CN113688521A - Design method and system for test allowable function of high-reliability reactor protection system - Google Patents

Design method and system for test allowable function of high-reliability reactor protection system Download PDF

Info

Publication number
CN113688521A
CN113688521A CN202110982589.XA CN202110982589A CN113688521A CN 113688521 A CN113688521 A CN 113688521A CN 202110982589 A CN202110982589 A CN 202110982589A CN 113688521 A CN113688521 A CN 113688521A
Authority
CN
China
Prior art keywords
trigger
test permission
periodic test
periodic
permission
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202110982589.XA
Other languages
Chinese (zh)
Other versions
CN113688521B (en
Inventor
王琳
刘宏春
何正熙
王远兵
青先国
王明星
王殳
朱攀
许东芳
贺理
孙诗炎
李谢晋
冯威
陈鹏
伍巧凤
李昱
钟思洁
石亚东
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Nuclear Power Institute of China
Original Assignee
Nuclear Power Institute of China
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Nuclear Power Institute of China filed Critical Nuclear Power Institute of China
Priority to CN202110982589.XA priority Critical patent/CN113688521B/en
Publication of CN113688521A publication Critical patent/CN113688521A/en
Application granted granted Critical
Publication of CN113688521B publication Critical patent/CN113688521B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F30/00Computer-aided design [CAD]
    • G06F30/20Design optimisation, verification or simulation
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2119/00Details relating to the type or aim of the analysis or the optimisation
    • G06F2119/02Reliability analysis or reliability optimisation; Failure analysis, e.g. worst case scenario performance, failure mode and effects analysis [FMEA]
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02EREDUCTION OF GREENHOUSE GAS [GHG] EMISSIONS, RELATED TO ENERGY GENERATION, TRANSMISSION OR DISTRIBUTION
    • Y02E30/00Energy generation of nuclear origin

Landscapes

  • Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Evolutionary Computation (AREA)
  • Geometry (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Testing And Monitoring For Control Systems (AREA)

Abstract

The invention discloses a design method and a system for a test permission function of a high-reliability reactor protection system.A logic processor is arranged in a digital instrument control system, receives and logically processes state signals of two periodic test permission switches acquired by a digital quantity input acquisition card, and sets or resets the state signals of the two periodic test permission switches through an RS trigger after corresponding logic to generate final periodic test permission signals to be input into the reactor protection system. The invention avoids the condition that the system sends out the test permission signal by mistake due to the fault of a single switch or the fault of two switches in sequence, thereby eliminating the risk of the failure of the protection function possibly caused by the fault of the switches. The invention improves the reliability of the manual allowable function of the reactor protection system in the periodic test, reduces the risk of the failure of the safety system of the nuclear power device, and is beneficial to improving the safety of the nuclear power device.

Description

Design method and system for test allowable function of high-reliability reactor protection system
Technical Field
The invention relates to the technical field of design of a reactor protection system of a nuclear power plant, in particular to a design method and a system for a test allowable function of a high-reliability reactor protection system.
Background
The reactor protection system is an important part of the nuclear power device, when the operation working condition of the nuclear power device reaches the operation limit value, the reactor is automatically triggered to stop, and meanwhile, a specially-arranged safety facility is triggered to relieve the accident consequence under the condition of an accident, so that the reactor protection system plays a vital role in the safe, economic and reliable operation of the nuclear power device. Therefore, in order to prove that the reactor protection system is able to perform these protection functions when needed, it is necessary to perform periodic tests (checking the system availability according to a test program within a determined time interval).
In order to avoid that the normal operation of the power plant is influenced by the safety system action caused by the test when the periodic test is carried out, a test manual permission switch is arranged, and before the periodic test is carried out, the corresponding periodic test manual permission switch is pressed for enabling the periodic test, including locking the triggering of certain safety actions related to the test. Therefore, when the manual permission switch is triggered by mistake due to a fault, the normal action of the safety system is directly influenced, and the safety of the nuclear power device is influenced. To reduce the probability of false triggering of the enable switch, the manual enable switch is typically set to two, and periodic testing will only be enabled if both switches are operated to a "test enable" state. However, periodic testing in the prior art allows false triggering of the switch to cause a reactor protection system related safety function deactivation problem.
Disclosure of Invention
The invention aims to solve the technical problem that the false triggering of a periodic test permission switch in the prior art causes the rejection of the related safety function of a reactor protection system, and the invention aims to provide a high-reliability reactor protection system test permission function design method and system.
The invention is realized by the following technical scheme:
in a first aspect, the present invention provides a method for designing a test allowable function of a high-reliability reactor protection system, wherein a logic processor is arranged in a digital control system, and the method includes: the logic processor receives the state signals of the two periodic test permission switches acquired by the digital quantity input acquisition card and performs logic processing on the state signals, the state signals of the two periodic test permission switches are set or reset through the RS trigger after corresponding logic, and the final periodic test permission signals are generated and input into the reactor protection system; the two periodic test permission switches are marked as a first periodic test permission switch and a second periodic test permission switch; two periodic test permission switches are arranged in the control room;
the logic processing comprises the following steps:
performing NAND logical operation on the state signals of the first periodic test permission switch and the second periodic test permission switch, and inputting the signals after the NAND logical operation to a reset end of the RS trigger;
and performing AND logic operation on the state signals of the first periodic test permission switch and the second periodic test permission switch after passing through the rising edge pulse generator SP, and then inputting the signals after the AND logic operation to the set end of the RS trigger.
The working principle is as follows: in order to avoid the related safety function rejection of the reactor protection system caused by the false triggering of the periodic test permission switch as much as possible, the invention realizes the enabling of the periodic test by collecting the states of the two periodic test permission switches and carrying out corresponding logic processing. The periodic test allows the state signal of the switch to be collected by a signal DI card (digital input acquisition card) and then sent to a logic processor for processing. In the logic processing section: on one hand, the state signals of the two periodic test permission switches respectively pass through a rising edge pulse generator, the rising edge pulse generator outputs a pulse which can only maintain 3S once detecting the rising edge signal, then, the signals of the two periodic test permission switches after passing through the rising edge pulse generator are processed by logical operation and then are sent to an S end (a set end) of the RS trigger, the RS trigger outputs test permission signals, and an alarm is sent to a control room to remind an operator that the operator currently enters a periodic test permission mode. On the other hand, the state signals of the two periodic test permission switches are subjected to NAND logical operation and then sent to the R end (reset end) of the RS trigger, and when any one of the periodic test permission switches is not in the 'test permission' position, the test permission signal output by the RS trigger can be reset, so that the test permission state is exited.
The method has the novelty and innovation points that two periodical test permission switches and related logic processing are designed, and meanwhile, the condition that a system sends out test permission signals by mistake due to single switch failure or two switch sequential failures is avoided, so that the risk of failure of a protection function possibly caused by switch failure is eliminated. The invention improves the reliability of the manual allowable function of the reactor protection system in the periodic test, reduces the risk of the failure of the safety system of the nuclear power device, and is beneficial to improving the safety of the nuclear power device.
Further, the rising edge pulse generator SP is configured to detect a rising edge of the first periodic test enable switch signal and a rising edge of the second periodic test enable switch signal and convert the rising edge into a pulse signal having a time width of 3 s.
Further, the first periodic test permission switch and the second periodic test permission switch each include two states: normal and test allowed, normal is recorded as 0 and test allowed is recorded as 1.
Further, the method specifically comprises the following logic judgment under an ideal condition:
when both the two periodic test permission switches are not operated or only one of the two periodic test permission switches is operated, the input of the reset end of the RS trigger is 1, the input of the set end of the RS trigger is 0, and the output of the RS trigger is always 0, which indicates that the periodic test permission mode is not entered currently;
when the two periodic test permission switches are operated within 3 seconds, the input of the reset end of the RS trigger is 0, and the input of the set end of the RS trigger is 1; the output of the RS trigger is 1, which indicates that the regular test permission mode is entered currently, and an alarm is sent to a control room to remind an operator;
after the periodic test is completed, a tester operates the periodic test permission switch to a 'normal' position, after any periodic test permission switch is operated to the 'normal' position (namely, after the two periodic test permission switches are both in a test permission state and the periodic test is completed, one periodic test permission switch is operated to a normal state), the input of a reset end of the RS trigger is 1, the input of a set end of the RS trigger is 0, a test permission signal output by the RS trigger is cleared, so that the test permission mode is exited, and the control room test permission alarm disappears.
Further, the method also comprises the following logic judgment under the non-ideal condition:
if the RS trigger is not in the test permission mode, when one of the periodic test permission switches is triggered due to a fault, as long as the other periodic test permission switch is not triggered due to the fault within 3 seconds after the first periodic test permission switch is triggered, the set end input of the RS trigger is always 0, the reset end input of the RS trigger is always 1, and the output of the RS trigger is 0, which indicates that the RS trigger is not in the test permission mode currently;
if two periodic tests allow the condition that the switch is triggered in the same 3 seconds due to faults, the output of the RS trigger is mistakenly set to 1, at the moment, an alarm is sent to a control room, the state of an operator is reminded, and therefore the operator can take proper corrective measures to intervene in time.
Further, the RS flip-flop adopts a reset priority type flip-flop.
In a second aspect, the present invention further provides a high reliability reactor protection system test allowable function design system, which supports the high reliability reactor protection system test allowable function design method, the system including: the digital control system is internally provided with a digital quantity input acquisition card and a logic processor, and the control room is internally provided with two periodic test permission switches;
the logic processor comprises a rising edge pulse generator SP, a logic AND gate, a logic NAND gate and an RS trigger, receives and logically processes state signals of two periodic test permission switches acquired by a digital quantity input acquisition card, and sets or resets the state signals of the two periodic test permission switches through the RS trigger after passing through corresponding logics to generate final periodic test permission signals which are input into the reactor protection system; the two periodic test permission switches are marked as a first periodic test permission switch and a second periodic test permission switch; the corresponding logic comprises:
performing NAND logical operation on the state signals of the first periodic test permission switch and the second periodic test permission switch through a logical NAND gate, and inputting the signals after the NAND logical operation to a reset end of the RS trigger;
enabling state signals of the first periodic test permission switch and the second periodic test permission switch to pass through a rising edge pulse generator SP, then carrying out AND logic operation through a logic AND gate, and then inputting signals subjected to AND logic operation to a position end of an RS trigger;
and the rising edge pulse generator SP is used for detecting the rising edge of the first periodic test permission switching signal and the second periodic test permission switching signal and converting the rising edge of the first periodic test permission switching signal and the second periodic test permission switching signal into a pulse signal with the time width of 3 s.
Further, the corresponding logic specifically includes logic judgment of the following cases:
when both the two periodic test permission switches are not operated or only one of the two periodic test permission switches is operated, the input of the reset end of the RS trigger is 1, the input of the set end of the RS trigger is 0, and the output of the RS trigger is always 0, which indicates that the periodic test permission mode is not entered currently;
