CN110085333B - Protection system suitable for small-size reactor - Google Patents
Protection system suitable for small-size reactor Download PDFInfo
- Publication number
- CN110085333B CN110085333B CN201910299648.6A CN201910299648A CN110085333B CN 110085333 B CN110085333 B CN 110085333B CN 201910299648 A CN201910299648 A CN 201910299648A CN 110085333 B CN110085333 B CN 110085333B
- Authority
- CN
- China
- Prior art keywords
- subunit
- diversity
- safety
- signal
- shutdown
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- G—PHYSICS
- G21—NUCLEAR PHYSICS; NUCLEAR ENGINEERING
- G21C—NUCLEAR REACTORS
- G21C9/00—Emergency protection arrangements structurally associated with the reactor, e.g. safety valves provided with pressure equalisation devices
- G21C9/02—Means for effecting very rapid reduction of the reactivity factor under fault conditions, e.g. reactor fuse; Control elements having arrangements activated in an emergency
- G21C9/022—Reactor fuses
-
- G—PHYSICS
- G21—NUCLEAR PHYSICS; NUCLEAR ENGINEERING
- G21D—NUCLEAR POWER PLANT
- G21D3/00—Control of nuclear power plant
- G21D3/001—Computer implemented control
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02E—REDUCTION OF GREENHOUSE GAS [GHG] EMISSIONS, RELATED TO ENERGY GENERATION, TRANSMISSION OR DISTRIBUTION
- Y02E30/00—Energy generation of nuclear origin
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02E—REDUCTION OF GREENHOUSE GAS [GHG] EMISSIONS, RELATED TO ENERGY GENERATION, TRANSMISSION OR DISTRIBUTION
- Y02E30/00—Energy generation of nuclear origin
- Y02E30/30—Nuclear fission reactors
Abstract
The invention provides a protection system suitable for a small reactor, which comprises a signal processing module, a logic processing module, an equipment interface module and a shutdown circuit breaker, wherein the signal processing module comprises a plurality of signal processing units, and each signal processing unit consists of a first diversity subunit and a second diversity subunit; the logic processing module comprises a plurality of logic processing units, and each logic processing unit consists of a third diversity subunit and a fourth diversity subunit; all first diversity subunits are connected with all third diversity subunits, all second diversity subunits are connected with all fourth diversity subunits, and the third diversity subunits and the fourth diversity subunits of the same logic processing unit are simultaneously connected with a pair of shutdown circuit breakers. The invention solves the problems of low processing speed and large communication traffic in the prior art by separating the signal processing module and the logic processing module.
Description
Technical Field
The invention relates to the technical field of nuclear power, in particular to a protection system suitable for a small reactor.
Background
The existing reactor protection system is generally based on a large onshore pressurized water reactor, is not suitable for a small offshore compact reactor, and adopts a large amount of redundant, diversified and function-dispersed designs in the design, so that the IO scale is large, the number of cabinets is large, the signal interaction is complex, and the number of internal communication board cards is large.
Disclosure of Invention
In order to solve the technical problem, the invention provides a protection system which has a compact structure and appropriate redundancy and is suitable for a small reactor.
The invention provides a protection system suitable for a small reactor, which comprises a signal processing module, a logic processing module, an equipment interface module and a shutdown circuit breaker, wherein:
the signal processing module comprises a plurality of signal processing units, and each signal processing unit consists of a first diversity subunit and a second diversity subunit;
the logic processing module comprises a plurality of logic processing units, and each logic processing unit consists of a third diversity subunit and a fourth diversity subunit;
all the first diversity subunits are connected with all the third diversity subunits, all the second diversity subunits are connected with all the fourth diversity subunits, the third diversity subunits and the fourth diversity subunits in the same logic processing unit are simultaneously connected with a pair of shutdown circuit breakers, and the third diversity subunits and the fourth diversity subunits in the same logic processing unit are connected with the same equipment interface module;
each signal processing unit is used for acquiring a measurement signal from a corresponding sensor, determining whether to trigger a shutdown local trip signal and/or a special safety facility local trigger signal according to the measurement signal and a preset threshold value, and sending the shutdown local trip signal and/or the special safety facility local trigger signal to a corresponding diversity subunit in each logic processing unit;
the third diversity subunit and the fourth diversity subunit of each logic processing unit are used for voting the local trigger signals of the special safety facilities received from each signal processing unit respectively and sending the voting results to the equipment interface module; the third diversity subunit and the fourth diversity subunit of each logic processing unit are further configured to vote on a local trip signal of a shutdown received from each signal processing unit, execute or logically combine the shutdown breaker trigger signals obtained by the voting, and send the shutdown breaker trigger signals obtained by the combination to corresponding shutdown breakers;
the reactor shutdown circuit breaker is used for receiving a reactor shutdown circuit breaker trigger signal and controlling the reactor to shutdown according to two-out-of-four hard logic formed by the reactor shutdown circuit breaker through hard wiring;
the device interface module is used for receiving an automatic drive instruction of a special safety facility, a drive instruction of a safety automatic module and a drive instruction of a Non-safety distributed Control System (NC-DCS), comparing the priority of the drive instruction and sending the drive instruction to corresponding devices.
Further, the signal processing unit comprises a signal preprocessing subunit, a threshold comparison subunit and a first sending subunit, wherein:
the signal preprocessing subunit is used for acquiring the measurement signals from the corresponding sensors and conditioning the measurement signals into standard signals;
the threshold comparison subunit is used for comparing the standard signal with a preset threshold to determine whether to trigger a local trip signal of shutdown and/or a local trigger signal of a special safety facility;
and the first sending subunit is used for sending the local trip signal of the shutdown and/or the local trigger signal of the special safety facility to each logic processing unit.
Further, the logic processing unit comprises a receiving subunit, a voting subunit and a second sending subunit, wherein:
the receiving subunit is used for receiving the local trip signal of the shutdown and/or the local trigger signal of the special safety facility;
the voting subunit is used for voting the local trip signals of the shutdown to obtain trip circuit breaker trigger signals, and voting the local trip signals of the special safety facilities to obtain automatic driving instructions of the special safety facilities;
and the second sending subunit is used for sending the combined trip breaker trigger signal to the trip breaker and sending the two paths of special safety facility automatic driving instructions of the two control stations of the same diversity subgroup to the same equipment interface module respectively.
Further, the system also comprises a network module, a gateway module, a safety automation module, a reactor core cooling monitoring system, a safety control display module and an alarm processing module, wherein:
the network module comprises a data transmission station, a first security level ring network, a second security level ring network, a first non-security level ring network and a second non-security level ring network, wherein the data transmission station comprises a first data transmission unit and a second data transmission unit;
the gateway module comprises a first gateway and a second gateway;
the safety automation module comprises a first safety automation unit and a second safety automation unit;
the first non-security ring network is respectively connected with the first data transmission unit, the second data transmission unit, the alarm processing module and the first gateway, and is used for the protection system to transmit data to the NC-DCS;
the core cooling monitoring system comprises a first core cooling monitoring unit and a second core cooling monitoring unit;
the safety control display module comprises a first safety control display unit and a second safety control display unit;
the first data transmission unit and the second data transmission unit are respectively connected with the first diversity subunit and the second diversity subunit;
the first safety-level ring network and the second safety-level ring network are respectively connected with a data transmission station, a third diversity subunit, a fourth diversity subunit, a safety automation module, a reactor core cooling monitoring system and a safety control display module;
the first safety automation module is connected with the first equipment interface unit, and the second safety automation module is connected with the second equipment interface unit;
the second non-security ring network is respectively connected with all the security control display modules and the second gateway;
the first gateway and the second gateway are respectively connected to the NC-DCS.
Further, the first diversity subunit, the second diversity subunit, the third diversity subunit and the fourth diversity subunit are respectively composed of two control stations, wherein the two control stations of the first diversity subunit and the second diversity subunit are both in hot standby redundancy arrangement, and the two control stations of the third diversity subunit and the fourth diversity subunit are both in parallel redundancy arrangement;
the first safety automation unit and the second safety automation unit are both composed of two hot standby redundant control stations;
each equipment interface module consists of a plurality of equipment interface hardware board cards;
a calibration line is arranged between the first core cooling monitoring unit and the second core cooling monitoring unit, and the first core cooling monitoring unit and the second core cooling monitoring unit are respectively composed of two hot standby redundant control stations;
each safety control display unit consists of safety level display control equipment arranged at an operator station of a main control room, a special safety disc and an operator station of a remote shutdown station;
the first data transmission unit and the second data transmission unit are both composed of two parallel redundancy control stations;
the first gateway and the second gateway are both composed of two parallel redundant gateways;
the first safety level ring network, the second safety level ring network, the first non-safety level ring network and the second non-safety level ring network are all double-network redundancy ring structures.
Further, the safety automation module is used for sending a driving instruction to the equipment interface module, and the driving instruction is used for controlling the reactor to be switched from a controllable state to a safe shutdown state.
Further, the core cooling monitoring system is used for acquiring core temperature and water level signals;
the core cooling monitoring system is also used for controlling the analog quantity regulating equipment.
Further, the first gateway is used for realizing forwarding of security distributed control signals of the protection system to the NC-DCS.
Further, the second gateway is used for forwarding a command of calling a display picture of the safety control display unit by the NC-DCS to the safety control display unit.
The implementation of the invention has the following beneficial effects:
the invention utilizes the layered design of the Signal processing module and the logic processing module, the pile-stopping and special Signal acquisition, preprocessing and threshold value comparison are realized by a Signal Processing Cabinet (SPC), the pile-stopping and special driving logic is uniformly processed by a Logic Processing Cabinet (LPC), the quantity of network communication board cards among SPC can be reduced, the response time of the special driving is obviously improved, the response to the accident condition is facilitated, the arrangement of the board cards in the Cabinet is optimized, the logic processing unit adopts the parallel redundancy arrangement, the dispersion of the pile-stopping and special safe implementation driving functions can be realized, the load of a control station is effectively reduced, and the response time of the system is improved.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to the drawings without creative efforts.
Fig. 1 is an architecture diagram of a protection system suitable for a small reactor according to an embodiment of the present invention.
FIG. 2 is a block diagram of a shutdown function provided by an embodiment of the present invention.
Fig. 3 is a detailed diagram of the sub-unit and the trip breaker in the logic processing unit according to the embodiment of the present invention.
Fig. 4 is a functional block diagram of an ad hoc security device driver provided in an embodiment of the present invention.
Fig. 5 is a logic structure diagram of a signal processing unit according to an embodiment of the present invention.
Fig. 6 is a logic structure diagram of a logic processing unit according to an embodiment of the present invention.
Fig. 7 is an architecture diagram of a protection system suitable for a small reactor according to an embodiment of the present invention.
Fig. 8 is a block diagram of the trip breaker control logic function provided by an embodiment of the present invention.
Detailed Description
The core content of this patent is the separation of the signal processing module and the logic processing module, and the following describes the specific implementation of the system with reference to the accompanying drawings and embodiments.
An embodiment of the protection system provided by the present invention, which is suitable for a small reactor, will be described in detail below.
As shown in fig. 1, an embodiment of the present invention provides a protection system suitable for a small reactor, the system includes a signal processing module 11, a logic processing module 12, a trip breaker 13, and an equipment interface module 14, wherein:
the signal processing module 11 includes a plurality of signal processing units, in this embodiment, there are 3 signal processing units, including a signal processing unit 111, a signal processing unit 112, and a signal processing unit 113, each signal processing unit is composed of a first diversity subunit and a second diversity subunit, for example, the signal processing unit 111 is composed of a first diversity subunit 114 and a second diversity subunit 115, the signal processing unit 112 is composed of a first diversity subunit 116 and a second diversity subunit 117, and the signal processing unit 113 is composed of a first diversity subunit 118 and a second diversity subunit 119.
The logic processing module 12 includes a plurality of logic processing units, in the present embodiment, the logic processing module 12 includes a logic processing unit 121 and a logic processing unit 122, each logic processing unit is composed of a third diversity subunit and a fourth diversity subunit, for example, the logic processing unit 121 is composed of a third diversity subunit 123 and a fourth diversity subunit 124, and the logic processing unit 122 is composed of a third diversity subunit 125 and a fourth diversity subunit 126; the logical processing module 12 includes A, B two sequences, the logical processing unit 121 is an a sequence, and the logical processing unit 122 is a B sequence.
It should be noted that the first diversity subunit, the second diversity subunit, the third diversity subunit and the fourth diversity subunit are all composed of two control stations, and certainly, the first diversity subunit and the second diversity subunit are different from the third diversity subunit and the fourth diversity subunit in software and hardware; the two control stations of the first diversity subunit and the second diversity subunit are both arranged in a hot standby redundancy mode, and the two control stations are backup to each other; and the two control stations of the third diversity subunit and the fourth diversity subunit are in parallel redundancy arrangement.
The first diversity subunit 114, the first diversity subunit 116 and the first diversity subunit 118 are connected to the third diversity subunit 123 and the third diversity subunit 125, respectively, and the second diversity subunit 115, the second diversity subunit 117 and the second diversity subunit 119 are connected to the fourth diversity subunit 124 and the fourth diversity subunit 126, respectively; if there are more third diversity subunits in other embodiments, the first diversity subunit is connected to all third diversity subunits, and similarly the second diversity subunit is connected to the fourth diversity subunit;
the third diversity subunit 123 and the fourth diversity subunit 124 in the same logic processing unit 121 are both connected to a pair of trip breakers 131 and a pair of trip breakers 132, and the third diversity subunit 125 and the fourth diversity subunit 126 in the same logic processing unit 122 are both connected to a pair of trip breakers 133 and a pair of trip breakers 134, in this embodiment, 4 pairs of trip breakers; the third diversity subunit 123 and the fourth diversity subunit 124 of the same logical processing module 121 are connected to the same device interface module 141, and the third diversity subunit 125 and the fourth diversity subunit 126 of the same logical processing module 122 are connected to the same device interface module 142.
Each signal processing unit is used for acquiring a measurement signal from a corresponding sensor, determining whether to trigger a shutdown local trip signal and/or a special safety facility local trigger signal according to the measurement signal and a preset threshold value, and sending the shutdown local trip signal and/or the special safety facility local trigger signal to a corresponding diversity subunit in each logic processing unit.
It should be noted that each signal processing unit corresponds to one or more sensors; the preset threshold comprises a shutdown threshold and a special safety threshold, and when the measuring signal is greater than the shutdown threshold, a local trip signal for shutdown is determined to be triggered; when the measurement signal is greater than the special safety threshold, determining to trigger a local trigger signal of the special safety facility; when the first diversity subunit in the signal processing unit determines the triggered local trip signal of shutdown and/or the local trigger signal of the special safety facility, the signal processing unit sends the signal to the third diversity subunit in each logic processing unit, and when the second diversity subunit in the signal processing unit determines the triggered local trip signal of shutdown and/or the local trigger signal of the special safety facility, the signal processing unit sends the signal to the fourth diversity subunit in each logic processing unit.
The third diversity subunit and the fourth diversity subunit of each logic processing unit are used for voting the local trigger signals of the special safety facilities received from each signal processing unit respectively and sending the voting results to the equipment interface module;
the third diversity subunit and the fourth diversity subunit of each logic processing unit are further configured to vote on the local trip signals of the shutdown circuit breaker received from each signal processing unit, execute or logically combine the shutdown circuit breaker trigger signals obtained by the voting, and send the shutdown circuit breaker trigger signals obtained by the combination to the corresponding shutdown circuit breaker;
it should be noted that the result of the voting includes trip breaker trigger signals and special safety facility automatic driving commands.
The shutdown circuit breaker is used for receiving a shutdown circuit breaker trigger signal; and controlling the reactor shutdown according to a two-out-of-four hard logic formed by the shutdown circuit breaker through a hard wire.
It should be noted that the reactor shutdown circuit breaker controls reactor shutdown through two-out-of-four hard logic, and aims to improve the reliability of reactor shutdown.
The equipment interface module is used for receiving an automatic driving instruction of the special safety facility, a driving instruction of the safety automation module and a driving instruction of the NC-DCS, comparing the priority of the driving instructions and sending driving signals to corresponding equipment.
As shown in FIG. 2, an embodiment of the present invention provides a shutdown functional block diagram.
It should be noted that the preset threshold includes a shutdown threshold and a special safety threshold, and when the measurement signal reaches the shutdown threshold, a local trip signal of shutdown is triggered; and when the measuring signal reaches the special safety threshold value, triggering a local triggering signal of the special safety facility.
The step coincidence logic 23 is executed by the logic processing unit 121, the third diversity subunit 123 of the logic processing unit 121 is configured to receive the shutdown local trip signal from the first diversity subunit 114 of the signal processing unit 111, and the fourth diversity subunit 124 of the logic processing unit 121 is configured to receive the shutdown local trip signal from the second diversity subunit 115 of the signal processing unit 111;
the third diversity subunit 123 is further configured to receive the local trip signals of the shutdown from the first diversity subunit 116 and the first diversity subunit 118, vote the local trip signals of the shutdown to obtain trip circuit breaker trigger signals, and the third diversity subunit 123 and the fourth diversity subunit 124 are further configured to execute or logically combine the trip circuit breaker trigger signals obtained by the voting, and send the trip circuit breaker trigger signals obtained by the combination to the corresponding trip circuit breaker.
The voting means that two or more of the three signals are trigger signals, and the local trigger signals of the shutdown circuit breakers are obtained after voting.
The shutdown circuit breaker 131 is used for receiving a shutdown circuit breaker trigger signal and controlling the shutdown of the reactor according to a two-out-of-four hard logic formed by the shutdown circuit breaker through a hard wire.
It should be noted that the working procedure of the fourth diversity subunit 124 is the same as that of the third diversity subunit 123, and the third diversity subunit 123 and the fourth diversity subunit 124 are also connected to another trip breaker by hard wiring.
As shown in fig. 3, the embodiment of the present invention provides a detailed diagram of the sub-unit connection to the trip breaker in the logic processing unit.
In fig. 2, a detailed diagram of the sub-unit and the trip breaker connection in the logic processing unit is not provided for illustrating the principle of the trip function triggering, and is specifically described in the embodiment corresponding to fig. 3.
The third diversity subunit 123 includes a control station 1231 and a control station 1232, the fourth diversity subunit 124 includes a control station 1241 and a control station 1242, and the control station 1231 and the control station 1241 are further configured to perform or logically combine the voted trip circuit breaker trigger signals, and send the combined trip circuit breaker trigger signals to the corresponding trip circuit breakers 131; the control station 1232 and the control station 1242 are further configured to perform or logically combine the voted trip breaker trigger signals, and send the combined trip breaker trigger signals to the corresponding trip breakers 132.
As shown in fig. 4, an embodiment of the present invention provides a functional block diagram of an ad hoc security device driver.
The step acquisition 31 is executed by the signal processing unit 111, and the first diversity subunit 114 of the signal processing unit 111 is configured to acquire a measurement signal from a corresponding sensor, and determine whether to trigger a local trip signal of a shutdown or a local trigger signal of a dedicated safety facility according to the measurement signal and a preset threshold. In this embodiment, if the measurement signal reaches the dedicated safety threshold, a local trigger signal of the dedicated safety facility is triggered.
In the figure, the control station 1231 and the control station 1232 represent two control stations of the third diversity subunit 123, the control station 1231 and the control station 1232 receive local trigger signals of the dedicated safety facility from the first diversity subunit 114 of the signal processing unit 111, the first diversity subunit 116 of the signal processing unit 112, and the first diversity subunit 118 of the signal processing unit 113, in this embodiment, the control station 1231 and the control station 1232 correspond to the local trigger signals of the dedicated safety facility received from each signal processing unit, the control station 1231 performs compliance logic voting to obtain an automatic driving instruction of the dedicated safety facility, and the control station 1232 performs compliance logic voting to obtain an automatic driving instruction of the dedicated safety facility; both the control station 1231 and the control station 1232 will automatically drive the command transmitting device interface module 141 with the dedicated security facility.
And the device interface module 141 is configured to receive an automatic driving instruction of the dedicated security facility, receive a driving instruction of the security automation module and a driving instruction of the NC-DCS, perform priority comparison on the driving instructions, and send the driving instructions to corresponding devices.
As shown in fig. 5, the embodiment of the present invention provides a signal processing unit, which includes a signal preprocessing subunit 41, a threshold comparison subunit 42, and a first transmitting subunit 43, wherein:
the signal preprocessing subunit 41 is configured to acquire a measurement signal from a corresponding sensor and condition the measurement signal into a standard signal;
it should be noted that the standard signal current conditioned in this embodiment is 4-20 mA.
A threshold comparison subunit 42, configured to compare the measurement signal with a preset threshold, and determine whether to trigger a shutdown local trip signal and/or a local trigger signal of a dedicated safety facility;
and a first sending subunit 43, configured to send the local trip signal of the shutdown and/or the local trigger signal of the dedicated safety facility to each logic processing unit.
As shown in fig. 6, an embodiment of the present invention provides a logical processing unit, where the logical processing unit includes a receiving subunit 51, a voting subunit 52, a logical operation subunit 53, and a second sending subunit 54, where:
the receiving subunit 51 is used for receiving a local trip signal of shutdown and/or a local trigger signal of a special safety facility;
the voter unit 52 is used for voting the local trip signal of the shutdown to obtain a trip circuit breaker trigger signal, and voting the local trip signal of the special safety facility to obtain an automatic driving instruction of the special safety facility;
and the second sending subunit 53 is configured to send the combined trip breaker trigger signal to the trip breaker, and send the automatic driving instruction of the dedicated safety facility of the two control stations of the same diversity subgroup to the same equipment interface module respectively.
As shown in fig. 7, an embodiment of the present invention provides a protection system suitable for a small reactor, where the system includes relevant modules and units in the corresponding implementation of fig. 1, and further includes a network module, a gateway module, a safety automation module, a core cooling monitoring system, a safety control display module, and an alarm processing module, where:
the network module comprises a data transmission station, a first security-level ring network 153, a second security-level ring network 154, a first non-security-level ring network 155 and a second non-security-level ring network 156, the gateway module comprises a first gateway 161 and a second gateway 162, and the data transmission station comprises a first data transmission unit 151 and a second data transmission unit 152; the first non-secure ring network 155 is respectively connected with the first data transmission unit 151, the second data transmission unit 152, the alarm processing module 193, the alarm processing module 194 and the first gateway 161; the first data transmission unit 151 is connected with the first diversity subunit 114, the first diversity subunit 116, the second diversity subunit 115 and the second diversity subunit 117, and the second data transmission unit 152 is connected with the first diversity subunit 118 and the second diversity subunit 119;
it should be further noted that the first gateway 161 and the second gateway 162 are used for the protection system to send data to the NC-DCS, and the gateways perform network security protection, route forwarding, and the like in different networks.
The safety automation module includes a first safety automation unit 171 and a second safety automation unit 172;
it should be noted that the first safety automation unit 171 is connected to the device interface module 143, and the second safety automation unit 172 is connected to the interface module 144.
The device interface modules include a device interface module 141, a device interface module 142, a device interface module 143, and a device interface module 144;
the core cooling monitoring system comprises a first core cooling monitoring unit 191 and a second core cooling monitoring unit 192;
the safety control display module includes a first safety control display unit 181 and a second safety control display unit 182;
the first security level ring network 153 is connected with the first data transmission unit 151, the third diversity subunit 123, the fourth diversity subunit 124, the first security automation unit 171, the security control display module 181 and the first core cooling monitoring unit 191;
it should be noted that the third diversity subunit 123, the fourth diversity subunit 124, the first data transmission unit 151, the first security-level ring network 153, the first safety automation unit 171, the safety control display module 181, and the first core cooling monitoring unit 191 belong to the a sequence.
The second safety level ring network 154 is connected with the second data transmission unit 152, the third diversity subunit 125, the fourth diversity subunit 126, the second safety automation unit 172, the safety control display module 182 and the second core cooling monitoring unit 192; the first core cooling monitoring unit 191 is connected to and in communication with the second core cooling monitoring unit 192.
It should be noted that the third diversity subunit 125, the fourth diversity subunit 126, the second data transmission unit 152, the second safety automation unit 172, the safety control display module 182, and the second core cooling monitoring unit 192 belong to the B series; the A/B series can be designed as mutual redundancy, and the safety and the reliability of the protection system are improved.
It should be further noted that the first safety-level ring network and the second safety-level ring network are respectively connected to the data transmission station, the third diversity subunit, the fourth diversity subunit, the safety automation module, the core cooling monitoring system and the safety control display module, although the first safety-level ring network is connected to the first safety automation unit, the second safety-level ring network is connected to the second safety automation unit.
The second non-security ring network 156 is respectively connected to the first security display control unit 181, the second security display control unit 182, and the second gateway 162, and in this embodiment, all the security control display modules are connected to the second non-security ring network;
the first gateway 161 and the second gateway 162 are respectively connected to an NC-DCS, which does not belong to a protection system.
It should be noted that the safety automation module includes a first safety automation unit 171 and a second safety automation unit 172, and each of the first safety automation unit 171 and the second safety automation unit 172 is composed of two hot standby redundant control stations; each equipment interface module consists of a plurality of equipment interface hardware board cards; a calibration line is arranged between the first core cooling monitoring unit and the second core cooling monitoring unit, the first core cooling monitoring unit 191 and the second core cooling monitoring unit 192 are respectively composed of two hot standby redundant control stations, and the connection of the calibration line between the two core cooling monitoring units is used for realizing the calibration of the measurement data between the two core cooling monitoring units; each safety control display unit consists of safety level display control equipment arranged at an operator station of a main control room, a special safety disc and an operator station of a remote shutdown station; the first data transmission unit 151 and the second data transmission unit 152 are each composed of two parallel redundant control stations; the first gateway 161 and the second gateway 162 are both composed of two parallel redundant gateways, and the first gateway 161 and the second gateway 162 are both composed of two parallel redundant gateways, so that the network stability is improved; the first security-level ring network 153, the second security-level ring network 154, the first non-security-level ring network 155, and the second non-security-level ring network 156 are dual-network redundant ring structures, which refer to dual-network parallel redundant ring structures.
The safety automation module is used for sending a driving instruction to the equipment interface module, and the driving instruction is used for controlling the reactor to be switched from a controllable state to a safe shutdown state.
The reactor core cooling monitoring system is used for acquiring reactor core temperature and water level signals; the core cooling detection system is also used for controlling the analog quantity regulating equipment.
The first gateway is used for forwarding control system signals sent by the security level DCS system to the NC-DCS.
And the second gateway is used for forwarding a command of calling the operation picture of the safety control display unit by the NC-DCS to the safety control display unit.
As shown in fig. 8, each of the protection system a sequence and the protection system B sequence has 2 protection channels, each protection channel controls 1 pair of shutdown circuit breakers, and 4 pairs of shutdown circuit breakers are connected in series and parallel to implement a control logic function of two out of four. Based on the connected mode of shutdown circuit breaker, when only 1 to the circuit breaker received the passageway shut down signal, its dropout can not trigger the reactor shut down, when 2 at least passageways sent emergency shut down signals, the reactor circuit breaker disconnection, then the disconnection of the connecting power supply line between excellent electrical power generating system and the excellent accuse system, control rod actuating mechanism's among the excellent accuse system power supply was cut off, and the control rod relies on self gravity to fall into the reactor core, realizes emergency shut down.
The invention utilizes the layered design of the signal processing module and the logic processing module to accelerate the signal processing speed, and the logic processing module specially carries out shutdown logic and special safety facility driving processing, thereby improving the response time of the special safety facility.
The foregoing is a more detailed description of the invention in connection with specific preferred embodiments and it is not intended that the invention be limited to these specific details. For those skilled in the art to which the invention pertains, several simple deductions or substitutions can be made without departing from the spirit of the invention, and all shall be considered as belonging to the protection scope of the invention.
Claims (9)
1. A protection system adapted for use in a small reactor, the system comprising a signal processing module, a logic processing module, an equipment interface module, and a trip breaker, wherein:
the signal processing module comprises a plurality of signal processing units, and each signal processing unit consists of a first diversity subunit and a second diversity subunit;
the logic processing module comprises a plurality of logic processing units, and each logic processing unit consists of a third diversity subunit and a fourth diversity subunit;
all the first diversity subunits are connected with all the third diversity subunits, all the second diversity subunits are connected with all the fourth diversity subunits, the third diversity subunits and the fourth diversity subunits in the same logic processing unit are simultaneously connected with a pair of shutdown circuit breakers, and the third diversity subunits and the fourth diversity subunits in the same logic processing unit are connected with the same equipment interface module;
each signal processing unit is used for acquiring a measurement signal from a corresponding sensor, determining whether to trigger a shutdown local trip signal and/or a special safety facility local trigger signal according to the measurement signal and a preset threshold value, and sending the shutdown local trip signal and/or the special safety facility local trigger signal to a corresponding diversity subunit in each logic processing unit;
the third diversity subunit and the fourth diversity subunit of each logic processing unit are used for voting the local trigger signals of the special safety facilities received from each signal processing unit respectively and sending the voted results to the equipment interface module;
the third diversity subunit and the fourth diversity subunit of each logic processing unit are further configured to vote on a local trip signal of a shutdown received from each signal processing unit, execute or logically combine the shutdown breaker trigger signals obtained by the voting, and send the shutdown breaker trigger signals obtained by the combination to corresponding shutdown breakers;
the reactor shutdown circuit breaker is used for receiving a reactor shutdown circuit breaker trigger signal and controlling the reactor shutdown according to two-out-of-four hard logic formed by the reactor shutdown circuit breaker through hard wiring;
the equipment interface module is used for receiving an automatic driving instruction of a special safety facility, a driving instruction of the safety automation module and a driving instruction of the non-safety distributed control system, comparing the priorities of the driving instructions and sending the driving instructions to corresponding equipment.
