KR20240032552A - Apparatus for predicting process time of operator in dynamic discrete event tree and method thereof - Google Patents

Abstract

A method and device for predicting operator action points in a dynamic discrete event tree are disclosed.
This device includes a physical module that collects monitoring variables and control variables while performing simulation of a physical model, a diagnostic module that determines a branching rule to determine the branching of the simulation using the monitoring variable, and at least one branch based on the branching rule. A scheduler that creates a point, a device operation module that calculates branching probabilities related to the failure of multiple devices and the timing of operator action based on at least one branch point, and a device operation module that changes control variables, and the scheduler creates a dynamic discrete event tree. It includes a simulation control unit that performs control to re-perform the used simulation. Here, when the conditions of the branching rule for the monitoring variable are met, the diagnostic module uses the human error probability for the preset diagnosis, the human error probability for the execution, and the operator's available time under the control of the scheduler to determine the operator action time. Includes predictive operator model.

Description

Operator action time prediction device and method in dynamic discrete event tree {APPARATUS FOR PREDICTING PROCESS TIME OF OPERATOR IN DYNAMIC DISCRETE EVENT TREE AND METHOD THEREOF}

The present invention relates to an operator action point prediction device and method in a dynamic discrete event tree.

The event tree (ET) used in reliability engineering refers to a method of branching a scenario into two or more to reflect the situation that changes at that point when a certain condition is met, and showing the development of each scenario. Here, the point at which the scenario branches when a certain condition is met is referred to as a branch point, and in the event tree, the analyst utilizes prior knowledge to determine in advance the order in which multiple branch points will arrive.

However, the conventional event tree cannot reflect the simulation results of the physical model because the analyst uses prior knowledge to specify in advance the order in which the branching points will arrive. In addition, the conventional event tree cannot apply changes to the physical model that simulates the process for each quarter when evaluating the safety of the process, so there may be a disadvantage in that the accuracy of the simulation results of the physical model is reduced. there is.

Meanwhile, the Dynamic Discrete Event Tree (DDET) is conceptually identical to the existing event tree methodology. However, the dynamic discrete event tree is different from the existing method, which sets the order of branch points in advance, because it sets branch points by reflecting the results of simulating the physical model in real time, rather than determining branch points in advance. In particular, a method different from the general event tree is needed to control the physical model through human intervention or to simulate cases where accidental factors, such as equipment failure, occur. In other words, in this scenario analysis, a dynamic discrete event tree must be applied because the existing event tree that starts with a branch point set in advance is no longer valid.

In this way, in order to construct a dynamic discrete event tree, a method of implementing branching rules that can determine branching points is needed, and a function to differentiate the settings of the physical model for each branch is needed.

Branches are created depending on conditions such as the physical state of the engineering system and the health of the device, and after the branch, a scenario develops with different physical characteristics. At this time, branch creation may change depending on human intervention. For example, a failed branch may occur due to human (operator) error while the device is in operation. For example, when using a dynamic discrete event tree to evaluate the safety of a nuclear power plant, the influence of the operator must be considered in addition to the soundness of the equipment.

In evaluating engineering system safety, the widely used Human Reliability Analysis (HRA) quantifies failed branches by calculating the Human Error Probability (HEP) based on the operator's available time. It is used in However, the dynamic discrete event tree methodology requires the time at which operator actions occur along with the human error probability as important information. Therefore, a method for predicting operator action timing based on existing human reliability analysis methods is needed.

The problem to be solved by the present invention is to provide a driver action point prediction device and method in a dynamic discrete event tree that can accurately predict the operator's action point by implementing a reinterpreted operator model based on human reliability analysis.

In order to achieve the object of the present invention as described above and realize the characteristic effects of the present invention described later, the characteristic configuration of the present invention is as follows.

According to one aspect of the present invention, a device for predicting operator action points is provided, the device comprising:

It is a device that predicts the operator's action point in a dynamic discrete event tree, a physical module that collects monitoring variables and the control variables while performing a simulation of a physical model, and a branching rule for determining the branch of the simulation using the monitoring variable. A diagnostic module that determines, a scheduler that generates at least one branch point based on the branch rule, and a branch probability related to failure of a plurality of devices and the timing of operator operation based on the at least one branch point, It includes a device operation module that changes the control variable, and a simulation control unit that performs control to cause the scheduler to re-perform simulation using a dynamic discrete event tree, and the diagnostic module determines that the condition of the branch rule for the monitoring variable is When satisfied, it includes an operator model that predicts the operator action time using the human error probability for the preset diagnosis and the human error probability for performance and the operator available time under the control of the scheduler.

Here, the operator model determines whether the operator has made a normal diagnosis, and when it is determined that the operator has made a normal diagnosis, the operator takes action for the diagnosis using the operator available time, the preset nominal diagnosis time, and the nominal performance time. A diagnosis time determination unit that determines the diagnosis time indicating time, determines whether the operator has successfully performed the operation, and when it is determined that the operator has succeeded in the performance, the operator available time, the diagnosis time determined by the diagnosis time determination unit, and It includes an execution time determination unit that uses the nominal execution time to determine an execution time representing the operator action time for the execution, and an operator action time determination portion that determines a final operator action time by adding the diagnosis time and the execution time. .

In addition, the diagnosis time determination unit includes a normal diagnosis determination unit that determines whether the operator has made a normal diagnosis, and when the normal diagnosis determination unit determines that the operator has made a normal diagnosis, the operator available time, the diagnosis nominal time, and It includes a diagnosis time range setting unit that sets a diagnosis time range using the nominal performance time, and a diagnosis time selection unit that selects a specific time within the diagnosis time range set by the diagnosis time range setting unit as the diagnosis time.

Additionally, the normal diagnosis determination unit generates a random number between 0 and 1 following a specific probability distribution, and if the generated random number is greater than or equal to the human error probability for the diagnosis, it is determined that the operator has made a normal diagnosis.

In addition, the diagnosis time range setting unit sets the minimum value of the diagnosis time range to 0, and the maximum value of the diagnosis time range is a level proportional to the nominal diagnosis time among the times excluding the nominal performance time from the operator available time. Set as the maximum available time for the operator for diagnosis.

In addition, the level proportional to the nominal diagnosis time follows the level set by SPAR (Standardized Plant Analysis Risk)-H (Human Reliability Analysis).

In addition, the execution time determination unit includes a performance success determination unit that determines whether the operator has successfully performed the operation, and when the performance success determination unit determines that the operator has succeeded in the performance, the operator available time, the diagnosis time, and the It includes an execution time range setting unit that sets an execution time range using a nominal execution time, and an execution time selection unit that selects a specific time within the execution time range set by the execution time range setting unit as the execution time.

In addition, the performance success judgment unit generates a random number between 0 and 1 following a specific probability distribution, and if the generated random number is greater than or equal to the human error probability for the performance, it is determined that the operator has succeeded in the performance.

In addition, the execution time range setting unit sets the minimum value of the execution time range to 0, and the maximum value of the execution time range is a performance level proportional to the nominal execution time among the operator available time excluding the diagnosis time. Set as the maximum available time for the operator.

Additionally, the level proportional to the nominal execution time follows the level set by SPAR-H.

According to another aspect of the present invention, a method for predicting operator action time is provided, which method includes:

A dynamic discrete event tree simulation device is a method of predicting operator action timing in a dynamic discrete event tree, collecting monitoring variables and control variables while performing a simulation of a physical model including a plurality of devices and operator action execution timing, Determining a branching rule using the collected monitoring variables, and performing a simulation of the physical model according to a preset operation mode based on the determined branching rule, during simulation of the physical model, determining the branching rule for the monitoring variable. If the condition is met, determining whether the operator has made a normal diagnosis; if it is determined that the operator has made a normal diagnosis, the operator for the diagnosis using the preset operator available time, and the preset nominal diagnosis time and performance nominal time; Determining a diagnosis time indicating the action time, determining whether the operator has successfully performed the action, and if the operator is determined to have succeeded in the action, performed using the operator available time, the diagnosis time, and the nominal performance time. It includes determining an execution time representing the operator action time for , and determining a final operator action time by adding the diagnosis time and the execution time.

Here, the step of determining the diagnosis time includes setting a diagnosis time range using the operator available time, the nominal diagnosis time, and the nominal performance time, and selecting a specific time within the diagnosis time range as the diagnosis time. It includes steps to:

In addition, the step of determining whether the operator has made a normal diagnosis is to generate a random number between 0 and 1 that follows a specific probability distribution, and if the generated random number is greater than or equal to the human error probability for the diagnosis, it is determined that the operator has made a normal diagnosis. It includes steps to:

In addition, the step of setting the diagnosis time range includes setting the minimum value of the diagnosis time range to 0, and the maximum value of the diagnosis time range is the nominal diagnosis time among the times excluding the nominal performance time from the operator available time. It includes setting the maximum available operator time for a proportional level of diagnosis.

In addition, the step of determining whether the operator has successfully performed the operation generates a random number between 0 and 1 that follows a specific probability distribution, and if the generated random number is greater than the human error probability for the performance, the operator is determined to have succeeded in the performance. It includes steps to:

In addition, the step of setting the execution time range includes setting the minimum value of the execution time range to 0, and the maximum value of the execution time range is proportional to the nominal execution time among the times excluding the diagnosis time from the operator available time. It includes the step of setting the maximum available time for the operator for the level of performance.

According to the present invention, it is possible to implement a reinterpreted operator model based on human reliability analysis.

As a result, the operator's action timing can be accurately predicted, and by applying this to the dynamic discrete event tree simulation, the temporal impact of humans can be effectively reflected in the simulation.

Figure 1 is a schematic block diagram of a simulation device based on a dynamic discrete event tree according to an embodiment of the present invention.
Figure 2 is a schematic diagram of a timeline of operator available time used in a dynamic discrete event tree-based simulation device according to an embodiment of the present invention.
Figure 3 is a detailed block diagram of an operator model according to an embodiment of the present invention.
Figure 4 is a detailed block diagram of the diagnosis time determination unit shown in Figure 3.
Figure 5 is a detailed block diagram of the execution time determination unit shown in Figure 3.
Figure 6 is a schematic flowchart of a method for predicting operator action points in a dynamic discrete event tree according to an embodiment of the present invention.
FIG. 7 is a detailed flowchart of the diagnosis time determination step shown in FIG. 6.
FIG. 8 is a detailed flowchart of the execution time determination step shown in FIG. 6.

Below, with reference to the attached drawings, embodiments of the present invention will be described in detail so that those skilled in the art can easily implement the present invention. However, the present invention may be implemented in many different forms and is not limited to the embodiments described herein. In order to clearly explain the present invention in the drawings, parts not related to the description are omitted, and similar parts are given similar reference numerals throughout the specification.

