Zhaohui Liu,Longtao Liao,Zhiqiang Wu,Xiaohua Yang

DOI: https://doi.org/10.1299/jsmeicone.2015.23._icone23-1_76

2015-01-01

The Proceedings of the International Conference on Nuclear Engineering (ICONE)

Abstract:The digitalized Instrumentation and Control (I&C) system of Nuclear power plants can provide many advantages. However, digital control systems induce new failure modes that differ from those of analog control systems. While the cost effectiveness and flexibility of software is widely recognized, it is very difficult to achieve and prove high levels of dependability and safety assurance for the functions performed by process control software, due to the very flexibility and potential complexity of the software itself. Software safety analysis (SSA) was one way to improve the software safety by identify the system hazards caused by software failure. This paper describes the application of a software fault tree analysis (SFTA) at the software design phase. At first, we evaluate all the software modules of the reactor power regulating system in nuclear power plant and identify various hazards. The SFTA was applied to some critical modules selected from the previous step. At last, we get some new hazards that had not been identified in the prior processes of the document evaluation which were helpful for our design.

Xue-gang Lin,Rong-sheng Xu,Hua Xiong,Miao-liang Zhu

2006-01-01

Abstract:Survivability should be considered beyond security for information system, and quantitative analysis can assess system survivability accurately for improvement. Information system is presented by finite state machine and its state transition map is used to describe analysis process, where the hierarchical structure of system state avoids the problem of enumerating states in Markov chain model. Based on SNA method, a framework of quantitative analysis is introduced: defining system, testing system’s survivability, computing survivability, and giving analysis report finally, which is easily implemented by computer. In the framework, the event database which is based on event classification and grade makes creating test project automatically and objectively, and survivability is computed through resistance, recognition and recovery in a hierarchical process.

Han Bao,Hongbin Zhang,Tate Shorthill,Edward Chen,Svetlana Lawrence

DOI: https://doi.org/10.1016/j.ress.2022.108973

2022-11-19

Abstract:Digital instrumentation and control (DI&C) systems at nuclear power plants (NPPs) have many advantages over analog systems. They are proven to be more reliable, cheaper, and easier to maintain given obsolescence of analog components. However, they also pose new engineering and technical challenges, such as possibility of common cause failures (CCFs) unique to digital systems. This paper proposes a Platform for Risk Assessment of DI&C (PRADIC) that is developed by Idaho National Laboratory (INL). A methodology for evaluation of software CCFs in high safety-significant safety-related DI&C systems of NPPs was developed as part of the framework. The framework integrates three stages of a typical risk assessment—qualitative hazard analysis and quantitative reliability and consequence analyses. The quantified risks compared with respective acceptance criteria provide valuable insights for system architecture alternatives allowing design optimization in terms of risk reduction and cost savings. A comprehensive case study performed to demonstrate the framework's capabilities is documented in this paper. Results show that the PRADIC is a powerful tool capable to identify potential digital-based CCFs, estimate their probabilities, and evaluate their impacts on system and plant safety.

engineering, industrial,operations research & management science

Chao Guo,Huasheng Xiong,Xiaojin Huang,Duo Li

DOI: https://doi.org/10.1155/2017/2981943

IF: 0.849

2017-01-01

Science and Technology of Nuclear Installations

Abstract:With the development of information technology, the instrumentation and control system of nuclear power plant nowadays rely heavily on the massive and complex software to ensure the safe and efficient operation of the power plant. The improvement of the software design and development for the safety systems has been a research focus for its decisive impact on the nuclear safety. The framework of the software design and development for reactor protection system in High Temperature Gas-Cooled Reactor-Pebble bed Module was introduced in this paper. Firstly, during the design period, in addition to multichannel redundancy, grouping of protection variables and diverse 2-out-of-4 logics were adopted by different subsystems of each channel in case of common cause failure. Then a series of development characteristics together with strict software verification and validation were performed. Thirdly, during the software test period, an improved software reliability growth model based on the Goel-Okumoto model according to the analysis of fault severity was proposed to help in estimating the reliability of the software product and identifying the software release time.

Edward Chen,Han Bao,Tate Shorthill,Carl Elks,Nam Dinh

DOI: https://doi.org/10.48550/arXiv.2205.12075

2022-05-24

Software Engineering

Abstract:In recent years, there has been considerable effort to modernize existing and new nuclear power plants with digital instrumentation and control systems. However, there has also been considerable concern both by industry and regulatory bodies for the risk and consequence analysis of these systems. Of concern are digital common cause failures specifically due to software defects. These failures by the software can occur in both the control and monitoring of a system. While many methods have been proposed to identify software failure modes, such as Systems Theoretic Process Analysis, Hazard and Consequence Analysis for Digital Systems, etc., these methods are focused primarily on the control action pathway of a system. In contrast, the information feedback pathway lacks Unsafe Control Actions, which are typically related to software basic events; thus, assessment of software basic events in such systems is unclear. In this work, we present the idea of intermediate processors and Unsafe Information Flow (UIF) to help safety analysts trace failure mechanisms in the feedback pathway and how they can be integrated into a fault tree for improved assessment capability. The concepts presented are demonstrated in two comprehensive case studies, a smart sensor integrated platform for unmanned autonomous vehicles and another on a representative advanced human system interface for safety critical plant monitoring. The qualitative software basic events are identified, and a fault tree analysis is conducted based on a modified Redundancy guided Systems theoretic Hazard Analysis methodology. The case studies demonstrate the use of UIFs and intermediate processors in the fault tree to improve traceability of software failures in highly complex digital instrumentation feedback. The improved method clarifies fault tree construction when multiple component dependencies are present in the system.

Duo Li,LiangJu Zhang

2004-01-01

Abstract:The instrumentation and control system (I&C) of nuclear power plant (NPP) comes into a digital era. The key issues arising from digitalization of NPP I&Cs are how to effectively demonstrate and confirm the completeness and correctness of the software that performs reactor safety functions, and which characteristics and qualifications a safety software should have to be approved by the nuclear safety authority. It is commonly accepted that the essential way to solve these issues for safety software is to pass a strict and independent Verification and Validation (V&V) process. The outline for a V&V effort is covered in this paper and demonstrated with three parts, which are V&V activities, V&V tasks, and V&V documentation.

ZHANG Chi,CAO Jiandong,LI Yiquan,WANG Huifang

DOI: https://doi.org/10.3969/j.issn.1007-290x.2012.05.006

2012-01-01

Abstract:Aiming at lack of quantitative assessment and choosing design scheme of relaying protection system of digital substation,the paper proposes to develop quantitive assessment software for relaying protection scheme of digital substation and elaborates on technical lines for implementing reliability assessment,economy assessment and comprehensive assessment;it presents flow chart of the implementation and discusses content and implementing method of each functional module.It is indicated by the research that the implementation of the software can effectively help to scientific choose design scheme of relaying protection system of digital substation.

Hongbin Zhang,Han Bao,Tate Shorthill,Edward Quinn

DOI: https://doi.org/10.1080/00295450.2022.2076486

IF: 1.667

2022-07-13

Nuclear Technology

Abstract:Upgrading the existing analog instrumentation and control (I&C) systems to state-of-the-art digital I&C (DI&C) systems will greatly benefit existing light water reactors. However, the issue of software common cause failure (CCF) remains an obstacle in terms of qualification for digital technologies. Existing analyses of CCFs in I&C systems mainly focus on hardware failures. With the application and upgrading of new DI&C systems, design flaws could cause software CCFs to become a potential threat to plant safety, considering that most redundancy designs use similar digital platforms or software in their operating and application systems. With complex multilayer redundancy designs to meet the single failure criterion, these I&C safety systems are of particular concern in U.S. Nuclear Regulatory Commission licensing procedures. In Fiscal Year 2019, the Risk-Informed Systems Analysis (RISA) Pathway of the U.S. Department of Energy's Light Water Reactor Sustainability Program initiated a project to develop a risk assessment strategy for delivering a strong technical basis to support effective, licensable, and secure DI&C technologies for digital upgrades and designs. An integrated risk assessment for the DI&C process was proposed for this strategy to identify potential key digital-induced failures, implement reliability analyses of related digital safety I&C systems, and evaluate the unanalyzed sequences introduced by these failures (particularly software CCFs) at the plant level. This paper summarizes these RISA efforts in the risk analysis of safety-related DI&C systems at Idaho National Laboratory.

nuclear science & technology

Chao Guo,Shuqiao Zhou,Duo Li

DOI: https://doi.org/10.1109/ICRMS.2016.8050120

2016-01-01

Abstract:The application of digital instrumentation and control systems in Nuclear Power Plants (NPPs) provides a series of advantages, but it also raises challenges in the reliability analysis of safety-critical systems in the NPPs. Software testing is one of the most significant processes to assure software reliability, and the safety-critical systems of NPPs are sensitive to the severity of software faults, especially the critical faults that infect the system function greatly. Previous software reliability models related to the analysis of fault severity were mostly based on the assumption of different severities. In this paper, the fault severity data collected during the software test process were used for modeling the test process with a Software Reliability Growth Model based on a non-homogeneous Poisson process. The mean value function was derived by considering the ratios of critical and non-critical faults and was named as “Ratio of Critical-Faults model” (RCF model). The fault data collected while developing the safety-critical system were used to validate this model. According to the analysis, RCF model had fitting abilities similar to that of the Goel-Okumoto model and Inflection S-shaped model whereas the prediction effect of the RCF model was better than that of these two models, especially when little data were collected, which could be used to determine the release time of the software.

Pramod Kumar,Lalit Kumar Singh,Chiranjeev Kumar

DOI: https://doi.org/10.1002/qre.2577

2019-11-19

Quality and Reliability Engineering International

Abstract:<p>The transition from analog to digital safety‐critical instrumentation and control (I&amp;C) systems has introduced new challenges for software experts to deliver increased software reliability. Since the 1970s, researchers are continuing to propose software reliability models for reliability estimation of software. However, these approaches rely on the failure history for the assessment of reliability. Due to insufficient failure data, these models fail to predict the reliability of safety critical systems. This paper utilizes the Bayesian update methodology and proposes a framework for the reliability assessment of the safety‐critical systems (SCSs). The proposed methodology is validated using experiments performed on real data of 12 safety‐critical control systems of nuclear power plants.</p>

engineering, industrial, multidisciplinary,operations research & management science

Chao Guo,Huasheng Xiong,Duo Li,Shuqiao Zhou

DOI: https://doi.org/10.1115/icone24-60535

2016-01-01

Abstract:Nuclear safety is one of the key issues for a nuclear power plant (NPP). Digital instrumentation and control (I&C) systems have been employed gradually in the newly-built and upgraded NPPs, while the reliability of software brings great challenges to the Probability Risk Assessment (PRA) of NPPs. Software testing is regarded as one of the most important methods to guarantee the quality of safety software. The testing data can then be adopted to assess the coding quality by reliability modelling. As the variety of digital I&C systems, software modelling methods corresponding to particular I&C system, as well as a model which is suitable in all situations, are both expected.The Reactor Protection System (RPS) in High Temperature Gas-Cooled Reactor - Pebble bed Module (HTR-PM) is the first digital RPS designed and to be operated commercially in China. As the designer, we also took part in the software testing work of this digital I&C system. In this paper, we gave a comprehensive introduction to the software testing and reliability modelling research of RPS in HTR-PM, including the objective, tools, methods, testing strategy, organizational structure, and the implementation phases.During the testing experience of safety software of RPS in HTR-PM, we collected the software abnormal reports which could be employed for the reliability analysis to evaluate the quality of the safety software. We introduced the data mining and reliability modelling research according to the abnormal reports. Different characteristics of faults could be used for software reliability modelling, such as software version, fault severity, test stage, submission date, debugging data, and so on. In the end we introduced a software modelling method based on severity analysis of the abnormal reports.The work we showed in this paper can contribute to improve the process of testing and reliability analysis for other digital I&C systems in NPPs.

Chen Xiaoming,Zuoyi Zhang,Gao Zuying,Zhao Bingquan,Takashi Nakagawa,Wei Wu,Satoko Matsuo,Naotaka Terashita,XM Chen,ZY Zhang,ZY Gao,BQ Zhao

DOI: https://doi.org/10.1016/S1474-6670(17)41530-8

2001-01-01

IFAC Proceedings Volumes

Abstract:This paper describes a case study on the evaluation of the control board in an actual Chinese nuclear power plant. A computer-simulation-based evaluation software system is utilized in the study. The study aims at verifying the feasibility and usability of the evaluation software in Chinese nuclear power plant and at finding the potential problems in the original design from the viewpoint of human error probability. The results turn out that some potential problems and mismatches were detected in the design and the operation procedures. An example modified design is proposed to decrease the possibility of potential operators' errors. The improvement effects were demonstrated from the comparison of the analysis results between the modified design and the original one. It is expected that the Chinese human machine interface assessment technologies could be developed on the basis and results of this study.

Jian Jiao,Yongfeng Jing,Shujie Pang

DOI: https://doi.org/10.3390/systems10050137

2022-01-01

Abstract:With the complexity of the socio-technical system, the requirement for safety analysis is growing. In actuality, system risk is frequently created by the interaction of numerous nonlinear-related components. It is essential to use safety assessment methods to identify critical risk factors in the system and evaluate the safety level of the system. An integrated safety assessment framework combining the system theoretic process analysis (STPA), the analytic network process (ANP) and system dynamics (SD) is suggested to analyze the safety level of socio-technical systems to achieve qualitative and quantitative safety evaluation. Our study constructs an STPA and SD integration framework to demonstrate the practical potential of combining STPA and SD approaches in terms of risk factors and causality. The framework uses the STPA method to define the static safety control structure of the system and analyzes the primary risk factors. The unsafe control actions (UCAs) from the STPA method are transformed into network layer elements of ANP. The ANP method is used to calculate the element weights, which are the impact coefficients between the system dynamics (SD) variables. The SD method is used to assess the safety level of the system. Finally, a specific coal mining system is used to demonstrate how the proposed hybrid framework works. The results indicated that the safety level of the system was low on days 38 and 120 of the simulation cycle (one quarter). Our work can overcome the limitations of conventional STPA quantitative analysis and simplify SD qualitative modeling to serve as a reference for complicated system safety/risk analysis work.

Tate Shorthill,Han Bao,Hongbin Zhang,Heng Ban

DOI: https://doi.org/10.1080/00295450.2021.1957659

IF: 1.667

2021-11-05

Nuclear Technology

Abstract:Digital instrumentation and control (I&amp;C) upgrades are a vital research area for the nuclear industry. Despite their performance benefits, deployment of digital I&amp;C in nuclear power plants (NPPs) has been limited. Digital I&amp;C systems exhibit complex failure modes including common cause failures (CCFs), which can be difficult to identify. This paper describes the development of a redundancy-guided application of the Systems-Theoretic Process Analysis and fault tree analysis for the hazard analysis of digital I&amp;C in advanced NPPs. The resulting Redundancy-Guided Systems-Theoretic Hazard Analysis (RESHA) is applied for the case study of a representative state-of-the-art digital reactor trip system. The analysis qualitatively and systematically identifies the most critical CCFs and other hazards of digital I&amp;C systems. Ultimately, the RESHA can help researchers make informed decisions for how, and to what degree, defensive measures such as redundancy, diversity, and defense in depth can be used to mitigate or eliminate the potential hazards of digital I&amp;C systems.

nuclear science & technology

杨仕平,熊光泽,桑楠,吴新勇

DOI: https://doi.org/10.3969/j.issn.1000-7024.2004.02.001

2004-01-01

Abstract:On the basis of analyzing the necessity of safety testing and evaluation for safety critical software, the safety evaluation criteria fitted for testing and evaluating safety critical software are proposed and the relations between safety evaluation criteria and reliability evaluation criteria are presented. Followed this, the limitations of the four classical testing and evaluation approaches used to evaluate the software with high safety requirements are summarized. The feasibility of safety testing and evaluation based on the technology of importance sampling and stress testing is researched, and the concrete implement process about this approach is discussed in detail, during the course of doing this, the safety critical control system of the nuclear power plant is used in a practical example in order to exemplify the correctness of the proposed approach. Finally, the related work and future trends of the research in this field are listed.

Edward Chen,Han Bao,Tate Shorthill,Carl Elks,Athira Varma Jayakumar,Nam Dinh

DOI: https://doi.org/10.48550/arXiv.2205.12080

2022-05-24

Software Engineering

Abstract:The modernization of existing and new nuclear power plants with digital instrumentation and control systems (DI&C) is a recent and highly trending topic. However, there lacks strong consensus on best-estimate reliability methodologies by both the United States (U.S.) Nuclear Regulatory Commission (NRC) and the industry. In this work, we develop an approach called Orthogonal-defect Classification for Assessing Software Reliability (ORCAS) to quantify probabilities of various software failure modes in a DI&C system. The method utilizes accepted industry methodologies for quality assurance that are verified by experimental evidence. In essence, the approach combines a semantic failure classification model with a reliability growth model to predict the probability of failure modes of a software system. A case study was conducted on a representative I&C platform (ChibiOS) running a smart sensor acquisition software developed by Virginia Commonwealth University (VCU). The testing and evidence collection guidance in ORCAS was applied, and defects were uncovered in the software. Qualitative evidence, such as modified condition decision coverage, was used to gauge the completeness and trustworthiness of the assessment while quantitative evidence was used to determine the software failure probabilities. The reliability of the software was then estimated and compared to existing operational data of the sensor device. It is demonstrated that by using ORCAS, a semantic reasoning framework can be developed to justify if the software is reliable (or unreliable) while still leveraging the strength of the existing methods.

Q. Z. Liang,Y. Guo,C. H. Peng

DOI: https://doi.org/10.1088/1755-1315/427/1/012018

2020-01-01

Abstract:The widely use of digital instrument and control (I&C) systems in nuclear power plants (NPPs) and their important role in plant safety put forward the requirement for developing reliability modeling for digital systems with the capacity to be integrated into the existing probabilistic safety analysis (PSA) framework. However, challenges arise in the reliability analysis which mainly come from the modeling of complex interactions among the system hardware, software, controlled process physics, and operator. Generally, these factors are analyzed separately since at present there isn't universal methods for modeling them in a uniform framework. In this paper, the research status of reliability modeling methodologies, software reliability assessment methods and human reliability analysis for digital instrument and control systems in NPPs were introduced. The survey results show that ET/FT is still the mainstream method in reliability studies of digital systems in NPPs, and DFM is a dynamic method with great potential. At present, there is no generally accepted software reliability analysis method. The researches about human errors under digital environment and the theoretical basis of corresponding human reliability analysis method is being developed.

S. El Bouzidi,F. Forgues,R.E. Ortega Pelayo,Q. Chen,A. John,A. Trottier,S. Pfeiffer

DOI: https://doi.org/10.1016/j.nucengdes.2023.112884

IF: 1.7

2024-01-23

Nuclear Engineering and Design

Abstract:Nuclear utilities are increasingly facing challenges meeting evolving regulatory requirements of probabilistic structural assessments with existing tools. Probabilistic methodologies are widely used as part of reactor safety analyses, including piping component structural integrity and fitness-for-service assessments. Probabilistic structural integrity assessments for nuclear piping components are typically conducted using special-purpose codes that may only provide limited probabilistic capabilities, may not be used with high-fidelity simulation software, or may not be used on high-performance computing clusters for large simulation campaigns. In the Canadian nuclear industry, probabilistic assessments for fuel channels are constrained by the large population of fuel channels in the case of in-core analyses. Meanwhile, for components such as steam generators, assessments are constrained by interfacing capabilities of the complex simulation codes that would be needed to represent the relevant physical phenomena. A generic and scalable probabilistic framework is needed to enable utilities to conduct large-scale probabilistic structural assessments with representative simulation codes. The present study proposes a novel and scalable framework for developing Monte Carlo analysis workflows to assess the structural integrity of nuclear plant piping components. The methodology is demonstrated for two relevant scenarios: a vibration-induced cracking assessment of a steam generator and a CANDU 1 pressure-tube fitness-for-service assessment. The study shows that the proposed methodology provides a convenient means for assessing uncertainty propagation, confidence intervals, and output parameter distributions for probabilistic structural integrity cases.

nuclear science & technology

HAN Yuqi,GUO Jia,GUO Chuangxin,HUANG Han

DOI: https://doi.org/10.13334/j.0258-8013.pcsee.2016.06.005

2016-01-01

Abstract:With the deep incorporating of information and communication technology in power systems, the power system has involved into the cyber-physical power system. The application of software-defined networking theory into the cyber physical power system can improve the system flexibility and provide room for new functions. Under this circumstance, the assessment of intelligent substation security risk should consider both the information device hardware factor and software factor. This paper combines the specifics of software defined networking and cyber physical power systems and then divided the system into the application layer, the control layer, the cyber operation layer and the physical operation layer. Based on the function decomposed modelling method, this paper put forwards the system security risk assessment method incorporating the failures of application layer control and function software and cyber device application software. The calculation and sensitive analysis of the security risk of T1-1 substation is operated using the assessment method in this paper.

Linyu Lin,Nam Dinh

DOI: https://doi.org/10.1115/1.4048465

2020-09-01

Abstract:Abstract In nuclear engineering, modeling and simulations (M&Ss) are widely applied to support risk-informed safety analysis. Since nuclear safety analysis has important implications, a convincing validation process is needed to assess simulation adequacy, i.e., the degree to which M&S tools can adequately represent the system quantities of interest. However, due to data gaps, validation becomes a decision-making process under uncertainties. Expert knowledge and judgments are required to collect, choose, characterize, and integrate evidence toward the final adequacy decision. However, in validation frameworks, CSAU: code scaling, applicability, and uncertainty (NUREG/CR-5249) and EMDAP: evaluation model development and assessment process regulatory guide (RG 1.203), such a decision-making process is largely implicit and obscure. When scenarios are complex, knowledge biases and unreliable judgments can be overlooked, which could increase uncertainty in the simulation adequacy result and the corresponding risks. Therefore, a framework is required to formalize the decision-making process for simulation adequacy in a practical, transparent, and consistent manner. This paper suggests a framework—“Predictive capability maturity quantification using Bayesian network (PCMQBN)”—as a quantified framework for assessing simulation adequacy based on information collected from validation activities. A case study is prepared for evaluating the adequacy of a Smoothed Particle Hydrodynamic simulation in predicting the hydrodynamic forces onto static structures during an external flooding scenario. Comparing to the qualitative and implicit adequacy assessment, PCMQBN is able to improve confidence in the simulation adequacy result and to reduce expected loss in the risk-informed safety analysis.