2. The system of claim 1, wherein the signal processing unit comprises a signal pre-processing subunit, a threshold comparison subunit, and a first transmission subunit, wherein:
the signal preprocessing subunit is used for acquiring the measurement signals from the corresponding sensors and conditioning the measurement signals into standard signals;
the threshold comparison subunit is used for comparing the standard signal with a preset threshold to determine whether to trigger a local trip signal of shutdown and/or a local trigger signal of a special safety facility;
and the first sending subunit is used for sending the local trip signal of the shutdown and/or the local trigger signal of the special safety facility to each logic processing unit.
3. The system of claim 2, wherein the logical processing unit comprises a receiving subunit, a voting subunit, a logical operations subunit, and a second sending subunit, wherein:
the receiving subunit is used for receiving the local trip signal of the shutdown and/or the local trigger signal of the special safety facility;
the voting subunit is used for voting the local trip signals of the shutdown to obtain trip circuit breaker trigger signals, and voting the local trip signals of the special safety facilities to obtain automatic driving instructions of the special safety facilities;
and the second sending subunit is used for sending the combined trip breaker trigger signal to the trip breaker and sending the two paths of special safety facility automatic driving instructions of the two control stations of the same diversity subgroup to the same equipment interface module respectively.
4. The system of claim 3, further comprising a network module, a gateway module, a safety automation module, a core cooling monitoring system, a safety control display module, and an alarm processing module, wherein:
the network module comprises a data transmission station, a first security level ring network, a second security level ring network, a first non-security level ring network and a second non-security level ring network, wherein the data transmission station comprises a first data transmission unit and a second data transmission unit;
the gateway module comprises a first gateway and a second gateway;
the safety automation module comprises a first safety automation unit and a second safety automation unit;
the first non-security ring network is respectively connected with the first data transmission unit, the second data transmission unit, the alarm processing module and the first gateway, and is used for the protection system to transmit data to a non-security distributed control system (NC-DCS);
the core cooling monitoring system comprises a first core cooling monitoring unit and a second core cooling monitoring unit;
the safety control display module comprises a first safety control display unit and a second safety control display unit;
the first data transmission unit and the second data transmission unit are respectively connected with the first diversity subunit and the second diversity subunit;
the first safety-level ring network and the second safety-level ring network are respectively connected with a data transmission station, a third diversity subunit, a fourth diversity subunit, a safety automation module, a reactor core cooling monitoring system and a safety control display module;
the second non-security ring network is respectively connected with all the security control display modules and the second gateway;
the first gateway and the second gateway are respectively connected to the NC-DCS.
5. The system of claim 4, wherein each of said first diversity subunit, said second diversity subunit, said third diversity subunit, and said fourth diversity subunit are comprised of two control stations, respectively, wherein both control stations of the first diversity subunit and the second diversity subunit are in a hot standby redundancy configuration, and wherein both control stations of the third diversity subunit and the fourth diversity subunit are in a parallel redundancy configuration;
the first safety automation unit and the second safety automation unit are both composed of two hot standby redundant control stations;
each equipment interface module consists of a plurality of equipment interface hardware board cards;
a calibration line is arranged between the first core cooling monitoring unit and the second core cooling monitoring unit, and the first core cooling monitoring unit and the second core cooling monitoring unit are respectively composed of two hot standby redundant control stations;
each safety control display unit consists of safety level display control equipment arranged at an operator station of a main control room, a special safety disc and an operator station of a remote shutdown station;
the first data transmission unit and the second data transmission unit are both composed of two parallel redundancy control stations;
the first gateway and the second gateway are both composed of two parallel redundant gateways;
the first safety level ring network, the second safety level ring network, the first non-safety level ring network and the second non-safety level ring network are all double-network redundancy ring structures.
6. The system of claim 4, wherein the safety automation module is configured to send a drive command to the plant interface module, the drive command configured to control switching the reactor from a controllable state to a safe shutdown state.
7. The system of claim 4 wherein the core cooling monitoring system is adapted to acquire core temperature and water level signals;
the core cooling monitoring system is also used for controlling the analog quantity regulating equipment.
8. The system of claim 4, wherein the first gateway is to forward system-transmitted security distributed control system signals to the NC-DCS.
9. The system of claim 4, wherein the second gateway is to forward a command to the security control display unit to invoke a security control display screen by the NC-DCS.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910299648.6A CN110085333B (en) | 2019-04-15 | 2019-04-15 | Protection system suitable for small-size reactor |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910299648.6A CN110085333B (en) | 2019-04-15 | 2019-04-15 | Protection system suitable for small-size reactor |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN110085333A CN110085333A (en) | 2019-08-02 |
| CN110085333B true CN110085333B (en) | 2020-12-04 |
Family
ID=67415050
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910299648.6A Active CN110085333B (en) | 2019-04-15 | 2019-04-15 | Protection system suitable for small-size reactor |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110085333B (en) |
Families Citing this family (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110444305B (en) * | 2019-08-13 | 2022-09-13 | 中国核动力研究设计院 | Optimized digital reactor protection system |
| CN110580965B (en) * | 2019-09-04 | 2021-05-25 | 中广核工程有限公司 | Safety automation system and method for executing safety function of nuclear power station |
| CN112462732A (en) * | 2020-10-27 | 2021-03-09 | 中国核动力研究设计院 | DCS response time testing device, testing method, application method and medium |
| CN114822884B (en) * | 2022-05-11 | 2024-04-09 | 中国核动力研究设计院 | Single-reactor double-shutdown circuit breaker system and method thereof |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US5586156A (en) * | 1995-07-14 | 1996-12-17 | General Electric Company | Reactor protection system with automatic self-testing and diagnostic |
| US5621776A (en) * | 1995-07-14 | 1997-04-15 | General Electric Company | Fault-tolerant reactor protection system |
| CN102298980A (en) * | 2011-08-17 | 2011-12-28 | 岭东核电有限公司 | Protection exit method for million-kilowatt digital nuclear power plant reactor |
| CN105575448A (en) * | 2015-12-15 | 2016-05-11 | 中广核工程有限公司 | Nuclear power station reactor protection system and safety control method therein |
| CN106340332A (en) * | 2016-10-13 | 2017-01-18 | 中广核工程有限公司 | Nuclear power station digital protection control system |
| CN107863169A (en) * | 2017-11-15 | 2018-03-30 | 中广核工程有限公司 | The startup method and apparatus of nuclear power plant containment shell spray system |
| CN108711459A (en) * | 2018-05-30 | 2018-10-26 | 中国原子能科学研究院 | A kind of diversified protective device for fast reactor |
Family Cites Families (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP5422448B2 (en) * | 2010-03-10 | 2014-02-19 | 株式会社東芝 | Control device |
| CN104361915B (en) * | 2014-09-24 | 2017-01-18 | 中国核动力研究设计院 | Constant value test system of reactor key process measurement parameters and test method |
| US9997265B2 (en) * | 2015-03-27 | 2018-06-12 | Mitsubishi Electric Power Products, Inc. | Safety system for a nuclear power plant and method for operating the same |
| CN106531252B (en) * | 2016-10-12 | 2018-02-09 | 中广核核电运营有限公司 | control rod position measuring test method |
| CN107180655B (en) * | 2017-04-06 | 2019-04-23 | 广东核电合营有限公司 | A kind of automatic reactor shut-off system of reactor |
-
2019
- 2019-04-15 CN CN201910299648.6A patent/CN110085333B/en active Active
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US5586156A (en) * | 1995-07-14 | 1996-12-17 | General Electric Company | Reactor protection system with automatic self-testing and diagnostic |
| US5621776A (en) * | 1995-07-14 | 1997-04-15 | General Electric Company | Fault-tolerant reactor protection system |
| CN102298980A (en) * | 2011-08-17 | 2011-12-28 | 岭东核电有限公司 | Protection exit method for million-kilowatt digital nuclear power plant reactor |
| CN105575448A (en) * | 2015-12-15 | 2016-05-11 | 中广核工程有限公司 | Nuclear power station reactor protection system and safety control method therein |
| CN106340332A (en) * | 2016-10-13 | 2017-01-18 | 中广核工程有限公司 | Nuclear power station digital protection control system |
| CN107863169A (en) * | 2017-11-15 | 2018-03-30 | 中广核工程有限公司 | The startup method and apparatus of nuclear power plant containment shell spray system |
| CN108711459A (en) * | 2018-05-30 | 2018-10-26 | 中国原子能科学研究院 | A kind of diversified protective device for fast reactor |
Also Published As
| Publication number | Publication date |
|---|---|
| CN110085333A (en) | 2019-08-02 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110085333B (en) | Protection system suitable for small-size reactor | |
| EP3001535B1 (en) | Protection control system for process bus, merging unit, and computation device | |
| US6008971A (en) | Fault protection arrangement for electric power distribution systems | |
| CN109677468A (en) | Train logic control element and logic control method | |
| US7027896B2 (en) | Integrated protection and control system for a power system substation | |
| CN109920562B (en) | Protection system control device for nuclear power station | |
| US9584521B2 (en) | Bi-directional communication over a one-way link | |
| WO1998056009A1 (en) | Digital plant protection system | |
| CN103287932A (en) | Elevator system | |
| CN103822539A (en) | Rocket ground test control system based on redundant structure | |
| CN110828018A (en) | Compact distributed nuclear power reactor DCS architecture | |
| WO2016108627A1 (en) | Dual controller system | |
| CN110767338A (en) | DCS (distributed control system) architecture for nuclear power reactor | |
| CN109103859A (en) | A kind of distribution differential protection measure and control device for supporting 4G to communicate | |
| CN110444305B (en) | Optimized digital reactor protection system | |
| CN211529626U (en) | DCS (distributed control system) architecture for nuclear power reactor | |
| CN111427306A (en) | A transportation line equipment safety interlock system for proton treatment | |
| CN218629969U (en) | Electric energy redundancy acquisition system of power plant and power plant | |
| CN220340565U (en) | Switching value output circuit and DCS system | |
| CN211529625U (en) | Compact distributed nuclear power reactor DCS architecture | |
| CN112947176A (en) | Interface control method and device | |
| CN115542851A (en) | Offshore nuclear power platform DCS ventilation control system | |
| CN2912119Y (en) | Automatic monitoring and switching apparatus for communicating line | |
| CN111459013A (en) | Switching system of submarine cable oil pump station equipment signal | |
| KR20030080774A (en) | Remote Terminal Unit for integrated ship automation control |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |