Model checking verifies the correctness of nuclear power plant safety systems
Model checking as a process.
The object of Jussi Lahtinen’s dissertation was to find a more formal and mathematical approach to system verification and to develop model checking practices that are suitable for the nuclear industry. The traditional system verification methods, such as testing and simulation, do not have enough coverage to address the increasing digitalisation of safety automation systems.
‘Nuclear power plants have large safety systems in place that encompass multiple safety functions, such as the emergency diesel generator control system. In one of the techniques now developed, the system is divided into modules, and an algorithm is used for pinpointing the subset of modules that verifies the correctness of the system,’ says Lahtinen, explaining the practical implementation of the study.
At the architecture level, hardware failures in the microcircuits used for computing a number of functions, for example, are of pronounced significance. An individual software failure, on the other hand, is not all that safety-critical, given that the plant has a number of independent software-based safety systems in place.
‘Model checking is a highly effective method for finding latent design errors that may also be strange or unusual. Unlike testing or simulation, model checking is capable of achieving complete sequential coverage with respect to the requirement being examined,’ Lahtinen adds.
In the concluding phase of the dissertation, a method to support the structure-based testing of the function block diagrams used in the design of software-based systems was created. The method generates tests based on the structure of the function block diagram that describes the functioning of the safety automation system.
‘According to the feedback received from Fortum, the process of model checking as such may reveal errors that are easily ignored in testing. The comprehensive checking is also capable of analysing events over a very short time span,’ Lahtinen adds.
The results of the dissertation work have already been used in practical assignments for the Radiation and Nuclear Safety Authority concerning the Olkiluoto 3 project, for Fortum concerning the automation renewal of the Loviisa nuclear power plant, and for Fennovoima concerning the functional architecture of the foreseen Hanhikivi nuclear power plant. Further study on the integration of model checking with probabilistic risk analysis is already underway.
The dissertation work related to the study was supervised at the Aalto University Department of Computer Science by Professor Keijo Heljanko, and it was carried out at the VTT Technical Research Centre of Finland. A substantial part of the study was funded by the Finnish nuclear power plant safety research programme SAFIR. Model checking has been studied on a constant basis since 2007, and it is a very demanding method computationally.
More information:
Jussi Lahtinen
VTT
jussi.lahtinen@vtt.fi
+3580 400 519 798
Keijo Heljanko
Professor
Department of Computer Science
keijo.heljanko@aalto.fi
+358 50 430 0771
Doctoral dissertation:
Read more news
Introducing Qi Chen: Trustworthy AI requires algorithms that can handle unexpected situations
AI developers must focus on safer and fairer AI methods, as the trust and equality of societies are at stake, says new ELLIS Institute Finland principal investigator Qi Chen
The research puzzle of when humans and AI don’t see eye to eye
Francesco Croce works on robustness in multi-modal foundation models
A rap algorithm led him to research language models at Google DeepMind – now Eric Malmi returns ÄûÃʵ¼º½ as an adjunct professor
Eric Malmi received his PhD from Aalto University in 2018 with a dissertation that developed AI methods for linking historical records and family trees. At Google DeepMind he has developed Gemini language models and a chess AI. He returned to his alma mater because of ELLIS Institute Finland.