Modern nuclear safety requirements are high. In the prior art it is known to have nuclear reactor protection systems. An example of such a system is helpful to the reader. Specifically, if core overheat is detected, it is usually detected in sensors. The sensors in turn have to communicate through a nuclear reactor protection system to actuate core apparatus for correcting the condition. Assuming that overheat has been detected by a sensor, an appropriate response (used in this disclosure as a primary example) may be the insertion of rods to absorb neutrons and shutdown the reactor. This may be part of a system wide emergency shutdown known as a "scram".
In such a system there is always the danger of latent failures. Specifically, and as time lapses after a test has occurred, the probability increases that the system may be inoperative. The system must await the next actual test until proper operation can again be confirmed and a lower probability of failure established.
The seriousness of undetected failures becomes even more apparent when one considers the case of so called "common mode failures". "Common mode failures" are system wide. Because they are system wide, common mode failures affect the system throughout, even at points of system redundancy. Failures due to high voltage transients, fire, earthquake, and other mechanical causes may remain latent until the system is exercised. If system exercise is to occur in response to an emergency, no one may be aware that the system is incapable of responding to the emergency until the required emergency procedure is instituted. Then it is too late.
An operator may respond to an emergency in a number of different ways by moving the plant from the perilled operating state to one that is safer. All of these safer states require different operating configurations of the plant. In nuclear plants, the availability of different operating configurations has not heretofore been capable of test without actual plant manipulation.