Development of multi-state based integrated dependability model and application to reactor protection system

Abstract

The safety-critical digital systems in nuclear power plants (NPPs) such as reactor protection system (RPS) and engineered safety feature-component control system (ESF-CCS) automatically generate the control signals for manipulating complicated accident-mitigation equipment including the control rod driving mechanism for reactor trip. In the design process of safety-critical digital systems, the quantitative analysis of their dependabil-ity is essential step to enhance the safety of NPPs. The earlier this analysis can be performed, the higher safety can be achieved in a more cost effective manner. Therefore, in order to efficiently analyze and assess the dependability of safety-critical digital system at the early design stage, the integrated dependability evaluation model of RPS is developed using the Markov model. The RPS is the multiple redundant system, which is generally configured with four identical channels where various fault-tolerant techniques are used. This features the state explosion when the Markov model is used in analyzing its dependability. In order to overcome this issue, a systematic approach to simplify the Mar-kov model using system decomposition based on the failure-independent subsystems. This approach results in an exact solution in contrast with existing studies that result in an approximation solution. The proposed ap-proach is to decompose the target system into several failure-independent subsystems based on the function block diagram of target system, and then obtain the system-level failure rate and unavailability rate from the Markov model of the subsystem. These rates allow to easily make the Markov model for the target system and obtain its dependability. In order to build the integrated dependability model of RPS, the channel-level failure rate of each channel for RPS is obtained using the proposed approach. And the complex interrelationship among dependability parameters such as architecture, channel-level failure, repair, common cause failure and periodic surveillance test (PST) are modeled systematically, which cannot be achieved by using conventional static methods. In order to demonstrate the effectiveness of developed model, the dependability of RPS is evaluated along the variation of channel configuration and parameters. And also some PST strategies for efficiently improving the availability of RPS are suggested. The analyzed results show the quantitative effect on the dependability of RPS for variation of parameters in given channel configuration. It can give the system designer the criteria of how to design and optimize the parameters under the system requirements. The suggested PST strategies are to select the optimal period of surveillance test, to use the hybrid PST method in the system level and automatic self-test (AST) in the component level. First, the RPS with three channel configuration has more chance to be failed state during the PST in contrast with four channel configuration

in other words, frequent or rare PST dete-riorates the availability of RPS. Therefore, there is an optimal period of surveillance test, which is obtained by using the developed model. Second, at the early RPS operation, it is more advantageous for availability to test each channel sequentially only until the fault of channel is detected like staggered test rather than to test se-quentially regardless of the detection of channel fault like a conventional PST. Accordingly, hybrid PST combin-ing the staggered and conventional PST is suggested, where the switching time point of two methods is identified using the developed model. Finally, the AST is continuous test, not bypassing the channel, which is performed by internal memory of each module during the idle time of operating system scan time. Even though the test coverage factor of AST is very low, it effectively increases the fault detection coverage factor of each module. As a result, the unavailability of RPS with three channel configuration is reduced to 47.56% compared to that of conventional PST strategy. Although the integrated dependability evaluation model is developed for RPS, it can be applied to any safety systems with complex fault-tolerant architecture. At the early design stage, it can perform the role as de-cision maker giving information how to optimally design the architecture and dependability parameters under system requirements. Also it describes accurately both component-level and system-level behavior of dependa-bility and thus, it can be applied to the dynamic probabilistic safety assessment and risk-informed regulations.