RPRA 1. The Logic of Certainty 1

Engineering Risk Benefit Analysis1.155, 2.943, 3.577, 6.938, 10.816, 13.621, 16.862, 22.82

ESD.72J, ESD.721

RPRA 1. The Logic of Certainty

George E. ApostolakisMassachusetts Institute of Technology

Spring 2007

RPRA 1. The Logic of Certainty 2

•Event: A statement that can be true or false.

•“It may rain tonight” is not an event.

•According to our current state of knowledge, we may say that an event E is TRUE, FALSE, or POSSIBLE (UNCERTAIN).

•Eventually, E will be either TRUE or FALSE.

Event Definition

RPRA 1. The Logic of Certainty 3

Event

True

False

Possible

RPRA 1. The Logic of Certainty 4

Venn Diagrams• Sample Space: The set of all possible outcomes of an

experiment. Each elementary outcome is represented by a sample point.

• Examples: Die {1,2,3,4,5,6} Failure Time {0, ∞}

• A collection of sample points is an event.S

EVenn Diagram

RPRA 1. The Logic of Certainty 5

Important Note: Xk = X, k: 1, 2, …

Indicator Variables

1 , I f E j i s T

0 , I f E j i s F

X j =

S

EVenn Diagram___E

RPRA 1. The Logic of Certainty 6

)1)(1(1 BAC XXX −−−=

CBA =∪

C jC XX ≡

Union (OR operation)

A B

C

A B

RPRA 1. The Logic of Certainty 7

CBA =∩ BAC XXX =

∏≡ jC XX

Intersection (AND operation)

∅=∩ BAMutually Exclusive Events:

C

A B

A B

RPRA 1. The Logic of Certainty 8

1 N. . . .

CN

j

N

j XXX11

)1(1 ≡−−= ∏failure:

Simple SystemsReliability Block Diagram for the Series System

N1

SystemFailure

...

∏=N

jYY:success1

RPRA 1. The Logic of Certainty 9

∏=N

jXX1

CN

jYY1

=

Reliability Block Diagram for the Parallel System

1

2

i

i+1

N

TOP

1 Ni i+12

RPRA 1. The Logic of Certainty 10

SUCCESS

FAILURE

1 (OK)

2 (R1)

3 (R2)

BARRIER 2BARRIER 1IE

Event-Tree Analysis

RPRA 1. The Logic of Certainty 11

2/3

A

B

C

Fault-Tree Analysis

Reliability Block Diagram for the 2-out-of-3 System

RPRA 1. The Logic of Certainty 12

)]}1)(1)(1(1[1){1(1)]}1)(1)(1(1[1){1(1

)1)(1(1

321

21

ACCBBACBA

CBA

T

XXXXXXXXXZZZXXX

YYX

−−−−−−−=−−−−−−−=

−−−=

Expanding and using Xk = X we get)1)(1)(1(1 ACCBBAT XXXXXXX −−−−=

RPRA 1. The Logic of Certainty 13

Cut sets and minimal cut sets

• CUT SET: Any set of events (failures of components and human actions) that cause system failure.

• MINIMAL CUT SET: A cut set that does not contain another cut set as a subset.

RPRA 1. The Logic of Certainty 14

New fault tree:

ACCBBA XXMXXMXXM === 32,1 ,,

( ) ( ) ( )

)1)(1)(1(1

1111 32

3

11

XXXXXX ACCBBA

jT MMMMX

−−−−=

=−−−−≡=C

Minimal cut sets:

A B B C C A

S y s t e m F a i l u r e

RPRA 1. The Logic of Certainty 15

XT = φ(X1, X2,…Xn) ≡ φ(X)

φ(X) is the structure or switching function.

It maps an n-dimensional vector of 0s and 1s onto 0 or 1.

Disjunctive Normal Form:

CN

1i

N

1iT M)M1(1X ≡∏ −−=

Sum-of-Products Form

∏−∑ ∑∑=

+−

= +==

++−=N

ii

NN

i

N

ijji

N

iiT MMMMX

1

11

1 11)1(...

:

RPRA 1. The Logic of Certainty 16

For the 2-out-of-3 System:

XT=1-(1-XAXB) (1-XBXC) (1-XCXA)

XT = (M1+M2+M3) - (M1M2+M2M3+M3M1) + M1M2M3

But, M1M2 = XAXB

2XC = XAXBXC

Therefore, the sum-of-products expression is:

XT = (XAXB+XBXC+XCXA) - 2XAXBXC

RPRA 1. The Logic of Certainty 17

A

4

1 35

2

B

{X1X2}, {X3X4}, {X2X3X5}, {X1X4X5}

Disjunctive Normal Form:

XT=1-(1-X1X2)(1-X3X4)(1-X2X3X5)(1-X1X4X5)

XT = X1X2+ X3X4+ X2X3X5+ X1X4X5-- X1X2 X3X4- X1X2X3X5- X1X2X4X5 --X2X3X4X5 - X1X3X4X5 + 2X1X2X3X4X5

The Bridge Network

Sum-of-Products Form:

RPRA 1. The Logic of Certainty 18

Causes of Failure

1. Primary failure ("hardware" failure)2. Secondary failure (external, environmental)3. "Command" failure (no input; no power)

N o O u tp u t fro mC o m p o n e n t

P r im a ryF a ilu re

S e c o n d a ryF a ilu re

C o m m a n dF a ilu re

RPRA 1. The Logic of Certainty 19

Reliability Block Diagram for the Fuel-Supply System

Control ValveV2

Control ValveV1

ControlSystem, C

ElectricPower

Source, E

P1

P2

Pump Train 1

Pump Train 2

FuelSource

FuelSource

CoolingSystem,

CO

EmergencyDieselEngine

T1

T2

RPRA 1. The Logic of Certainty 20

Fault tree elements

A2A1

TOP EVENT

“OR” Gate

INTERMEDIATEEVENT, A

“AND” Gate2

Transfer infrom Sheet 2

BasicEvent

A1

BasicEvent

A2

INCOMPLETELYDEVELOPED

EVENT, B

Note: It’s helpful to start the fault-tree development from the output of the system (the top event) and work backwards.

RPRA 1. The Logic of Certainty 21

T

LOSS OF FUELFLOW , T

E LOSS OF TRAIN1

E

Loss of Electricity

1 E LOSS OF TRAIN2 2

Loss of Control

Loss of Cooling

C CO

MECHANICALLOSS OF TRAIN

2

M 2

2 V 2 P 2

E

Loss of Electricity

Loss of Control

Loss of Cooling

C CO

T

MECHANICAL LOSS OF TRAIN

1 M 1

1 V 1 P 1

RPRA 1. The Logic of Certainty 22

A simpler fault tree

T1Fails toSupply

Fuel

No Fuel isDelivered

When Needed

PumpingBranches Fail

Train 2 FailsTrain 1 Fails

P1Fails toPumpFuel

V1Fails

Closed

T2Fails toSupply

Fuel

P2Fails toPumpFuel

V2Fails

Closed

EFails

CFails

COFails

RPRA 1. The Logic of Certainty 23

Development of T1

Tank isEmptied

Inadvertantly(humanerror)

Tank T1Failure to

Supply Fuel

Tank is IntactBut Empty

and Undetected

Corrosion Induced Failure

Tank (andSupply Pipe)is Not Intact

Supply Pipeis Plugged

Tank is EmptyFuelLevel

DetectionFailsTank is

Emptiedin Use andNot Refilled

TankDrain

Valve isLeft Open

EarthquakeInducedFailure

MissileImpact

InducedFailure

InternalFire/Explosion

InducedFailure

HumanAction

SludgeBuildup

FatiqueInducedFailure

CorrosionFaulty

Manufacture& ControlProgram

RPRA 1. The Logic of Certainty 24

System min cut sets

T1, Tank P1, PumpV1, Valve

and of T2, Tank P2, PumpV2, Valve

Any combination of

an element of

C Control Systemor

E Electric Power Sourceor

CO Cooling System

plus

RPRA 1. The Logic of Certainty 25

RPRA 1. The Logic of Certainty 26

Examples of Initiating Events

• Loss of Coolant

• Transients

• Human Error

• Loss of Power

• Fires

• Airplane Crashes

• Earthquakes