Published:
15, Sep., 2011
Keywords
Fault Tree Analysis; Nuclear Power Plant; Safety
AbstractFault Tree Analysis (FTA) is a failure analyzing method utilizing Boolean logic and low-level events to analyze undesired states of a system. It has been widely applied in safety-critical areas such as aerospace industry. It is suitable for analyzing a complicated system from predefined subsystems. This paper makes use of FTA for the safety of nuclear power plant, especially focusing on some critical subsystems.
Air Force contract to study the Minuteman Launch Control System [1]. Then it was applied to the entire Minuteman Missile System for the prediction of random failure probability of missile launch by a team led by Dave Haasl from Boeing Company. After that, Boeing took FTA during the design of commercial aircraft. In 1965, the first System Safety Conference sponsored by Boeing and the University of Washington started the worldwide interest in FTA [1].
2. Why FTA
For any so-called system, it is impossible to be perfect, and there eventually will be a failure somewhere. Especially, for safety-critical system, the failure could result in significant property or environment damage, and even loss of life. Therefore, it is extraordinarily necessary to deal with the system failure to keep system reliability. But meanwhile, the probability for a complete or partial success is greater than the probability of a complete failure or partial failure, so assembling a success tree can turn out to be very time consuming. And for a complete system, the complexity makes assembling a FTA a costly and cumbersome experience, so it is reasonable to divide subsystems and start analysis from them. In this way, dealing with systems in smaller scale can reduce error work probability and system analysis. Thereafter, the whole well analyzed system can be integrated by these subsystems.
1. Introduction
Fault Tree Analysis (FTA) is one of the most important logic and probabilistic techniques used for reliability and safety analysis, and risk evaluation in large scale, complicated systems. It utilizes deductive and top-down method to analyze system design and performance, and reliability theory, Boolean algebra and probability theory to combine a series of lower-level events. As a tool for analyzing, visually displaying and evaluating failure paths in a system, FTA provides a mechanism for effective risk evaluations in system level [1]. It is applied in Probabilistic Risk Assessment (PRA), system reliability assessment and safety engineering to quantitatively determine the probability of a safety hazard. This tool has been widely familiarized by many people and corporations and used on a regular basis for safety and reliability evaluations [2]. In some fields it is required for product certification. Fundamentally, FTA describes the failure behavior of a physical system in the way of a visual diagram and logic model. Even though for very complicated issues (e.g. complex systems, and complex relationships between hardware, software and humans), FTA can analyze them with a very simple set of rules and symbols [3]. FTA was conceived at the beginning of 1960s by H. A. Watson of Bell Laboratories in connection with the U. S.
Yongzhong TANG are with Hexi University, Information Technology Services Center (tangyz@hxu.edu.cn). Pingzhang GOU are with Northwest Teachers University, College of Mathematics and Information Science(goupz@nwnu.edu.cn).
85
development of FTA with advanced fault tree theory, software codes and new evaluation algorithms [4][5]. Figure 1 demonstrates a typical nuclear power plant with defense-in-depth. Currently the defenses vary depending on the type of plant, the owner of the plant, the purpose of usage and the generation the plant is from, etc.
power plant. For this subsystem, the fault tree can be retrieved as Figure 3. B. Inflammable Gas Control Inflammable gas control, which controls the quantity of hydrogen in pressure tank, is another important subsystem of nuclear power plant. In the high temperature environment of pressure tank, the quantity of hydrogen must be kept in a safe level to prevent burning or even exploding. The fault tree for inflammable gas control is built as Figure 4. The events stand for the following: E1: Reactor core decay produces superfluous hydrogen E2: Reaction between melt reactor core and concrete produces superfluous hydrogen E3: Hydrogen is not discharged out of pressure tank in time A1: Zr is in a large quantity B1: Reactor core is heated at a high speed C1: Operator takes improper actions for heating A2: Water exists in concrete B2: Fragments of reactor are not cooled down in time C2: A great deal of metal is contained in concrete A3: Sensors for detecting hydrogen volume in pressure tank fail B3: Pumps for discharging hydrogen fail C3: Valves for discharging hydrogen fail
From the layered model above, combined with functions of each parts of a nuclear power plant, there are some safety functions extracted (Table ), which can be treated as the functions of subsystems of the nuclear power plant.
TABLE 1 SAFETY FUNCTIONS OF NUCLEAR POWER PLANT Safety function Reaction control Cooling system control Heat discharge Pressure tank isolation Pressure and temperature control Inflammable gas control Goals Stop the reactor Keep the reactor running in normal state Transfer heat from core to cooling system Shut the pressure tank in case of radiation leakage Avoid breaking pressure tank and other equipment Discharge and reallocate Hydrogen in case of explosion
TABLE 2 PRIMARY BUILDING BLOCKS OF FTA [8] Fault Tree Symbols Basic Event stands for the appropriate limit of resolution. Conditioning Event is the condition or restriction for logic gate.it is prior to the inhibit and And-Gate. Intermediate Event is a fault event triggered by antecedent cause through logic gates.
Undeveloped Event is not further developed because of insufficient consequence or information unavailable. Or-Gate shows the output event happens only if one or morel of the input happens.
And-Gate shows the output event happens only if all of the input happens.
86
International Journal of Advanced Computer Science, Vol. 1, No. 2, Pp. 84-86, Aug. 2011.
5. Conclusion
Fig. 2 Heat discharge
FTA can provide a methodology for the development and quantification of the potential faults for a complicated and safety-critical system like nuclear power plant. To achieve the complete fault tree of such a complicated system, it is a feasible method to integrate fault trees of each subsystems, which are pre-divided before the analysis.
References
[1] [2]
[3] [4]
[5]
[6]
[7]
[8]
C. A. Ericson II, Fault Tree Analysis - A History, (1999) Proc. the 17th International System Safety Conference. C. V. Ramamoorthy, Y. W. Han & G. S. Ho, Fault Tree Analysis of Computer Systems, (1977) Proc. the National Computer Conference. M. Stamatelatos et al., Fault Tree Handbook with Aerospace Applications, (2002) NASA, August. J. C. Knight, Safety Critical Systems: Challenges and Directions, (2002) Proc. the 24th International Conference on Software Engineering (ICSE 2002). J. S. Feinstein, The Safety Regulation of U.S. Nuclear Power Plants: Violations, Inspections, and Abnormal Occurrences, (1989) the Journal of Political Economy, vol. 97, no. 1, pp. 115-154. ONCOR, Nuclear Energy, http://www.oncor.com/community/knowledgecollege/energy_li brary/elec_nuc.aspx, accessed on August 9, 2010 J. M. Hendrie, Nuclear Power Plants: Structure and Function, (1983) Symposium on the Health Aspects of Nuclear Power Plant Incidents. W. E. Vesely et al., Fault Tree Handbook, U. S. Nuclear Regulatory Commission (NUREG-0492), January 1981