Simulators as a design tool: meeting the challenge of early V&V2 December 2021
Dynamic simulation is being introduced earlier in engineering life cycles, allowing for better validation and faster development. Jean-Christophe Blanchon and Guillaume Hemery
In designing a new nuclear power plant, a full-scope simulator (FSS) is developed alongside and is necessary for the training of plant operators. It is also often used as supporting tool when performing integrated system validation before the plant is commissioned.
By 2000, it had become clear that the simulators could be a substantial asset in validating in instrumentation and control (I&C) systems. The integration capabilities of simulation platforms like ALICES®, developed by CORYS, were used to co-simulate the detailed design I&C at the same time as the simulator process models were developed and refined.
The process usually begins with integrating the specifications in the form of executable models. When the teams have made sufficient progress in the implementation, they can switch to an emulator of the target technology.
The ultimate step is the ‘hardware in the loop’ with a direct connection between the simulator and the cabinets.
Do it simpler, but do it sooner
Unfortunately the simulator becomes operational late in the project lifecycle and it cannot apply to the upstream design, which would help to define the expectations and the missions of the plant.
To meet these new needs the simulator provider has to completely change its mindset. The end user, who would previously have been an operator comfortable in the control room, is now a multi-skilled team of designers. The accuracy of the models is no longer the problem. Assumptions must be checked and this can quite often lead to the generation of a new simulator.
CORYS and Framatome took up this challenge with ELVEES (Early Launch of Validation via an Evolving Engineering Simulator), developing an evolving engineering simulator strategy starting in 2018.
The simulator in its early steps is a lower-fidelity engineering simulator, accessible to the design teams during the project’s basic design phase. It supports early and iterative validation of both the engineered set of operator displays (shown on multiple desktop screens at each operator’s workstation and serving as the plant’s main human/machine interface) and of I&C systems. This initially lower-fidelity simulator evolves, in parallel with the project and the increasing design maturity of the deliverables.
The applied strategy is focused on the deliverables of the Framatome I&C business unit, rather than centering on the plant’s fluid and steam systems, as commonly happens with the FSS.
Five steps to support digital continuity and systems engineering
ELVEES evolves in five steps, each compliant with systems engineering principles and ensuring digital continuity with current design practices.
Step 1 – Validation of operator displays: drafted using a standard graphic editor, the displays are imported into the ELVEES environment with three clicks. Validations guided by human factors engineering (HFE) can be conducted in a dynamic environment of sufficient fidelity. Full-fledged plant behaviour cannot yet be represented, but the characteristics of the representation provided by each of the simulated displays are duly reflected and can be viewed and evaluated. Implemented displays can be imported using their native file type.
Step 2 – Validation of the consistency of the plant I&C systems (operational and safety-related). All different I&C systems can be virtually integrated, whereas at the real test-bay, full interconnection is not always possible. Combined with the displays of Step 1, the understanding of I&C functions is effectively enhanced and their complexity reduced (versus interpretation of underlying piping and logic circuitry diagrams). Testing material already developed for the open loop test campaign can be reused. The platform also assists in drafting electronic plant operating manuals.
Step 3 – Functional validation: this is the most costly step, as it requires a plant model, including accurate models of systems’ hydraulic and electrical parts. Models can be based on the CORYS simulation workshop ALICES® or on any other model used in the project (e.g. for plant transient analysis).
Step 4 – At this step, ELVEES is a worthy engineering simulator able to support commissioning activities and de-risk them. Commissioning procedures and test instructions can be prepared.
Step 5 – The transition from an engineering simulator to a full-scope simulator is quite small, when both share the same models. Commonly known FSS-related challenges can be simplified and would consist ideally of erecting and cabling a replica of the plant main control room.
Exploration of design variants are then easily implementable for further optimization of the design.
ELVEES is deployed in new-build projects and has reached its intended objective to be an integrated part of the engineering process.
The first step was adopted in 2019 by the departments for human factors engineering and human-machine interface (HFE and HMI). This practice provides better formalisation and standardisation of the process of design and evaluation.
Finally, ELVEES allws engineers of various plant disciplines come together and jointly explore problems and resolve them in a holistic manner, optimally taking into account each discipline’s tradeoffs and constraints.
The Step 2 tools have been developed and their use is being established. Demonstrations have shown that issues that are hard to discover using conventional methods are easier to identify, resolve, and report.
Step 3 will start soon with the integration of a simulation model of a PWR, complemented by some ALICES® models.
Automate to speed up
The simulator company may be on the critical path when a virtual environment is required for validation. This seems obvious for Step 3 (functional validation) where a process model is expected. Step 1 (validation of operator displays) is quite straightforward if data close to the implementation are available. However, if these are only high level specifications, simulated logic should also be added at this stage.
One way to manage time constraints is to embed simulator engineers within the team, but this my not be enough to speed up variant deliveries if multiple scenarios need to be verified. The key is in automating the modeling work as much as possible.
According to the positioning in the life cycle, operator displays can be imported in ELVEES either from graphic specifications (Visio files) or from the DCS implementation files (Siemens TEC4 formalism). When only a graphic sketch is provided, it is analyzed to automatically create models required for the dynamic execution. This includes all the level 0 sensors and actuators, part of the logic level 1 and part of the alarms and commands. Although the rest of the environment must be built by hand, this greatly reduces the effort to set up the test bench.
CORYS wants to go further by offering simulation adapted to work during the preliminary design phases.
In such projects, human factors engineers would like to quickly evaluate the main operating principles of the plant by performing the significant transients. More than a modeling environment, they need a very accessible prototyping tool.
This will be one of the challenges raised in ICAREx project, led by EDF and recently qualified for France Relance post-Covid stimulus funding, as part of the nuclear industry modernization programme. On track towards Small Modular Reactors (SMRs) and GEN IV Reactors.
About the authors
Jean-Christophe Blanchon is CORYS – Industry and Energy, R&D Manager
Guillaume Hemery is Framatome - BU I&C - Systems Engineering (SE) Core Team Stream Lead “Robust Design and Simulation” (ICN)