Dynamic flowgraph modeling of process and control systems of a nuclear-based hydrogen production plant

i n t e r n a t i o n a l j o u r n a l o f h y d r o g e n e n e r g y 3 5 ( 2 0 1 0 ) 9 5 6 9 e9 5 8 0

Available at www.sciencedirect.com

journal homepage: www.elsevier.com/locate/he

Dynamic flowgraph modeling of process and control systems of a nuclear-based hydrogen production plant Ahmad W. Al-Dabbagh a, Lixuan Lu b,* a

Faculty of Engineering and Applied Science, University of Ontario Institute of Technology, 2000 Simcoe Street North, Oshawa, Ontario, Canada L1H 7K4 b Faculty of Energy Systems and Nuclear Science, Faculty of Engineering and Applied Science, University of Ontario Institute of Technology, 2000 Simcoe Street North, Oshawa, Ontario, Canada L1H 7K4

article info

abstract

Article history:

Modeling and analysis of system reliability facilitate the identification of areas of potential

Received 23 February 2010

improvement. The Dynamic Flowgraph Methodology (DFM) is an emerging discrete

Received in revised form

modeling framework that allows for capturing time dependent behaviour, switching logic

14 June 2010

and multi-state representation of system components. The objective of this research is to

Accepted 21 June 2010

demonstrate the process of dynamic flowgraph modeling of a nuclear-based hydrogen

Available online 31 July 2010

production plant with the copperechlorine (CueCl) cycle. Modeling of the thermochemical

Keywords:

monitoring and control of the process is provided. This forms the basis for future

Process reliability

component selection.

process of the CueCl cycle in conjunction with a networked control system proposed for

Dynamic flowgraph methodology

ª 2010 Professor T. Nejat Veziroglu. Published by Elsevier Ltd. All rights reserved.

Nuclear-based hydrogen production Copperechlorine cycle Networked control system

1.

Introduction

Reliability assessment methods provide information to facilitate improvement in systems life and to reduce risks and hazardous. Several methods have been defined and used in literature to assess the reliability and safety of digital control systems, such as the widely used fault trees, Markov modeling and Petri nets [1,2]. However, the notion of Networked Control Systems (NCS) in recent years necessitates further modification of existing methods and/or development of new methods. In an NCS, control elements are distributed throughout the process and are connected by a communication network [3,4]. The deployment of NCS requires the reliability assessment methods to be capable of accounting for dynamic interactions between the digital control systems

elements as well as the controlled process, with the presence of communication delay. Each of the traditionally used reliability modeling and assessment methods is associated with its own disadvantages, such as lack of representing multi-state behaviour and dynamic dependencies between systems parameters. The Dynamic Flowgraph Methodology (DFM) is emerging as a promising reliability modeling approach which provides a documented model of the system behaviour and interactions [5]. It can be applied to assess safety and reliability and verify performance of engineering systems with dynamic behaviour and dependency [5e13]. The two fundamental goals of the methodology are to provide an integrated hardware/software model of the system and to identify how certain critical events of interest may occur [13]. The

* Corresponding author. E-mail address: [email protected] (L. Lu). 0360-3199/$ e see front matter ª 2010 Professor T. Nejat Veziroglu. Published by Elsevier Ltd. All rights reserved. doi:10.1016/j.ijhydene.2010.06.059

9570

i n t e r n a t i o n a l j o u r n a l o f h y d r o g e n e n e r g y 3 5 ( 2 0 1 0 ) 9 5 6 9 e9 5 8 0

Acronyms CueCl DD DFM DHSS DVD HMI

CoppereChlorine Destination Delay Dynamic Flowgraph Methodology Destination Hardware/Software Status Device Delay Human Machine Interface

methodology offers major advantages over conventional methods. It allows for capturing time dependent behaviour, switching logic and multi-state representation of system components. Therefore, faults accumulated over time can be captured by the DFM model and its effect can be analyzed afterwards. Furthermore, the DFM can represent both the controlling software and the controlled process [9]. Thus it can capture the interaction between the control system and the controlled process. In order to capture the complete behaviour of a system, only one DFM model is needed. In addition, a model allows for executing the equivalence of a large number of fault tree derivations for different top events of interest [6]. Nuclear energy can become a primary energy source for hydrogen production plants [14]. A collaborative effort has taken place by Argonne National Laboratories, Atomic Energy of Canada Limited, University of Ontario Institute of Technology and other partners to design the CueCl cycle for hydrogen production. In the CueCl cycle, water is decomposed into hydrogen and oxygen through several physical and chemical processes with a highest heat temperature input of 530
C [15]. The relatively low heat temperature input requirement makes the cycle suitable for future linkage with more choices of nuclear power plants. More specifically, it allows the cycle to be coupled with Canada’s Generation IV reactor, the Super-Critical Water Reactor (SCWR) [16]. The cycle offers other advantages that include minimal solid handling, reduced demands on materials of construction, and the requirement of inexpensive raw material. The reactions within the cycle can proceed nearly to completion without significant side reactions. The cycle can utilize low-grade waste heat from nuclear power plants for several of its thermal processes [16]. As research continues to design and analyze the CueCl cycle, control system design must be accounted for prior to process development and commissioning. Instrumentation and Control (I&C) systems should be deployed to regulate the process in order to provide a safe and reliable operation. One promising technique for control and monitoring of processes is via the use of a Networked Control Systems (NCS) [17]. Such systems have been adopted in hydraulic and thermal power plants, factories, and aerospace industry [18]. The use of the NCS scheme offers significant advantages such as reduced wiring and maintenance and enhanced flexibility and faulttolerance capability [19]. Therefore, our research selects an NCS as the control scheme to accommodate the probabilistic nature of the failure events in the hydrogen generation process. In this article, the architecture and communication specifications of the NCS are proposed for the CueCl cycle

