lec10_11

Probabilistic Calculations

22.39 Elements of Reactor Design, Operations, and

Safety

Lectures 10-11

Fall 2006

George E. Apostolakis Massachusetts Institute of Technology

Department of Nuclea r S c ien ce and Engineering 1

General Formulation

X T = φ ( X 1 ,…X n )  φ ( X )

X T  1 

N

 ( 1 

1

M i ) 

N

 M i 1

N N  1 N

N  1 N

X T   M i

   M i M j

 ...  (  1 )

 M i

i  1

i  1 j  i  1

i  1

X T : the TOP event indicator variable

M i : the ith minimal cut set or accident sequence

Department of Nuclea r S c ien ce and Engineering 2

TOP-event Probability

P  X

  N P  M

      1  N  1 P  N M 

T  i

  i 

1  1 

N

P  X T  

 P  M i 

1

Rare-event approximation

The question is how to calculate the probability of M i

P ( M i ) 

P ( X i

... X i )

P  A

B  

k

m

P  A B  P  B 

Co nditional probability:

I n d e p e n d e n t e v e n ts :

P  A

B  

P  A 

P ( A B ) = P ( A ) P ( B )

Department of Nuclea r S c ien ce and Engineering 3

MinCutSet Probability

P ( M )  P ( X 1 X 2 X 3 ) 

P ( X 1 ) P ( X 2 X 3

/ X 1 ) 

 P ( X 1 ) P ( X 2

/ X 1 ) P ( X 3 / X 1 X 2 )

For independent events:

P ( M ) 

P ( X 1 X 2 X 3 ) 

P ( X 1 ) P ( X 2 ) P ( X 3 )

For accident sequences, we must incl ude the initiating-event frequency per year:

fr ( M )  fr ( IE X 1 X 2 )  fr ( IE ) P ( X 1 X 2 / IE )  fr ( IE ) P ( X 1 / IE ) P ( X 2 / IE X 1 )

fr  X T  

CDF

N

  fr

1

 M i 

Department of Nuclea r S c ien ce and Engineering 4

Example: 2-out-of-4 System

1

2

3

4

M 1 = X 1 X 2 X 3 M 2 = X 2 X 3 X 4 M 3 = X 3 X 4 X 1 M 4 = X 1 X 2 X 4

X T = 1 – ( 1 – M 1 ) (1 – M 2 ) (1 – M 3 ) (1 – M 4 )

X T = (X 1 X 2 X 3 + X 2 X 3 X 4 + X 3 X 4 X 1 + X 1 X 2 X 4 ) - 3 X 1 X 2 X 3 X 4

Department of Nuclea r S c ien ce and Engineering 5

2- out-of-4 System (cont’d)

P( X T = 1) = P(X 1 X 2 X 3 + X 2 X 3 X 4 + X 3 X 4 X 1 + X 1 X 2 X 4 ) –

3P(X 1 X 2 X 3 X 4 )

Assume that the components ar e i ndependent and nominally identical with failure probability q. Then,

P( X T = 1) = 4q 3 – 3 q 4

Rare-event approximation: P( X T = 1)  4q 3

Department of Nuclea r S c ien ce and Engineering 6

Overview

• We need models for:

 The frequency of initiating events.

 The probabili ty that a component will fail on demand.

 The probabili ty that a component will run for a period of tim e given a successful start.

Department of Nuclea r S c ien ce and Engineering 7

Initiating Events: T he Poisson Distribution

• Used typically to model the occurrence of initiating events.

• Discrete Random Variable: Number of events in (0, t)

• The r ate λ is assumed to be constant; t he events are

independent.

• The probability of exactly k events in (0, t) is (pmf):

(  t ) k

e

Pr[ k ] 

  t

k !

k!  1*2*…*(k-1)*k 0! = 1

m  λ t

σ 2  λ t

Department of Nuclea r S c ien ce and Engineering 8

Example of the Poisson Distribution

• A component fails due to "shocks" that occur, on the average, once every 100 hours. What is the probability of exactly one replacement in 100 hours? Of no replacement?

• λ t = 10 -2 *100 = 1

• Pr[1 repl.] = e -  t = e -1 = 0.37 = Pr[no replacement]

• Expected number of replacements: 1

Pr[ 2 repl ] 

 1 1 2

e

2 !

 e  1

2

 0 . 185

Pr[k  2] = 0.37 + 0.37 + 0.185 = 0.925

Department of Nuclea r S c ien ce and Engineering 9

Reliability and Availability

• Reliability : Probability of successful operation over a period (0, t).

• Availability : Probability the item is working at time t.

• Note :

 In industrial applications, the term “reliability” includes the probability that a safety system wi ll start successfully and operate for a period (0, t).

 The term “unavailability” usually refers to maintenance.

Department of Nuclea r S c ien ce and Engineering 10

Failure while running

• T: the time to failure of a component (continuous random variable).

• F(t) = P[T  t]: failure distribution (unreliability)

• R(t)  1-F(t) = P[t  T]: reliability

• m: mean time to failure (MTTF)

• f(t): failure density, f(t)dt = P{failure occurs between t and t+dt} = P [t  T  t+dt]

Department of Nuclea r S c ien ce and Engineering 11

The Hazard Function or Failure Rate

h  t  

f  t  

f ( t )

 t 

R  t 

1  F ( t )

F  t  

1  ex p    h  s  ds  .

 0 

The distinction between h(t) and f(t) :

f(t)dt: unconditional probability of failure in (t, t +dt), f(t)dt = P [t  T  t+dt]

h(t)dt: conditional probability of failure in (t, t +dt) given that the component has survived up to t.

h(t)dt = P [t  T  t+dt/{ t  T}]

Department of Nuclea r S c ien ce and Engineering 12

The “Bathtub” Curve

I

II

III

h(t)

0 t t t

1 2

I I nfant Mortality

II Useful Life

III Aging (Wear-out)

Department of Nuclea r S c ien ce and Engineering 13

The Exponential Distribution

• f(t) =

λ e  λ t

λ  0 t  0 (failure density)

• F ( t )

 1 

e  λ t

R ( t ) 

e  λ t

• h(t) = λ constant (no memory; the only pdf w ith

this property)  useful life on bathtub curve

F(t) 

λ t for

λ t  0.1 ( another rare-event approximation)

m  1  



Department of Nuclea r S c ien ce and Engineering 14

Example: 2-out-of-3 system

Each sensor has a MTTF equal to 2,000 hours. What is the unreliability of the system for a period of 720 hours?

• Step 1: System Logic.

X T = ( X A X B + X B X C + X C X A ) - 2 X A X B X C

Department of Nuclea r S c ien ce and Engineering 15

Example: 2-out-of-3 system (2)

Step 2: Probabilistic Analysis.

For nominall y identical components:

P ( X T ) = 3q 2 – 2 q 3

q  F ( t )  1  e   t

  5 x 10  4 hr  1

System Unreliability:

F T ( t ) 

3  1 

e   t  2

 2  1 

e   t  3

Rare event approximation:

F T ( t ) 

3 (  t ) 2

 2 (  t ) 3

Department of Nuclea r S c ien ce and Engineering 16

A note on the calculation of the MTTF

Proof

MTTF



  R ( t ) dt

0

MTTF



  tf ( t ) dt

0



  t (

0



 dR

dt

) dt



   tdR 

0

  tR  

 R ( t ) dt 

0

 R ( t ) dt

0

Department of Nuclea r S c ien ce and Engineering 17

A note on the calculation of the MTTF (cont.)

since

and

f ( t )  dF

dt

 d ( 1  R )

dt

  dR

dt

R ( t

  )  0

faster

than

t  

Department of Nuclea r S c ien ce and Engineering 18

MTTF Examples

Single exponential component:

   t 1

MTTF   e

1

0

dt  

Series system:



MTTF   dte  m  t

0

 m 

 1

 system

1- out-of-2 system :

2- out-of-3 system :

MTTF

  dt  2 e   t



0

 e  2  t   3

2 



MTTF   R T



( t ) dt   [ 1

 3 ( 1  e   t ) 2

 2 ( 1  e   t ) 3 ] dt  5

6 

0 0

Department of Nuclea r S c ien ce and Engineering 19

MTTF Examples: 2-out-of-3 System

Using the result for F T (t) on slide 15, we get

 

MTTF   R T ( t ) dt   [ 1  3 ( 1  e   t ) 2  2 ( 1  e   t ) 3 ] dt

0 0

MTTF 

1 1



2  3 

 6 

5

The MTTF for a single exponential component is: 1



 The 2-out-of-3 system is slightly worse.

Department of Nuclea r S c ien ce and Engineering 20

The Weibull f ailure model

W e ib u l l H a z a r d Ra t e Cu r v e s

0 . 0035

0. 003

0 . 0025

0. 002

0 . 0015

0. 001

0 . 0005

0

b= 0 . 8 b= 1 . 5

b= 1 . 0 b= 2 . 0

0 200 40 0 600 80 0 1000

Adj u sting the value of b, we can model any part of the bathtub curve.

h ( t ) 

b  b t b  1

R ( t ) 

e    t  b

For b = 1  the exponential distribution.

Department of Nuclea r S c ien ce and Engineering 21

The Model of the World

 Deterministic , e.g., a mechanistic computer code

 Probabilistic (Aleatory) , e.g., R(t/  ) = exp(-  t)

 Both deterministic and aleatory models of the world have assumptions and parameters.

 How confident are we about the validity of these assumptions and the numerical values of the parameters?

Department of Nuclea r S c ien ce and Engineering 22

The Epistemic (state-of-knowledge) Model

• Uncertainties in assumptions are not handled routinely. If necessary, sensitivity studies are performed.

• Parameter uncertainties are reflected on appropriate probability distributions.

• For the failure rate: π ( λ ) d λ = Pr(the failure rate has a value in d λ about λ )

Department of Nuclea r S c ien ce and Engineering 23

Unconditional (predictive) probability

R ( t ) 

 R ( t

/  ) 

(  ) d 

Department of Nuclea r S c ien ce and Engineering 24

Communication of Epistemic Uncertainties: The discrete case

Suppose that P(  = 10 -2 ) = 0.4 and P(  = 10 -3 ) = 0.6 Then, P(e -0.001t ) = 0.6 and P(e -0.01t ) = 0.4

R(t) = 0.6 e -0.001t + 0.4 e -0.001t

1.0

exp(-0.001t)

0.6

exp(-0.01t)

0.4

t

Department of Nuclea r S c ien ce and Engineering 25

Communication of Epistemic Uncertainties: The continuous case

Co urtesy o f US NRC.

Department of Nuclea r S c ien ce and Engineering 26

The lognormal distribution

• It is very common to use the lognormal distribution as the epistemic distribution of failure rates.

 1 

(ln    ) 2 

  2 





(  )  exp   2  

2  2 

m  exp    

 2 

 95

 05

 e   1 . 645 

 e   1 . 645 

median

:  50

 e 

EF 

 95

 50



 95

 05



 50 

05

Y  ln 

Y is normally distributed with mean μ a nd standard deviati o n σ

Department of Nuclea r S c ien ce and Engineering 27

Co urtesy o f US NRC.

Department of Nuclea r S c ien ce and Engineering

28

Co urtesy o f US NRC.

Department of Nuclear Science and Engineering 29

SIMPLIFIED SYSTEM DIAGRAM

Co urtesy o f US NRC.

Department of Nuclea r S c ien ce and Engineering 30

HIGH PRESSURE INJECTION DURING LOOP 1-0F-3 TRAINS FOR SUCCESS

Co urtesy o f US NRC.

Department of Nuclea r S c ien ce and Engineering 31

HPIS Analysis (1-out-of-3)

• In the RSS HPIS, the three pump trains have a common suction line from the RWST. The South Tex a s Pr oject design has separate suction lines for the three trains, as the fault tree shows.

