PSAM 16 - Session Th22 Overview

PSAM 16 Conference Session Th22 Overview

Session Chair: Han Bao (han.bao@inl.gov)

Paper 1 PA39

Lead Author: Tarannom Parhizkar Co-author(s): Gabriel San Martín. gsanmartin@g.ucla.edu ENRIQUE LOPEZ DROGUETT eald@g.ucla.edu

Quantum-Based Fault Tree Analysis
Fault tree analysis is a technique widely used in the study of the reliability of complex systems. In a fault tree, events could have two states of failure or working, that can be presented as a binary number in the quantification process. In this study, a quantum-based method is introduced to be utilized in the fault tree analysis. In the quantum-based method, instead of a binary number for presenting event states, a qubit is used that includes a coherent superposition of the binary number, i.e., a single qubit can be described by a complex linear combination of quantum states of \|0> and \|1>; presenting failure and working states of events, respectively. Advantages of the method include its capability for updating the qubits based on the real-time sensor data and evaluating multiple scenarios simultaneously by leveraging on quantum superposition. The updated qubits are used to calculate the failure probability of the top event accordingly. The quantum-based fault tree method could be used for real-time failure analysis of complex systems. In this study, a simple case study is presented so to explore the potential capabilities of this new quantum-based fault tree methods.

Quantum-Based Fault Tree Analysis

Fault tree analysis is a technique widely used in the study of the reliability of complex systems. In a fault tree, events could have two states of failure or working, that can be presented as a binary number in the quantification process. In this study, a quantum-based method is introduced to be utilized in the fault tree analysis. In the quantum-based method, instead of a binary number for presenting event states, a qubit is used that includes a coherent superposition of the binary number, i.e., a single qubit can be described by a complex linear combination of quantum states of |0> and |1>; presenting failure and working states of events, respectively. Advantages of the method include its capability for updating the qubits based on the real-time sensor data and evaluating multiple scenarios simultaneously by leveraging on quantum superposition. The updated qubits are used to calculate the failure probability of the top event accordingly. The quantum-based fault tree method could be used for real-time failure analysis of complex systems. In this study, a simple case study is presented so to explore the potential capabilities of this new quantum-based fault tree methods.

Paper PA39 | Download the paper file. | Download the presentation PowerPoint file.

A PSAM Profile is not yet available for this author.

Paper 2 WE77

Lead Author: Wenjie Xia Co-author(s): Weibing Huang, huangwb@cnnp.com.cn Zhenqi Wang, wangzq02@cnnp.com.cn Johan Sorman, Johan.Sorman@lr.org Yi Zou, Yi.Zou@lr.org

Presenter of this paper: Johan Sorman (johan.sorman@lr.org)

A risk monitor tool for transferring plant logs
Implementing the use of risk monitors at nuclear stations has traditionally required manual input of information regarding plant configuration. This paper outlines the findings of a project for developing and implementing a tool for mapping and transferring information from plant logs and planning tools automatically into a risk monitor at Sanmen Nuclear Power plant in China. The requirement on the import tool at Sanmen Nuclear Power Station were to be able to: • import logs from the plants work order systems. • evaluate plans produced in a planning tool (e.g. upcoming plan) frequently. The tool was developed to eliminate manual efforts as much as possible when importing logs from existing systems and databases to the risk monitor. It reads event log data from a desired data source, converts and merges it with event logs in the risk monitor database. The merged log is then validated for inconsistencies and can be either saved to an XML file or imported directly into the risk monitor. The import tool key features include: • Support multiple data source types: It supports to read logs from general data sources, e.g. Excel, SQL Server, Oracle, and customized data sources (e.g. online logs from other systems). • Overlapping handling: When the data source logs contain both start and end time, a special Time Period Algorithm is used to handle overlapping. • Automatically detect and resolve conflicts: When the validation is done, the events that contain conflicts get marked. When you select a conflicting log, the peer log that it conflicts with will be highlighted. It has a function that can automatically resolve all conflicts based on user defined auto resolve rules. • Automatic importing: It is possible to read logs from a data source, resolve conflicts and import them to the “Online” plan of the risk monitor event log automatically every hour, for example. The time interval can be customized.