Throughout the specification, when a part "includes" a certain element, this means that it may further include other elements rather than excluding other elements, unless specifically stated to the contrary. In addition, terms such as “… unit”, “… unit”, “module”, etc. used in the specification refer to a unit that processes at least one function or operation, which may be implemented as hardware, software, or a combination of hardware and software. there is.

The devices described in the present invention are composed of hardware including at least one processor, a memory device, a communication device, etc., and a program that is executed in conjunction with the hardware is stored in a designated location. The hardware has a configuration and performance capable of executing the method of the present invention. The program includes instructions that implement the operating method of the present invention described with reference to the drawings, and executes the present invention by combining it with hardware such as a processor and memory device.

Hereinafter, a method and device for predicting operator action points in a dynamic discrete event tree according to an embodiment of the present invention will be described.

Before the description, the dynamic discrete event tree-based simulation device 100 according to an embodiment of the present invention will be described with reference to FIG. 1. This dynamic discrete event tree-based simulation device 100 collects monitoring variables and control variables while performing simulation of a physical model including a plurality of devices, determines a branching rule using the collected monitoring variables, and determines the branching rule. Based on this, a branching point is created, the branching probability is calculated and the control variables are changed based on the generated branching point, and the simulation of the physical model is re-performed using the calculated branching probability and the changed control variable to determine the dynamic nature of the physical model. A dynamic discrete event tree, which is the result of reliability evaluation, is generated.

Figure 1 is a schematic block diagram of a dynamic discrete event tree-based simulation device 100 according to an embodiment of the present invention.

As shown in Figure 1, the dynamic discrete event tree-based simulation device 100 according to an embodiment of the present invention includes a physical module 110, a scheduler 120, a diagnostic module 130, a device operation module 140, It includes a storage unit 150 and a simulation control unit 160.

The physical module 110 can perform simulation of a physical model including a plurality of devices and collect monitoring variables and control variables based on the performed simulation.

For example, the physical module 110 may support branch rule diagnosis of the diagnostic module 130 by transferring collected monitoring variables and collected control variables to the scheduler 120.

For example, the physical module 110 may collect monitoring variables related to the state of the process, such as any one of temperature, pressure, flow rate, water level, or vibration at a specific time, from the physical model.

The physical module 110 can collect control variables related to the operation of the process, such as the operating status of the equipment constituting the process, from the physical model.

For example, operation of the process may include any one of a pump operation rate of 25% to 50% and a valve opening rate of 25% to 50% among a plurality of devices.

Additionally, the physics module 110 may compare the cut value of the branch probability delivered in advance with the calculated branch probability and end the simulation of the branch if it has a lower value.

Additionally, if the cutting value has a higher value compared to the calculated branch probability, the physics module 110 may perform a simulation of the branch in consideration of the calculated branch probability.

According to an embodiment of the present invention, the physical module 110 is MARS-KS (Multidimensional Analysis of Reactor Safety-Korean Industrial Standards), SPACE, TRACE, MELCOR, and MAAP (Modular Accident Analysis) It may include a physical model that can be created using any one of the safety analysis codes (Program).

For example, when the dynamic discrete event tree-based simulation device 100 performs a simulation of the physical model of a nuclear power plant, the physical model is developed with safety analysis codes such as MARS-KS, SPACE, and TRACE, and is used as a physical module (110 ), and when evaluating a serious accident, safety analysis codes such as MELCOR and MAAP can be used. However, the physical model is not necessarily limited to such safety analysis codes, nor does it only apply to nuclear power plant safety evaluation.

In this way, the physical module 110 is a module that executes a physical model and exchanges the results with the scheduler 120. The monitored variables of the physical model are transmitted to the scheduler 120 through the physical module 110 in real time and branch. It can support diagnosis of rules, and conversely, when a specific branch rule is satisfied, control actions for devices in the process are received from the scheduler 120 and transmitted to the physical model, thereby supporting simulation of the physical model.

The scheduler 120 may create at least one branch point based on the branch rule determined by the diagnosis module 130.

In addition, the scheduler 120 transfers the branch probability and changed control variables calculated by the device operation module 140 to the physical module 110 to support the physical module 110 to re-perform a simulation that has already been performed, and saves the The branching rule determined by the diagnostic module 130 can be stored in the unit 110.

When the simulation starts, the scheduler 120 communicates with the physical module 110, the diagnostic module 130, and the device operation module 140 at preset time steps to schedule the physical module 110, the diagnostic module 130, and the device operation module. The results from 140 can be shared, and the physical module 110, diagnostic module 130, and device operation module 140 can be called according to a preset order.

For example, when two or more branching rules are determined at a specific time, the scheduler 120 determines the branching rule to be applied for the specific time as one of the two or more branching rules, and sets the remaining branching rules to the time step after the specific time. Can be applied to.

That is, when there are multiple branching rules, the scheduler 120 can determine one branching rule among the multiple branching rules and sequentially apply it to the simulation starting from the determined branching rule.

When creating a branch point according to the determined branch rule, the scheduler 120 determines the number of devices to operate at the branch point to be created, the performance of a single device, the type of control variable, physical characteristics related to the operation of a plurality of devices, and the operator. The determined number of branch points can be created by determining the number of branch points according to the time in the operating conditions according to the judgment and any one of the failure modes that may occur during the operation of the device or the process.

When there are multiple identical devices (e.g., 1 out of 3 operating, 2 out of 3 operating, etc.) for performance or safety reasons, the scheduler 120 can create a branch point according to the number of devices operating at the branch point. . In addition, the scheduler 120 can be set to create branch points according to various operating states of the device.

In addition, the scheduler 120 determines the branch point when the time for the operator to take action in case the operating conditions change based on the operator's judgment rather than a preset rule is different (e.g., 10 seconds, 20 seconds after a specific situation occurs, etc.). can be created.

Additionally, the scheduler 120 may create branch points due to failures that occur during the process (e.g., power supply failure during process operation, stoppage during operation of a specific pump, etc.).

The scheduler 120 may transmit the changed control variables and the calculated branch probability to the physical module 110.

The scheduler 120 is responsible for exchanging information between individual modules, creates branches based on the information when necessary, and stores the results of the finally created dynamic discrete event tree in the storage unit 150, thereby storing the results within the dynamic discrete event tree model. Accident interpretation can be managed comprehensively.

The diagnostic module 130 can diagnose and determine a branching rule to determine a branching point of the simulation to be re-performed using the monitoring variables collected by the physical module 110.

For example, the diagnostic module 130 includes an automatic operation module 132 and a manual operation module 134, and the automatic operation module 132 determines the conditions of the collected monitoring variables according to a branching rule according to a preset algorithm. Diagnosis and decision, and the manual operation module 134 follows the same algorithm as the automatic operation module 132 or diagnoses branching rules based on an operator model 200 that can simulate human decision-making. and can be determined.

The operator model 200 includes a model capable of simulating human decision-making in the manual operation module 134.

The diagnostic module 130 can review branching rules using the monitoring variable transmitted from the scheduler 120 and determine which branching rule should be activated.

The device operation module 140 calculates a branching probability based on at least one branch point generated by the scheduler 120, taking into account whether a plurality of devices are broken and the timing of the operator's operation, and calculates the branching probability to the physical module 110. Control variables collected can be changed.

For example, the device operation module 140 may change the control variable by deriving the final minimum disconnection set at the branch point generated by recombining the assigned disconnection set through a Boolean operation.

As the device operation module 140 can trace the path taken by the final minimum disconnection set to the branch point, when the failure state of a specific device is determined at the branch point, the device operation module 140 accumulates and reflects the information about the traced path in the sub-scenario. By changing the control variables and adding failure mode control conditions according to the device failure mode to modify the final minimum disconnection set derived above, the control variables can be changed to develop a scenario based on the user's assumptions about the presence or absence of a failure.

When a specific branching rule is determined in the diagnostic module 130, the device operation module 140 calculates the branching probability by checking whether the device is broken, and calculates the branching probability to set an appropriate operating state to be assigned to the physical model. Control variables can be changed.

For example, the operation status finally set in the device operation module 140 may be transmitted to the physical module 110 through the scheduler 120 and reflected in the calculation for a certain time step through the physical model.

Storage unit 150 may be Read-Only Memory (ROM) or another type of static storage device capable of storing instructions, or Random Access Memory (RAM) or other type of dynamic storage device capable of storing information and instructions. , or Electrically Erasable Programmable Read-Only Memory (EEPROM), Compact Disc Read-Only Memory (CD-ROM), or other compact disk storage or optical disk storage (compressed optical disk, laser disk, optical disk, digital versatile disk, may be a magnetic disk storage medium or other magnetic storage device, or any other medium that can be accessed by a computer and is capable of carrying or storing the expected program code in the form of instructions or data structures; , this is not limited.

For example, the storage unit 150 stores various monitoring variables and control variables collected from the physical module 110, various branching rules, branching rules determined by the diagnostic module 130, and branching points (e.g. For example, the branch name corresponding to the branch point), the dynamic discrete event tree generated as a result of simulation of the physical model, etc. are stored. In addition, items used in embodiments of the present invention may be additionally stored if necessary.

The simulation control unit 160 is connected to the scheduler 210 and allows analysis of the dynamic discrete event tree while re-performing the simulation of the physical model using the dynamic discrete event tree that is a simulation result.

Specifically, the simulation control unit 160 develops all event sequences included in the dynamic discrete event tree and allows selective analysis of event sequences selected from the developed event sequences, or selects a specific branch by user intervention during the simulation. You can select to enable analysis. Here, the event sequence refers to the sequence from the start of the simulation to the end.

Additionally, the simulation control unit 160 can display the dynamic discrete event tree in a corresponding tree form (tree view) through a display or the like so that the user can visually see the shape of the dynamic discrete event tree. Therefore, the user can recognize the event sequence through the dynamic discrete event tree displayed in the form of a tree and select the desired event sequence or branch to re-execute.

In this way, the dynamic discrete event tree-based simulation device 100 can obtain or change monitoring variables and control variables from the physical model, and branches to the dynamic discrete event tree method according to the status of the control variable, so that there are restrictions in the field where observation is desired. Process safety evaluation can be simulated based on a dynamic discrete event tree that can be applied without any need, and analysis of various event sequences is performed by re-performing the simulation based on the dynamic discrete event tree generated by an already performed simulation. make it possible

Meanwhile, the operator model 200 in the manual operation module 134 is developed based on human reliability analysis. Currently, various human reliability analyzes exist, and human reliability analysis is used to calculate human errors when performing probabilistic safety evaluation, which is one of the methods for evaluating the safety of engineering systems. Here, probabilistic safety evaluation is a safety evaluation method that is legally required to be performed in the field of nuclear power generation. Therefore, human reliability analysis also determines methods and necessary assumptions suitable for licensing.

Most human reliability analyzes evaluate the Performance Shaping Factor (PSF) that affects operator behavior, such as the operator's job environment, procedures, and operator available time, and determine the probability of human error for the operator's abnormal diagnosis and performance. The purpose. In addition, the human error probability is input as the probability of the basic event that constitutes the failure tree when performing a probabilistic safety evaluation and is used to quantify the final failed branch.

In the case of a dynamic discrete event tree, branches are generated according to the results of the physics module 110 that changes in real time in the engineering system, so branch creation is affected depending on whether the operator's action time changes. By providing this variability, scenarios that were not identified in existing analysis can be discovered, which can improve system safety. In other words, the operator model 200 can improve the degree of freedom for branch creation in dynamic reliability analysis, and therefore, an operator model 200 that can provide operator action time is required.

Even if the dynamic discrete event tree method is performed in the dynamic reliability analysis, the human error probability assumed and derived from the human reliability analysis verified in terms of existing licensing must be maintained as is to be meaningful as an operator model performed in safety evaluation. Therefore, in the embodiment of the present invention, for this reason, it is desirable to derive the same result based on the human trust analysis that has been set appropriately for licensing.

The basis of the technology presented in the embodiments of the present invention refers to a method called SPAR-H (Standardized Plant Analysis Risk HRA). SPAR-H is one of the most widely performed methods in evaluating the safety of nuclear power plants. In SPAR-H, the human error probability for diagnosis and performance is obtained by multiplying the weight of the performance impact factor evaluated by experts by the Nominal Human Error Probability (NHEP).

To summarize the above-described SPAR-H procedure, an expert evaluates eight performance impact factors and derives the human error probability by multiplying the evaluated results by the nominal human error probability. After deriving the human error probability for diagnosis and performance through the procedure, the final human error probability for operator behavior is derived by adding the two values. The following [Equation 1] is a mathematical equation that derives the human error probability (HEP) for operator behavior in the SPAR-H methodology.

[Equation 1]

In this way, it can be seen that the human error probability can be calculated by inputting performance influencing factors including the operator's available time.

However, the operator model 200 according to an embodiment of the present invention is implemented to predict operator action time based on the human error probability for diagnosis and performance resulting from the above-described SPAR-H results and the operator available time considered in the analysis. . Here, as shown in FIG. 2, the operator availability time refers to the time to ensure the stability of the engineering system in diagnosis and performance after an accident occurs. In other words, even if the operator takes action after the operator's available time, it is judged to have failed. Referring to Figure 2, it can be seen that there is an operator action time (PT) within the operator available time (AT), and this operator action time (PT) is the operator action time (DT) for diagnosis and operator action for performance. It consists of time (ET).

In an embodiment of the present invention, the manual diagnosis module 134 of the diagnosis module 130 applies a branching rule to the monitoring variable of the physical module 110 transmitted from the scheduler 120, and if the condition is satisfied, the scheduler 120 ), and the scheduler 120 requests operator action time prediction from the operator model 200 mounted on the manual diagnosis module 134. The scheduler 120 may then use the operator action times predicted by the operator model 200 in a dynamic discrete event tree simulation.

Hereinafter, the operator model 200, which is a device for predicting operator action time in a dynamic discrete event tree according to an embodiment of the present invention, will be described in detail.

Figure 3 is a detailed block diagram of the operator model 200 according to an embodiment of the present invention.

As shown in FIG. 3, the operator model 200 according to an embodiment of the present invention includes a diagnosis time determination unit 210, an execution time determination unit 220, and an operator action time determination unit 230. Before a detailed description, the operator model 200 according to an embodiment of the present invention includes human error probability for diagnosis (HEP_d), human error probability for performance (HEP_e), operator available time, and diagnosis nominal value based on existing analysis data. It is assumed that the time, nominal execution time, etc. are set in advance.

The diagnosis time determination unit 210 determines whether the operator has made a normal diagnosis, and if it is determined that the operator has made a normal diagnosis, the diagnosis time, that is, the operator's action for the diagnosis, is determined using the operator available time, the nominal diagnosis time, and the nominal performance time. Determine the time (Time_d).

The performance time determination unit 220 determines whether the operator has successfully performed the operation, and if it is determined that the operator has succeeded in the performance, the operator available time, diagnosis time, that is, the operator action time for diagnosis (Time_d), and the nominal performance time are used. This determines the execution time, that is, the operator action time (Time_e) for execution.

The operator action time decision unit 230 determines the diagnosis time determined in the diagnosis time decision unit 210, that is, the operator action time for diagnosis (Time_d), and the execution time determined in the execution time decision unit 220, that is, the operator action for execution. Add the time (Time_e) to determine the final operator action time. The operator action time determined in this way is transmitted to the scheduler 120 and can be used to perform a future dynamic discrete event tree simulation.

Optionally, the operator action time determination unit 230 may remove a specific time period, such as a truncated normal division, at the user's discretion and then reset the finally determined operator action time.

Hereinafter, the above-described diagnosis time determination unit 210 will be described in detail.

FIG. 4 is a detailed block diagram of the diagnosis time determination unit 210 shown in FIG. 3.

As shown in FIG. 4, the diagnosis time determination unit 210 includes a normal diagnosis determination unit 211, a diagnosis time range setting unit 212, and a diagnosis time selection unit 213.

The normal diagnosis determination unit 211 determines whether the driver's diagnosis is normal.

Specifically, the normal diagnosis determination unit 211 generates a random number between 0 and 1 that follows a random probability distribution, and if the generated random number is greater than or equal to the human error probability (HEP_d) for diagnosis, it is determined that the operator has made a normal diagnosis. . However, if the generated random number is smaller than the human error probability for diagnosis (HEP_d), it is determined that the operator failed the diagnosis. Likewise, when the operator fails in diagnosis, it means that the operator's available time for diagnosis is exceeded or normal diagnosis fails. This means that no operator action was taken. Accordingly, the scheduler 120 proceeds with the calculation without changing the settings of the physical module 110.

When the normal diagnosis determination unit 211 determines that the driver's diagnosis is normal, the diagnosis time range setting unit 212 sets the diagnosis time range using the operator available time, the nominal diagnosis time, and the nominal performance time.

Specifically, in order for the diagnosis time to be evaluated at a level proportional to the nominal diagnosis time, the minimum value of the diagnosis time range is set to 0 seconds by determining that the operator performed the diagnosis immediately. Meanwhile, the maximum value of the diagnosis time range, i.e., the time at which the operator checks the monitoring variable and the latest diagnostic action is performed, is set to the maximum value of the diagnosis time, i.e., the maximum available time for the operator for diagnosis (Max(A.T_d)). .

This maximum diagnostic time can be derived, for example, using the SPAR-H method.

The available time for diagnosis refers to the time available to the operator minus the nominal performance time. As shown in [Table 1] below, for example, if the available time for diagnosis is evaluated as 'Extra', the nominal diagnosis time is set to Max(A.T_d). At this time, since it was evaluated as 'Extra', the nominal diagnosis time must be greater than 30 minutes. Alternatively, if evaluated as 'Expansive', Max(A.T_d) is twice the nominal diagnostic time.

In this way, the diagnosis time range can be set as 0 to Max(A.T_d).

SPAR-H Level evaluation Available time Barely adequate (≒2/3×nominal) nominal time Extra(between 1 and 2×nominal
and > than 30 min) Expansive time
(> 2×nominal and > 30 min)

The diagnosis time selection unit 213 uses a random number generated based on a random probability distribution in the diagnosis time range set by the diagnosis time range setting unit 212, that is, 0 to Max(A.T_d), to determine the diagnosis. Select the operator action time (Time_d). That is, the diagnosis time selection unit 213 uses the generated random number to select the diagnosis time so that the operator action time for diagnosis (Time_d) falls within the diagnosis time range, as shown in the following [Equation 2].

[Equation 2]

0 < Time_d < Max(A.T_d)

Next, the above-described execution time determination unit 220 will be described in detail.

FIG. 5 is a detailed block diagram of the execution time determination unit 220 shown in FIG. 3.

As shown in FIG. 5, the execution time determination unit 220 includes an execution success determination unit 221, an execution time range setting unit 222, and an execution time selection unit 223.

The performance success determination unit 221 determines whether the operator has successfully performed the operation.

Specifically, the performance success judgment unit 221 generates a random number between 0 and 1 that follows a random probability distribution, and if the generated random number is greater than or equal to the human error probability (HEP_e) for performance, the operator determines that the performance was successful. . However, if the generated random number is smaller than the human error probability (HEP_e) for performance, it is determined that the operator failed the performance. In this way, when an operator fails to perform, it means that the operator's available time for the task is exceeded or normal performance is failed. This means that no operator action was taken. Even if the diagnosis is successful, if the execution fails, it means that the physical module 110 has not received any signal. Accordingly, the scheduler 120 proceeds with the calculation without changing the settings of the physical module 110.

When the performance success determination unit 221 determines that the operator's performance is successful, the performance time range setting unit 222 determines the operator available time and the diagnosis time determined by the diagnosis time determination unit 210, that is, the operator's action for the diagnosis. Set the execution time range using time (Time_d) and nominal execution time.

Specifically, in order for the execution time to be determined at a level proportional to the nominal execution time, the minimum value of the diagnosis time range is set to 0 seconds, assuming that the diagnosis was performed immediately by the operator. Meanwhile, the maximum value of the execution time range, that is, the time when the operator takes the latest action after diagnosis, is set to the maximum execution time, that is, the maximum available time for the operator for execution (Max(A.T_e)). The operator's maximum available time (Max(A.T_e)) for this performance can be set similarly to the method of setting the diagnosis time range in the above-described diagnosis time range setting unit 212. In other words, the available time for performance refers to the time excluding the diagnosis time determined by the diagnosis time determination unit 210 from the operator available time. As shown in the above-mentioned [Table 1], for example, if the available time for execution is evaluated as 'Extra', the nominal execution time is set to Max(A.T_e). At this time, since it was evaluated as 'Extra', the nominal execution time must be greater than 30 minutes. Alternatively, if evaluated as 'Expansive', Max(A.T_e) is twice the nominal execution time. However, since the execution time, that is, the operator action time (Time_e) for execution, must be within the operator available time, Max(A.T_e) is set so that the execution time is within the operator available time minus the diagnosis time.

In this way, the execution time range can be set as diagnosis time ~ (diagnosis time + Max(A.T_e)).

The execution time selection unit 223 uses a random number generated based on a random probability distribution in the execution time range set by the execution time range setting unit 222, that is, 0 to Max(A.T_e), to determine the execution time. Select the operator action time (Time_e). That is, the execution time selection unit 223 uses the generated random number to select the execution time so that the operator action time (Time_e) for execution falls within the execution time range, as shown in [Equation 3] below.

[Equation 3]

Time_d < Time_e < (Time+d + Max(A.T_e))

As such, according to an embodiment of the present invention, by implementing the operator model 200 reinterpreted based on human reliability analysis, the operator's action timing can be accurately predicted, and by applying this to the dynamic discrete event tree simulation, dynamic reliability can be improved. The effect of probabilistic human intervention in the analysis can be reflected.

Hereinafter, a method for predicting operator action points in a dynamic discrete event tree according to an embodiment of the present invention will be described.

Figure 6 is a schematic flowchart of a method for predicting operator action points in a dynamic discrete event tree according to an embodiment of the present invention. The operator action point prediction method in the dynamic discrete event tree described with reference to FIG. 6 is to be performed by the dynamic discrete event tree simulation device 100 described with reference to FIGS. 1 to 5, specifically the operator model 200. You can.

Before a detailed explanation, based on existing analysis data, information such as human error probability for diagnosis (HEP_d), human error probability for performance (HEP_e), operator availability time, nominal diagnosis time, and nominal execution time are preset. It is assumed that

Referring to Figure 6, first, it is determined whether the operator's diagnosis is normal (S100). This judgment can be performed by a random number between 0 and 1 that follows a random probability distribution and the human error probability for diagnosis (HEP_d). Specifically, if the random number generated between 0 and 1 is greater than the human error probability for diagnosis (HEP_d), the operator is judged to have made a normal diagnosis; otherwise, the generated random number is less than the human error probability for diagnosis (HEP_d). If so, it is determined that the operator failed the diagnosis.

If it is determined that the operator's diagnosis has failed in the step (S100), the dynamic discrete event tree simulation proceeds as is without changing the settings of the physics module 110 (S110).

However, in the above step (S100), if it is determined that the operator's diagnosis is normal, the diagnosis time, that is, the operator action time for the diagnosis (Time_d), is determined using the operator's available time, the nominal diagnosis time, and the nominal performance time (S120). .

Afterwards, it is determined whether the operator's performance was successful (S130). This judgment can be performed by means of a random number between 0 and 1 that follows an arbitrary probability distribution and the human error probability (HEP_e). Specifically, if the random number generated between 0 and 1 is greater than the human error probability (HEP_e) for the means, the operator is judged to have succeeded in the performance; otherwise, the generated random number is less than the human error probability (HEP_e) for the execution. If so, it is determined that the operator failed to perform.

If it is determined that the operator's performance failed in the step (S130), the dynamic discrete event tree simulation proceeds as is without changing the settings of the physics module 110 (S140).

However, in step S130, if the operator's performance is determined to be successful, the operator's available time, diagnosis time, i.e., operator action time for diagnosis (Time_d), and nominal performance time are used to calculate the performance time, i.e., the operator's performance. Determine the action time (Time_e) (S150).

Afterwards, the diagnosis time determined in step S120, i.e., operator action time for diagnosis (Time_d), and the execution time determined in step S150, i.e., operator action time for execution (Time_e), are added to create the final operator action. Determine the time (S160).

Hereinafter, the above-described diagnosis time determination step (S120) will be described in detail with reference to the drawings.

FIG. 7 is a detailed flowchart of the diagnosis time determination step (S120) shown in FIG. 6.

Referring to FIG. 7, first, the diagnosis time range is set using the operator available time, nominal diagnosis time, and nominal execution time (S121). Here, the diagnosis time range is set as the range between the minimum value 0 and the maximum value Max(A.T_d), as explained with reference to FIG. 4 and [Table 1].

Afterwards, the diagnosis time, that is, the operator action time (Time_d) for diagnosis, is selected within the diagnosis time range set in step S121 (S122). Specifically, the operator action time (Time_d) for diagnosis is selected using a random number generated based on a random probability distribution within the diagnosis time range set in step S121 (see [Equation 2]).

Hereinafter, the above-described execution time determination step (S150) will be described in detail with reference to the drawings.

FIG. 8 is a detailed flowchart of the execution time determination step (S150) shown in FIG. 6.

Referring to FIG. 8, first, the execution time range is set using the operator available time, the diagnosis time determined in step S120, that is, the operator action time for diagnosis (Time_d), and the nominal execution time (S151). Here, the execution time range is set as the range between the minimum value 0 and the maximum value Max(A.T_e), as explained with reference to FIG. 5 and [Table 1].

Afterwards, the execution time, that is, the operator action time (Time_e) for execution, is selected within the execution time range set in the step (S151) (S152). Specifically, the operator action time (Time_e) for execution is selected using a random number generated based on a random probability distribution within the diagnosis time range set in step S151 (see [Equation 2]).

The embodiments of the present invention described above are not only implemented through devices and methods, but can also be implemented through programs that implement functions corresponding to the configurations of the embodiments of the present invention or recording media on which the programs are recorded.

Although the embodiments of the present invention have been described in detail above, the scope of the present invention is not limited thereto, and various modifications and improvements made by those skilled in the art using the basic concept of the present invention defined in the following claims are also possible. It falls within the scope of rights.

Claims (16)

A device that predicts the timing of operator actions in a dynamic discrete event tree,
A physics module that collects monitoring variables and the control variables while performing simulation of the physical model,
A diagnostic module that determines a branching rule for determining the branching of the simulation using the monitoring variable,
A scheduler that creates at least one branch point based on the branch rule,
A device operation module that calculates a branching probability related to whether a plurality of devices are broken and when an operator's operation is performed based on the at least one branching point, and changes the control variable, and
A simulation control unit that performs control to cause the scheduler to re-perform simulation using a dynamic discrete event tree.
Includes,
When the conditions of the branch rule for the monitoring variable are met, the diagnostic module uses the human error probability for the preset diagnosis, the human error probability for the execution, and the operator available time under the control of the scheduler to determine the operator action time. Including an operator model that predicts,
Driver action timing prediction device. According to paragraph 1,
The operator model is,
Determine whether the operator has made a normal diagnosis, and if it is determined that the operator has made a normal diagnosis, determine a diagnosis time indicating the operator action time for the diagnosis using the operator available time, the preset nominal diagnosis time, and the nominal performance time. Diagnosis time decision unit,
Determine whether the operator has successfully performed the performance, and if it is determined that the operator has succeeded in the performance, the operator action time for the performance using the operator available time, the diagnosis time determined by the diagnosis time determination unit, and the nominal performance time an execution time determination unit that determines the execution time representing, and
Operator action time determination unit that determines the final operator action time by adding the diagnosis time and the execution time
A device for predicting operator action points, including: According to paragraph 2,
The diagnosis time determination unit,
A normal diagnosis determination unit that determines whether the operator has a normal diagnosis,
When it is determined by the normal diagnosis determination unit that the operator has made a normal diagnosis, a diagnosis time range setting unit that sets a diagnosis time range using the operator available time, the nominal diagnosis time, and the nominal performance time, and
A diagnosis time selection unit that selects a specific time within the diagnosis time range set by the diagnosis time range setting unit as the diagnosis time.
A device for predicting operator action points, including: According to paragraph 3,
The normal diagnosis determination unit generates a random number between 0 and 1 following a specific probability distribution, and determines that the operator has made a normal diagnosis if the generated random number is greater than the human error probability for the diagnosis.
Driver action timing prediction device. According to paragraph 4,
The diagnosis time range setting unit sets the minimum value of the diagnosis time range to 0, and the maximum value of the diagnosis time range is set to a level of diagnosis proportional to the nominal diagnosis time among the times excluding the nominal performance time from the operator available time. Set as the maximum available time for the operator,
Driver action timing prediction device. According to clause 5,
The level proportional to the nominal diagnosis time follows the level set by SPAR (Standardized Plant Analysis Risk)-H (Human Reliability Analysis),
Driver action timing prediction device. According to paragraph 2,
The execution time determination unit,
A performance success determination unit that determines whether the operator has successfully performed the operation;
When it is determined by the performance success determination unit that the operator has succeeded in performing the performance, an execution time range setting unit that sets an execution time range using the operator available time, the diagnosis time, and the nominal performance time, and
An execution time selection unit that selects a specific time within the execution time range set by the execution time range setting unit as the execution time.
A device for predicting operator action points, including: In clause 7,
The performance success judgment unit generates a random number between 0 and 1 following a specific probability distribution, and determines that the operator has succeeded in performing the performance if the generated random number is greater than or equal to the human error probability for the performance.
Driver action timing prediction device. According to clause 8,
The execution time range setting unit sets the minimum value of the execution time range to 0, and the maximum value of the execution time range is for performance at a level proportional to the nominal execution time among the operator available time excluding the diagnosis time. Set as the maximum available time for the operator,
Driver action timing prediction device. According to clause 9,
The level proportional to the nominal execution time follows the level set by SPAR-H,
Driver action timing prediction device. As a method for a dynamic discrete event tree simulation device to predict operator action timing in a dynamic discrete event tree,
Monitoring variables and control variables are collected while performing a simulation of a physical model including multiple devices and operator action execution points, branching rules are determined using the collected monitoring variables, and preset operations are performed based on the determined branching rules. Performing a simulation of the physical model according to the mode,
During the simulation of the physical model, if the conditions of the branch rule for the monitoring variable are met, determining whether the operator is diagnosed normally;
When it is determined that the operator has made a normal diagnosis, determining a diagnosis time indicating the operator action time for the diagnosis using a preset operator available time, a preset nominal diagnosis time, and a nominal execution time;
determining whether the operator has successfully performed the operation;
When it is determined that the operator has succeeded in performing the performance, determining a performance time representing the operator action time for the performance using the operator available time, the diagnostic time, and the nominal performance time; and
Determining the final operator action time by adding the diagnosis time and the execution time
A method for predicting operator action points including. According to clause 11,
The step of determining the diagnosis time is,
Setting a diagnostic time range using the operator available time, the nominal diagnosis time, and the nominal performance time, and
Selecting a specific time within the diagnosis time range as the diagnosis time
A method for predicting operator action points including. According to clause 11,
The step of determining whether the operator has a normal diagnosis is,
Generating a random number between 0 and 1 that follows a specific probability distribution, and determining that the operator has made a normal diagnosis if the generated random number is greater than the human error probability for the diagnosis.
Method for predicting operator action time, including. According to clause 12,
The step of setting the diagnosis time range is,
The minimum value of the diagnosis time range is set to 0, and the maximum value of the diagnosis time range is the maximum operator availability time for diagnosis at a level proportional to the nominal diagnosis time among the times excluding the nominal execution time from the operator availability time. Steps to set up
Method for predicting operator action time, including. According to clause 11,
The step of determining whether the operator has performed successfully is:
Generating a random number between 0 and 1 that follows a specific probability distribution, and determining that the operator has succeeded in performing the performance if the generated random number is greater than or equal to the human error probability for the performance.
Method for predicting operator action time, including. According to clause 12,
The step of setting the execution time range is,
The minimum value of the execution time range is set to 0, and the maximum value of the execution time range is set to the maximum operator available time for performance at a level proportional to the nominal performance time among the operator available time excluding the diagnostic time. steps to do
A method for predicting operator action points including.

Images