when the two periodic test permission switches are operated within 3 seconds, the input of the reset end of the RS trigger is 0, and the input of the set end of the RS trigger is 1; the output of the RS trigger is 1, which indicates that the regular test permission mode is entered currently, and an alarm is sent to a control room to remind an operator;
after the periodic test is finished, a tester operates the periodic test permission switch to a 'normal' position, after any periodic test permission switch is operated to the 'normal' position (namely, two periodic test permission switches are in a test permission state and after the periodic test is finished, one periodic test permission switch is operated to a normal state), the input of a reset end of the RS trigger is 1, the input of a set end of the RS trigger is 0, a test permission signal output by the RS trigger is cleared, so that the test permission mode is exited, and the control room test permission alarm disappears;
if the RS trigger is not in the test permission mode, when one of the periodic test permission switches is triggered due to a fault, as long as the other periodic test permission switch is not triggered due to the fault within 3 seconds after the first periodic test permission switch is triggered, the set end input of the RS trigger is always 0, the reset end input of the RS trigger is always 1, and the output of the RS trigger is 0, which indicates that the RS trigger is not in the test permission mode currently;
if two periodic tests allow the condition that the switch is triggered in the same 3 seconds due to faults, the output of the RS trigger is mistakenly set to 1, at the moment, an alarm is sent to a control room, the state of an operator is reminded, and therefore the operator can take proper corrective measures to intervene in time.
Further, the RS trigger adopts a reset priority type trigger.
In a third aspect, the present invention further provides a computer device, which includes a memory, a processor, and a computer program stored in the memory and executable on the processor, wherein the processor implements the method for designing the high-reliability reactor protection system test-allowed function when executing the computer program.
Compared with the prior art, the invention has the following advantages and beneficial effects:
1. the method has the novelty and innovation points that two periodical test permission switches and related logic processing are designed, and meanwhile, the condition that a system sends out test permission signals by mistake due to single switch failure or two switch sequential failures is avoided, so that the risk of failure of a protection function possibly caused by switch failure is eliminated.
2. The invention improves the reliability of the manual allowable function of the reactor protection system in the periodic test, reduces the risk of the failure of the safety system of the nuclear power device, and is beneficial to improving the safety of the nuclear power device.
Drawings
The accompanying drawings, which are included to provide a further understanding of the embodiments of the invention and are incorporated in and constitute a part of this application, illustrate embodiment(s) of the invention and together with the description serve to explain the principles of the invention. In the drawings:
FIG. 1 is a diagram of a design method for testing allowable functions of a high-reliability reactor protection system according to the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention is further described in detail below with reference to examples and accompanying drawings, and the exemplary embodiments and descriptions thereof are only used for explaining the present invention and are not meant to limit the present invention.
Example 1
As shown in fig. 1, the invention relates to a design method of test allowable function of a high-reliability reactor protection system, a logic processor is arranged in a digital instrument control system, and the method comprises the following steps: the logic processor receives the state signals of the two periodic test permission switches acquired by the digital quantity input acquisition card and performs logic processing on the state signals, the state signals of the two periodic test permission switches are set or reset through the RS trigger after corresponding logic, and the final periodic test permission signals are generated and input into the reactor protection system; the two periodic test permission switches are marked as a first periodic test permission switch and a second periodic test permission switch; two periodic test permission switches are arranged in the control room;
the logic processing comprises the following steps:
performing NAND logical operation on the state signals of the first periodic test permission switch and the second periodic test permission switch, and inputting the signals after the NAND logical operation to a reset end of the RS trigger;
and performing AND logic operation on the state signals of the first periodic test permission switch and the second periodic test permission switch after passing through the rising edge pulse generator SP, and then inputting the signals after the AND logic operation to the set end of the RS trigger.
The and logic is that only the state signals of the first periodic test permission switch and the second periodic test permission switch are both 1, and the result is 1.
The NAND logic is that if the state signals of the first periodic test permission switch and the second periodic test permission switch are both 1, the output is 0; if at least one of the state signals of the first periodic test permission switch and the second periodic test permission switch in the input is 0, the output is 1.
To further illustrate the present embodiment, the rising edge pulse generator SP is configured to detect the rising edges of the first periodic test enable switch signal and the second periodic test enable switch signal and convert the rising edges into a pulse signal with a time width of 3 s.
