Development and application research of startup failure and operation failure model of emergency diesel generator in nuclear power plants

In order to fully grasp the law of startup failure and operation failure of emergency diesel generator in nuclear power plants, this paper first presents the development method of integrated fault model for emergency diesel generator startup failure and operation failure on the basis of fully integrating the existing mature fault tree analysis methods. Then, taking a certain type of Emergency diesel generator as an example, a complete startup failure and operation failure model was developed, and qualitative analysis and quantitative evaluation were carried out on the basis of the model, which verified the accuracy and applicability of the model development method. Finally, this paper puts forward the qualitative analysis and quantitative evaluation results based on model, which are directly used in the basic application scheme of equipment safeguard measures and the advanced application scheme of dynamic risk assessment and long-term trend monitoring of emergency diesel generator sets based on model + data driven by emergency diesel generator sets. Through the advanced application solution, users can identify dynamic high-risk defects and long-term reliability management weaknesses in advance, and formulate effective short-term fault elimination and long-term fault prevention measures in time to avoid the consequences of startup failure and operation failure. The above research results have important practical significance for the continuous improvement of the startup reliability and operation reliability of emergency diesel generator in nuclear power plants.


Introduction
The role of the emergency diesel generator (EDG) of a nuclear power plant is to provide emergency AC power to the safety system in the nuclear power plant in the event of an accident to prevent further deterioration of the accident, and its reliability is extremely important to the safety of the nuclear power plant.In the Probabilistic Safety Assessment (PSA) of nuclear power plants , the EDG is simplified into two events: startup failure and operation failure, so from the perspective of nuclear safety function requirements, the most important thing is to ensure the startup reliability and operational reliability of EDG.LIMHG et al.(2007) [1] presented quantitative analysis of a risk impact due to a starting time extension of the emergency diesel generator.
ANON IEEE (1995) [2] presented a stand criteria for diesel-generator units applied as standby power supplies for Nu-clear Power Generating Stations.EDG is actually a complex process equipment composed of nearly 1,000 equipment, covering systems, subsystems, functional modules and equipment from the hierarchical dimension, covering mechanical equipment, electrical equipment and instrumentation control equipment from the professional dimension, covering water supply, gas supply, oil supply, lubrication, power supply, control and protection from the process dimension, the most complex diesel engine body is composed of more than 10,000 components.Failure analysis is not in place, management measures are not effective and other problems.Therefore, for EDG complex systems, mature fault modeling technology is required to comprehensively study their failure laws.Fault Tree Analysis (FTA) is a graphical deduction method, which clearly expresses the internal relationship between fault events with graphics, which is used for the development of fault models of complex systems and has been widely used in nuclear industry, aerospace, aviation and other fields.(Jiong-Sheng,1998 [3]; Jin-Hua Cao, 1988 [4], Kang Rui, 2006 [5]; International Electrotechnical Commission, 2006 [6]) given a complete fault tree guide.IAEA (2001) [7] presented a program of probabilistic safety assessment (PSA) for nuclear power plants.Y.C. Wu et al. (2007) [8] presented a program of an integrated probabilistic safety assessment (in Chinese).Muhammad Zubair et al. (2013) [9] presented Reliability Data Update Method (RDUM) based on living PSA for emergency diesel generator.Muhammad Zubair et al. (2014) [10] presented quantitative and qualitative analyses of safety parameters by using online risk monitor system (ORMS).Muhammad Zubair et al. (2011) [11] presented a method for reliability parameters calculation and their updating in Probabilistic Safety Assessment.Dingqing Guo et al. (2021) [12] presented a method for dynamic reliability evaluation of diesel generator system.
Therefore, on the basis of fully integrating the existing mature fault tree analysis methods and analysis results, this paper gives an integrated fault model development method for EDG startup failure and operation failure based on EDG design characteristics and historical experience of operation and maintenance, that is, taking EDG startup failure and operation failure as the analysis object, constructing a full-level, full-specialty, full-process scope fault logic model from system, subsystem, functional module to equipment, that is, EDG startup failure and operation failure fault tree model.Through the model, the characteristics and laws of EDG startup failure and operation failure can be fully grasped, and the qualitative analysis of reliability can be carried out, including the identification of single fault equipment, multiple fault equipment and common cause fault identification, etc., and the quantitative reliability evaluation can also be carried out, including EDG startup failure probability, operation failure rate evaluation and quantitative ranking of failure mode risk importance.Based on the above model analysis and evaluation results, it can be directly applied to the formulation of equipment safeguard measures.At the same time, combined with the latest big data technology [13][14][15], a dynamic risk assessment and long-term trend monitoring application scheme based on model + data-driven EDG startup failure and operation failure are established.Through which users can identify EDG dynamic high-risk defects and long-term reliability management weaknesses in advance, and formulate effective short-term fault elimination and long-term fault prevention measures in time to avoid the consequences of startup failure and operational failure.It is of great practical significance for the continuous improvement of the reliability of EDG.

