Rpra1

Engineering Risk Benefit Analysis
1.155, 2.943, 3.577, 6.938, 10.816, 13.621, 16.862, 22.82
ESD.72J, ESD.721

RPRA 1. The Logic of Certainty

George E. Apostolakis
Massachusetts Institute of Technology

Spring 2007

RPRA 1. The Logic of Certainty 1

Event Definition

•Event: A statement that can be true or false.

•“It may rain tonight” is not an event.

•According to our current state of knowledge, we
may say that an event E is TRUE, FALSE, or
POSSIBLE (UNCERTAIN).

•Eventually, E will be either TRUE or FALSE.

True

Event False

Possible


Venn Diagrams
• Sample Space: The set of all possible outcomes of an
experiment. Each elementary outcome is represented by a
sample point.

• Examples: Die {1,2,3,4,5,6} Failure Time {0, ∞}

• A collection of sample points is an event.
S

Venn Diagram E


Indicator Variables
1,If E j is T

Xj =
0, If E j is F

Important Note: Xk = X, k: 1, 2, …

S

___
Venn Diagram E E


Union (OR operation)

A∪ B = C
X C = 1 − (1 − X A )(1 − X B )
X C ≡ C X j

C

A B

A B


Intersection (AND operation)

A∩ B = C XC = X AX B
XC ≡ ∏ X j
C

A B

A B

Mutually Exclusive Events: A∩ B = ∅

Simple Systems
Reliability Block Diagram for the Series System

1 .... N

N N
System
Failure
failure: X = 1 − ∏ (1 − X j ) ≡ C X j
1 1

N
success : Y = ∏ Yj
1

1 ... N


Reliability Block Diagram
for the Parallel System N
X =∏ X j
1
1
2
N
Y = CYj
i
1
i+1
TOP

N

1 2 i i+1 N


Event-Tree Analysis

IE BARRIER 1 BARRIER 2
1 (OK)

SUCCESS

2 (R1)

3 (R2)
FAILURE


Fault-Tree Analysis

Reliability Block Diagram for the 2-out-of-3 System

A

B 2/3

C


X T = 1 − (1 − Y1 )(1 − Y2 )
= 1 − (1 − X A X B X C ){1 − [1 − (1 − Z1 )(1 − Z 2 )(1 − Z 3 )]}
= 1 − (1 − X A X B X C ){1 − [1 − (1 − X A X B )(1 − X B X C )(1 − X C X A )]}

Expanding and using Xk = X we get
X T = 1 − (1 − X A X B )(1 − X B X C )(1 − X C X A )

Cut sets and minimal cut sets

• CUT SET: Any set of events (failures of components and
human actions) that cause system failure.

• MINIMAL CUT SET: A cut set that does not contain
another cut set as a subset.


New fault tree:
S y s te m F a ilu r e

A B B C C A

Minimal cut sets:
M 1 = X A X B, M2 = X B XC ,, M3 = XC X A
3
X T = C M j ≡ 1 − (1 − M 1 ) (1 − M 2 ) (1 − M 3 ) =
1
= 1 − (1 − X A X B )(1 − X B X C )(1 − X C X A)

XT = φ(X1, X2,…Xn) ≡ φ(X)

φ(X) is the structure or switching function.
It maps an n-dimensional vector of 0s and 1s onto 0 or 1.

Disjunctive Normal Form:
N N
XT = 1 − ∏ (1 − M i ) ≡ C M i
1 1
Sum-of-Products Form:
N N −1 N N +1 N
XT = ∑ Mi − ∑ ∑ M i M j + ... + (−1) ∏ M i
i =1 i =1 j =i +1 i =1

For the 2-out-of-3 System:

XT=1-(1-XAXB) (1-XBXC) (1-XCXA)

XT = (M1+M2+M3) - (M1M2+M2M3+M3M1) + M1M2M3

But,
M1M2 = XAXB2XC = XAXBXC

Therefore, the sum-of-products expression is:

