Reliability assessment method for NPP digital I&C systems considering the effect of automatic periodic tests

Since digital technologies have been improved, the analog systems in nuclear power plants (NPPs) have been replaced with digital systems. Recently, new NPPs have adapted various kinds of digital instrumentation and control (I&C) systems. Even though digital I&C systems have various fault-tolerant techniques for enhancing the system availability and safety compared to conventional analog I&C systems, the effects of these fault-tolerant techniques on system safety have not been properly considered yet in most probabilistic safety assessment models. Therefore, it is necessary to develop the safety evaluation method for digital I&C systems with consideration of fault-tolerant techniques. Among the various issues in the safety model for digital I&C systems, one of the important issues is how to exclude the duplicated effect of fault-tolerant techniques implemented at each hierarchy level of the system. The exact relation between faults and fault-tolerant techniques should be identified in order to exclude this duplicated effect. In this work, the relation between faults and fault-tolerant techniques are identified using fault injection experiments. As an application, the proposed method was applied to a module of a digital reactor protection system.     

Integrated software safety analysis method for digital I&C systems

The digitalized Instrumentation and Control (I&C) system of Nuclear power plants can provide more powerful overall operation capability, and user friendly man-machine interface. The operator can obtain more information through digital I&C system. However, while I&C system being digitalized, three issues are encountered: (1) software common-cause failure, (2) the interaction failure between operator and digital instrumentation and control system interface, and (3) the non-detectability of software failure. These failures might defeat defense echelons, and make the Diversity and Defense-in-Depth (D3) analysis be more difficult. This work developed an integrated methodology to evaluate nuclear power plant safety effect by interactions between operator and digital I&C system, and then propose improvement recommendations. This integrated methodology includes component-level software fault tree, system-level sequence-tree method and nuclear power plant computer simulation analysis. Software fault tree can clarify the software failure structure in digital I&C systems. Sequence-tree method can identify the interaction process and relationship among operator and I&C systems in each D3 echelon in a design basis event. Nuclear power plant computer simulation analysis method can further analyze the available backup facilities and allowable manual action duration for the operator when the digital I&C fail to function. Applying this methodology to evaluate the performance of digital nuclear power plant D3 design, could promote the nuclear power plant operation safety. The operator can then trust the nuclear power plant than before, when operating the highly automatic digital I&C facilities.     

Development and application of an extensible engineering simulator for NPP DCS closed-loop test

LinAo Nuclear Power Plant (NPP) Phase II is a newly-built CPR1000 reactor in China, and many new technologies including the incorporation of digital control system (DCS) substituting traditional analog control systems have been applied. This is the first time for Chinese engineers to setup and adjust the DCS configurations. Both the lack of the operating experiences and the plant safety requirements from the government make a necessity of the closed-loop DCS test before commercial plant operation. The most practical way is to build a digital plant as the controlled target and this digital plant is used to provide the plant thermal–hydraulic parameters and feedbacks for the DCS. Though the RELAP5 code has been developed for the best-estimate transient simulation of light water reactor coolant systems and is used worldwide, its functionality is too limited to implement a digital plant, such as the simulation of the complicated plant control and protection systems, the 3-dimensional neutron kinetics and the fluid network for the plant auxiliary systems. To overcome these drawbacks, a RELAP5-based extensible simulator has been built to satisfy the new requirements for the implementation of a digital plant. Any simulation code of desired functionality can be integrated into this simulator as a simulation module once it applies a set of well-defined data exchange interfaces. At the present stage, a RELAP5 module, a control system modeling module, a software–hardware data bridge module and some other auxiliary modules have been integrated into the simulator. There are more than 60 systems that need to be tested with the DCS in LinAo Phase II, and the whole testing work is separated into several phases. In this paper, we take the testing of the pressure control system and water level control system of pressurizer as example. A typical transient of 10% load step change from 100%FP (full power) to 90%FP was performed for the closed-loop DCS test. The necessity and capability of this RELAP5-based engineering simulator has been demonstrated.     

反应堆仪控HA设备冗余状态监测

为了解冗余配置的高可用性(High Availability,HA)设备内部冗余单元的运行状态,以避免由于切换或冗余失效导致的严重后果或潜在风险,对基于EPICS(Experimental Physics and Industrial Control System)仪控系统样机中冗余配置的可编程序控制器(Programmable Logic Controller,PLC)和组件进行了冗余状态监测方法研究。通过修改输入/输出控制器(Input/Output Controller,IOC)冗余组件代码及开发PLC状态变量读取程序的方法,分别获取到二者的冗余单元状态并发布在监控层终端。实验证明此方法在几乎不增加系统资源的情况下可长期监测冗余单元状态,为进一步提高仪控系统的可用性提供技术支持。     

Plant Risk Effect Analysis Focusing on Digital I&C Equipment Failures

Safety-critical digital systems have been installed in nuclear power plants and thus their safety effect evaluation has become an emerging issue. The multi-tasking feature of digital instrumentation and control (I&C) equipment could increase the risk factor because the I&C equipment affects the actuation of the safety functions in several mechanisms. In this study, we quantify the safety of the digital plant protection system in Korean nuclear power plants based on probabilistic safety assessment (PSA) technology. Fifteen fault-tree models for the digital reactor-trip system and seven for the safety-feature actuation system are constructed and integrated into the plant safety assessment model. The result of the sensitivity study shows the boundaries of a plant risk and the effect of the digital equipment failures on the total plant risk.     

核电站数字化仪控系统安全保密分析方法研究

核电站数字化仪控系统的信息安全保密分析是核安全级仪控系统软件验证与确认工作的任务之一。按照相关规定,提出了一种基于核安全级仪控系统软件开发全生命周期过程,结合规则检查分析和基于信息流分析的安全保密分析方法。该方法经应用检验能够证实系统在信息安全保密方面的防范能力,在实际项目中得到应用。     

Calibration of new I&C at VR-1 training reactor

The paper describes a calibration of the new instrumentation and control (I&C) at the VR-1 training reactor in Prague. The I&C uses uncompensated fission chambers for the power measurement that operate in a pulse or a DC current and a Campbell regime, according to the reactor power. The pulse regime uses discrimination for the avoidance of gamma and noise influence of the measurement. The DC current regime employs a logarithmic amplifier to cover the whole reactor DC current power range with only one electronic circuit. The system computer calculates the real power from the logarithmic data. The Campbell regime is based on evaluation of the root mean square (RMS) value of the neutron noise. The calculated power from Campbell range is based on the square value of the RMS neutron noise data. All data for the power calculation are stored in computer flash memories. To set proper data there, it was necessary to carry out the calibration of the I&C. At first, the proper discrimination value was found while examining the spectrum of the neutron signal from the chamber. The constants for the DC current and Campbell calculations were determined from an independent reactor power measurement. The independent power measuring system that was used for the calibration was accomplished by a compensated current chamber with an electrometer. The calculated calibration constants were stored in the computer flash memories, and the calibrated system was again successfully compared with the independent power measuring system. Finally, proper gamma discrimination of the Campbell system was carefully checked.     

Study on nuclear power plant simulator for digital I&C system commissioning

介绍了开发的核电站仿真机结构及功能,接着以稳压器压力控制系统为例,利用该仿真机进行了现场DCS调试的应用研究.先测试确保其DCS逻辑功能,然后通过与核电厂实际测试结果对比分析后,改进仿真机模型,最后对现场DCS进行了参数优化.研究表明,仿真机应用于核电站现场DCS测试及参数优化调试具有节省现场调试时间、降低调试风险的优越性.     

核电厂数字化仪控系统软件可靠性定量评估研究

本文依据IEEE std 1633标准,对Schneidewind软件可靠性模型进行研究,将该模型应用于核电厂数字化仪控系统软件可靠性定量评估,并评价该模型对于核电厂数字化仪控系统软件可靠性定量评估的适用性。本文结合某堆型核电厂数字化仪控系统典型功能模块软件故障数据,代入Schneidewind模型,对软件可靠性进行定量评估。本文介绍的工作对进一步开展数字化仪控系统软件可靠性研究具有积极意义。     

Software safety analysis application of safety-related I&C systems in installation phase

This work performed a software safety analysis (SSA) in the installation phase of the Lungmen nuclear power plant (LMNPP) in Taiwan, under the cooperation of INER and TPC. The US Nuclear Regulatory Commission (USNRC) requests licensee to perform software safety analysis (SSA) and software verification and validation (SV&V) in each phase of software development life cycle with Branch Technical Position (BTP) 14. In this work, 37 safety grade digital instrumentation and control (I&C) systems were analyzed by Failure Mode and Effects Analysis (FMEA), which is suggested by IEEE Standard 7-4.3.2 (2003). During the installation phase, skew tests for safety grade network and point to point tests were performed. The FMEA showed all the single failure modes can be resolved by the redundant architecture. The common mode failures can be resolved by operator manual actions via the diverse displays.     

Progress of Digital I&C Design Verification Platform for Demonstration Fast Reactor

正Digital IC design verification platform includes three parts,which are digital monitoring and control system design verification platform,digital protection system design verification platform and main process system coordinated control verification platform.This platform is mainly     

A verification and validation method and its application to digital safety systems in ABWR nuclear power plants

A verification and validation (V&V) method has been developed and applied to newly developed digital safety systems for the first ABWR plant, Kashiwazaki–Kariwa unit No. 6 of the Tokyo Electric Power Company. This paper describes the method and experience gained from its application. The method was developed on the basis of domestic and foreign standards and guidelines, and covers the more concrete procedures required for actual V&V. The application of problem oriented language (POL) helps make the V&V feasible and reliable. A personal-computer-based automatic test tool for the validation test has been developed and utilized. This tool is used to carry out the pre-defined validation test procedure automatically and produce a test report, and it was found to be effective in reducing the time and manpower required for the validation test. The validation test covers dynamic transient tests in which the response of the digital safety system against the simulated design based transients are tested. The tool enables automatic execution of the dynamic test.     

Development of a consensus standard for verification and validation of nuclear system thermal-fluids software

With the resurgence of nuclear power and increased interest in advanced nuclear reactors as an option to supply abundant energy without the associated greenhouse gas emissions of the more conventional fossil fuel energy sources, there is a need to establish internationally recognized standards for the verification and validation (V&V) of software used to calculate the thermal–hydraulic behavior of advanced reactor designs for both normal operation and hypothetical accident conditions. To address this need, ASME (American Society of Mechanical Engineers) Standards and Certification has established the V&V 30 Committee, under the jurisdiction of the V&V Standards Committee, to develop a consensus standard for verification and validation of software used for design and analysis of advanced reactor systems. The initial focus of this committee will be on the V&V of system analysis and computational fluid dynamics (CFD) software for nuclear applications. To limit the scope of the effort, the committee will further limit its focus to software to be used in the licensing of High-Temperature Gas-Cooled Reactors. Although software verification will be an important and necessary part of the standard, much of the initial effort of the committee will be focused on the validation of existing software and new models that could be used in the licensing process. In this framework, the Standard should conform to Nuclear Regulatory Commission (NRC) and other regulatory practices, procedures and methods for licensing of nuclear power plants as embodied in the United States (U.S.) Code of Federal Regulations and other pertinent documents such as Regulatory Guide 1.203, “Transient and Accident Analysis Methods” and NUREG-0800, “NRC Standard Review Plan”. In addition, the Standard should be consistent with applicable sections of ASME NQA-1-2008 “Quality Assurance Requirements for Nuclear Facility Applications (QA)”. This paper describes the general requirements for the proposed V&V 30 Standard, which includes: (a) applicable NRC and other regulatory requirements for defining the operational and accident domain of a nuclear system that must be considered if the system is to be licensed, (b) the corresponding calculation domain of the software that should encompass the nuclear operational and accident domain to be used to study the system behavior for licensing purposes, (c) the definition of the scaled experimental data set required to provide the basis for validating the software, (d) the ensemble of experimental data sets required to populate the validation matrix for the software in question, and (e) the practices and procedures to be used when applying a validation standard. Although this initial effort will focus on software for licensing of High-Temperature Gas-Cooled Reactors, it is anticipated that the practices and procedures developed for this Standard can eventually be extended to other nuclear and non-nuclear applications.     

田湾核电站计划管理体系的建立和完善

本文首先介绍了田湾核电站一期工程建设阶段计划分级管理和控制体系的建立,以及根据实际情况对进度管理体系的补充措施;重点对工程建设和调试进展滞后而采取的积极措施进行了总结。最后随着一期工程的全面投产,作者对电站运行阶段的生产计划管理体系进行了全面阐述和分析,为持续提高核电站生产管理水平提供了良好的借鉴。     

A Petri net design of FPGA-based controller for a class of nuclear I&C systems

This study is concerned with a FPGA-based controller design for the lack of FPGA-based solutions in the nuclear industry. An efficient design procedure is proposed to achieve simpler and affordable verification and validation (V&V) of system efforts by explicitly modeling the interactions among processes. In the present approach, both of state diagram (SD) concept and Petri nets (PNs) are used to model the concurrent processes. An illustrative example of automatic seismic trip system (ASTS) is provided. Synthesis results demonstrate that the proposed design is feasible and easy to implement.     

核电厂主控制室任务分类的初步探讨

本文阐述了主控制室的重要性与发展要求。并对如何在先进控制室设计中实施人因工程原则进行了简单介绍。重点论述了核电厂主控制室任务分析的目的与作用、策略与方法、范围与内容，并对初步的任务分类进行了探讨。     

Regulatory overview of digital I&C system in Taiwan Lungmen Project

The Lungmen Nuclear Power Plant (LMNPP) is currently under construction in Taiwan, which consists of two Advanced Boiling Water Reactor (ABWR) units. The instrumentation and control (I&C) systems of the Lungmen NPS are based on the state-of-the-art modernized fully integrated digital design. The design and architecture of digital systems are inherently different from those of analog systems. We face challenges in areas where there is limited technical guidance and regulatory precedent. This paper presents regulatory overviews, regulatory requirements, current major regulatory issues, as well as the areas of regulatory concerns and the lessons learned on the digital I&C systems in the Lungmen Project.     

The implementation of magnetics verification in EAST plasma control system

Experimental advanced superconducting tokamak (EAST) is an experimental device aiming at steady state plasma operation for fusion research. The values of many discharge parameters, such as plasma shape, position and current must be directly acquired or indirectly evaluated from the magnetic measurements, so the accuracy of magnetic measurements plays an important role in reliable plasma control performance. A method for verifying the key magnetic measurements in real time for each shot is described in this paper. Such magnetics verification will prevent the discharge from a key magnetic signal failure and ensure the quality of a successful discharge. The diagnostics verification algorithm has been implemented in the plasma control system for the EAST. The implementation details and its application in the recent experiment are presented in this paper.