CN107992451B - Method for calculating refusing probability of reactor protection system - Google Patents
Method for calculating refusing probability of reactor protection system Download PDFInfo
- Publication number
- CN107992451B CN107992451B CN201711189661.3A CN201711189661A CN107992451B CN 107992451 B CN107992451 B CN 107992451B CN 201711189661 A CN201711189661 A CN 201711189661A CN 107992451 B CN107992451 B CN 107992451B
- Authority
- CN
- China
- Prior art keywords
- failure
- probability
- channel
- diagnosable
- protection system
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F17/00—Digital computing or data processing equipment or methods, specially adapted for specific functions
- G06F17/10—Complex mathematical operations
- G06F17/18—Complex mathematical operations for evaluating statistical data, e.g. average values, frequency distributions, probability functions, regression analysis
Landscapes
- Engineering & Computer Science (AREA)
- Physics & Mathematics (AREA)
- Data Mining & Analysis (AREA)
- General Physics & Mathematics (AREA)
- Mathematical Optimization (AREA)
- Pure & Applied Mathematics (AREA)
- Theoretical Computer Science (AREA)
- Mathematical Physics (AREA)
- Computational Mathematics (AREA)
- Mathematical Analysis (AREA)
- Life Sciences & Earth Sciences (AREA)
- Operations Research (AREA)
- Probability & Statistics with Applications (AREA)
- Bioinformatics & Cheminformatics (AREA)
- Algebra (AREA)
- Evolutionary Biology (AREA)
- Databases & Information Systems (AREA)
- Software Systems (AREA)
- General Engineering & Computer Science (AREA)
- Bioinformatics & Computational Biology (AREA)
- Monitoring And Testing Of Nuclear Reactors (AREA)
- Testing And Monitoring For Control Systems (AREA)
Abstract
The invention belongs to the technical field of probability safety analysis of nuclear power safety level instrument control systems, and particularly relates to a method for calculating the motion rejection probability of a reactor protection system. The method comprises the following steps: analyzing the channel rejection probability of one channel caused by the non-diagnosable non-common cause fault; under the condition that each channel of the reactor protection system alternately carries out periodic tests, the action rejection probability caused by the simultaneous occurrence of the non-diagnosable non-common-cause fault of three or four channels in the four channels is calculated; calculating the channel refusing probability caused by the non-common cause fault which can be diagnosed by the channel according to the fault repairing rate; calculating the action rejection probability caused by the simultaneous occurrence of three or four channels and the diagnosable non-common cause fault; calculating the rejection probability of the undistorted common-cause failure and the diagnosable rejection probability of the common-cause failure of the channel by analyzing the undistorted common-cause failure factor and the diagnosable common-cause failure factor; and adding the motion rejection probabilities of all the parts to obtain the motion rejection probability of the reactor protection system. The invention improves the calculation efficiency.
Description
Technical Field
The invention belongs to the technical field of probability safety analysis of nuclear power safety level instrument control systems, and particularly relates to a method for calculating the motion rejection probability of a reactor protection system.
Background
The action refusing probability refers to the probability that the safety level instrument control system refuses to execute the safety function due to random failure of the safety level instrument control system under the condition that the field working condition is abnormal and the system action needs to be protected, namely the system action refusing is caused by the failure condition of the parts of the safety level instrument control system. The reactor protection system mainly has the functions of protecting the integrity of three nuclear safety barriers, namely a fuel cladding, a primary circuit pressure boundary and a containment vessel, when operation parameters reach a threshold value which endangers the integrity of the three nuclear safety barriers, the protection system acts to trigger emergency shutdown of the reactor and start special safety facilities, when the protection system refuses to operate, the emergency shutdown cannot be started, serious accidents such as damage to a reactor core and release of radioactive substances into the environment can be caused, and finally, public safety is endangered.
GB/T4083 and 2005 'safety criterion of reactor protection system' definitely put forward the quantitative requirement of the probability of refusing action of a safety level instrument control system. However, this standard does not provide a general calculation method for the rejection probability, and a consistent method is not formed in the industry, so currently, mainstream nuclear power instrumentation and control suppliers independently derive a system rejection probability calculation method based on a reliability theory and combined with practical experience, for example, mitsubishi company calculates the rejection probability by applying a reliability block diagram theory, westinghouse company and AREVA company derive a rejection probability calculation model and formula by applying a failure tree theory, and Invensys derives the rejection probability by applying a markov model, but the rejection probability calculation models and methods have disadvantages:
(1) when the failure caused by the non-diagnosable failure is considered, due to the limitation of the model, the 4 channels are supposed to simultaneously carry out the periodic test, however, in the practical engineering application, the four channels of the reactor protection system alternately carry out the periodic test, the periodic test of one channel is carried out every T/4, the failure probability of the system under the condition that the periodic test time of each channel is alternated is smaller than that of the system when each channel simultaneously carries out the periodic test, and therefore, the accuracy of the model for simultaneously carrying out the periodic test by the 4 channels cannot be guaranteed.
(2) In the reliability block diagram and the failure tree model, due to the lack of consideration on common cause failure, the common cause failure accounts for a large proportion in the contribution of the system rejection probability, so that the accuracy of the calculation result cannot be ensured without considering the common cause failure.
(3) In addition, the calculation method and the modeling process of each company are complex, the calculation efficiency is low, and the engineering applicability is not strong.
Disclosure of Invention
The invention aims to provide a method for calculating the refusing probability of a reactor protection system for engineering application, which aims to overcome the defects in the prior art.
In order to achieve the purpose, the technical scheme adopted by the invention is as follows:
a method for calculating the action rejection probability of a reactor protection system comprises the following steps:
step 1, analyzing the channel rejection probability of one channel caused by non-diagnosable non-common cause failure;
step 2, on the basis of the step 1, under the condition that each channel of the reactor protection system is alternately subjected to periodic tests, calculating the action rejection probability caused by the simultaneous occurrence of the non-diagnosable non-common-cause failure of three or four channels of the four channels;
step 3, calculating the channel rejection probability caused by the non-common cause failure through the failure repair rate;
step 5, calculating the rejection probability of the undiagnosed common-cause failure and the diagnosable common-cause failure of the channel by analyzing the undiagnosed common-cause failure factor and the diagnosable common-cause failure factor;
and 6, adding the rejection probabilities of the parts on the basis of the step 2, the step 4 and the step 5 to obtain the rejection probability of the reactor protection system.
In step 1, the channel rejection probability expression of one channel due to the non-diagnosable non-common cause failure is as follows:
Q1(t)=λU*(1-βU)*t
wherein: beta is aUCommon factor, λ, representing a non-diagnosable failureUIndicating an unseagnostic failure rate affecting safety functions in one channel of the reactor protection system.
In the step 2, the channels alternately perform periodic tests, one channel periodic test is completed every T/4, T is the total periodic test period, the periodic tests of four channels are completed in one period, the average failure probability of the system is the same in each T/4, and in the first T/4:
the average probability of failure for the first channel is:
the average probability of failure for the fourth channel is:
the average probability of failure of the third channel is:
the average probability of failure for the second channel is:
when the rejection failure occurs in three or four channels, the redundant system rejects, so the probability that the non-diagnosable non-common cause failure causes the system rejection is as follows:
QU=QU1+QU2
wherein the content of the first and second substances,
wherein: beta is aUCommon factor, λ, representing a non-diagnosable failureUOne of the reactor protection systemsFailure rates affecting safety functions that are not diagnosable in the channel.
In step 3, the probability of channel failure due to channel failure rejection caused by non-common cause failure can be diagnosed for one channel: lambda [ alpha ]D*(1-βD)*MTTR
Wherein: beta is aDCommon factor, λ, representing diagnosable failureDIndicating the failure rate diagnosably affecting safety functions in one channel of the reactor protection system, and MTTR indicates the mean time for recovery.
In step 4, when three or four channels fail to operate, the redundant system fails to operate, so that the probability of system failure caused by non-common cause failure can be diagnosed as follows:
QD=4(λD*(1-βD)*MTTR)3+(λD*(1-βD)*MTTR)4
wherein: beta is aDCommon factor, λ, representing diagnosable failureDIndicating the failure rate diagnosably affecting safety functions in one channel of the reactor protection system, and MTTR indicates the mean time for recovery.
In the step 5, the system generates the failure probability lambda of the undiagnosed common cause of the failureU*βUT/4; the diagnosable common cause failure probability of the system is as follows: lambda [ alpha ]D*βD*MTTR
Wherein: beta is aDCommon factor, λ, representing diagnosable failureDIndicating a failure rate diagnosable in one channel of the reactor protection system affecting the safety function, MTTR indicating the mean time for recovery; beta is aUCommon factor, λ, representing a non-diagnosable failureUIndicating an unseagnostic failure rate affecting safety functions in one channel of the reactor protection system; t is the total periodic test period.
In step 6, the system action rejection probability is:
wherein: beta is aDCommon factor, λ, representing diagnosable failureDIndicating a failure rate diagnosable in one channel of the reactor protection system affecting the safety function, MTTR indicating the mean time for recovery; beta is aUCommon factor, λ, representing a non-diagnosable failureUIndicating an unseagnostic failure rate affecting safety functions in one channel of the reactor protection system; t is the total periodic test period.
The beneficial effects obtained by the invention are as follows:
the method not only fully considers the practical application of the periodic test alternately developed by the 4 channels, but also comprehensively considers the contribution of common cause failure, has simple process, greatly improves the calculation efficiency, and is suitable for engineering application. The method carries out calculation verification on the actual engineering case, the result proves that the derivation process of the method is correct, the method can completely realize the calculation of the refusing probability of the 2oo4 system architecture, the time consumption is short, and the result is accurate.
Drawings
FIG. 1 is a nuclear power plant reactor protection system shutdown protection subsystem (RTS) architecture;
FIG. 2 is a flow chart illustrating the steps of the present invention;
FIG. 3 is a schematic diagram of the non-diagnostic action rejection probability of each channel of the reactor protection system.
Detailed Description
The invention is described in detail below with reference to the figures and specific embodiments.
As shown in fig. 1, in a typical reactor protection system architecture, four channels form a two-out-of-four voting redundancy system, where each channel includes a signal input unit, a signal processing unit, and a signal output unit, and outputs of the four channels implement two-out-of-four logical voting at a shutdown breaker, that is, two normal systems in the four channels are normal. The failures affecting the safety function of each channel comprise a diagnosable failure and a non-diagnosable failure, and the failure rates of the diagnosable failure and the non-diagnosable failure are respectively expressed as lambdaD、λUFor a diagnosable failure, the failure is maintained immediately after it occurs and the mean time to repair is MTTR (mean time torepair); for the non-diagnosable failure, the failure is detected and maintained in a periodic test, the average repair time is the sum of the detection time and the actual repair time, and the actual repair time is usually far shorter than the periodic test period, so the average repair time is approximate to the detection time.
As shown in fig. 2, the method for calculating the probability of failure of the reactor protection system according to the present invention includes the following steps:
step 1, firstly, analyzing the channel movement rejection failure probability of one channel caused by non-diagnosable non-common cause failure. As shown in fig. 3, the periodic test period for each channel is T, and the periodic tests are performed for each channel alternately, and the time interval for each channel test is T/4. Curve Q in the figure1(t) is the failure probability curve for channel 1, which can be approximated as a proportional curve (λ)U*t<<1):
Wherein beta isU: indicates an unseagnostic common cause failure factor, λUIndicating an unseagnostic failure rate (per hour) affecting safety functions in one channel of one system.
And 2, on the basis of the step 1, under the condition that each channel of the reactor protection system is alternately subjected to periodic tests, calculating the action rejection probability caused by the simultaneous occurrence of the non-diagnosable non-common-cause failure of three or four channels of the four channels.
As shown in fig. 3, the channels are alternately tested periodically, one channel periodic test is completed every T/4, T is the total periodic test period, the periodic tests of four channels are completed in one period, the periodic test period of each channel is T, and after each periodic test, the detected channel is repaired as new, and the non-diagnosable failure probability is reduced to 0. As can be seen from the figure, the average failure probability of the system is the same in each T/4, and in the first T/4:
the average probability of failure for the first channel is:
the average probability of failure for the fourth channel is:
the average probability of failure of the third channel is:
the average probability of failure for the second channel is:
when the rejection failure occurs in three or four channels, the redundant system rejects, so the probability that the non-diagnosable non-common cause failure causes the system rejection is as follows:
QU=QU1+QU2
wherein the content of the first and second substances,
and 3, for diagnosable failures, immediately maintaining after the failures occur, wherein the average repair time is MTTR, and calculating the channel rejection failure probability caused by the diagnosable non-common cause failures of the channel according to the failure repair rate: lambda [ alpha ]D*(1-βD)*MTTR
Wherein beta isD: indicating a common cause of diagnosable failure.
