CN107992451B - Method for calculating refusing probability of reactor protection system - Google Patents

Method for calculating refusing probability of reactor protection system Download PDF

Info

Publication number
CN107992451B
CN107992451B CN201711189661.3A CN201711189661A CN107992451B CN 107992451 B CN107992451 B CN 107992451B CN 201711189661 A CN201711189661 A CN 201711189661A CN 107992451 B CN107992451 B CN 107992451B
Authority
CN
China
Prior art keywords
failure
probability
channel
diagnosable
protection system
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201711189661.3A
Other languages
Chinese (zh)
Other versions
CN107992451A (en
Inventor
唐庆
马刚
邓涛
孙武
余冠华
杨光
冯行
卢荣翠
马书丽
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Nuclear Control System Engineering Co ltd
Original Assignee
China Nuclear Control System Engineering Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Nuclear Control System Engineering Co ltd filed Critical China Nuclear Control System Engineering Co ltd
Priority to CN201711189661.3A priority Critical patent/CN107992451B/en
Publication of CN107992451A publication Critical patent/CN107992451A/en
Application granted granted Critical
Publication of CN107992451B publication Critical patent/CN107992451B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F17/00Digital computing or data processing equipment or methods, specially adapted for specific functions
    • G06F17/10Complex mathematical operations
    • G06F17/18Complex mathematical operations for evaluating statistical data, e.g. average values, frequency distributions, probability functions, regression analysis

Landscapes

  • Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • Data Mining & Analysis (AREA)
  • General Physics & Mathematics (AREA)
  • Mathematical Optimization (AREA)
  • Pure & Applied Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Mathematical Physics (AREA)
  • Computational Mathematics (AREA)
  • Mathematical Analysis (AREA)
  • Life Sciences & Earth Sciences (AREA)
  • Operations Research (AREA)
  • Probability & Statistics with Applications (AREA)
  • Bioinformatics & Cheminformatics (AREA)
  • Algebra (AREA)
  • Evolutionary Biology (AREA)
  • Databases & Information Systems (AREA)
  • Software Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Bioinformatics & Computational Biology (AREA)
  • Monitoring And Testing Of Nuclear Reactors (AREA)
  • Testing And Monitoring For Control Systems (AREA)

Abstract

The invention belongs to the technical field of probability safety analysis of nuclear power safety level instrument control systems, and particularly relates to a method for calculating the motion rejection probability of a reactor protection system. The method comprises the following steps: analyzing the channel rejection probability of one channel caused by the non-diagnosable non-common cause fault; under the condition that each channel of the reactor protection system alternately carries out periodic tests, the action rejection probability caused by the simultaneous occurrence of the non-diagnosable non-common-cause fault of three or four channels in the four channels is calculated; calculating the channel refusing probability caused by the non-common cause fault which can be diagnosed by the channel according to the fault repairing rate; calculating the action rejection probability caused by the simultaneous occurrence of three or four channels and the diagnosable non-common cause fault; calculating the rejection probability of the undistorted common-cause failure and the diagnosable rejection probability of the common-cause failure of the channel by analyzing the undistorted common-cause failure factor and the diagnosable common-cause failure factor; and adding the motion rejection probabilities of all the parts to obtain the motion rejection probability of the reactor protection system. The invention improves the calculation efficiency.

