CN113688521B - High-reliability reactor protection system test permission function design method and system - Google Patents

High-reliability reactor protection system test permission function design method and system Download PDF

Info

Publication number
CN113688521B
CN113688521B CN202110982589.XA CN202110982589A CN113688521B CN 113688521 B CN113688521 B CN 113688521B CN 202110982589 A CN202110982589 A CN 202110982589A CN 113688521 B CN113688521 B CN 113688521B
Authority
CN
China
Prior art keywords
periodic test
trigger
test permission
periodic
permission
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202110982589.XA
Other languages
Chinese (zh)
Other versions
CN113688521A (en
Inventor
王琳
刘宏春
何正熙
王远兵
青先国
王明星
王殳
朱攀
许东芳
贺理
孙诗炎
李谢晋
冯威
陈鹏
伍巧凤
李昱
钟思洁
石亚东
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Nuclear Power Institute of China
Original Assignee
Nuclear Power Institute of China
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Nuclear Power Institute of China filed Critical Nuclear Power Institute of China
Priority to CN202110982589.XA priority Critical patent/CN113688521B/en
Publication of CN113688521A publication Critical patent/CN113688521A/en
Application granted granted Critical
Publication of CN113688521B publication Critical patent/CN113688521B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F30/00Computer-aided design [CAD]
    • G06F30/20Design optimisation, verification or simulation
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2119/00Details relating to the type or aim of the analysis or the optimisation
    • G06F2119/02Reliability analysis or reliability optimisation; Failure analysis, e.g. worst case scenario performance, failure mode and effects analysis [FMEA]
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02EREDUCTION OF GREENHOUSE GAS [GHG] EMISSIONS, RELATED TO ENERGY GENERATION, TRANSMISSION OR DISTRIBUTION
    • Y02E30/00Energy generation of nuclear origin

Landscapes

  • Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Evolutionary Computation (AREA)
  • Geometry (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Testing And Monitoring For Control Systems (AREA)

Abstract

The invention discloses a design method and a system for a test permission function of a highly reliable reactor protection system.A logic processor is arranged in a digital instrument control system, the logic processor receives state signals of two periodic test permission switches acquired by a digital quantity input acquisition card and carries out logic processing on the state signals, and the state signals of the two periodic test permission switches are set or reset through an RS trigger after passing through corresponding logic to generate final periodic test permission signals to be input into the reactor protection system. The invention avoids the situation that a single switch fault or two switches are sequentially faulted to cause the system to falsely send test permission signals, thereby eliminating the risk of failure of the protection function possibly caused by the switch fault. The invention improves the reliability of manual permission functions of the periodic test of the reactor protection system, reduces the risk of refusal of the safety system of the nuclear power plant and is beneficial to improving the safety of the nuclear power plant.

