Engineering Risk Benefit Analysis

1.155, 2.943, 3.577, 6.938, 10.816, 13.621, 16.862, 22.82 ESD.72J, ESD.721

RPRA 1.

The Logic of Certainty

George E. Apostolakis Massachusetts Institute of Technology

Spring 2007

RPRA 1. The Logic of Certainty

Event Definition
Event: A statement that can be true or false. It may rain tonight is not an event. According to our current state of knowledge, we may say that an event E is TRUE, FALSE, or POSSIBLE (UNCERTAIN). Eventually, E will be either TRUE or FALSE.
RPRA 1. The Logic of Certainty 2

True

Event

False

Possible

RPRA 1. The Logic of Certainty

Venn Diagrams
Sample Space: The set of all possible outcomes of an experiment. Each elementary outcome is represented by a sample point. Examples: Die {1,2,3,4,5,6} Failure Time {0, }

A collection of sample points is an event.

S

Venn Diagram

RPRA 1. The Logic of Certainty

Indicator Variables
1,If Xj = 0,
Important Note: Xk = X, k: 1, 2,
If E
j

is T

is F

S
___

Venn Diagram

RPRA 1. The Logic of Certainty

Union (OR operation)

A B = C
X C = 1 (1 X A )(1 X B )
X
C

C
A B

A
RPRA 1. The Logic of Certainty

B
6

Intersection (AND operation)

A B = C

XC = X AX B
XC X j
C

Mutually Exclusive Events:

A B =
7

RPRA 1. The Logic of Certainty

Simple Systems
Reliability Block Diagram for the Series System
1 .... N

System Failure

failure: X = 1

(1 X j ) C X j
1 1

success :
1 ... N

Y = Yj
1

RPRA 1. The Logic of Certainty

Reliability Block Diagram for the Parallel System

1

X = X j
1

Y = CYj
1
TOP

i+1

i+1

RPRA 1. The Logic of Certainty

Event-Tree Analysis

IE

BARRIER 1

BARRIER 2 1 (OK)

SUCCESS 2 (R1) FAILURE 3 (R2)

RPRA 1. The Logic of Certainty

10

Fault-Tree Analysis
Reliability Block Diagram for the 2-out-of-3 System

2/3

C
RPRA 1. The Logic of Certainty 11

X T = 1 (1 Y1 )(1 Y2 ) = 1 (1 X A X B X C ){1 [1 (1 Z1 )(1 Z 2 )(1 Z 3 )]} = 1 (1 X A X B X C ){1 [1 (1 X A X B )(1 X B X C )(1 X C X A )]}

Expanding and using Xk = X we get

X T = 1 (1 X A X B )(1 X B X C )(1 X C X A )
RPRA 1. The Logic of Certainty 12

Cut sets and minimal cut sets

CUT SET: Any set of events (failures of components and human actions) that cause system failure.

MINIMAL CUT SET: A cut set that does not contain another cut set as a subset.

RPRA 1. The Logic of Certainty

13

New fault tree:

S y s te m F a ilu r e

Minimal cut sets:

M 1 = X A X B,
3 1

M2 = X B XC ,, M3 = XC X A

X T = C M j 1 (1 M 1 ) (1 M 2 ) (1 M 3 ) = = 1 (1 X A X B )(1 X B X C )(1 X C X A)
RPRA 1. The Logic of Certainty 14

XT = (X1, X2,Xn) (X)

(X) is the structure or switching function. It maps an n-dimensional vector of 0s and 1s onto 0 or 1. Disjunctive Normal Form:

XT = 1 (1 M i ) C M i
1 1
Sum-of-Products Form:

XT = Mi
i =1

N 1 N

i =1 j =i +1

M i M j + ... + (1) M i
i =1
RPRA 1. The Logic of Certainty 15

N +1 N

For the 2-out-of-3 System:

XT=1-(1-XAXB) (1-XBXC) (1-XCXA) XT = (M1+M2+M3) - (M1M2+M2M3+M3M1) + M1M2M3 But, M1M2 = XAXB2XC = XAXBXC Therefore, the sum-of-products expression is: XT = (XAXB+XBXC+XCXA) - 2XAXBXC
RPRA 1. The Logic of Certainty 16

The Bridge Network

A
1 5 2 4 3 B

{X1X2}, {X3X4}, {X2X3X5}, {X1X4X5} Disjunctive Normal Form: XT=1-(1-X1X2)(1-X3X4)(1-X2X3X5)(1-X1X4X5) Sum-of-Products Form: XT = X1X2+ X3X4+ X2X3X5+ X1X4X5- X1X2 X3X4- X1X2X3X5- X1X2X4X5 -X2X3X4X5 - X1X3X4X5 + 2X1X2X3X4X5
RPRA 1. The Logic of Certainty 17

Causes of Failure
1. 2. 3. Primary failure ("hardware" failure) Secondary failure (external, environmental) "Command" failure (no input; no power)
N o O u tp u t fro m C om ponent

P r im a r y F a ilu r e

S e c o n d a ry F a ilu r e

C om m and F a ilu r e

RPRA 1. The Logic of Certainty

18

Reliability Block Diagram for the Fuel-Supply System

T1 Fuel Source P1 Control Valve V1 Pump Train 1 Emergency Diesel Engine Pump Train 2 Electric Power Source, E Control System, C Cooling System, CO
RPRA 1. The Logic of Certainty 19

T2 Fuel Source

P2

Control Valve V2

Fault tree elements

TOP EVENT

OR Gate

INTERMEDIATE EVENT, A INCOMPLETELY DEVELOPED EVENT, B

AND Gate

2 Transfer in from Sheet 2

A1 Basic Event A1

A2 Basic Event A2

Note: Its helpful to start the fault-tree development from the output of the system (the top event) and work backwards.
RPRA 1. The Logic of Certainty 20

LOSS OF FUEL FLOW , T

LOSS OF TRAIN 1

E1

LOSS OF TRAIN 2

E2

MECHANICAL M LOSS OF TRAIN 2 2

Loss of Electricity E

Loss of Control C

Loss of Cooling CO

T2

P2

V2 MECHANICAL LOSS OF TRAIN M 1 1

Loss of Electricity E

Loss of Control C

Loss of Cooling CO

T1

P1

V1
21

RPRA 1. The Logic of Certainty

A simpler fault tree

No Fuel is Delivered When Needed

E Fails

C Fails

CO Fails

Pumping Branches Fail

Train 1 Fails

Train 2 Fails

T1 Fails to Supply Fuel

P1 Fails to Pump Fuel

V1 Fails Closed

T2 Fails to Supply Fuel

P2 Fails to Pump Fuel

V2 Fails Closed
22

RPRA 1. The Logic of Certainty

Development of T1
Tank T1 Failure to Supply Fuel

Tank is Intact But Em pty and Undetected

Tank (and Supply Pipe) is Not Intact

Supply Pipe is Plugged

Tank is Em pty Fuel Level Detection Fails Hum an Action Sludge Buildup

Tank is Em ptied Inadvertantly (hum an error)

Tank is Em ptied in Use and Not Refilled

Tank Drain Valve is Left O pen

Corrosion Induced Failure Earthquake Induced Failure M issile Im pact Induced Failure Internal Fire/Explosion Induced Failure Corrosion

Fatique Induced Failure

Faulty M anufacture & Control Program

RPRA 1. The Logic of Certainty

23

System min cut sets

Any combination of an element of T1, Tank P1, Pump and of V1, Valve T2, Tank P2, Pump V2, Valve

C
plus

CO

Control System or Electric Power Source or Cooling System

RPRA 1. The Logic of Certainty

24

RPRA 1. The Logic of Certainty

25

Examples of Initiating Events

Loss of Coolant Transients Human Error Loss of Power Fires Airplane Crashes Earthquakes
RPRA 1. The Logic of Certainty 26