• Nuclear Engineering and Technology
• /
• v.41 no.6
• /
• pp.849-858
• /
• 2009

Risk caused by safety-critical instrumentation and control (I&C) systems considerably affects overall plant risk. As digitalization of safety-critical systems in nuclear power plants progresses, a risk model of a digitalized safety system is required and must be included in a plant safety model in order to assess this risk effect on the plant. Unique features of a digital system cause some challenges in risk modeling. This article aims at providing an overview of the issues related to the development of a static fault-tree-based risk model. We categorize the complicated issues of digital system probabilistic risk assessment (PRA) into four groups based on their characteristics: hardware module issues, software issues, system issues, and safety function issues. Quantification of the effect of these issues dominates the quality of a developed risk model. Recent research activities for addressing various issues, such as the modeling framework of a software-based system, the software failure probability and the fault coverage of a self monitoring mechanism, are discussed. Although these issues are interrelated and affect each other, the categorized and systematic approach suggested here will provide a proper insight for analyzing risk from a digital system.

• Proceedings of the Korean Nuclear Society Conference
• /
• 2004.05a
• /
• pp.226-226
• /
• 2004

• Proceedings of the Korean Nuclear Society Conference
• /
• 2005.10a
• /
• pp.1099-1100
• /
• 2005

• Journal of the Korean Society of Systems Engineering
• /
• v.17 no.1
• /
• pp.21-34
• /
• 2021

The use of Field-Programmable Gate Arrays (FPGAs) in the development of safety-related Human-Machine Interface (HMI) systems has gained much momentum in nuclear applications. Recently, one of the application areas for the Advanced Power Reactor 1400 (APR1400) is in the development of the advanced Component Interface Module (CIM) of the Engineered Safety Features Actuation System (ESFAS). Using systems engineering approach, we have developed a new FPGA-based advanced CIM software. The first step of our software development process involves the Preliminary Hazard Analysis (PHA) based on the previous CIM design. In this paper, we describe the qualitative approach used in performing the preliminary hazard analysis. The paper presents the methodology for applying a modified Hazard and Operability (HAZOP) procedure for the conduct of PHA which resulted in a qualitative risk-ranking scheme that informed the decisions for the safety criteria in the requirements specification phase. The qualitative approach provided the justification for design changes during the advanced CIM software development process.

• Nuclear Engineering and Technology
• /
• v.33 no.6
• /
• pp.596-604
• /
• 2001

This paper quantitatively presents the effects of important factors of the probabilistic safety assessment (PSA) of safety-critical digital systems. The result which is quantified using fault tree analysis methodology shows that these factors remarkably affect the system safety. In this paper we list the factors which should be represented by the model for PSA. Based on the PSA experience, we select three important factors which are expected to dominate the system unavailability. They are the avoidance of common cause failure, the coverage of fault tolerant mechanisms and software failure probability. We Quantitatively demonstrate the effect of these three factors. The broader usage of digital equipment in nuclear power plants gives rise to the safety problems. Even though conventional PSA methods are immature for applying to microprocessor-based digital systems, practical needs force us to apply it because the result of PSA plays an important role in proving the safety of a designed system. We expect the analysis result to provide valuable feedback to the designers of digital safety- critical systems.

• Journal of Energy Engineering
• /
• v.7 no.1
• /
• pp.96-102
• /
• 1998

The use of computers as part of nuclear safety systems elicits additional requirements-software verification and validation (v/v), hardware qualification-not specifically addressed in general industry fields. The computer used in nuclear power plants is a system that includes computer hardware, software, firmware, and interfaces. To develop the computer systems graded with nuclear safety class, the developing environments have to be required in advance and the developed software have to be verified and validated in accordance with nuclear code and standards. With this requirements, the test facility for Inadequate Core Cooling Monitoring System (ICCMS) as one of safety systems in the nuclear power plants was developed. The test facility consists of three(3) parts such as Input/Output (I/O) simulator, Plant Data Acqusition System (PDAS) cabinets and supervisory computer. The performance of the system was validated by manual test procedure.

• Proceedings of the Korean Nuclear Society Conference
• /
• 2002.05a
• /
• pp.179.1-179
• /
• 2002

• Nuclear Engineering and Technology
• /
• v.31 no.1
• /
• pp.49-57
• /
• 1999

It has been a critical issue to predict the safety critical software reliability in nuclear engineering area. For many years, many researches have focused on the quantification of software reliability and there have been many models developed to quantify software reliability. Most software reliability models estimate the reliability with the failure data collected during the test assuming that the test environments well represent the operation profile. User's interest is however on the operational reliability rather than on the test reliability. The experiences show that the operational reliability is higher than the test reliability. With the assumption that the difference in reliability results from the change of environment, from testing to operation, testing environment factors comprising the aging factor and the coverage factor are developed in this paper and used to predict the ultimate operational reliability with the failure data in testing phase. It is by incorporating test environments applied beyond the operational profile into testing environment factors. The application results show that the proposed method can estimate the operational reliability accurately.

• Nuclear Engineering and Technology
• /
• v.45 no.4
• /
• pp.489-504
• /
• 2013

Software safety for nuclear reactor protection systems (RPSs) is the most important requirement for the obtainment of permission for operation and export from government authorities, which is why it should be managed with well-experienced software development processes. The RPS software is typically modeled with function block diagrams (FBDs) in the design phase, and then mechanically translated into C programs in the implementation phase, which is finally compiled into executable machine codes and loaded on RPS hardware - PLC (Programmable Logic Controller). Whereas C Compilers are fully-verified COTS (Commercial Off-The-Shelf) software, translators from FBDs to C programs are provided by PLC vendors. Long-term experience, experiments and simulations have validated their correctness and function safety. This paper proposes a behavior-preserving translation from FBD design to C implementation for RPS software. It includes two sets of translation algorithms and rules as well as a prototype translator. We used an example of RPS software in a Korean nuclear power plant to demonstrate the correctness and effectiveness of the proposed translation.

• Journal of Electrical Engineering and Technology
• /
• v.2 no.3
• /
• pp.386-390
• /
• 2007

At recent times, an essential issue in the replacement of the old analogue I&C to computer-based digital systems in nuclear power plants becomes the quantitative software reliability assessment. Software reliability models have been successfully applied to many industrial applications, but have the unfortunate drawback of requiring data from which one can formulate a model. Software that is developed for safety critical applications is frequently unable to produce such data for at least two reasons. First, the software is frequently one-of-a-kind, and second, it rarely fails. Safety critical software is normally expected to pass every unit test producing precious little failure data. The basic premise of the rare events approach is that well-tested software does not fail under normal routine and input signals, which means that failures must be triggered by unusual input data and computer states. The failure data found under the reasonable testing cases and testing time for these conditions should be considered for the quantitative reliability assessment. We presented the quantitative reliability assessment methodology of safety critical software for rare failure cases in this paper.