Fault Detection Coverage Quantification of Automatic Test Functions of Digital I&c System in Npps


Digital systems such as a programmable logic controller (PLC) or distributed control system (DCS) have been applied to non-safety systems of nuclear power plants (NPPs) due to difficulties in using analog systems. More recently, digital systems have also been applied to the safety systems of NPPs such as the reactor protection system (RPS). The RPS is a safety system that trips a reactor to prevent the development of an accident when the reactor deviates from normal operation. The first application of a digital RPS was at Kori unit 1 to resolve an obsolescence problem due to the accumulated years of operation. An Integrated Digital Protection System (IDiPS) RPS was developed in Korea [1-2] during the Korea Nuclear Instrumentation and Control System (KNICS) research and development project. The IDiPS RPS has four independent channels, where each channel consists of bistable processors (BP), coincidence processors (CP), an automatic test and interface processor (ATIP), a cabinet operator module (COM), and other hardware components, as shown in Fig. 1. For the platform of the IDiPS RPS, a safety PLC has been adopted. The PLC is composed of various modules such as a bus, power, processor, communication, and input/ output modules. To improve the reliability and availability of IDiPS RPS, various fault-tolerant techniques such as self-diagnostics of each module, a heartbeat check of the watchdog timer, and periodic automatic testing of the ATIP have been implemented in IDiPS RPS. For example, an automatic periodic test is periodically initiated by the ATIP without any human intervention. ATIP provides test inputs to the BP and CP, and automatically checks the test results received from the BP and CP during the automatic periodic test. Analog instrument and control systems in nuclear power plants have recently been replaced with digital systems for safer and more efficient operation. Digital instrument and control systems have adopted various fault-tolerant techniques that help the system correctly and safely perform the specific required functions regardless of the presence of faults. Each fault-tolerant technique has a different inspection period, from real-time monitoring to monthly testing. The range covered by each faulttolerant technique is also different. The digital instrument and control system, therefore, adopts multiple barriers consisting of various fault-tolerant techniques to increase the total fault detection coverage. Even though these fault-tolerant techniques are adopted to ensure and improve the safety of a system, their effects on the system safety have not yet been properly considered in most probabilistic safety analysis models. Therefore, it is necessary to develop an evaluation method that can describe these features of digital instrument and control systems. Several issues must be considered in the fault coverage estimation of a digital instrument and control system, and two of these are addressed in this work. The first is to quantify the fault coverage of each fault-tolerant technique implemented in the system, and the second is to exclude the duplicated effect of fault-tolerant techniques implemented simultaneously at each level of the system’s hierarchy, as a fault occurring in a system might be detected by one or more fault-tolerant techniques. For this work, a fault injection experiment was used to obtain the exact relations between faults and multiple barriers of faulttolerant techniques. This experiment was applied to a bistable processor of a reactor protection system.

10 Figures and Tables

Cite this paper

@inproceedings{Choi2012FaultDC, title={Fault Detection Coverage Quantification of Automatic Test Functions of Digital I&c System in Npps}, author={Jong Gyun Choi and Seung Jun Lee and Hyun Gook Kang and Seop Hur and Y. J. Lee and S. C. S. Jang}, year={2012} }