Feasibility study on the integration of PRA methods and model checking

Digital instrumentation and control (I&C) systems play an important role in the operation of nuclear power plants (NPP). The safety and reliability analysis of such systems is challenging. We have focused on the use of two methods: model checking for verifying the correctness of I&C systems, and fault tree analysis (FTA) in the context of probabilistic risk assessment (PRA). Model checking is a formal method capable of exhaustively analysing system behaviour. Fault tree analysis is a top down approach used for failure analysis. Neither approach can sufficiently analyse situations involving both software design errors and hardware failures. In this paper, we look for different ways to solve this issue and to integrate and couple these two methods to enable more extensive or practical safety analysis of digital I&C systems. We identify several potential integration approaches and analyse their feasibility. We also propose a concrete concept-level coupling approach, and experiment with it in practice using a small example model.