Open access peer-reviewed chapter - ONLINE FIRST

Reliability Analysis of Instrumentation and Control System: A Case Study of Nuclear Power Plant

By Mohan Rao Mamdikar, Vinay Kumar and Pooja Singh

Submitted: September 2nd 2021Reviewed: October 6th 2021Published: November 30th 2021

DOI: 10.5772/intechopen.101099

Downloaded: 27


Instrumentation and control system (I&Cs) plays a key role in nuclear power plants (NPP) whose failure may cause the major issue in a form of accidents, hazardous radiations, and environmental loss. That is why importantly ensure the reliability of such system in NPP. In this proposed method, we effectively analyze the reliability of the instrumentation and control system. An isolation condenser system of nuclear power plant is taken as a case study to show the analysis. The methodology includes the dynamic behavior of the system using Petri net. The proposed method is validated on operation data of NPP.


  • reliability
  • control system
  • nuclear power plant
  • isolation condenser system

1. Introduction

Instrumentation and control system (I&C) plays a vital role in the field of the nuclear industry. Nowadays I&C systems are embedded into the nuclear power plant (NPP) operation and reliability. Each component of NPP, such as transformers, valves, circuit breakers, heat exchangers. is equipped with digital I&C system whose reliability plays a vital role to avoid any accidents. Because these components are safety-critical systems (SCS) whose failure may cause huge losses in the form of economic loss, human resource damage, and environmental loss. As instrumentation and control systems are the important and first layer of safety, reliability, and stability in the NPP [1] that is the reason, it is essential to ensure the reliability of such a safety system. With, the introduction of digital control systems in the last few decades where the reliability of digital I&C must not be degraded. Therefore, researchers are rigorously working to address the dependability of the system. The dependability includes reliability, safety analysis, performance, and availability attributes that are ultimately related to security. The model checking may be used to various issues, which can lead to spurious actuation of the I&C system [2]. The transformation from analog to digital I&C safety systems added new challenges for researchers as well as software developers to deliver correct software reliability [3]. Based on this software experts could take essential steps early in the design phase of software by avoiding failures in I&C of NPP. The cyberattack occurred in the I&C system in the Iranian Bushehr nuclear power plant, where configure was destroyed by malicious code [4]. Therefore, it is essential to I&C systems required having secure and reliable to avoid any kind of attacks causing major accidents. Many researchers have put efforts to address the reliability analysis on such systems using various techniques, such as fault tree analysis (FTA), reliability block diagram (RBD), Bayesian network, etc.

This work proposes the reliability analysis of instrumentation and control system (I&C) of NPP using stochastic Petri net (SPN).

The organization of this paper is as follows. In Section 2, our focus is on the related work of the proposed work. In Section 3, we discuss the background and mathematical fundamentals. In Section 4, proposes the framework of the proposed method. In Section 5, the case study of the proposed work. In Section 6, reliability analysis of the proposed work. In Section 7, the validation part is covered. In Section 8, the conclusion is made with future work.


2. Related work

Zeller et al. [5] proposed a combined approach of Markov chain and component fault tree to analyze the complex software-controlled system in the automotive domain. The authors have addressed safety and reliability in modular form. However, authors have missed to validate the result and failed to express reliability accuracy in percentage.

Nidhin et al. [6] presented a survey for understanding radiation effects in SRAM-based FPGAs for implementing I&C of NPP. Authors have found that for implementing NPP with I&C in SRAM-based FPGAs, the effect of radiation issue is a major concern. To reduce radiation-related issues some components, which have SRAM-based FPGAs, must keep outside of reactor containment building (RCB). However, the authors have failed to discuss the case study.

Jia et al. [7] proposed an approach for the identification of vulnerabilities present in elements that affect the reliability of digital instrumentation and control system (DI&C) software life cycle using Bayesian network. A reliability demonstration of safety-critical software (RDSS) integrates the claim-argument-evidence (CAE) and sensitivity to estimate the reliability of the system. However, there is a limitation with BN that has no time constraints and dynamic property. Authors have missed addressing the reliability with validation from the real-time dataset.

Rejzek and Hilbes [8] proposed system-theoretic process analysis (STPA) for design verification and risk analysis of digital I&C of NPP. This method is considered as a prominent approach for analysis of the I&C system theoretically as the authors claim. However, the authors are not very much sure, that method correct result.

Torkey et al. [9] proposed a reliability improvement framework of the digital reactor protection system by transforming reliability block diagram to Bayesian belief network (BBN). The proposed method gives the highest availability as a result and found some modules are riskier than others of I&C. However, authors claim that it gives the highest availability but missed to validate the result with real-time data.

Kumar et al. [3] proposed a framework for predicting the reliability of the safety-critical and control system using the Bayesian update methodology. The authors have validated the result with real-time data of 12 safety-critical control systems of NPP. However, the result obtained is purely based on the failure data, if failure data is unavailable then it is difficult to predict the reliability.

Mamdikar et al. [10] devise a framework for reliability analysis, performance analysis that maps unified modified language (UML) to Petri net. The proposed framework is validated with 32 safety-critical systems of NPP. However, Petri net has a state space explosion problem as a system grows gradually, so it is not a generalized approach.

Nayak et al. [11] proposed a methodology called assessment of passive system reliability (APSRA) is used to estimate the reliability of the passive isolation condenser system of the Indian advanced heavy water reactor (AHWR). In this methodology, reliability is estimated through PSA treatment using generic data of the component. A classical fault tree analysis is used to find the root cause of the critical parameter, which leads to failure. However, the authors have failed to validate the result.

Kumar et al. [12] proposed a safety analysis framework that maps UML into the state-space model as Petri net of the safety-critical system of NPP. In this methodology, the result is validated on 29 different safety-critical systems of NPP. However, the authors have used Petri net that has a state space explosion problem.

Tripathi et al. [13] proposed a noble methodology dynamic reliability analysis of the passive decay heat removal system of NPP using Petri net. The authors have validated the estimated reliability based on the data available using fault tree analysis. Most of the system does not have such type data, and then it is difficult to validate the result with missing failure data. Therefore, this methodology may not applicable for every safety-critical system of NPP.

Buzhinsky and Pakonen [14] proposed an automated symmetry breaking approach for checking failure tolerance of I&C system. With this method a fewer failure combination has to be checked. The complex structure paired with various specifications has to be checked under failure assumptions, which is the limitation of this work.

Singh et al. [15] proposed a system modeling strategy for design verification of I&C of nuclear power plant using Petri net and converting PN into Markov chain. In this approach, verification is validated on real-time data. However, Petri net has a state-space explosion problem, in such circumstances, it is difficult to handle complex systems, which is the limitation of the work.

Xi et al. [16] proposed a test strategy based on the random selection of logic path by which provides reliability estimation and is used for control system testing in digital control software systems in the NPP. However, the authors have not been addressed and validated the reliability evaluation.

Bao et al. [17] proposed hazard analysis for identifying common cause failure of digital I&C using redundancy guided system in NPP. To conduct using redundancy guided systems, theoretic hazard analysis a modularized approach was applied. This method is helpful to remove casual effects of potential single points of failure that exist in I&C. However, authors have missed addressing the reliability analysis using this methodology in NPP.

Gupta et al. [1] proposed a method for stability analysis and steady-state analysis of the safety system of NPP using Petri net. The stability and steady-state were estimated and validated, however, authors have missed estimating reliability. The authors have to correlate stability with reliability. Further, this methodology is applicable only for discrete-time systems.


3. Background and mathematical fundamentals

This section consists of background and mathematical fundamentals to carry out reliability analysis of instrumentation and control system: a case study of nuclear power plant.

3.1 Petri net

A Petri net (PN) is mathematically defined 5-tuple PN=PTFWM0where Pthe finite is set places, Tis a finite set of transitions, Fis a finite set of arcs also referred to as flow relation, i.e., FP×TT×P, the weight function, and M0is the initial marking M0:P0123.. PT=and PT. If the Petri net does not have an initial marking, it is denoted as N=PTFWwith an initial marking denoted by NM0. A simple example of the PN is shown in Figure 1.

The marking changes in the Petri net as per the transition firing are as follows:

  1. A transition in the enable mode when each input place of pof tis marked with at least wpttokens.

  2. An enabled transition is not necessarily fired.

  3. A firing of enabled transition removes tokens from the input place and deposited in the output place.

3.2 Stochastic Petri net

A stochastic Petri net (SPN) is the extension of Petri net. In SPN, each transition is associated with a time delay that is an exponentially distributed random variable that expresses delay denoted bySPN=PTFWM0.

3.3 Reachability

Reachability is the fundamental study of the dynamic property of the system. A marking Mnis said to be reachable from another marking M1if there exists a firing sequence that transforms Mnto M1such that=M1t0M2t1M3.tnMn.

3.4 Reachability graph and Markov chain (MC)

A marking Mis reachable from the initial marking M0if there exists a firing that brings back from the initial state of PN to a state that corresponds to M0.

The Markov chain (MC) is the Markov process with discrete state space. The MC is obtained from the reachability graph of the SPN. Let SPN be the reversible, i.e., M0RMifor every Miin RM0, then the SPN generates an ergodic continuous time Markov chain (CTMC) and it is possible to compute the steady-state probability distribution by solving the following (Eq. (1)) and (Eq. (2)).


Where, πiis the probability being in the state Miand =π1π2πs.


4. Framework of the proposed method

The proposed framework has six steps shown in Figure 2. Step 1—based on the system requirement we model the stochastic Petri net.

Figure 1.

Simple Petri net.

In step 2—by executing the PN model, we generate possible tangible states. Based on the tangible states, we construct the reachability graph in step 3. In step 4—obtained Markov chain form reachability, the graph of SPN. In step 5, we estimate the reliability of the ISO system. In step 6, we validate the result with real-time operation data of NPP.


5. Case study: Isolation condenser system (ISO)

The isolation condenser system simply referred to as ISO is a standby high-pressure system that removes residual and decay heat from the reactor vessel in the event of a scram signal in which the reactor becomes isolated from the main condenser, or if any other high-pressure condition exists. The schematic diagram is shown in Figure 3. The ISO system transfers residual and decays heat from the reactor coolant to the water in the shell side of the isolation condenser resulting in steam generation (SG). The steam generated in the shell side of the isolation condenser is then vented to the outside atmosphere. During the normal operation, the ISO system is in standby mode. During the standby mode, the steam isolation valves (VS1 and VS2) are open because the condenser tube bundles are at the reactor pressure. The condensate is built in the condenser and condensate by returning pipe. The condensate is stopped from a return back to the reactor by closing the condensate return valve (VC2). The condensate valve (VC1) is open at the stand-by condition and vent valves (VV) at main steam lines normally open to vent noncondensable gases from ISO. The makeup water must be provided to prevent uncovering the condenser tubes that are the combination of firewater and condensate using makeup water valve (VW) normally closed at standby mode. The water inventory on the shell side of the condenser will provide heat removal for between 20 and 90 minutes depending on the plant design, at which time makeup water must be provided to prevent uncovering the condenser tubes. On the shell side of the condenser, the water inventory will be provided for the heat removal between 20 to 90 minutes. At which time water makeup has to be provided to prevent uncovering the condenser system tubes (Figure 3).

Figure 2.

Proposed framework of the system.

Figure 3.

Schematic diagram of isolation condenser system.

The ISO system may be initiated manually, or automatically initiated on high reactor pressure or low reactor pressure. On the initiation of ISO, one of the condensate return valves (VC2) opens and the vent valve (VV) gets closed. The steam flows from the reactor vessel to steam isolation valves (VS1 and VS2). The steam gets condensed in condenser tube bundles and condensed steam returns to the reactor vessel (VC2 and VC2) with help of a recirculation pump. The boiled-off water is replaced by the condensate transfer system or the firewater system. The ISO system is designed in such a way that, the system automatically gets isolated from the reactor pressure vessel in the event of a system pipe break. All the valves are closed automatically (VS1, VS2, VC2, VC2, and VV) in the event of low differential pressure exceeds three times the normal flow value. This isolation will mitigate the loss of water inventory. The ISO system instrumentation and control consists of initiation and containment isolation circuitry [18]. These circuits provide different functions, both of which are important to system reliability. The entire system is operating in a closed-loop manner.


6. Proposed framework of approach

To estimate the reliability by our approach of the ISO which consist of six steps as shown in Figure 2 as described step by step as follows:

6.1 PN model generation

In this phase, we construct the PN model of ISO system based on system requirements and specifications. As several researchers have proposed methods [19], based on that we generated a PN model. Based on functional requirements, the activity involves the PN generation to identify the places and transitions of the case study: ISO system. The identified places and transitions as illustrated in Table 1.

P0Sensors detect tripT0Sensors detects initial condition
P1Initial signal generatedT1Triggers VV valve close and VV valve close
P2Initial condition holdsT2IC loop triggers
P3Initial condition forwardsT3Triggers VV valve open and VV valve close
P4IC loop activatedT4Triggers Vs1 valve and Vs2 valve open
P5Vc2 valve closeT5Send signal to Vw valve open
P6Vc1 valve openT6Triggers Vw valve open
P7VV valve closeT7Reset
P8Vs1 valve openT8Reset of AC loss
P9Vs2 valve openT9Reset of restoration
P10Level measure makeup
P11Vw valve open

Table 1.

ISO places and transitions based on function specification.

Thereafter, we use the TimeNet4.5 [20] tool for SPN creation. Then we assign the transition delay to the transition based on the system requirement. To get throughput values of transition stationary analysis was performed in the TimeNet tool as shown in Table 2.

TransitionRateSymbolThroughput value
T01 msλ00.26966908
T11 msλ10.10385724
T21 msλ20.28610826
T31 msλ30.1771261
T41 msλ40.08883328
T51 msλ50.09000000
T61 msλ60.03244971
T71 msλ70.06681974
T81 msλ80.03152016
T91 msλ90.03244971

Table 2.

ISO throughput values.

The PN model was generated using TimeNet tools shown in Figure 4.

Figure 4.

PN model of ISO.

6.2 Tangible states and reachability graph creation

Tangible states are those for timed transitions [21], since we used SPN so there are e tangible states with markings as shown in Table 3.


Table 3.

ISO tangible states with markings of PN.

Based on the tangible states of the PN a reachability graph of the PN (Figure 4) can be obtained as shown in Figure 5.

Figure 5.

Reachability graph.

6.3 Markov chain model creation

The MC model shown in Figure 6 is obtained from the reachability graph of the PN shown in Figure 4.

Figure 6.

Markov chain.

With the help of Qwhich is transition probability matrix, the transition probability Pijof MC can be computed from SPN. For the transition matrix Q, transitionrate qijis the transition of one state to another states unit/per time, therefore we take the ratio of the transition qijand the transition rate of the states sum must be zero. The diagonal elements can be defined as:


It is clear that the system is no ergodic, therefore, Pijwill be zero and defined as:


P=IdQ1Q, where dQ=diaQdiagonal matrix ofQ.

The transition matrix is given in Eq. (5) as follows:


Now we solve Eq. (5) to get the design metrics and it seriousness of the NPP as defined in Eq. (6). We solve the Eq. (6) then we get the following linear equations.


6.4 Reliability analysis of proposed framework

Let pitbe the probability which component in state at time tis i. When components execute for tthen probability leads to the stationary distribution. Then probability is defined as:


There is only one failure state M6in MC. Now we solve the linear equation Eqs. (7)-(16) and Eq. (17) using the standard method, we get steady-state probability of each state as follows:

M0=0.1282051, M1=0.1282051, M2=0.1282051, M3=0.1282051, M4=0.1282051, M5=0.1282051, M6=0.025641, M7=0.1025641, and M8=0.1025641

Hence the reliability of ISO is:


7. Validation of proposed framework

In section, we compute the rate of failure to ensure the result experimentally of the proposed framework and follow the six steps for reliability estimation [10, 22]. We divide the entire input class into several subclass and for estimating reliability following equation required as:


Peiis the probability specified from input operation data. niis the number of trials from each comparable class. hiis a number of trial cases that are failed.

To estimate the actual reliability Table 4 data will be used.

Triggers VV valve close and VV valve close0:02821700.00039
IC loop triggers0.02312000.000115
Triggers VV valve open and VV valve close0.030442000.000608
Triggers Vs1 valve and Vs2 valve open0.09872400.004935
Send signal to Vw valve open0.03423300.00342
Triggers Vw valve open0.00325300.000533

Table 4.

Reliability estimation using [22].

Now using Eq. (22) we estimate actual reliability as:


Now we compare estimated (predicted) and actual reliability as:


Hence, the error percentages can be computed as:


Hence, the accuracy of proposed reliability computed of proposed framework is 100error%=98.4201%that indicates the validation of our work.


8. Conclusion

The proposed method is centered technique for computing reliability of instrumentation and control system of the safety-critical system of NPP. We have validated the result with operational and found accuracy with 98.4201%. With this method, software designers take necessary preventive measures early design phase to avoid any kind of failure.


chapter PDF

© 2021 The Author(s). Licensee IntechOpen. This chapter is distributed under the terms of the Creative Commons Attribution 3.0 License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.

How to cite and reference

Link to this chapter Copy to clipboard

Cite this chapter Copy to clipboard

Mohan Rao Mamdikar, Vinay Kumar and Pooja Singh (November 30th 2021). Reliability Analysis of Instrumentation and Control System: A Case Study of Nuclear Power Plant [Online First], IntechOpen, DOI: 10.5772/intechopen.101099. Available from:

chapter statistics

27total chapter downloads

More statistics for editors and authors

Login to your personal dashboard for more detailed statistics on your publications.

Access personal reporting

We are IntechOpen, the world's leading publisher of Open Access books. Built by scientists, for scientists. Our readership spans scientists, professors, researchers, librarians, and students, as well as business professionals. We share our knowledge and peer-reveiwed research papers with libraries, scientific and engineering societies, and also work with corporate R&D departments and government entities.

More About Us