1. Field of the Invention
The present invention generally relates to risk assessment tools used in risk modeling. More particularly, the present invention relates to the treatment of common cause failures in software tools for performing a probabilistic risk assessment (PRA).
2. Background Art
Common-cause failure is a known concept within the risk assessment community and is defined as the simultaneous, dependent failure of multiple components in a system due to a shared cause. Common-cause failure models typically address these dependent failures by introducing into the risk models events known as common-cause basic events, which represent the dependent failure of two or more components. The set of common-cause basic events to be introduced into the risk model is derived from a specification of common-cause failure groups created by a risk analyst. Common-cause failure groups are groups of components that the risk analyst considers to be subject to shared causes of failure.
One technique used in conventional risk modeling includes the use of PRA tools in which the risk model is scenario-based. Scenario-based modeling is accomplished using models known in the art as event sequence diagrams (ESDs). An ESD is a schematic representation of a sequence of events leading up to and contributing to a failure in the system being modeled. That is, the ESD is a flowchart with a number of paths showing an overall view of the failure and a combination of components or occurrences leading to the failure. An ESD typically consists of a number of interrelated events. A first of these events is called an initiating event which represents the occurrence of an event significant enough to trigger a catastrophic failure in the modeled system.
Also included in the ESDs are pivotal events, which are interim events whose occurrence or invocation may mitigate or aggravate the probability of occurrence of the initiating event. Finally, the ESD includes an end-state representative of a failure or success of the system due to the initiating event and the pivotal events. A complete ESD will include only one initiating event but may include many pivotal events and end states. The initiating event, the pivotal events, and the end-state are schematically related in a manner that will be discussed in greater detail below.
The pivotal events may be further defined and examined within structures known as fault trees. Each fault tree represents one pivotal event. A fault tree is a schematic representation of the events that contribute to the occurrence of the pivotal event. Thus, an entire ESD may be expressed in terms of a number of different interrelated fault trees, each representing subcombinations of events that contribute to the corresponding pivotal event. The events that form the fault trees are low level events known as basic events. The makeup and structure of the fault trees will also be discussed in greater detail below.
Typically, the basic events, which form the fault tree, may be modeled as independent events, meaning that the occurrence or nonoccurrence of each of the events in the ESD is assumed to be unaffected by the occurrence or nonoccurrence of the other basic events. In general, common-cause failure modeling is concerned with situations where multiple basic events are considered to occur due to a single cause. As stated above, a group of basic events considered to be susceptible to a common-cause failure is known as a common-cause group.
Existing failure models are structured to include and analyze ESDs and fault trees. However, the existing failure models are unable to accurately determine the probability that a common-group will contribute to a system failure. Also, the existing models are unable to efficiently quantify the extent to which the probability of the common cause group can be distributed to the common cause basic events within the group.
In terms of common-cause failures, for example, traditional failure models are able to determine the significance of an independent basic event within the ESD. The process of determining whether regular basic events (independent) may also be members of a much more complex common-cause group is a time-consuming task and therefore more difficult. This process is typically manually accomplished by the individual risk analyst. In these failure models, although it is known that an individual basic event may also be a common-cause event, the model is unable to automatically determine and quantify the extent to which the basic event will likely contribute to the failure of the system under test.
What is needed therefore is a common-cause failure module that is designed with an inherent awareness of the rules for constructing and quantifying common-cause groups and common-cause basic events, and then use these rules to aid the risk analyst in correctly and efficiently introducing these common-cause failures into the risk models.
According to an aspect of the invention, a common-cause failure module is provided which automates the insertion of common-cause basic events into multiple fault-tree structures. In case a regular basic event is found to be a member of a common-cause group, that basic event is automatically replaced by a logical operation that has two or more of the appropriate common-cause basic events associated with the common-cause group. Whenever an uncertainty analysis of the risk model is performed, the common-cause failure module correctly samples the probabilities for the common-cause basic events, such that dependencies and their probabilities are appropriately accounted for within the model.
Consistent with the principles of the present invention as embodied and broadly described herein, the invention includes a computer-readable medium carrying one or more sequences of one or more instructions for execution by one or more processors. The instructions, when executed by the one or more processors, cause the one or more processors to perform the step of automatically inserting common-cause basic events into multiple tree structures in a risk model stored in a computer memory. The processors also perform the step of replacing regular basic events within the multiple tree structures with logic gates including two or more common-cause basic events associated with the common-cause failure group. The logic gates are based on a single definition of a common cause failure group.
In another embodiment, the invention is directed to a method for enabling a user to identify common-cause failure groups within a software risk model stored on a machine-readable computer memory. The method comprises the steps of permitting a user to display a list of existing common-cause failure groups associated with the risk model via a graphical user interface and permitting the user to modify the list using the graphical user interface.
In yet another embodiment, the invention is directed to a system including a processor and a memory comprising a first database stored in the memory, including data representative of a system risk model. The risk model includes at least one event system diagram and a number of fault tree definitions corresponding to the event system diagram. The fault tree definitions are adapted to model an influence of system component failures upon the system. Each fault tree relationship is formed of a number of inter-related basic events. The system also includes a common-cause group defining mechanism configured to permit a user to define a common-cause group in accordance with a number of inter-related basic events. The common-cause group defining mechanism includes one or more graphical user interfaces configured to display defined common-cause groups and permit the user to load the defined common-cause groups into the first database. The common-cause groups are defined in terms of common-cause basic events, each corresponding to a regular basic event. Also included in the system are a fault tree data structure mechanism and a common-cause failure expansion mechanism.
The fault-tree data structure mechanism is configured to define a fault-tree data structure stored in the memory and adapted to convey an interdependence between the fault-tree definitions to form fault trees. The common-cause failure expansion mechanism is configured to apply common-cause failure expansion rules stored in the memory and adapted to convey a union of the regular basic events and the common-cause basic events. The processor is configured to apply the common-cause failure expansion rules to the fault trees to produce an expanded data structure representative of an occurrence of the common-cause basic events. Finally, the expanded data structure is displayed to the user via the one or more graphical user interfaces.
Features and advantages of the invention include a risk module capable of aiding a risk analyst to recognize the probabilities associated with common-cause groups and common-cause basic events and their impact on the operation of the modeled system. Such a module can be implemented using a number of different approaches and will provide the analyst with a technique that is more accurate, more efficient, and faster in understanding the probabilities associated with failure events.