Accident Analysis of Protective Systems Based on System Control Concepts

In modern complex systems such as chemical and nuclear plants, as its hardware system reliability increases due to the advancement of technology, systemic failures such as software design errors become a significant contributor to system accidents. In the software design of a protective system, not only its own performance, but also its interactions with other components must be considered. This paper presents an accident analysis of computerized protective systems based on the concept of safety control functions. In the proposed approach, based on system control relations, the entire system can be represented as a hierarchical structure of control functions. Since the system safe condition must be always maintained by various control functions, an accident (or a deviation from the safe condition) can be regarded as a dysfunction of the entire system control function for safety. Based on the fundamental requirements for a basic control system, a checklist can be developed to identify possible causes of a dysfunction of the control system. Using this checklist, the possibility of a dysfunction can be systematically examined for each control system from the operational level to the system controller at the top level. For an ill-defined part of the specification, the complete check of all possible situations can identify any serious ones to be considered in the design. An example of an emergency protective system is provided, illustrating the details of the proposed method.