Model development methods
This paper uses FTA fault modeling technology to give an integrated development method for EDG startup failure and operation failure model based on EDG design characteristics and power plant operation and maintenance experience, as shown in Figure 1, as follows.
The first step is to top events and boundary definitions.The definition of the top event is a clear definition of the undesirable top-level fault, that is, the detailed definition of EDG startup failure and operation failure, and the boundary definition is a clear analysis scope and division principle, as well as the granularity of the bottom event in the model.
The second step is model development and implementation.This step requires two knowledge bases as inputs, one is the design document knowledge base to provide the technical data required for analysis, including process flow diagram, electrical one-line diagram, instrument control logic diagram and instrument wiring diagram, and the other is the failure mode knowledge base to provide the failure mode data of each level of objects.On the basis of input, according to the FTA technical method, the complete fault logic model is constructed, and this paper recommends the combination of "super element method" + "node method" for fault tree model development, which can not only ensure the accuracy of the model, but also improve the efficiency of model development.
The third step is model validation and optimization.This step requires the defect event database as input, input the failure mode of the real defect event into the model, and then compare the failure consequences of the model calculation with the failure consequences caused by the real defect events, if inconsistent, feedback the model for optimization, if consistent, enter the next sample data for verification, so that the loop completes the injection verification and optimization of the model by all defect event data, which is crucial for the effectiveness and continuous optimization of the model.
The fourth step is model qualitative analysis.The purpose of the fault tree model qualitative analysis is to find the set of all failure modes that cause EDG startup failures and operational failure top events, that is, to calculate the minimum cut level.Analyze the output EDG startup failure and run failure minimum cut list and failure mode structure importance ranking list.
The fifth step is the quantitative evaluation of the model.This step requires the equipment reliability database as input, and the purpose of quantitative evaluation of the fault tree model is to calculate the probability of EDG startup failure and operational failure top event occurrence, as well as the importance of the bottom event.Analyze and output EDG startup failure and run failure probability and failure mode risk importance ranking list. 1

) The probability of a top event occurring
The probability of a top event occurring is a measure of the likelihood that a top event will occur under all bottom events.The calculation formula is: Thereinto: ) (T P : The probability of the top event occurring.
) (t F i : The failure probability of the ith bottom.event in the jth least cut set at the moment t. 2) Risk Reduction Worth, RRW The risk reduction value importance measures the impact of the maximum reduction in the risk value on the improvement of the bottom event in the fault tree event.The calculation formula is: Thereinto: RRW i I : RRW importance of bottom event i.

SYS
Q : System probability value or risk.) 0 (  i sys q Q : When the probability of occurrence of bottom event i is set to 0, the probability or risk of the system. 3) Risk Achievement Worth, RAW The risk added value importance measures the importance of the bottom event in the fault tree event, and the impact on the system risk when the equipment is assumed to fail.The calculation formula is: Thereinto:  : The probability of occurrence of bottom event i is set to 1 when the probability or risk of the system.

Model development examples
According to the model development method described in Section 2.1, this topic selects a certain model EDG as the case object to complete the development of the complete startup failure and operation failure model.

Define top events and boundaries.
As shown in the working sequence of this model of EDG in Figure 2, during the operation of the nuclear power unit, the EDG is in a hot standby state, when the starting signal is received, the rated voltage is reached within 10 seconds, and after the power supply switch and step-by-step loading, the output energy is output for 7 consecutive days.
This paper classifies the failure to issue the closing command on time during the EDG startup stage as a startup failure, and the top event is defined as when the emergency manual or automatic start signal is received, and the emergency diesel generator set does not issue the generator outlet circuit breaker 002JA closing command within 10s.
The failure to output electrical energy during the EDG switching, loading, and operation phases is classified as operational failure, and the top event is defined as the automatic or manual shutdown of the emergency diesel generator set after the generator outlet circuit breaker 002JA is successfully closed.According to the above event definition, according to the technical characteristics of EDG of this model, as shown in Figure 3, nine subsystems directly related to starting, switching, loading and running are sorted out as analysis objects within the boundary, and the granularity of the bottom event of the model is to the level of equipment failure mode.

Model development implementation.
The design file knowledge base technical file required for the modeling process is obtained from the power plant documentation system, and the required failure mode knowledge base failure mode data is obtained from the power plant equipment management platform.
Then, using the method described in Section 2.1, the development of the EDG startup failure and operation failure fault tree model of this model is completed, in which there are 468 startup failure fault tree model bottom events and 334 running failure bottom events, and the model is cut as shown in Figure 4, Figure 5 and Table 1.

Model training and optimization.
The defect event library required for the model training and optimization process is obtained from the group experience feedback system.There is a total of 17 EDGs of this model in the group, and a total of 17 defect analysis reports are obtained from the system, all of which are entered into the above models to complete verification and optimization.

Model qualitative analysis.
According to the method described in Section 2.1, the minimum cut set analysis of the EDG startup failure fault tree model is completed, and a total of 8705 cut sets are obtained, which can be seen from the statistical results of Table 2 and Table 3: 1) The number of devices that failed EDG startup due to a single fault was 255, accounting for 27.48%, which was the weak link of EDG startup failure and needed to be paid attention to in reliability management.
2) The diesel engine body and fuel supply system have the largest number of single equipment failure modes, 158 and 125 respectively, which should be paid attention to in reliability management compared to other subsystems.
3) Startup air system dual equipment failure modes had the highest number of 46, with a focus on risk management in reliability management.According to the method described in Section 2.1, the minimum cut set analysis of the EDG operation failure fault tree model is completed, and a total of 625 cut sets are obtained, which can be seen from the statistical results of Table 4 and Table 5: 1) The number of devices that failed EDG operation due to a single fault was 225, accounting for 22.91%, which was the weak link of EDG operation failure and needed to be paid attention to in reliability management.
2) The diesel engine body, cooling and pre-heating system, and lubricating oil supply system have the largest number of single equipment failure modes, 156, 48, and 31 respectively, which should be paid attention to in reliability management compared to other subsystems.
3) Cooling and pre-heating systems have the highest number of dual equipment failure modes at 16, with a focus on risk management in reliability management.
of the bottom event as the basic input of the calculation determines the quality of the quantitative evaluation of the top event, and the effective acquisition of the fault model is also a difficult work, and this paper relies on the reliability database of the power plant equipment to complete the data acquisition and fault model definition of the model.
According to the method described in Section 2.1, the bottom event fault model is entered into the EDG startup failure fault tree model to complete the quantitative evaluation, and the risk importance ranking list is shown in Table 6 The 12 equipment failure modes that are ranked first in importance and belong to a single fault that cause EDG startup failure are the weak links of EDG startup failure, and it is necessary to invest resources to improve their reliability level in reliability management.
According to the method described in Section 2.1, the equipment reliability data required for the quantitative evaluation of the model is obtained from the power plant equipment reliability database, and the quantitative evaluation of the EDG operation failure fault tree model is completed, and the list of risk importance is listed as shown in Table 7: The eight equipment failure modes that are ranked first in importance and belong to a single fault that leads to EDG operation failure are the weak links of EDG startup failure, and resources need to be invested in reliability management to improve its reliability level.

Results and application discussion
As can be seen from the case in Section 2.2, the EDG startup failure fault tree model of this model covers 468 equipment failure modes, qualitatively analyzes 8705 minimum cut sets, identifies 361 single fault equipment failure modes, and quantitatively evaluates and identifies 12 high-risk and important equipment failure modes.The EDG operation failure tree model covers 334 equipment failure modes, qualitatively analyzes and outputs 625 minimum cut sets, identifies 292 single fault equipment failure modes, and quantitatively evaluates and identifies 8 high-risk and important equipment failure modes.Based on the above model analysis and evaluation, this paper gives the basic and advanced application scheme based on the model.The basic application solution is based on the qualitative analysis and quantitative evaluation results of the model, which are directly used in the development of equipment safeguard measures to ensure the reliability of EDG start-up and operation.The failure mode of single faulty equipment identified by qualitative analysis is the weak link of EDG reliability design, and comprehensive preventive maintenance tasks and condition monitoring tasks should be formulated.The high-risk importance equipment failure mode identified by quantitative assessment is a high-frequency fault reflected in the operation and maintenance practice, and sufficient spare parts inventory and fault elimination plans should be formulated in advance, and modifications or substitutions should be used to improve inherent reliability when necessary.
The advanced application scheme is to combine the latest big data technology to establish a dynamic risk assessment and long-term trend monitoring application based on model + data-driven EDG startup failure and operation failure.Through this solution, it helps users identify EDG dynamic high-risk defects and long-term reliability management weaknesses in advance, and formulate effective short-term fault elimination and long-term fault prevention measures in a timely manner to avoid the consequences of start-up failure and operation failure.
Through EDG model + data-driven dynamic assessment and risk control application scheme, as shown in Figure 6, users can grasp the risk status of EDG startup failure and operation failure in real time, as well as the most critical influencing factors, and formulate effective fault elimination measures in time to avoid the consequences of failure.The specific implementation of the scheme is to first collect EDG defect information and condition monitoring data through big data technology, and then use big data technology to model and analyze operation and maintenance data, equipment failure mode diagnosis, and equipment failure degree analysis, and then update the dynamic parameter values of equipment failure mode in real time, and finally trigger real-time calculation of EDG startup failure probability and operation failure probability, if the limit is exceeded, the user will actively push alarms, and give key influencing factors and recommended fault elimination measures.
Through the trend monitoring and vulnerability management application scheme of EDG model + data, as shown in Figure 7, users can grasp the long-term trend of EDG startup failure and operation failure, identify weak links affecting reliability in time, and formulate medium and long-term reliability improvement measures.The specific implementation of the solution is to first regularly collect EDG operation, maintenance and fault data through big data technology, then use big data analysis technology to model and analyze operation and maintenance data, regularly update the fixed parameter indicators of the equipment fault model, and finally trigger the periodic calculation of EDG startup failure probability and operation failure rate, identify weak links affecting reliability according to trend analysis, and actively push user attention to recommend medium-and long-term preventive measures for failure.

Conclusions and future work
For such a complex process equipment of EDG in nuclear power plants, this paper first uses FTA modeling technology to give an integrated development method for EDG startup failure and operation failure models based on EDG design characteristics and power plant operation and maintenance experience, including five core steps: top event and boundary definition, model development and implementation, model verification and optimization, model qualitative analysis, and model quantitative evaluation.Through the model, the characteristics and laws of EDG startup failure and operation failure can be fully grasped, and the qualitative analysis of reliability can be carried out, including the identification of single fault equipment, multiple fault equipment and common cause fault identification, etc., and the quantitative reliability evaluation can also be carried out, including EDG startup failure probability, operation failure rate evaluation and quantitative ranking of failure mode risk importance.
Then, using a certain type of EDG as a pilot, this paper develops a complete startup failure and operation failure fault tree model, and conducts qualitative analysis and quantitative evaluation on the basis of the model, which verifies the accuracy and applicability of the model development method.
Finally, this paper presents the qualitative analysis and quantitative evaluation results based on the model, which are directly used in the basic application scheme of equipment safeguard measures formulation, and the advanced application scheme based on the dynamic risk assessment and longterm trend monitoring of EDG startup failure and operation failure driven by model + data with the advantage of big data technology.Through the advanced application solution, users can identify EDG dynamic high-risk defects and long-term reliability management weaknesses in advance, and formulate effective short-term fault elimination and long-term fault prevention measures in time to avoid the consequences of start-up failure and operation failure.Advanced application solutions can significantly improve the value of models and data, which is also the development direction of digitalization, but it requires high requirements for business and data technology integration capabilities.
In summary, the research results of this paper have important practical significance for the continuous improvement of the startup reliability and operational reliability of EDG in nuclear power plants.

Figure 1 .
Figure 1.EDG startup failure and operation failure model development method.

Figure 2 .
Figure 2. A certain model of EDG working timing.

Figure 3 .
Figure 3. Definition of EDG model development boundary for a certain model.

Figure 5 .
Figure 5. Fault tree model of EDG operation failure.

Figure 6 .
Figure 6.EDG dynamic assessment and risk control application scheme.

Figure 7 .
Figure 7. EDG trend monitoring and vulnerability management application scheme.

Table 2 .
Minimum cut set of the fault tree model of EDG startup failure.

Table 3 .
Minimum cut set statistics of the fault tree model of EDG startup failure.

Table 4 .
Minimum cut set of the fault tree model of EDG operation failure.

Table 5 .
Minimum cut set statistics of the fault tree model of EDG operation failure.
2.2.5.Quantitative evaluation of models.It can be seen from Equation (1) that the failure model

Table 7 .
Comprehensive importance list of EDG operation failures (Top 8).