Multi-Diversity for FPGA Platform Based NPP I&C Systems: New Possibilities and Assessment Technique

Abstract

Diversity approach is used to decrease risk of common cause failure (CCF) of Nuclear Power Plant (NPP) Instrumentation and Control systems (I&Cs). Application of a multi-diversity, i.e. a few different types of version redundancy allows minimizing CCF risk. On the other side, implementation of diversity increases cost and complicates maintenance of multi-version I&Cs. Hence, it is important to find optimal solution according with criteria “required level of diversity (safety) / minimal cost and maintenance complexity. Modern FPGA technology creates additional possibilities to meet requirements of the standards (such as NUREG/CR-7007, IEEE Std 7-4.3.2-2016, IAEA SSR-2/1:2016, IAEA NP-T-3.17:2016 and others) by developing main and diverse subsystems on the basis of the same FPGA platform. Existing diversity normative base should be enhanced in three directions — scope, depth and rigor to provide more detailed description of possible applied techniques and tools for quantitative assessment. The goals of the paper which overviews practical issues of diversity application are the following: - present extended classification of diversity considering additional types of version redundancy for FPGA platform based I&Cs (logical processing equipment, life cycle, logic/algorithm etc.) in comparing to NUREG7007; - describe the modified technique of diversity assessment taking into account three and more levels of diversity classification; - illustrate and discuss variants of assurance of the required degree of diversity by use of the RadICS FPGA platform to develop main and diverse subsystems. The classification is specified considering diversity of hardware and FPGA designs. In particular, diversity of hard logic and soft processors, interfaces and buses, self-diagnostics means and others are described and embedded into NUREG/CR-7007 classification. The NUREG7007-based diversity assessment techniques supporting all stage of analyzing options are discussed, and algorithms for versions choice are described. This technique takes into account more detailed specification of diversity classification (for types, subtypes and sub-subtypes of diversity for logic diversity, logic processing equipment diversity and others) and options to evaluate weight coefficients. Case study is based on description of two options of RadICS FPGA platform application to develop two-version NPP I&C, which meets standard requirements to diversity.