1. Field of the Invention
This invention relates to a method and apparatus for monitoring the operation of complex, non-linear process control systems such as those used with nuclear fueled electric power generating units and more particularly it relates to a method and apparatus for evaluating the status of such a complex system through a systematic analysis of the vast amount of data gathered from locations throughout the system. While the invention has particular application to the identification of critical conditions in the system, it is also useful in detecting any deviations from normal operating conditions.
2. Prior Art
Modern process control systems have reached a stage of sophistication where they can do a very fine job of automatically or semi-automatically controlling a complex non-linear process within preset parameters despite perturbations to the system. Many of these control systems are also capable of shutting down a process when major disturbances are encountered. However, it is still desirable, and even mandatory in many applications, that a human operator maintain ultimate control over the process. For instance, while an automatic process control system may be able to cope with previously identified perturbations in the system, there is always the possibility that some unpredicted disturbance will occur such as unexpected combinations of unrelated component failures. Even where the automatic system could respond by shutting down the system, it may be possible that certain steps could be taken to work around the problem or that where the condition is identified early enough action could be taken to return the system to stability without reaching a crisis.
The ability of an operator to intervene in the operation of a complex, non-linear process control system is complicated by the vast amount of information that must be analyzed. An approach to the problem is addressed in U.S. Pat. No. 4,298,955. There, a decision table is used to compare various combinations of measured values of system parameters with set point values. Each of the selected combinations is assigned an importance value representing the seriousness of the situation represented. The output can be used to notify the operator of the problem and, if desired, to effect control changes. However, in a system with even a moderate number of parameters, the number of possible combinations of measured values compared to the corresponding set point is unmanageably large. This requires that only those combinations representing probable events can be selected for detection. Unfortunately, such a selective process can result in eliminating, and therefore precluding the detection of, particular occurrences which although unlikely, could occur as a result of multiple system failures.
The present invention applies decision tree analysis to solving the problem. The decision tree is an analytical tool that has found application in the analysis of situations wherein various combinations of events can occur. The events are analyzed sequentially with the sequence being determined by the occurrence or non-occurrence of the previous event in the sequence. They have been used in fault analysis where the failure or continued operation of each component in the system constitute the events with the various combinations of component failures leading ultimately to system failure. By assigning a probability to the failure of each component, the reliability of the overall system can be projected. Decision trees have also been applied to risk analysis. Starting with a particular condition, the sequence of possible events is charted out to include all possible combinations of the occurrence or non-occurrence of each event leading to various possible ultimate events. Again by assigning a probability to the occurrence of each event, the likelihood of the occurrence of each ultimate event can be predicted. Decision tree analysis can be carried out graphically by drawing a pattern of lines which converge with the occurrence of each combination of failures down to a single line in the case of fault analysis and which diverge from a single line to a multitude of branches in the case of risk analysis. Heretofore, however, the possibility of the application of the principals of decision tree analysis has not been applied to on-line monitoring of process control system operation.
An example of a complex, non-linear process control system in which a vast array of data must be analyzed in order to determine the condition of the system is a nuclear fueled electric power generating unit. While such systems are provided with reliable automatic controls with built-in redundancy and a reactor trip system which will shutdown the plant completely should operation deviate too far from normal, the operator must be, and is, able to override the automatic controls. In order to do so effectively, however, he must be able to determine from all the information available what action is required and what action is appropriate. Multiple failures could cause complex, unanticipated interactions between the various sub-systems which if not properly analyzed could lead to inappropriate action which could aggravate rather than ameliorate conditions. Whatever happens in the system; however, the primary goal is always to prevent the release of radiation from the plant. In view of this, the Nuclear Regulatory Agency has issued regulations requiring that the operator be presented with evidence of the status of certain identified critical functions related to the containment of radiation.