Probabilistic Calculations 22.39 Elements of Reactor Design, Operations, and Safety Lectures 10-11
advertisement
Probabilistic Calculations
22.39 Elements of Reactor Design, Operations, and
Safety
Lectures 10-11
Fall 2006
George E. Apostolakis
Massachusetts Institute of Technology
Department of Nuclear Science and Engineering
1
General Formulation
XT = φ(X1,…Xn) ≡ φ(X)
N
N
1
1
X T = 1 − ∏ (1 − M i ) ≡ C M i
N
N −1 N
N +1 N
XT = ∑ Mi − ∑ ∑ Mi M j + ... + (−1)
i =1
i =1 j =i +1
∏ Mi
i =1
XT : the TOP event indicator variable
Mi : the ith minimal cut set or accident sequence
Department of Nuclear Science and Engineering
2
TOP-event Probability
N
P (X T ) = ∑ P(M i ) + K + (− 1)
N +1
1
⎛N
⎞
P⎜ ∏ M i ⎟
⎝ 1
⎠
N
P(XT ) ≅ ∑ P (Mi )
Rare-event approximation
1
The question is how to calculate the probability of Mi
P ( M i ) = P ( X ik ... X im )
P (A B ) ≡
Conditional probability:
P ( AB )
P (B )
In d e p e n d en t e v e n ts:
P (A B ) = P (A
)
P ( A B ) = P (A ) P ( B )
Department of Nuclear Science and Engineering
3
MinCutSet Probability
P ( M ) = P ( X 1X 2 X 3 ) = P ( X 1 ) P ( X 2 X 3 / X 1 ) =
= P ( X 1 ) P ( X 2 / X 1 ) P ( X 3 / X 1X 2 )
For independent events:
P ( M ) = P ( X 1X 2 X 3 ) = P ( X 1 ) P ( X 2 ) P ( X 3 )
For accident sequences, we must include the initiating-event frequency
per year:
fr(M) = fr(IEX1X2 ) = fr(IE)P( X1X2 / IE) = fr(IE)P( X1 / IE)P( X2 / IEX1 )
N
fr (X T ) ≡ CDF ≅ ∑ fr (M i )
1
Department of Nuclear Science and Engineering
4
Example: 2-out-of-4 System
1
2
M 1 = X1 X 2 X 3
M2 = X2 X3 X4
M 3 = X3 X 4 X 1
M4 = X1 X2 X4
3
4
XT = 1 – (1 – M1) (1 – M2) (1 – M3) (1 – M4)
XT = (X1 X2 X3 + X2 X3 X4 + X3 X4 X1 + X1 X2 X4) - 3X1 X2 X3X4
Department of Nuclear Science and Engineering
5
2-out-of-4 System (cont’d)
P(XT = 1) = P(X1 X2 X3 + X2 X3 X4 + X3 X4 X1 + X1 X2 X4) –
3P(X1 X2 X3X4)
Assume that the components are independent and nominally
identical with failure probability q. Then,
P(XT = 1) = 4q3 – 3q4
Rare-event approximation:
P(XT = 1) ≅ 4q3
Department of Nuclear Science and Engineering
6
Overview
• We need models for:
¾ The frequency of initiating events.
¾ The probability that a component will fail on demand.
¾ The probability that a component will run for a period of time given
a successful start.
Department of Nuclear Science and Engineering
7
Initiating Events: The Poisson Distribution
• Used typically to model the occurrence of initiating events.
• Discrete Random Variable: Number of events in (0, t)
• The rate λ is assumed to be constant; the events are
independent.
• The probability of exactly k events in (0, t) is (pmf):
k
−λt
Pr[k ] = e
k! ≡ 1*2*…*(k-1)*k
(λ t )
0! = 1
k!
2
m = λt σ = λt
Department of Nuclear Science and Engineering
8
Example of the Poisson Distribution
•
A component fails due to "shocks" that occur, on the average, once every
100 hours. What is the probability of exactly one replacement in 100
hours? Of no replacement?
• λ t = 10-2*100 = 1
• Pr[1 repl.] = e-λt = e-1 = 0.37 = Pr[no replacement]
• Expected number of replacements: 1
2
−1
1
e
−1
=
= 0.185
Pr[ 2repl] = e
2! 2
Pr[k≤2] = 0.37 + 0.37 + 0.185 = 0.925
Department of Nuclear Science and Engineering
9
Reliability and Availability
• Reliability: Probability of successful operation over a
period (0, t).
• Availability: Probability the item is working at time t.
• Note:
¾ In industrial applications, the term “reliability” includes the
probability that a safety system will start successfully and operate
for a period (0, t).
¾ The term “unavailability” usually refers to maintenance.
Department of Nuclear Science and Engineering
10
Failure while running
• T: the time to failure of a component (continuous random
variable).
• F(t) = P[T < t]: failure distribution (unreliability)
• R(t) ≡ 1-F(t) = P[t < T]: reliability
• m: mean time to failure (MTTF)
• f(t): failure density, f(t)dt = P{failure occurs between t and
t+dt} = P [t < T < t+dt]
Department of Nuclear Science and Engineering
11
The Hazard Function or Failure Rate
f (t )
f (t )
h(t ) ≡
=
R (t ) 1 − F( t )
⎞
⎛ t
F(t ) = 1 − exp⎜⎜ − ∫ h(s )ds ⎟⎟.
⎠
⎝ 0
The distinction between h(t) and f(t) :
f(t)dt: unconditional probability of failure in (t, t +dt),
f(t)dt = P [t < T < t+dt]
h(t)dt: conditional probability of failure in (t, t +dt) given that
the component has survived up to t.
h(t)dt = P [t < T < t+dt/{ t < T}]
Department of Nuclear Science and Engineering
12
The “Bathtub” Curve
h(t)
I
0
II
t1
III
t2
I
Infant Mortality
II
Useful Life
III
Aging (Wear-out)
Department of Nuclear Science and Engineering
t
13
The Exponential Distribution
• f(t) =
•
λe
− λt
F( t ) = 1 − e
λ> 0
t>0
− λt
(failure density)
R(t ) = e
− λt
• h(t) = λ constant (no memory; the only pdf with
this property) ⇒ useful life on bathtub curve
F(t) ≅ λt
for λ t < 0.1 (another rare-event
approximation)
1
m= =σ
λ
Department of Nuclear Science and Engineering
14
Example: 2-out-of-3 system
Each sensor has a MTTF equal to 2,000 hours. What is the
unreliability of the system for a period of 720 hours?
• Step 1:
System Logic.
XT = (XAXB+XBXC+XCXA) - 2XAXBXC
Department of Nuclear Science and Engineering
15
Example: 2-out-of-3 system (2)
Step 2: Probabilistic Analysis.
For nominally identical components:
P(XT) = 3q2 – 2q3
q = F(t) = 1− e−λt
System Unreliability:
Rare event approximation:
λ = 5 x10 −4
hr −1
(
FT ( t ) = 3 1 − e
)
− λt 2
(
− 2 1− e
)
− λt 3
FT ( t ) ≅ 3( λt ) 2 − 2( λt )3
Department of Nuclear Science and Engineering
16
A note on the calculation of the MTTF
∞
MTTF = ∫ R (t )dt
0
Proof
∞
∞
∞
dR
)dt = − ∫ tdR =
MTTF = ∫ tf (t )dt = ∫ t( −
dt
0
0
0
∞
0
∞
∞
0
0
= − tR + ∫ R(t )dt = ∫ R(t )dt
Department of Nuclear Science and Engineering
17
A note on the calculation of the MTTF (cont.)
since
dF d(1 − R )
dR
=
f (t ) =
=−
dt
dt
dt
and
R(t → ∞ ) → 0
faster
than
Department of Nuclear Science and Engineering
t→∞
18
MTTF Examples
∞
Single exponential component:
MTTF = ∫ e
−λt
0
Series system:
∞
MTTF = ∫ dte− mλt =
0
1-out-of-2 system :
∞
(
1
dt =
λ
1
1
≡
mλ λsystem
MTTF = ∫ dt 2 e
− λt
0
−e
− 2 λt
)
3
=
2λ
2-out-of-3 system :
∞
∞
0
0
−λt 2
MTTF= ∫ RT (t )dt = ∫ [1 − 3(1 − e
5
) ]dt =
6λ
−λt 3
) + 2(1 − e
Department of Nuclear Science and Engineering
19
MTTF Examples: 2-out-of-3 System
Using the result for FT(t) on slide 15, we get
∞
∞
0
0
MTTF = ∫ R T (t )dt = ∫ [1 − 3(1 − e −λt )2 + 2(1 − e −λt )3 ]dt
1
1
5
+
=
MTTF =
2λ 3λ 6λ
1
The MTTF for a single exponential component is:
λ
⇒ The 2-out-of-3 system is slightly worse.
Department of Nuclear Science and Engineering
20
The Weibull failure model
Weibull Hazard Rate Curves
Adjusting the value of b,
we can model any part of
the bathtub curve.
0.0035
b=0.8
b=1.5
0.003
b=1.0
b=2.0
0.0025
0.002
0.0015
0.001
0.0005
0
b b −1
0
200
400
600
800
1000
h ( t ) = bλ t
R(t ) = e
−(λt )
b
For b = 1 ⇒ the
exponential distribution.
Department of Nuclear Science and Engineering
21
The Model of the World
¾ Deterministic, e.g., a mechanistic computer code
¾ Probabilistic (Aleatory), e.g., R(t/λ) = exp(- λt)
¾ Both deterministic and aleatory models of the world have
assumptions and parameters.
¾ How confident are we about the validity of these
assumptions and the numerical values of the parameters?
Department of Nuclear Science and Engineering
22
The Epistemic (state-of-knowledge) Model
• Uncertainties in assumptions are not handled routinely.
If necessary, sensitivity studies are performed.
• Parameter uncertainties are reflected on appropriate
probability distributions.
• For the failure rate: π(λ) dλ = Pr(the failure rate has a
value in dλ about λ)
Department of Nuclear Science and Engineering
23
Unconditional (predictive) probability
R(t ) = ∫ R(t / λ )π (λ )dλ
Department of Nuclear Science and Engineering
24
Communication of Epistemic Uncertainties: The
discrete case
Suppose that P(λ = 10-2) = 0.4 and P(λ = 10-3) = 0.6
Then, P(e-0.001t) = 0.6
and
P(e-0.01t) = 0.4
R(t) = 0.6 e-0.001t + 0.4 e-0.001t
1.0
0.6
exp(-0.001t)
0.4
exp(-0.01t)
t
Department of Nuclear Science and Engineering
25
Communication of Epistemic Uncertainties: The
continuous case
Courtesy of US NRC.
Department of Nuclear Science and Engineering
26
The lognormal distribution
•
It is very common to use the lognormal distribution as the epistemic
distribution of failure rates.
⎡ (ln λ − μ )2 ⎤
1
π( λ ) =
exp⎢ −
⎥
2
2πσλ
2σ
⎦
⎣
⎡
σ2 ⎤
m = exp ⎢μ + ⎥
2⎦
⎣
λ 95 = eμ +1.645σ median : λ 50 = eμ
λ 05 = eμ −1.645σ
λ 95
λ 95 λ 50
EF =
=
=
λ 05
λ 50 λ 05
Y = ln λ
Y is normally distributed with mean μ and standard
deviation σ
Department of Nuclear Science and Engineering
27
Courtesy of US NRC.
28
Department of Nuclear Science and Engineering
Courtesy of US NRC.
Department of Nuclear Science and Engineering 29
SIMPLIFIED SYSTEM DIAGRAM
Courtesy of US NRC.
Department of Nuclear Science and Engineering
30
HIGH PRESSURE INJECTION DURING LOOP 1-0F-3
TRAINS FOR SUCCESS
Courtesy of US NRC.
Department of Nuclear Science and Engineering
31
HPIS Analysis (1-out-of-3)
•
In the RSS HPIS, the three pump trains have a common suction line
from the RWST. The South Texas Project design has separate suction
lines for the three trains, as the fault tree shows.
•
Qtotal = Qsingles + QdoubleFail’s + Qtest&maint + QCCF
•
Representative single failures (single-element mcs):
¾
¾
¾
¾
•
Check valve SI 225 fails to open
Check valve SI-25 fails to open
RWST discharge line ruptures
Other
Qsingles = 1.1x10-3 (“point estimate”)
Department of Nuclear Science and Engineering
32
HPIS: Double Failures
• Representative double failures (double-element mcs):
¾ RWST supply MOVs 1115B and 1115D fail to open
¾ Born Injection Tank (BIT) inlet MOVs 1867A and 1867B fail to
open
¾ BIT discharge MOVs 1867C and 1867D fail to open
¾ Service water pumps; cooling water pumps; BIT cooling system
¾ other
• Q(MOVs 1867C and 1867D fail to open) = P(X1) P(X2)
where P(Xi) is a lognormal with median 1.9x10-2 and EF = 3
• QdoubleFail’s = 2.5x10-3 (“point estimate”)
Department of Nuclear Science and Engineering
33
HPIS: Other Contributions
•
Qtest&maint is negligible because of the 1-out-of-3 redundancy (if one
train is out, double failures must occur for the system to fail).
• QCCF(MOVs 1867C and 1867D fail to open) = βP(X1) =
= 0.075x1.9x10-2 = 1.4x10-3
• Monte Carlo simulation yields (RSS):
¾ Qtotal,median = 8.6x10-3
¾ Qtotal,upper = 2.7x10-2
¾ Qtotal,lower = 4.4x10-3
Department of Nuclear Science and Engineering
34
In some important cases, ΔCDF and ΔLERF
cannot be calculated.
SSC
Categories
Based on
Importance
Measures
Decision
Options
Impact on
CDF and
LERF
Expert
Panel
Delibera
tion
Department of Nuclear Science and Engineering
RiskInformed
Decision
35
Fussell-Vesely Importance Measure
FVi =
R0
(i )
Mk
R
−i
Pr[U Mk( i )]
k
R
0
−i
0
− R −i
R
R
=
= 1− 0
0
R
R
The base-case risk metric (CDF or LERF) = Pr[ U M k ]
k
The kth accident sequence containing event i
The risk metric (CDF or LERF) with the ith
component up (unavailability equal to zero)
Department of Nuclear Science and Engineering
36
Risk Reduction Worth (RRW)
R0
RRW i = − i
R
R0 − R −i
R −i
1
FVi =
= 1− 0 = 1−
0
RRWi
R
R
•FVi is the fractional decrease in the risk metric when event i is
always true (component i is always available; its unavailability is set
equal to zero).
•This importance measure is particularly useful for identifying
improvements to the reliability of elements which can most reduce
risk.
Department of Nuclear Science and Engineering
37
F-V Ranking
Loss Of Offsite Power Initiating Event
DIESEL GENERATOR B FAILS
DIESEL GENERATOR A FAILS
COMMON CAUSE FAILURE OF DIESEL GENERATORS
OPERATOR FAILS TO RECOVER OFFSITE POWER (SEAL LOCA)
RCP SEALS FAIL W/O COOLING AND INJECTION
OPERATOR FAILS TO RECOVER OFFSITE POWER
BEFORE BATTERY DEPLETION
0.831
0.437
0.393
0.39
0.388
0.344
0.306
Department of Nuclear Science and Engineering
38
Risk Achievement Worth (RAW)
RAW i =
R+i
R +i
R
0
The risk metric (CDF or LERF) with the ith
component always down (its unavailability is set
equal to 1)
RAW presents a measure of the “worth” of the basic event
in “achieving” the present level of risk and indicates the
importance of maintaining the current level of reliability for
the basic event.
Department of Nuclear Science and Engineering
39
RAW Ranking
Loss Of Offsite Power Initiating Event
51,940
Steam Generator Tube Rupture Initiating Event
41,200
Small Loss Of Coolant Accident Initiating Event
40,300
CONTROL ROD ASSEMBLIES FAIL TO INSERT
3,050
COMMON CAUSE FAILURE OF DIESEL GENERATORS
RPS BREAKERS FAIL TO OPEN
Department of Nuclear Science and Engineering
271
202
40
Comments on Importance Measures
•
Importance measures are typically evaluated for individual SSCs, not groups.
•
The various categories of risk significance are determined by defining
threshold values for the importance measures. For example, in some
applications, a SSC is in the "high" risk-significant category when FV > 0.005
and RAW > 2.0.
•
Importance measures are strongly affected by the scope and quality of the
PRA. For example, incomplete assessments of risk contributions from lowpower and shutdown operations, fires, and human performance will distort the
importance measures.
Department of Nuclear Science and Engineering
41
