CN103426490B - A kind of defence method of reactor protection system common mode failure - Google Patents
A kind of defence method of reactor protection system common mode failure Download PDFInfo
- Publication number
- CN103426490B CN103426490B CN201210163724.9A CN201210163724A CN103426490B CN 103426490 B CN103426490 B CN 103426490B CN 201210163724 A CN201210163724 A CN 201210163724A CN 103426490 B CN103426490 B CN 103426490B
- Authority
- CN
- China
- Prior art keywords
- equipment
- function
- shutdown
- failure
- common
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02E—REDUCTION OF GREENHOUSE GAS [GHG] EMISSIONS, RELATED TO ENERGY GENERATION, TRANSMISSION OR DISTRIBUTION
- Y02E30/00—Energy generation of nuclear origin
Landscapes
- Monitoring And Testing Of Nuclear Reactors (AREA)
Abstract
The present invention relates to a kind of defence method of reactor protection system common mode failure, comprise successively: one, the design data of acquisition target system, determine the function of objective system; Collect the data of each disabler on objective system impact contribution; Two, for the situation that multiple function is only performed by equipment, when this equipment failure probability 1 order of magnitude higher than average level and above time, this equipment is defined as the crucial common-mode point of objective system; The probability causing reactor core to melt when equipment failure in the crucial common-mode point under tripping pattern is higher than 10
-5, then judge that in this crucial common-mode point, equipment has impact to reactor safety; Three, for the function do not connected each other, different equipment is assigned to; To associated function each other, be assigned to same equipment.The present invention is simple, by current conditions restriction little, the equipment of same producer can be adopted to realize system, the defence especially for software common mode failure can significantly reduce costs, be conducive to improve economy.
Description
Technical field
The present invention relates to a kind of defence method of reactor protection system common mode failure, particularly relate to a kind of defence method being applied to the reactor protection system common mode failure of nuclear power plant reactor protection system design.
Background technology
Reactor protection system requires to have high reliability, although protection system mostly have employed redundancy to increase system reliability, simple application redundancy effectively can not defend the impact of common mode failure.Multifarious design is a kind of effective means of defence common mode failure, adopts diverse designs technology can effectively defend the following common mode failure, as: design defect, manufacturing defect, maintenance or run-time error etc.What many employing settings were different from native system at present has multifarious equipment system of defense common mode failure, namely for the common mode failure object needing defence, has multifarious control circuit to the design of certain functions of the equipments.But such mode is often by current conditions and economic influence, analysis of system performance complexity realizes difficulty, and needs to arrange different equipment increase equipment costs.After particularly introducing digitizing technique, may there is the common mode failure caused by software in reactor protection system, if adopt mode in the past, that produces with different manufacturers has multifarious safety class equipment defence common mode failure, may cause significantly increasing cost.Therefore the defence method that a kind of novel reactor protection system common mode failure is provided is needed badly.
Summary of the invention
The technical problem to be solved in the present invention is to provide a kind of defence method of the impregnable reactor protection system common mode failure of function of whole system when ensureing software common mode failure occurs.
For solving the problems of the technologies described above, the defence method of a kind of reactor protection system common mode failure of the present invention, comprises the following steps successively:
The design data of the first step, acquisition target system, determines the function of objective system; Distinguish following two situations: in objective system, an equipment performs a function, and in objective system, an equipment performs multiple function; Collect the data of each disabler on objective system impact contribution;
Second step, the situation that multiple function is only performed by equipment, when this equipment failure probability 1 order of magnitude higher than average level and above time, this equipment is defined as the crucial common-mode point of objective system;
3rd step, cause reactor core to melt when equipment failure in the crucial common-mode point under tripping pattern probability higher than 10
-5, then judge that in this crucial common-mode point, equipment has impact to reactor safety; Described tripping pattern is: when needs equipment performs its function, and due to equipment failure, akinesia cannot perform the fault mode of its function; 4th step, by redistributing functions of the equipments in the influential crucial common-mode point of reactor safety under tripping pattern; For the function do not connected each other, be assigned to different equipment; To associated function each other, be assigned to same equipment.
The signal input and output of distinct device ensure electrical isolation, and the output of distinct device is integrated in the mode of logical "or".
The present invention is directed to same event as far as possible difference in functionality to be distributed in different equipment by analyzing, when making an equipment occur common mode failure, not affecting the function of another equipment.Main advantage is simple, by current conditions restriction little, the equipment of same producer can be adopted to realize system, need not arrange extra diversity equipment, the defence especially for software common mode failure can significantly reduce costs, and is conducive to improving economy.
Embodiment
Below in conjunction with drawings and Examples, the present invention is described in further detail.
Embodiment one
For " feed temperature that water supply system fault causes declines " postulated initiating events
The design data of acquisition target system equipment, determines that " overtemperature Δ T " shutdown, " Over power ΔT " shutdown and " power range neutron fluence rate is high " shutdown function are only performed by an equipment; Collect " overtemperature Δ T " shutdown, " Over power ΔT " shutdown and " power range neutron fluence rate is high " shutdown disabler data on objective system general function impact contribution;
Because " overtemperature Δ T " shutdown, " overtemperature Δ T " shutdown " Over power ΔT " shutdown and " power range neutron fluence rate is high " shutdown function are only performed by an equipment, and this equipment failure probability 2 orders of magnitude higher than average level, determine that this equipment is the crucial common-mode point of objective system;
The probability causing reactor core to melt due to this equipment failure under tripping pattern is higher than 10
-5, so judge that this equipment has impact to reactor safety;
In said system functions of the equipments, " Over power ΔT " shutdown and " power range neutron fluence rate is high " shutdown function connect each other because of function, are distributed in same equipment; " overtemperature Δ T " shutdown function is distributed in another equipment; Two equipment each other function does not associate.
Embodiment two
For " feedwater flow that water supply system fault causes increases " postulated initiating events
The design data of acquisition target system equipment, determines that " power range neutron fluence rate is high " shutdown, " overtemperature Δ T " shutdown, " Over power ΔT " shutdown and " steam generator water level height is high " shutdown function are only performed by an equipment; Collect " power range neutron fluence rate is high " shutdown, " overtemperature Δ T " shutdown, " Over power ΔT " shutdown and " steam generator water level height is high " shutdown disabler data on objective system general function impact contribution;
Because " power range neutron fluence rate is high " shutdown, " overtemperature Δ T " shutdown, " Over power ΔT " shutdown and " steam generator water level height is high " shutdown function are only by an equipment, and this equipment failure probability 2 orders of magnitude higher than average level, determine that this equipment is the crucial common-mode point of objective system;
The probability causing reactor core to melt due to this equipment failure under tripping pattern is higher than 10
-5, so judge that this equipment has impact to reactor safety;
" power range neutron fluence rate is high " shutdown in said system functions of the equipments, " Over power ΔT " shutdown function connect each other because of function, are distributed in same equipment; " overtemperature Δ T " shutdown, " steam generator water level height is high " shutdown function connect each other because of function, are distributed in another equipment; Two equipment each other function does not associate.
Embodiment three
For " secondary circuit steam flow excessively increases " postulated initiating events
The design data of acquisition target system equipment, determines that " overtemperature Δ T " shutdown, " Over power ΔT " shutdown and " power range neutron fluence rate is high " shutdown function are only performed by an equipment; Collect " overtemperature Δ T " shutdown, " Over power ΔT " shutdown and " power range neutron fluence rate is high " shutdown disabler data on objective system general function impact contribution;
Because " overtemperature Δ T " shutdown, " Over power ΔT " shutdown and " power range neutron fluence rate is high " shutdown function are only by an equipment, and this equipment failure probability 1 order of magnitude higher than average level, determine that this equipment is the crucial common-mode point of objective system;
The probability causing reactor core to melt due to this equipment failure under tripping pattern is higher than 10
-5, so judge that this equipment has impact to reactor safety;
In said system functions of the equipments, " Over power ΔT " shutdown and " power range neutron fluence rate is high " shutdown function connect each other because of function, are distributed in same equipment; " overtemperature Δ T " shutdown is distributed in another equipment; Two equipment each other function does not associate.
Embodiment four
For " release of main steam system accident " postulated initiating events
The design data of acquisition target system equipment, determines that " power range neutron fluence rate is high " shutdown, " the positive rate of change of neutron fluence rate is high " shutdown, " voltage stabilizer pressure is low " shutdown, " safety injection signal " shutdown, " Over power ΔT " shutdown, " overtemperature Δ T " shutdown, " steam generator water level is low-low " shutdown and " steam generator water level is low meets signal with feedwater-steam flow mismatch " shutdown function are only performed by an equipment; Collect " power range neutron fluence rate is high " shutdown, " the positive rate of change of neutron fluence rate is high " shutdown, " voltage stabilizer pressure is low " shutdown, " safety injection signal " shutdown, " Over power ΔT " shutdown, " overtemperature Δ T " shutdown, " steam generator water level is low-low " shutdown and " steam generator water level is low meets signal with feedwater-steam flow mismatch " shutdown disabler and objective system general function is affected to the data contributed;
Because " power range neutron fluence rate is high " shutdown, " the positive rate of change of neutron fluence rate is high " shutdown, " voltage stabilizer pressure is low " shutdown, " safety injection signal " shutdown, " Over power ΔT " shutdown, " overtemperature Δ T " shutdown, " steam generator water level is low-low " shutdown and " steam generator water level is low meets signal with feedwater-steam flow mismatch " shutdown function are only performed by an equipment, and this equipment failure probability 2 orders of magnitude higher than average level, determine that this equipment is the crucial common-mode point of objective system;
The probability causing reactor core to melt due to this equipment failure under tripping pattern is higher than 10
-5, so judge that this equipment has impact to reactor safety;
" safety injection signal " shutdown in said system functions of the equipments, " overtemperature Δ T " shutdown and " steam generator water level is low-low " shutdown, because function is because connecting each other, are distributed in same equipment; " power range neutron fluence rate is high " shutdown, " the positive rate of change of neutron fluence rate is high " shutdown, " voltage stabilizer pressure is low " shutdown, " Over power ΔT " shutdown and " steam generator water level is low meets signal with feedwater-steam flow mismatch " shutdown function connect each other because of function, are distributed in another equipment; Two equipment each other function does not associate.
Embodiment five
For " vapour system pipeline breaking " postulated initiating events
The design data of acquisition target system equipment, determines that " power range neutron fluence rate is high " shutdown, " the positive rate of change of neutron fluence rate is high " shutdown, " safety injection signal " shutdown, " voltage stabilizer pressure is low " shutdown, " Over power ΔT " shutdown and " overtemperature Δ T " shutdown function are only performed by an equipment; Collect " power range neutron fluence rate is high " shutdown, " the positive rate of change of neutron fluence rate is high " shutdown, " safety injection signal " shutdown, " voltage stabilizer pressure is low " shutdown, " Over power ΔT " shutdown and " overtemperature Δ T " shutdown disabler data on objective system general function impact contribution;
Because " power range neutron fluence rate is high " shutdown, " the positive rate of change of neutron fluence rate is high " shutdown, " safety injection signal " shutdown, " voltage stabilizer pressure is low " shutdown, " Over power ΔT " shutdown and " overtemperature Δ T " shutdown function are only performed by an equipment, and this equipment failure probability 2 orders of magnitude higher than average level, determine that this equipment is the crucial common-mode point of objective system;
The probability causing reactor core to melt due to this equipment failure under tripping pattern is higher than 10
-5, so judge that this equipment has impact to reactor safety;
In said system functions of the equipments, " safety injection signal " shutdown and " overtemperature Δ T " shutdown function are divided into because function connects each other, are distributed in same equipment; " power range neutron fluence rate is high " shutdown, " the positive rate of change of neutron fluence rate is high " shutdown, " voltage stabilizer pressure is low " shutdown and " Over power ΔT " shutdown function connect each other because of function, are distributed in another equipment; Two equipment each other function does not associate.
Claims (2)
1. a defence method for reactor protection system common mode failure, comprises the following steps successively:
The design data of the first step, acquisition target system, determines the function of objective system; Distinguish following two situations: in objective system, an equipment performs a function, and in objective system, an equipment performs multiple function; Collect the data of each disabler on objective system impact contribution;
Second step, the situation that multiple function is only performed by equipment, when this equipment failure probability 1 order of magnitude higher than average level and above time, this equipment is defined as the crucial common-mode point of objective system;
3rd step, cause reactor core to melt when equipment failure in the crucial common-mode point under tripping pattern probability higher than 10
-5, then judge that in this crucial common-mode point, equipment has impact to reactor safety; Described tripping pattern is: when needs equipment performs its function, and due to equipment failure, akinesia cannot perform the fault mode of its function;
4th step, by redistributing functions of the equipments in the influential crucial common-mode point of reactor safety under tripping pattern; For the function do not connected each other, be assigned to different equipment; To associated function each other, be assigned to same equipment.
2. the defence method of a kind of reactor protection system common mode failure according to claim 1, is characterized in that: the signal input and output of distinct device ensure electrical isolation, and the output of distinct device is integrated in the mode of logical "or".
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210163724.9A CN103426490B (en) | 2012-05-24 | 2012-05-24 | A kind of defence method of reactor protection system common mode failure |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210163724.9A CN103426490B (en) | 2012-05-24 | 2012-05-24 | A kind of defence method of reactor protection system common mode failure |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN103426490A CN103426490A (en) | 2013-12-04 |
| CN103426490B true CN103426490B (en) | 2016-01-27 |
Family
ID=49651104
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201210163724.9A Active CN103426490B (en) | 2012-05-24 | 2012-05-24 | A kind of defence method of reactor protection system common mode failure |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103426490B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110415848B (en) * | 2019-08-05 | 2020-11-24 | 中国核动力研究设计院 | Protection system for reducing superimposed SWCCF accidents in response to heat extraction |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2002091390A1 (en) * | 2001-05-07 | 2002-11-14 | Korea Power Engineering Company, Inc. | Digital reactor protection system for preventing common-mode failures |
| CN101732811A (en) * | 2008-11-20 | 2010-06-16 | 中国核电工程有限公司 | Safety fire zone dividing method for nuclear island factory building |
| CN101732810A (en) * | 2008-11-20 | 2010-06-16 | 中国核电工程有限公司 | Method for analyzing weak link in fire of nuclear power plant |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8249840B2 (en) * | 2009-09-09 | 2012-08-21 | Atomic Energy Council—Institute of Nuclear Energy Research | Diversity and defense-in-depth simulation apparatus |
-
2012
- 2012-05-24 CN CN201210163724.9A patent/CN103426490B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2002091390A1 (en) * | 2001-05-07 | 2002-11-14 | Korea Power Engineering Company, Inc. | Digital reactor protection system for preventing common-mode failures |
| CN101732811A (en) * | 2008-11-20 | 2010-06-16 | 中国核电工程有限公司 | Safety fire zone dividing method for nuclear island factory building |
| CN101732810A (en) * | 2008-11-20 | 2010-06-16 | 中国核电工程有限公司 | Method for analyzing weak link in fire of nuclear power plant |
Non-Patent Citations (2)
| Title |
|---|
| The effect of a certain class of potential common mode failures on the reliability of redundant systems;George E.Apostolakis;《Nuclear Engineering and Design》;19760131;第36卷(第1期);123-133 * |
| 存在共模故障的载荷均担共载冗余系统的可靠性研究;孔凡凡,孙有朝,王伟;《机械科学与技术》;20091031;第28卷(第10期);1287-1291 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN103426490A (en) | 2013-12-04 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10541059B2 (en) | Digital protection system for nuclear power plant | |
| CN102122811B (en) | Protective device starting component for double A/D sampling of electronic transformer in digital substation | |
| CN104240781B (en) | Signal distribution method and signal distribution system of digital instrument control system (DCS) of nuclear power plant | |
| CN102426863A (en) | Signal transmission system and method of reactor in nuclear station | |
| CN102324258A (en) | Method and system for preventing error drive of ATWT (Anticipated Transients without Trip) equipment cabinet | |
| CN101737100A (en) | Turbine emergency protective system capable of preventing misoperation | |
| CN103092186B (en) | Voting structure of two out of three secure output and voting method thereof | |
| CN103426490B (en) | A kind of defence method of reactor protection system common mode failure | |
| CN107168046B (en) | Three-redundancy DCS control system | |
| CN103557116B (en) | The safety device for wind generating set that a kind of hardwire is built | |
| CN208858418U (en) | A kind of Protection System of Turbin | |
| CN104201766B (en) | The method determining prepared auto restart sequential and combination is followed the trail of based on power supply point | |
| CN102720547B (en) | A kind of redundance type turbine emergency trip system | |
| CN202645649U (en) | Emergency trip system of redundancy type turbine | |
| CN105607974A (en) | High-reliability multicore processing system | |
| CN105332744B (en) | Thermal power generation unit prevents the check method of protection system in heat power engineering failure | |
| CN106873616B (en) | Method for judging ground state of flight control system | |
| CN103246260B (en) | Logic control method for steam production equipment by upper control system | |
| CN103391094A (en) | Two-out-of-three logic export optimization method for direct current protection system | |
| CN106646124B (en) | A kind of feeder fault self-adapting diagnostic method of Thief zone distributed generation resource | |
| KR101245049B1 (en) | Nuclear power plant multiple structure adaptive control apparatus and method | |
| CN103337832A (en) | Direct current filter protecting method | |
| KR101997638B1 (en) | Nuclear power plant safety system | |
| CN102339246B (en) | Satellite borne electronic system on basis of hot backup and hot backup method | |
| CN208507214U (en) | A kind of control loop power supply is in alarm device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |