Engineering Risk Benefit Analysis RPRA 1. The Logic of Certainty
advertisement
Engineering Risk Benefit Analysis
1.155, 2.943, 3.577, 6.938, 10.816, 13.621, 16.862, 22.82
ESD.72J, ESD.721
RPRA 1.
The Logic of Certainty
George E. Apostolakis
Massachusetts Institute of Technology
Spring 2007
RPRA 1. The Logic of Certainty
1
Event Definition
•Event: A statement that can be true or false.
•“It may rain tonight” is not an event.
•According to our current state of knowledge, we
may say that an event E is TRUE, FALSE, or
POSSIBLE (UNCERTAIN).
•Eventually, E will be either TRUE or FALSE.
RPRA 1. The Logic of Certainty
2
True
Event
False
Possible
RPRA 1. The Logic of Certainty
3
Venn Diagrams
• Sample Space: The set of all possible outcomes of an
experiment. Each elementary outcome is represented by a
sample point.
Failure Time {0, ∞}
• Examples: Die {1,2,3,4,5,6}
• A collection of sample points is an event.
S
Venn Diagram
E
RPRA 1. The Logic of Certainty
4
Indicator Variables
1,If
E
j
is T
If E
j
is F
Xj =
0,
Important Note: Xk = X,
k: 1, 2, …
S
___
Venn Diagram
E
RPRA 1. The Logic of Certainty
E
5
Union (OR operation)
A∪ B = C
X C = 1 − (1 − X A )(1 − X B )
X
C
≡
C
X
j
C
A
B
A
RPRA 1. The Logic of Certainty
B
6
Intersection (AND operation)
A∩ B = C
XC = X AX B
XC ≡ ∏ X j
C
A
B
A
Mutually Exclusive Events:
B
A∩ B = ∅
RPRA 1. The Logic of Certainty
7
Simple Systems
Reliability Block Diagram for the Series System
1
....
failure: X = 1 −
System
Failure
N
N
N
1
1
∏ (1 − X j ) ≡ C X j
N
success :
Y = ∏ Yj
1
1
...
N
RPRA 1. The Logic of Certainty
8
Reliability Block Diagram
for the Parallel System
N
X =∏ X j
1
1
N
2
Y = CYj
i
1
i+1
TOP
N
1
2
i
RPRA 1. The Logic of Certainty
i+1
N
9
Event-Tree Analysis
IE
BARRIER 1
BARRIER 2
1 (OK)
SUCCESS
2 (R1)
3 (R2)
FAILURE
RPRA 1. The Logic of Certainty
10
Fault-Tree Analysis
Reliability Block Diagram for the 2-out-of-3 System
A
B
2/3
C
RPRA 1. The Logic of Certainty
11
X T = 1 − (1 − Y1 )(1 − Y2 )
= 1 − (1 − X A X B X C ){1 − [1 − (1 − Z1 )(1 − Z 2 )(1 − Z 3 )]}
= 1 − (1 − X A X B X C ){1 − [1 − (1 − X A X B )(1 − X B X C )(1 − X C X A )]}
Expanding and using Xk = X we get
X T = 1 − (1 − X A X B )(1 − X B X C )(1 − X C X A )
RPRA 1. The Logic of Certainty
12
Cut sets and minimal cut sets
• CUT SET: Any set of events (failures of components and
human actions) that cause system failure.
• MINIMAL CUT SET: A cut set that does not contain
another cut set as a subset.
RPRA 1. The Logic of Certainty
13
New fault tree:
S y s te m
A
B
F a ilu r e
B
C
C
A
Minimal cut sets:
M 1 = X A X B,
M2 = X B XC ,, M3 = XC X A
3
X T = C M j ≡ 1 − (1 − M 1 ) (1 − M 2 ) (1 − M 3 ) =
1
= 1 − (1 − X A X B )(1 − X B X C )(1 − X C X A)
RPRA 1. The Logic of Certainty
14
XT = φ(X1, X2,…Xn) ≡ φ(X)
φ(X) is the structure or switching function.
It maps an n-dimensional vector of 0s and 1s onto 0 or 1.
Disjunctive Normal Form:
N
N
1
1
XT = 1 − ∏ (1 − M i ) ≡ C M i
Sum-of-Products Form:
N
N −1 N
XT = ∑ Mi − ∑
i =1
N +1 N
∑ M i M j + ... + (−1) ∏ M i
i =1 j =i +1
RPRA 1. The Logic of Certainty
i =1
15
For the 2-out-of-3 System:
XT=1-(1-XAXB) (1-XBXC) (1-XCXA)
XT = (M1+M2+M3) - (M1M2+M2M3+M3M1) + M1M2M3
But,
M1M2 = XAXB2XC = XAXBXC
Therefore, the sum-of-products expression is:
XT = (XAXB+XBXC+XCXA) - 2XAXBXC
RPRA 1. The Logic of Certainty
16
The Bridge Network
A
1
3
5
2
B
4
{X1X2}, {X3X4}, {X2X3X5}, {X1X4X5}
Disjunctive Normal Form:
XT=1-(1-X1X2)(1-X3X4)(1-X2X3X5)(1-X1X4X5)
Sum-of-Products Form:
XT = X1X2+ X3X4+ X2X3X5+ X1X4X5- X1X2 X3X4- X1X2X3X5- X1X2X4X5 -X2X3X4X5 - X1X3X4X5 + 2X1X2X3X4X5
RPRA 1. The Logic of Certainty
17
Causes of Failure
1.
2.
3.
Primary failure ("hardware" failure)
Secondary failure (external, environmental)
"Command" failure (no input; no power)
N o O u tp u t fro m
C om ponent
P r im a r y
F a ilu r e
S e c o n d a ry
F a ilu r e
RPRA 1. The Logic of Certainty
C om m and
F a ilu r e
18
Reliability Block Diagram for the Fuel-Supply
System
T1
Fuel
Source
T2
Fuel
Source
P1
P2
Control Valve
V1
Pump Train 1
Emergency
Diesel
Engine
Control Valve
V2
Pump Train 2
Electric
Power
Source, E
Control
System, C
Cooling
System,
CO
RPRA 1. The Logic of Certainty
19
Fault tree elements
TOP EVENT
“OR” Gate
INTERMEDIATE
EVENT, A
“AND” Gate
INCOMPLETELY
DEVELOPED
EVENT, B
2
Transfer in
from Sheet 2
A1
A2
Basic
Event
A1
Basic
Event
A2
Note: It’s helpful to start the fault-tree development from the
output of the system (the top event) and work backwards.
RPRA 1. The Logic of Certainty
20
LOSS OF FUEL
FLOW , T
LOSS OF TRAIN
1
LOSS OF TRAIN
2
E1
MECHANICAL M
LOSS OF TRAIN 2
2
Loss of
Electricity
E
P2
T2
Loss of
Electricity
E
Loss of
Control
C
Loss of
Cooling
E2
Loss of
Control
C
Loss of
Cooling
CO
V2
MECHANICAL
LOSS OF TRAIN M 1
1
CO
T1
P1
V1
RPRA 1. The Logic of Certainty
21
A simpler fault tree
No Fuel is
Delivered
When Needed
E
Fails
C
Fails
CO
Fails
Pumping
Branches Fail
Train 1 Fails
T1
Fails to
Supply
Fuel
P1
Fails to
Pump
Fuel
Train 2 Fails
V1
Fails
Closed
T2
Fails to
Supply
Fuel
RPRA 1. The Logic of Certainty
P2
Fails to
Pump
Fuel
V2
Fails
Closed
22
Development of T1
Tank T1
Failure to
Supply Fuel
Tank is Intact
But Em pty
and Undetected
Tank (and
Supply Pipe)
is Not Intact
Supply Pipe
is Plugged
Tank is Em pty
Tank is
Em ptied
Inadvertantly
(hum an
error)
Tank is
Em ptied
in Use and
Not Refilled
Tank
Drain
Valve is
Left O pen
Fuel
Level
Detection
Fails
Hum an
Action
Sludge
Buildup
Corrosion Induced Failure
Earthquake
Induced
Failure
M issile
Im pact
Induced
Failure
Internal
Fire/Explosion
Induced
Failure
Corrosion
RPRA 1. The Logic of Certainty
Fatique
Induced
Failure
Faulty
M anufacture
& Control
Program
23
System min cut sets
T1, Tank
P1, Pump and of
V1, Valve
Any combination of
an element of
C
plus
E
CO
T2, Tank
P2, Pump
V2, Valve
Control System
or
Electric Power
Source
or
Cooling System
RPRA 1. The Logic of Certainty
24
RPRA 1. The Logic of Certainty
25
Examples of Initiating Events
• Loss of Coolant
• Transients
• Human Error
• Loss of Power
• Fires
• Airplane Crashes
• Earthquakes
RPRA 1. The Logic of Certainty
26
