Integrated Dynamic Decision Analysis: a method for PSA in dynamic process system

Similar documents
MODELLING DYNAMIC RELIABILITY VIA FLUID PETRI NETS

Reliability of Technical Systems

Development of Multi-Unit Dependency Evaluation Model Using Markov Process and Monte Carlo Method

Markov Reliability and Availability Analysis. Markov Processes

Time Dependent Analysis with Common Cause Failure Events in RiskSpectrum

However, reliability analysis is not limited to calculation of the probability of failure.

Application of the Stress-Strength Interference Model to the Design of a Thermal- Hydraulic Passive System for Advanced Reactors

Risk Analysis of Highly-integrated Systems

System Reliability Analysis. CS6323 Networks and Systems

Failures in Process Industries

12 - The Tie Set Method

UNAVAILABILITY CALCULATIONS WITHIN THE LIMITS OF COMPUTER ACCURACY ABSTRACT

A MONTE CARLO SIMULATION APPROACH TO THE PRODUCTION AVAILABILITY EVALUATION OF AN OFFSHORE INSTALLATION WITH OPERATIONAL LOOPS

Quantitative evaluation of Dependability

LOCAL FUSION OF AN ENSEMBLE OF SEMI-SUPERVISED SELF ORGANIZING MAPS FOR POST-PROCESSING ACCIDENTAL SCENARIOS

Safety and Reliability of Embedded Systems

Reliability of Technical Systems

arxiv: v2 [math.oc] 28 Feb 2013

BEST ESTIMATE PLUS UNCERTAINTY SAFETY STUDIES AT THE CONCEPTUAL DESIGN PHASE OF THE ASTRID DEMONSTRATOR

RESPONSE SURFACE METHODS FOR STOCHASTIC STRUCTURAL OPTIMIZATION

Monte Carlo Simulation for Reliability and Availability analyses

RISK AND RELIABILITY IN OPTIMIZATION UNDER UNCERTAINTY

Nuclear reliability: system reliabilty

EE 445 / 850: Final Examination

Introduction to Reliability Theory (part 2)

Introduction to Engineering Reliability

Performance Characteristics of Deterministic Leak Detection Systems

of an algorithm for automated cause-consequence diagram construction.

Basics of Uncertainty Analysis

Reliability of Technical Systems

PSA Quantification. Analysis of Results. Workshop Information IAEA Workshop

Structural Reliability

UNIVERSITY OF MASSACHUSETTS Dept. of Electrical & Computer Engineering. Fault Tolerant Computing ECE 655

Analysis of the Space Propulsion System Problem Using RAVEN

Estimation of reliability parameters from Experimental data (Parte 2) Prof. Enrico Zio

Evaluating Safety Integrity Level in presence of uncertainty

Evaluating the Core Damage Frequency of a TRIGA Research Reactor Using Risk Assessment Tool Software

Introduction to Modelling and Simulation

Control of Hybrid Petri Nets using Max-Plus Algebra

Modeling Common Cause Failures in Diverse Components with Fault Tree Applications

Process Control Hardware Fundamentals

Issues in Dependency Modeling in Multi- Unit Seismic PRA

Raven Facing the Problem of assembling Multiple Models to Speed up the Uncertainty Quantification and Probabilistic Risk Assessment Analyses

Calculation method for the determination of leak probabilities for complex structural geometries and load conditions

AC&ST AUTOMATIC CONTROL AND SYSTEM THEORY SYSTEMS AND MODELS. Claudio Melchiorri

Safety analysis and standards Analyse de sécurité et normes Sicherheitsanalyse und Normen

Design for Reliability and Robustness through probabilistic Methods in COMSOL Multiphysics with OptiY

Assessing system reliability through binary decision diagrams using bayesian techniques.

Chapter 18 Section 8.5 Fault Trees Analysis (FTA) Don t get caught out on a limb of your fault tree.

Key Words: Lifetime Data Analysis (LDA), Probability Density Function (PDF), Goodness of fit methods, Chi-square method.

Constant speed drive time between overhaul extension: a case study from Italian Air Force Fleet.

Reliability of Safety-Critical Systems 5.1 Reliability Quantification with RBDs

Reliability Analysis of Hydraulic Steering System with DICLFL Considering Shutdown Correlation Based on GO Methodology

Theoretical Models of Chemical Processes

Real-Time Feasibility of Nonlinear Predictive Control for Semi-batch Reactors

Lecture 4 The stochastic ingredient

POLITECNICO DI TORINO

A BAYESIAN MATHEMATICAL STATISTICS PRIMER. José M. Bernardo Universitat de València, Spain

Presentation of Common Cause Failures in Fault Tree Structure of Krško PSA: An Historical Overview

Using Fuzzy Logic as a Complement to Probabilistic Radioactive Waste Disposal Facilities Safety Assessment -8450

RELIABILITY ANALYSIS IN BOLTED COMPOSITE JOINTS WITH SHIMMING MATERIAL

Complex systems reliability: A complex challenge for reliability analysts

STUDY OF AGGREGATION IN BARIUM SULPHATE PRECIPITATION

PREDICTING THE PROBABILITY OF FAILURE OF GAS PIPELINES INCLUDING INSPECTION AND REPAIR PROCEDURES

Authors : Eric CHOJNACKI IRSN/DPAM/SEMIC Jean-Pierre BENOIT IRSN/DSR/ST3C. IRSN : Institut de Radioprotection et de Sûreté Nucléaire

Common Cause Failures: Extended Alpha Factor method and its Implementation

Stochastic Dual Dynamic Programming with CVaR Risk Constraints Applied to Hydrothermal Scheduling. ICSP 2013 Bergamo, July 8-12, 2012

Basic notions of probability theory

Analysis methods for fault trees that contain secondary failures

Availability analysis of nuclear power plant system with the consideration of logical loop structures

Probabilistic assessment of geotechnical objects by means of MONTE CARLO METHOD. Egidijus R. Vaidogas

NUCLEAR SAFETY AND RELIABILITY WEEK 3

Process Control, 3P4 Assignment 6

Bayesian Networks 2:

Reliability and Availability Simulation. Krige Visser, Professor, University of Pretoria, South Africa

Reliability analysis of geotechnical risks

Variability within multi-component systems. Bayesian inference in probabilistic risk assessment The current state of the art

A METHODOLOGY FOR ASSESSING EARTHQUAKE-INDUCED LANDSLIDE RISK. Agency for the Environmental Protection, ITALY (

Reliability evaluation of a repairable system under fuzziness

Time-varying failure rate for system reliability analysis in large-scale railway risk assessment simulation

CALCULATION OF A SHEET PILE WALL RELIABILITY INDEX IN ULTIMATE AND SERVICEABILITY LIMIT STATES

Stochastic dominance with imprecise information

In-Flight Engine Diagnostics and Prognostics Using A Stochastic-Neuro-Fuzzy Inference System

A MULTI-STATE PHYSICS MODELING FOR ESTIMATING THE SIZE- AND LOCATION-DEPENDENT LOSS OF COOLANT ACCIDENT INITIATING EVENT PROBABILITY

Module 8. Lecture 5: Reliability analysis

Formal Handling of the Level 2 Uncertainty Sources and Their Combination with the Level 1 PSA Uncertainties

Reinforcement Learning

Performance based Engineering

PSA on Extreme Weather Phenomena for NPP Paks

Dynamic Event Trees for Probabilistic Safety Analysis

Risk Analysis Framework for Severe Accident Mitigation Strategy in Nordic BWR: An Approach to Communication and Decision Making

ENT 254: Applied Thermodynamics

Use of Simulation in Structural Reliability

Stochastic Simulation.

Interactivity-Compatibility. TA Hydronic College Training

A Thesis presented to the Faculty of the Graduate School at the University of Missouri-Columbia

Design for Reliability and Robustness through Probabilistic Methods in COMSOL Multiphysics with OptiY

GOAL-BASED NEW SHIP CONSTRUCTION STANDARDS General principles for structural standards MSC 80/6/6

Bayesian Reliability Analysis: Statistical Challenges from Science-Based Stockpile Stewardship

PROBABILISTIC APPROACH TO DETERMINE PUMP OPERATING POINT

Transcription:

Integrated Dynamic Decision Analysis: a method for PSA in dynamic process system M. Demichela & N. Piccinini Centro Studi su Sicurezza Affidabilità e Rischi, Dipartimento di Scienza dei Materiali e Ingegneria Chimica, Politecnico di Torino Corso Duca degli Abruzzi, 24 10129 Torino, Italia One of the important issues still under investigations in order to increase the confidence in the results obtained in the PSA of technological systems is the physical modelling of the process. Integrated Dynamic Decision Analysis provides a full representation of the plant states, as well as all the possible occurrences patterns, expressed in a set of mutually self-excluding sequences. Availability of the full set of alternatives allows the complete spectrum of possible probability-consequence conditions to be used as a basis for decisions in risk reduction. Furthermore it is possible to interface with the logicprobabilistic model a process simulator, in order to assess the status of each relevant process variable with reference to the failure sequence identified, allowing the mutual interactions of the hardware components and the physical evolution of the plant to be taken into account. This approach is here described through a simple case study taken from literature. 1. Introduction In the present work, through the application to a simple exercise taken from literature, the capabilities of dealing with the risk assessment of dynamic system of IDDA (Integrated Dynamic Decision Analysis) methodology were investigated. IDDA is based on an enhanced form of dynamic event tree. Starting from a description, reflecting the level of knowledge that the analyst has about the system, IDDA is able to develop all the sequences of events compatible with the description received, from the point of view both of the logical construction, as of the probabilistic coherence. The system description has the form a binary chart, where the real logical and chronological sequence of the events is described; the direction of each branch is characterised by a probability of occurrence that can be modified by the boundary conditions, and in particular by the same development of the events themselves (probabilities conditioned by the events dynamic). As a matter of fact, in a dynamic cause-consequence logic, in addition to the direct logical interactions characterising it, each event can influence the subsequent events, depending on deterministic cause-consequence relations or stochastic dependences. At the end of the analysis, the full set of the possible alternatives in which the system could evolve is obtained. These alternatives represent a partition since they are mutually exclusive; they are all and the sole possible alternatives, this allowing the method to guarantee the completeness and the coherence of the analysis. The above logical-probabilistic model can be interfaced with a phenomenological model of the system, in order to obtain, for each alternative sequence:

Probability of occurrence; Trend of the significant physical variable; Consequences entity. The analysis of the alternatives in terms of logical congruence and correspondence with the knowledge of the plant is made easier by their representation as concatenations of events, placed along a well-defined time-trajectory. Once the model has been defined, all the information worked out by the software are made available to the analyst as results (Piccinini et al., 1996; Galvagni & Demichela, 2003). 2. The Case Study The case study is taken from Marseguerra & Zio (1996). In particular, the system object of the study (Fig. 1) is a tank containing a liquid. Its level is controlled discontinuously by three independent units, made of three level transmitters, all measuring the level in the main tank, each activating respectively two feed systems (U1 and U2) and one extraction system (U3). The liquid supply takes place through two pumps, fed by different tanks, with a flow rate able to maintain a constant level variation of 0,6 m/h each pump. The extraction system is made of a on-off valve with a flow rate able to bring to a level reduction of 0,6 m/h. At time t=0, the system is in its nominal configuration, with the units U1 and U3 operating and the U2 component in stand-by. In this case, the net flow rate is zero and the level is constant, until the first stochastic modification of the component status occurs. The system components can assume 4 status, whose transitions follow to an exponential law: 1. operating (on) 2. stand-by (off) 3. stuck on 4. stuck off Figure 1. The tank object of the analysis. The mean time between failures is respectively: U1: 219 h U2: 175 h U3: 320 h

The probability over time of main tank overfilling or dry out has been assessed over a mission time of 1000 h, in different conditions as described below. 3. Non Repairable Components The first stage of the analysis is the construction of the logical-probabilistic model of the system, using the IDDA syntax. Each line consists in a question that can have multiple possible answers, each one characterised by an expectation degree. Every question is a level in the IDDA syntax and a branch point in an event tree. Each branch is characterised by a probability of occurrence, its uncertainty degree and a series of addresses, that define the logical path depending on the answer to the analyst question. The alternatives are mutually exclusive. In the present case, the transition rates do not change if the component is operating and fails stuck-on, or if it is in stand-by and fails stuck-off, thus the process control system intervention, activating or deactivating the components, as a matter of fact have not any influence on the occurrence probability of a failure. At this stage no probabilities were introduced in the model, but only conventional values 0.5. This indicating that the real probabilities will be provided by an external file, that from failure rates and mission times calculates the probabilities for each branch. IDDA combines the answers to the analyst questions in all the possible ways, in order to obtain the partition made of all the possible alternative sequences of events, to which a probability of occurrence in associated. The sequences are of immediate reading and understanding. They show, step by step, the chosen paths, the associated probabilities and the modification on the logical status and on the probability of each event included in the sequence. The reading of the alternatives immediately reveals possible incongruence and omissions in the logical representation of the problem. In the present case, only a sequence can bring to the dry-out of the tank, as detailed in Table 1. The possible alternative sequences rise to 5 if the events bringing to overflow are considered: their single and cumulative probabilities are shown in Table 2. Table 1. Dry out constituent. CONSTITUENT Number : 1 10 U1 Fails 9.8960E-01 15 U1 S. Off 4.9480E-01 20 U2 Fails 4.9317E-01 25 U2 S. Off 2.4658E-01 40 U3 Fails 2.3575E-01 45 U3 S. On 1.1788E-01 94 Exit Dry out 1.1788E-01 CONSTITUENT PROBABILITY: 1.1788E-01 Table 2. Overflow constituents COSTIT. N. PROBABILITY 1 2.466E-01 2 1.179E-01 3 1.179E-01 4 2.477E-03 5 7.802E-04 --------- CUMULATE PROB. 4.856E-01

