A comparison of dynamic event tree methods – Case study on a chemical batch reactor
Introduction
The variability in accident initial conditions (e.g. size or location of breaks for a loss of coolant accident in a nuclear power plant, process parameters such as coolant inventory at the accident initiation, decay power, etc.) can drive accident evolution in addition to the time dependent interactions among physical process, safety equipment and operator actions, affecting sequence outcomes and ultimately risk estimates. Epistemic uncertainties in the parameters of these models (e.g. physical model parameters such as heat transfer coefficient, discharge coefficient, etc. and parameters of stochastic models of safety system responses such as demand failure probability of equipment, human error probability, etc.) might also influence risk estimate, its key contributors, and their uncertainties [1]. Probabilistic Safety Assessment (PSA) as applied in Nuclear Power Plants (NPPs) accounts for accident dynamics with plant simulations during success criteria analysis and also propagates stochastic PSA model parameter uncertainties with Monte Carlo simulation approach. In current PSA practice (Level-1), the effects of accident dynamics, variability in initial conditions, and uncertainties in physical model parameters (e.g. Thermal-Hydraulic models in NPPs) are conservatively bounded in accident sequence modeling.
To capture the effect of dynamics in risk and reliability assessments, many methods were developed and applied to different complex systems. These dynamic PSA methods include analog Monte Carlo simulation [2], continuous event tree [3], dynamic event tree [4], dynamic flow graph methodology [5], Markov modeling/Petri-nets, dynamic fault trees, etc. Of these, the Dynamic Event Tree (DET) provides a framework to capture the impact of accident dynamics on the risk estimate directly. The coupling of plant physical models with a stochastic model of the safety system response (failures to start and run of safety equipment) and their integrated simulation, the essential feature of DET, can also model the impact of the variability of initial conditions as well as allows uncertainties in both models to be propagated to risk estimates. Although the DET provides a potential solution to treat dynamics considering variability in initial conditions and propagate both uncertainties (physical and PSA), there are practical challenges in implementation of DET approaches, especially optimal balance between numerical accuracy and number of computations. To improve the practicality of DETs, it is necessary to assess the strengths and weaknesses of the current DETs, which can be realized by a comparison of the DETs with a reference solution.
Implementations of DETs reported in the literature include ADS [6], MCDET [7], SCAIS [8], ADAPT [9], RAVEN [10], etc. These DETs share the same basic approach of integrated accident simulation to investigate accident dynamics, as developed at the initial stages [4]; in a DET simulation, after each discrete time step of accident simulation, the response of process variables, safety equipment and operator actions are checked for possible branching and potential sequences. Plant simulators are normally coupled with the DET tools. There are also a few differences among DET tools arisen while addressing complexities in DET quantification of risk, e.g. continuous variables, support system dependencies, etc. Depending on how continuous aleatory variables are treated in DET simulations, the above mentioned DET methodologies/tools can be classified into two distinct methods, namely the Discrete DET (DDET, e.g. ADS) and the Sampling DET (e.g. MCDET) approaches. The primary difference is that continuous aleatory variables (e.g. recovery time, operator response time, failure time of equipment, etc.) are discretized in DDET while the same variables are sampled with Monte Carlo simulation in the latter (with each sample represented by a DDET). Such a difference in approach could impact the accuracy of final results as a function of number of computations when many continuous variables are present in the accident sequences. This work compares these DET approaches in terms of numerical accuracy and computational resources and suggests the required improvements to match more realistic reference results. The reference method is computationally intensive dynamic PSA with Analog Monte Carlo. The method Analog Monte Carlo simulation estimates the risk measures from a randomly chosen sample of sequences.
This paper compares the DET methods in the analysis of a chemical batch reactor problem. The chemical batch reactor problem [11] is chosen because of its relatively simple numerical solution compared to complex NPP simulations, which allows alternative approaches to be examined and evaluated quickly. Analog Monte Carlo results reported in ref. Podofillini and Dang [11] are used as a reference result in the current study. The continuous variables driving the accident scenario include a few initial conditions (e.g. reagent concentrations in the batch reactor inputs, coolant mass flow, etc.) and the timing of two operator actions required in response to unexpected or upset conditions. The current study adopts the physical, safety equipment, and operator models as well parameter data from ref. [11]. Considering accident dynamics and variability in initial conditions, each of the DET methods is applied and the obtained risk estimates are compared to the reference result.
In estimating risk, accounting for accident dynamics enhances the realism, while propagating uncertainties adds credibility to the results. As applied in PSA of NPPs, DET methods also use an outer loop around DET simulation for propagating epistemic uncertainties. In this work, in light of epistemic uncertainties, the differences between DETs (sampling vs discretization of continuous variables) is tested thoroughly, in particular detailed insights such as important contributors to risk and uncertainty. A comparison is performed between DETs considering epistemic uncertainties of models on the batch reactor, which further exposes the strengths and weaknesses of each method.
The paper is organized as follows: Approach for comparison and the methods under consideration are briefly discussed in Section 2. Section 3 presents the DET models and computational framework for the batch reactor problem. The obtained DET results and their comparison with the reference results are discussed in Section 4. Section 5 presents a comparison of DETs in light of epistemic uncertainties. Finally, the conclusions are given in Section 6.
Section snippets
Approach for comparison
A comparison of the DET methods with a reference solution helps to identify their specific weaknesses, which will be explored further to identify measures to improve the methods. To ensure a thorough and realistic comparison, the analysis considers accident dynamics, variability in initial conditions, as well as epistemic uncertainties in obtaining the results. As a basis for comparison, both accuracy in the obtained results as well as total computations involved are used. The results include
Description of chemical batch reactor
The chemical batch reactor system was defined to address potential control system issues by Cott and Macchietto [17] and Aropornwickanop and Kittisupakon [18]. Podofillini et al. [11] introduced the chemical batch reactor with additional safety systems as a platform for investigating the impacts of the dynamic effects on system safety. In this case, a comparison was made between conventional PSA (fault tree and event tree combination) and dynamic PSA with Monte Carlo simulation approaches
Comparison of DETs without uncertainties
Using the comparison process and boundary conditions described in Section 2.1, the DET methods are compared using a case study on the chemical batch reactor. Comparison in this application is twofold; firstly, comparison of the DET results without uncertainties and secondly in light of uncertainties. Initially four DET methods are considered and given practically the identical computational resources. The computational resources are defined in this application as the number of total sequences
Comparison of DETs in light of epistemic uncertainties
The epistemic results for the reference method (Analog MC) are not available as it would take enormous calculations to converge even with current generation processors. Among the DET methods investigated earlier, one sampling SampIC+MCDET, and one discretization DiscrIC+DDET (DPD approach) (from now on simply referred as MCDET and DDET respectively) method are compared here. Epistemic parameters have been propagated in an outer loop with Monte Carlo sampling (simple random sampling approach)
Conclusions
In addition to dynamic interactions among physical process, safety equipment, and operator actions, variabilities in initial accident conditions can significantly impact accident evolution and consequently influence the overall risk estimate. Comprehensively considering these initial condition variabilities in dynamic simulations is a challenge as they increase the number of continuous variables, whose treatment impacts the accuracy of quantitative risk results. Modeling continuous variables
Acknowledgments
This work has been performed in the frame of a joint project with PSI's Laboratory for Reactor Physics and Systems Behaviour (LRS). It was partly supported by Swissnuclear, the nuclear energy section of the organization of Swiss electricity grid operators. The authors would also like to thank the anonymous reviewers for their constructive comments.
References (27)
- et al.
The cell-to-boundary method in Monte Carlo-based dynamic PSA
Reliab Eng Syst Safety
(1995) - et al.
Dynamic event trees in accident sequence analysis: application to steam generator tube rupture
Reliab Eng Syst Safety
(1993) - et al.
The development and application of the accident dynamic simulator for dynamic probabilistic risk assessment of nuclear power plants
Reliab Eng Syst Safety
(1996) Application of the integrated safety assessment methodology to safety margins. Dynamic event trees, damage domains, and risk assessment
Reliab Eng Syst Safety
(2016)Development of a code-agnostic computational infrastructure for the dynamic generation of accident progression event trees
Reliab Eng Syst Safety
(2010)- et al.
Conventional and dynamic safety analysis: comparison on a chemical batch reactor
Reliab Eng Syst Safety
(2012) Dynamic generation of accident progression event trees
Nuclear Eng Des
(2008)- et al.
Quantification of dynamic event trees – a comparison with event trees for MLOCA scenario
Reliab Eng Syst Safety
(2016) Monte-Carlo based uncertainty analysis: sampling efficiency and sampling convergence
Reliab Eng Syst Safety
(2013)Guidance on the treatment of uncertainties associated with PRAs in risk-informed decision making
NUREG-1855, Rev 1
(2013)
Probabilistic reactor dynamics I: the theory of continuous event trees
Nuclear Sci Eng
Development of tools for safety analysis of control software in advanced reactors
MCDET: a probabilistic dynamics method combining Monte Carlo Simulation with the discrete dynamic event tree approach
Nuclear Sci Eng
Cited by (5)
Guided simulation for dynamic probabilistic risk assessment of complex systems: Concept, method, and application
2022, Reliability Engineering and System SafetyCitation Excerpt :Also, since DDET simulation methods employ search algorithms to find possible scenarios [10], searching in a large universe with a lot of uninteresting possibilities is a big waste of resources and can even overflow system resources before results are achieved. For CET methods, the primary challenge is in defining a complete set of risk scenarios [11]. CET methods generally rely on the natural probability of scenarios.
Failure mode and effect analysis improvement: A systematic literature review and future research agenda
2020, Reliability Engineering and System SafetyCitation Excerpt :Reliability analysis is aimed to measure and analyze the failures of a system in order to eliminate or reduce their likelihood and safety risk. The commonly used reliability analysis techniques include, but not limited to fault tree analysis (FTA) [2–4], failure mode and effects analysis (FMEA) [5, 6], root cause analysis (RCA) [7, 8] and event tree analysis (ETA) [9–11]. Different from other reliability management tools, the FMEA is a proactive method to prevent system failures, rather than an after-the-fact analysis method [12–14].
Deterministic sampling for propagating epistemic and aleatory uncertainty in dynamic event tree analysis
2018, Reliability Engineering and System SafetyCitation Excerpt :However the propagation of uncertainties in a DET is a challenge, since the set of uncertain parameters is often very large and the computational cost of each run can be significant (e.g. prolonged station-blackout scenarios). In this case propagating epistemic and aleatory uncertainty in two loop approaches with usual Monte Carlo (MC) sampling requires enormous computational requirements which can easily challenge even today's computational infrastructure [10,11]. To the knowledge of the authors, the treatment of the epistemic uncertainties and variability in initial conditions in DET frameworks has not been demonstrated for realistic PSA of power plants.
Integrated Deterministic and Probabilistic Safety Assessment
2020, Springer Series in Reliability Engineering