Description

High-reliability reactor protection system test permission function design method and system
Technical Field
The invention relates to the technical field of nuclear power plant reactor protection system design, in particular to a method and a system for designing a high-reliability reactor protection system test permission function.
Background
The reactor protection system is a very important part of the nuclear power plant, automatically triggers the reactor to shut down when the operation working condition of the nuclear power plant reaches the operation limit value, and simultaneously triggers the special safety facility to relieve the accident result under the condition of accident, thereby playing a vital role in the safe, economic and reliable operation of the nuclear power plant. Thus, to demonstrate that the reactor protection system can perform these protection functions when needed, it is necessary to perform periodic tests (checking the availability of the system in accordance with test procedures during certain time intervals).
In order to avoid that the normal operation of the power plant is affected by the safety system action caused by the test when the periodic test is performed, a test manual permission switch is arranged, and the corresponding periodic test manual permission switch is pressed down before the periodic test is performed for enabling the periodic test, including locking the triggering of certain safety actions related to the test. Therefore, when the manual permission switch is triggered by mistake due to faults, the normal action of the safety system can be directly influenced, and the safety of the nuclear power plant is influenced. To reduce the probability of false triggering of the allow switches, the manual allow switches are typically set to two, and only when both switches are operated to the "test allow" state will the relevant periodic test be enabled. However, the periodic tests in the prior art allow false triggering of the switch to cause problems with the rejection of safety functions associated with the reactor protection system.
Disclosure of Invention
The invention aims to provide a design method and a system for a test permission function of a highly reliable reactor protection system, which can effectively eliminate the problem that the safety system is refused (function locking) due to the fact that a single reactor protection system periodically tests and manually permits the switch to be triggered by mistake or both test and manually permits the switch to be triggered by mistake.
The invention is realized by the following technical scheme:
in a first aspect, the present invention provides a method for designing a test permission function of a highly reliable reactor protection system, wherein a logic processor is arranged in a digital instrument control system, and the method comprises: the logic processor receives and logically processes the state signals of the two periodic test permission switches acquired by the digital quantity input acquisition card, and the state signals of the two periodic test permission switches are set or reset through the RS trigger after corresponding logic, so that a final periodic test permission signal is generated and input into the reactor protection system; wherein, the two periodic test permission switches are recorded as a first periodic test permission switch and a second periodic test permission switch; two periodic tests allow the switch to be located in the control room;
the logic processing includes:
the state signals of the first periodic test permission switch and the second periodic test permission switch are subjected to NAND logic operation, and signals after NAND logic operation are input to a reset end of the RS trigger;
the state signals of the first periodic test permission switch and the second periodic test permission switch are subjected to AND logic operation after passing through the rising edge pulse generator SP, and then the signals after AND logic operation are input to the setting end of the RS trigger.
The working principle is as follows: in order to avoid false triggering of the periodic test permission switches to cause refusal of related safety functions of the reactor protection system as far as possible, the invention realizes the enabling of the periodic tests by collecting the states of the two periodic test permission switches and performing corresponding logic processing. The periodic test allows the state signal of the switch to be collected by a signal DI card (digital quantity input collection card) and then sent to a logic processor for processing. In the logic processing section: on the one hand, the state signals of the two periodic test permission switches firstly pass through a rising edge pulse generator respectively, the rising edge pulse generator outputs a pulse which can only be maintained for 3S once detecting the rising edge signal, then the signals of the two periodic test permission switches after passing through the rising edge pulse generator are subjected to AND logic operation processing and then are sent to the S end (setting end) of the RS trigger, so that the RS trigger outputs a test permission signal, and an alarm is sent to a control room to remind an operator of entering a periodic test permission mode currently. On the other hand, the state signals of the two periodic test permission switches are subjected to NAND logic operation and then sent to the R end (reset end) of the RS trigger, and when any periodic test permission switch is not in the test permission position, the test permission signals output by the RS trigger can be reset, so that the state of the RS trigger is exited.
