Verification of a primary-to-secondary leaking safety procedure in a nuclear power plant using coloured Petri nets

This paper deals with formal and simulation-based verification methods of a PRImary-to-SEcondary leaking (abbreviated as PRISE) safety procedure. The PRISE safety procedure controls the draining of the contaminated water in a faulty steam generator when a non-compensable leaking from the primary to the secondary circuit occurs. Because of the discrete nature of the verification, a Coloured Petri Net (CPN) representation is proposed for both the procedure and the plant model. We have proved by using a non-model-based strategy that the PRISE safety procedure is safe, there are no dead markings in the state space, and all transitions are live; being either impartial or fair. r analysis results have been obtained using a model-based verification approach. We created a simple, low dimensional, nonlinear dynamic model of the primary circuit in a VVER-type pressurized water nuclear power plant for the purpose of the model-based verification. This is in contrast to the widely used safety analysis that requires an accurate detailed model. Our model also describes the relevant safety procedures, as well as all of the major leaking-type faults. We propose a novel method to transform this model to a CPN form by discretization. The composed plant and PRISE safety procedure system has also been analysed by simulation using CPN analysis tools. We found by the model-based analysis—using both single and multiple faults—that the PRISE safety procedure initiates the draining when the PRISE event occurs, and no false alarm will be initiated.