XT = (XAXB+XBXC+XCXA) - 2XAXBXC


The Bridge Network
A 1 3 B
5
2 4

{X1X2}, {X3X4}, {X2X3X5}, {X1X4X5}
Disjunctive Normal Form:

XT=1-(1-X1X2)(1-X3X4)(1-X2X3X5)(1-X1X4X5)

Sum-of-Products Form:
XT = X1X2+ X3X4+ X2X3X5+ X1X4X5-
- X1X2 X3X4- X1X2X3X5- X1X2X4X5 -
-X2X3X4X5 - X1X3X4X5 + 2X1X2X3X4X5

Causes of Failure
1. Primary failure ("hardware" failure)
2. Secondary failure (external, environmental)
3. "Command" failure (no input; no power)

N o O u tp u t fro m
C om ponent

P r im a r y
F a ilu r e
S e c o n d a ry C om m and
F a ilu r e F a ilu r e


Reliability Block Diagram for the Fuel-Supply
System
T1 Control Valve
Fuel V1
Source P1 Pump Train 1

Emergency
Diesel
T2 Control Valve Engine
Fuel V2
Source P2
Pump Train 2

Electric
Power
Source, E

Control
System, C

Cooling
System,
CO

Fault tree elements
TOP EVENT

“OR” Gate

INTERMEDIATE
EVENT, A

INCOMPLETELY
“AND” Gate DEVELOPED
EVENT, B 2
Transfer in
from Sheet 2
A1 A2

Basic Basic
Event Event
A1 A2

Note: It’s helpful to start the fault-tree development from the
output of the system (the top event) and work backwards.

LOSS OF FUEL
FLOW , T

LOSS OF TRAIN E1 LOSS OF TRAIN E2
1 2

MECHANICAL M
LOSS OF TRAIN 2
2 Loss of Loss of Loss of
Electricity Control Cooling

E C CO
T2 P2 V2

MECHANICAL
LOSS OF TRAIN M 1
Loss of Loss of Loss of 1
Electricity Control Cooling

E C CO
T1 P1 V1

A simpler fault tree
No Fuel is
Delivered
When Needed

E C CO Pumping
Fails Fails Fails Branches Fail

Train 1 Fails Train 2 Fails

T1 P1 V1 T2 P2 V2
Fails to Fails to Fails Fails to Fails to Fails
Supply Pump Closed Supply Pump Closed
Fuel Fuel Fuel Fuel

Development of T1
Tank T1
Failure to
Supply Fuel

Tank is Intact Tank (and Supply Pipe
But Em pty Supply Pipe) is Plugged
and Undetected is Not Intact

Tank is Em pty
Fuel
Level Hum an Sludge
Detection Action Buildup
Tank is Tank is Tank Fails
Em ptied Em ptied Drain
Inadvertantly in Use and Valve is
(hum an Not Refilled Left O pen
error)

Corrosion Induced Failure Fatique
M issile Induced
Earthquake Internal Failure
Induced Im pact Fire/Explosion
Failure Induced Induced
Failure Failure
Faulty
Corrosion M anufacture
& Control
Program

System min cut sets

T1, Tank T2, Tank
Any combination of P1, Pump and of P2, Pump
an element of V1, Valve V2, Valve

C Control System
or
plus
E Electric Power
Source
or
CO Cooling System


Examples of Initiating Events

• Loss of Coolant
• Transients
• Human Error
• Loss of Power
• Fires
• Airplane Crashes
• Earthquakes

Rpra1

Empfohlen

Empfohlen

Weitere ähnliche Inhalte

Was ist angesagt?

Was ist angesagt? (20)

Andere mochten auch

Andere mochten auch (16)

Ähnlich wie Rpra1

Ähnlich wie Rpra1 (20)

Mehr von Ilham Reyzer Firmansyah

Mehr von Ilham Reyzer Firmansyah (8)

Rpra1