• Q total = Q singles + Q doubleFail’s + Q test&maint + Q CCF

• Representativ e singl e failure s (single-elemen t mcs) :

 Check valve SI 225 fails to open

 Check valve SI-25 fails to open

 RWST discharge line ruptures

 Other

• Q singles = 1.1x10 -3 (“point estimate”)

Department of Nuclea r S c ien ce and Engineering 32

HPIS: Double Failures

• Representativ e doubl e failure s (double-elemen t mcs) :

 RWST supply MOVs 1115B and 1115D fail to open

 Born Injection Tank (BIT) inle t MOVs 1867A and 1867B fail to open

 BIT discharge MOVs 1867C and 1867D fail to open

 Service water pumps; cooling water pumps; BIT cooling system

 other

• Q(MOVs 1867C and 1867D fail to open) = P(X 1 ) P(X 2 ) where P(X i ) is a lognormal with median 1.9x10 -2 and EF = 3

• Q doubleFail’s = 2.5x10 -3 (“point estimate”)

Department of Nuclea r S c ien ce and Engineering 33

HPIS: Other Contributions

• Q test&m aint is negligible because of the 1-out-of-3 redundancy (if one train is out, double failures must occur for the system to fail).

• Q CCF (MOVs 1867C and 1867D fail to open) = β P(X 1 ) =

= 0.075x1.9x10 -2 = 1.4x10 -3

• Monte Carlo simulation yields (RSS):

 Q total,median = 8.6x10 -3

 Q total,upper = 2.7x10 -2

 Q total,lower = 4.4x10 -3

Department of Nuclea r S c ien ce and Engineering 34

In some important cases,  CDF and  LERF cannot be calculated.

Decision Options

Risk- Informed Decision

Expert Panel Delibera tion

Impact on CDF and LERF

SSC

Categories Based on Importance Measures

Department of Nuclea r S c ien ce and Engineering 35

Fussell-Vesely Importance Measure

Pr[  M ( i ) ]

0   i  i

FV i 

k k  R R R 0 R 0

 1  R

R 0

R 0 The base-case risk metric (CDF or LERF) =

Pr[  M k ]

k

M

( i ) k

R  i

The k th accident sequence containing event i

The risk metric (CDF or LERF) with the i th component up (unavailability equal to zero)

Department of Nuclea r S c ien ce and Engineering 36

Risk Reduction Worth (RRW)

 R 0

RRW

R 0  R  i

i R  i

R  i 1

R

F V i  0

 1 

R 0

 1 

RR W i

• FV i is the fractional decrease in th e risk metric when event i is always true (component i is alw ays available; its unavailability i s set equal to zero).

• This importance measure is parti c ularly useful for identifying improvements to the reliability of elements which can most reduce risk.

Department of Nuclea r S c ien ce and Engineering 37

F-V Ranking

Lo ss Of O f fsite Po wer Initiating Event 0.831

DIESEL GENERATOR B FAILS 0.437

DIESEL GENERATOR A FAILS 0.393

COM M ON CAUS E FAI L URE OF DI E S EL GENERATORS 0.39

OPERATOR FAILS TO RECOVER OFFSITE POW E R (SEAL LOCA) 0.388

RCP SEALS FAIL W/O COOL ING AND INJECTION 0.344

OPERATOR FAILS TO RE COVER OFFSITE POW E R

BEFORE BATTERY DEPLETION 0.306

Department of Nuclea r S c ien ce and Engineering 38

Risk Achievement Worth (RAW)

RAW i 

R  i

R 0

R +i The risk metric (CDF or LERF) with the i th component always down (its unavailability is set equal to 1)

RAW presents a measure of the “worth” of the basic event in “achieving” the present level of risk and indicates the importance of maintaining the current level of reliability for the basic event.

Department of Nuclea r S c ien ce and Engineering 39

RAW Ranking


Loss Of Offsite Power Initiating Event	51,940
Steam Generator Tube Rupture Initiating Event	41,200
Small Loss Of Coolant Accident Initiating Event	40,300
CONTROL ROD ASSEMBLIES FAIL TO INSERT	3,050
COMMON CAUSE FAILURE OF DIESEL GENERATORS	271
RPS BREAKERS FAIL TO OPEN	202

Department of Nuclea r S c ien ce and Engineering 40

Comments on Importance Measures

• Importance measures are typically evaluated for individual SSCs, not groups.

• T he various categories of risk significance are determined by defining threshold values for the importance measures. For example, in some applications, a SSC is in the "high" risk-significant category when FV > 0.005 and RAW > 2.0.

• Importance measures are strongly affected by the scope and quality of the PRA. For example, incomplete assessments of risk contributions from low- power and shutdown operations, fires, and human performance will distort the importance measures.

Department of Nuclea r S c ien ce and Engineering 41