Dendros

A realistic Dynamic Event Tree (DET) should be able to use a large set of data produced by the Probability Safety Analysis (PSA) in order to obtain the probability of a sequence and to reduce the number of branches.

The latter also requires a comprehensive approach to manage individual FT and a defined strategy. Headers of a typical PSA may include thousands of basic events many of them shared between different systems.

The FT system is modeled by a logical function, and the cumulative probability calculation involves the use of Boolean algebra.

The decision on whether or not a branch must include as an essential criterion the probability of the sequence associated to not explode the size of the tree.

Multiple failures

Train systems that lead to a multiple branch have to be included in the method.

Quasi-simultaneous events are also common. For example there are a lot of demands for systems which occur in the reactor trip signal.

Absorbing states

SCAIS is able to stop the simulation when a sequence has reached a state where no branching is expected more and / or information obtained is sufficient to qualify the status of the plant.

Robustness

DENDROS is fault tolerant that means it allows the physical process simulating a branch to be interrupted for any reason, at any time, without interrupting the ET itself.

DENDROS simulation generate and receive information about the crossing points (set point).

The Probabilistic calculation engine takes care of the probability calculation of opening of branches, the activation/deactivation of nodes and delay time in opening branches. This engine is an external process designed to connect to BDD, although is currently disconnected from DENDROS, since the calculations of probabilities associated with the sequences are being made with a posteriori Risk Assessment module. It is possible to adapt the Risk Assessment module to be coupled to online simulations and make DENDROS to not open branches when probability is too low.

DENDROS Architecture

The leading figures of the DENDROS architecture presented in this section.

It has two main classes in DENDROS: Tree and Scheduler.

Scheduler is a loop listener that handles all message flow between all the processes involved in the generation of the ET, such as simulation and probabilistic Engines.

Tree. It manages ET generation. The input (configuration files and simulation) is managed by the DET class that is used to analyze and store data from the input files.

Finally there are two classes that implement joined dynamically generated events, Node and Branch. Node stores information about the nodes, such as parent node, hanging branch … Branch stores information about the simulation associated parent node …

Calculation flow

Here the flowchart (Figure 5.2) to DENDROS shown.

Scheduler starts a BABIECA simulation and assigns that to a tree. Each simulation generated has its own calculation of associated probabilities, which is in charge of calculating all probabilistic parameters involved in the generation of trees.

After launching the nominal simulation DENDROS enters a loop listening on all the processes involved in creating the tree, and distributes the work between the different parts of the system. When any Babieca generated under Dendros, crosses a set point, communicates DENDROS. This event (in BABIECA) acts as a stimulus (in DENDROS) generated by a node, and must be communicated to calculate probabilities.

Scheduler manages all these branches and their probability in the same way it manages the nominal simulation.

Event Management and branch opening

The overall process of branch opening  can be very complex as it involves handling a large number of variables, both probabilistic process as well as the history of the previous node in the sequence under study.

In the picture below, is shown schematically as events have some delays associated to the creation of the nodes that lead to the tree of dynamic events. Restarts creating simulations in the instants in which the branches are opened is essential to save processing time because the new branches need not simulate earlier times.