The novelty and innovation point of the method is that the switch and related logic processing are allowed through designing two periodic tests, and meanwhile, the situation that a test permission signal is wrongly sent out by a system due to single switch faults or two switches are sequentially failed is avoided, so that the risk of failure of a protection function possibly caused by the switch faults is eliminated. The invention improves the reliability of manual permission functions of the periodic test of the reactor protection system, reduces the risk of refusal of the safety system of the nuclear power plant and is beneficial to improving the safety of the nuclear power plant.
Further, the rising edge pulse generator SP is configured to detect the rising edge of the first periodic test enable switch signal and the second periodic test enable switch signal and convert the rising edge into a pulse signal having a time width of 3 s.
Further, the first periodic test enable switch and the second periodic test enable switch each include two states: normal and test allowed, normal was noted 0 and test allowed was noted 1.
Further, the method specifically includes the following logic judgment in ideal cases:
when both the two periodic test permission switches are not operated or only one is operated, the reset end input of the RS trigger is 1, the set end input of the RS trigger is 0, and the output of the RS trigger is always 0, which indicates that the periodic test permission mode is not entered currently;
when the two periodic test permission switches are operated within 3 seconds, the reset end input of the RS trigger is 0, and the set end input of the RS trigger is 1; the output of the RS trigger is 1, which indicates that the periodic test permission mode is currently entered, and an alarm is sent to a control room to remind an operator;
after the periodic test is completed, the test staff operates the periodic test permission switch to the normal position, after any periodic test permission switch is operated to the normal position (namely, after both periodic test permission switches are in a test permission state and the periodic test is completed, one periodic test permission switch is operated to the normal state), the reset end input of the RS trigger is 1, the set end input of the RS trigger is 0, and the test permission signal output by the RS trigger is cleared, so that the test permission mode is exited, and the control room test permission alarm disappears.
Further, the method also comprises logic judgment under the following non-ideal conditions:
if the test permission mode is not in, when one of the periodic test permission switches is triggered by a fault, the set end input of the RS trigger is always 0, the reset end input of the RS trigger is always 1, and the output of the RS trigger is 0, so long as the other periodic test permission switch is not triggered by the fault within 3 seconds after the first periodic test permission switch is triggered, so that the current test permission mode is not in;
if both periodic test permission switches are triggered by faults within the same 3 seconds, the output of the RS trigger is set to be 1 by mistake, and at the moment, an alarm is sent to the control room to remind an operator of the state, so that the operator can take appropriate corrective measures to perform timely intervention.
Further, the RS flip-flop adopts a reset priority type flip-flop.
In a second aspect, the present invention also provides a high-reliability reactor protection system test permission function design system supporting the high-reliability reactor protection system test permission function design method, the system comprising: the digital instrument control system is internally provided with a digital quantity input acquisition card and a logic processor, and the control room is internally provided with two periodic test permission switches;
the logic processor comprises a rising edge pulse generator SP, a logic AND gate, a logic NAND gate and an RS trigger, receives state signals of two periodic test permission switches acquired by the digital quantity input acquisition card, carries out logic processing on the state signals, sets or resets the state signals of the two periodic test permission switches through the RS trigger after corresponding logic, and generates final periodic test permission signals to be input into the reactor protection system; wherein, the two periodic test permission switches are recorded as a first periodic test permission switch and a second periodic test permission switch; the corresponding logic includes:
the state signals of the first periodic test permission switch and the second periodic test permission switch are subjected to NAND logic operation through a logic NAND gate, and signals after NAND logic operation are input to a reset end of the RS trigger;
the state signals of the first periodic test permission switch and the second periodic test permission switch are subjected to AND logic operation through a logic AND gate after passing through a rising edge pulse generator SP, and then the signals after AND logic operation are input to a setting end of an RS trigger;
the rising edge pulse generator SP is configured to detect a rising edge of the first periodic test permission switch signal and the second periodic test permission switch signal and convert the rising edge into a pulse signal with a time width of 3 s.
Further, the corresponding logic specifically includes logic judgment in the following cases:
when both the two periodic test permission switches are not operated or only one is operated, the reset end input of the RS trigger is 1, the set end input of the RS trigger is 0, and the output of the RS trigger is always 0, which indicates that the periodic test permission mode is not entered currently;
when the two periodic test permission switches are operated within 3 seconds, the reset end input of the RS trigger is 0, and the set end input of the RS trigger is 1; the output of the RS trigger is 1, which indicates that the periodic test permission mode is currently entered, and an alarm is sent to a control room to remind an operator;
after the periodic test is completed, the test personnel operates the periodic test permission switch to the normal position, after any periodic test permission switch is operated to the normal position (namely, after both periodic test permission switches are in a test permission state and the periodic test is completed, one periodic test permission switch is operated to the normal state), the reset end input of the RS trigger is 1, the set end input of the RS trigger is 0, the test permission signal output by the RS trigger is cleared, so that the test permission mode is exited, and the control room test permission alarm disappears;
if the test permission mode is not in, when one of the periodic test permission switches is triggered by a fault, the set end input of the RS trigger is always 0, the reset end input of the RS trigger is always 1, and the output of the RS trigger is 0, so long as the other periodic test permission switch is not triggered by the fault within 3 seconds after the first periodic test permission switch is triggered, so that the current test permission mode is not in;
if both periodic test permission switches are triggered by faults within the same 3 seconds, the output of the RS trigger is set to be 1 by mistake, and at the moment, an alarm is sent to the control room to remind an operator of the state, so that the operator can take appropriate corrective measures to perform timely intervention.
Further, the RS flip-flop employs a reset priority type flip-flop.
In a third aspect, the present invention also provides a computer device, including a memory, a processor, and a computer program stored in the memory and executable on the processor, where the processor implements the method for designing a high reliability reactor protection system test allowable function when executing the computer program.
Compared with the prior art, the invention has the following advantages and beneficial effects:
1. the novelty and innovation point of the method is that the switch and related logic processing are allowed through designing two periodic tests, and meanwhile, the situation that a test permission signal is wrongly sent out by a system due to single switch faults or two switches are sequentially failed is avoided, so that the risk of failure of a protection function possibly caused by the switch faults is eliminated.
2. The invention improves the reliability of manual permission functions of the periodic test of the reactor protection system, reduces the risk of refusal of the safety system of the nuclear power plant and is beneficial to improving the safety of the nuclear power plant.
Drawings
The accompanying drawings, which are included to provide a further understanding of embodiments of the invention and are incorporated in and constitute a part of this application, illustrate embodiments of the invention. In the drawings:
FIG. 1 is a schematic diagram of a high reliability reactor protection system test enabling function design methodology of the present invention.
Detailed Description
For the purpose of making apparent the objects, technical solutions and advantages of the present invention, the present invention will be further described in detail with reference to the following examples and the accompanying drawings, wherein the exemplary embodiments of the present invention and the descriptions thereof are for illustrating the present invention only and are not to be construed as limiting the present invention.
Example 1
As shown in fig. 1, a method for designing a test permission function of a highly reliable reactor protection system according to the present invention includes: the logic processor receives and logically processes the state signals of the two periodic test permission switches acquired by the digital quantity input acquisition card, and the state signals of the two periodic test permission switches are set or reset through the RS trigger after corresponding logic, so that a final periodic test permission signal is generated and input into the reactor protection system; wherein, the two periodic test permission switches are recorded as a first periodic test permission switch and a second periodic test permission switch; two periodic tests allow the switch to be located in the control room;
the logic processing includes:
the state signals of the first periodic test permission switch and the second periodic test permission switch are subjected to NAND logic operation, and signals after NAND logic operation are input to a reset end of the RS trigger;
the state signals of the first periodic test permission switch and the second periodic test permission switch are subjected to AND logic operation after passing through the rising edge pulse generator SP, and then the signals after AND logic operation are input to the setting end of the RS trigger.
Wherein the AND logic is that only the status signals of the first periodic test enable switch and the second periodic test enable switch are 1, and the result is 1.
The NAND logic is used for outputting 0 if the state signals of the first periodic test permission switch and the second periodic test permission switch are both 1 when the state signals are input; if at least one of the status signals of the first periodic test enable switch and the second periodic test enable switch in the input is 0, the output is 1.
For further explanation of the present embodiment, the rising edge pulse generator SP is configured to detect the rising edge of the first periodic test enable switch signal and the second periodic test enable switch signal and convert the rising edge into a pulse signal having a time width of 3 s.
To further illustrate this embodiment, the first periodic test enable switch and the second periodic test enable switch each include two states: normal and test allowed, normal was noted 0 and test allowed was noted 1.
For further explanation of this embodiment, the method specifically includes the following logic determination in the ideal case:
when both the two periodic test permission switches are not operated or only one is operated, the reset end input of the RS trigger is 1, the set end input of the RS trigger is 0, and the output of the RS trigger is always 0, which indicates that the periodic test permission mode is not entered currently;
when the two periodic test permission switches are operated within 3 seconds, the reset end input of the RS trigger is 0, and the set end input of the RS trigger is 1; the output of the RS trigger is 1, which indicates that the periodic test permission mode is currently entered, and an alarm is sent to a control room to remind an operator;
after the periodic test is completed, the test staff operates the periodic test permission switch to the normal position, after any periodic test permission switch is operated to the normal position (namely, after both periodic test permission switches are in a test permission state and the periodic test is completed, one periodic test permission switch is operated to the normal state), the reset end input of the RS trigger is 1, the set end input of the RS trigger is 0, and the test permission signal output by the RS trigger is cleared, so that the test permission mode is exited, and the control room test permission alarm disappears.
For further explanation of this embodiment, the method further includes logic determination for non-ideal cases as follows:
if the test permission mode is not in, when one of the periodic test permission switches is triggered by a fault, the set end input of the RS trigger is always 0, the reset end input of the RS trigger is always 1, and the output of the RS trigger is 0, so long as the other periodic test permission switch is not triggered by the fault within 3 seconds after the first periodic test permission switch is triggered, so that the current test permission mode is not in;
if both periodic test permission switches are triggered by faults within the same 3 seconds, the output of the RS trigger is set to be 1 by mistake, and at the moment, an alarm is sent to the control room to remind an operator of the state, so that the operator can take appropriate corrective measures to perform timely intervention.
For further explanation of the present embodiment, the RS flip-flop employs a reset priority type flip-flop.
The implementation process comprises the following steps: the method of the invention is implemented in a Chinese engineering test pile, and the generation process of a periodic test permission signal is shown in figure 1. First, two periodic tests at the turntable (i.e., control room) allow the switch to be triggered, and the Digital Control System (DCS) collects the switch status signal via the digital input card (DI) into the Central Processing Unit (CPU) for logic processing. The state signals of the two switches pass through corresponding logic and then set or reset a final periodic test permission signal through an RS trigger. Specifically:
the invention realizes the enabling of the periodic test by collecting the states of the two periodic test permission switches and performing corresponding logic processing. The periodic test allows the state signal of the switch to be collected by a signal DI card (digital quantity input collection card) and then sent to a logic processor for processing. In the logic processing section: on the one hand, the state signals of the two periodic test permission switches firstly pass through a rising edge pulse generator respectively, the rising edge pulse generator outputs a pulse which can only be maintained for 3S once detecting the rising edge signal, then the signals of the two periodic test permission switches after passing through the rising edge pulse generator are subjected to AND logic operation processing and then are sent to the S end (setting end) of the RS trigger, so that the RS trigger outputs a test permission signal, and an alarm is sent to a control room to remind an operator of entering a periodic test permission mode currently. On the other hand, the state signals of the two periodic test permission switches are subjected to NAND logic operation and then sent to the R end (reset end) of the RS trigger, and when any periodic test permission switch is not in the test permission position, the test permission signals output by the RS trigger can be reset, so that the state of the RS trigger is exited.
The novelty and innovation point of the method is that the switch and related logic processing are allowed through designing two periodic tests, and meanwhile, the situation that a test permission signal is wrongly sent out by a system due to single switch faults or two switches are sequentially failed is avoided, so that the risk of failure of a protection function possibly caused by the switch faults is eliminated. The invention improves the reliability of manual permission functions of the periodic test of the reactor protection system, reduces the risk of refusal of the safety system of the nuclear power plant and is beneficial to improving the safety of the nuclear power plant.
The invention can also be applied to other control systems than a Digital Control System (DCS) that generates a final periodic test enable signal to the reactor protection system.
Example 2
As shown in fig. 1, this embodiment differs from embodiment 1 in that this embodiment provides a high-reliability reactor protection system test allowable function design system supporting a high-reliability reactor protection system test allowable function design method described in embodiment 1, the system comprising: the digital instrument control system is internally provided with a digital quantity input acquisition card and a logic processor, and the control room is internally provided with two periodic test permission switches;
the logic processor comprises a rising edge pulse generator SP, a logic AND gate, a logic NAND gate and an RS trigger, receives state signals of two periodic test permission switches acquired by the digital quantity input acquisition card, carries out logic processing on the state signals, sets or resets the state signals of the two periodic test permission switches through the RS trigger after corresponding logic, and generates final periodic test permission signals to be input into the reactor protection system; wherein, the two periodic test permission switches are recorded as a first periodic test permission switch and a second periodic test permission switch; the corresponding logic includes:
the state signals of the first periodic test permission switch and the second periodic test permission switch are subjected to NAND logic operation through a logic NAND gate, and signals after NAND logic operation are input to a reset end of the RS trigger;
the state signals of the first periodic test permission switch and the second periodic test permission switch are subjected to AND logic operation through a logic AND gate after passing through a rising edge pulse generator SP, and then the signals after AND logic operation are input to a setting end of an RS trigger;
the rising edge pulse generator SP is configured to detect a rising edge of the first periodic test permission switch signal and the second periodic test permission switch signal and convert the rising edge into a pulse signal with a time width of 3 s.
To further illustrate this embodiment, the first periodic test enable switch and the second periodic test enable switch each include two states: normal and test allowed, normal was noted 0 and test allowed was noted 1.
For further explanation of this embodiment, the corresponding logic specifically includes logic decisions for several cases:
when both the two periodic test permission switches are not operated or only one is operated, the reset end input of the RS trigger is 1, the set end input of the RS trigger is 0, and the output of the RS trigger is always 0, which indicates that the periodic test permission mode is not entered currently;
when the two periodic test permission switches are operated within 3 seconds, the reset end input of the RS trigger is 0, and the set end input of the RS trigger is 1; the output of the RS trigger is 1, which indicates that the periodic test permission mode is currently entered, and an alarm is sent to a control room to remind an operator;
after the periodic test is completed, the test personnel operates the periodic test permission switch to the normal position, after any periodic test permission switch is operated to the normal position (namely, after both periodic test permission switches are in a test permission state and the periodic test is completed, one periodic test permission switch is operated to the normal state), the reset end input of the RS trigger is 1, the set end input of the RS trigger is 0, the test permission signal output by the RS trigger is cleared, so that the test permission mode is exited, and the control room test permission alarm disappears;
if the test permission mode is not in, when one of the periodic test permission switches is triggered by a fault, the set end input of the RS trigger is always 0, the reset end input of the RS trigger is always 1, and the output of the RS trigger is 0, so long as the other periodic test permission switch is not triggered by the fault within 3 seconds after the first periodic test permission switch is triggered, so that the current test permission mode is not in;
if both periodic test permission switches are triggered by faults within the same 3 seconds, the output of the RS trigger is set to be 1 by mistake, and at the moment, an alarm is sent to the control room to remind an operator of the state, so that the operator can take appropriate corrective measures to perform timely intervention.
For further explanation of this embodiment, the RS flip-flop uses a reset priority flip-flop.
The design system of the invention not only can meet the output requirement under the normal operation of the manual permission switch for the periodic test, but also eliminates the situation that the protection function is refused due to the false transmission of the test permission signal caused by the failure of a single switch or the failure of two switches in sequence, thereby improving the reliability of the manual permission function of the periodic test of the reactor protection system, reducing the risk of the refusal of the safety system of the nuclear power device and being beneficial to improving the safety of the nuclear power device.
It will be appreciated by those skilled in the art that embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment, or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present application is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems) and computer program products according to embodiments of the application. It will be understood that each flow and/or block of the flowchart illustrations and/or block diagrams, and combinations of flows and/or blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
The foregoing description of the embodiments has been provided for the purpose of illustrating the general principles of the invention, and is not meant to limit the scope of the invention, but to limit the invention to the particular embodiments, and any modifications, equivalents, improvements, etc. that fall within the spirit and principles of the invention are intended to be included within the scope of the invention.

Claims (9)

1. A method for designing a test permission function of a highly reliable reactor protection system, wherein a logic processor is provided in a digitizer control system, the method comprising: the logic processor receives and logically processes the state signals of the two periodic test permission switches acquired by the digital quantity input acquisition card, and the state signals of the two periodic test permission switches are set or reset through the RS trigger after corresponding logic, so that a final periodic test permission signal is generated and input into the reactor protection system; wherein, the two periodic test permission switches are recorded as a first periodic test permission switch and a second periodic test permission switch; two periodic tests allow the switch to be located in the control room;
the process of the corresponding logic includes:
the state signals of the first periodic test permission switch and the second periodic test permission switch are subjected to NAND logic operation, and signals after NAND logic operation are input to a reset end of the RS trigger;
the state signals of the first periodic test permission switch and the second periodic test permission switch are subjected to AND logic operation after passing through a rising edge pulse generator SP, and then the signals after AND logic operation are input to a setting end of an RS trigger;
the rising edge pulse generator SP is configured to detect a rising edge of the first periodic test enable switching signal and the second periodic test enable switching signal and convert the rising edge into a pulse signal having a time width of 3 s.
2. The method of claim 1, wherein the first periodic test enable switch and the second periodic test enable switch each comprise two states: normal and test allowed, normal was noted 0 and test allowed was noted 1.
3. The method for designing a test enabling function of a highly reliable reactor protection system according to claim 1, comprising the following logic:
when both the two periodic test permission switches are not operated or only one is operated, the reset end input of the RS trigger is 1, the set end input of the RS trigger is 0, and the output of the RS trigger is always 0, which indicates that the periodic test permission mode is not entered currently;
when the two periodic test permission switches are operated within 3 seconds, the reset end input of the RS trigger is 0, and the set end input of the RS trigger is 1; the output of the RS trigger is 1, which indicates that the periodic test permission mode is currently entered, and an alarm is sent to a control room to remind an operator;
after the periodic test is completed, the test personnel operates the periodic test permission switch to the normal position, after any periodic test permission switch is operated to the normal position, the reset end input of the RS trigger is 1, the set end input of the RS trigger is 0, and the test permission signal output by the RS trigger is cleared, so that the test permission mode is exited, and the control room test permission alarm disappears.
4. A method of designing a high reliability reactor protection system test enabling function according to claim 3, further comprising the logic of:
if the test permission mode is not in, when one of the periodic test permission switches is triggered by a fault, the set end input of the RS trigger is always 0, the reset end input of the RS trigger is always 1, and the output of the RS trigger is 0, so long as the other periodic test permission switch is not triggered by the fault within 3 seconds after the first periodic test permission switch is triggered, so that the current test permission mode is not in;
if the two periodic test permission switches are triggered by faults within the same 3 seconds, the output of the RS trigger is set to be 1 by mistake, and at the moment, an alarm is sent to the control room to remind an operator of the state, so that the operator takes corrective measures to perform timely intervention.
5. The method for designing a high reliability reactor protection system test enabling function according to claim 1, wherein the RS flip-flop uses a reset priority flip-flop.
6. A high reliability reactor protection system test allowable function design system supporting a high reliability reactor protection system test allowable function design method according to any one of claims 1 to 5, the system comprising: the digital instrument control system is internally provided with a digital quantity input acquisition card and a logic processor, and the control room is internally provided with two periodic test permission switches;
the logic processor comprises a rising edge pulse generator SP, a logic AND gate, a logic NAND gate and an RS trigger, receives state signals of two periodic test permission switches acquired by the digital quantity input acquisition card, carries out logic processing on the state signals, sets or resets the state signals of the two periodic test permission switches through the RS trigger after corresponding logic, and generates final periodic test permission signals to be input into the reactor protection system; wherein, the two periodic test permission switches are recorded as a first periodic test permission switch and a second periodic test permission switch; the corresponding logic includes:
the state signals of the first periodic test permission switch and the second periodic test permission switch are subjected to NAND logic operation through a logic NAND gate, and signals after NAND logic operation are input to a reset end of the RS trigger;
the state signals of the first periodic test permission switch and the second periodic test permission switch are subjected to AND logic operation through a logic AND gate after passing through a rising edge pulse generator SP, and then the signals after AND logic operation are input to a setting end of an RS trigger;
the rising edge pulse generator SP is configured to detect a rising edge of the first periodic test permission switch signal and the second periodic test permission switch signal and convert the rising edge into a pulse signal with a time width of 3 s.
7. The high reliability reactor protection system test enabling function design system according to claim 6, wherein said corresponding logic comprises in particular the following logic decisions:
when both the two periodic test permission switches are not operated or only one is operated, the reset end input of the RS trigger is 1, the set end input of the RS trigger is 0, and the output of the RS trigger is always 0, which indicates that the periodic test permission mode is not entered currently;
when the two periodic test permission switches are operated within 3 seconds, the reset end input of the RS trigger is 0, and the set end input of the RS trigger is 1; the output of the RS trigger is 1, which indicates that the periodic test permission mode is currently entered, and an alarm is sent to a control room to remind an operator;
after the periodic test is completed, a tester operates the periodic test permission switch to a normal position, after any periodic test permission switch is operated to the normal position, the reset end input of the RS trigger is 1, the set end input of the RS trigger is 0, and the test permission signal output by the RS trigger is cleared, so that the test permission mode is exited, and the control room test permission alarm disappears;
if the test permission mode is not in, when one of the periodic test permission switches is triggered by a fault, the set end input of the RS trigger is always 0, the reset end input of the RS trigger is always 1, and the output of the RS trigger is 0, so long as the other periodic test permission switch is not triggered by the fault within 3 seconds after the first periodic test permission switch is triggered, so that the current test permission mode is not in;
if the two periodic test permission switches are triggered by faults within the same 3 seconds, the output of the RS trigger is set to be 1 by mistake, and at the moment, an alarm is sent to the control room to remind an operator of the state, so that the operator takes corrective measures to perform timely intervention.
8. The system of claim 6, wherein the RS flip-flop is a reset priority flip-flop.
9. A computer device comprising a memory, a processor and a computer program stored in the memory and executable on the processor, characterized in that the processor implements a high reliability reactor protection system test enabling function design method according to any one of claims 1 to 5 when executing the computer program.
CN202110982589.XA 2021-08-25 2021-08-25 High-reliability reactor protection system test permission function design method and system Active CN113688521B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110982589.XA CN113688521B (en) 2021-08-25 2021-08-25 High-reliability reactor protection system test permission function design method and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110982589.XA CN113688521B (en) 2021-08-25 2021-08-25 High-reliability reactor protection system test permission function design method and system

Publications (2)

Publication Number Publication Date
CN113688521A CN113688521A (en) 2021-11-23
CN113688521B true CN113688521B (en) 2023-06-20

Family

ID=78582590

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110982589.XA Active CN113688521B (en) 2021-08-25 2021-08-25 High-reliability reactor protection system test permission function design method and system

Country Status (1)

Country Link
CN (1) CN113688521B (en)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114384878A (en) * 2021-12-31 2022-04-22 江苏核电有限公司 Method for relieving network fault consequence of DCS (distributed control system)
CN115237046A (en) * 2022-07-21 2022-10-25 中国核动力研究设计院 Manual prohibition method and device for safety injection signal, terminal and readable storage medium
CN115359932B (en) * 2022-08-19 2023-09-26 中国核动力研究设计院 P11 non-permission signal generation device and method and related system for nuclear power plant

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
BE797739A (en) * 1972-04-04 1973-10-04 Westinghouse Electric Corp CONTROL DEVICE FOR LOGIC PROTECTION AND BACKUP FUNCTIONS
CN103401552A (en) * 2013-07-02 2013-11-20 高利斌 Function module capable of preventing protection misoperation caused by analog quantity signal hopping
CN204928773U (en) * 2015-05-29 2015-12-30 西门子电站自动化有限公司 A voltage control moves looks pulse generator for excitation system
CN107656218A (en) * 2017-11-06 2018-02-02 湖北汽车工业学院 Induction heating power failure detects in real time and processing system
CN107884672A (en) * 2017-10-30 2018-04-06 福建福清核电有限公司 A kind of routine test method of nuclear power plant's reactor protection system link circuit
CN109887368A (en) * 2019-04-11 2019-06-14 威立雅(哈尔滨)热电有限公司 Medium Voltage Switchgear secondary control loop simulation training platform and its programmable logic controller (PLC) logic judging method

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
BE797739A (en) * 1972-04-04 1973-10-04 Westinghouse Electric Corp CONTROL DEVICE FOR LOGIC PROTECTION AND BACKUP FUNCTIONS
CN103401552A (en) * 2013-07-02 2013-11-20 高利斌 Function module capable of preventing protection misoperation caused by analog quantity signal hopping
CN204928773U (en) * 2015-05-29 2015-12-30 西门子电站自动化有限公司 A voltage control moves looks pulse generator for excitation system
CN107884672A (en) * 2017-10-30 2018-04-06 福建福清核电有限公司 A kind of routine test method of nuclear power plant's reactor protection system link circuit
CN107656218A (en) * 2017-11-06 2018-02-02 湖北汽车工业学院 Induction heating power failure detects in real time and processing system
CN109887368A (en) * 2019-04-11 2019-06-14 威立雅(哈尔滨)热电有限公司 Medium Voltage Switchgear secondary control loop simulation training platform and its programmable logic controller (PLC) logic judging method

Also Published As

Publication number Publication date
CN113688521A (en) 2021-11-23

Similar Documents

Publication Publication Date Title
CN113688521B (en) High-reliability reactor protection system test permission function design method and system
KR100980043B1 (en) System and method of protecting a power plant using FPGA
WO2016091158A1 (en) Diversity drive method, device and system for nuclear power plant
CN102656568B (en) Microcomputer and method of operating thereof
CN107863169B (en) Method and device for starting containment spraying system of nuclear power station
KR101073342B1 (en) Automated periodic surveillance testing method and apparatus in digital reactor protection system
CN107884672B (en) Periodic test method for nuclear power plant reactor protection system connection loop
CN104392756A (en) Reactor dynamic interlock system and method based on digital instrumentation and control system
CN102097145A (en) System and method for controlling non-security level platform instrument of nuclear station
KR20080013153A (en) Digital security system for nuclear power plant
KR101554388B1 (en) Engineered safety features - component control system and operating method thereof
CN109802355B (en) Method and device for preventing misoperation of relay protection soft pressing plate
CN109712731B (en) Nuclear power station diversity driving system and driving method
KR101681978B1 (en) Reactor Protection System Having Different Kind of Control Apparatus
CN111650505A (en) Contactor fault diagnosis method and device, storage medium and converter
CN110826204B (en) Range switching logic optimization and verification method for intermediate range of nuclear measurement system
CN211202068U (en) Turbine ETS system
CN210514465U (en) Intelligent abnormal monitoring device for relay protection secondary circuit
CN115237064A (en) Safety control method, system and device
JP5416069B2 (en) Alarm processing system
CN104181420A (en) Response time testing method and system of nuclear power station ATWS system
Hwang et al. System and software design for the plant protection system for shin-hanul nuclear power plant units 1 and 2
Xie et al. Research on periodic test scheme of safety digital control system for nuclear power plant
CN113299419B (en) Switching method, device, equipment and medium of nuclear power plant operator console
KR102370659B1 (en) Plant Protection System

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant