Critical Issues Concerned with the Assessment of...

1

IAEA Technical Meeting on Probabilistic Safety Assessment for New Nuclear Power Plants’ DesignVienna, October 1-5 2012

Critical Issues Concerned with the Assessment of Passive System Reliability

Luciano BurgazziENEA, Bologna, Italy

[email protected]

2

Outline

• Introduction– Passive Systems– Passive Systems Reliability and Safety– Applications to AdvancedReactors– Thermal-hydraulic (t-h) Passive Systems

• Reliability AssessmentApproaches

• Open Issues– Uncertainties– Dependencies– Integration into Accident Sequenceswithin a PSAFramework– Passive vs Active Systems

• Summary

• Outlook

3

Generics

• Innovative reactors largely implement passivesafety systems

• Reactivity control, decay heat removal, fission product containment

• Applications of passive systems for innovative reactorsdemand highavailability and reliability

• PSA analysis

• Accident sequence definition and assessment– Event Tree and Fault Tree model

• Introduction of a passive system within an accidentscenario in the fashion of a front-line system and incombination with active systems and human actions

4

Recalls

• IAEA (IAEA-TECDOC-626) definitions:– Passive Component: a component which does not need any external

input to operate

– Passive System: either a system which is composed entirely ofpassive components and structures or a systemwhich uses activecomponents in a very limited way to initiate subsequent passiveoperation

• Passive SystemCategorization:– A: physical barriers and static structures,

– B: moving working fluids,

– C: moving mechanical parts,

– D: external signals and stored energy (passiveexecution/active initiation)

5

Classification of Passive Systems

6

Examples

7

Passive Systems in Advanced Reactors

AP1000 RCS and

AP1000 Passive Core Cooling System

Automatic depressurization valvesPassive Decay Heat Removalnatural circulation heat removal

Passive Safety InjectionCMT, accumulators, IRWST, ADS

Sump recirculation

8


AP1000 Passive Residual Heat Removal (PRHR)

9


AP1000 Passive Safety Injection

Sump Screen

DVI conn.

10


AP1000 Containment and Passive Containment Cooling System (PCCS)

11


ESBWR design and passive safety systems

12


ESBWR Isolation Condenser arrangement

13


ESBWR Passive Containment CoolingCondenser arrangement

14

Passive System Reliability

• Probabilistic reliability methods for passive A safety systems have been extensively developed and applied in fracture mechanics

• For several passive C and D systems reliability figures may be derived from operating experience

• For passive B type systems basing on physical principle (natural circulation, i.e. gravity and density difference) denoted ast-h (thermal-hydraulic) passive systems, there is no agreedapproach towards their reliability assessmentyet

• T-h passive system reliability

– deviationsof natural forces or physical principles from the expectedconditions, rather than classical component mechanical and electrical faults

15

Thermal-hydraulic Passive System Reliability

• Natural circulation : small engaged driving forces and thermal-hydraulic factors affecting the passive system performance (e.g. non condensable fraction, heat losses)

• System from the predictable nominal performance to the state of degradation of the physical principle in varying degrees up to the failure

• Occurrence of physical phenomenaleading to pertinent failure modes, as: – non-condensable gas build-up, thermal stratification and heat transfer

rate degradation

• Physical principle deterioration dependency on the boundary conditionsand mechanismsneeded for start-up and maintain the intrinsic principle

• Passive Systems fordecay heat removal implementing in-pool heatexchangers and foreseeing the free convection (e.g.PRHR for AP 600and AP 1000,Isolation Condenserfor SBWR and ESBWR)

16

T-h Passive Systems in Advanced Reactors

Isolation Condenser (SBWR, ESBWR)

• Core Decay Heat removal from the reactor, by natural circulation following an isolation transient, including a heat sourceand a heat sinkwhere condensationoccurs via a heat exchanger

• Limit the overpressurein the reactor system at a value below the set-point of the safety relief valves, preventing unnecessary reactor depressurization

• Isolation Condenser actuation on MSIV position, high reactor pressure and low reactor level

Turbine

Feedwater

Steam

Liquid

Vessel

CoolingPool

Isolation Condenser

Pool Makeup

Drain Valve

Vent Line

Vent Valves

Suppression Pool

Scheme of the Isolation Condenser

17


• System/component reliability(piping, valves, etc.)– mechanical component reliability

• Physical phenomena “stability” (natural circulation)– factors impairing the performance/stability of the physical principle

(gravity and density difference) upon which passive system operation is relying

– dependency on the surrounding conditions related to accident progress, affecting system behaviour

– this could require not a unique unreliability figure, but the reevaluationfor each sequence following an accident initiator

– thermal-hydraulic analysis is helpful to evaluate parameter evolution

18

• Difference between– Passive system availability

• probability of system start-up and natural convection inception

– Passive system reliability• probability of the system to accomplish the safety function, along the

designated mission time

• conditional on natural circulation activation

• Uncertainties related to the performance assessment– aleatory, e.g., initial conditions, geometry, materials

– subjective or epistemic, e.g. t-h correlations (both analytical and experimental) and coefficients for system t-h modeling


19

Exisiting Methodologies for Passive System Reliability Assessment

• Reliability of passive safety systemshas been considered as animportant international standard problem exercise

• To achieve a consistentmethodology

– to capture all the phenomena involved and their interactions

– to merge probabilistic and physical, i.e. t-h, aspects (t-h simulations)

• REPAS(REliability of PAssive Systems) (late '90s)

– ENEA, University of Pisa, Polytechnic of Milano, University of Rome• J. Jafari, F.D’Auria, H. Kazeminejd, H. Davilu, Reliability evaluation of a natural

circulation system, Nuclear Engineering and Design 224 (2003) 79–104

• RMPS (Reliability Methods for Passive Safety Functions)

– Fifth European Union Framework Programme project (2001-2004)• Marques M., et al., Methodology for the reliability evaluation of a passive system and

its integration into a Probabilistic Safety Assessment,Nuclear Engineering and Design 235 (2005) 2612–2631

• APSRA(Assessment of Passive System ReliAbility)

– Bhabha Atomic Research Centre (India)• Nayak A. K., et al.,Passive system reliability analysis using the APSRA methodology,

Nuclear Engineering and Design, Volume: 238, Issue: 6, June, 2008, pp. 1430-1440

20


• RMPS− identification and quantification of the sources ofuncertainties

and determination of the important variables

− propagation of the uncertainties through a t-h model andreliability evaluation of the t-h passive system

− integration of the t-h passive systemin an accident sequence, asa basic event

• APSRA– failure surface: deviationsof all critical parameters influencing

the system performance through test data analysis

– causes of deviation through mechanicalcomponents (as valves, control systems, etc.) failure analysis

– failure probability through classical PSA(fault tree)

21

• Currently, the APSRA methodology developed by BARC andthe RMPS methodology developed by EU are used for analyzing reliability of passive safety systems

• While in the RMPS methodology the deviation of key parameterscausing the failure of the system is accounted by a probability density function based on expert judgment, on the other hand, in the APSRA methodology the functional failure due to deviation of parameters is correlated with the failure of actual components

• The APSRA methodology relies on in-house experimental data to account codeand modeling uncertaintiesunlike that in RMPS methodology


22

Open Issues Related to t-h Passive System Reliability

• Analysis of the different methodologies proposed so far

• Uncertainties– Passive system performance– T-h code

• Dependencies– Relevant parameters

• Integration within an accident sequencewithin a Probabilistic Safety Assessment(PSA) framework, in combination with an active systems and human actions

• Passive vs activesystems

23

Sources of Uncertainties related to Passive System Evaluation

• Uncertainties related to natural circulation system behaviour prediction– deviationsof the natural forces or physical principles from the

expected conditions– phenomenological uncertainties, due to scarcity of operational and

experimental data– best estimate code (e.g. RELAP, CATHARE) uncertainties

• inadequate physical modelsbuilt in the codes to represent a specific phenomena;

• absence of modelsto represent a particular phenomena;• approximation in simulating system geometry;• deviations of the input parameters in respect of initial and boundary

conditions; • uncertainties in thermophysical propertiesand thermohydraulic

relationships

• Difficulties in performing meaningful reliability analysis and deriving credible reliability figures

• Expert judgment elicitation and engineering/subjective judgment

24

Sources of Uncertainties related to Passive System Evaluation

Categories of uncertaintiesassociated with T-H passivesystems reliability assessment

Zio, E., Pedroni, N.,Building

confidence in the reliability assessment

of thermal hydraulic passive systems.