To further illustrate the present embodiment, the first periodic test enable switch and the second periodic test enable switch each include two states: normal and test allowed, normal is recorded as 0 and test allowed is recorded as 1.
To further illustrate the embodiment, the method specifically includes the following logic determination under ideal conditions:
when both the two periodic test permission switches are not operated or only one of the two periodic test permission switches is operated, the input of the reset end of the RS trigger is 1, the input of the set end of the RS trigger is 0, and the output of the RS trigger is always 0, which indicates that the periodic test permission mode is not entered currently;
when the two periodic test permission switches are operated within 3 seconds, the input of the reset end of the RS trigger is 0, and the input of the set end of the RS trigger is 1; the output of the RS trigger is 1, which indicates that the regular test permission mode is entered currently, and an alarm is sent to a control room to remind an operator;
after the periodic test is completed, a tester operates the periodic test permission switch to a 'normal' position, after any periodic test permission switch is operated to the 'normal' position (namely, after the two periodic test permission switches are both in a test permission state and the periodic test is completed, one periodic test permission switch is operated to a normal state), the input of a reset end of the RS trigger is 1, the input of a set end of the RS trigger is 0, a test permission signal output by the RS trigger is cleared, so that the test permission mode is exited, and the control room test permission alarm disappears.
To further illustrate the embodiment, the method further includes the following logic determination under the non-ideal condition:
if the RS trigger is not in the test permission mode, when one of the periodic test permission switches is triggered due to a fault, as long as the other periodic test permission switch is not triggered due to the fault within 3 seconds after the first periodic test permission switch is triggered, the set end input of the RS trigger is always 0, the reset end input of the RS trigger is always 1, and the output of the RS trigger is 0, which indicates that the RS trigger is not in the test permission mode currently;
if two periodic tests allow the condition that the switch is triggered in the same 3 seconds due to faults, the output of the RS trigger is mistakenly set to 1, at the moment, an alarm is sent to a control room, the state of an operator is reminded, and therefore the operator can take proper corrective measures to intervene in time.
For further explanation of the present embodiment, the RS flip-flop is a reset priority flip-flop.
When in implementation: the method is implemented in a Chinese engineering test pile, and figure 1 shows the generation process of a periodic test permission signal. First, two periodic tests on the tray table (i.e., control room) allow the switch to be triggered, and the Digitizer Control System (DCS) collects the switch status signal via the digitizer input card (DI) into the Central Processing Unit (CPU) for logic processing. After the state signals of the two switches pass through corresponding logics, the final periodic test permission signal is set or reset through an RS trigger. Specifically, the method comprises the following steps:
the invention realizes the enabling of the periodic test by collecting the states of the two periodic test allowable switches and carrying out corresponding logic processing. The periodic test allows the state signal of the switch to be collected by a signal DI card (digital input acquisition card) and then sent to a logic processor for processing. In the logic processing section: on one hand, the state signals of the two periodic test permission switches respectively pass through a rising edge pulse generator, the rising edge pulse generator outputs a pulse which can only maintain 3S once detecting the rising edge signal, then, the signals of the two periodic test permission switches after passing through the rising edge pulse generator are processed by logical operation and then are sent to an S end (a set end) of the RS trigger, the RS trigger outputs test permission signals, and an alarm is sent to a control room to remind an operator that the operator currently enters a periodic test permission mode. On the other hand, the state signals of the two periodic test permission switches are subjected to NAND logical operation and then sent to the R end (reset end) of the RS trigger, and when any one of the periodic test permission switches is not in the 'test permission' position, the test permission signal output by the RS trigger can be reset, so that the test permission state is exited.
The method has the novelty and innovation points that two periodical test permission switches and related logic processing are designed, and meanwhile, the condition that a system sends out test permission signals by mistake due to single switch failure or two switch sequential failures is avoided, so that the risk of failure of a protection function possibly caused by switch failure is eliminated. The invention improves the reliability of the manual allowable function of the reactor protection system in the periodic test, reduces the risk of the failure of the safety system of the nuclear power device, and is beneficial to improving the safety of the nuclear power device.
The invention can also be applied to other control systems besides the Digital Control System (DCS) to generate the final periodic test enable signal input into the reactor protection system.
Example 2
