engineering risk benefit analysis · t ∏ x 1 (1 = − − mi) ... a1 a2 top event “or” gate...
TRANSCRIPT
RPRA 1. The Logic of Certainty 1
Engineering Risk Benefit Analysis1.155, 2.943, 3.577, 6.938, 10.816, 13.621, 16.862, 22.82
ESD.72J, ESD.721
RPRA 1. The Logic of Certainty
George E. ApostolakisMassachusetts Institute of Technology
Spring 2007
RPRA 1. The Logic of Certainty 2
•Event: A statement that can be true or false.
•“It may rain tonight” is not an event.
•According to our current state of knowledge, we may say that an event E is TRUE, FALSE, or POSSIBLE (UNCERTAIN).
•Eventually, E will be either TRUE or FALSE.
Event Definition
RPRA 1. The Logic of Certainty 3
Event
True
False
Possible
RPRA 1. The Logic of Certainty 4
Venn Diagrams• Sample Space: The set of all possible outcomes of an
experiment. Each elementary outcome is represented by a sample point.
• Examples: Die {1,2,3,4,5,6} Failure Time {0, ∞}
• A collection of sample points is an event.S
EVenn Diagram
RPRA 1. The Logic of Certainty 5
Important Note: Xk = X, k: 1, 2, …
Indicator Variables
1 , I f E j i s T
0 , I f E j i s F
X j =
S
EVenn Diagram___E
RPRA 1. The Logic of Certainty 6
)1)(1(1 BAC XXX −−−=
CBA =∪
C jC XX ≡
Union (OR operation)
A B
C
A B
RPRA 1. The Logic of Certainty 7
CBA =∩ BAC XXX =
∏≡ jC XX
Intersection (AND operation)
∅=∩ BAMutually Exclusive Events:
C
A B
A B
RPRA 1. The Logic of Certainty 8
1 N. . . .
CN
j
N
j XXX11
)1(1 ≡−−= ∏failure:
Simple SystemsReliability Block Diagram for the Series System
N1
SystemFailure
...
∏=N
jYY:success1
RPRA 1. The Logic of Certainty 9
∏=N
jXX1
CN
jYY1
=
Reliability Block Diagram for the Parallel System
1
2
i
i+1
N
TOP
1 Ni i+12
RPRA 1. The Logic of Certainty 10
SUCCESS
FAILURE
1 (OK)
2 (R1)
3 (R2)
BARRIER 2BARRIER 1IE
Event-Tree Analysis
RPRA 1. The Logic of Certainty 11
2/3
A
B
C
Fault-Tree Analysis
Reliability Block Diagram for the 2-out-of-3 System
RPRA 1. The Logic of Certainty 12
)]}1)(1)(1(1[1){1(1)]}1)(1)(1(1[1){1(1
)1)(1(1
321
21
ACCBBACBA
CBA
T
XXXXXXXXXZZZXXX
YYX
−−−−−−−=−−−−−−−=
−−−=
Expanding and using Xk = X we get)1)(1)(1(1 ACCBBAT XXXXXXX −−−−=
RPRA 1. The Logic of Certainty 13
Cut sets and minimal cut sets
• CUT SET: Any set of events (failures of components and human actions) that cause system failure.
• MINIMAL CUT SET: A cut set that does not contain another cut set as a subset.
RPRA 1. The Logic of Certainty 14
New fault tree:
ACCBBA XXMXXMXXM === 32,1 ,,
( ) ( ) ( )
)1)(1)(1(1
1111 32
3
11
XXXXXX ACCBBA
jT MMMMX
−−−−=
=−−−−≡=C
Minimal cut sets:
A B B C C A
S y s t e m F a i l u r e
RPRA 1. The Logic of Certainty 15
XT = φ(X1, X2,…Xn) ≡ φ(X)
φ(X) is the structure or switching function.
It maps an n-dimensional vector of 0s and 1s onto 0 or 1.
Disjunctive Normal Form:
CN
1i
N
1iT M)M1(1X ≡∏ −−=
Sum-of-Products Form
∏−∑ ∑∑=
+−
= +==
++−=N
ii
NN
i
N
ijji
N
iiT MMMMX
1
11
1 11)1(...
:
RPRA 1. The Logic of Certainty 16
For the 2-out-of-3 System:
XT=1-(1-XAXB) (1-XBXC) (1-XCXA)
XT = (M1+M2+M3) - (M1M2+M2M3+M3M1) + M1M2M3
But, M1M2 = XAXB
2XC = XAXBXC
Therefore, the sum-of-products expression is:
XT = (XAXB+XBXC+XCXA) - 2XAXBXC
RPRA 1. The Logic of Certainty 17
A
4
1 35
2
B
{X1X2}, {X3X4}, {X2X3X5}, {X1X4X5}
Disjunctive Normal Form:
XT=1-(1-X1X2)(1-X3X4)(1-X2X3X5)(1-X1X4X5)
XT = X1X2+ X3X4+ X2X3X5+ X1X4X5-- X1X2 X3X4- X1X2X3X5- X1X2X4X5 --X2X3X4X5 - X1X3X4X5 + 2X1X2X3X4X5
The Bridge Network
Sum-of-Products Form:
RPRA 1. The Logic of Certainty 18
Causes of Failure
1. Primary failure ("hardware" failure)2. Secondary failure (external, environmental)3. "Command" failure (no input; no power)
N o O u tp u t fro mC o m p o n e n t
P r im a ryF a ilu re
S e c o n d a ryF a ilu re
C o m m a n dF a ilu re
RPRA 1. The Logic of Certainty 19
Reliability Block Diagram for the Fuel-Supply System
Control ValveV2
Control ValveV1
ControlSystem, C
ElectricPower
Source, E
P1
P2
Pump Train 1
Pump Train 2
FuelSource
FuelSource
CoolingSystem,
CO
EmergencyDieselEngine
T1
T2
RPRA 1. The Logic of Certainty 20
Fault tree elements
A2A1
TOP EVENT
“OR” Gate
INTERMEDIATEEVENT, A
“AND” Gate2
Transfer infrom Sheet 2
BasicEvent
A1
BasicEvent
A2
INCOMPLETELYDEVELOPED
EVENT, B
Note: It’s helpful to start the fault-tree development from the output of the system (the top event) and work backwards.
RPRA 1. The Logic of Certainty 21
T
LOSS OF FUELFLOW , T
E LOSS OF TRAIN1
E
Loss of Electricity
1 E LOSS OF TRAIN2 2
Loss of Control
Loss of Cooling
C CO
MECHANICALLOSS OF TRAIN
2
M 2
2 V 2 P 2
E
Loss of Electricity
Loss of Control
Loss of Cooling
C CO
T
MECHANICAL LOSS OF TRAIN
1 M 1
1 V 1 P 1
RPRA 1. The Logic of Certainty 22
A simpler fault tree
T1Fails toSupply
Fuel
No Fuel isDelivered
When Needed
PumpingBranches Fail
Train 2 FailsTrain 1 Fails
P1Fails toPumpFuel
V1Fails
Closed
T2Fails toSupply
Fuel
P2Fails toPumpFuel
V2Fails
Closed
EFails
CFails
COFails
RPRA 1. The Logic of Certainty 23
Development of T1
Tank isEmptied
Inadvertantly(humanerror)
Tank T1Failure to
Supply Fuel
Tank is IntactBut Empty
and Undetected
Corrosion Induced Failure
Tank (andSupply Pipe)is Not Intact
Supply Pipeis Plugged
Tank is EmptyFuelLevel
DetectionFailsTank is
Emptiedin Use andNot Refilled
TankDrain
Valve isLeft Open
EarthquakeInducedFailure
MissileImpact
InducedFailure
InternalFire/Explosion
InducedFailure
HumanAction
SludgeBuildup
FatiqueInducedFailure
CorrosionFaulty
Manufacture& ControlProgram
RPRA 1. The Logic of Certainty 24
System min cut sets
T1, Tank P1, PumpV1, Valve
and of T2, Tank P2, PumpV2, Valve
Any combination of
an element of
C Control Systemor
E Electric Power Sourceor
CO Cooling System
plus
RPRA 1. The Logic of Certainty 25
RPRA 1. The Logic of Certainty 26
Examples of Initiating Events
• Loss of Coolant
• Transients
• Human Error
• Loss of Power
• Fires
• Airplane Crashes
• Earthquakes