VERIFICATION OF AUTOMATED CHANGEOVER SWITHCING UNIT BY MODEL CHECKING

摘要

Along with new NPP designs and modernization projects of ageing NPPs there is an ongoing transition from analogue to digital technology in I&C systems. Programmable digital logic controllers enable more complicated control tasks and, thus, exhaustive verification of such systems by traditional methods is a difficult task. This difficulty is emphasized in cases where digitally implemented systems are combined with old analogue systems. Model checking is a computer-aided method developed for formal verification of correct functioning of a system design by examining all possible behaviors of a model of the system. This paper examines the use of model checking for the verification of a changeover switching unit for a busbar and also summarizes past experiences of utilizing model checking in verification of I&C logic designs. The switching unit is composed of an analogue control logic and a digital malfunction protection relay. The system was analyzed using the NuSMV model checking tool tailored for analysis of systems with a large number of inputs. The case study of this paper expands a series of studies on the applicability of model checking for the verification of NPP automation systems by introducing the problem of state space explosion caused by timing properties. Previous case studies have clearly demonstrated the benefits of model checking in the verification and licensing of digital automation. The analysis of the switching unit demonstrated that model checking is also useful in the verification of I&C systems combining analogue and digital technology, regardless some limitations of the NuSMV tool.