As shown in fig. 1, this embodiment is different from embodiment 1 in that this embodiment provides a high-reliability reactor protection system test allowable function design system, which supports the high-reliability reactor protection system test allowable function design method described in embodiment 1, and the system includes: the digital control system is internally provided with a digital quantity input acquisition card and a logic processor, and the control room is internally provided with two periodic test permission switches;
the logic processor comprises a rising edge pulse generator SP, a logic AND gate, a logic NAND gate and an RS trigger, receives and logically processes state signals of two periodic test permission switches acquired by a digital quantity input acquisition card, and sets or resets the state signals of the two periodic test permission switches through the RS trigger after passing through corresponding logics to generate final periodic test permission signals which are input into the reactor protection system; the two periodic test permission switches are marked as a first periodic test permission switch and a second periodic test permission switch; the corresponding logic comprises:
performing NAND logical operation on the state signals of the first periodic test permission switch and the second periodic test permission switch through a logical NAND gate, and inputting the signals after the NAND logical operation to a reset end of the RS trigger;
enabling state signals of the first periodic test permission switch and the second periodic test permission switch to pass through a rising edge pulse generator SP, then carrying out AND logic operation through a logic AND gate, and then inputting signals subjected to AND logic operation to a position end of an RS trigger;
and the rising edge pulse generator SP is used for detecting the rising edge of the first periodic test permission switching signal and the second periodic test permission switching signal and converting the rising edge of the first periodic test permission switching signal and the second periodic test permission switching signal into a pulse signal with the time width of 3 s.
To further illustrate the present embodiment, the first periodic test enable switch and the second periodic test enable switch each include two states: normal and test allowed, normal is recorded as 0 and test allowed is recorded as 1.
For further explanation of the present embodiment, the corresponding logic specifically includes logic judgment in the following cases:
when both the two periodic test permission switches are not operated or only one of the two periodic test permission switches is operated, the input of the reset end of the RS trigger is 1, the input of the set end of the RS trigger is 0, and the output of the RS trigger is always 0, which indicates that the periodic test permission mode is not entered currently;
when the two periodic test permission switches are operated within 3 seconds, the input of the reset end of the RS trigger is 0, and the input of the set end of the RS trigger is 1; the output of the RS trigger is 1, which indicates that the regular test permission mode is entered currently, and an alarm is sent to a control room to remind an operator;
after the periodic test is finished, a tester operates the periodic test permission switch to a 'normal' position, after any periodic test permission switch is operated to the 'normal' position (namely, two periodic test permission switches are in a test permission state and after the periodic test is finished, one periodic test permission switch is operated to a normal state), the input of a reset end of the RS trigger is 1, the input of a set end of the RS trigger is 0, a test permission signal output by the RS trigger is cleared, so that the test permission mode is exited, and the control room test permission alarm disappears;
if the RS trigger is not in the test permission mode, when one of the periodic test permission switches is triggered due to a fault, as long as the other periodic test permission switch is not triggered due to the fault within 3 seconds after the first periodic test permission switch is triggered, the set end input of the RS trigger is always 0, the reset end input of the RS trigger is always 1, and the output of the RS trigger is 0, which indicates that the RS trigger is not in the test permission mode currently;
if two periodic tests allow the condition that the switch is triggered in the same 3 seconds due to faults, the output of the RS trigger is mistakenly set to 1, at the moment, an alarm is sent to a control room, the state of an operator is reminded, and therefore the operator can take proper corrective measures to intervene in time.
For further explanation of the present embodiment, the RS flip-flop is a reset-priority flip-flop.
The design system of the invention can meet the output requirement of the manual allowable switch in the regular test under the normal operation, also eliminates the condition that the protection function refuses to operate due to the false sending of the test allowable signal caused by the fault of a single switch or the fault of two switches in sequence, improves the reliability of the regular test manual allowable function of the reactor protection system, reduces the risk of the nuclear power device safety system refusing to operate, and is beneficial to improving the safety of the nuclear power device.
As will be appreciated by one skilled in the art, embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present application is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the application. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
The above-mentioned embodiments are intended to illustrate the objects, technical solutions and advantages of the present invention in further detail, and it should be understood that the above-mentioned embodiments are merely exemplary embodiments of the present invention, and are not intended to limit the scope of the present invention, and any modifications, equivalent substitutions, improvements and the like made within the spirit and principle of the present invention should be included in the scope of the present invention.

