RPS (Reactor Protection System) plays a critical role in assuring safety operation and relieves the consequence of accident in Nuclear Power Plant (NPP). With widely use of digital instrumentation and control (I&C) system, since LingAo phase II, Chinese NPP started the introduction of digital I&C system. After ten years of effort, the first domestic independent researched and developed digital I&C system, which named FirmSys, has been deployed in Yang Jiang NPP and intended to export with 3rd generation HPR1000 reactor to the UK. To achieve this export, the method to satisfy generic design assessment (GDA) requirements from the office for nuclear regulation (ONR) of UK is being explored. Statistical test is a recommendation way for independent confidence-building measure (ICBM) and production excellence (PE) of GDA. According to the requirements of statistical test from standard IEC 60880, and with the analysis of current test method limitation in test coverage and operation state simulation, the content and process design is the key point for statistical test in finite test times. For safety critical software in nuclear power plant, whose probability of failure is very small, the critical operation of dealing with accident for avoiding of disaster by user will rarely happen but requires high reliability. Therefore, the common practice of statistical test could not make a sufficient test for the operation during accident happening, and the cost of test is unacceptable. This paper proposes a scenario-based innovation statistical test method for RPS, and describes the test architecture, process, and achievement. This method uses accident scene as test case that focus on the protection functions, it covers parameters, values, operation states, and protection actions. All selected scenes is designed to occur in their relatively probability, target systems are responding in real input and output environment to prove their protection ability as the accident is really happening. Meanwhile, to test the effectiveness of redundant design, channels are randomly selected for success data transform while others are set failure. At last, an engineering practice with this scenario-based test method is made on FirmSys, the pressure water reactor typical accident scenes LOCA, SGTR and MSLB have been successfully simulated, achieves protection sequence verification with high parameters coverage during parameters constantly variation. This method also provides reference for system verification, reliability evaluation and GDA, and be applied in engineering project.
Read full abstract