A Methodological Research Of Digital I&C System Reliability And Human Machine Interaction Analysis For Nuclear Power Plant

Probabilistic safety assessment(PSA)technique,which employs both the reliability analysis techniques and safety analysis techniques,has been applied to the design and operation of nuclear power plant(NPP)and has been proved to be an important technological means to ensure the safety.Based on the study of the risk monitor system used in the NPPs,a new systematic framework of "DiD(Defense-in-Depth)risk analysis system" has been proposed,which considers both of the importance of prevention and mitigation of severe accident in order to further enhance the nuclear safety.The configuration of proposed DiD risk analysis system consists of two layers system named as “DiD(defense-in-depth)risk monitor” subsystem and “reliability monitor” subsystem and “risk status identification”.The DiD risk monitor subsystem support the operator for the plant operation and decision making during the different plant state;while the reliability monitor subsystem monitors and analyzes the reliability states of individual plant system and equipment during the daily operation.And the risk status identification passes the plant information between the DiD risk monitor and the reliability monitor and analyzes the plant risk states.With the computer technology development,the instrumentation and control of the NPPs are fully digitalized.The digital I&C(D-I&C)system not only provides the rich advanced functions but also brings up the new challenges for the PSA.Meanwhile,the role of the operators in plant is changing in the D-I&C system.Therefore,with the proposed DiD risk analysis system as the background and taking the D-I&C system as the research object,the two layer subsystems are respectively researched in the dissertation.The targets of the research are to achieve:(I)For the reliability monitor subsystem,the reliability analysis focuses on the D-I&C system and to integrate with the reliability models of the plant conventional process system which are previously studied.So that the reliability monitor subsystem can evaluate the whole plant systems including the digital system and conventional process system in the proposed DiD risk analysis system.(II)For the DiD risk monitor subsystem,the knowledge base software is designed and developed.And a human-machine interaction design and evaluation method is proposed by the combination of the plant scenario simulation and the knowledge base software.The concrete research work includes the followings:(1)Develop and build the mathematical reliability analysis model for the hardware of the D-I&C system especially for the digital reactor protection system(RPS).In the mathematical models,the probability of failure on demand(PFD)and probability of spurious trip(PST)are calculated for the digital RPS.The repair time,common cause failure and the fault coverage are modeled and analyzed.Based on the calculation results,the suggestions for the D-I&C design are proposed respectively for repair time,common cause failure and fault coverage impact.(2)A reliability model is built using the colored petri net(CPN)by noticing the advantages and capability of the methodology to model the complex system.In the CPN model,not only the PFD and PST are estimated but also the mean time to first failure(MTTFF),mean time between failures(MTBF),mean time to repair(MTTR),et al.are calculated.Using both the mathematical model and the CPN model,the reliability analysis results are justified.(3)Considering the characteristics of the safety-critical software,a reliability analysis method that can be adopted to the safety-critical software is proposed based on the statistical model checking method.The proposed method can be applied to the early phase and the later phase of the software development life cycle.When the method is applied at the early phase,the software design schemes and the reliability allocation strategies are justified;when it is applied at the later phase,the probability failure on demand and probability of spurious logic trigger of the safety critical software are estimated.(4)Based on the function of the plant DiD risk monitor subsystem in the DiD risk analysis system,the requirement of the plant DiD risk monitor subsystem is proposed for the software design.Then using the object oriented method,the plant DiD risk monitor software is developed as the knowledge base software.The main functions of the knowledge base software are:(i)building the plant knowledge base mode using the “state chart diagram”;(ii)interaction simulation between the actors;(iii)interaction analyzer.(5)Due to the introduction of D-I&C system,the role of the operator is also changing.And it is aware that the human error becomes an important factor which induces the fault and accident of the nuclear power plant when the nuclear power plant is fully digitalized.Therefore,the human-machine interaction design is important for the complex system and the harmonious human-machine interaction becomes an important contribution to the plant safety and economy.The designed knowledge base software is applied to the human-machine interaction design and evaluation.And a method of evaluating and designing human-machine interaction is proposed for fully digitalized I&C and digitalized human-machine interface system by using both the plant scenario simulation and the knowledge base software.The method can design the intelligent human-machine interface for the NPP operation and evaluate the human roles in the plant to achieve the human-machine harmonious control.(6)The knowledge base software and the human-machine interaction design and evaluation method are demonstrated using the AP1000 passive core cooling system under the small break loss of coolant accident.The knowledge base software is verified and validated as well as the efficiency of the proposed human-machine interaction design and evaluation method is demonstrated.When the analysis of the hardware and software reliability of the D-I&C system is performed,the reliability monitor subsystem can evaluate the reliability of all the plant systems including the digital system and the plant conventional process system.Then the risk status identification can calculate the plant risk level and state based on the reliability monitor results of each system.And the DiD risk monitor subsystem can support the operator for the operation and decision making according to the reliability monitor results and the plant risk analysis results.Finally based on the plant scenario simulation and the knowledge base model,the human-machine interaction is evaluated and improved for the digital system under supervisory control.