Description

Method for calculating refusing probability of reactor protection system
Technical Field
The invention belongs to the technical field of probability safety analysis of nuclear power safety level instrument control systems, and particularly relates to a method for calculating the motion rejection probability of a reactor protection system.
Background
The action refusing probability refers to the probability that the safety level instrument control system refuses to execute the safety function due to random failure of the safety level instrument control system under the condition that the field working condition is abnormal and the system action needs to be protected, namely the system action refusing is caused by the failure condition of the parts of the safety level instrument control system. The reactor protection system mainly has the functions of protecting the integrity of three nuclear safety barriers, namely a fuel cladding, a primary circuit pressure boundary and a containment vessel, when operation parameters reach a threshold value which endangers the integrity of the three nuclear safety barriers, the protection system acts to trigger emergency shutdown of the reactor and start special safety facilities, when the protection system refuses to operate, the emergency shutdown cannot be started, serious accidents such as damage to a reactor core and release of radioactive substances into the environment can be caused, and finally, public safety is endangered.
GB/T4083 and 2005 'safety criterion of reactor protection system' definitely put forward the quantitative requirement of the probability of refusing action of a safety level instrument control system. However, this standard does not provide a general calculation method for the rejection probability, and a consistent method is not formed in the industry, so currently, mainstream nuclear power instrumentation and control suppliers independently derive a system rejection probability calculation method based on a reliability theory and combined with practical experience, for example, mitsubishi company calculates the rejection probability by applying a reliability block diagram theory, westinghouse company and AREVA company derive a rejection probability calculation model and formula by applying a failure tree theory, and Invensys derives the rejection probability by applying a markov model, but the rejection probability calculation models and methods have disadvantages:
(1) when the failure caused by the non-diagnosable failure is considered, due to the limitation of the model, the 4 channels are supposed to simultaneously carry out the periodic test, however, in the practical engineering application, the four channels of the reactor protection system alternately carry out the periodic test, the periodic test of one channel is carried out every T/4, the failure probability of the system under the condition that the periodic test time of each channel is alternated is smaller than that of the system when each channel simultaneously carries out the periodic test, and therefore, the accuracy of the model for simultaneously carrying out the periodic test by the 4 channels cannot be guaranteed.
(2) In the reliability block diagram and the failure tree model, due to the lack of consideration on common cause failure, the common cause failure accounts for a large proportion in the contribution of the system rejection probability, so that the accuracy of the calculation result cannot be ensured without considering the common cause failure.
(3) In addition, the calculation method and the modeling process of each company are complex, the calculation efficiency is low, and the engineering applicability is not strong.
Disclosure of Invention
The invention aims to provide a method for calculating the refusing probability of a reactor protection system for engineering application, which aims to overcome the defects in the prior art.
In order to achieve the purpose, the technical scheme adopted by the invention is as follows:
a method for calculating the action rejection probability of a reactor protection system comprises the following steps:
step 1, analyzing the channel rejection probability of one channel caused by non-diagnosable non-common cause failure;
step 2, on the basis of the step 1, under the condition that each channel of the reactor protection system is alternately subjected to periodic tests, calculating the action rejection probability caused by the simultaneous occurrence of the non-diagnosable non-common-cause failure of three or four channels of the four channels;
step 3, calculating the channel rejection probability caused by the non-common cause failure through the failure repair rate;
step 4, on the basis of the step 3, calculating the rejection probability of three or four channels which simultaneously occur and can be diagnosed due to non-common cause failure;
step 5, calculating the rejection probability of the undiagnosed common-cause failure and the diagnosable common-cause failure of the channel by analyzing the undiagnosed common-cause failure factor and the diagnosable common-cause failure factor;
and 6, adding the rejection probabilities of the parts on the basis of the step 2, the step 4 and the step 5 to obtain the rejection probability of the reactor protection system.
In step 1, the channel rejection probability expression of one channel due to the non-diagnosable non-common cause failure is as follows:
Q1(t)=λU*(1-βU)*t
wherein: beta is aUCommon factor, λ, representing a non-diagnosable failureUIndicating an unseagnostic failure rate affecting safety functions in one channel of the reactor protection system.
In the step 2, the channels alternately perform periodic tests, one channel periodic test is completed every T/4, T is the total periodic test period, the periodic tests of four channels are completed in one period, the average failure probability of the system is the same in each T/4, and in the first T/4:
the average probability of failure for the first channel is:
Figure GDA0002889920540000031
the average probability of failure for the fourth channel is:
Figure GDA0002889920540000032
the average probability of failure of the third channel is:
Figure GDA0002889920540000033
the average probability of failure for the second channel is:
Figure GDA0002889920540000034
when the rejection failure occurs in three or four channels, the redundant system rejects, so the probability that the non-diagnosable non-common cause failure causes the system rejection is as follows:
QU=QU1+QU2
wherein the content of the first and second substances,
Figure GDA0002889920540000041
Figure GDA0002889920540000042
wherein: beta is aUCommon factor, λ, representing a non-diagnosable failureUOne of the reactor protection systemsFailure rates affecting safety functions that are not diagnosable in the channel.
In step 3, the probability of channel failure due to channel failure rejection caused by non-common cause failure can be diagnosed for one channel: lambda [ alpha ]D*(1-βD)*MTTR
Wherein: beta is aDCommon factor, λ, representing diagnosable failureDIndicating the failure rate diagnosably affecting safety functions in one channel of the reactor protection system, and MTTR indicates the mean time for recovery.
In step 4, when three or four channels fail to operate, the redundant system fails to operate, so that the probability of system failure caused by non-common cause failure can be diagnosed as follows:
QD=4(λD*(1-βD)*MTTR)3+(λD*(1-βD)*MTTR)4
wherein: beta is aDCommon factor, λ, representing diagnosable failureDIndicating the failure rate diagnosably affecting safety functions in one channel of the reactor protection system, and MTTR indicates the mean time for recovery.
In the step 5, the system generates the failure probability lambda of the undiagnosed common cause of the failureUUT/4; the diagnosable common cause failure probability of the system is as follows: lambda [ alpha ]DD*MTTR
Wherein: beta is aDCommon factor, λ, representing diagnosable failureDIndicating a failure rate diagnosable in one channel of the reactor protection system affecting the safety function, MTTR indicating the mean time for recovery; beta is aUCommon factor, λ, representing a non-diagnosable failureUIndicating an unseagnostic failure rate affecting safety functions in one channel of the reactor protection system; t is the total periodic test period.
In step 6, the system action rejection probability is:
Figure GDA0002889920540000051
wherein: beta is aDCommon factor, λ, representing diagnosable failureDIndicating a failure rate diagnosable in one channel of the reactor protection system affecting the safety function, MTTR indicating the mean time for recovery; beta is aUCommon factor, λ, representing a non-diagnosable failureUIndicating an unseagnostic failure rate affecting safety functions in one channel of the reactor protection system; t is the total periodic test period.
The beneficial effects obtained by the invention are as follows:
the method not only fully considers the practical application of the periodic test alternately developed by the 4 channels, but also comprehensively considers the contribution of common cause failure, has simple process, greatly improves the calculation efficiency, and is suitable for engineering application. The method carries out calculation verification on the actual engineering case, the result proves that the derivation process of the method is correct, the method can completely realize the calculation of the refusing probability of the 2oo4 system architecture, the time consumption is short, and the result is accurate.
Drawings
FIG. 1 is a nuclear power plant reactor protection system shutdown protection subsystem (RTS) architecture;
FIG. 2 is a flow chart illustrating the steps of the present invention;
FIG. 3 is a schematic diagram of the non-diagnostic action rejection probability of each channel of the reactor protection system.
Detailed Description
The invention is described in detail below with reference to the figures and specific embodiments.
As shown in fig. 1, in a typical reactor protection system architecture, four channels form a two-out-of-four voting redundancy system, where each channel includes a signal input unit, a signal processing unit, and a signal output unit, and outputs of the four channels implement two-out-of-four logical voting at a shutdown breaker, that is, two normal systems in the four channels are normal. The failures affecting the safety function of each channel comprise a diagnosable failure and a non-diagnosable failure, and the failure rates of the diagnosable failure and the non-diagnosable failure are respectively expressed as lambdaD、λUFor a diagnosable failure, the failure is maintained immediately after it occurs and the mean time to repair is MTTR (mean time torepair); for the non-diagnosable failure, the failure is detected and maintained in a periodic test, the average repair time is the sum of the detection time and the actual repair time, and the actual repair time is usually far shorter than the periodic test period, so the average repair time is approximate to the detection time.
As shown in fig. 2, the method for calculating the probability of failure of the reactor protection system according to the present invention includes the following steps:
step 1, firstly, analyzing the channel movement rejection failure probability of one channel caused by non-diagnosable non-common cause failure. As shown in fig. 3, the periodic test period for each channel is T, and the periodic tests are performed for each channel alternately, and the time interval for each channel test is T/4. Curve Q in the figure1(t) is the failure probability curve for channel 1, which can be approximated as a proportional curve (λ)U*t<<1):
Figure GDA0002889920540000061
Wherein beta isU: indicates an unseagnostic common cause failure factor, λUIndicating an unseagnostic failure rate (per hour) affecting safety functions in one channel of one system.
And 2, on the basis of the step 1, under the condition that each channel of the reactor protection system is alternately subjected to periodic tests, calculating the action rejection probability caused by the simultaneous occurrence of the non-diagnosable non-common-cause failure of three or four channels of the four channels.
As shown in fig. 3, the channels are alternately tested periodically, one channel periodic test is completed every T/4, T is the total periodic test period, the periodic tests of four channels are completed in one period, the periodic test period of each channel is T, and after each periodic test, the detected channel is repaired as new, and the non-diagnosable failure probability is reduced to 0. As can be seen from the figure, the average failure probability of the system is the same in each T/4, and in the first T/4:
the average probability of failure for the first channel is:
Figure GDA0002889920540000071
the average probability of failure for the fourth channel is:
Figure GDA0002889920540000072
the average probability of failure of the third channel is:
Figure GDA0002889920540000073
the average probability of failure for the second channel is:
Figure GDA0002889920540000074
when the rejection failure occurs in three or four channels, the redundant system rejects, so the probability that the non-diagnosable non-common cause failure causes the system rejection is as follows:
QU=QU1+QU2
wherein the content of the first and second substances,
Figure GDA0002889920540000075
Figure GDA0002889920540000076
and 3, for diagnosable failures, immediately maintaining after the failures occur, wherein the average repair time is MTTR, and calculating the channel rejection failure probability caused by the diagnosable non-common cause failures of the channel according to the failure repair rate: lambda [ alpha ]D*(1-βD)*MTTR
Wherein beta isD: indicating a common cause of diagnosable failure.
And 4, on the basis of the step 3, when three or four channels have rejection failure, the redundant system rejects, so that the probability of system rejection caused by non-common cause failure can be diagnosed as follows:
Figure GDA0002889920540000081
and 5, calculating the probability of the non-diagnosable common-factor failure and the diagnosable common-factor failure of the channel rejection by analyzing the non-diagnosable common-factor failure and the diagnosable common-factor failure. The probability of the system failing to diagnose the common cause failure is as follows: lambda [ alpha ]UUT/4; the diagnosable common cause failure probability of the system is as follows: lambda [ alpha ]DD*MTTR
And 6, adding the rejection probabilities of the parts on the basis of the step 2, the step 4 and the step 5 to obtain the rejection probability of the reactor protection system:
Figure GDA0002889920540000082

Claims (7)

1. a method for calculating the failure probability of a reactor protection system is characterized by comprising the following steps: the method comprises the following steps:
step 1, analyzing the channel rejection probability of one channel caused by non-diagnosable non-common cause failure;
step 2, on the basis of the step 1, under the condition that each channel of the reactor protection system is alternately subjected to periodic tests, calculating the action rejection probability caused by the simultaneous occurrence of the non-diagnosable non-common-cause failure of three or four channels of the four channels;
step 3, calculating the channel rejection probability caused by the non-common cause failure through the failure repair rate;
step 4, on the basis of the step 3, calculating the rejection probability of three or four channels which simultaneously occur and can be diagnosed due to non-common cause failure;
step 5, calculating the rejection probability of the undiagnosed common cause failure and the diagnosable common cause failure of the system by analyzing the undiagnosed common cause failure factor and the diagnosable common cause failure factor;
and 6, adding the rejection probabilities of the parts on the basis of the step 2, the step 4 and the step 5 to obtain the rejection probability of the reactor protection system.
2. The method for calculating the probability of failure of the reactor protection system according to claim 1, wherein: in step 1, the channel rejection probability expression of one channel due to the non-diagnosable non-common cause failure is as follows:
Q1(t)=λU*(1-βU)*t
wherein: beta is aUCommon factor, λ, representing a non-diagnosable failureUIndicating an unseagnostic failure rate affecting safety functions in one channel of the reactor protection system.
3. The method for calculating the probability of failure of the reactor protection system according to claim 1, wherein: in the step 2, the channels alternately perform periodic tests, one channel periodic test is completed every T/4, T is the total periodic test period, the periodic tests of four channels are completed in one period, the average failure probability of the system is the same in each T/4, and in the first T/4:
the average probability of failure for the first channel is:
Figure FDA0002889920530000021
the average probability of failure for the fourth channel is:
Figure FDA0002889920530000022
the average probability of failure of the third channel is:
Figure FDA0002889920530000023
the average probability of failure for the second channel is:
Figure FDA0002889920530000024
the system rejects when three or four channels fail to reject, so the probability that the non-diagnosable non-co-causal failure causes the system rejection is:
QU=QU1+QU2
wherein the content of the first and second substances,
Figure FDA0002889920530000025
Figure FDA0002889920530000026
wherein: beta is aUCommon factor, λ, representing a non-diagnosable failureUIndicating an unseagnostic failure rate affecting safety functions in one channel of the reactor protection system.
4. The method for calculating the probability of failure of the reactor protection system according to claim 1, wherein: in step 3, the probability of channel failure due to channel failure rejection caused by non-common cause failure can be diagnosed for one channel: lambda [ alpha ]D*(1-βD)*MTTR
Wherein: beta is aDCommon factor, λ, representing diagnosable failureDIndicating the failure rate diagnosably affecting safety functions in one channel of the reactor protection system, and MTTR indicates the mean time for recovery.
5. The method for calculating the probability of failure of the reactor protection system according to claim 1, wherein: in step 4, when the three or four channels fail to operate, the system fails to operate, so that the probability of diagnosing the system failing to operate due to non-common cause failure is as follows:
QD=4(λD*(1-βD)*MTTR)3+(λD*(1-βD)*MTTR)4
wherein: beta is aDCommon factor, λ, representing diagnosable failureDIndicating the failure rate diagnosably affecting safety functions in one channel of the reactor protection system, and MTTR indicates the mean time for recovery.
6. The method for calculating the probability of failure of the reactor protection system according to claim 1, wherein: in the step 5, the failure probability lambda of the system to reject the system is determined according to the non-diagnosable common cause failureUUT/4; the diagnosable probability of rejection of common cause failure of the system is as follows: lambda [ alpha ]DD*MTTR
Wherein: beta is aDCommon factor, λ, representing diagnosable failureDIndicating a failure rate diagnosable in one channel of the reactor protection system affecting the safety function, MTTR indicating the mean time for recovery; beta is aUCommon factor, λ, representing a non-diagnosable failureUIndicating an unseagnostic failure rate affecting safety functions in one channel of the reactor protection system; t is the total periodic test period.
7. The method for calculating the probability of failure of the reactor protection system according to claim 1, wherein: in step 6, the system action rejection probability is:
Figure FDA0002889920530000041
wherein: beta is aDCommon factor, λ, representing diagnosable failureDMTTR Table representing the failure rates affecting safety functions diagnosable in one channel of a reactor protection systemShowing the average time for recovery; beta is aUCommon factor, λ, representing a non-diagnosable failureUIndicating an unseagnostic failure rate affecting safety functions in one channel of the reactor protection system; t is the total periodic test period.
CN201711189661.3A 2017-11-24 2017-11-24 Method for calculating refusing probability of reactor protection system Active CN107992451B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201711189661.3A CN107992451B (en) 2017-11-24 2017-11-24 Method for calculating refusing probability of reactor protection system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201711189661.3A CN107992451B (en) 2017-11-24 2017-11-24 Method for calculating refusing probability of reactor protection system

Publications (2)

Publication Number Publication Date
CN107992451A CN107992451A (en) 2018-05-04
CN107992451B true CN107992451B (en) 2021-04-13

Family

ID=62032840

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201711189661.3A Active CN107992451B (en) 2017-11-24 2017-11-24 Method for calculating refusing probability of reactor protection system

Country Status (1)

Country Link
CN (1) CN107992451B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111766848B (en) * 2020-06-29 2021-09-10 北京广利核***工程有限公司 Method and device for verifying failure rate of subsystem in instrument control system

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4517154A (en) * 1982-07-27 1985-05-14 General Electric Company Self-test subsystem for nuclear reactor protection system
CN102426862B (en) * 2011-11-17 2014-11-26 中广核工程有限公司 Modeling method for reliability of reactor-shutdown protecting signal in DCS (digitizer control system) and system
FR3044787A1 (en) * 2015-12-03 2017-06-09 Electricite De France ESTIMATING THE RELIABILITY OF AN INDUSTRIAL SYSTEM
CN107065716B (en) * 2016-12-20 2020-05-22 中核控制***工程有限公司 Digital quantity acquisition circuit with dynamic fault diagnosis capability

Also Published As

Publication number Publication date
CN107992451A (en) 2018-05-04

Similar Documents

Publication Publication Date Title
CN107767025B (en) Risk-guided analysis method for loss of coolant accident of large break of nuclear power plant
CN104091622B (en) A kind of digital control system in nuclear power plant availability appraisal procedure and system
CN109543941A (en) A method of nuclear power plant's accident strategy definite value is determined based on containment operating condition
Hellmich et al. Markov analysis of redundant standby safety systems under periodic surveillance testing
CN107992451B (en) Method for calculating refusing probability of reactor protection system
Lee et al. PSA model with consideration of the effect of fault-tolerant techniques in digital I&C systems
Kumar et al. Performance and cost benefit analysis of a hardware-software system considering hardware based software interaction failures and different types of recovery
Kang et al. An overview of risk quantification issues for digitalized nuclear power plants using a static fault tree
CN104408312A (en) Method for computing maloperation rate of nuclear power station system
CN105138755A (en) Design method of fault response generator for testbed of liquid propellant rocket engine
Xi et al. An accident scenario-based statistical test method for RPS in nuclear power plant
Ayoub et al. Simplified/harmonized PSA: a generic modeling framework
JP2019191770A (en) Failure detection device and failure detection method and failure detection program
Li et al. A structure design of safety PLC with heterogeneous redundant dual-processor
Cao et al. Petri nets Based Reliability Modeling of Reactor Protection System Considering Periodic Surveillance Test
Kim et al. Review of Technical Issues in Reliability Analysis of Digital Instrumentation and Control Systems in Nuclear Power Plants
Ur et al. Formulation and Reliability Feature Analysis of Analog, Digital and Hybrid I&C Architectures for Research Reactors
Hwang et al. System and software design for the plant protection system for shin-hanul nuclear power plant units 1 and 2
Budnitz Topics in nuclear power
Kang et al. Fault-tree-based risk assessment for dynamic condition changes
Kim et al. Application of HuRECA analysis method to APR-1400 HRA
Likhanskii et al. WWER expert system for fuel failure analysis using the RTOP-CA code
Yamashita et al. Reliability analysis of digital reactor protection system
Becker et al. Calculating the failure frequency of Boolean systems subject to common random shocks
Seo et al. Methodology for Evaluating the Software Reliability of Digital Instrumentation and Control Systems

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant