Real-Time Systems, 27, 71±83, 2004

# 2004 Kluwer Academic Publishers. Manufactured in The Netherlands.

A Real-Time Arti®cially Intelligent Monitoring

System for Nuclear Power Plants Operators Support
ROBERTO SCHIRRU1 schirru@lmp.ufrj.br
CLA Â UDIO M. N. A. PEREIRA1,2 cmnap@ien.gov.br
1
Universidade Federal do Rio de Janeiro, PEN/COPPE Ilha do FundaÄo s/n, 21945-970, P.O. Box 68509,
Rio de Janeiro, Brazil
2
ComissaÄo Nacional de Energia Nuclear, DIRE/IEN Ilha do FundaÄo s/n, 21945-970, P.O. Box 68550,
Rio de Janeiro, Brazil

Abstract. In this paper, we describe the arti®cially intelligent monitoring system (AIMS), a framework for
power plants real-time monitoring systems (RT/MS), developed at Federal University of Rio de Janeiro
(COPPE/UFRJ) and applied to the Brazilians Angra-1 and Angra-2 nuclear power plants. The kernel of AIMS is
an object-oriented knowledge-base system, in which acquired and calculated variables, as well as their
interdependencies, are mapped into a hierarchical objects network where the rules and real-time constraints are
implicit in objects operators and network topology. The state of monitored variables updates a fact-base, which
is used by a real-time inference-machine (RT/IM) to activate and synchronize the ®re of the knowledge-base
(KB) rules. The operators man±machine interface (MMI) are, then, updated. Besides, also following the object-
oriented paradigm, AIMS provides many facilities for building and maintaining the KB and the operators MMI.
In order to illustrate the use of AIMS, we show part of a real application in Angra-2 NPP.

Keywords: arti®cial intelligence in NPP real-time monitoring systems, object-oriented knowledge-based

systems, advanced operators' support systems, real-time expert systems, man±machine interface

1. Background

After Three Mile Island (TMI) accident, the nuclear industry effected a large number of
changes with the purpose of improving the operators' performance during emergency
conditions. One such change was the use of computers to help operator's decisions. In
TMI event, the situation was rendered much more serious because, under stress, the
operators were not able to make the correct decisions based on the information spread
throughout the control room by means of indicators, annunciators and alarms.
The use of computers to aid the operators was consolidated once the commissions,
which regulate the use of nuclear energy generation, imposed a requirement to implement
a safety parameter display system (SPDS) in nuclear power plant's (NPPs) control rooms.
The general concept of a SPDS (NRC, 1981) establishes that such a system should
exhibit in a display a minimum set of parameters from which the safety status of the plant
can be determined. This set should include parameters related to (NRC, 1981) reactivity
control, reactor core cooling and heat removal from the primary system, reactor coolant
system integrity, radioactive control and containment integrity. On the basis of this
general concept, the ®rst SPDSs were speci®ed and incorporated in several NPP control
rooms.
72 SCHIRRU AND PEREIRA

Based on this philosophy, in 1982, the ®rst computerized system was speci®ed to the
Brazilian Angra-1 600 MW Westinghouse pressurized water reactor (PWR) (Martinez et
al., 1986). This system started its operation in 1986. Following the soft computing
evolution, in 1992, the development of a new real-time monitoring system (RT/MS)
approach (Machado et al., 1997), including features such as arti®cial intelligence (AI),
graphical users interface (GUI) and object-orientation (OO) paradigm, was initiated. In
1996, the ®rst system developed under this arti®cially intelligent monitoring system
(AIMS) philosophy was operating in Angra-1. In 2000, AIMS was used in the
development of the Angra-2 NPP (a Siemens 1200 MW PWR) Safety Functions System,
and nowadays the complete Angra-2 safety monitoring system (S2A2) is developed using
AIMS framework and will start its operation in 2003.

2. AIMS Overview

AIMS is a powerful framework for developing RT/MS. AIMS uses concepts of OO and
AI in systems' monitoring. The kernel of AIMS is an object-oriented knowledge-base
system (KBS), in which acquired and calculated variables, as well as their
interdependencies, are mapped into a hierarchical objects network where the rules are
implicit in objects operators and network topology. The state of monitored variables
updates a fact-base, which is used by a real-time inference-machine (RT/IM) to activate
and ®re the knowledge-base (KB) rules. A message dispatcher (MD) that is responsible
for updating the operators man±machine interface (MMI) then handles the information.
Besides, also following the OO paradigm, AIMS provides of¯ine tools: the knowledge
acquisition interface (KAI) for building and maintaining the KB and an MMI editor.
Figure 1 shows simpli®ed AIMS blocks diagram.

Figure 1. Simpli®ed AIMS block diagram.

A REAL-TIME ARTIFICIALLY INTELLIGENT MONITORING SYSTEM 73

3. The Knowledge Based System

The AIMS KBS comprises two main features:

1. Of¯ine knowledge acquisition and maintenance, in which through the KAI an of¯ine
KB is constructed and modi®ed.

2. Online real-time monitoring, in which the hierarchical objects network, representing

the rules, which de®ne the real-time application (the online RT/KB) is created
according to the of¯ine KB and used by the RT/IM.

3.1. The Real-Time Knowledge Base

In 1995, coincidentally when the ®rst system developed under AIMS philosophy was
being ®nalized, some authors (Taylor, 1995; Rasmus, 1995) have pointed to the af®nity
between OO and AI. Con®rming this fact, the hierarchical OO structure used in the
knowledge representation adopted in AIMS RT/KB has demonstrated to be a
fundamental key for its effectiveness, maintainability, integrity and easy veri®cation
and validation process. The knowledge domain, which comprises the whole monitored
and calculated variables used by the system, as well as their interdependencies, is mapped
into a hierarchical parents±offspring objects network structure where each node contains
one variable represented by an object that determines its attributes and operations. To
each object is associated a hierarchical level, which is used by the RT/IM while ®ring the
KB. The lower level is represented by the variables from the acquisition. Figure 2
exempli®es a three levels hierarchical objects network.
A link, represented in Figure 2 by arrows, determines a parent±offspring relationship
between two variables. The arrows are orientated in the parents-to-offspring direction.
Here, we say that the parents generate offspring. For example, the link between V12 and

Figure 2. The hierarchical network representation in the AIMS KB.

74 SCHIRRU AND PEREIRA

Figure 3. Hierarchy of classes in AIMS KB.

V22 means that V22 is generated by V12. This hierarchical network represents all the rules
contained in the AIMS RT/KB that could be translated into IF-THEN structures such as:

IF (V11 updated ORV12 updated)

THEN (updating V22 applying operator, considering its dependencies)

The knowledge structure in AIMS RT/KB is based into ®ve main classes, shown in the
hierarchical structure of Figure 3. Variable is an abstract class from which the classes
Analog (for analog variable representation), Binary (for binary variable representation)
and Rate (for representing time variations) are derived.
The class Message represents the facts created in the FB. Every variable change
generates a new fact (creates a new Message object). At the beginning of the monitoring
process, acquired variables are the only Message objects.

3.2. The Knowledge Acquisition and Maintenance Interface

The of¯ine knowledge acquisition and KB maintenance is made by means of the KAI. In
the KAI, through the frames shown in Figure 4, the expert is allowed to create variable
objects, editing their properties and operator rules, as well as to provide their links
(dependencies) to other variables ( parents and offspring). Figure 5 shows a view of the
object network with its interdependencies.
Considering that it is not allowed to the user to de®ne more than one link between two
variables, duplicated rules, as well as inconsistent rules (different operations linking the
same antecedent to the same consequent), are avoided. The problem of rules without the
condition side is also eliminated, due to the fact that a rule is made by a link between two
existent variables.
The time control and synchronism for ®ring rules is automatically made in the
structure, which does not allow offspring nodes to have its update rate greater than the
parents update rates.
Avoiding such kind of errors or inconsistencies, the system becomes more reliable and
the veri®cation and validation process is reduced.
A REAL-TIME ARTIFICIALLY INTELLIGENT MONITORING SYSTEM 75

Figure 4. Object creation frame.

Figure 5. Variables dependencies viewer.

76 SCHIRRU AND PEREIRA

3.3. The Real-Time Inference Machine

It must be outlined that in the RT/KB, not only the topological features, such as variables
interconnections; or derived values calculations are mapped. Time dependencies, such as
updating rates are object attributes. The synchronism required in RT/MS is, however,
handled by the RT/IM.
The RT/IM is responsible for ®ring the rules encoded into the RT/KB object network
structure. When a fact is produced in the FB, the RT/IM looks for a matching between
this fact and the RT/KB rules conditions. Finding a matching rule, it is activated.
If more than one rule is activated, then, a con¯ict resolution strategy must be applied.
The AIMS con¯ict resolution strategy considers, as the ®rst criteria, the hierarchical level
(in the objects network) of the variables affected by rules. Rules related to the lower level
variables have higher priorities and, consequently, will be ®red ®rst.
In cases of rules associated with equal hierarchical level variables, the time the facts
were generated in the FB is considered and the rule activated by the oldest fact in the FB
has the highest priority (is ®red ®rst). Such criterion is only possible due to concepts of
synchronism and concurrency provided in the RT/IM.
Once a rule is ®red, another fact may be generated and put in the FB. Such fact may,
also, activate other rules. The inference process is ®nished when no more rules are
activated.
In order to illustrate the con¯ict resolution; consider the example of Figure 2. This
example can be associated to the following set of rules:

Rule 1: ``IF (V11 updated) THEN (update V21 )''.

Rule 2: ``IF (V11 updated) AND V12 updated) THEN (update V22 )''.

Rule 3: ``IF (V12 updated) THEN (update V23 )''.

Rule 4: ``IF (V13 updated) THEN (update V24 )''.

Rule 5: ``IF (V11 updated AND V21 updated) THEN (update V31 )''.

Rule 6: ``IF (V22 updated) THEN (update V32 )''.

Rule 7: ``IF (V13 updated) THEN (update V33 )''.

Suppose that the facts ``V11 updated'', ``V12 updated'' and ``V13 updated'' arise in the
FB. In this case, rules 1, 2, 3, 4 and 7 are activated. At a ®rst step, rules 1, 2, 3 and 4 will
be ®red, updating the variables in the second level, generating the facts ``V21 updated'',
``V22 updated'', ``V23 updated'' and ``V24 updated''. Then, rules 5 and 6 are activated.
Note that rule 7 has not yet been ®red. Then, as it has been activated by the oldest fact in
the FB, it is the next, and the fact ``V33 updated'' arises in the FB. Afterwards, rules 5 and
6 are ®red, generating the facts ``V31 updated'' and ``V32 updated''.
A REAL-TIME ARTIFICIALLY INTELLIGENT MONITORING SYSTEM 77

4. Veri®cation and Validation

The KBS Veri®cation and Validation (V&V) process is a very complex task (Cullbert et
al., 1991; Harrison and Ratcliffe, 1991). The great dif®culty is due to the subjectivity
contained in the expert rules.
The KBS V&V process comprises the V&V of all its components: the KB, the IM and
the MMI. Considering that the IM and the MMI present characteristics of conventional
software, their V&V processes are also conventional. The differentiation remains on the
KB V&V process.
In the last years, many KBSs were developed for the nuclear industry (Qwre and
Nilsen, 1991; Robinson and Mullhi, 1993; Folleso et al., 1994). By this reason the U.S.
Nuclear Regulatory Commission (NRC) published, in 1996, the NUREG-6316 (NRC,
1995), aimed to be a starting point to the KBS V&V process standardization.
The NUREG-6316 recommendations for OO KB V&V comprise, among other
topics: (1) syntactical errors analysis; (2) semantic errors analysis and (3) OO errors
analysis.
As we have already seen, the knowledge representation used in AIMS is able to
avoid intrinsically several syntactical errors, and, consequently, reduce the V&V
process.
Considering our experience in the V&V process of our NPP RT/MS, which acquires
more than 10,000 variables (analog and digital), we believe that the avoidance of the
bothering and time-consuming task of verifying the syntax of the rules was really a great
feature of the AIMS framework. Such feature provides great gains in the development
time, ful®lling the requirements recommended in NUREG-6316.

5. AIMS Implementation

At the very beginning, a prototype of the KBS was developed using LISP/CLOS
programming language. Nowadays the Angra-1 and Angra-2 computerized systems are
based on PC/compatible computer network, running Windows NT operating system.
Hence, a C ‡‡ version of the RT/IM has been developed using Microsoft Visual C ‡‡ .
The whole KBS as well as procedures and functions related to data acquisition and
communications are written in C ‡‡ .
Following the OO paradigm also in the MMI design, AIMS provide a collection of
graphical components based on the Active-X technology (also programmed in Microsoft
Visual C ‡‡ ) aimed to facilitate the development of operators MMI. Most components
have peculiarities related to NPP and can be easily linked to objects in the RT/KB.
While constructing the operators MMI, more appropriated languages such as Microsoft
Visual Basic, C ‡‡ Builder or Delphi could be interesting due to their graphical
facilities.
Since it was conceived, the AIMS framework has been continuously enhanced. Due to
the OO philosophy adopted in AIMS software architecture, maintenance and
customizations can be easily and ef®ciently done.
78 SCHIRRU AND PEREIRA

6. Application to Angra-2

The AIMS framework was successfully used in the development of the Angra-1 NPP RT/
MS. The latest application developed using AIMS framework is the Angra-2 integrated
computerized system (S2A2), composed by the critical safety functions system (SFCS)
and the integrated system for parameters monitoring (SIMP). In this section, we will
show part of the Angra-2 RT/MS developed under the AIMS framework.

6.1. The SFCS

The SFCS is fundamentally based in a computerized real-time monitoring of a set of

functions called critical safety function (FCS). Its main objectives are:

1. Continuous evaluation of the NPP safety status during emergency situations, through
a real-time monitoring the logical arrangements of FCS.

2. Prioritization of the actions to be executed by the operator under emergency

situations.

3. Indication of the emergency operating procedure needed to lead the plant to a safe
condition.

4. Provide auxiliary elements to aid the operator in the execution of the tasks indicated
in the emergency operating procedures, as well as to monitor, in real-time, the effect
of his action over the safety systems and parameters.

And the set of FCSs used in the Angra-2 SFCS is:

1. Subcriticality.

2. Heat transfer in the primary side.

3. Inventory in the primary.

4. Cold source in the secondary side.

5. Steam generators feeding.

6. Primary integrity.

A limited set of parameters structured in a decision-tree is systematically evaluated in

order to determine the status of each function. The trees have a unique entry point and
several outputs, mutually excluded, informing the procedure that must be realized by the
A REAL-TIME ARTIFICIALLY INTELLIGENT MONITORING SYSTEM 79

Figure 6. Decision tree for the function heat transfer in the primary side.

operator. Figure 6 shows an example of frame containing a decision tree. The colors of
the outputs identify the severity degree.

6.2. The Integrated Parameters Monitoring System

The integrated parameters monitoring system (SIMP) is used during the plant normal
operation. Their main objective is to provide, through a friendly MMI, a minimal set of
information that allows the operator to monitor in an integrated manner the plant
performance during normal operation.
The SIMP provides several different kinds of modules for displaying the system status.
In the graph module, frequently used graphs for both normal and emergency operation are
available, displaying on-line values of variables linked to the KB. Figure 7 exemplify this
module.
Using typical NPP components, such as the steam generator or the reactor core,
together with bar diagrams and indicators, customized windows were developed. The
layout and variable selection of each window can be de®ned in AIMS, which also
associate the graphical objects with the objects in the RT/KB. Figures 8 and 9 exemplify
the steam generator and primary system monitoring.
80 SCHIRRU AND PEREIRA

Figure 7. Graph module: reactor sub-cooling margin.

Figure 8. Steam generator.

A REAL-TIME ARTIFICIALLY INTELLIGENT MONITORING SYSTEM 81

Figure 9. The primary system.

7. Conclusions

Fortunately, since 1996, when the ®rst RT/MS developed using AIMS framework started
operation in a Brazilian NPP, no signi®cant problem has occurred. All systems developed
under AIMS philosophy ful®ll operators expectations. They are well accepted and have
been extensively used not only under transient situations, but also mainly in normal
operation.
In order to illustrate the system operation, we could remember a simple event, which
has lead to the reactor trip is related. After the reactor trip, the FCS indicated ``Cold
source in the secondary side'' due to a ``De®cient cooling'' message. After some time,
the critical safety function ``Cold source in the secondary side'' disappeared and latter it
started a cyclic process of appearing and disappearing.
Based on a tree representation of the dependencies of the variable that indicates ``Cold
source in the secondary side'', the operators could investigate the event, concluding the
following. After the reactor trip, the turbine has also tripped and the valves were
automatically closed. As a consequence, the steam generator (SG) pressure has increased,
reaching the set-point. Due to the increase in the SG pressure, the boron water tank (BWT)
level reached a set-point of minimum value. Fortunately, the cause of the alarm ``cold source
in the secondary side'' was due to a non-adequate set-point limit used for the BWT level.
The use of a KBS has, itself, several advantages over the use of conventional software,
such as reduction of program size and easy maintainability (as it can be generally done
from the knowledge acquisition interface) and customization (as the application is mostly
82 SCHIRRU AND PEREIRA

customized in the KB). AIMS has, of course, such advantages. Emphasizing that, the use
of object-oriented paradigm in AIMS also improves system maintainability and
customization.
Considering that the main task of an RT/MS is to update variables through data
acquisition and calculation of derived variables, mapping expert rules into the proposed
objects network structure, leads to a natural way for representing RT/MS expert rules.
Another point to be outlined is that AIMS knowledge representation structure
intrinsically avoids syntactical errors, improving the systems' reliability and reducing the
time spent in the V&V process.
In summary, we can conclude that, using an adequate knowledge representation, which
naturally express variables topological and temporal dependencies, together with an
inference machine, which can perfectly adapt to that knowledge representation and deal
with real-time constraints, the development of RT/MS could facilitate, easing the V&V
process and improving the overall systems' reliability level.

References

Cullbert, C., Hamilton, D., and Kelley, K. 1991. State-of-the-practice in knowledge-based systems veri®cation
and validation. Expert Systems with Applications 3: 403±410.
Folleso, K., Fordestrommen, K., and HolmstroÈm, C. 1994. ISACS-1Ða limited prototype of the advanced
control room. In Proceedings of the International Atomic Energy Agency, pp. 11±19.
Harrison, P. R., and Ratcliffe, P. 1991. Towards standard for the validation of expert systems. Expert Systems
with Applications 2: 251±258.
Machado, L., Schirru, R., and Martinez, A. S. 1997. Modelagem do conhecimento para sistemas inteligentes de
monitoraccËaÄo em seguranccËa de Usinas Nucleares, X Encontro Nacional de FiÂsica de Reatores (in Portuguese).
Martinez, A. S., Oliveira, L. F. S., Schirru, R., Silva, R. A., and ThomeÂ, Z. D. 1986. A new concept of safety
parameter display system. In Annals of the Seminar on Nuclear Engineering in Latin America. ANS, Mexico.
NRC. 1981. United States Nuclear Regulatory Commission, Functional Criteria for Emergency Response
Facilities. Final Report NUREG-0696, USNRC, Washington, DC.
NRC. 1995. NUREG/CR-6316, Guidelines for the Veri®cation and Validation of Expert System Software and
Conventional Software, Of®ce of the Nuclear Reactor Regulation, US Nuclear Regulatory Commission,
Washington, DC and Electric Power Research Institute.
Qwre, F., and Nilsen, S. 1991. Integration of a real-time expert system and modern graphic display system in a
Swedish nuclear power plant control room. Expert Systems with Applications 3: 195±205.
Rasmus, D. W. 1995. Ruling classes: the heart of knowledge-based systems. Object Magazine July/August: 41±
43.
Robinson, G., and Mullhi, J. S. 1993. A modern implementation of G2 on a solvent extraction process. The
Potential of Knowledge Based Systems in Nuclear Installations. IAEA, pp. 81±86.
Taylor, D. 1995. Building Intelligent Objects. Object Magazine July/August: 18±19.

Roberto Schirru received his M.Sc. and D.Sc.

degrees, both in Nuclear Engineering, from
Universidade Federal do Rio de Janeiro (UFRJ),
Brazil. He is a Professor in Nuclear Engineering
Department at COPPE/UFRJ since 1983 and have
done his post doctorate in Arti®cial Intelligence at
IDSIA, Lugano, Switzerland. He is responsible for
A REAL-TIME ARTIFICIALLY INTELLIGENT MONITORING SYSTEM 83

the development and installation of the Angra 1 and

Angra 2 NPP's SPDS, in Rio de Janeiro, Brazil. His
research interest includes real-time monitoring,
arti®cial intelligence and optimization techniques.

ClaÂudio MaÂrcio do Nascimento Abreu Pereira was

born in 1968 at Rio de Janeiro, Brazil, where he lives
with his wife and three children. He received his
D.Sc. degree in Nuclear Engineering from
Universidade Federal do Rio de Janeiro in 1999.
He is a researcher at ComissaÄo Nacional de Energia
Nuclear (CNEN), in Rio de Janeiro, Brazil, since
1995. He is also a Professor of Human Factors and
Arti®cial Intelligence in the Nuclear Engineering
Department at COPPE/UFRJ since 2001 and his
actual research interests include real-time decision
support systems and evolutionary computation.