., i a I igure 5.7. Ioqic tioitute for Actuation
?.yst ein l'aul t s . (slie'et 2*nf 2)
po si ti o n. The se fa ul ts that move a component out of its original actuation system faults are discussed in more detail below.
- Table 5-4 i denti fie s events tha t may be del eted from the compo nent I actuation system logic module, based on the failure mode of the
- being actuated.
I A. Actuation System Faults That Fail a Comoonent in its Or4-
}
ginal Position - Thi s class of fa ul ts i ncl ude s equi onent remote-ma nual failures that cause a loss of a utomatic and actua ti on c6oncility. Automatic and remote manual actua tion system faults 1*e developed separately. The se contribut:"s to actuation system failure are discussed below.
- 1. Loss of Remote %39ual ac tus tion - Oevelooren O f a suo-tree may be required for this event. Thi s sub-tree should mocel the remote-manual c0ntrol circuit for individual : m:o e-remo te-ma nus ' ia:ut for i ndi v : :ua' ac tua tion. The comoonent actuation typically does not share cir:uitry wit ,
Locations from wM :n the automa ti c ac tua ti on logic. remote-manual control can be exercised may i nclude t e control room, the remote shutdown canel and other locations prnvided in the plant. f;
)
- 2. Loss of Automatic Actuation - Deveicoment of a sub-tree may
' be required for this event. An automatic ac tua ti on legi:
such as an Engineered Safety Feature Actuation System or a Reactor Protection System may provide fo r system-level actuation (wi th a remote-rental backup) . In thi s ca se , a n individual component may be just one of many comconents A actuated simultaneously or in sequence by the ESF logic. i sum: i simpler type of automatic actuation logic, such as a or tank level control system, may provide for the actuation ( of an individual component. 125
1 I Table 5-4. Identification of.Fuents to be. Deleted 'from the Actuation System Modular Logic Sased on the Failure Mode of the Component being Actuated. I 1 I COMPONENT POSITION (1) i 0 C C Original 0 MODULAR LOGIC EVENT C 0 C Failed O Delete Delete COMPIDEN-T-00CC Delete Delete , COMPIDEN-T-0CCO Does a Central Lead Secuer. er C:r:rc1 i the Loading of this Component on :ne Diesel Following Loss of Off-Site MODULAR LOGIC EVENT Power? _ YES NO Delete COMPIDEN-T-LOADF Note: (1) Component position codes are as follows: j 0 = Open i C = Closed 125
' l.oad Secuencing System Faults - Development of a sub-tree 3.
may be requi red for thi s event. A centralized load ( system may inter face wi th the a utoma tic
- sequencing
' actua tion logic for many large Class IE components (e.g.,
components supplied from 4160 VAC, 6900 VAC or other medium i vol tage buses suppled by the diesel generators) foll owi ng loss o' off-site power and subsequent leading of the diesel generat es. Note tha t load sequencer fa ul ts will not j~ propagate np the tree unless loss of o f f-si te power is assumed. Components powe red from 480 VAC buses a re 1, Event sequence r. typically not a f fected by a load COMPIDCB-B '.0ADF may be del etec if s centeslized load nuc1 ct e pl a nt being 3
' sequencer does not exist St at the ,
model ed , or if it doe s no t i nte r fs c e wi th the t c '.ui ti o n logic for a particular circuit breaker. B. Actuation Svstem _Mts That Move a Comocnente Out of its Ori-cui omea.: gi nal Po si tio_n - Thi s class of fa ul ts i ncl udes failures t*1 t cause spu"ious 3ctuation of 3 comoone9t by mesns Al so setus ti o n system. of its a'utoma tic or remote-manuti Tne included is operato" error in response to an accident. effects of spurious or unintended component ac tua tion may be reversibl e , however, this time-sequenced consideration is not Such recove*y reflected in the actuation system logic module. actions can be model ed by reapplyi ng the actua ti on syste-- modular logic as needed.
- 1. Unintended Actuation by Automtic Actuation System Development of a sub-tree may be required for thi s event.
This sub-tree should model the automatic sctua tion system l input and output logic faults affecting its control cower source. (
'27 l l
> 2. Unintended Actuation by Remote-Manual Actuation System ! Development of a sub-tree may be required for this event.
Thi s sub-tree . shoul d model faul ts in the remote-ma nual individual componeat actuation circuit.
- 3. Ooerator Error in Response to an Accident - This is treated as a basic event. It includes ope ra to r erro rs such as I mi tpositioni ng a valve or stopping a pump that is required fo r accident miti ga tion. Such ope ra to r erro rs wo ul d generally be made by the operators in the control room.
Potential errors by opera tors in other remote-ma nual ope rati ng stations (e.g. remote shutdown panel) shot 1d be considered as appropriate. 5.5 ROCM CCCLING AND VENTILATION SYSTEM The modular fault logic for the room cooling and ventil a ti o n system is first encountered as an inout to the fault 1cgi: for motor and turbine-driven pumps ( see Secti on 4.3), and for the el ectri: cewe* di stribution system ( see Section 5.2). Ventilation systas typically components, the re fo re , v entil a ti o n serve area s ra ther tha n individual system fa ul ts a re related to the room (R00MRRR) in wwich t9e comocaent being modeled is located. This section continues the deveicoment of tne faul t logic fo r room cooling and ventilation by oroviding the followin:: logic modules: (wnich ROOMRRR Cooling or Ventil ati on System Faul ts o from the nornal and emergency roem 1 i ncl udes inouts ventilation and cooling systems). l e Ventilation Fan Faults (this is a ventil ation comoonent fault that is one input to the system fault modulel. e Ventilation Damper Faults (this is a ventilation component fault that is a second input to the system fault mode). I 125
b 5.5.1 Room Cooling or Ventilation System Fiults ( The logic module for room cooling or ventilation system fa ul es 5.8) includes failure of the normal room cooling and ventilation (Fi gu re l i system and the emergency room cooling and ventilation system, as discussed bel ow. l
- Development A. Normal Room Cooling and Ventilation System Faults j for thi s event. No rmal room of a sub-tree may be requi red cooling and ventilation is typically provided by a central f Thi s system may system that may serve a large number of areas.
fr0m a non-Class IE electrical bus, and therefore 3 be powe red powe . would likely be unavailable following a loss of off-site Following some costulated accidents, the normal room cooling anc shutdown, ventilation system for some areas may a c tually be i sola ted or o the rwi se realigned. The suo-tree deveio:~ent should model these operational dependencies. B. Emeraency (I57) R:cm Cooling ind Ventilation 5/ste, Faults Thi s system is model ed as a simole room fan cooler un't : .3: The fa n cooler u't typically serves 1 single area or room. includes a fan (CCMPICEF) and a dameer (COMPIDED), and tne unit othe r sui titl e is served by a central chilled water system (or cooling system). Logic modul es for a ventilation fan and a 5.5.3, ventilation damper are discussed in Sections 5.5.2 and sub-tree may be recuired to resoectively. Devel opment of a model chilled water system hults. Note tha t simpl er emergency cooling or ventil ation system by del eti ng the model ed configurations can al so be For
' non-apolicable portions of the logic module in Figure 5.9.
exampl e, if the emergency fan cooler unit does not include a
- l. If emergency damper, event COMPIDED-0XX shoul d be del eted.
ventila tion only is provided (no cooling), event SY-CWF-ROCMRER may be deleted. In this way, an analyst can start witn the sine ( 129
7-
~
i l ( ) l t. I 4 Y k
.:* ?. ,
=* i { *$ ' ,+ *
- =5 l;
~
. . .. .: l ly=;
f 5 me . f3 5
~
..=
... j, g
- W , m ,
O 7 .% /
=- m E.
.,,g . 6=
g
. , ; b,.
a
-3 ==, .1
- ,e i 88
? 5 ?.
g# I* 1l-, ! e 0* 5g* l'{ [ {e
** = 3 2
t$ '= i' b'b . #. s
** ",t I-( !-
ta
- g. .
s., c+ t: It ' ;g i :. I ,0 w c e7, :: ig g
- +
a l *3"} 17l 6
- f. g Is g :,, -
ge i . 5. -- -.
- ..j I 3 = c WI
-- ;t =
O .s== En -g s g, .
- = t
,g'
( g I-lI i, Wz ,,,
.M d l{:.*
e 15! b 5! 10 i 3 Ie bl t 3 - O L IE j i
-= g! A
- g: .
v s= i;, V -e i.=, a s 2;
== ;6 1*
g* .g llC, p
.r 5m 5.E 3; O
- I L.
=
.7 M
e 5,
<1 v. .
' ' = + - ' ' ~ --- , _ _ , _ , __ _ -ww
logic modul e and rapidly develop the fault logic for a variety ' jof emergency' cooling or ventilation system configurations. t A more compl ex energency cooling or ventilation system configuration cannot be modeled using the logic module in Figure 5.8 (e.g., containment fan cooler units, or a diesel generator room ventilation system ha ving mul ti pl e fa n s) . The analyst i should 'therefore not use thi s logic module, but ra ther shoul d I develop a suitable sub-tree to model the more complex emergency i cooling or ventilation system configuration. The logic . modules for fans and dampers discussed in the following sections may be used in the development of this stub-tree . i 5.5.2 Ventilatiin Fan (FAN) The logic module for the failure of a ventil a ti on fan ( Fi gure 5.9) includes l ocal fa ul ts , lub rication systen faul ts, electri: pone-system faults and conditions of unavailability for accident miti ga ti o n a ri si ng from maintenance er testi ng. These contributors to venti 13: ice fan failure are discussed in.mcee detail below. A. Local Faults - Types of failures that may be considered is local fa ul ts include (1) mechanical fa ul ts , (2) motor faul ts, and (3) electrical faults in the fan motor junction box. B. Lubrication System Faults - Develcoment of a sub-tree may be requi red for thi s event. Lubricati on system faul ts may be i
~
considered as local 6sults, and event SY-LUBF -COMP! D~ N may be del eted from the logic modul e, when the fan and motor nave l
' sel f-contained oil systems that do not require external cower or fa n s , ri ng-oil control (e.g., grea se lubrication for small a system for large horizontal fa ns) .
t 1 31
g54 4_ -._4 - L-. . _ _ . _ # -,,.L N ll t
+
4
.9 1
- 1
. 15
- s h>
I c }"5: JI
-I s2I tO 15 d
( "3 3 - wE 'E l Ifi d e e.I er
,1 w
) m e
tz W s ~
= rg .
'~
- :I
-- a **'"
"SS 3r I'3. -
C
~ >
,8- iI -
4]E ; - a z 11: - I ; :. O M
- = ..=
ig E8 " s ,_ E.s. !"b_
. I. k, ca
==
72 llg I II
, e
- ' r -..
-l,, I I.r :: 3 s: -
Y a t - I 5 - h I E' - t =- ~ w
- s {g *=-
l2
- i%
~ < ;
w =
- , . O w*- --
a Ea - oI l h3 I s! g I" 3 3* g I I ,F
= '- ,-$ -
,r 'a --
- I. O
*E I"
~
zI !$":
.m : I e
L l.. .. ~ . _ , , . ___ _. ._ ,, .. . . _ ., , . _ . . . . . _ _ _ _ _ _ _ . _ _ .- _ _ . ._, _
4 C. Loss of Electric Power - Modular logic is provided for loss of elecric power to a component (see Figure 5.1). Its develoonent systems is discussed in Section 5.2. The actuation and control i for a ventilation fan interface with the electric power sucoly for the fa n motor and a re there fore devel oped under event COMPIDEN-F AN-EPL .
- Modul a r logic is D. Unavailability Due to Test or Maintenance Its devel opment is provided for this event (see Figure 6.1).
discussed in Section 6. 5.5.3 Ventilation Dameer (DPR) ' The modul ar logic fo r the failure of a ventilation damoer powe r system fa ul ts ard (Fi gure 5.10) includes local faults, el ectric for accident mi ti ga ti on a ri si ng from conditions or unavailability failure maintenance or testing. These contributors to ventilation dancer are discussed in more detail below. A. Local Faults - Types of failures that may be considered as icesi fa ul ts , (2) motor fa ul ts , anc faults include (1) mechanical (3) electrical faults in the damper motor junction box. B. Electric Power Faults - Two classes of electric oower faults are included in the damper logic module; faults that fail a damoer in its ori ginal position and faul ts that cause unintended actuation of a damper. Only one of these fa ul ts will be for a pa rticul a r event. Table 5-5 summa rice s t,e developed wni ch el ec t-i c technique to be usc1 b! > Fe analyst in deciding power fault to delete tram the logic module. s
- Thi s
- 1. Faults That Fail a Dameer in its Original Position fo r an portion of the logic modul e is onl y devel oped origi nally ope n damper tha t fails open or an originally 133 J
er t t i i 0 e 4 9 8 - g -
!"8- .-
~
s: (& $
!s
~
( =I S e w 1
!*5
- O -
. Iljr n E.
3 i
.gf -
c i
!!! ris IliV e-5,1 El
.s
*2- --
g- . i t_'i , l e-j
- =
i ! e d e f
.p eV = l l e m
li - - t .)
*t
==
'[ " lp s. -
- ,. .:. I ?,
. J. C
$ *4 p, ! *, '- >- c 6
,. ( :s i E,. i = .
;5 i:= - ,; .~-
h Ib '! m5 O
*- - d: i-g ' I ! ,Lep. .
M, , .- !"5 ii b, f 5. i -a ei- .=. g I .4 I ==
-- Le i **
gj ie & I - { {3 .a . to
}- v a,3 }',,,;:el e I;*=:. ., 1,.
*y r C
~
= g 2 l
" ~
C~I I '- wtEg !E-I* :; gi,. F',
." ",, :: ,fI -]i~ .
g
$1 g'!
, Elsi }C) sj ip .s:
5. 3- ,
- rt - -
%=2 65. I
""1 'I : '
! l. . *~
- 2 - !
b e 1 i
f Table 5-5. Identification of Events to be deleted from Ventilation Damper Modular Logic Based on the Failure Mode of the Damper. f i VENTILATION DAMPER POSITION (1) 0 0 C C Normal AI AI AI AI Fail-Safe MODULAR LOGIC EVENT O C 0 C Faile: COMPIDEN-D-CCCC Celete Delete Celete Delete COMPIDEN-0-0CCD Note: (1) Dameer position codes are as follows: 0 = 0::en C = Closed AI = Fail as-is D i 136
. , . . . ~ _ . _ , . . . . . _ . . _. . . _ , , . . _ . . . _ . - , . , , . _ _ _ - . . . . . .. .-
c1c sed damper tha t fail s closed. Moto r-ope ra ted damters typically fail as-is upon loss of electric power, therefore { event COMPIDEN-0-00CC - i s simply devel oped as " Loss of El ectric Power to OPR COMP 10EN." Modular logic for loss of electric power is provided in Section 5.2.
- 2. Faults That Move a Osmoer out of its Original Position Thi s portion of the logic module is only developed for an originally open damper that is unintentionally caused to cl ose , and for an o riginally closed dampe r tha t is
( unintentionally caused to ocen. El ectric power must be available and the circuit breaker serving the damper must close to cause the damper to move. Thi s event is furtner devel oped as a ci rcui t b reake r faul t using the modular logic provided in Section 5.2. Note that a circuit breaker serving a motor-ocerated dim:ir is norna11y open. It is closed only when tne damper is in tne process of changing po si ti on . Once the de si red posi tion is reached, the damper control circuit shou 1c cause the circuit breaker to ocen. Unavailability Due to Test or Maintenance - Modul a r logi- is C. provided fo r thi s event (see Figure 6.1). Its develcoment i s discussed in Section 6. ( l 136
l i
- 6. COMPONENT UN # - l ident mitigation A component may be rendered unavailable fu sccactil or test l re store system alignment because of maintena nce i
nuclear plant or because of failure to proper yFigure 6.1 is t 7 following such activitie s. Note that a comoonent CCMP!OE9 i unavailsbility due to test or maintenance. i due to maintenance or be rendered unavailable for accident mitigst For on enmole, may on some g comoonant. Such test setivities on itsel f ~ or directly render that Dumo i nopeable. pumo may otme r , mai ntena nce on a 1 alignment that renders maintenance may also require a soecial vsell. ve i, CC"PMANT scol y components unavailable d maintenance, for reaccident spec ti v el y. mitigstion The se PIDEN whien 3 e to the component affected by test anthe Ssmeismanner ' rende ed ss
" ' the cod conoonent-codes are used in !n the ca se where a itse' f, CC*::0E1 discussed unsvailable in Section 3.1because.ofWen a conconent nent, test is rende ed 00*FTE3T or mainte is equs1 to COMPTEST and COMPMANT .
because of maintenance or test on snotner compo g comconent. I unavailsble and/or COMPMANT sre the identifiers of the o S l 1 37 1 l I
.J.
i i. 4 1
=
Eget-g
.z:-gE I
g * -
' e w w . g:=s L
2 a*8$ e= t- ~
~
"t- . E E.=
- x
- i. - I b, -
t is 1g its, 3 E , I si t - e.a.m E$ w"r 1 T k gr
- 3
.Ii-t.
- : I r. I >
IE O 4.
=.1 5.I~g 'ui l
3 bo$ ji aL ** a
- g *E ~ pr ~v
-tn
- f r !a-c:
ce
; tt"t
-:g-t.t .t - >,
=
=**
-.5
~
s
-# u
-5
"# j$- N
=ay ,, w ,
=
- m. ,.
t_ - y
~ $ =E +( C l -- l}l. ,,,
- s Iz- -
ii
- Se-
-.t l ... s "" #
O fl' '" O IeZ '*f i 5 _L "3 3. , ..g f - M { -3 ., S-- I-=ee , =6 l t '. V.* r , .
"D
=. -[gf. gG b~i c 2 g.: '5 i
=- :
"""' =b a "lui gE
. l~l -
# M C e, k E E '
5g
- C,
- t. ..s ?
.ya .+ s
- m a3 I"
. y u *"
' - a. i
;I ,i ,~
g i~
- S ;1-3., a- c L.
t W t' i e e I3C
e
- 7. EXAMPLE FLUZO SYSTEM FAULT TREE DEVELOPMENT IREP
' This section presents an example of the application of the fa ul t tree methodology described in Sections 2-6. To illustrate this I technique, the' Auxiliary Feedwater System in Figure 7.1 is analyzed to the
- 2. Section 7.1 segment level usi ng procedures outlined in Sec tion The technique of
}
demonstestes the application of the rules in Section 2. usi ng and compl eting copies of the modul a r logic is the recommended approach to be used by analysts. The fault tree shown in Section 7.2 is the resul t of combining the modular logic in Section 7.1. Segment L is then developed in detail in Section 7.3 using the segment modular logic in the fluid system component modular logic in Section a and t9e i Section 3, support system modular logic in Section 5. To complete the component and succort system modular logic, it wa s necessary to include the cortion of the electeical system serving :ne Tni s co* tion Of motor-operated valve and motor-driven pump in Segment L. The f611ood 9; the el ectrical system is ill ustra ted in Fi gure 7.2. detailed assumptions were al so mace: e There is no credible mechanism for pioe blockage in Segmer: L. Because this pi pi ng is not a potential LOC A source, piping need not be modeled. e Test and maintenance unavailability will not be deve10cet at thi s time, o The motor-dri ven pump and associated switchgear do not require room cooling or ventilation. events o All circuit breaker control circuit faults are local (e.g. , there are no external interlock circui ts) . I e The motor-driven pump has integral lubrication and cooling water systems. 1 e The load sequencer interfaces only with the actua ti on i system for ' circuit breaker CB5 which serve s the motor ! driven pump. 1 l 139
^
l Only circum breakors 'CB1, CB4, CBS, and CB6 have an ' e a utoma tic actuation system. All otners can only be operateo emote-manually. Some support system faults are left as undeveloped events in this example; however, the name of the interfacing system, including its loop or load
> group designation has been entered as a note to facilitate later exosnsion of the fault tree i f necessa ry.
O t e ldC
.w, .- . , ,y e --%.E -.--.,,.,4- , , - - .- -. y, , , , , , , - - .- . - , , . . . . _ - - -
4 l l 1 J i 8 1: a I
^
I Joi.43 '/ 'I A / tiv.44 To 9 6.- E 2 .- si T ::
- 7 31 h{'" :S riv.:a }-]
,F 6
C D'/ 's 9 5 . ,,39 7; prov.40 E' g.g.ig;7hkE S0 h*"d 1 T i, ui J,...m :: :. h h h _.x_ N r
.x_x_, y (fi a; ili.it 1.4 I
& {1 21 [ r v .i)
/ (t v.ll tre.e4 S. $!!v.15 b9 i T [,
- CJ;:<<::
n: C -7,Irv.n 1 , = m 83 33 nt ir ., t_3 .: ac (jur,e i SI" *b' I Y I
- { tr 6 b
be ]ttr.s s a:r - ml 2,.., a o .:, I t r, .i a si .3 I Q4: O @ 4 4:& .t\ ] l'F21 E1 q Q 0 I e 41 , , g , , ,, , ,,,, e +R c:v.t:) Figure 7.1. Example Auxiliary Feedwater System Simplified Diagram.
l Fan Off- Sart Powen P v
")
CST Off-Stre Pe~en Sus os!d
") cg7 c.A6L7 blesa GoetATM 00.t.
i A FmR !.yu.L.Lu .m
/ CAbi C4%6
")c8f ") C51 1 1 _ 1(jfo VAc B.a l A A
A) C3 CA34l) c45 CA 8 L i.
%# XFMR L jf,e n R Ottov @
WW s Ara fum? 0c01 - _ YSo VAc l.oA> Cenica LLA
) C53 NCao
$80 vat hcToA Courns. @n W '
l) cs4 i 1 CABd I f\one CPtenTED YpurE 0007 { Exampl e El ectrical Systen Orswing, Figure 7.2. l Lead Group A. 142 l l l
I i 4 7.1 Exampl e Aeolica tion of Fl ui d System Modul a r Logic Procedures using Rules in Se::icn 2.
\
f. 4 kA$ l 1
~ - -- . . _ . . _ _ _ .
4 -Js,.h uR 5 - l. -a- 4m4 4 . t
,. I
. f-
*e 7
e
.2
' d% cat
. E =a e e ed 5m C
e .. O
.( .m
, . 8 F-a s. . i.
-Es
,g
\,.
,3 t
- 5 b ' -lli0wl 51 , *;
2 f,9 =- i j-i ' g.s ., !: -
- .a
#3y .
.ew
. .u.ma G=3 -
;15 ; ,i!
-8 <'gl o
~
;1 : . i e
1 --
,l i ss
- . ,t.<;.I is*
-- w g 6 Ah I '
1 - . ..- , C. . if 8 3 i- I a. a f ". E m: ' Sf5
- 5 g
j""] 5E5 B ;r .zgg
. - 4 , l g
., J,,
.YC E
-e L,
-a
, j
- .$ g . ..c-.c 0:
a-# w,
#K iT au .
9-
~3 f'
=as J P
{ P 4 I
)
6 I j et e . . . . . . . , _ . - , . . , ., . . . - , . . . . . . _ . . . _ . . - . - - , . . , - . . _ . . _ _ . . . ~ , . - . _ . . , . . -. , . _ - - . . .- -- ,..
l l l s 0
/..
9 ty A O
! w i 4) 4
' h=
m,7 Sb I 4 4dd O e 4 0
# 4 .
Ee
= =
f b 3 ,_ 1
. i t! i
!a l,
*; p en-I
=_e2
- fi$;
- (5 g
j -f7 .--5' 2 l -- l h!$ $ i dis ._
- 3. 9. 1 ).I t- -
)
- i . y.
,s, . . .g_
~
53 5 [ l
- i l-
~3) ) ,
i is: -- i_J l, . pi ,! ! i'
-n- l 1. , I
'! I).
=3*
~ --5 -y i: M 9 )N f r
257 5 g$~a g-ca,
'$ l) i l
l I, 1 i [ 6 s l l l 9 4 i-l 1 l l
en4 a a - m-sh ~ .a uwt. - - - 4-a ea a w
.1 a
b w3 - QUm4 r 93
~
o 9
!3 ,=, -
,s = ,
3 i_.,8 ' t s- _E s 2 5if Y,3 it t l AKA i a' l 9 j j 3, te5 * ~* w [C' I i I '5:, i:s s_is
,3 h*'
1.=: J mo* a 2:3! 1; f s h.C
.-Q
's
!~
1=z t s ,c I. f (4 l
.~ , - - . .. , .- - - i
. C.<
P
+
S. w I. s2 i kdZ l : # ...
-I : ::
- D -
- e "a
EL"
- g:1
-5 .\$ -
Ie5
-t, i:
a
-- I 5E5
- ,3, I=55 C
s *z -
-g'I 3 w
-s5 3
- ss
-tz n!.g d' C -
i
-=
"a EY: --
s5.
=
e lI i.I ! e5. ~ E=
-3 ,;
- =
-3 t le Pp ,
- ~
$=5 " , -
;cs f.s
- e. .
-Es 5
18' - .tl
-85 g ,
l1 !!E w r s ,: ' 155 '
.a* J k'c! Q Ass - 's 1:
.ne 8
s l l 4 a d 4* 1%I
-,, ..-v_-,, ..,.. . ,, ...n.-.e, , . - - , . , , , , , _ . , , , - , ,. , . . , . . - - , ,
g a ~ - e . u..e a n .n u. . p - .w ssa _. u s e ,aa a y - ne .-nm a su. .... m.m a s. .sn,,p. r l. f-e f C-P s $^
'D ges .
u.
%3 -
os T4Nd E # 4 S e 5 5~
=
e ' e "o 5
'.i n-", a #
*s ga si
+. t
$y3 H". ,
i ( tm I,e-EEE s I I.
,t .,?$
a -+ I) r 5 .m . .
-$" hM w ya +
g { I
' j!{s fil.t 9
;~
.\s,
,Sb- ..
\ .
6 - J , ai l
, l s s.
i.r '.;
.+
2 !. :s- 6. ( - 4 , e cg - l.a f. " 'L. r i
- j. e a
f t t i *A **N
" ' " * 'v=--es.,we,..,n, ,,, ,
_ , _ - - . , & 1 ) A- - A4. .---u +a----, -- - s 4 - 6 - = " i- - , --.m, 1 f.' l 1
'! I J Wu '
l P 99 i h
. w M
t' 1L
- 11 dlitA.d
# 4 0 0 0
& ~-
4 3 .. O e "*
- 9
$. "O Bs.
E,. "-
,: E,5 i, 63 .
i er
- 1
- E5 ,i 2
3, Is2 -- [I,
- 2. .
a e
- f35> H 'a I
5 2 ,.
,m O I.*
"'* ",*: *e '
a "o .A-e IC
'I*
L, sIw L lii(!a g5w
% w t= ;;r
-a r 1=
-a 4'.
e_ 3 j a-
- e. 3 E
- . .E 1,:
g t. f - !! g35
- 2' Ir2, l l't,,j Ivi--
[ - ., I j-
- {=EE 5 -E Q t
-E-we
- e. 1 p-
=E
!=
Ipg
~
f l , 5e I t a t h 4
4 S 4 -re4- <-d.---. 4 AA +-A E M J J4-, = r--- a - , W 4 f 1 I
. E i.
b w 4 a a. T M 3h
%3 g N
=m Y} -
4....tot 3, *i n Ja3 1 o f h g .h U., b
- s. O m f
. M O '
~3 h i
Ss" a l*!
' 3 ,S:
=g J
lH* h3 hh' 251 3 wy.
=-
ll
... ~
Its -- h r a 1 $*$
/ aGjy 5
L~ 1
>ja I-jl ~
B85
- ti e?s t 5 ..= i*j
; Y3I E*5 Y'w$' D
! zss I
!= i:r I:*55 J L
s 4 I e' 1 I I e l . . _ . . .- , _. ._ . _-x_ ,,_ . . _ , _ - _ , _ . - _ . , _ , _ , _ . . . . . . _ _ , . . . _ . . . . _ , . . _ . , . . , , , _ _ . . . . . _ _ . _ , , , . _ .
l i
]
T I
*e , r M !
k f j f e. 4 L i, a 5 i 4 w s3z E l
=3
>s 54dg 21%
s 7 s
.... g;U ss"* 1 *2 o 9 E~
e v84 e \ , e I
. .t. '
g l
~ 5 C. *
( l (g :! s .
'- !* 1 e*
u il , s ITC-- !?s*I
=g. .t i t .
_( s.3> t
;;55 l;.a;'
. t.
! 3 l
(. 21- {p-{ -e_ l 1
; f 55 L'[ Q J 252 u 2 1 i
i.f.5 53 L. I i I; I 0 uf
- ~__- ------ _
O I
#a P
e A a 4 e 4 2u 3 T. < .I f, O e 8 e E ** 4 9 E$ 2, 2 . - - - _ y
! o
{~. - 2 -
- - el$;.
- I y- *
- (S z m' I 30
,6- s !! <,
p "g - Y , o .
$e
,m o, ! a r .c-ir' gge
. - , M *
#3'E ~~f 8 6 l-3 ;
, E t.- 15 , f
' I
~32
}'b !O m ~3 i!!j J
i i a3. Ia .
- -%. i.i .,
, a --:: *= .:
25s ,; v y-z
! 's '.
1.
$. ~ ,
l 4W d I k 132 1 1 \ l
t x. M i w t-
.2 4u
< s. 2 '5 j I
=
ce
=...
e m -
= .
i . E_ s_ . .
-s- -.,:<
i_i _ g _e > la; , s _ss *
.. 1.-:
-- u_
=1. -
z : _- - __ ses ,_1, -
-ss
_- t_ m_ l+ ' . , SI-- 3 l s,-
,a _
_e. y ,s : z. i 5,',s C
!H' 52 qi: -
f*Em 5 5 lt !,! 355
*f-a b
L
.fec ii J
Y ,
- * :,E5 tss
-fw O
'=
1e t.P E I J s 9:3.1
, --n-., ,nreer . , + . , , ---~e,,- ., ,,,v a- ~. . . ,.-,. , --- - , . n
_. A i l
- e*
s P W
~
4 o(y < a
- 7 e4 k w e f (
j 3$ h3
~
C107 2 (
.... a mj b g
E e 4 m 6 Wg 1
=$ ZaOPe
- cow 2= \
=~
o in b
,,l ga gr' j!3 5 81 e
8 l 1:*3- jI' 'L ) 8*.
,; j F.
!.h 'j.a: f 9
5p: ~ a e a lr L l, Il 1i 253 . . - - L rs; ;$; /N-W 2:
.n-s 3_ 7-l V n
g+s <=* GS: 3 sB" : L M l m 9 8 f e a n 1
*4 0-l l
l 1 ( l
/
r 9 M' > T
$*9 T ,
f $ A b
, 5 m 53w 2 313 -
sude g4 2 a 3 i E g ,g (
.... t.
i
$6E O 9 i 3
et
- p og; lt. -
O h,,.- Es; - 4, eo , .!! - , I afC-- li ; 53 ",l _l ge ;.I , _ 2 - ,C
-8" .
3 r. L srs g !.s. '
~
.55 II
*j i
I.r--2 f.t! we - j ":5 m
}
L'E, O 44 'iI s g- s :Ci:s! f, : E
- s. a -
1
?
t
kwe n' Y A as ehJ
- L
* *3 41n $
'# g 9 4 0 8 E # 4 eW 5m C
+ ..
e
< =
w W
- g "O
85. sg= f,a X/
<5 -.
iE' 3* I!a!!*; s - no
- sw Its-- C C~*
- s5s n5, 4
L
;; E s
~
--- !** e O a ; g s M.. ,PI "s ,. l
{.=.= 33 =. g =,.
*r
--w w 1*; b;
-g"
+5
~ g_5 .
I:5. +66; W -Z; 5:, l3' i1 C3 ' E .g_ rg; 5, , EIE
-- h
~v.a. e 3L ,,w m
a5 U3 oe W e
-, A E e,4 Ps s
rr5:r ll1 . E.,5 k, O l< t f l..
- '* vw+-rev .---- . ,, , , _ _ __ _ _
e
%e I
v 7' e O u i W k 53 ms 4 *T. h E 3 2 m
- 23. '!}li.
- $,hiz J_!f I
hhh 4, 35 's r-
; i- t I. .
2 se [l } jj 0 5:, 3 . 'P,u
- 25. ...,
i {l
,,C' e,
w e5
)
I E8fs
* "5" . . I m,
;= J5:,
i l . t
-E l lll ITC 'l]
-- J 1 -s-i i ,!
^
L - f 25* .,(Q> r zra f _e. ; 3 :z 2l
;j
'E.?
.m- c.j _
l t e m 1./
i I e* I P d t e au
' b f . I -
3a T4hE E .se e s
~
w o
=
o e
- la : i 53 <!
E:" 3: *
- 1
- 4*
f (33.3 '- 5 SN^ l e i _a5 :- x,
,e 1, j t
- 5 -
==. l i, ,, i l
2;; c'gj L' ' e f w
$_ :* 1 I. se- A i I 5f } b; ' )nl i
- 3. . - l l-l l
w * ,1 I --_ ) er T - lm> ^ e:s 6
- r. s. t gN a
1+x . t 'I 1~
., a ,C I_l a ,
k 6 I i 1 o
' 1 155 ,
& A C"
i i
. 7 i
- l l
d i ont i e# Id. M) l
<k<Wh h .: D f 5:*=*
p 4
$ .. r
- t. .
$ 2 2
8e. .
*E ,,C 5.5 8:
aEm .
- 8E (8 2
!!! b E. I . -
1 2:" -
- s-e,5 ,$.
-52 Eg, { e q
- -= ;: '
o f33 L. hj= l-l ki-g:1 g _
-1
-3 ..
#3 #s W *:;
T - j?",
- 4. ,
T kI
-Es a .
I i b .- II 1, a. r c
-+ -
a.. r.e c L. 3, l 8 a !* !
- 3 '
s I f' Q ez I.1-=a _
/ 1 l
i s 4 0 159
l l l 6 ew P e4 O W w x3 eu M4.NN k e e o e 8 -4 & 5 $ C B
=
$ e O
f,f 35< z= J 1 $I e
'5-
;b
- + .
p j$3 ; l...5;% l e 21 52
=. .
frE 'I C l'.= ') l w
':* (-
,g!s.. m, , .,
i - ' - j 52' tg+
-*r- hk l
l ' su 5:
.s
" ,t w e" I, i
9 j b" V s
i I
'4 6
r., P
- to O
w e-U W3 ..
.(- 4 Yr. J H
. ... j 5
9 5
~
2 F E s_ . . v aI
-k*n
,g .f
' 55-27 F--
i <e l I iy
, i s 3. :,
- g-ss f,fii . is: --
tj g:=
*1 t$1 -
(I
- s. 3.,
,a.
t g . , 35 Ii ; ; I~l I.l I
- !. .!E. -
W
*A i]= g itss fM20 I,,,g :s 5 l' 83 L i
.i i
e 6 (- P e t C., '1 e 1 u -e-- _ _ - - - - _ -----,--------a----__--__-a-.---- - , _ _ . - - _ . - - - _ _ . - - - - - - - - - - _ - - - - - - . - - _ - _ _ _ _ _ _ - - _ _ - - - _ _ - _ _ - - - - - _ - . .
1 1 i i l
}
J L
- i a
l A. ! e f 1 Partial Fauit Tree Deveicpment Resulting f99 Ac01i:3 i:9 7.2 of. Fluid System Fault Tree Procedures. 1 1 t' 1 2 i
*:7 1.
, , m.. . . . - . _ .- - I I l i i 9 l 3 I ES E S..
-ER- *
,- - $3I 1,3 g* $s s. ..
{.
-= 4,3;. : .i j lic L*,,1 y- t.si ,.
l -- .I; 5 '
-3. *5 I
.\. &
1,
$3x
- s 3 .is ;.3 s.
- -8, 1- -a' (
v."."., t' s
~,1 1
- ( ',.: ,
t-. - a- ggi , i t
- 5 ;, g e
i 3:- l, 1 3}; i
'i-t !. m. '
I
!!:- - e-. 6 t
;l e 338 1 - ,'si
-rE, (g
- i 1 ea" l
- s5 i..
- I*
)) l 8
iga e-f 3b -il .t I t c t i
} igt' t'.
i is l i N r{g g
.s n= 5 - t -l* i, l '. .d'-
23 3 y. . g: - s- j-i
-1* - %j. W i
1: 4
, 3
. !.E.
NE 11 b i i fe.* 3 I {..*sr ,1i ..
]-
t es t
- e: (
.a. a: .I
{ $3K Iw J Ege tag pa g I t3g . - 3.. r; ..
. - 5$s a: !
4
-= s.i s ee
,g- Erc--
..- I ga- t1 ,. /
E g5 . - i
.3{ .a's. N -
s s}as Na ! l t .- s.
- e Bla
; s =sua 5 ; -
.2 " \ **;
Irc i,$ . 1.5 g !b 3 : ) 1 I
" ii j $8 kr it.
=-
hn,a1 - s';s ;p $C t 4- , i-g . 3 8, I i ; i-
!! p
- lgI'
} *5 i-l gEs 3 -
I '
.i s
'l- l 1 -i L,.1 !;
*!'s
-:- d* *)
e.. - is s-
'3-i f
a e 4 e 9 iaa
, . - , , . . .-,e . , , - , ~ _ ~ t-~~.-.,+ **..,.m...--..-..----........
W +e 9 8 0 W M us. i u g. Mw , s
- 3.
.Q g
I
. . =
8 i o a " ?. , _a
- . 35"
- C E
--- -gt -
s E.:< _3g= g s
$2.
*L a
-a 5
- $3E
, w si- e :c lri
'8l=c a l8; - .t;
, _aa :sl, e-. .sr_2 - 'u- -
_e _.
, t.
,- -g- -
- -- 2
<a; ti-= e,
, 3_ -
i.1 as- w8; I, I
~
- s :n e3
"" 5E kl i
~. 3 E lgli -
- s. ,. -s 3 :.: e :::r
.a
=+
3g,
._s
=ma 5
** 3 J .
sm 3 A 7 -a W h $ " l 3 - 3 M*-
= = - / 2 = :: _ l'668 :
/ 33 -m s "$_ . ,i, " _
_ 3.s
- -E .= g
.Iae
,3 ,
53 'g s. I 8l .k o ss
- s. s .1
.-+r .
- t. .&
e an I
.i a
e 6
-- -- - ~ ~. _ _ . . _ . , _ _ _ _ _ . , --'+e-
. . , , . _ , F "-"M g +.__9
4-h a 4 1 i f i 4 B
. b,5
*C a f
3
-e*
5: , m= t as 5
. . 23 ..
sa - p D t's
-8 j.'
wfE f bI, 53 3 b g is: LJ a*
. .i
.aa : ,
-N lei N 5
tw y, - r ja
- I$ C O .Es EE 5s .,
*5U I(
=m f
~
o - Bt3 e, ("" it. { 5 s t 3 % }
~{
EIE - -s
=+ \ { e6+
# - I g
. $. . ~i n3 ;Y A
b'P g W 3 s k-g 3 l.3 W" D 5e.
-15 S .
3
~ ,B@5 - I.
5
-Es }\' . -
88 3
. hl s
10 u.s -
=~~
"{$ - A '
1y
-e"
=
(*
... Q
.ss h '
t A, t 1 gae--' - e w -y , *we a a j m +-~:y.-w- + ,-t . -s,-+-1+4 y - tw<'e4
l 1 l 1 l e i l l 1 1 t for se-,ents, 7.3 Exampl e Acclication of Moduls- Logi: Components snd succor +, Systems. f f I
- ._. _ i-om
l e ,
\
. 5
# ,. 1
%,t e N N ke k
4o V 1 - W .9 **. Yt t
't
,;,3 -
c $ T T-i 1, -\
\
s A t g. \ V t i
~a<s ....%<.., e \
T
- e. i s?'s (k, t -
5s sSs s
- 1 .st\.
i l l g: ga\\=st 5 ;-" - 1 6
?
- t
$a o
\ -
b s . I s
's
\
I 1-3
- 3, \\,\ ?
"Is t g . $ O ig ',- $ ,\
\ 1s 3,
5 \ e {w s
, ' n
- e ..
- 5
- s i $1 S-1 %s k~" ) ,=
g \-
\ 1 W
] W t .,
ki
- s. T
. 5,5 2
Y d
# l.'d., $, ,
y 4 Sk T. -
- 4 d**
s S5 e - y ,, 515 # u ig s.
'tg
- m kt -
11 y
,1
- s Y g V. :
o - 4 k t
'g . \ ' ##
\
I67
- . . , _ . . . , , _ . ~ . . . . . _ . . . . , - . , , - . _ , , . . . - . . _ . . . _ _ _ . - . _ . . . _
I e a 1 9 4, w s A
- xvQ i
g sa E"
.u.
4 ., 2 li E. li.i !
- l. 1-t E
.... m ,
W* 3,
$ H*
= 1'E.
't ,2 I. 'l'E
~
iII. -- I -'
- a. ! , --
-- t
. t. "" , :
f a a i e l e f f i 9 6
?
l
'! $. 2
u f h Te-C 3 wo\
%V
, e
- s ts
~
% "r.
SMB. e= I., l
. ++
~
\
4 g0 iE 35 =
~ ~,5 W
\,t'.
- % g: i ,
13- . W =.E i;.; I# ,e S
- <; t O [w[y) s,,
- 3. - }
e s
'4uf g
- - 111 E,
g 13 s, \ 3 i 3.. 3:s IL
.I;5* Q o.
==, ; gi
.a i-
=-
- e. g t 1 \ {.,'\ *;U
\ ..
J $15
.b,*-"-
l" iii > d
,.\, z\
Y i
' 8,,
.I' l
* , u- -
- 5. -= '" s ts Ta rn $-{
- g. 4,E; *
\
E, g g5 i g , * ,
\y -
*,;t yi iI'q'- s i$
E-kt g* 3 "' i
\ -* === \ 1 1 } ,(^s )?
*h r
=
T 38 5 c
+ g;s 5,5 p \
-g
._. )_ Y. :- '\
( 5k 5 I.
\
+ *
.s vR. ;
[
$s Y yt -
s .- 1, \ n,
't'" k 55 - - '*
3 u-"I & ==C
, i4
)
\ L,
\-
-.y
}J e.
- t. .
.e
*- E%
ll: 2
- j 1
?
i 1 e
l-i T** T~ f .% g5 04 T MkSDk8 h 22$ i, I8 . t 2 *!*IgIa%
, .S
! -1: 0 2 bl.
ie
$ .b I"
M E
. ilt:\
i
- a. l..
5 $xi v'5 A. 35 i>,Q I'we-
'E '(O\ i &S*
. C*! $
V lll
,2* = ::
._ : j ,=t ;' : .g l i .c ,; -.
.1-
~-
i i 5_g$. . ._ - {,- us.E.. E s: .
~
5 e*
-s L
~2' l.
N j-l i b 6 e t Y l4 . ... . . _ , , , , . . . . . , , .......~..__.. . - . _ . . , . , _ . . . _ , , . . . _ _ , - _ , _ , , _ . . . . , . , _ . . . _ , . . . , _ _ _ _ , . _ . , _ . _ _ _ _ . . _ . . . . . . . . . _ . . _ _ . . . . _ _ . _ - _ . _ . ~ . . _ -
4 l l l t b 25 1
~ 5 y l3 = ^ w-a "$s
- VT
- s**l E W
"$em 5=. g.
t I21 ' w 8 2 ( M = l e e 8 s . .c hfI 5{ , e- fg
!= - si. 40la 1 '-
3-* N s O. E w a I
=i ;
I' m Et
*~.
-I. V ,
-l
=5 -
p tii isa j l t . i Ec tUEis
- FfW .
52
*- F= \ -
58 '!E I C
=
l
- :t d I E
Ig j0j s EE ~~ I, 3
= ri 5-se-I L
= =
wB N a s
;: - i n,ai .-
g
- E k
i l E E 5 p
- s-g _i 2
- 3C a 8
'C 35 I.E . e, .
4
' Eo a 3 EE-
*5 I .
E-E 5 ^., . ,1 E' S1 - I= s i!.gt
- E EE
' .: , 0 ,
*~I.
E i l
?
l[6 l l I
1
+ l l
1 i t T y M m D* w 2 4 7 e o NE Avt 8xww2 E t.
........ l 5gese nes
.s g8 t-
*t -
t r-g~ f
>Z 2
, C.1
! qKo
,I a
tEl
$$ b O
'E
- r
-we E 'T !
3
}; I sj Og it ( i
- . Mr as p(- j
'\ .- 2
. 3' 3"E-- ':"ti 3 - ::
s
!~I
-t
.s .
l :r. .-- - N M 1,
..3
.__ I"!
"$E $ ,
= 1 :- G }
559
.wm
~
l
}
. j f
l l 1 ( it.7 I l
ee o
~
I - #5 - r
$I w1 '
si
! 'i l
... !j 5 ! _
1
- e. it t NV e.. . -
5- - ge. Igi I
. ?!al E.e
=: 5
--,fy g
a =! s
<=
=
Gr= ,' Iwi s L
.1 6
Y
~
m
*e sc Iti I- l l l.
EE f . I t-l
**~'
ce m
*= ==
3C V
.e
~~ 11e - -
I l ,."" -u ls- - 8 2 1 y - lI?',. ) 85- l1 -
. 0. O .! ; -
i Js ' 5 ES l1 % Es p:f # WE l}-l 5
-r s h$-
Li = i. sc lE
!=E d"k o - ;!tlo E- te
?! g gg in e- -
2g3 .
=
1 jE-
'l !
J
=
E e P S 5
* ~ x 5 t 3 e
- C .j 5 a =
- =
I e E 5h L a i
\
k[
a m -*- n 1 i umu M 9 - . 2 = ,
< u i g
mU sumums se , ' muuma i *B w 1 t 5 ag ='
- a. ! g 1 -.
,73 t
- . 8
" 1 -
s=.. x . Mt w-
'C d 9Wo t
lts. 1
" <fi e.
y F .$ s.
' * " Y NU $O n$ - I
~2
'1 ..........
22$:t2y23eW=
**I
$5 s s
e.
== 3 -
f. g g ;5 .na. e.g
'M z .3 1 -
a* 'f. 3
.3 1l w w g
.: :*. = GI
- ~~d.
e c=5_ij f!" l i
. , 5 i
~5 i i
Ej
!E
- 6.
I =- 1 i
- . 1
! $ ee ,
sammune i ras .: ( ;
!. -'g ga
=
7 _= I
/I2 j 0$ I$ -g.
m y , =i --. Iu Y. (; . l ;:_l - I $ES ! l I 'd .E l,
.E5 fll l
". 2 I s3 $' -
I s t' i's l , !
!! 1$h ! li [jj -l ; -
\ _ ._ ---
a. m ,, s.-. i ;
-3e ,5 l
.$g6 :.=- '
,e ,,
a
==
I[ i I- l s l=-
}; j
-- it I
' ;7 %
= I'.', 6 l 85 I. 5e }
)r gi: O
- =-
e-lra( n: :
.w s3 l6i a-Er f,
n.
-g -
= lP r 2 !i!
4 iij s ,i , _ g. _- 3 5 3 3 ; ~3I=
- a. IM.:'
" ei" j] ".1 5 'l i. ~
_E a I - a =, .) ~ 2 - 85. e-s.~ g.
-6
!, G
- *3 el
.s .-
-6 Ip e-EhC .E
,= 2 Ig ,5, f 20 '$I 4
- $$. h asi
-a s z mI c E. s 9 4 e i/= - , , ,, - -. . n,..,,-., - ~ . , . . , , , . . . . , . - - . ~ , - . . , , , - - . . . - . _ . . . . . - - . . - - . . .----,.. -. . - - - , , - - -
4$ P
< - J@ -
I i T % i ; a f5
-s :
i '..si..*& .
?
em . k ,, i;; Y .:s II:a l sy: 2= j i 82 se - Y ll Ii-! iE N. 1' I15! ^ s6 "='\) I* ."= - 1 c :. ? < c: t Ih
-m Ig f _
en by j
)i --
,., h )h.
I, !
- I 1
a_ # 5 i J #, f a r i.c '- 3 3 C O "l ' EJ' - SG ti=, "" [ y ij u s tli <s Ec
]:
,l f.
E
- . a,
;* E& t.1 e ,3, 5 -
s _
- . t 3 i=l c EI #3 'fl JL 2
=
i l s_- s , S E a 9 i 1 z g 5 i g
- j -
n e
=
~
r2 j : 51 L s t i l.
-- - . ~ _ . -- . . _ . . _ . _ , , _ . , .
_ -W w , _ , , , , _ _ _ _
A W h I , f- e I-i. le. i-g 25,0 I3 e. 1 o - g, ag
- s, =j
- 3. i gI 5
*? 5 -
. .J S I.
.a
]
M es N T *4 Q 3 'ee n ', TT
-- L C
e-, g_g ? e ' E%
=
lle t -- i , g-eseregreeg a f-3 e' m j*E g 53-g -- . 5 3*- le:si ~~$ f.:a 'I C8 n ers :' = : 4_ 2 3354 553 4 4 O
- 9 g~
o I'!
'e
- ~, -
E {i ll El $s '
*c ,E.
53 I
~ hee 5 8 -.
- r 8
51 li cii Ise i cc .jrl,
, Ese 1: , ,
=
s2 l sa i sa - i a- I
.I ,,E' l
=,
3! ==l - Ie L - . .. t[ ca c _ ) i a= s2 X w- {n:
- i.,
,e- E!
i
-:. ., te 2 il n, =
Og i. e--
<E 5* w il 8'
3-- $ E4 S <8 I; l i, j
==
g ti o.j
- c, o
"gE k-f f.{--- ii JO K-
,ql 3,
og
. 't'
= _,
l { 1 -- m . e I.
]ss gem ; '! :6
- i5 .'
- $ 5 $.
3- r,- w1 t 5 h s ;'E. ; 5 c.,
- 1' '
SEC 3.; , I T I f h)E 22: _- I, J
$ C c .
= L.1 $
I 1
, 3:
# sg j r
!33 3
{r3
,I P "'"
= r, "E -
Ej2
,= e-a , ia
-- el.
- ag . a;
- j i- :
$== asu a!
l-;
.:I ez i -*
sas 9 -* li,
9 i m I - l 3 l Elv in ;* s 6 ( l 1-,
-Go ji
~o .-.
E e a= .e -
-Ety _._
.,y
-gQ e gj 5 .:
jh3 i Bje
*l I s .5 s.s.: J.
i - I$ E2 - l~
!E I,
.C = la' A
.6 I. =V 3*
z* ts s E 20 q!
Bf -
-g !? -i fi '*--
63 L E _ l i .f i $. += 3
**' ' 5 I _ . _ _ _ . _
Zz _..___._.
,a5 j g_; .
n i 1
- i.
! Li l":
a lC - 3 !_, 3
$:g:O - -s J' O :
3_ - ,, is :a
;a c -t ,
~
ig l=aM ~ eg
'L
=
'.a 2
{ s_ e s Y
~
G a E s l ; a :I-s i E g i d'l sg E i s 9 e 4 i 19 / /
l - - - -
._ .. --s i
.m. 1A i wee- osrA vin vis . /HG7f A
~ ~ ~ ~ ~ ~ ~ ~ rsia: . CABi &, C48L7 tents . A6si#t gi,,,s i. ,. e e .m u
- u. is in un einiu ,,o.c . IcoonsA, #fEcoo7/
no . Co, Co
.tute .
r-- I c'Hi^iaal___1
...r is... .
O uwucs IEcoolf 4 , m_ _. l I_ --
,,u. n. -
ins a 'o==' = a iir.s . iini == == a ins se -= 4., ,,,n ..i ..s n.. ! e.uk 01640 gg s,o, af f .stil le .L's tatst9 P ** *'1 3 +
, ,.g,% i i [ mr. in' daU TY
.i 1 l n j_ -l I m_
a
.. ins e eo== **>i n ,si n ' en u e a = == 'y i.
u .os .nie is =^
.. i ms 'a raa = ' =
*as == a ...u..,
u...
..i u t owim
. = in, si
,,,s .,,s,i,.i,s ... i.n.s o i=
.0 soiin .=63it 4
' .w..di.. '
oust - . ci'-n i fii*iaisiai** 1 Li -- g
,.i, . i _ mne., i l' i i
- ~ .
l l- . 1_ w. 1
. is i. in t 814 l'. les vai i,0n,
, y ,Of ,, Ptn t Al K satais la temessesee n ....... . .. s,Wi,li , ,3%W' ,,','"I
,,, , , , ti ,,,s i.s.t(talt
. . ,utan . n.a s,ina ,. us t t ais is,,in,,,esta s(Asg ma some = n. n. . .. . n io ,,,,,,
.,,,,,s,,,...,,r,.u..
. . , . .n. io . i,us r. .
.n, j
8--- 8 ..[ .d .in *~~) nwifY MfP] - [ 1 * 'i ' '," 8 ' ' '* I_3 _- 2 T' T ~1^
- - E_ ___ 1.-
I n nan' i _ _i In~ ina '"a - - - g g p_. . . . 1 -
\gv
e t l I W - f Ab = l I k* ; *'2 I6 h .f'
- s
=
} ... 1 is -
*1f _; .
sti3
- , J:
.s o c_ .- )
- e-J
- s.e T
$1 - _t . i
$M
.s 3 $.5 J'
Y l aa +
\
s2 l-l .I i xa c' i1-; IEE' ^
"6 a $ '
m, 3_ 3-4.s
- 3 g*
5 r;g=,} (( l &- i l s~ e E 30 ' -
~
- c. <3
$! 8' Ej 'w 5 l~2' l , l
~# ' i
~
l . 1
!; J ' >
ul . x L's - = so- ii C j "d' l '! - - 5: p. ! , IS jl 5
$$ t" g* ll sc , e E
-m lb -=
s. ga j_. )
'Jg!
- gs J",'., O ra'.Q
- e _. ,_ .
. ,7' is - to E $
EU 5E
$! EI
*E il4.L {-
*- E
- +s l ,
i
- b~
- 5 3
8 f k
.: s jei
,=t I J 5 =
5$ s a f r l l l l l lYh l l l
l I _ j -
.
- E 2- ,
f is ,!;a @ gg M..=l l i I B-g , (
+2
Rg e. 6:! es _1 4~ 4
~
~ a
- .i.l e1 -
'N
\
l' C 8:a :I *: .-
,f
.......... -s g=- -- s ;
1
* =-
esewegsnes - J n NI555j - S k-
~
[-:- p
~~
$n$ 'g I. -
f. (s 2:nEY
--te IE.EG i las } --} ,
k o i!
- I gC ic '
5 I2 E .
- l. .
4 2 H-- !b, z "
-O E
- : s.
a y i { l $m *'5 $ l
#9 -
,I
) $82 {
se
.-i
{
,- y= =i'. - .
i4 z}2 ',j2
si r 2
l u tI ' 35 lsipj s=n
,,. :: ae a
I I i i ==
'h i o i., s,s
~~"
, n o,
- \" k s j - h U1[
_ c }, e,
.- =
~
f* EE h s , a3 55 ]
.. 1-i o
.- ti c
T ll 10 i3- L,0 '- a-ee j
~
- 1s
! C *:5 I
c $ f r la
-e
, t
[- 4 - 2
- 9 ~-
g 3 :# e e-LI :: I . fil d,b- Ei , -iO
'= ! # ,j
- 20. a E .E l 1
(' or3 doe j l ~"*
l t a
= , .
-* s
.8 ** ,
r .E
.l ,
5 li -
,'.O t .-
- r. _i
. E_ i 3g 3l 2 "t f_
- 5 s8 .
g=. a 8
.3 ,
!e-i.
t*=. 23 '!! * - 3
.s 55! i :
gf g.
.~
. =. t. .! . Ht! g_5
* .s**- ,
- -];3. f -
- :8 !1
- s. ..
.g3 r-i 0-
!* l
]..sa sic - -
E E
. 1 '.
= i l-ii i
s s
1 I
.I tE r .g = 5; ,
, r 7
=.-
s . 4, ~y
=
1 .,., ep - j , -1 e
,y i.,
~g:
~
*! T l '
-O ', g;1= ,s
-i ;% g I
... ', l l l- -
I . t' ,-- .
- -r= ,: sii ,4 I,'l 1 i I : t i
! 13= .- l .I. ; 3
;L I ff
( ' k i i st; !;V -
! 7s'; Ls M f i
,i l
- ss er.
i,a,
' ' =?!
i) Gj;s 1 li g' l '! = ; iss - g.,
*i ,
;gn
_gg- a. ' ,o I- ',=s..! ; .ii. . - : ! p,51s .;. iv se! i r
- il ip!.
- 3 sa . s -
s_ --
-n f;-
s.
.s== L- 8
.;? i:=. =
va
=g 4 - ,. - ,
t
- _ .s - mz g=. =
as s 1
- a. ! = _s. - I
! __ i
- s.
1-
!! 8 i
Il s --!j !> !- i I i =...
, =
r_, - - i_t! sa - J;I. -
= !
- g.,s %,
s _: l..i
; I =.II
- c.,
= ,
g-
- 281
-=
.]V 2 3. is: --
. I -iss s.s i f 8' .si ,_
. = . . %. L , _3 5
.n a'
=
E33
-i=
s- . 3: T, x _
-33.5 "p i g
i
=
aM 10
-y au S -
80 H Ia ~t a
. . . 1s .li:
-s i s3- j!,
- 1
- !I _ y
\
g ae k I
-,,.6.a - g o
1 W 3- W 8.< g *
- 1, -o is--E t.
\s-w .3
. go Hc s.- Jw
\
d aj
.5-
. )
y E
.. it1 1
p 5 Ei g' 555
=s, \}- --=
yEd -
~
=
a-- c :5 , g- \u C a
", g :3e { 13 1 3:. si i 7
- 3 .E, s
!.gi
- 1
,115 }i
,. { i. c gE 31? !d $ n .E 7 a 5215 y 33- i ai j. 7 i '
- gi n to
/ I S a
. e p =- i.k i: 1 h 3
~'
j Ik m- 3 I* 15
< '\'. h n
' l.1
- a. -
2 "- s 5
*** =5 1 - - o
"\ E, t ..g E UE M \R
- ii C, a !,1 % %
=ga \$1 W :
T 5 5 1- ' jy :t' a
=
.-==
1; E
-- A _
O,
;5
'\ x
! 35 E% - E E
{ O l S.
--- , a ne b
6 i a-
- 1
-5 E-N IO- #
- so.
5 Y ' d O jl1
- do 2
Sin .! l' }"
-=
5-I
.t
=
1 .G .
- L i I
- *a sa
~ ,y Q[
. E ,u h :E 'e#
o-f b*' 4 M a E E. m
)* (
0 = VM 1"
.* l 5 -
gI
*5 g4' -
W-
*E ' .
sI
; O' i..
- I t st .
N e
" 3
.- , i s. 5 gl I
-. l* s
- a ~ >
2:* g-Ge k~l g ld r - -
-g -
O se E e
- C +
** C3
+
- ~
P i Eg L . t> e a A w
. f"
=
l .
== ,- ,
- a g ;a - 58 )
f ' m-m "C 2-
- gg E
.s 15 J
=
3a ea E r! a
- z. : =;
=
== .
ei
- (
F f. ai == l i 3, 2 vs =
! ag
= S
( c,
-w,i, , .,---r--,,--# . cw- , -
, .. . ,, ~ *w - , . . , . . ,r.,-.~,-, , - - ~ . . - . . , - - , , - - , -,- ..- ,,.-m
i s l t Es ]a I. L El s
=2. g >'
x -- f:s . .
= -1 o *a-s i. I:
8 e - as -. e e IS v o o 1 s=8-
=
s s:E
...... um e. -
. :; i-a I :. . . .E5 - --er .
fE; g {- E!a! ice lii st a: sit- i-i -i a- s i- ,c
. n ,-
- s.
~ - -- ~-
s 3}EE e-,. x tse1
.t
- I.
_ , :s- _ l a-i
. ,_ j i
s-- .. I ', . ' i.- Ise. h. r-
! 81 }2 o
s s=
- , m: ~
i i i I . hi(v,
=
I ij 'e,C7 ' ;L i ~-
- - it- I: - A
- tl 1:'
5t ii ! s t m- - 1 t- 1 i
- ,-)
1
- g. , 6 36 b
.'i i.= 3s, ~l ,
7:
, i n. it + .
- J P- g :s. -
52
- -z gi 11 as t
- 1 s-gs s -
sse- ; x-- j _-sa,{. O s ln
\*l
- i t
E x 5e ;= ; y ,
? (Ql 3
- . 2
== c.' -
ji. g -
= --
NCE d
, 2s** '
! 5:53 j l
..e Ie" l
i
i
)
I t T w C 8 i< We Hvc 1 E;' i-I' t II l s I. li i - l 0 s 5 -; ,s 3
- l h.z , $hs {, -
x - , i.-l ~ E I 3
!;3 L -
s e 3x T l__ \~ - -
~
25 t,! I
! =,:t s i l *5, i
{=. :
- s ,n I .
',:(t ' ]
m:
*(- -.
i i ;. 5 ((fk g6 e e f5 70 Eis h ~
;-ag I g-En
! l-t
. .. I E
- l WE" w--
sa"- E Wt J g tg' _$ ri I k EEk
- j. --- j
(
-- 5 :: :
=.,
) 's.
i- e =
- .3 :":
E .i't gw f,;i-e 3 3 5! ! $' i= a-a.g. n - i 1 O 9
~
5 i 1 i e i L W 4 4
~ ~ ~ ~ ' timelgt 3 e 1[O2d -
an . Co iittimet ms.aun ma,n, sintets en L-site,' .r i [ p m 5 : I
~
l_ ._ l I __ ' ;=', .,,
. .ss - u , . - .
18114 M 8 Att Is Attl Dit le list 08
.. . . s - cix ,ii 10 (a Ung tta B fantatinAset t i f *,
tal Aalt LOFFitKS (intus ia, _g 3___..-- c 1. ,5 . . irr i gy ggue. . a .5 j gwivpm, g y, . ig. m r 1 [s,. . .o . c Q O sii .ciis i. LAtot IE lts vbt bie.%u A nuits. (I) to et tu visort e av 1,it anne sse as a sin +tes sustin sie stit (2) nas et unsamato as a ai.ni eaiei in save e e. s i
=
a
!. l
<s n- ,
a to a, y
=
r
- t-
<n e - - .
-s O O o
8 a- 54 o , _
.sg .
eo g g =-
. vee &ev , .
g
...... e- l, es
-te
;- == -
- m. ("_
t. t 8-gen- ' !,; ,
- l
='ti :s , l , m
's- =
iii - sn- -
' :-:s
~'=1
! S ti ,
j at:a - I.
' ;- l _t
. n 1; l'.J .i 2s55 i e h E *n i
l'ID . liii
-z=> I.ib I
! t'
! 5 ldi L II.
$e.-
l!. g! q,;=tl
.g :ers.:r c: -
-i -E i
y r
=
- - r -
- E a gc = -=
l., s,4 $ - c
.
- 3
-3 3 s1 5 -l ,71,
," t EE _ !.s:
-,3: !s /
t
.i;t E
-i f r,@. 1:1- 11
.-zz l.,, :.e.
*t
.s-z: lI
=gn=
z :3 -
.253 li Y 98 G
O i I f - E E -
, 3
. i.s:
-. 3 -
=
) :3- jit! E
_ t p= - 1 -
--. 12 '
Wr= . 2s*- C i
' 2:58 j g l
l l l 4 i
.f e
- l
- 8 i- 4 0o o
U~ av g O-Dx
=1 - y o I*:
.-- I 3M w=I 9 9 a_
t N_ E u p" l
. .,, a O T S E ;}
t= - . =. :
*p I-I
$E ,"
~
_ = E M S <& e.
=.
- s. 5
' c ':; :
s., C I) I
. j -s .
, ,, u .*,
l .. -E Ne 8 :w i.. f s= I.*s % - Ib L* %I - 1
&2- O } g,
- t.,
; *l- 5 ,t' Ms {E ,8 c;
*j
- l$
- -i 6e- !~
t !
-1 9
+
8 2 -
$- "r s i t
L
- F n:
3 3. " y l. !."
& I ". e i
e,* I ,, . . E
! "? s
,, =: 3 b ^
5 j Q , = a
- W s
k=- N $ e r s-
~. O g 3 35 *
, nt pg A l
I 3: st OM r , 1 as gi s i ;
~-l O
c \ BE
- I 100
\... _ .. .- .. - - -
i e e ens Tm "1 i l 1: = c. B!; y t T
, it n <m _
E, C 8 g o 85s iI l i 6 10 c0 w 3 tu 4 I g
*!g
!=. i
/
J H u c ao H u 5 % I q ""' I z*b 3 .t ;.
- E*E r =
==
i -- E: t I
- !t
-c t> , -
1)
!std r!.B
?
s j.. . E ! ,$- El l U#d3 I
,5 31 E :,:B j l .m, >
. F 5251 !.=
!$ !g' l '
83 '1 j(I 1 l I weg .mi li.: O/
- s. ~
is*2 "?::( i Es
!!!? E k! IE
- 2e
- it,
- rg; . :: 2 ga 4 g f E)E L-,
; zi {O e a
i
- C
-m -
e
* -E I, - !: l:l 5 s s'
.. :.
- y, zg3-=! H
- r 0 c ~~
l8l / si:E ~:
=~*t.t'
=
- \, o-5 I=5s is. 1
- E E-=i
- s F: I g3 1 =E k l, 1.j, I
-C r
3 et x 5
- 5 g W:.s ;j sI 1
- s:fsa
. s " -
u
- : h
- I b 2, a :
is g d; if *
- C.
-1 1 'l- ,
g g - We- - I
*s53 d g
' 2:53 l U
b 9em hwe (. - - - _ - _ _ - - _ - _ _ _ _ _ - - - - - - - - - - - - - - _ _ _ . _ _ _ _ _ __ - - ' - - - - - . _ _ _ _ , _ _ _ _ , _
I e 4 i INSI t
=S E
<n t- Y 5- C e
s
- --- c0E 4 i 3 b
8.!
$5 3 I'!
- v. o g w=1 e5 ,
4 e
**E * %g em 5-t l.-
3
- l ,:s 85 0 m: pi tr ,st
<=.
li we *"" As II g 2 c a 8< E; s
.. 1~'
i I. s. es w! Sj c-i;- E~
~$
~=t ag
' " ?.
\$ ii , > ;a d 5~"
, ia l %*
e-lg EE
- s Es b $
e 5 E A 3 + 5 l
-N
= t>
le .1 -
-a M.
*a Ei *A 7*
03" ~l - z_s I ~ g E. $ E. i 35 I w *
- =
a E T E E -
=
g . a.
- E-
*e ;. _y e
35 , ej .-ia* ea 3- :: i .,* I GE H ;;
- C i
3..
I
~ *)
. W I I l, 'E_ =
5
< ::: . t'
& E:a7 .. :
O EgI -l-4 8 B:: lr: i .j 3 . I Lt. e 8 sv=4 !Es! C
.s
=xc=
5 1 it!4j! Sjsj s f.a-s
. [.
g k
.1 ene#$3
- w - I, g
. ;I 8.-J 0 -l :. i[
h I~
=,1 S;
) hIb5 a
-! : : :- , -s I/fh .--[
a~~3
-T-22:1 :-
ls i l j
- s 5I l-IEI
\Eaj , 's e 4 .15I I-e i
a .< i a u s- !:- F - 5, , ,L / 5z I - .v -
~*
1i 's . "
. f E* 3 Id'C -02, ? -
l:g; i = ~- ? > r
~
iw! E.E5E -g t: :! L y
?
m M - 4 ts ' a
= t= i. - S a F
=s *
~2
- l3! ~ $
-- s ' E [-:
s Ej=
-$/ :
i ( 5= e 1.' : ,
-, 'tw\ = Eg. -
- =- : *s.
!jgi 8Eng I
~
W- S g
~r
( C f = = t i s
- - g 8 3
~
f5 - a ..t'
- t*
SE ~
- \
--5 ts-1 ..
l I ie e -3; e
, -I58 3.
l i 9i.O $.
I h e
*C , e-C C
I C i 1 l
% w no G $ 4 1
- i t
- a D
n E asuun g ! g A! , C sj -- s 1 l _
._i -
h 5
~. ;
i.*-.
! l i in IIn
=
s
"" m: ?. I
*g ;
- s. -
1 i .- 3 E
, I_
j.. N_ -_ - 85j Le. scc-- ll7 J'3. ig
- a na; -
ris . w s i ;-: l;-). w- ,
=
r s =.=st lr-l s*ex.
.!.?s_
s s-
.r it i 1;. ilt-
==
E
=%s -
g 5 W _ (/lw - nl-s! .!j
!=.g -
=
= -
=-
3
- 5 1
I i 8 0 I' e 9 J e Iw a ..
, s- . - , , . -v,- - ap., , -y. ,- r ,w- * , - - --
f C 9 s E 2
. = ,
k -e M
% :s. t! *
- 2:a . :
IE Il 3:ks ", no
- I
~
$I a
svec ***.. s=.,- .
,0!
* . g = '" ,
a Eg* w 3
.g 8 .-
. E* #1 'I s I k E 8a E: -
~I. ~ : 4 -
gens =g
= .tl
; l
=ltd E S
'[- E F 2
J : s t: S I,
- --8g M 3, E.E t -r.
.Yel b-
- e. _ gO- i, !.':,
H::8 - ls Ir. I l! i
,,p.s.
c .. : 553 I ry j? , } *r r
--~
M l ;j ^ N$I k: , u~~ , - n.._ ? t
.g E.,c; .n :
>t E.=
- M I _] r
?
- C
[
- 2 :
g- t u itsi 3 m c
)
-:s?: ,;si sli '
T 5! 5 t l f
> - n.s: 1 h. ='
s sa *
- E gsti E, 15
*s- =! .a c .E . =
5 j .I.53 ]'
**s3 i
. S
- t.
U $ I
- : .,; - z a8
." 3 j1l 3 .
4 4C' 2 3a t. 2 Wg=. -
*s!* C k N
. - , .-_,. .-..,,.. --._.- . , - ~ . . _ . - . - . . _ , _.,_ _ . _ . . _ . - ~ . _ . . . _ _ . _ - _
't 6
.m C'
,h 1 -3
. 'e-T y a0 t i
e 4 e e E g IE t
. l e
~
! a
- ; - I g Ik i
fcp 3 ] el E
- 5= =
,3
< s'l 5
a{
'w . .
- a; -
J 4 n
's l .- r
.. f r,. - .-
fk
- e
.f l =.y
;s *t ' ', - ,
c: '.' }l z- g
*I I $C*' !*i >j 3
- j'T' ~
I E *! ' ,1 " . i- 3 C- g .: I g ( =*ag - 3
'h: llC t 1;!' -i
- I Ci- -
! *. :: i > *~7
- -,6 ~ I '27,,
.r l l $.
===
31-* 48
--.- z. l
- - . , , ,i' I (3 E #
k m , y a N#IE Iwi -- l =r - aq = s !. i t ' ;.t r r e;~t-3 5- - .
**l-K*.ss - o, i s't i-a
- 3. -
s- {~"m
; 3 "g'I A
T
~=
E
/w5 2 L 2gl 3=s i M y
-=
s 5, - E $ a
- *u .
O e a t g 4 W I t e g e J' i
.v--. + n...,,.,,..,,,. ,, ,, e,w.,,. , ,n.....,,,...e_. .n.... ,nen_,.,, , ,,,.v4,.mnm,.,.-.c.
1 . . _. k j t . 4 (Witus = 16000($ as - Co E t t(It t( Nas e flat trif get Asia (tuttug as L i~ tim ii i. C _] i% I 4 I i L , ($ (WlMS UNAVAlt. 4 3 ffMIDIS ACIUAIIIM ' torat f ansit er (attutt h',' , 60% (W (Chltdh 9144 9 in E B t witn e inif M I A84 3s 8046 int 10 Itil OR MA tat t mAmit ' tetaalR (WIDt t ggy,q,g g 3, a 7 f ~ {MIId5 533 Um l AO l LIS a Gip', LIES SailIIP ] {tes' tin S hitt'i] I (ftwirus aus tt ) 4189888If~l ui mits i. : us .=ui : LATUL i lf 11.s vsf is.vwc~n 11 notti: til to et tevitieso su sut anatist as a versmi m In us tatt iain a in une tasis (2) we et temstaate as a tem at
- - , ~ . . . - ..
( t' oneimn . I E oco u n,,,. c g o w itw nan AiluA. ItP * $(gy litWe $fillR 14ttl$
-l-- g
""""'I - le doo6A 1
[6iF67 'Iti As-~ ) teot . cg i
~
Tl g gggg y,, MluAllom StillM g g,g gg g, _ ct (0,, intr I% IMAI plyj ((W . g ,, , ,,g ownlitn gul tw Il$ 0898- i st%Illose OR14tmAt P0111 Bun 7 *M- -hDI I Olt( { I INO l A p
~
'. (Fot fewis*2 rel S - Aul0 At luAllten i st IM$ '
Auto MlUAlloit StillR R M Ml4All0A StillM P'JS$tlemenn ing Its S ain t% lHAR a eW N "I U ' ' " UE I AHill ( Ati\last, tawlta n ** G Att 1% ( AtEMtit. GPleAq,e Ipassia lie ' (NetR!f 8sl4 8 A81888 3480 Duld.886A8 8 8'88 tsalutininD AtluAllest 9t Spier.4 til At tl44 MI D9 inw timtDin Di 4tN Ifwll4'8
- gg gg g gs ll jjpg {$
sia note i u, mig I ( s. .I, 9 g,, g Noll5: ll) to et Ig ut t ed-t te 33 Ing AnAg ggg Ag A gi$.p,,g g,ggg , gg,,
j I k a 1 5 x 1: 5 1: : t.o _. .._ wa
;o,J i
tt* "o I.5-
-- 3; Sii 1 as 5
- =1 W# i-.f
- =; 9",
Ei l zi tr O
- m:
0- - E = l s.m 2 V
- s. ll :
I
, ,, e r
u- t l~! ..:n >*
- .w o .a i=
4 t ,
- z. .. 1 y? Y b 5-* W j -!j Ma ga t.
- j'e 6. -
=a -
-J; , .
a E
- E
+ y ha e- E E I
- s{3 E I s i.
4 g * - unsup 5
.. S
* 'I * - -
S, E_mn- 5' p g I 3 s i ;
\ Y p E*
aI
=* -
g5 i 5 5 x- _s Bg
=
1
-I ... ._
l
-= -', ..
g- g t *$ J $ e es - a e 4 4 (. m-
1 4 i L t m N
.s r. s W g k n := ~ ~
l-O $ , o o b z_: Y y i O W t3 b g a0 )
- g. *d
+ 2. v e r3 P v -
'=,5 .
_v. d
-- a y
e .t:.rf.
. s. .
i
) I I E t - -
ge_ jg i'-
,I
. v. 1
- , 3
- ::l
.f -
11 Er!_ , regd a:.s l
- _ m
!f ;{ $2*E
.3 I
a= !.g = - i
.. I - W e ,
is
- z t
i: is. C - a; u tri, b. V' . --
.g. *:35 t s
g-E> + : g5
. I::
L. Ea w : e 3 we lvWeh PNWM W l- = 5e * ! 8 i
.- l=.
,Ei e i. 1.l 5
- = !
=ls:
=_
#pa E r-Ge$., ,
{
#-82 \ &
E!.
- ,s!
t. IE.
- j- .
s--- t, li g *z: 1 -
*E t v.
i.j , i!!i i *Eis C 8
-1
- a z : -*
e 8 E W
- h!,
!I 3
. E.
'.5" a
,: I 2
- t L': t . _
+
211 E I*58 -B l f 100 .e,6 y , _ . . . < . , . , m....y, , s. w- ,. .. ,,e,,-.....w,. 9-- , ..- ._,----m.}}