Digital instrumentation and control systems (DICS) are used widely in nuclear power plants (NPPs), and the reliability of DICS has a direct impact on the safety level of a nuclear plant. The steam generator (SG) is a key piece of equipment within nuclear island. Keeping the water level within a reasonable range is one of the conditions to ensure the safe operation of the reactor and the steam turbine. Therefore, the steam generator level control system (SGLCS) is one of the more important subsystems of DICS in an NPP and its reliability directly affects the safe operation of a nuclear island. The Boolean Logic Driven Markov Process (BDMP) is a powerful dynamic reliability modeling method which can associate the Markov process with the leaf nodes of a fault tree, thus solving the problem that the fault tree approach is not suitable for describing the repairable model with a strong correlation of component faults and the problem of combination explosion of the Markov model. Electricite De France (EDF) developed the BDMP modelling software KB3 and its quantitative analysis software YAMS, which have been widely used in the reliability analysis of various systems in power plants and power grids.

However, as KB3 software is an internal software owned by EDF, it is limited for export and only the education version can be applied in other countries. As a result, its modelling capabilities are greatly restricted. In this research a custom scripting language was defined to describe the BDMP model, and a converter program was developed to transfer BDMP script into PRISM script, the latter is used to define the Markov model. The probabilistic model checker RPISM, which is widely used and recognized in the reliability field, was then used to carry out a quantitative analysis. The BDMP model of an SGLCS within an NPP was established and analysed using this method while at the same time, the analysis results were verified using KB3 (Version is 3.5.1) and YAMS software. Finally, the contribution of the unavailability of different parts of SGLCS to the total SGLCS is also obtained.

Defining the BDMP model

The BDMP model is mainly composed of top events, bottom events, logic gates, trigger links and logic links. According to the basic fault tree concept, the top node in the BDMP model is the root node, while the bottom nodes are leaf nodes. In the BDMP model, the trigger link is from the trigger node to the triggered node. Value, relevant pattern and required pattern are the three most important attributes of each node in the BDMP model, which together determine the dynamic behaviour of the BDMP model. The failure mechanism of each leaf node in the BDMP model is different. Leaf nodes of type f can fail only when they are in both the relevant pattern and required pattern. Leaf nodes of type i can fail only when the required pattern changes. When leaf nodes of sf type are in the relevant pattern, their required pattern and non-required pattern correspond to two different failure rates.

Steam Generator Level Control System

The steam generator level control system is composed of the steam generator feed water flow regulation system and the main feed water pump speed regulation system. The main function of the former is to adjust the feed water flow for each steam generator; the main function of the latter is to maintain the differential pressure between the feed water main and the steam main at the set value.

Each of the three SGs in nuclear plants with three loops has an independent steam generator feed water flow regulation system, which controls the feed water flow by controlling the opening of the main feed water regulating valve and bypass feed water regulating valve installed on the inlet side of the steam generator. Finally, to achieve the purpose of controlling the water level of the SG, at the same time, there is a public part within the feed water flow control of the three SGs. The main function of the public part is to obtain the load signal of the SG and to select the highest temperature among the main feed water temperatures of the three SGs to obtain the water level control gain to improve stability under low load.

Main feed water pump speed regulation

The main function of the main feed water pump speed regulation system is to maintain the differential pressure between the steam main and feed water main at a preset value, which increases with the increase in load. The system input signal is the main steam flow signal and the mismatch signal of the main steam main and main feed water main differential pressure signal, and the output is the pump speed setting value. The feed water system of the nuclear power generation unit is equipped with three electric water feed pumps for each unit, and the actual pressure drop between the feed water main and the steam main is measured by three differential pressure gauges.

Failure analysis of steam generator controls

The BDMP model file described by the defined script language is input into the conversion program, and that obtains the equivalent Markov model described in the PRISM script language through the conversion program. Finally, the PRISM software is used to perform a quantitative analysis. The results are then compared with the analysis results of EDF’s KB3 and YAMS (due to the limitation of the KB3 modelling node, the YAMS calculation result is taken as the sum of the three parts of the steam generator water level control system) to verify the correctness of the proposed method.

The YAMS analysis result is 1.45176E- 3, and the PRISM analysis result is 1.42581E-3. Taking the YAMS analysis result as the reference value, and the error is about 1.7% of the reference value.

The unavailability rate of the feed water flow regulation system (independent part) accounts for about 73.8% of the unavailability rate of the entire SGLCS, and the unavailability rate of feed water flow regulation system (common part) accounts for about 24.4%, and the main feed water speed regulation system is less than 2.0%. The results show that the failure of the feed water flow regulation system is the main cause of the failure of SGLCS in NPPs.

Improving steam generator control reliability

A new method for dynamic reliability modelling and quantitative analysis of DICS based on BDMP and PRISM is proposed as a way of solving the problems of large model scale and combined explosion in traditional dynamic reliability analysis methods.

In this case, BDMP is first applied to the complex control system of an actual nuclear power plant. Firstly, the proposed method was used to analyse the availability of SGLCS in an actual NPP. Then, the proposed method was compared with the results obtained by commercial BDMP modelling and quantitative analysis software KB3 and YAMS. The relative deviation of the proposed method is less than 2%, which verifies the effectiveness of the method. The final calculation results show that without regular inspection, the unavailability rate of SGLCS is about 1.4E-3, among which the failure of the feed water flow regulation system (independent part) contributes the most to the unavailability rate of the system. In actual operation and maintenance, targeted strategies can thus be adopted to improve the reliability of the system. The method proposed in this paper makes the reliability modelling and quantitative analysis method of complex dynamic system feasible for popular use in engineering and provides direction and reference values for reliability management and equipment maintenance of SGLCS in nuclear power plants.

This article first appeared in Nuclear Engineering International magazine.