Sin t

1
    Interpretation of the PSA2 methodology on
the light of the stimulus driven theory of
probabilistic dynamics (SDTPD) José M.
Izquierdo Subdirección de Tecnología Nuclear,
CSN Area de Modelación y Simulación
(MOSI) Consejo de Seguridad Nuclear (CSN)
Spain Presented at International Workshop on
Level 2 PSA and Severe Accident Management  
GRS, Koln March 29 31, 2004  
2
Contents

• ?
• ?
• ?
• ?
• ?

1. Past CSN-MOSI activities in classical
PSA2. 2. Past CSN-MOSI developments in advanced
PSA . ISA simulation package 3. Motivation
and main features of SDTPD. 4.
Analysis-synthesis approach to PSA2.
Division into subproblems. 5. Solving SDTPD
equations development of a software module to
add to ISA package 6. Conclusions
3
1. Past CSN-MOSI NUREG 1150 activities (I)

During 2000, CSN-MOSI performed a pilot study to
assimilate NUREG-1150 by reproducing sustantial
portions, as applied to a lead spanish PWR plant.
We also incorporated classical PSA2 software into
MOSI integrated simulation package. Among the
conclusions Results too dependent on engineering
judgments. Variety of industry methods. Methods
too old as of today. No theory to assess
consistency. Main reference An integrated PSA
approach to independent regulatory evaluations of
nuclear safety assessments of spanish NPPs.
EUROSAFE Conference, Paris Nov 26,27 2003.
4
2. Past CSN-MOSI developments in PSA. The ISA
methodology (I)

The Integrated Sequence Analysis (ISA)
methodology proposes the automatic delineation of
the event trees. ISA capabilities entail A
unified theory, of which classical PSA is a limit
case (cooperation with ULB). Tree structured
simulation of sequences, to build up the event
tree associated to a given initiating event New
types of branching, like those derived from
operator actions.
5
2. ISA main code package (II)
6
2. ISA main code package (III)Types of results.
EOP assessment
7
3. Motivation for SDTDP (I) Risk Informed
Regulation

Extended licensing use of PSA, requires
consistency of all safety assessment techniques,
probabilistic as well as deterministic. A unified
theory able to explain present methods would be
welcome for RIR. This may be provided by
dynamic reliability techniques applied
to Precise problem statement. Precise division
in subproblems. Solving subproblems and
synthesizing results.
8
3. Motivation for SDTPD (II) Technical reasons
Main problem consistent treatment of the
dynamics of evolution of accidents
(deterministic) and its interface with system
reliability (PSA). Existing Markov approaches do
not account for transition rates depending on
process variables (temp, pressures). Theory of
probabilistic dynamics (TPD) solves that, but
requires that after any event occurrence, the
system is regenerated. It implies, for instance,
that an event can not condition next events.
TPD cannot model important information
incorporated into the PSA models.

9
3. Main features of SDTPD theory (I) Stimuli

Stimulus any situation that potentially causes,
after a given time delay, an event to occur and
subsequently a branching to take place. Examples
Containment spray setpoints, flammability
conditions, alarms. TPD is unable to handle
events that require stimulus activations, however
stimulus implied almost always in PSA house
events, operator alarms, latent errors,
conditioned phenomena. Stimulus history
influences result (nonMarkov).

10
3. Main features of SDTPD (II) Enlarging states
Allows for stimulus, by enlarging the states to
three main vectors Vector x describes process
variables evolution Vector j describes status
of systems/components Vector I describes status
of stimulus Defines the ingoing density,
probability density per unit time of entering a
state, including allowance for the activation
times of all stimuli, and for the last time of an
event. Directly related with the exceedance
frequency. Main field variable.

11
3.-Main features of SDTPD theory (III) Field
equations for exceedance frequency
Closed, fully dynamic equations have been
derived for the calculation of the sequence
frequency, damage exceedance frequency, and
stimulus activation frequency. Valid for
sequences during accident time and for random
events during the preaccident period. Reduces to
TPD only if stimuli regenerate at all
events. Summary paper to be presented in PSAM7.
Separate copy distributed at this meeting.

12
4.-Analysis-synthesis approach to
PSA2. Application of SDTPD
Rather than attempting to solve the overall
SDTPD equations, the approach is to rigorously
prove the consistency of its decomposition into
smaller subproblems, each one with its own SDTDP
equations. SDTDP formally states the overall
problem, as well as any well posed subproblem.
For instance, for loosely coupled portions of
the plant model, SDTDP naturally requires ingoing
density boundary conditions of the SDTPD
equations. These ingoing densities also have
their own SDTPD, rigorously decomposing the
problem into subproblems of the same nature.

13
4. Problem statement. The role of block
diagrams

Statement of the problem made with the help of
one or several integrated codes. Block diagrams
built with explicit description of all headers
(both phenomena and systems), as modelled in the
reference codes. Block diagrams play in
modelling the same role as pipe or
electric/electronic diagrams play in system
hydraulic or electric/electronic designs. They
are used at several stages of the integrated
codes development and are easy to develop with
modern computing techniques.
14
4. Division in subproblems. Basic criteria
Subproblems defined according to accident
progression phases (invessel-exvessel, early or
late). Each phase generates precursor sequences
for the next, much like PSA1 sequences are
precursors for PSA2. necessary conditions for
source term damage (for instance, different modes
of vessel and containment ruptures). loosely
coupled plant system sets, like containment,
reactor and its cavity, etc. Boundary conditions
in-between sets, very important.

15
4. MELCOR versus ASTEC block diagrams

MELCOR block diagrams help much in the
delineation of the stages of the PSA2 method.
Other codes as ASTEC, MAAP may be used with the
same purpose. Due to the exploratory nature of
the Event Tree delineation, use of large scope,
integrated, fast running codes is more
appropriate. MELCOR is becoming too heavy for
this application.
16
4. MELCOR block diagramsexamples
17
5. SDTPD ISA software module


The probability module of the ISA package is
being adapted to include SDTPD equation solvers
that interface with the plant module. It is
necessary that the integrated code has such a
modular flexibility as to resolve all types of
subproblems, helping the user in the division
process. A pilot plan is expected as part of the
SARNET project PSA2 WP3. Accident management
guidelines also expected to be integrated into
the EOP module.
18
6. Conclusions (I)


CSN/MOSI is in the process to unify methods for
independent regulatory assessment of RIR
applications. The unification process includes a
common and consistent approach to traditional
accident dynamics as well as to system
reliability techniques. Care is exercized to
ensure that all prior engineering work is
respected . At the same time the framework should
be able to incorporate new information. Todays
knowledge of severe accident phenomena allows for
a more dynamic approach in PSA2.
19
Conclusions (II)

SDTPD provides a framework for PSA2 code
development. Incorporation of its solution into
CSN-MOSI ISA package, should result in a more
unified approach with the rest of PSA techniques
and RIR applications, maintaining past
engineering work effort. This is in line with
SARNET integration policy purposes. The
approach follows in paralel with traditional PSA
techniques for problem decomposition, keeping the
same overall structure and calculating the same
type of results. However, it is expected to
provide a more rigorous and defendable future
methodology.