I&C NCS PDS POST PRE SCWR SD SHSS

Instrumentation and Control Networked Control System Plant Display System Post Processing Time Preprocession Time Super-Critical Water Reactor Source Delay Source Hardware/Software Status

first. Subsequently, it is demonstrated how the dynamic flowgraph methodology can be applied to model the NCS in conjunction with the controlled process. The paper is structured as follows: in Section 2, the Dynamic Flowgraph Methodology (DFM) is introduced. Section 3 introduces the CueCl thermochemical cycle and its control systems. Section 4 demonstrates the dynamic flowgraph modeling of the process and control system and provides a case study for modeling of the hydrogen reactor unit. Conclusions are drawn in Section 5.

2.

The dynamic flowgraph methodology

The dynamic flowgraph methodology utilizes a set of basic modeling elements to represent system parameters and their relationships. The modeling elements are shown in Fig. 1. The modeling strategy is a two-step process: construction of a model and analysis of the constructed DFM model, as described below.

2.1.

Model construction

The construction of DFM models is performed using a detailed multi-state representation of the cause-and-effect and timevarying relationships that exist between system parameters. The nodes can represent system parameters, components or variables. They are discretized into a finite number of states. Thus, they represent more than just a binary scenario (i.e., operative or failed). For example, a node can represent a range of operating temperatures. The process variable nodes are typically used to represent physical or software parameters. The condition nodes are typically used to identify changes of process operation modes, component failure states or software switching actions [10]. The edges are used to visually represent the relationships between parameters. Transition boxes and transfer boxes are used to represent function and

Process Variable Node

Transfer Box

Conditioning Node

Causality Edge

Transition Box

Conditioning Edge

Fig. 1 e DFM Modelling Elements.

9571

i n t e r n a t i o n a l j o u r n a l o f h y d r o g e n e n e r g y 3 5 ( 2 0 1 0 ) 9 5 6 9 e9 5 8 0

Table 1 e Reaction Steps of CoppereChlorine Cycle [15]. Reaction

Temperature Range (
C)

2Cu (s) þ 2HCl (g) / 2CuCl (l) þ H2 (g) 2CuCl (s) / 2CuCl (aq) / CuCl2 (aq) þ Cu (s) CuCl2 (aq) / CuCl2 (s) 2CuCl2 (s) þ H2O (g) / CuO  CuCl2 (s) þ 2HCl (g) CuO  CuCl2 (s) / 2CuCl (l) þ 1/2O2 (g)

430e475 Ambient (electrolysis) <100 400 500

Step 1 2 3 4 5

temporal relationships among states of parameters. Transition boxes differ from transfer boxes in that a time lag occurs between the time when the states of input variable become true and the time when the states of output variable are reached [10]. Both transition and transfer boxes are associated with decision tables that are used to provide a multi-state representation of the relationships between parameters, where combinations of the input states and output process variable nodes are mapped [10]. Decision tables can be implemented from knowledge of the system [8].

2.2.

parameters that lead to the specified state are found. Performing deductive analysis allows for generation of timed prime implicants. A prime implicant is defined as a conjunction of primary events which are sufficient to cause the top event [8]. Prime implicants can be used to identify unknown systems hazards and guide design decisions to eliminate known hazards [11]. In addition, timed fault trees can be derived for any top event to visually represent the combination and sequences of events that lead to the occurrence of the specified top event.

Model analysis

A DFM model can be analyzed inductively and/or deductively by tracing sequences of events through the model structure. The inductive DFM analysis follows a bottom-up approach. Initially, a set of basic component states are specified, Then, propagation through the system is investigated to find the influence and effect of the specified states. The deductive DFM analysis follows a top-down approach. Initially, a state of interest is specified. Then, the combination and sequences of

3. Copperechlorine thermochemical cycle process and control systems The CueCl thermochemical cycle consists of five interconnected reaction vessels, or reactor units [15]. Each reactor unit hosts one of the five reactions listed in Table 1. The five reactor units are: hydrogen reactor, electrochemical cell, spray drying unit, fluidized bed and oxygen reactor. Instrumentation and control systems are deployed to regulate and

Plant Display System

Network

Group Controller

Group Controller

Group Controller

Group Controller

Group Controller

Network

Control Devices

Control Devices

Partition 1 (Hydrogen Reactor)

Partition 2 (Electrochemical Cell)

Control Devices

Partition 3 (Spray Dryer)

Control Devices

Partition 4 (Fluidized Bed)

Control Devices

Partition 5 (Oxygen Reactor)

Fig. 2 e Architecture of Networked Control System for CueCl Cycle.

9572

i n t e r n a t i o n a l j o u r n a l o f h y d r o g e n e n e r g y 3 5 ( 2 0 1 0 ) 9 5 6 9 e9 5 8 0

Fig. 3 e Upper-Level Communication Diagram for CueCl Cycle DCS.

monitor the operation of the hydrogen production plant in the most safe and reliable manner.

3.1.

Five reactions of the CueCl cycle

There are five steps to produce hydrogen through the CueCl cycle. In the first step, copper particles and HCl gas enter the hydrogen reactor to react and produce CuCl solid and H2 gas. Step 2 may be implemented by means of an electrochemical cell [15]. The CuCl solid produced in the hydrogen reactor along with that from the oxygen reactor (Step 5) are used in the electrochemical cell to produce aqueous CuCl2 and solid copper particles. The solid copper particles exiting from the electrochemical cell are transported to the hydrogen reactor. A flash dryer unit (Step 3) is used to dry the aqueous CuCl2 to

supply solid CuCl2 to the fluidized bed reactor unit (Step 4). In the fluidized bed, solid CuCl2 and high temperature steam react to produce solid CuO  CuCl2 and HCl gas. The HCl gas is fed to the hydrogen reactor unit and the solid CuO  CuCl2 is supplied to the oxygen reactor unit (Step 5) to produce liquid CuCl and oxygen gas.

3.2.

Architecture of the control system

The design of the NCS for the hydrogen plant is based on a functional distribution scheme. In the scheme, control functions are divided into logical chunks assigned to different control partitions. The NCS include one Plant Display System (PDS) and five control partitions, as shown in Fig. 2 [20]. Each partition of the NCS is responsible for the control and

9573

i n t e r n a t i o n a l j o u r n a l o f h y d r o g e n e n e r g y 3 5 ( 2 0 1 0 ) 9 5 6 9 e9 5 8 0

CuCl Supply Control Network Influence

Cu Supply

P1a_Tx

P1a_Rx

P2a_Rx

P2a_Tx Reactor 2 Electrochemical Cell

Reactor 1 Hydrogen Reactor

P1b_Tx

P1b_Rx

Reactor 4 Fluidized Bed

P4_Rx

P4_Tx

HCl Supply CuCl2 (s) Supply P3_Rx P5a_Rx

CuCl2 Supply P5a_Tx

CuO*CuCl2 Supply Reactor 5 Oxygen Reactor

P5b_Rx

Reactor 3 Spray Dryer

P3_Tx

P2b_Rx

P2b_Tx

P5b_Tx CuCl Supply Plant Display System

P1c_Tx

HT_Tx

HT_Rx

P1c _Rx

Fig. 4 e DFM Model of the Hydrogen Plant.

monitoring of one of the reactor units. The PDS allows for user intervention through a Human Machine Interface (HMI) system. It provides the capability of displaying alarms and transients of the hydrogen production plant. In addition, it allows control room operators to specify setpoint and generate control commands. Each control partition consists of one group controller and several device controllers distributed through the respective reactor process. A group controller is responsible for executing complex control logic, and monitoring device controllers in its control partition. Device controllers are responsible for executing simple logic and control of field devices (e.g., valves, motors, pumps and compressors).

3.3.

Communication structure of the control system

Fig. 3 presents an upper-level communication diagram for the hydrogen production plant. As can be seen, there is a Plant Display System (PDS) on the top, which is used to monitor the production of hydrogen and oxygen gases produced in Step 1 and 5 reactor units, respectively. It provides the following instructions to the control partitions: plant start command; plant shutdown command; and hydrogen production requirement. Group controllers for each partition communicate with each other as well as with the PDS using a shared

communication network. There are also five partitions governing the plant to meet the hydrogen demand specified by the PDS. Group controllers in each partition are responsible for achieving one of the five reactions listed in Table 1. The group controller of Partition 1 adjusts the hydrogen production rate. It sends copper and HCl gas requirements to the group controller of partition 2 and 4, respectively. The group controller of Partition 2 then communicates with the group controller of Partition 1 and Partition 5 to send CuCl inflow requirement. The group controller of Partition 4 communicates with the group controller of Partition 2 to send CuCl2 solid requirement. The group controller of Partition 3 requests the necessary amount of CuCl2 aqueous from the group controller of Partition 2. The group controller of Partition 5 sends CuO  CuCl2 requirement to the group controller of Partition 4.

4.

Dynamic flowgraph modeling

This section demonstrates the dynamic flowgraph modeling of the dynamical and logical interactions between the reactor units in the CueCl cycle. The model of the hydrogen production plant is shown in Fig. 4. In this figure, Tx and Rx denote the transmission and recipient of variables, respectively. The

9574

i n t e r n a t i o n a l j o u r n a l o f h y d r o g e n e n e r g y 3 5 ( 2 0 1 0 ) 9 5 6 9 e9 5 8 0

4.1. Dynamic flowgraph modeling of the communication network

Table 2 e Description of Variables in Figs. 4 and 5. Variable BIT CN DD DEL DHSS DVD HT MS NTA NTD P1a P1b P1c P2a P2b P3 P4 P5a P5b POST PRE SD SHSS TX WAIT

Description

The output of the communication network block in Fig. 4 determines the behaviour of the signal transmission among the communicating nodes (i.e., group controllers). For example, in Fig. 4, if communication is available between the group controllers of Reactor 1 and Reactor 2, messages will be transmitted on time. This is modelled by allowing the controller to use the current transmitted message. Otherwise, if communication is unavailable, the controller will not receive the current value. Instead, it will use the message transmitted from the previous cycle. From the perspective of the group controller of Reactor 2, if transmission is completed on time, the signal used by the controller is defined by Eq. (1). Otherwise, the signal used by the controller is defined by Eq. (2).

Bit time Communication network influence Destination time delay Total delay Destination hardware/software status Device delay H2 Target Message size in terms of bits Network Availability Network time delay Cu production requirement HCl production requirement H2 production CuCl production requirement from Partition 1 CuCl production requirement from Partition 5 CuCl2 Aqueous production requirement CuCl2 solid production requirement CuO  CuCl2 production requirement Oxygen production Postprocessing time delay Preprocessing time delay Source time delay Source hardware/software status Transmission time Waiting time

P1aRx ¼ P1aTx ðnÞ

(1)

P1aRx ¼ P1aTx ðn  1Þ

(2)

where, P1aRx is the message containing information with regards to copper requirement received by the group controller of Reactor 2; n is a discrete sampled value, P1aTx ðnÞis the transmitted message at time n; P1aTx ðn  1Þ is the transmitted message at time n‑1 (i.e., from the previous cycle). The communication system is seldom robust to loss of data or data latency [4]. In an NCS, multiple controllers compete to have access to the common communication media to relay information. When two controllers try to access the communication channel at the same time, one has to wait for the other through either a deterministic or a probabilistic mechanism, thus causing communication delay. If both controllers put the information on the communication channel simultaneously, a data collision occurs, thus causing loss of data. The

description of the process nodes is provided in Table 2. There are seven boxes to represent the five control partitions, the PDS and the communication network. Each block contains a DFM model that emulates the behaviour of the respective system. More detailed explanation of this figure can be found in Section 4.1. In the following, the influence of the communication network on the overall system performance is described first. Subsequently, the modelling of the hydrogen reactor unit is presented.

SHSS

PRE

1

SD

DHSS

POST

4

5

DVD

DD

6

BIT

DEL

NTA

2

TX

MS

3

NTD

WAIT

Fig. 5 e DFM Model of Communication Network.

7

CN

i n t e r n a t i o n a l j o u r n a l o f h y d r o g e n e n e r g y 3 5 ( 2 0 1 0 ) 9 5 6 9 e9 5 8 0

9575

transmission time, Ttx , and postprocessing time, Tpost [21]. The total time delay is expressed by Eq. (3). The implementation of each component of the total time delay in the DFM model is discussed below, where the description of the variables is provided in Table 2. Tdelay ¼ Tpre þ Twait þ Ttx þ Tpost

4.1.1.

(3)

Preprocessing time

The preprocessing time at the source node is defined as the time needed to acquire data from the external environment and encode it into appropriate network data format [21]. It depends on the device software and hardware characteristics. In the dynamic flowgraph model, SHSS, PRE and SD are used to represent source hardware/software status, preprocessing time and source delay, respectively. The SHSS has two states: available and unavailable. The source preprocessing time is assumed to be Tpre when the corresponding processor is functional. If the processor is unavailable, a large time delay, Tx , is assumed. The effect of this large time delay will be revealed by the DFM model after the deductive analysis.

4.1.2.

Fig. 6 e Prime Implicants of Communication Unavailability in NCS.

dynamic flowgraph model of the communication network takes into account not only the availability of the communication link, but also the performance degradation of the communication network. The time delays are broken into four components, the preprocessing time, Tpre , waiting time, Twait ,

Waiting time

The waiting time is defined as the time a message may spend in the queue at the sender’s buffer before transmission [21]. The main factors affecting waiting time are network protocol, message contention type and network traffic load. In the dynamic flowgraph model, the waiting time is discretized into two ranges: acceptable and unacceptable.

4.1.3.

Transmission time

The transmission time is the time required to transmit a message between two nodes. The formula for transmission time is shown in Eq. (4) [21].

Fig. 7 e P&ID of Hydrogen Production Reactor Unit.

9576

i n t e r n a t i o n a l j o u r n a l o f h y d r o g e n e n e r g y 3 5 ( 2 0 1 0 ) 9 5 6 9 e9 5 8 0

a

To Group Controller

V1P

V1S

F1SS

V1

L1F

HClI

F1MC

C1

DV1

F1M

To/From Group Controller

F1MP V2P

V2S

F2SS

V2

L1’F C2

F2MC

DV2

F2M

1

DFL

F1’MP

PM1P

PM1S PM1

From Network Influence DPM1

b

To/From Group Controller

M2P

COVS

M2S

F4SS

M2

DF3

L3F F3MC

C3

DM2

F3M

CuI F3MP

From Network Influence

2

Fig. 8 e (a) DFM Model of Lines 1 and (b) DFM model of Line 3 flow.

Ttx ¼ N  Tbit þ Tprop

(4)

where, N is the message size in terms of bits, Tbit is the bit time and Tprop is the propagation time between any two devices. The propagation time is negligible in a small scale control network (100 m or shorter) since typical transmission speed in a communication medium is 2  108 m/s [21]. In the model, the transmission time is divided into three ranges: required, acceptable, and unacceptable. Both the waiting time and the transmission time contribute to the network delay; therefore, the network delay is defined as the sum of the transmission time and the waiting time. The preprocessing time discussed in Section 4.1.1 and the postprocessing time to be discussed below depend on the source and destination processors, instead of the communication network. It should be noted that only time delays are considered. It is assumed there are no bit errors.

4.1.4.

Postprocessing time

The postprocessing time at the destination node is defined as the time taken to decode the network data into the physical data

format and output to external environment [21]. It depends on the hardware and software characteristics of the destination processor. In the model, DHSS, POST, and DD represent the destination hardware/software status, the post processing time and the destination delay, respectively. The device delay at the destination node is assumed to be Tpost when the corresponding processor is functional. If the destination processor is unavailable, a large time delay, Ty, is assumed. Fig. 5 shows the DFM model of the communication network. The total device delay represented by DVD, is the sum of the delays at the source node and the destination node. The total time delay is expressed in terms of the total device delay and the network delay. The total delay is then compared to a threshold (i.e., sampling rate) to determine the state of the communication network variable, CN. The output of the model determines whether the communication network affects signal transmission between communicating nodes, or the controllers. Prime implicants for the unavailability of communication between control systems, CN ¼ 0, are determined by performing deductive analysis. There are five prime implicants that can lead to the top event, as shown in Fig. 6.

i n t e r n a t i o n a l j o u r n a l o f h y d r o g e n e n e r g y 3 5 ( 2 0 1 0 ) 9 5 6 9 e9 5 8 0

Table 3 e Description of Process Variables in Figs. 8e10.

Table 3 (continued)

Variable DFL1 DPM1 DV1 DV2 F1M F1MC F1MP F1’MP

PM2P PM2S V3P V3S

F1SS F2M F2MC F2SS HCLI L1F L1’F PM1 PM1P PM1S V1 V1P V1S V2 V2P V2S

Description of Variables of Fig. 8(a) Change in HCl flow after heating chamber Change in speed of PM1 Change in valve V1 position Change in V2 position Measurement of Line 1 flow Measurement of Line 1 flow used by controller C1 Measurement of Line 1 flow in previous cycle Measurement of Line 1 after heating chamber in previous cycle Status of flow sensor F1 Measurement of Line 1 flow after heating chamber Measurement of Line 1 flow after heating used by controller C2 Status of flow sensor F2 HCl inflow from reactor 4 Flow of Line 1 Flow of Line 1 after heating chamber Speed of PM1 Speed of pump PM1 in previous cycle Status of PM1 Position of V1 Position of V1 in previous cycle Status of V1 Position of V2 Position of V2 in prevision cycle Status of V2

Description of Variables of Fig. 8(b) COVS Status of Conveyor CuI Copper inflow from reactor 2 DM2 Change in speed of motor M2 DF3 Change in line 3 flow F3M Measurement of Line 7 flow F3MC Measurement of Line 7 flow used by controller C3 F3MP Measurement of Line 3 flow in previous cycle F4SS Status of flow sensor F4 L3F Flow through Line 3 M2 Speed of M2 M2P Speed of M2 in previous cycle M2S Status of M2 Description of Variables of Fig. 9(a) DTF1 Change in HCl temperature instruction DTF3 Change in Cu temperature instruction HCS Status of heat chamber HEXS Status of heat exchanger T1S Status of temperature sensor T1 T2S Status of temperature sensor T2 TF1 Temperature of HCl gas TF1M Measurement of HCl temperature TF1MC Temperature of HCl gas used by controller TF1P Temperature measurement of HCl gas in previous cycle TF3 Temperature of Cu TF3M Measurement of Cu temperature TF3MC Temperature of Cu used by controller TF3P Temperature of Cu in previous cycle Description of Variables of Fig. 9(b) DF2 Change in water flow though Line 2 DPM2 Change in speed of pump PM2 DV3 Change in position of valve V3 F2M Measurement of water flow through Line 2 F2MC Measurement of water flow used by controller C6 F2MP Measurement of water flow in previous cycle F2SS Status of flow sensor F3 FL2 Water flow through Line 2 H2OI Water supply

9577

Speed of PM2 in previous cycle Status of PM2 Position of V3 in previous cycle Status of V3

Description of Variables of Fig. 10 CuCl Molten CuCl produced by the hydrogen production reactor DPM1 Change in speed of motor M1 GCC7 Instruction from group controller to controller C7 GCC7R Instruction from group controller received by C7 H2 Hydrogen gas produced by the hydrogen production reactor PM1P Speed of M1 in previous cycle PM1S Status of M1 PM1 Seed of M1

These prime implicants can be used to enhance systems’ performance. For example, based on Prime Implicant #1, excessive waiting time is one of the factors that can affect the performance of the networked control system. The waiting time is dependent on the control network type and the configuration of the network nodes. The reduction of the waiting time can significantly enhance the performance of the control system. Prime Implicant #2 suggests that the combination of large bit time and message size is another factor that leads to the top event. The bit time is dependent on the network type and cannot be changed. The message size can be varied by the system designer. Based on Prime Implicants #3, #4 and #5, the availability and functionality of the communication link and nodes’ processors are major factors that affect communication availability. Thus, those systems must be carefully chosen.

4.2. study

Modeling of hydrogen reactor unit (step 1): a case

As discussed at the beginning of Section 4, there are five control partitions for the hydrogen plant; each is represented by a black box. All these partitions have their respective DFM models. In this section, Partition 1 (the hydrogen reactor unit) is used to demonstrate how to perform detailed DFM modeling. Other partitions can be modeled following similar processes. In order to facilitate the implementation of the DFM model for Partition 1, the functionality of the hydrogen reactor and the control system are discussed below. In the hydrogen reactor, copper particles enter the mixing chamber, descend along an inclined bed and then melt to produce CuCl liquid at the exit. At the same time, HCl gas passes through a mixing chamber to react and generate hydrogen gas in a second exit stream [15]. Wang et al. [16] presented a possible layout for the auxiliary equipment associated with the hydrogen reactor. During the start up of the reaction process, HCl and copper particles are heated to about 450
C. The input reactants to the hydrogen reactor unit are HCl gas, from the fluidized bed unit (Step 4), and copper particles, from the electrochemical cell (Step 2). The products are hydrogen gas and CuCl. The hydrogen gas is stored in a hydrogen storage tank and the CuCl is used in the electrochemical cell (Step 2).

9578

i n t e r n a t i o n a l j o u r n a l o f h y d r o g e n e n e r g y 3 5 ( 2 0 1 0 ) 9 5 6 9 e9 5 8 0

a TF1P

HCS

T1S TF1MC TF1

TF1M

DTF1

C4

From Network Influence 3

To/From Group Controller

TF3P

HEXS

T2S TF3MC TF3

C5

TF3M

DTF3 4

To/From Group Controller

b

To/From Group Controller

V3P

V3S

F3SS

V3

FL2 F2MC

C6

DV3

F2M

DF2

H2OI F2MP

PM2P

PM2S

PM2 5

DPM2

From Network Influence

Fig. 9 e (a) DFM Model of Temperature Control of Lines 1 and 3 and (b) DFM Model of Line 2 Flow.

A Piping and Instrumentation Diagram (P&ID) is developed for the hydrogen reactor unit to demonstrate the configuration of the control systems, as shown in Fig. 7. In this figure, three lines (Line 1, Line 2 and Line 3) are the input lines and three lines (Line 4, Line 5 and Line 6) are the output lines. The input lines are modeled in detail below. HCl gas enters the hydrogen production reactor through Line 1. The flow is controlled by control valve V1 before entering the heating chamber and thereafter it is controlled by valve V2 and pump PM1. Flow measurements are provided to the controllers of the valves and pump through sensors F1 and F2. The DFM model of the flow through Line 1 is shown in Fig. 8(a). The inputs to the model are the HCl gas requirement sent from the group controller to controllers C1 and C2 as well as the HCl inflow from reactor 4. Controller C1 controls the position of valve V1 to regulate the flow of HCl gas into the heating chamber. Controller C2 controls the position of valve V2 and the speed of pump PM1 to regulate the HCl flow into the hydrogen production reactor. The output of the model include: HCl flow requirement from reactor 4 sent from C1 to the group

controller, HCl flow into the hydrogen reactor unit, and measurement of HCl flow into the hydrogen production reactor sent from C2 to group controller. The description of the variables in the DFM model is shown in Table 3. In the model, the flow through before the heating chamber in line 1 (L1F) is used with the flow rate measurement provided by sensor F1 in the previous cycle (L1MP) to determine the current measured flow rate (F1M). This is performed by using the status of the flow sensor (F1SS) to influence the flow rate measurement (e.g., if the sensor is failed as it is, the flow rate will be that of the previous cycle). The flow rate measurement is then transmitted through a communication network whose influence is modelled by the transition box to result in a flow rate measurement used by the controller (F1MC). Based on the received measurement, the controller determines the required change in valve position (DV1). DV1 is used with the valve position in previous cycle (V1P) to determine the actual valve position that will take place (V1). The decision is influenced by the status of the valve (V1S). The newly modelled valve position (V1) is then used with the input HCl gas to define the new flow to the heat chamber. The

9579

i n t e r n a t i o n a l j o u r n a l o f h y d r o g e n e n e r g y 3 5 ( 2 0 1 0 ) 9 5 6 9 e9 5 8 0

PM1P

From Group Controller

PM1S PM1

GCC7R

C7

DPM1

GCC7

1 From Network Influence

2

CuCl

3 4 5

H2

Fig. 10 e DFM Model of Hydrogen Production Reactor.

flow is used in finding the flow to the hydrogen production reactor. This is shown in the lower part of Fig. 9(a). The flow after the heat chamber (L1’F) is used with the measured flow rate by F2 in previous cycle. A similar modeling scheme as that mentioned above is used to allow the controller (C2) to determine the change in the valve position and the change in the pump speed to find the required change in flow rate. The required flow rate is then used with the flow rate L1F to determine the flow of HCl gas into the hydrogen production reactor. Copper particles enter the hydrogen production reactor through Line 3. The flow of copper particles is governed by motor M2. Flow sensor F4 is used to measure Cu particles flow into the hydrogen production reactor. The DFM model of this process is shown in Fig. 8(b). The input to the model is the Cu requirement sent from group controller to C3. The output of the model are the message sent from C3 to the group controller with information regarding Cu flow required from reactor 2 and Cu supply to hydrogen production reactor. The description of variables included in the model is provided in Table 3. The flow through Line 3 is used with the measured flow in previous cycle to determine the currently measured flow. This is influenced by the status of the flow sensor (F4SS). The measurement is then sent to the controller (C3) to determine the change in the motor speed (DM2) to change the flow (DF3). The change in the flow is used with the input copper (CuI) to determine the new flow through Line 3 (L3F). The heat exchanger HEX1 and the heating chamber in the P&ID are used to adjust the temperature of the Cu particles and the HCl gas, before entering the hydrogen production reactor. The dynamic flowgraph model of temperature control of both streams is shown in Fig. 9(a). The inputs to the model

are the HCl and Cu flow temperature requirement sent from the group controller to C4 and C5, respectively. The outputs of the model are the following: HCl and Cu flow temperature measurement sent from C4 and C5 to the group controller, respectively, and temperature of the HCl and Cu flow to the hydrogen production reactor. The description of the variables in the model is in Table 3. In the model, the controller of the heat chamber (C4) determines the required change in the temperature of the flow (DTF1). The change is then used with the temperature of the flow in previous cycle to determine the new temperature. The decision is influenced by the status of the heat chamber (HCS). The temperature measurement is then sent through a network to the controller (C4) for calculation of a new change in temperature. A similar modeling scheme is used in the lower part of Fig. 9(a) to model the temperature of the flow through Line 3 by the heat exchanger. Valve V3 and pump PM2 are used to govern the flow of cooling water into the reactor. The DFM model of the water flow through Line 2 is shown in Fig. 9(b). The description of the variables is shown in Table 3. The inputs of the model are H2O requirement for flow into the hydrogen production reactor sent from the group controller to device controller (C6) as well as the supply of water from a storage tank. The outputs of the model are H2O flow measurement sent from C6 to the group controller and H2O flow into the hydrogen production reactor. In the model, the controller C6 receives the flow rate measurement sent by the sensor (F2MC) for use in determining the change in the valve position (DV3) and pump speed (DPM2). The changes are used in finding the change in the flow which is used with the water input (H2OI) in calculating the flow of water supply to the reactor.

9580

i n t e r n a t i o n a l j o u r n a l o f h y d r o g e n e n e r g y 3 5 ( 2 0 1 0 ) 9 5 6 9 e9 5 8 0

The hydrogen production reactor motor M1 is used to adjust the hydrogen production rate to meet production demand. The production rate calculation is based on a comparison of the hydrogen production demand, and the hydrogen flow rate exiting the production reactor to be stored in a hydrogen tank. The DFM model of the hydrogen production reactor operation is shown in Fig. 10. The inputs to the model are the following: instruction from group controller to controller C7, HCl flow, H2O flow, HCl temperature and Cu temperature, which are represented by the numbered triangles (from Figs. 8 and 9). The outputs of the model are hydrogen gas (H2) and molten CuCl (CuCl). The description of the variables in the DFM Model is provided in Table 3.

5.

Conclusion

The dynamic flowgraph methodology is a promising technique for investigating performance and assessing reliability of systems with dynamic behaviour. In addition to availability of systems, the degradation in performance is also accounted for in the modeling framework. In this paper, the dynamic flowgraph methodology is applied to model both process and control systems of a nuclear-based hydrogen production plant with copperechlorine thermochemical cycle. Through the modeling performed in Section 4.2, it is demonstrated that the dynamic flowgraph modeling technique is capable of capturing the behaviour and interaction of the control system and the controlled process (e.g., equipment status, control decisions, material flow, etc.) with the existence of a digital communication network for the purpose of data exchange between control systems.

references

[1] Aldemir T, Miller DW, Stovsky M, Kirschenbaum J, Bucci P, Mangan LA, et al. Methodologies for the probabilistic risk assessment of digital reactor protection and control systems. Nuclear Technology 2007;159:167e91. [2] Ebeling C. An introduction to reliability and maintainability engineering. McGraw-Hill; 1996. [3] Kim WJ, Ji K, Ambike A. Real-time operating environment for networked control systems. IEEE Transactions on Automation Science and Engineering 2006;3:287e96. [4] Zhang W, Branicky MS, Philips SM. Stability of networked control systems. IEEE Control Systems Magazine; 2001:84e99. [5] Yau M, Guarro S, Apostolakis G. Demonstration of the dynamic flowgraph methodology using the titan II space launch vehicle digital flight control system. Reliability Engineering and System Safety 1995;49:335e53.

[6] Garrett CJ, Guarro SB, Apostolakis GE. Assessing digital control system dependability using the dynamic flowgraph methodology. Transactions of the American Nuclear Society 1993;69:290e1. American Nuclear Society Winter Meeting. [7] Garrett CJ, Guarro SB, Apostolakis GE. The dynamic flowgraph methodology for assessing the dependability of embedded software systems. IEEE Transactions on Systems, Man, and Cybernetics 1995;25:824e40. [8] Cosgrove J, Guarro S, Romanski G, Yau M. Dynamic modeling and verification of safe-set architectures. WESCON 1996;96: 528e33. [9] Guarro SB, Yau MK, Analysis of control software in advanced reactors using the dynamic flowgraph methodology (DFM). In: proceedings of the 1996 ANS International Topical Meeting on Nuclear Plant Instrumentation Control and Human Machine Interface Technologies; 1996. 1025e1032. [10] Guarro S, Yau M, Motamed M. Development of tools for safety analysis of control software in advanced reactors. NUREG/CR-6465. U.S. Nuclear Regularity Commission; 1996. [11] Garrett CJ, Apostolakis GE. Automated hazard analysis of digital control systems. Reliability Engineering and Safety Systems 2002;77:1e17. [12] Houtermans M, Apostolakis G, Brombacher A, Karydas D. Programmable electronic system design & verification utilizing DFM. In: Proceedings of the 19th International Conference on Computer Safety, Reliability and Security; 2000. 275e285. [13] Guarro S, Yau M. Dynamic flowgraph methodology as a tool for process control software PRA. Annual Meeting of the American Nuclear Society 1994;70:222e3. [14] Yildiz B, Kazimi MS. Efficiency of hydrogen production systems using alternative nuclear energy technologies. International Journal of Hydrogen Energy 2006;31:77e92. [15] Naterer G, Suppiah S, Lewis M, Gabriel K, Dincer I, Rosen M, et al. Recent Canadian advances in nuclear-based hydrogen production and the thermochemical CueCl cycle. International Journal of Hydrogen Energy 2009;34:2901e17. [16] Wang Z, Naterer GF, Gabriel K. Multiphase reactor scale-up for CueCl thermochemical hydrogen production. International Journal of Hydrogen Energy 2008;33:6934e46. [17] Soglo AB, Xianhui Y. Networked control system simulation design and its application. Tsinghua Science and Technology 2006;11:287e94. [18] Hemeida AM, El-Sadek MZ, Younies SA. Distributed control system approach for a unified power system. In: 39th International Universities Power Engineering Conference; 2004. 304e307. [19] Hespanha JP, Naghshtabrizi P, Xu Y. A survey of recent results in networked control systems. Proceedings of the IEEE 2007;95:138e62. [20] Al-Dabbagh AW, Lu L. Design and reliability assessment of control systems for a nuclear-based hydrogen production plant with copperechlorine thermochemical cycle. International Journal of Hydrogen Energy 2010;35:966e77. [21] Lian F-L, Moyne J, Tilbury D. Network design consideration for distributed control systems. IEEE Transactions on Control Systems Technology 2002;10:297e307.