Claims (10)

1. A design method for testing allowable functions of a high-reliability reactor protection system is characterized in that a logic processor is arranged in a digital control system, and the method comprises the following steps: the logic processor receives the state signals of the two periodic test permission switches acquired by the digital quantity input acquisition card and performs logic processing on the state signals, the state signals of the two periodic test permission switches are set or reset through the RS trigger after corresponding logic, and the final periodic test permission signals are generated and input into the reactor protection system; the two periodic test permission switches are marked as a first periodic test permission switch and a second periodic test permission switch; two periodic test permission switches are arranged in the control room;
the logic processing comprises the following steps:
performing NAND logical operation on the state signals of the first periodic test permission switch and the second periodic test permission switch, and inputting the signals after the NAND logical operation to a reset end of the RS trigger;
and performing AND logic operation on the state signals of the first periodic test permission switch and the second periodic test permission switch after passing through the rising edge pulse generator SP, and then inputting the signals after the AND logic operation to the set end of the RS trigger.
2. The design method for the trial permission function of the high-reliability reactor protection system according to claim 1, wherein the rising edge pulse generator SP is configured to detect a rising edge of the first trial permission switching signal and the second trial permission switching signal and convert the rising edge into a pulse signal with a time width of 3 s.
3. The design method for the test permission function of the high-reliability reactor protection system according to claim 1, wherein the first periodic test permission switch and the second periodic test permission switch each include two states: normal and test allowed, normal is recorded as 0 and test allowed is recorded as 1.
4. The design method for the test allowable function of the high-reliability reactor protection system according to claim 1 is characterized by specifically comprising the following logic judgments:
when both the two periodic test permission switches are not operated or only one of the two periodic test permission switches is operated, the input of the reset end of the RS trigger is 1, the input of the set end of the RS trigger is 0, and the output of the RS trigger is always 0, which indicates that the periodic test permission mode is not entered currently;
when the two periodic test permission switches are operated within 3 seconds, the input of the reset end of the RS trigger is 0, and the input of the set end of the RS trigger is 1; the output of the RS trigger is 1, which indicates that the regular test permission mode is entered currently, and an alarm is sent to a control room to remind an operator;
after the periodic test is finished, the tester operates the periodic test permission switch to the normal position, after any periodic test permission switch is operated to the normal position, the input of the reset end of the RS trigger is 1, the input of the set end of the RS trigger is 0, the test permission signal output by the RS trigger is cleared, the test permission mode is exited, and the control room test permission alarm disappears.
5. The design method for testing allowable functions of the high-reliability reactor protection system according to claim 4, further comprising the following logic judgments:
if the RS trigger is not in the test permission mode, when one of the periodic test permission switches is triggered due to a fault, as long as the other periodic test permission switch is not triggered due to the fault within 3 seconds after the first periodic test permission switch is triggered, the set end input of the RS trigger is always 0, the reset end input of the RS trigger is always 1, and the output of the RS trigger is 0, which indicates that the RS trigger is not in the test permission mode currently;
if the two periodic tests allow the switch to be triggered in the same 3 seconds due to faults, the output of the RS trigger is mistakenly set to 1, at the moment, an alarm is sent to the control room, the state of an operator is reminded, and therefore the operator can take corrective measures to intervene in time.
6. The design method for the trial permission function of the high-reliability reactor protection system according to claim 1, wherein the RS flip-flop is a reset-priority flip-flop.
7. A high reliability reactor protection system test allowable function design system supporting a high reliability reactor protection system test allowable function design method according to any one of claims 1 to 6, the system comprising: the digital control system is internally provided with a digital quantity input acquisition card and a logic processor, and the control room is internally provided with two periodic test permission switches;
the logic processor comprises a rising edge pulse generator SP, a logic AND gate, a logic NAND gate and an RS trigger, receives and logically processes state signals of two periodic test permission switches acquired by a digital quantity input acquisition card, and sets or resets the state signals of the two periodic test permission switches through the RS trigger after passing through corresponding logics to generate final periodic test permission signals which are input into the reactor protection system; the two periodic test permission switches are marked as a first periodic test permission switch and a second periodic test permission switch; the corresponding logic comprises:
performing NAND logical operation on the state signals of the first periodic test permission switch and the second periodic test permission switch through a logical NAND gate, and inputting the signals after the NAND logical operation to a reset end of the RS trigger;
enabling state signals of the first periodic test permission switch and the second periodic test permission switch to pass through a rising edge pulse generator SP, then carrying out AND logic operation through a logic AND gate, and then inputting signals subjected to AND logic operation to a position end of an RS trigger;
and the rising edge pulse generator SP is used for detecting the rising edge of the first periodic test permission switching signal and the second periodic test permission switching signal and converting the rising edge of the first periodic test permission switching signal and the second periodic test permission switching signal into a pulse signal with the time width of 3 s.
8. The high-reliability reactor protection system test allowable function design system as claimed in claim 7, wherein the corresponding logic specifically comprises the following logic judgments:
when both the two periodic test permission switches are not operated or only one of the two periodic test permission switches is operated, the input of the reset end of the RS trigger is 1, the input of the set end of the RS trigger is 0, and the output of the RS trigger is always 0, which indicates that the periodic test permission mode is not entered currently;
when the two periodic test permission switches are operated within 3 seconds, the input of the reset end of the RS trigger is 0, and the input of the set end of the RS trigger is 1; the output of the RS trigger is 1, which indicates that the regular test permission mode is entered currently, and an alarm is sent to a control room to remind an operator;
after the periodic test is finished, a tester operates the periodic test permission switch to a normal position, after any periodic test permission switch is operated to the normal position, the input of a reset end of the RS trigger is 1, the input of a set end of the RS trigger is 0, and a test permission signal output by the RS trigger is cleared, so that the test permission mode is exited, and the control room test permission alarm disappears;
if the RS trigger is not in the test permission mode, when one of the periodic test permission switches is triggered due to a fault, as long as the other periodic test permission switch is not triggered due to the fault within 3 seconds after the first periodic test permission switch is triggered, the set end input of the RS trigger is always 0, the reset end input of the RS trigger is always 1, and the output of the RS trigger is 0, which indicates that the RS trigger is not in the test permission mode currently;
if the two periodic tests allow the switch to be triggered in the same 3 seconds due to faults, the output of the RS trigger is mistakenly set to 1, at the moment, an alarm is sent to the control room, the state of an operator is reminded, and therefore the operator can take corrective measures to intervene in time.
9. The high-reliability reactor protection system test admission function design system of claim 7, wherein the RS trigger employs a reset-priority type trigger.
10. A computer arrangement comprising a memory, a processor and a computer program stored in said memory and executable on said processor, characterized in that said processor implements a high reliability reactor protection system test enable function design method according to any of claims 1 to 6 when executing said computer program.
CN202110982589.XA 2021-08-25 2021-08-25 High-reliability reactor protection system test permission function design method and system Active CN113688521B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110982589.XA CN113688521B (en) 2021-08-25 2021-08-25 High-reliability reactor protection system test permission function design method and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110982589.XA CN113688521B (en) 2021-08-25 2021-08-25 High-reliability reactor protection system test permission function design method and system

Publications (2)

Publication Number Publication Date
CN113688521A true CN113688521A (en) 2021-11-23
CN113688521B CN113688521B (en) 2023-06-20

Family

ID=78582590

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110982589.XA Active CN113688521B (en) 2021-08-25 2021-08-25 High-reliability reactor protection system test permission function design method and system

Country Status (1)

Country Link
CN (1) CN113688521B (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114384878A (en) * 2021-12-31 2022-04-22 江苏核电有限公司 Method for relieving network fault consequence of DCS (distributed control system)
CN115237046A (en) * 2022-07-21 2022-10-25 中国核动力研究设计院 Manual prohibition method and device for safety injection signal, terminal and readable storage medium
CN115359932A (en) * 2022-08-19 2022-11-18 中国核动力研究设计院 P11 non-allowable signal generation device and method and related system for nuclear power plant

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
BE797739A (en) * 1972-04-04 1973-10-04 Westinghouse Electric Corp CONTROL DEVICE FOR LOGIC PROTECTION AND BACKUP FUNCTIONS
CN103401552A (en) * 2013-07-02 2013-11-20 高利斌 Function module capable of preventing protection misoperation caused by analog quantity signal hopping
CN204928773U (en) * 2015-05-29 2015-12-30 西门子电站自动化有限公司 A voltage control moves looks pulse generator for excitation system
CN107656218A (en) * 2017-11-06 2018-02-02 湖北汽车工业学院 Induction heating power failure detects in real time and processing system
CN107884672A (en) * 2017-10-30 2018-04-06 福建福清核电有限公司 A kind of routine test method of nuclear power plant's reactor protection system link circuit
CN109887368A (en) * 2019-04-11 2019-06-14 威立雅(哈尔滨)热电有限公司 Medium Voltage Switchgear secondary control loop simulation training platform and its programmable logic controller (PLC) logic judging method

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
BE797739A (en) * 1972-04-04 1973-10-04 Westinghouse Electric Corp CONTROL DEVICE FOR LOGIC PROTECTION AND BACKUP FUNCTIONS
CN103401552A (en) * 2013-07-02 2013-11-20 高利斌 Function module capable of preventing protection misoperation caused by analog quantity signal hopping
CN204928773U (en) * 2015-05-29 2015-12-30 西门子电站自动化有限公司 A voltage control moves looks pulse generator for excitation system
CN107884672A (en) * 2017-10-30 2018-04-06 福建福清核电有限公司 A kind of routine test method of nuclear power plant's reactor protection system link circuit
CN107656218A (en) * 2017-11-06 2018-02-02 湖北汽车工业学院 Induction heating power failure detects in real time and processing system
CN109887368A (en) * 2019-04-11 2019-06-14 威立雅(哈尔滨)热电有限公司 Medium Voltage Switchgear secondary control loop simulation training platform and its programmable logic controller (PLC) logic judging method

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114384878A (en) * 2021-12-31 2022-04-22 江苏核电有限公司 Method for relieving network fault consequence of DCS (distributed control system)
CN115237046A (en) * 2022-07-21 2022-10-25 中国核动力研究设计院 Manual prohibition method and device for safety injection signal, terminal and readable storage medium
CN115359932A (en) * 2022-08-19 2022-11-18 中国核动力研究设计院 P11 non-allowable signal generation device and method and related system for nuclear power plant
CN115359932B (en) * 2022-08-19 2023-09-26 中国核动力研究设计院 P11 non-permission signal generation device and method and related system for nuclear power plant

Also Published As

Publication number Publication date
CN113688521B (en) 2023-06-20

Similar Documents

Publication Publication Date Title
CN113688521A (en) Design method and system for test allowable function of high-reliability reactor protection system
EP2343712A2 (en) Protection system and protection method of power plant using fpga
CN107863169B (en) Method and device for starting containment spraying system of nuclear power station
CN102656568B (en) Microcomputer and method of operating thereof
KR101073342B1 (en) Automated periodic surveillance testing method and apparatus in digital reactor protection system
CN104392756A (en) Reactor dynamic interlock system and method based on digital instrumentation and control system
CN110095978A (en) One kind 2 multiplies 2 and takes 2 systems and its security diagnostics method
CN107484430A (en) A kind of security system and its operating method for nuclear power plant
KR101554388B1 (en) Engineered safety features - component control system and operating method thereof
KR20080013153A (en) Digital security system for nuclear power plant
CN109712731B (en) Nuclear power station diversity driving system and driving method
KR101902577B1 (en) Method for checking functions of control system with components
KR101681978B1 (en) Reactor Protection System Having Different Kind of Control Apparatus
EP3316261A1 (en) Control system for the safety of nuclear power plant
CN111650505A (en) Contactor fault diagnosis method and device, storage medium and converter
Braband et al. Probability of failure on demand–the why and the how
CN110399258B (en) Stability testing method, system and device for server system
CN115237064A (en) Safety control method, system and device
KR101245049B1 (en) Nuclear power plant multiple structure adaptive control apparatus and method
Hwang et al. System and software design for the plant protection system for shin-hanul nuclear power plant units 1 and 2
Xie et al. Research on periodic test scheme of safety digital control system for nuclear power plant
JP4387994B2 (en) Criticality alarm device and test method thereof
KR101399412B1 (en) System and for the establishment and management of failure class table(fct) depending on equipment class using failure information master tree(fimt)
CN115639788B (en) Periodic test device and method for reactor protection system based on digital-analog hybrid technology
KR102370659B1 (en) Plant Protection System

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant