Contents lists available at ScienceDirect Reliability Engineering and System Safety journal homepage: www.elsevier.com/locate/ress A framework for verifying Dynamic Probabilistic Risk Assessment models Claudia Picoco ⁎ ,a,b , Valentin Rychkov b , Tunc Aldemir a a Nuclear Engineering Program, The Ohio State University, 201 West 19th Avenue, Columbus, OH, USA b Électricité De France, 91120 Palaiseau, France ARTICLEINFO Keywords: Verification Thermal-Hydraulic model Dynamic Probabilistic Risk Assessment (DPRA) Dynamic Event Tree (DET) Statechart YAKINDU StateChart Tools ABSTRACT Recent development of more powerful computational and technological resources has led to significant im- provements in the utilization of dynamic methodologies for the Probabilistic Risk Assessment (PRA) of nuclear power plants. These methodologies integrate deterministic and probabilistic analyses and are generally referred to as Dynamic PRA (DPRA) methods. DPRA is performed through the generation and simulation of possibly thousands of different accident scenarios. To ensure the quality and the correctness of the results, DPRA models should be verified. Since DPRA generates large amount of data, a visual inspection of results to verify the correctness of the model used is neither practical nor reliable. As one of the steps for DPRA analysis, a framework is proposed to systematically explore the DPRA model prior to its simulation using statecharts which provide a graphical notation for describing dynamic aspects of system behavior. The application of the framework is illustrated using two case studies: (i) performance assessment of a heated room using the PyCATSHOO DPRA tool, and, (ii) DPRA performed with RAVEN-MAAP5-EDF codes for loss of off-site power as the initiating event in a pressurized water reactor. 1. Introduction In the nuclear industry, Probabilistic Risk Assessment (PRA) is used to quantify the risk associated with the operation of a nuclear power plant (NPP) [1]. Traditional implementation of PRA involves the use of event-trees (ETs) to describe possible paths of NPP evolution (branches) following an initiating event (e.g. station blackout, loss of coolant ac- cident) in view of uncertainties (e.g. whether safety systems for miti- gation will operate or not) and fault-trees (FTs) to quantify the like- lihood of branch occurrence. The traditional PRA is a well-established approach broadly used by the industry, utilities and regulators. The ever-increasing progresses of technological and computational resources has recently made possible the development of advanced methodologies (and associated tools) for the PRA of safety critical systems, usually referred to as Dynamic Probabilistic Risk/Safety Assessment (DPRA/DPSA) methodologies [2]. DPRA integrates the probabilistic perspective of the traditional PRA approach with the si- mulations of the NPP evolution in systematic fashion to explicitly ac- count for the interactions among aleatory events (e.g., failures, re- coveries), as well as epistemic (e.g., accuracy of a heat transfer correlation used in the simulator model) and the subsequent evolution of the NPP throughout the accident sequence. These capabilities of DPRA allow, for example, to: (i) evaluate passive system reliability (that depends on plant physical conditions) [3,4], (ii) provide human per- formance insights [4,5] and, iii) account for possible recoveries of safety systems [6]. While DPRA methods allow for a more realistic and verifiable 1 modeling of possible ways an accident sequence evolves [7] and, consequently a more precise estimation and quantification of risk and safety margins which are particularly important for risk informed decision making, the quality assurance of the obtained results becomes a crucial aspect to consider in order to envisage reliable industrial ap- plications of DPRA methods. Several methods have been proposed for DPRA (see [2] for an overview). The Dynamic Event Tree (DET) approach [8] (also see Section 2.2) is often used for NPP DPRAs. Since DPRA in general, and DET in particular, can be viewed as a combination of PRA methods with deterministic e.g. thermal-hydraulic (TH) studies, it is often assumed that current verification techniques that are used in PRA domain (e.g., peer review [9]) and verification of TH simulations (e.g., analysis of the results [10]) can be combined for the quality assurance of the DPRA analysis. Table 1 presents a summary of the current verification tech- niques used in PRA and NPP transient simulation domains. An attempt https://doi.org/10.1016/j.ress.2020.107099 Received 6 September 2019; Received in revised form 20 March 2020; Accepted 23 June 2020 ⁎ Corresponding author at: Nuclear Engineering Program, The Ohio State University, 201 West 19th Avenue, Columbus, OH, USA. E-mail addresses: claudia.picoco@edf.fr, picoco.1@osu.edu (C. Picoco). 1 Here verification is defined as compliance with the modeling assumptions, as different from validation which is compliance with experiments. Validation of NPP PRA models is often practically not possible due to the difficulty of generating probabilistic experimental data for highly unlikely and possibly hazardous branching conditions. Reliability Engineering and System Safety 203 (2020) 107099 Available online 24 June 2020 0951-8320/ © 2020 Elsevier Ltd. All rights reserved. T