Associate Professor, Department of Electrical and Computer Engineering
Engineering West Hall, Room 222, Richmond, VA, UNITED STATES
Carl Elks' career has been focused on maturing and advancing the state of the art in the areas of safety assessment and fault tolerance
Ph.D., Electrical Engineering
M.E., Electrical Engineering
B.S., Electrical Engineering
Integrated System Validation (ISV) is an essential licensing component in many modernization and new construction projects (NUREG-0711). Many publications focus on individual human performance measures, but few representative empirical studies examine the psychometric properties of multiple measures in an integrated fashion. This paper presents an empirical experiment employing a full-scope simulator and recently retired operators. The experiment evaluated the impact of scenario difficulty on workload (the Halden Task Complexity scale), expert-rated task performance (the OPAS), self-rated task performance, and situation awareness (the Process Overview Measure). Based on their correlations with scenario difficulty in our preliminary data analysis, the Halden Task Complexity, OPAS, and self-rated task performance measures demonstrated basic sensitivity and validity. However, the Process Overview Measure did not correlate with scenario difficulty or other performance measures. The experimental method and results contribute to methodological practice and provide empirical evidence on human performance assessment in full-scope simulator studies.
Fault injection methods have long been used to assess fault tolerance and safety. However, many conventional fault injection methods face significant shortcomings, which hinder their ability to execute fault injections on target real-time safety-critical systems. We demonstrate a novel fault injection system implemented on a commercial Field-Programmable Gate Array board. The fault injector is unobtrusive to the target system as it utilizes only standardized On-Chip-Debugger (OCD) interfaces present on most current processors. This effort resulted in faults being injected orders of magnitude faster than by utilizing a commercial OCD debugger, while incorporating novel features such as concurrent injection of faults into distinct target processors. The effectiveness of this high performance fault injector was successfully demonstrated on a tightly synchronized commercial real-time safety-critical system used in nuclear power applications.
Existing nuclear power generation facilities are currently seeking to replace obsolete analog Instrumentation and Control (I&C) systems with contemporary digital and processor based systems. However, as new technology is introduced into existing and new plants, it becomes vital to assess the impact of that technology on plant safety. From a regulatory point of view, the introduction or consideration of new digital I&C systems into nuclear power plants raises concerns regarding the possibility that the fielding of these I&C systems may introduce unknown or unanticipated failure modes. In this paper, we present a fault injection based safety assessment methodology that was applied to a commercial safety grade digital Reactor Protection System. Approximately 10,000 fault injections were applied to the system. This paper presents a overview of the research effort, lessons learned, and the results of the endeavor.
Transient faults (also known as soft-errors) resulting from high-energy particle strikes on silicon are typically modeled as single bit-flips in memory arrays. Most Architectural Vulnerability Factor (AVF) analyses assume this model. However, accelerated radiation tests on static random access memory (SRAM) arrays built using modern technologies show evidence of clustered upsets resulting from single particle strikes. In this paper, these observations are used to define a scalable fault model capable of representing fault multiplicities. Applying this model, a probabilistic framework for incorporating vulnerability of SRAM arrays to different fault multiplicities into AVF is proposed. An experimental fault injection setup using a detailed microarchitecture simulation running generic benchmarks was used to demonstrate vulnerability characterization in light of the new fault model. Further, rigorous fault injection is used to demonstrate that conventional methods of AVF estimation overestimate vulnerability up to 7× for some structures.
Two dynamic methodologies, dynamic flowgraph methodology (DFM) and the Markov/cell to cell mapping technique (CCMT), are implemented on the benchmark digital feedwater control system (DFWCS) specified in NUREG-6942 (Dynamic Reliability Modeling of Digital Instrumentation and Control Systems for Nuclear Reactor Probabilistic Risk Assessments) , to demonstrate how an existing nuclear power plant probabilistic risk assessment (PRA) can incorporate a digital upgrade of the instrumentation and control system. The results obtained from the DFM and Markov/CCMT models of the DFWCS failure modes are compared, and the impact of same scenarios directly related to the hypothetical digital upgrade on the core damage frequency (CDF) is assessed on a demonstrative basis, using a plant PRA from NUREG-1150 (Severe Accident Risks: An Assessment for Five U.S. Nuclear Power Plants) . The study shows that a DFWCS similar to that of an operating plant can be modeled using dynamic methodologies and that the results can be incorporated into an existing PRA to quantify the impact of a digital upgrade on the plant CDF. Key Words: digital systems, dynamic PRA, dynamic flowgraph methodology, Markov, cell-to-cell-mapping-technique