a simulation assisted risk assessment approach … · a simulation assisted risk assessment...
TRANSCRIPT
1
A Simulation Assisted Risk Assessment Approach for Space Launch Systems
GoldSim User Conference 2007October 25-26, 2007
Susie GoNASA Ames Research Center
10-25-07 Page 2
Introduction• Goal
• Design a safer space transportation system• Assess the risk to the crew• Improve understanding of mission risk through richer simulation modeling• Focus work on the things that matter
– Identify risk drivers– Support trade studies– Identify sensitivities
• Approach• Top-down integrated system analysis approach• Define risk scenarios involving complex interactions• Include failure probabilities that depend on time or operational state “topology”
changes due to evolving scenarios• Assess mitigation strategies – abort effectiveness
10-25-07 Page 3
Simulation-based approach• Represent dynamic interactions
• Space launch systems tend to fail more through complex interactions, not random part failures
• Interactions are function of the physical environment and relationships between “systems”
• Faithful representation of scenarios• Track multiple metrics within a single simulation• Richer description of data and dependencies (state and
environmental)– Failure probabilities– Failure responses
• “Natural” (less abstract) model construction• Models defined through “atomic” elements• Scenarios dynamically evolve• Un-anticipated scenarios can be self-generated• Allows easier communication with discipline experts
• Provides insight into system behavior and sensitivities
10-25-07 Page 4
Crew Launch Vehicle (Ares I)
• Two-stage vehicle• First stage: augmented Shuttle SRB• Upper stage: advanced J-2 engine
• Payload is the CEV• Launch abort system (LAS) provides
mitigation during first stage ascent and the first part of the upper stage ascent
• Results to output• Probability of Loss of Mission (LOM)• Probability of Loss of Crew (LOC)
10-25-07 Page 5
CLV Ascent Phase
10-25-07 Page 6
Mission Simulation Schematic
LaunchLaunch
StagingStaging
OrbitInsertionOrbitInsertion
MidStageMidStage
FirstStageAscentEarlyFirstStageAscentEarly
FirstStageAscentLateFirstStageAscentLate
UpperStageAscentUpperStageAscent
Create model representation of missionCreate model representation of mission
10-25-07 Page 7
Consequences of failure
LaunchLaunch
StagingStaging
OrbitInsertionOrbitInsertion
MidStageMidStage
FirstStageAscentEarlyFirstStageAscentEarly
FirstStageAscentLateFirstStageAscentLate
UpperStageAscentUpperStageAscent
AscentFailureAscentFailure
ControlControl
BreakupBreakup
ExplosionExplosion
AbortManeuverAbortManeuver
ControlPrecursorControlPrecursor
BreakupPrecursorBreakupPrecursor
ExplosionPrecursorExplosionPrecursor
BeginAbortBeginAbort
Graph representation opens vast failure Graph representation opens vast failure scenario space (relative to static tree)scenario space (relative to static tree)
TimeTime-- and stateand state--dependent component failure dependent component failure rates along mission segmentsrates along mission segments
EventEvent--specific failure probabilitiesspecific failure probabilities
Failure consequences Failure consequences information supplemented using information supplemented using
modeling and simulationmodeling and simulationFailure initiator information Failure initiator information
provided by program/expertsprovided by program/experts
10-25-07 Page 8
Physics-based data supplied to GoldSim
Overpressure propagation
Structural dynamics
Debris trajectory
CBM_OverPressure_Table
Fragment_Table
Side_Breach_Table
Time and state dependent failure probabilities
+
Physics based failure simulations (computationally expensive) Design limits
10-25-07 Page 9
Integrated Ascent Risk Model View
Catastrophic
Fuel Crew Pre-start Launch Staging LAS MECO Orbit
Load Load Jettison Insertion
Other
APU, TVC, RCSGround ops
US Main Engine
RCS, TVCMES MECO
seq
Ignition
Case
SPSStart/op
Separation
Failure environment
Response environm
entActivate abort procedure
Release tie-down bolts
Fire LAS motor(s)
Achieve safe separation
Abort environment
Trim heat-shield forward
Perform descent maneuvers
Deploy parachutes
Touchdown landing
Rescue crew
Early detection vs. False positives
Abort Effectiveness
USE catastrophic main engine start failure
Local engine explosion/fragmentation
US structural failure of tank
Propellant released
Critical mixture ratio occurs
Explosion
Critical Overpressure
Abort Initiators
LOC
LOM
10-25-07 Page 10
Representation with GoldSim elements
US_FailuresFS_Failures FS_Staging_Failures
A CB
Set_Environment_ID
Pad_Demand_Failures US_Staging_Failures
?Start_Model End_FS_Burn End_US_Burn US_Staging_EventLaunch FS_Staging_EventBegin_FS_Burn Begin_US_Burn
?TriggeredEvent_CBM?
TriggeredEvent_Forward_Breach
?TriggeredEvent_Case_Burst
LOC_Fragment LOC_CBM_Overpressure LOC_Environment Abort_Failure_Allocations
CBM_OverPressure_Table
Fragment_Table
Crew_Rescue
Crew_Rescue_Failures
10-25-07 Page 11
Integrated Mission Risk Model
Design Reference Mission Timeline Crew, Mission Risk and Sensitivities
Reliability Data(Initiator Likelihoods)
Failure Environments, Risks
Dynamic Risk Simulation
CEV/LAS Design
Warning Time
Risk contributors per mission
0.00E+00 1.00E-04 2.00E-04 3.00E-04 4.00E-04 5.00E-04 6.00E-04 7.00E-04
Orion
Orion/US Separation Failure
US Low System Performance
FS Separation
FS loss of TVC
FS Low System Performance
FS Case Failures
US Loss of GN&C
US Loss of Control
FS Loss of GN&C
VI Not allocated
USE Start Contained Failure
FS loss of RoCS
FS Nozzle Failure
USE Uncontained Shutdown Failure
US Structural Failure
FS Forward Dome Failures
Pad Fire and Explosion
USE Premature shutdown
USE Uncontained Failure
FS Case Burst
USE Start Uncontained Failure
FS Ignition & Liftoff Failure
Failu
re b
in
Increasing failure probability
LOMLOC
Overall abort effectiveness
0
0.1
0.2
0.3
0.4
0.5
0.6
0.7
0.8
0.9
1
0 50 100 150 200 250 300 350 400 450 500 550 600
Abort time (s)
Per
cent
of s
ucce
ssfu
l abo
rts v
ersu
s to
tal
abor
ts a
ttem
pted
Risk contributors per mission
0.0E+00 1.0E-04 2.0E-04 3.0E-04 4.0E-04 5.0E-04 6.0E-04 7.0E-04
Orion
Orion/US Separation Failure
US Low System Performance
FS Separation
FS loss of TVC
FS Low System Performance
FS Case Failures
US Loss of GN&C
US Loss of Control
FS Loss of GN&C
VI Not allocated
USE Start Contained Failure
FS loss of RoCS
FS Nozzle Failure
USE Uncontained Shutdown Failure
US Structural Failure
FS Forward Dome Failures
Pad Fire and Explosion
USE Premature shutdown
USE Uncontained Failure
FS Case Burst
USE Start Uncontained Failure
FS Ignition & Liftoff Failure
Failu
re b
in
Increasing failure probability
LOM
10-25-07 Page 12
0.000
0.002
0.004
0.006
0.008
0.010
0.012
0.014
100 200 300 400 500
Wei
ghte
d oc
curr
ence
Abort time (s)
LOC failure distribution as a function of mission elapsed time, w ith 5th and 95th percentiles.
Risk to the crew during ascent
Integrated Mission Risk Analysis Outputs
Warning time sensitivity study
0
1,000
2,000
3,000
4,000
5,000
6,000
7,000
8,000
9,000
0 1000 2000 3000 4000 5000 6000 7000 8000 9000 10000
Available Warning Time
Mea
n M
issi
on C
ount
Bet
wee
n LO
C
Freq
uenc
y of
LO
C
10-25-07 Page 13
Conclusions• NASA is beginning to use more simulation analyses in PRA
• Time-variation of initiators• Complex interactions• State-dependent aborts• Traditional PRA methods are not optimal
– Require significant effort when changes are made– Difficult to represent dynamic, phased mission problems
• GoldSim provides a convenient framework for dynamic simulation modeling• Natural representation of phased mission problems• Conditionally triggered events and interrupt events• Lookup tables• Tracking of multiple system states or figures of merit• Larger user community than in-house tool• Commercially managed software
• Initial GoldSim usage for CLV launch abort risk assessment well-received
10-25-07 Page 14
Reference Lunar Sortie Mission
Service Module Expended
7-day surface stay
Ascent Stage Expended
Earth Departure Stage Expended
LSAM Performs LOI
MOONMOON
EARTHEARTH
100 km Low Lunar Orbit
Direct EntryLand Landing
Low Earth Orbit
ED
S, L
SA
M
CE
V