Description of Basic Events and Probabilities for RPS

## 1. Introduction

This chapter presents a Probabilistic Safety Assessment (PSA) and an uncertainty modeling review of a fuzzy approach applied to the Greek Research Reactor (GRR - 1) of the National Center for Scientific Research ‘‘Demokritos’’ [1]. The work was performed as part of the Probabilistic Safety Analysis (PSA) for the Research Reactor [2] in view of the development of new research reactors for radioisotopes production. As it occurs in any reliability study, statistically non-significant events report add a significant uncertainty level in the failure rates and basic events probabilities used on the Fault Tree Analysis (FTA) and in the probabilities of the EndState sequence in the Event Tree (ET) analysis. In order to model this uncertainty, a fuzzy approach was employed to reliability analysis of the GRR -1 Loss of Coolant Accident (LOCA) as Initiator Event (IE). As a case example, a guillotine rupture of the largest (10’’) pipe connected to the bottom of the reactor during full power operation is assumed as the initiator event. The final results have revealed that the proposed approach may be successfully applied to modeling of uncertainties in safety studies.

As part of the licensing process for nuclear power plants can be highlighted three important points and that are part of the official document of the IAEA [3], which can act as recommendations by the agency and should be adopted by anyone who is involved with nuclear reactors projects, they are:

Licensing principles should be established in the regulatory and legal framework. Examples of licensing principles can be presented as follows: The analysis approach to safety should be clearly defined, including the use of deterministic and *probabilistic methodologies* and analytical tools [3].

The following should be verified by the licensee to ensure that safety requirements are met: Design basis analyses and beyond design basis analyses,

*fault tree analyses*, and*probabilistic safety assessments*, as appropriate [3].There are several examples of documents and one important to be submitted to the Regulator is a preliminary safety analysis report before authorization to begin construction, which may include information on site evaluation, the design basis, nuclear and radiation safety, deterministic analyses and complementary probabilistic safety assessment [3].

It is notorious the use of probabilistic methods in the three recommendations mentioned in the agency’s document, and thus our work seeks to make a small contribution to safety assessment studies for nuclear power plant and research reactors.

Probabilistic Safety Assessment (PSA) is a classical methodology that describes each accident's sequence through events trees (ETs), which combined success and failure of the performance or no safety system in an accident or a transient sequence. These initiating events result in sequences of the actions and system demands which may be modeled by the ETs. The accident consequences of the NPP status depend on the plant safety systems performance. The evaluation of the safety systems performance needs the component information, operational data, human error probability and physical phenomenon influence to each accident scenario. An overview of probabilistic safety assessment (PSA) methodologies used in the nuclear power licensing process and safety studies was introduced by Keller and Modarres [4].

Regardless of all innovations which were performed by this new generation of reactors, the possibility of accidents and faults of the security systems still remains. Therefore, committed studies should have accomplished in order to analyze the reliability of this plant concerning the DBAs, which take into account the possibilities of damage for the reactor core in the most different accident’s scenarios. To develop the PSA study involving an important technique known as event tree approach, it is necessary the study of another technique known as fault tree analysis [5], that is the determination of a top event characterized by the failure of the present system in the ET. The Fault Tree analysis is being used in the last fifteen years to evaluate top event in probabilistic safety assessment (PSA level I & II) studies of Pressurized Water Reactor (PWR) nuclear power plants (NPP) and Research Reactors (RR).

The International Atomic Agency has published guides for PSA in research reactors [6] [7], in order to facilitate the application of PSA in that content. In this situation it is very common to employ some generic database, which are not applicable, because the results do not show the real situation of the system function for the future recommendations of project modifications or operational procedure, as the study concludes. In most cases, the Monte-Carlo methods have been used for uncertainty analysis and then, from the obtained results some other important aspects are addressed, like critical component and contribution of the uncertainty of each component for system general uncertainty [8].

Considering also the use of generic data, which was referred in last paragraph, the quantification and propagation of the uncertainty in this study is a very difficult assignment. In this context it is difficult to quantify reliability due to the large number of uncertainties associated with the proper functioning of the front line system of research reactors. Therefore, an appropriate methodology should be proposed. The fuzzy methodology [9] and its engineering applications [10] [11] has been successively applied to uncertainty modeling in fault tree analysis. In this work the fuzzy set theory has been used in order to be accomplished. Considering the above mentioned, the main objective of the work presented here, was the development of an efficient fuzzy approach to be applied on reliability analysis of the Greek - I Research Reactor large break Loss of Coolant Accident (LOCA).

## 2. Description of fuzzy methodology

When the unreliability of each component has a point estimate, the top event unreliability will also be a point estimate. In this work, the component failure probabilities are considered as triangular fuzzy sets to incorporate the uncertainties of each relevant parameter. The membership function, μ_{X} (x), of a triangular fuzzy set is defined as:

with

and

and [x_{1}, x_{3}] are lower bound and upper bound of triangular fuzzy sets. These values may be obtained from the point median value and the error factor (EF) of the failure probability [12]. The lower bound, middle value, and the upper bound are defined as:

where, EF = 5 if 0.01 < q_{p}, EF= 3 if 0.001 < q_{p} < 0.01, EF=10 if q_{p} < 0.001 and q_{p} is the point median value of the failure probability. The fuzzy evaluation of the failure probability of the top event in a fault tree is carried out using α-cut method. The top event can be represented by an N x 2 array, where N is the number of alfacuts.

### 2.1. Importance measures

The identification of critical component is essential for the safety analysis of any relevant system. Many measures are available in probabilistic approach like risk achievement worth, Birnbaum importance, Fussel Vesely importance and so on. Two different importance measures are introduced and they are (1) FIM - Fuzzy Importance Measure and (2) FUIM - Fuzzy Uncertainty Importance Measure.

#### 2.1.1. Fuzzy Importance Measure (FIM)

The evaluation of the contribution of different basic events is essential to identify the critical components in the system. The top event failure probability by making the component ‘i’ fully unavailable (q=1) is:

and for component ‘i’ fully available is:

The fuzzy importance measure (FIM) is defined as:

where, ED [

where a_{L,} b_{L} and a_{U,} b_{U} are the lower and upper values of fuzzy set A and B respectively at each α-level.

#### 2.1.2. Fuzzy Uncertainty Importance Measure (FUIM)

For the importance measure known as fuzzy uncertainty importance measure is proposed to identify the components which contribute maximum uncertainty to the uncertainty of the top event, and is defined as:

where Q = top event failure probability, Qi = top event probability when error factor for component ‘i’ is unity ( EF_{i} = 1), i.e. the parameter of the basic event has a point value or crisp value.

## 3. GRR — 1 Research reactor system description

### 3.1. Plant familiarization and information gathering

Reactor GRR-1 is a typical 5 MW pool-type reactor with MTR-type fuel elements [1] [2], cooled and moderated with demineralized light water. In line with the international Reduced Enrichment for Research and Test Reactor (RERTR) programme, the core has been recently fuelled with Low Enriched Uranium (LEU) elements of U3Si2-Al type. The fuel enrichment is 19.75% and the fissile loading is 12.34 g of 235U per plate. The equilibrium LEU core contains 28 standard fuel elements and 5 control fuel elements, arranged on a 6x9 element grid plate.

Each standard fuel element consists of 18 flat plates. The control fuel element is of the same size as the standard element but consists of only 10 plates, thus providing an inner gap for the insertion of the control blades. The control material is composed of Ag (80%), Cd (5%) and In (15%). The core is reflected by Beryllium on two opposite faces and is surrounded by a practically infinite thickness of pool water. One graphite thermal column is adjacent to one side of the core. In the middle of the core there is a flux trap. The core is suspended in a 9-m deep water pool of a volume of approximately 300 m^{3}. The fuel elements are cooled by circulating the water of the pool at a rate of 450 m^{3}/h. The water flows downward through the core, passes through a decay tank and then pumped back to the pool through the heat exchangers. A weighted flapper valve attached to the bottom of the core exit plenum enables natural circulation through the core in the absence of forced flow circulation. Core inlet temperature, i.e. pool water, is not permitted to exceed 45^{0}C. Pool temperature depends on reactor power, as well as on external temperature, because the latter affects heat dissipation in the cooling towers. In practice, core inlet temperature has been observed to vary in the range between 20^{0}C and 44^{0}C. Also quite homogeneous temperature conditions prevail in the pool, considering that similar measurements are routinely recorded from thermocouples located at distant positions in the pool (see Figure 1).

**Determination and selection of plant operating states.**

The following plant operation states have been considered.

