Science and Technology of Nuclear Installations

Volume 2015, Article ID 892502, 18 pages

http://dx.doi.org/10.1155/2015/892502

## Probabilistic Dynamics for Integrated Analysis of Accident Sequences considering Uncertain Events

Lietuvos Energetikos Institutas, Breslaujos 3, LT-44403 Kaunas, Lithuania

Received 16 January 2015; Revised 14 April 2015; Accepted 16 April 2015

Academic Editor: Francesco Di Maio

Copyright © 2015 Robertas Alzbutas. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.

#### Abstract

The analytical/deterministic modelling and simulation/probabilistic methods are used separately as a rule in order to analyse the physical processes and random or uncertain events. However, in the currently used probabilistic safety assessment this is an issue. The lack of treatment of dynamic interactions between the physical processes on one hand and random events on the other hand causes the limited assessment. In general, there are a lot of mathematical modelling theories, which can be used separately or integrated in order to extend possibilities of modelling and analysis. The Theory of Probabilistic Dynamics (TPD) and its augmented version based on the concept of stimulus and delay are introduced for the dynamic reliability modelling and the simulation of accidents in hybrid (continuous-discrete) systems considering uncertain events. An approach of non-Markovian simulation and uncertainty analysis is discussed in order to adapt the Stimulus-Driven TPD for practical applications. The developed approach and related methods are used as a basis for a test case simulation in view of various methods applications for severe accident scenario simulation and uncertainty analysis. For this and for wider analysis of accident sequences the initial test case specification is then extended and discussed. Finally, it is concluded that enhancing the modelling of stimulated dynamics with uncertainty and sensitivity analysis allows the detailed simulation of complex system characteristics and representation of their uncertainty. The developed approach of accident modelling and analysis can be efficiently used to estimate the reliability of hybrid systems and at the same time to analyze and possibly decrease the uncertainty of this estimate.

#### 1. Introduction

A number of different methodologies were proposed in order to analyze stochastic events and the time intervals that elapse between them. The most known theoretical background of these methodologies to treat and analyze dynamic systems was still based on the Markov approach. For instance, the Theory of Probabilistic Dynamics [1–3] was extensively investigated in order to perform analytical modelling and simulation related to the analysis of system reliability and safety. Dynamic reliability techniques [4] have been developed in order to study the reliability parameters of complex dynamic systems having continuous processes and discrete events (e.g., failures) interacting with each other.

In dynamic reliability theory, the concept of reliability includes the interaction existing between the sequence of dynamics and events, such as the crossing of the border of a safety domain in the space of the physical variables and the transitions between dynamics. The large number of states, possible time-dependent delays, and transition probabilities that are to be evaluated may be the most important limitation of using the Markov approach for large sets of system components. In addition, the stochastic events and uncertainty in the parameters of the dynamics complicate the analysis even more. Thus, uncertainty analysis becomes necessary and some general uncertainty estimation and analysis techniques have been further introduced and discussed.

The large parts of commonly used methods for reliability analysis and probabilistic safety assessment (PSA) are usually based on the assumption that the basic events are functionally independent of each other. This assumption does not often hold, and Markov processes are mainly used to account for the time dependence of the reliability and availability functions.

In this case, it is possible to use an assumption that the transfers from state to state follow a Markov process. The initial equations to be considered may be expressed as follows:where is the probability of the system being in state at time and is the system state vector, composed of the set of system states. In (2), as the total transition rate out of state is defined by sum of all , which are the transition rates from state to state . The term , as defined in (3), is called the ingoing density, that is, the instantaneous frequency at which state is entered from any other state at time .

In general, each state can be associated with specific evolution equations for the process variables describing the system dynamics. But, in a Markov process, the probability for the system to stay in a given state during a given sojourn time is independent of the time at which the state is entered, so state probabilities are independent of the past history (memoryless stochastic systems).

The assumption of a Markov approach (i.e., the assumption that the probability that a system will transfer from one particular state to another depends only on the initial and final states of the transition) holds major simplification of the simultaneous equations describing the state space diagrams.

However, even these simpler equations may not be soluble in analytical form, if the transition rates and possible delays between states are time-dependent functions. The analysis is even more complex, if transition rates are uncertain, that is, depend on uncertain parameters.

Initially, for uncertainty analysis and simulation of complex processes, the aggregate approach and the method of control sequences have been investigated and widely used. According to this approach, the simulation of dynamic systems and integration of modelling methods were also considered [5]. According to this approach, the investigated objects are presented as the set of interacting Piecewise Linear Aggregates (PLAs) [6]. The method of control sequences is used for the aggregate specification. Initially, PLA formalism was mainly used for discrete event system specification and analysis of distributed systems [7]. Later on, applying the advantages of PLA, the focus was set on simulation and analysis of hybrid systems considering the stimulated dynamics and interactions with various events [8]. However, the practical application of this approach showed various limitations and a need to look for different approaches or integration of them.

Due to the strong dependence existing along an accident scenario between stochastic events (e.g., operator actions or component failures) and dynamics (i.e., the time-dependent evolution of physical processes, e.g., a change in temperature during a transient), the traditional simulation using discrete PLA formalism or Markov processes is not able to cope with such time-dependent hybrid system simulation. The reliability analysis of the system is even more complex, if transition rates are uncertain, that is, depend on uncertain parameters. Thus, extended approaches are considered in order to cope with this issue and the uncertainty analysis.

The paper, based on a short article in proceedings of conference [9], is constructed as an investigation of issues in probabilistic dynamics to give for the reliability analyst and PSA practitioner a wider and clearer view of how accident sequence analysis considering uncertain events can be performed. This is very relevant for level-1 PSA [10] and especially for level-2 PSA [11]. It is worthwhile to mention that there are various techniques of dynamic event tree generation (e.g., ADAPT [12], MCDET [13]), which are specifically useful for level-2 PSA. The main contribution of this paper to the reliability assessment field is in wider discussion of stimulus-driven treatment of probabilistic dynamics and in practical application of related methods and development of approach for severe accident scenario simulation and uncertainty analysis, which was demonstrated by the test case and extension of its initial specification. This can be further used in the benchmark exercise for comparison of other methods and approaches.

The structure of paper is as follows: after the presentation of introduction and this outline of the paper as well as considered methods and issues (Sections 2.1 and 2.2) the formal concept of stimulated dynamics and dynamic systems is presented in Section 2.3; further, in Section 2.4 the modelling and simulation approach as well as analysis tool is introduced being more specific on implementation algorithm and stimulated dynamics treatment. The proposed approach for analysis of uncertainty issues is emphasized in Sections 3.1–3.3, where the uncertainty estimation and analysis taking into account sensitivity measures as well as the concept for implementation of integrated analysis using coupled software are presented. A practical part of the paper (starting from Section 4.1) is devoted for the test case analysis. Initially, the test case specification is focused on process timing and associated events with its relation to the stimulated dynamics concept accordingly presented in Section 2.1. Then, this case study (in Section 4.2) is presented and for comparison purpose (in Section 4.3) is related to the event tree and simplified analytical modelling. The simulation of time-dependent rupture, which was the main concern in the test case, is described in Section 4.4. Finally, the analysis of uncertain rupture frequency is presented in Section 4.5. In the same section the results of time-dependent uncertainty and sensitivity analysis are demonstrated and related to the idea of how this can be used in order to focus on the rarest sequence with the quite severe consequences and possibly reduce the computational time of simulations performed. Then, by discussions and conclusions, the paper is completed summarizing the related PSA issues and advantages of proposed approach application for accident sequence analysis considering hybrid systems and uncertain events.

#### 2. Stimulated Dynamics and Uncertain Dynamic Systems

##### 2.1. Extensions of the Markov Approach

Extensions of Markov processes initially have been developed for cases where the transition rates depend on process variables, that is, when the TPD is valid [14]. Indeed, in some unfortunately frequent cases, there is a stochastic time delay between events (e.g., satisfaction of ignition conditions and explosion itself). For instance, operators introduce delays in taking actions after alarms that may lead to different further accident developments. In these cases, stochastic delays complicate the situation of the state transitions.

More generally, the same situation occurs whenever, for a transition (event) to occur, some conditions ought first to be fulfilled that depend on the accident transients and timing. These conditions may persist after the transitions to the new states.

A typical example is the occurrence of combustion phenomena only if flammability conditions are met, with delays potentially resulting from stochastic ignition conditions and with potential for multiple combustions if the flammability conditions persist. For instance, this can be actually related to the hydrogen generation and possibility of combustion during the severe accident [15]. The more general conditions (including setpoints for thresholds as particular cases) may be considered as* stimuli* for the transitions (events). When process variables reach those conditions, the* stimulus activation* or start of the delay before the transition can be considered.

Because stimulus activation conditions the occurrence of events, the history of stimulus activations and subsequent delays during the event sequence does matter in calculating the scenario frequencies; extensions of the Markov process equations accounting for these features are then necessary. Those extensions constitute the so-called Stimulus-Driven Theory of Probabilistic Dynamics (SDTPD).

Indeed, SDTPD [14] provides a mathematical basis to estimate the probabilities per unit time of entering states with specified activated stimuli and subsequent delays. Exceeding safety objectives is a particular case of stimulus, so SDTPD considering various stimuli has the potential for analyzing multiple objectives, including safety [16].

More recently, the simplification of SDTPD or Theory of Stimulated Dynamics (TSD) was developed for the analytical modelling and the simulation of hybrid (continuous-discrete) systems [8, 17]. The theory at first deals with instantaneous and random variations of process variables; then, it introduces the concept of stimulus and how it can be implemented [14]. Both a semi-Markov and a non-Markovian treatment may be used in order to adapt TPD for practical applications, mostly in the context of PSA. The development of TSD as well as related methods and simulation methodologies has been used by the TSD developers as a basis in the perspective of their applications for PSA and severe accident analysis.

Since the application of TSD-related methods to the traditional PSA concept [18] needs a formal approach, the new definitions and issues of uncertainty analysis are specified and discussed. Then the related investigation of reliability and uncertainty analysis is performed.

##### 2.2. Issues of Uncertainty Analysis

The part of uncertainty related to any estimation can be considered as a spread or distribution in the value of the result estimate. Obviously, the spread in this estimate is related to the spread in the parameters of the probabilistic model used to estimate the result, for example, risk [16].

However, in addition to uncertain model parameters, another cause of uncertainty may arise from incompleteness, that is, from the incomplete modelling or data used in the probabilistic model itself or in the analyses used to derive the model. The uncertainty in inputs may also affect the topology of the probabilistic model or the data and time dependence used to quantify it.

The completeness of the scenario inventory depends on the consideration of each scenario construction, that is, on the way of grouping sequences and assigning to them corresponding frequencies and consequences. The level of conditional risk, given the scenario occurrence, partly represents how rare and important this scenario is from a consequence point of view. However, in order to search for scenarios with almost unpredictable, but possibly severe, consequences, there is a possibility to generate and consider events and dynamics as well as related sequences, which can be very rare.

The technique to search for rare random events is not evident and is not related to traditional PSA; in addition, there is also a concern about how to generate and to consider rare events, which are dependent on the changes in process variables values and timing. Actually, this means that scenarios related to such events are time-dependent and uncertain. Thus, for uncertainty analysis, the scenario development should be considered as well as uncertain parameters.

Uncertainty related to PSA could be classified according to the uncertainty source: the frequency of events and the sequences of dynamics themselves (i.e., dynamics and timing in the process variables space). Taking into account that all sources of uncertainty are important, there is a need for such uncertainty analysis, which considers both sources and at the same time reflects the issue of model incompleteness.

On the basis of this classification, there is a need to note that in the case of the first source of uncertainty, changing the values related to the frequency of event occurrence (e.g., failure rate ) will not create new branching situations. It will affect the likelihood of already possible sequences and scenarios [19], without changes in the possible process variables evolutions and scenarios themselves. Conversely, a change in the value of an uncertain threshold related to a specific event creates a new dynamic trajectory in the process variables space.

Considering this classification, it is easy to conclude that the first source of uncertainty (i.e., fluctuations of failure or recovery rates or of on-demand failure probabilities) can be propagated with no additional deterministic calculations, as all sequences in the process variables space keep valid. However, the second source of uncertainty, in principle, causes a continuum of additional scenarios with different timing, what requires considering probabilistic dynamics [4]. This uncertainty has an effect on the process variables evolutions and it should therefore be investigated separately in order to save computational resources and represent conditions and scenario-related uncertainty or simulation incompleteness.

Taking into account the main features of dynamic systems, it can be seen that a simulation algorithm relevant for dynamic reliability and uncertainty issues should display the following characteristics:(i)Search for rare conditions under consideration.(ii)Representation of the uncertainty of the conditions considered.

##### 2.3. Formal Concept of Stimulated Dynamics

In the considered case, the modelling and analysis of dynamic systems is related to stimulated dynamics. Dynamics is determined by laws of process variables evolution, which can be indexed by an integer . Process variables can be governed by a set of deterministic equations; that is, , , and . In general, is the dynamic model pertaining to the th configuration and driven by the vector of physical variables .

An instantaneous change of the dynamics due to stimulus activation and subsequent delay elapsing is associated with an event. Event is defined as a transition between dynamics at a certain time . A random event is an event whose occurrence is related to complex nature and timing, which is modelled stochastically, for example, a time distributed failure occurrence. A deterministic event is induced by deterministic rules (analytical equations).

To relate event with stimulus, there is a need to explain that a stimulus covers any situation or conditions whose occurrence, after a time delay, potentially causes an event to occur. An example of such an event can be related to the time moment when following a given process a threshold on pressure is reached and safety functions after the delay (e.g., operator reaction) are activated (see Figure 1).