A risk monitor tool for transferring plant logs

Implementing the use of risk monitors at nuclear stations has traditionally required manual input of information regarding plant configuration. This paper outlines the findings of a project for developing and implementing a tool for mapping and transferring information from plant logs and planning tools automatically into a risk monitor at Sanmen Nuclear Power plant in China. The requirement on the import tool at Sanmen Nuclear Power Station were to be able to: • import logs from the plants work order systems. • evaluate plans produced in a planning tool (e.g. upcoming plan) frequently. The tool was developed to eliminate manual efforts as much as possible when importing logs from existing systems and databases to the risk monitor. It reads event log data from a desired data source, converts and merges it with event logs in the risk monitor database. The merged log is then validated for inconsistencies and can be either saved to an XML file or imported directly into the risk monitor. The import tool key features include: • Support multiple data source types: It supports to read logs from general data sources, e.g. Excel, SQL Server, Oracle, and customized data sources (e.g. online logs from other systems). • Overlapping handling: When the data source logs contain both start and end time, a special Time Period Algorithm is used to handle overlapping. • Automatically detect and resolve conflicts: When the validation is done, the events that contain conflicts get marked. When you select a conflicting log, the peer log that it conflicts with will be highlighted. It has a function that can automatically resolve all conflicts based on user defined auto resolve rules. • Automatic importing: It is possible to read logs from a data source, resolve conflicts and import them to the “Online” plan of the risk monitor event log automatically every hour, for example. The time interval can be customized.

Paper WE77 | Download the paper file. | Download the presentation PowerPoint file.

A PSAM Profile is not yet available for this author.
Presenter Name: Johan Sorman (johan.sorman@lr.org)

Bio: Johan Sorman holds a master degree from the Royal Institute of Technology in Stockholm, Sweden. Between 1993 and 1999 he worked as a PSA engineer for the nuclear industry in Sweden. Since 2000 he has been responsible for global sales, marketing and training for RiskSpectrum software.

Country: Sweden
Company: LR RiskSpectrum AB
Job Title: Sales Manager

Paper 3 YI78

Lead Author: Jun Qi Co-author(s): Yi Zou yi.zou@lr.org Johan Sörman Johan.Sorman@lr.org

Presenter of this paper: Johan Sorman (johan.sorman@lr.org)

CNNP Trip Monitor
Following the implementation of risk monitors at nuclear stations in China, the concept of trip monitor was developed by the CNNP and Lloyd´s Register. This paper outlines the findings in a project for developing a trip monitor to accommodate the implementation of a trip monitor at Qinshan nuclear stations, mainland China. The criteria on a trip monitor is different to that of a risk monitor where the Probabilistic Safety Assessment (PSA) using Fault Tree and Event Tree analysis constitutes the basis and can as such be readily used for the purpose. A trip monitor requires building a new Fault Tree and Event Tree model with focus on representing availability for systems required for production. In China, a lot of work in reducing the frequency of unplanned shutdown has been done. These efforts are carried out from a qualitative point of view, but there is little work to assess the risk of unplanned shutdown from a quantitative point of view. With this background, CNNP and LR developed a trip monitor for Qinshan II, the first application in China to evaluate the risk of trip for a nuclear power plant from the point of view of quantitative analysis. The work includes software development, model development and verification of the rationality of the results. • Software development o New algorithm for frequency calculation o Modification of the graphical user interface • Model development o Developed Unit 1 trip monitor model as pilot o 7 model developers, 6 senior operators and 1 operator o Lasted for 4 years, a large number of data have been consulted in the process of development. • Results verification o Is the trip risk value quantified reasonable?  According to the operation history of the target unit, compare with the average unplanned shutdown frequency from 2012 to 2018. o Are the components analyzed in the model relevant?  The shutdown events of similar units (M310 units) in China from 2002 to 2018 are compared and analyzed.  Ranking of component importance

CNNP Trip Monitor

Following the implementation of risk monitors at nuclear stations in China, the concept of trip monitor was developed by the CNNP and Lloyd´s Register. This paper outlines the findings in a project for developing a trip monitor to accommodate the implementation of a trip monitor at Qinshan nuclear stations, mainland China. The criteria on a trip monitor is different to that of a risk monitor where the Probabilistic Safety Assessment (PSA) using Fault Tree and Event Tree analysis constitutes the basis and can as such be readily used for the purpose. A trip monitor requires building a new Fault Tree and Event Tree model with focus on representing availability for systems required for production. In China, a lot of work in reducing the frequency of unplanned shutdown has been done. These efforts are carried out from a qualitative point of view, but there is little work to assess the risk of unplanned shutdown from a quantitative point of view. With this background, CNNP and LR developed a trip monitor for Qinshan II, the first application in China to evaluate the risk of trip for a nuclear power plant from the point of view of quantitative analysis. The work includes software development, model development and verification of the rationality of the results. • Software development o New algorithm for frequency calculation o Modification of the graphical user interface • Model development o Developed Unit 1 trip monitor model as pilot o 7 model developers, 6 senior operators and 1 operator o Lasted for 4 years, a large number of data have been consulted in the process of development. • Results verification o Is the trip risk value quantified reasonable?  According to the operation history of the target unit, compare with the average unplanned shutdown frequency from 2012 to 2018. o Are the components analyzed in the model relevant?  The shutdown events of similar units (M310 units) in China from 2002 to 2018 are compared and analyzed.  Ranking of component importance

Paper YI78 | Download the paper file. | Download the presentation PowerPoint file.

Paper 4 TH317

Lead Author: Tate Shorthill Co-author(s): Han Bao, han.bao@inl.gov Edward Chen, echen2@inl.gov Heng Ban, heng.ban@pitt.edu

An Application of a Modified Beta Factor Method for the Analysis of Software Common Cause Failures
This paper presents an approach for modeling software common cause failures (CCFs) within digital instrumentation and control systems. CCFs consist of a concurrent failure between two or more components due to a shared failure cause and coupling mechanism. This work emphasizes the importance of identifying software-centric attributes related to the coupling mechanisms necessary for simultaneous failures of redundant software components. The groups of components which share coupling mechanisms are called common cause component groups (CCCGs). Most CCF models rely on operational data as the basis for establishing CCCG parameters and predicting CCFs. This work is motivated by two primary concerns: (1) a lack of operational and CCF data for defining software CCF model parameters; (2) the need to model single components as part of multiple CCCGs simultaneously. An approach was developed to account for these concerns by leveraging existing techniques; a modified beta factor method allows single components to be placed within multiple CCCGs, while a second technique provides software-specific model parameters for each CCCG. This hybrid approach provides a means to overcome the limitations of conventional methods while offering support for design decisions under the limited data scenario.

An Application of a Modified Beta Factor Method for the Analysis of Software Common Cause Failures

This paper presents an approach for modeling software common cause failures (CCFs) within digital instrumentation and control systems. CCFs consist of a concurrent failure between two or more components due to a shared failure cause and coupling mechanism. This work emphasizes the importance of identifying software-centric attributes related to the coupling mechanisms necessary for simultaneous failures of redundant software components. The groups of components which share coupling mechanisms are called common cause component groups (CCCGs). Most CCF models rely on operational data as the basis for establishing CCCG parameters and predicting CCFs. This work is motivated by two primary concerns: (1) a lack of operational and CCF data for defining software CCF model parameters; (2) the need to model single components as part of multiple CCCGs simultaneously. An approach was developed to account for these concerns by leveraging existing techniques; a modified beta factor method allows single components to be placed within multiple CCCGs, while a second technique provides software-specific model parameters for each CCCG. This hybrid approach provides a means to overcome the limitations of conventional methods while offering support for design decisions under the limited data scenario.

Paper TH317 | Download the paper file. | Download the presentation PowerPoint file.

Name: Tate Shorthill (ths60@pitt.edu)

Bio: Tate Shorthill is a PhD candidate in mechanical engineering at the University of Pittsburgh seeking to advance the capabilities of risk assessment within the nuclear industry. In 2019, Tate started his work in risk assessment when he joined Idaho National Laboratory as a contractor under the U.S. Department of Energy Light Water Reactor Sustainability program. Tate has since played a critical role in the development of INL’s core capabilities for the risk assessment of digital instrumentation and control (I&C) systems. His work on the identification and quantification of risks associated with highly redundant, safety-related, digital I&C systems have been published in both the Annals of Nuclear Energy and Nuclear Technology journals. Additionally, Tate has a master’s degree in mechanical engineering from Utah State University where he gained experience in the areas of thermal properties, and molecular dynamics.

Country: USA
Company: University of Pittsburgh
Job Title: PhD Candidate