Nominal full power operation (5MW)

Reduced power operation

Start-up operation

Reactor subcritical, reactor pool available.

Nominal full power operation is a plant operating state bracketing all others from the safety point of view. This is due to the fact that the reactor pool constitutes a large heat sink that is always available, regardless of the operating state of the reactor

**Initiating event selection**

An initiating event is an event that creates a disturbance in the plant and has the potential to lead to core damage, depending on the successful operation of the various mitigating systems in the plant. *Loss of Coolant Accidents* (LOCA) are all events that directly cause loss of integrity of the primary coolant pressure boundary. *Transient* initiators are those that could create the need for a reactor power reduction or shutdown and subsequent removal of decay heat.

### 3.2. Safety functions

Five basic safety functions incorporate the design of the Greek Research Reactor.

Functions that aiming at preventing core damage to occur following an initiating event:

Control reactivity

Remove core decay heat and stored heat

Maintain primary reactor coolant inventory

Protect containment integrity (isolation, overpressure)

Scrub radioactive materials from containment atmosphere

For each safety function will be presented the corresponding front-line system of the research reactor:

*Control reactivity -***Reactor Protection System**(RPS): Automatic and Manual*Remove core decay heat and stored heat:***Primary Heat Removal System, Reactor Pool (Natural Convection) and Emergency Core Cooling System.***Maintain primary reactor coolant inventory -***Reactor Pool Isolation***Protect containment integrity (isolation, overpressure):***Containment Isolation**and Emergency**Ventilation System**.*Scrub radioactive materials from containment atmosphere:*Emergency Ventilation System

These front-line systems are described in detail the Safety Analysis of the Research Reactor.

**Reactor Protection System (RPS) -** The safety system consists of two independent safety channels, the magnet power supply, and the safety circuit with scrams, reverses interlocks and alarms.

**Primary Heat Removal System -** This system performs the basic safety function of heat removal from the reactor core both under power operation, as well as, following shutdown.

**Reactor pool – Natural Convection** - The reactor pool presents a major heat sink capable of independently absorbing the heat generated in the core in most of the cases. Natural convection is made possible through the opening of a weighted flapper valve sealing the core exit plenum.

**Emergency Core Cooling System -** In the event of a LOCA accident resulting in loss of the primary water and core uncovery the Emergency Core Cooling System (ECCS) can spray the reactor core through a 5cm diameter pipe with water coming from a 250 m3 storage tank located 30 m higher than the surface of the reactor pool. The water tank can be continuously filled by the city water.

**Containment Isolation** - In the event of an emergency, the normal ventilation system of the containment stops and the containment is isolated through the automatic closure of all existing openings. At the same time the Emergency Ventilation system starts operating.

**Emergency Ventilation System** - Following a manual scram, the pumps of the ventilation system stop and the emergency ventilation starts automatically, removing the possibly contaminated air in a rate of 1500 m3/h.

**Electric Power Supply System -** This is the only support system for the front line systems described above. The system consists of the main power which is received from the utility plus the following sources:

*Non Break Unit:* Stand-by Unit, Central Stand-by Unit and Diesel Motor

### 3.3. LOCA between others initiator events

Five initiating events have been identified in the Greek research reactor, which are the following: Loss of coolant (LOCA), Loss of Flow (LOFA), Excess reactivity, Loss of offsite power (LOOP), Flow Blockage. The associated thermal-hydraulic analysis is given in detail in [13]. Loss of flow might occur in the three ways: either owing to failure of both pumps, or to the failure of the safety flapper or to the butterfly value failure. Finally the following seven initiators are presented:

Loss of Coolant (LOCA)

Loss of Flow owing to pump failure

Loss of Flow owing to flapper failure

Loss of Flow owing to butterfly value failure

Excess reactivity

Loss of offsite power (LOOP)

Flow Blockage

## 4. Large LOCA as application methodology

As an application of our methodology was chosen fuzzy LOCA initiating event. Event Tree (ET) models the possible response of the reactor to loss of coolant. ET (see Figure 2) comprises the following events:

*LOCA (Initiate Event - IE)*- It is assumed that during full power operation there is a guillotine rupture of the largest (10’’) pipe connected to the bottom of the reactor.*Availability of reactor protection system -*Following LOCA the reactor protection system, both automatic and manual systems should shut down the reactor. Success of this event results in scram and hence in interruption of the fission chain reaction.*Pool isolation -*Following LOCA the pool should be isolated from the cooling system. This occurs if the butterfly valves close, either manually or automatically, within 16 min following the accident. Successful isolation of the pool from the location of the break results in the core being immerged in the pool.

### 4.1. Event and fault tree of the LOCA

Since the probability of failure P is generally less than 0.1, the probability of success (1-P1) is always close to 1. Thus, the probability associated with the upper (success) branches in the tree is assumed to be 1 [14], see Fig. 2.

The probability of occurrence of events in a sequence is the product of conditional probabilities of the individual events in that chain. In this study, was considered that, the successive events in a sequence are *independent*, then the probability of a sequence is the product of unconditional probabilities of the individual events (so each front-line system has P failures as identical) [15].

The final results in terms of probabilities for all sequences, No. 1 - 17 (Eqs. 14 - 30), in the event tree, can be determined multiplying each value of probabilities in the branch, following the procedure described as:

All probabilities of failure of each system (P1 - P6) are calculated using the Fault Tree methodology (see figs. 3 - 6). The final upper value of the FT is named of top event, and expressed by the probability calculated using the Minimal Cut Set (MCS). Fault Tree analysis is a technique by which many events that interact to produce other events can be related using simple logical relationships (AND, OR, etc.,); these relationships allow a methodical structure building that represents the system. Symbols called GATES (AND, OR,..), are used to graphically arranging the events into a tree structure, during the synthesis of the tree (represented in the Figs 3 - 6 by simbols 1, 2, 3,..., etc.).

A new approach was proposed in this study using fuzzy logic to try uncertainties, using the procedure described for FT and ET to calculate Top Event Probability and EndState Probability. Basic events in the FT are treated as fuzzy numbers, with lower bound and upper bound. The top event determined in each FT now represents a Fuzzy Top event, with lower and upper bound, to treat the uncertainty in the FT analysis. Following these procedures, the probabilities calculated for ET have fuzzy numbers to make the product, and then the addition, subtraction, and product of the two or more fuzzy numbers are done following the recommendations described in [16]. In this approach triangular membership functions are used as fuzzy numbers (triplet a_{1} a_{2} a_{3}).

The addition of triangular fuzzy number A =(a1, a2, a3) and B =(b1, b2, b3) is defined as:

Thus the addition of two triangular fuzzy numbers is again a triangular fuzzy number.

Similarly subtraction of two triangular fuzzy numbers is also a triangular fuzzy number and it can be given by the following expressions:

The multiplication of two fuzzy numbers *A* *=(a1, a2, a3)* and *B* =*(b1, b2, b3)* denoted as *A*B* can be defined as:

It is evident that the resulting fuzzy number *A* **B* is not a triangular fuzzy number. But in most of the cases, computation with resulting fuzzy numbers becomes very tedious. Thus it is necessary to avoid the second and higher degree terms to make them computationally easy and therefore the product of two fuzzy numbers is reduced to a triangular fuzzy number *(P, Q, R)* or *(a1b1,a2b2, a3b3).*

Applying this concept in the expressions defined from ET, the final result of each sequence is also a triangular fuzzy number, reflecting the uncertainty.

Frequencies of initiating event (IE) appearing in Event Trees ET are estimated according to values in IAEA [7].

### 4.2. System fault tree with top event "Reactor protection system failure", in case of LOCA

### 4.3. System fault tree with top event "No pool isolation"

### 4.4. System fault tree with top event "Natural circulation heat removal failure"

### 4.5. System fault tree with top event "Emergency core cooling system failure"

### 4.6. System fault tree with top event "Containment system failure"

### 4.7. System fault tree with top event "No Emergency ventilation", in case of LOCA

## 5. Results

The studies presented in this chapter, considered a large LOCA GRR - 1 research reactor as a case example. A preliminary study pointed out the classical probabilistic safety analysis. We have used the systems fault tree approach to determine the top event probability in each system, i.e., Reactor Protection System (RPS), Pool Isolation (PI), Natural Circulation Heat Removal (NCHR), Emergency CCS (ECCS), Containment Isolation (CI), and Emergency Ventilation (EV). Applying the values of the probabilities assigned to each basic event in each front line system (see Table 1 - 6), the FuzzyFTA computer coding was used and it has been calculated the fuzzy top event probability to each system, considered in the event trees presented (Figs. 3 - 8). In the Table 7, we can see the upper and lower bound (where alfa-cuts = 0) and middle value (alfa-cuts = 1) of the fuzzy top event calculated to each front line system.

The results obtained by use of FuzzyFTA are presented in picture format. Figure 9 presents the result of the fuzzy top event to the RPS. The results for PI, NCHR, ECCS, CI and EV are not presented here due to graphical similarities. In Figure 10 and 11, is presented the ranking of components with respect to its fuzzy importance measure (FIM) and the fuzzy uncertainty importance measure (FUIM) of the component in relation to general uncertainty of the system for RPS. The results FIM and FUIM for PI, NCHR, ECCS, CI and EV are not presented here for graphical similarities.

The results obtained for each front line system, to probability of fuzzy top event, are used to calculate the probability of the EndState frequency by using the expressions given previously for the calculation using ET (section 4.1, Eqs 14 - 30). The probability of Event Initiator (PIE) for LOCA is 1.2 E-4 / year [1] [2]

In reference [17] was developed a guideline for estimating the lower and upper bound of the estimated failure rate. So the value of IE probability for purposes of calculating is (1.2E-05 1.2E-04 1.2E-03). For all operations of subtraction (1-P) in ET, where P is now a fuzzy number, for probabilities of failure of each system, the value "1" becomes (1 1 1).

Substituting the values of probability and performing fuzzy operations of subtraction, and multiplication can find the final values shown in Table 8 for fuzzy probabilities of each EndState sequences.

Component failure rates and the corresponding unavailabilities for front-line and support systems are given in [2]. The source of the failure rates is the IAEA database [18].

## 6. Conclusion

Recent studies about severe accidents in conventional research reactors pointed to the very low core melt frequency from a initiator event Loss of Coolant (LOCA) of **1.4E-6** by year, for Frequency of core damage and **1.16E-2** for Conditional probability of core damage (/year), given initiator.

The lack of event data record or the use of generic data might have led to high uncertainty level in crisp core melt frequency. The results achieved showed this tendency and the need to apply an uncertainty modeling approach.

The proposed methodology, likewise, was able to generate more realistic and statistically significant numbers. A fuzzy approach is able to estimate consistent values and thresholds for safety assessment as well as to model the high uncertainty level inherent to front-line systems. The data range (lower and upper bounds) showed on Table 8, permit us to conclude that the front line systems introduced by research reactor, in the event tree (ET) have significantly elevated the safety plant level.

The case study presented here has confirmed the great advantage of applying this methodology to the LOCA initiator event in current research reactors and future reactor projects for radioisotopes production.

The uncertainty evaluation presented here allow us to propose the use of this methodology as an alternative approach to be applied in probabilistic safety assessments, particularly in cases where relevant operational data records are not available such as innovative design.

With the assistance of the FuzzyFTA program it was possible to determine the top event of each fuzzy fault tree for each front line system, thus including the calculation of the forecast uncertainty due to the presence of uncertainty in the basic events. It was also possible, using fuzzy concept, to determine measures fuzzy (**FIM**) which allows the components’ rank number, determining the most important components which have greater or lesser relevance to the system as a whole, well as the measure of uncertainty of each component through its ranking (**FUIM**), and its importance to overall system uncertainty. Furthermore, in case of the RPS the two components more important for the RPS system are components 1 and 2. For the overall system uncertainties the two components that are the components most contribute 6 and 10. Thus, it can be the same reasoning applies for the other front-line system using the results obtained by using the FuzzyFTA program for each system.

Using approximations in operations of fuzzy numbers it can be calculated the fuzzy uncertainty associated with probability for each EndState sequence, as if the results were as triangle function. The results thus obtained allow calculating the risk associated with the event initiator, with a degree of uncertainty. Thus, in calculating the final risk (probability of the EndState sequence x consequence), its reduction may be aided by the use of the values of uncertainties in the probabilities in the EndStates of the sequences, together with changes at the level of projects to reduce the general uncertainties of the each front-line system of the event tree and by the end the associated risk.

Improvements can be made in new projects of research reactors for radioisotopes production using this concept to increase the reliability of the project.

The unavailability of the system also plays an important factor when the nuclear project is involved with the production of radioisotopes.