Reliability Engineering and SystemSafety, 94 (2009), 268-281

25

Dependencies

• Assumption of independenceamong relevant parameters adopted in the analysis– safety variables

• e.g. flow rate, exchanged heat– critical parameters driving the modes of failure

• e.g. non-condensable gas

• In case of dependence (e.g. degradation measures), parameters can not be combined freely and independently

• Joint pdfs, e.g. multivariate distributions• Conditional subjective probability distributions• Covariancematrix• Functional relationships between the parameters

26

Event Tree Development

• Limitations of PSA (event treedevelopment)– binary representation (success or failure, intermediate states are usually

not treated)– time treatment (chronology of events instead of actual timing)

• Need for the development of dynamic event treein order to evaluate the interaction between the parameter evolutionduring the accident and the system state

• Evaluation for 72hours grace period, compared to 24 hours in classical PSA

• Time-variant stochastic process– the evolution of physical parameters over time, in terms of probability

distributions

27

Active vs Passive

• Functional and economiccomparison of active vs passive safety systems, required to accomplish the same mission

• Passive– Advantages e.g.,

• no external power supply: no loss of power accident• no human factor• better impact on pubblic acceptance, due to the presence of “natural

forces”• less complex system than active and therefore economic competitiveness

– Drawbacks e.g., • reliance on “low driving forces”, as a source of uncertainty• licensingrequirement (open issue)• reliability assessment in any case (lack of data)

28

Criticality Analysis

Importance analysis

Grade rank for importance and advancement analysis

29

Summary

• As the future reactor concept makes use of passive safety featuresin combination with active safety systems, the question of Natural Circulation Decay Heat Removal (NCDHR) reliability and performance assessment into the ongoing PSA constitutes a challenge

• Development of a consistent methodology for the evaluation of thereliability of the passive systems

• Difficulties in evaluation of functional failure of passive systems, i.e.theprobability of the system to fail to accomplish the required safety function,e.g.,– lack of operational data– lack of sufficient experimental data from Integral Facilities or even from

Separate Effect Tests in order to understand their performance characteristicsnot only at normal operation but also during transients and accidents

– capability of so called “Best Estimate Codes” for such systems• uncertainties in prediction

– difficulty in modeling the physical behavior of such systems, as• effect of non-condensable gases on condensation, etc.

– difficulty in modeling such systems in a probabilistic framework

30

Path forward (1/2)

• Future needs

� Clear rules for identification and quantification of uncertainties� Formal expert judgment (EJ) protocol to estimate distributions for

parameters whose values are either sparse or not available� Sensitivity analysis techniques to estimate the impact of changes in

the input parameter distributions on the reliability estimates

� Clear distinction between the prediction of the thermal hydraulic codeand the true behaviour of the passive system under consideration� Problem of model uncertainties

� The time dependenceof the passive system reliability� Dynamicevent trees

31

Path forward (2/2)

Future needs(following):

� Evaluation of the dependenciesamong relevant system parameters

� Comparison of different methodologies

� Mergeelements of different methodologies : RMPS, APSRA/BARC, REPAS methodologies, since high dependencyof results upon the assumptions underlying the models

� Establishguidelinesand criteria for the comparison of active and passivesystems

32

International Efforts in Progress

� IAEA Coordinated research project (CRP) on“Development of Methodologies for the Assessment of Passive Safety System Performance in Advanced Reactors”(2008-2011)� the objective is to determine a common analysis-and-test methodfor

reliability assessment of passive safety system performance� qualification of methodologies for reliability analysis of passive systems

against experimental data

� IAEA CRP on “Natural Circulation Phenomena, Modelling and Reliability of Passive Systems” (2004-2008)� TECDOC-1474, “Natural Circulation in Water Cooled Nuclear Power

Plants”, November 2005� TECDOC-1624, “Passive Safety Systems and Natural Circulation in

Water Cooled Nuclear Power Plants”, November 2009� TECDOC-1677, “Natural Circulation Phenomena and Modelling, for

Advanced Water Cooled Reactors”, March 2012

Critical Issues Concerned with the Assessment of...

Documents

Transcript of Critical Issues Concerned with the Assessment of...