Figure 2 shows the results of the input model processing. At each time the probabilities of the four incompatible operating modes (overflow, dry out, no flow and normal operations) add up to 1. The second case investigated through IDDA is the one in which the transition probability to the state 3 (stuck on) is increased of a factor 10 and the one to the state 4 (stuck off) increased of a factor 100: the logical-probabilistic model will undergo substantial modifications 1 0,8 - cpdf - 0,6 0,4 0,2 0 - tempo [h] - Overflow Dry out No flow Normal flow Figure 2. Non repairable components, transition rates invariable with the transition type. In fact, while in the previous case, the event probability was independent on the occurrence order of the components failures, in the following one, the event probability will be strongly dependent on it. As an example, let s consider the first failure of the U1 component (the whole input model will keep into account also the case of a first failure of the U2 or U3 component) in the stuck on failure mode. The subsequent level examines the presence of other failures: if no other failure is present, the model will directly send to a normal operating condition; otherwise it will be investigated what of the other components, U2 or U3, will fail first. Let s consider a failure of U3 component: it could fail stuck on or stuck off. In the case of U3 stuck off, the consequence will be the overflow, independently from the behaviour of U2. With U3 stuck on, instead, the behaviour of U2 will be decisive: if U2 is stuck on, the result will be an overflow, if stuck off, the result will be a normal operating condition. Similarly, let us consider the case of a failure of the U2 component after the U1 component has failed. If U2 is stuck on, the event will result in an overflow, independently from the behaviour of U3; if U2 is stuck off, the whole system performance will depend on the U3 component behaviour: even with U3 stuck on, there will be normal operating conditions, instead U3 stuck off will bring to an overflow. The input model thus includes all the possible evolution path of the system failures. Furthermore, also the complexity of the factors to be included in the probability assessment will increase.

The solution of the differential equation system: dpf = λ Pf dt dp g = + λ P f dt Will bring to the following probabilities: Absence of failures p1 = { 1 exp[ Σ T ]} with =λ1+λ2+λ3 sum of the transition rates of the single system components. First failure of U1 Absence of U2 and U3 failures [ 1 exp[ ( λ" + λ ) T ] 1 2 3 k2 p 3 = 1 k2 p1 1 k2 λ" 2+ λ3 k2 = where Σ and λ 2 transition rate of U2 modified after a failure of U1 occurred. λ" 2 p4 = λ" Second failure of U2 2+ λ3 PU 1, U 2, U 3 p5 = p U3 operating or failed 1 p2 p3 p4. Hereafter the result obtained are reported: 6 sequences has been identified for the dry out, with a cumulate probability of 8.05E-02; 18 sequences bring to the overflow, with a total cumulate probability of 3.546E-01. Figure 3 shows the results as a diagram. 1 p 2 = λ 1 Σ 0,8 - cpdf - 0,6 0,4 0,2 0 - time [h] - Overflow Dry out No flow Normal flow Figure 3: Non repairable components, transition rates variable with the transition type.

0,0E+00 In Figure 4 a comparison between the results of the cases previously discussed is reported, with reference to the main events dry-out (a) and overflow (b). Thick lines represent the case of constant transition rate, while thin ones the case of increased transition rate for stuck on and stuck off conditions. a 3,0E-04 2,5E-04 2,0E-04 1,4E-03 1,2E-03 1,0E-03 - PDDF - 1,5E-04 - PDDF - 8,0E-04 6,0E-04 1,0E-04 4,0E-04 5,0E-05 2,0E-04 0,0E+00 - time [h] - - time [h] - b Figure 4. Comparison between the results of the cases discussed in the first sections. 4,0E-01 3,5E-01 3,0E-01 2,5E-01 - cpdf - 2,0E-01 1,5E-01 1,0E-01 5,0E-02 0,0E+00 - time [h] - Figure 5 Comparison between the case of the failure on demand of the PCS and the previous cases analysed Both the logical-probabilistic model and the calculation tool developed allow taking into consideration the possibility of a failure on demand of the process control system (PCS), with the hypothesis that this failure didn t influence the probability of the subsequent failures. In this case the unavailability on demand of the control system has been taken equivalent to 0.1. In Figure 5 the results in the case of failure on demand (thick lines) are compared with the previously discussed cases of overflow (continuous lines) and dry out (dotted lines) for constant transition rates. Both the top events occurs in shorter times and with higher cumulative probabilities in the case of failure on demand of the PCS.

4. Effect of the Temperature on the Reliability of the System In the case a heat source, heating up the content of the main tank, is considered, the effect of the temperature on the reliability of the control units can be assessed, under the hypothesis of an adiabatic behaviour of the system and of an homogeneous distribution of the heat in the whole mass. From a phenomenological point of view, the transient events bringing to a temperature increase in the system are those produced by U3 stuck off, both for a PCS call and for a failure. The difference within them is solely due to the quantity of liquid trapped in the tank, and thus to its thermal capacity. The introduction of the heating source doesn t imply modification in the logical-probabilistic model. In order to assess quantitatively the effect of the temperature on the reliability of the system the following mass and energy balances have been formulated with reference to the tank level. dl() t = Qi () t Qo () t dt dϑ() t 1 = { w Qi () t [ θ () t θi ]} dt L() t with the initial equilibrium conditions: L = 7 0 e ϑ =15.67 0. where: L is the tank level; Qi is the inlet flow rate and Qo the outflow; θ is the temperature of the liquid in the tank, w is the heating source power, with H m C w = 1 ρ A C h, with the following geometric dimensions for the mail tank: A, tank surface, 180 m2; H, level heights: minimum 4 m, maximum 10 m, controlled between 6 and 8 meters; ρ, the density of the liquid and C, its heat capacity. From the balance it is easy to deduce how the significant level transients, all initiated from an equilibrium situation, imply the related temperature transients, that can be computed once for all. The failure rate time development stiffly depends on the above temperature transients. Failure rates dependencies from the temperatures were defined through the correlation represented in Marseguerra & Zio, 1996. Since the temperature transient is set by an univocal function T=f(t), also the failure rates λ() T are univocally defined as λ[ f( t) ]. Ultimately, before the thermal transient are started, the failure rates are constant, after they change according to a given function of the time. From the system reliability point of view, at a first time pt ()= exp( λ t), then pt ()= exp[ λ( t) dt]. In order to solve the transients problem, a code able to solve (finite difference solution) the differential equations for the temperature, according to the model described in Marseguerra & Zio (1996) was developed. In Figure 7 the results are shown, both in the case of PCS without unavailability problems (continuous lines), and in the case of PCS failure on demand (FOD) probability of 0.2 (dotted lines), for the main consequences in the system (overflow, thick lines and dry-out, thin lines).

6,0E-01 5,0E-01 4,0E-01 - CPDF - 3,0E-01 2,0E-01 1,0E-01 0,0E+00 Time [h] Overflow Dry out Overflow FOD Dry out FOD Figure 7 Results in the case of temperature dependence of the transition rates. 5. Conclusions In the present work a situation where the evolution of the physical variables can have an impact on the reliability and availability of a system was analysed. The tool used to perform the study was IDDA (Integrated Dynamic Decision Analysis), that was applied to a simple case taken from the literature. The methodology allows a logical-probabilistic model, similar to an event tree, but based on its own syntax, to be developed, together with a model able to associate to the events described in the first one the parameters characterising them. In the present case, the above parameters are the probabilities, computed as functions of the mission time of the system, using the traditional reliability and availability expressions for components and systems. Those expressions are systematically applied to each event sequence developed by the model processing, these last representing the constituents of a partition. As a matter of fact, the results obtained are realistic and complete, since they derive from the analytical computation of the system behaviour. References Galvagni, R. & Clementel, S., 1989 Risk Analysis as an instrument of design, in Safety Design Criteria for Industrial Plant, M. Cumo and A. Naviglio (eds.), CRC Press, Boca Raton. Galvagni R. and Demichela M., 2003 IDDA (Integrated Dynamic Decision Analysis) - Metodologia per la valutazione di sicurezza con alberi decisionali, Proc. convegno nazionale la protezione dell ambiente, l affidabilita dei sistemi e la sicurezza industriale: da 20 anni di esperienze alle prospettive future, Alghero: 235-268. Marseguerra M. and Zio E., 1996 Monte Carlo approach to PSA for dynamic process systems, Reliability Engineering and System Safety, 52: 227-241 Piccinini, N., Scataglini, L., Fiorentini, C. and De Vecchi F. 1996 Logical and physical simulation of a gas drying plant for safety management Chemputers Europe III Frankfurt, Germany.

2024 © sciencedocbox.com Privacy Policy | Terms of Service | Feedback