The reliability analysis of the digital reactor protection system (RPS) is one of the essential parts in the probabilistic safety assessment (PSA) of the advanced boiling water reactor (ABWR). In this study, the reliability model and methodology were modified to evaluate the reliability of the digital RPS installed in the Japanese ABWR plant. The hardware failure rates in the foreign data source of digital components were applied, based on the similarity of the function of the digital components. The hardware failure rates of the digital components were estimated to range from 1.0E−5 (/hr) to 1.0E−7 (/hr), according to the types of the components. The software error events and their recovery factors in the design and fabrication stages were evaluated, considering the verification and validation process provided by the Japanese industry guideline on the digital reactor protection system. Then, the software failure probability of the programmable digital component was evaluated, utilizing the probability of software error events and their recovery factors. The software failure probability was estimated to be 3.3E−7 (/demand), which was about one order higher than that of our previous estimation. These models and results were applied to evaluate the reactor trip system (RTS) and the engineered safety feature (ESF) actuation system of the ABWR plant, both of which are the subsystems of the RPS. The unavailability of the digital RTS was estimated to be the mean value of 7.2E−06 (/demand). If both an alternate rod insertion (ARI) and a manual scram were considered, the unavailability was estimated to decrease to 1.6E−09. This value was nearly equal to the mean value of the previous study, 1.1E−09 (/demand), even though the quantification model and data were considerably modified, including the software failure probability. The system unavailability of the emergency core cooling system (ECCS) was also evaluated in conjunction with the ESF actuation system, in order to investigate the effect of the model and data modification. The ECCS unavailability was estimated to be also nearly equal to the same values as the previous estimation, because the system unavailability was dominated by the unavailability of the mechanical components, such as pumps, valves, etc. The sensitivity analyses were conducted systematically, in order to evaluate the effect of the modeling uncertainty on the digital RTS unavailability. The results indicated that the unavailability of the digital RTS only changed within the range of factor 2, even though the various assumptions were used on the hardware and the software failure of the digital components.
Automated Test Coverage Measurement for Reactor Protection System Software Implemented in Function Block Diagram