And 4, on the basis of the step 3, when three or four channels have rejection failure, the redundant system rejects, so that the probability of system rejection caused by non-common cause failure can be diagnosed as follows:
and 5, calculating the probability of the non-diagnosable common-factor failure and the diagnosable common-factor failure of the channel rejection by analyzing the non-diagnosable common-factor failure and the diagnosable common-factor failure. The probability of the system failing to diagnose the common cause failure is as follows: lambda [ alpha ]U*βUT/4; the diagnosable common cause failure probability of the system is as follows: lambda [ alpha ]D*βD*MTTR
And 6, adding the rejection probabilities of the parts on the basis of the step 2, the step 4 and the step 5 to obtain the rejection probability of the reactor protection system:
Claims (7)
1. a method for calculating the failure probability of a reactor protection system is characterized by comprising the following steps: the method comprises the following steps:
step 1, analyzing the channel rejection probability of one channel caused by non-diagnosable non-common cause failure;
step 2, on the basis of the step 1, under the condition that each channel of the reactor protection system is alternately subjected to periodic tests, calculating the action rejection probability caused by the simultaneous occurrence of the non-diagnosable non-common-cause failure of three or four channels of the four channels;
step 3, calculating the channel rejection probability caused by the non-common cause failure through the failure repair rate;
step 4, on the basis of the step 3, calculating the rejection probability of three or four channels which simultaneously occur and can be diagnosed due to non-common cause failure;
step 5, calculating the rejection probability of the undiagnosed common cause failure and the diagnosable common cause failure of the system by analyzing the undiagnosed common cause failure factor and the diagnosable common cause failure factor;
and 6, adding the rejection probabilities of the parts on the basis of the step 2, the step 4 and the step 5 to obtain the rejection probability of the reactor protection system.
2. The method for calculating the probability of failure of the reactor protection system according to claim 1, wherein: in step 1, the channel rejection probability expression of one channel due to the non-diagnosable non-common cause failure is as follows:
Q1(t)=λU*(1-βU)*t
wherein: beta is aUCommon factor, λ, representing a non-diagnosable failureUIndicating an unseagnostic failure rate affecting safety functions in one channel of the reactor protection system.
3. The method for calculating the probability of failure of the reactor protection system according to claim 1, wherein: in the step 2, the channels alternately perform periodic tests, one channel periodic test is completed every T/4, T is the total periodic test period, the periodic tests of four channels are completed in one period, the average failure probability of the system is the same in each T/4, and in the first T/4:
the average probability of failure for the first channel is:
the average probability of failure for the fourth channel is:
the average probability of failure of the third channel is:
the average probability of failure for the second channel is:
the system rejects when three or four channels fail to reject, so the probability that the non-diagnosable non-co-causal failure causes the system rejection is:
QU=QU1+QU2
wherein the content of the first and second substances,
wherein: beta is aUCommon factor, λ, representing a non-diagnosable failureUIndicating an unseagnostic failure rate affecting safety functions in one channel of the reactor protection system.
4. The method for calculating the probability of failure of the reactor protection system according to claim 1, wherein: in step 3, the probability of channel failure due to channel failure rejection caused by non-common cause failure can be diagnosed for one channel: lambda [ alpha ]D*(1-βD)*MTTR
Wherein: beta is aDCommon factor, λ, representing diagnosable failureDIndicating the failure rate diagnosably affecting safety functions in one channel of the reactor protection system, and MTTR indicates the mean time for recovery.
5. The method for calculating the probability of failure of the reactor protection system according to claim 1, wherein: in step 4, when the three or four channels fail to operate, the system fails to operate, so that the probability of diagnosing the system failing to operate due to non-common cause failure is as follows:
QD=4(λD*(1-βD)*MTTR)3+(λD*(1-βD)*MTTR)4
wherein: beta is aDCommon factor, λ, representing diagnosable failureDIndicating the failure rate diagnosably affecting safety functions in one channel of the reactor protection system, and MTTR indicates the mean time for recovery.
6. The method for calculating the probability of failure of the reactor protection system according to claim 1, wherein: in the step 5, the failure probability lambda of the system to reject the system is determined according to the non-diagnosable common cause failureU*βUT/4; the diagnosable probability of rejection of common cause failure of the system is as follows: lambda [ alpha ]D*βD*MTTR
Wherein: beta is aDCommon factor, λ, representing diagnosable failureDIndicating a failure rate diagnosable in one channel of the reactor protection system affecting the safety function, MTTR indicating the mean time for recovery; beta is aUCommon factor, λ, representing a non-diagnosable failureUIndicating an unseagnostic failure rate affecting safety functions in one channel of the reactor protection system; t is the total periodic test period.
7. The method for calculating the probability of failure of the reactor protection system according to claim 1, wherein: in step 6, the system action rejection probability is:
wherein: beta is aDCommon factor, λ, representing diagnosable failureDMTTR Table representing the failure rates affecting safety functions diagnosable in one channel of a reactor protection systemShowing the average time for recovery; beta is aUCommon factor, λ, representing a non-diagnosable failureUIndicating an unseagnostic failure rate affecting safety functions in one channel of the reactor protection system; t is the total periodic test period.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201711189661.3A CN107992451B (en) | 2017-11-24 | 2017-11-24 | Method for calculating refusing probability of reactor protection system |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201711189661.3A CN107992451B (en) | 2017-11-24 | 2017-11-24 | Method for calculating refusing probability of reactor protection system |
Publications (2)
Publication Number | Publication Date |
---|---|
CN107992451A CN107992451A (en) | 2018-05-04 |
CN107992451B true CN107992451B (en) | 2021-04-13 |
Family
ID=62032840
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201711189661.3A Active CN107992451B (en) | 2017-11-24 | 2017-11-24 | Method for calculating refusing probability of reactor protection system |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN107992451B (en) |
Families Citing this family (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111766848B (en) * | 2020-06-29 | 2021-09-10 | 北京广利核***工程有限公司 | Method and device for verifying failure rate of subsystem in instrument control system |
Family Cites Families (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US4517154A (en) * | 1982-07-27 | 1985-05-14 | General Electric Company | Self-test subsystem for nuclear reactor protection system |
CN102426862B (en) * | 2011-11-17 | 2014-11-26 | 中广核工程有限公司 | Modeling method for reliability of reactor-shutdown protecting signal in DCS (digitizer control system) and system |
FR3044787A1 (en) * | 2015-12-03 | 2017-06-09 | Electricite De France | ESTIMATING THE RELIABILITY OF AN INDUSTRIAL SYSTEM |
CN107065716B (en) * | 2016-12-20 | 2020-05-22 | 中核控制***工程有限公司 | Digital quantity acquisition circuit with dynamic fault diagnosis capability |
-
2017
- 2017-11-24 CN CN201711189661.3A patent/CN107992451B/en active Active
Also Published As
Publication number | Publication date |
---|---|
CN107992451A (en) | 2018-05-04 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN107767025B (en) | Risk-guided analysis method for loss of coolant accident of large break of nuclear power plant | |
CN104091622B (en) | A kind of digital control system in nuclear power plant availability appraisal procedure and system | |
CN109543941A (en) | A method of nuclear power plant's accident strategy definite value is determined based on containment operating condition | |
Hellmich et al. | Markov analysis of redundant standby safety systems under periodic surveillance testing | |
CN107992451B (en) | Method for calculating refusing probability of reactor protection system | |
Lee et al. | PSA model with consideration of the effect of fault-tolerant techniques in digital I&C systems | |
Kumar et al. | Performance and cost benefit analysis of a hardware-software system considering hardware based software interaction failures and different types of recovery | |
Kang et al. | An overview of risk quantification issues for digitalized nuclear power plants using a static fault tree | |
CN104408312A (en) | Method for computing maloperation rate of nuclear power station system | |
CN105138755A (en) | Design method of fault response generator for testbed of liquid propellant rocket engine | |
Xi et al. | An accident scenario-based statistical test method for RPS in nuclear power plant | |
Ayoub et al. | Simplified/harmonized PSA: a generic modeling framework | |
JP2019191770A (en) | Failure detection device and failure detection method and failure detection program | |
Li et al. | A structure design of safety PLC with heterogeneous redundant dual-processor | |
Cao et al. | Petri nets Based Reliability Modeling of Reactor Protection System Considering Periodic Surveillance Test | |
Kim et al. | Review of Technical Issues in Reliability Analysis of Digital Instrumentation and Control Systems in Nuclear Power Plants | |
Ur et al. | Formulation and Reliability Feature Analysis of Analog, Digital and Hybrid I&C Architectures for Research Reactors | |
Hwang et al. | System and software design for the plant protection system for shin-hanul nuclear power plant units 1 and 2 | |
Budnitz | Topics in nuclear power | |
Kang et al. | Fault-tree-based risk assessment for dynamic condition changes | |
Kim et al. | Application of HuRECA analysis method to APR-1400 HRA | |
Likhanskii et al. | WWER expert system for fuel failure analysis using the RTOP-CA code | |
Yamashita et al. | Reliability analysis of digital reactor protection system | |
Becker et al. | Calculating the failure frequency of Boolean systems subject to common random shocks | |
Seo et al. | Methodology for Evaluating the Software Reliability of Digital Instrumentation and Control Systems |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |