Text

Modeling Plant and System ResponseLecture 4-21 Key TopicsConsiderations in modeling processPrincipal modeling toolsEvent treesFault treesMethods of analysisLinked fault treesEvent trees with boundary conditionsUseful tools2Overview ResourcesAmerican Nuclear Society and the Institute of -2300, January 1983.W.E. VeselyNUREG-0492, January 1981.R.E. Barlow and F. Proschan, Statistical Theory of Reliability and Life Testing: Probability Models, Second Edition, To Begin With, Silver Spring, MD, 1975.3Overview Standard Framework for Plant/System Analysis4Introduction Preliminary Remarks-initiator response than in initiators (at least for operating NPP PRAs)*Principal tools (event trees and fault trees) are standard but analysts have modeling choicesAnalysis scopeLevel of detailSimplificationsParsing of sequence elementsMethod of analysis5*There are exceptions (e.g., modeling of LOOP)Introduction Preliminary Remarks (cont.)reviews, benchmarking, NRC review questions) tend to reduce variability in approaches. The act of modeling improves understanding PRA the analysis.6*There are exceptions (e.g., modeling of LOOP)Introduction CautionsSystem details can be intimidating to the uninitiated. Need to understand how system works before figuring out how it might fail. Time required to develop understanding can be significant.Many attempts to automate model construction, none yet satisfactory. Increasing importance for organizations Many models already exist.Existing models provide templates for new modeling efforts, also serve as points of comparisonNeed to be careful of biases from the anchoring and adjustment heuristic (Lecture 2-3)7Introduction Example ChoicesAnalysis scope (given overall project scope)Time (e.g., pre-initiator processes, mission time)Space (e.g., single unit vs. multi-unit, regional hazards)Organization (e.g., plant staff only, offsite organizations)Level of detailPiece--Sub--2)8Modeling Process Example Choices (cont.)SimplificationsUnlikely failures and failure combinations (e.g., locked manual valves, multiple instrument line valves)Failures that should have little effect on performance (e.g., non-safety strip chart recorder)Uncredited recovery actions (e.g., untrained, non-proceduralizedactions)Independence of events (Lecture 6-1)full characterization)9Modeling Process Example Choices (cont.)Simplifications MiniflowTest Line Example10Should the miniflowtest line (and valve MV2) be included in the fault tree? Why or why not?P1P2MV1CVMV2TMiniflowTest LineModeling Process Example Choices (cont.)ParsingSystem-based event trees vs. functional event tree vs. no event treeHuman failure events in event trees or fault treesNote:Difficulty is conservedResults should be the same, given the same modeling assumptions. However, risk communication can be affected11Modeling Process Guiding Principles in ChoosingAvailability and quality of supporting evidenceRequired degree of realismKey dependenciesPRA-user confidence12Important: choices => responsibilityDocument understanding and assumptionsBe able to defend analysis Modeling Process Analysis Methods and ModelsLinked fault tree vs event tree with boundary conditionsLogic modeling vs object-oriented simulation (Lecture 9-3)Static vs dynamic (Lecture 9-3)13Analysis Methods and Models Linked Fault Tree Example14P3VAP1P2VASystem 1System 2123No CDLate CD = Early CDInitiating EventAnalysis Methods and ModelsOverbar for success. Also slash (/).

Fault Tree for System 1AssumeEach pump can supply the necessary flow (i.e., the pumps are redundant), so system failure requires both pumps to failThe pumps and the valve have the same electric power source (EP)15System 1FailureFailure ofBoth PumpsFailure ofPump 1EPP1Failure ofPump 2EPP2Failure ofValve AEPVAAnalysis Methods and Models Boolean Operators, Laws, etcand multiplication symbols (e.g., * )OR: also U V and addition symbols (e.g., +)NOT: also / and overscore, , , , , , 16Analysis Methods and Models Application: Fault Tree to BooleanSystem 1 failure: More generally, a fault tree can be drawn as the conjunction/union (OR) of all of the minimal cut setswhere MCSiis the disjunction/intersection (AND) of the basic elements in the MCS17Analysis Methods and Models Simplification via Boolean Reduction18Analysis Methods and Models Application: Fault Tree to Success Tree, Minimal Cut Sets to Minimal Path Sets19ORORANDANDSuccessFailureSuccessFailureMCS = {EP}, {VA}, {P1, P2}MPS = {/EP, /VA, /P1}, {/EP, /VA}, /P2}Analysis Methods and Models Linked Fault Tree20System 1System 2123No CDLate CDEarly CDInitiating EventCut Sets: {IE, /EP, /VA, /P1, P3}, {IE, /EP, /VA, /P2, P3}Analysis Methods and Models System 1System 2123No CDLate CDEarly CDElectric Power4Early CDInitiating EventEvent Tree w/Boundary Conditions Example211= P{/EPlIE}2= P{/S1l/EP,IE}3= P{S2l/S1,/EP,IE}Analysis Methods and Models(conditions are understood)

Reminder Conditional ProbabilityDefinitionVenn Diagram22BAThe universe of possibilities is reduced to BAnalysis Methods and Models Linked Fault Trees vs Event Trees w/Boundary ConditionsLinked fault treesUsed by most PRA softwareFocus on modeling top events; fault tree software deals with logic-based dependencies Special basic event or post-processing rules needed to address other dependenciesQualitative information: sequence cut sets, cut setsEvent trees with boundary conditionsLess usedCan be used with reliability block diagrams (discussed later)Focus on conditional probabilities, dependenciesQualitative information: sequences23Analysis Methods and Models Useful Tools for Plant ModelingEvent Sequence Diagrams (ESDs)Dependency MatricesNote: tools are useful forDocumenting understanding of system24Useful Tools Event Sequence DiagramsFlowchart representing potential scenariosHelps structure thinking regarding myriad possibilities Can provide a more literal, richer scenario picture Key parameters and indicationsImportant trendsLoopsModeling assumptionsDocuments understanding25Useful Tools ESD Concept26Probabilistic Risk Assessment Procedures Guide for NASA Managers and Practitioners, NASA/SP-2011-3421, 2nded., 2011Useful Tools ESD Example (NPP)27NUREG/CR-2300, January 1983.NUREG/CR-2300, January 1983.Useful Tools Dependency MatricesTool to help understand and document functional dependencies between systems (and even trains)Example:28Support SystemsFrontline SystemsOPAC-AAC-BSW-ASW-BLPI-ALPI-BLPR-ALPR-BOPXAC-AXXXXAC-BXXXXSW-A(1)XXXSW-B(1)XXX(1) Failure of service water leads to loss of EDG cooling and eventual LOSW (if offsite power is not available).Useful Tools System Modeling ToolsFault TreesReliability Block DiagramsObject-Oriented Simulation (Lecture 9-3)29Analysis Methods and Models Reliability Block DiagramsSuccess-oriented, quantitative reliability models30B1B2B3B5B6B4wheremin cutupper boundrare eventAnalysis Methods and Models Comment Details MatterIncluding the same component in different system models is OK (software algorithms will do Boolean reduction) but errors in labeling can cause errors in results. Example: What happens if the analyst for System 1 labels Valve A as S1-VA and the analyst for System 2 labels that valve as S2-VA?31P3VAP1P2VASystem 1System 2Analysis Methods and Models Knowledge CheckMCS if each pump can provide 100% flow?MCS if each pump can provide 50% flow?32P1P2MV1CVMV2TCheckValve Knowledge Check (cont.)33P1P2MV1CVMV2TP2MV1MV24160 VAC BY480 VAC BZ4160/480 VAC XTP1Now what are the minimal cut sets?BusBreakerTransformerLoad Thought Exerciseplant for 40 years, looks at your fault tree for the boiler. He sees that the manual valve at the (i.e., a single element MCS). He growls at you Whaddyamean, the valve is going to 34 Closing RemarksRare events => need to search for potential contributorsFormal tools (e.g., MLDs, ESDs) can: help the analyst think about the problem, aid the search process, and increase degree of completenessassumptionsExamples from past studies provide useful guidance; beware of treating them as templates35