CN113741167A - Diversified driving system of nuclear power station - Google Patents
Diversified driving system of nuclear power station Download PDFInfo
- Publication number
- CN113741167A CN113741167A CN202110978110.5A CN202110978110A CN113741167A CN 113741167 A CN113741167 A CN 113741167A CN 202110978110 A CN202110978110 A CN 202110978110A CN 113741167 A CN113741167 A CN 113741167A
- Authority
- CN
- China
- Prior art keywords
- diversified
- control device
- main
- defense line
- main defense
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 230000007123 defense Effects 0.000 claims abstract description 372
- 238000001514 detection method Methods 0.000 claims abstract description 151
- 230000007246 mechanism Effects 0.000 claims abstract description 136
- 238000005457 optimization Methods 0.000 claims description 51
- 238000009826 distribution Methods 0.000 claims description 27
- 238000002955 isolation Methods 0.000 claims description 27
- 238000012544 monitoring process Methods 0.000 description 24
- 238000005516 engineering process Methods 0.000 description 17
- 230000001276 controlling effect Effects 0.000 description 15
- 238000009423 ventilation Methods 0.000 description 13
- 238000013461 design Methods 0.000 description 11
- 238000000034 method Methods 0.000 description 10
- 230000008569 process Effects 0.000 description 10
- 230000009471 action Effects 0.000 description 6
- 238000010586 diagram Methods 0.000 description 6
- 238000005259 measurement Methods 0.000 description 6
- 230000001960 triggered effect Effects 0.000 description 5
- 238000001816 cooling Methods 0.000 description 4
- 238000004378 air conditioning Methods 0.000 description 3
- 239000007788 liquid Substances 0.000 description 3
- 238000012545 processing Methods 0.000 description 3
- 230000005540 biological transmission Effects 0.000 description 2
- 238000006243 chemical reaction Methods 0.000 description 2
- 230000004069 differentiation Effects 0.000 description 2
- 230000000694 effects Effects 0.000 description 2
- 230000010354 integration Effects 0.000 description 2
- 238000004519 manufacturing process Methods 0.000 description 2
- 230000001105 regulatory effect Effects 0.000 description 2
- 102100036568 Cell cycle and apoptosis regulator protein 2 Human genes 0.000 description 1
- 101000715194 Homo sapiens Cell cycle and apoptosis regulator protein 2 Proteins 0.000 description 1
- 230000002159 abnormal effect Effects 0.000 description 1
- 230000003213 activating effect Effects 0.000 description 1
- 238000004458 analytical method Methods 0.000 description 1
- 230000001010 compromised effect Effects 0.000 description 1
- 238000011217 control strategy Methods 0.000 description 1
- 239000000498 cooling water Substances 0.000 description 1
- 238000003745 diagnosis Methods 0.000 description 1
- 230000005611 electricity Effects 0.000 description 1
- 230000007613 environmental effect Effects 0.000 description 1
- 238000012423 maintenance Methods 0.000 description 1
- 238000000691 measurement method Methods 0.000 description 1
- 238000012806 monitoring device Methods 0.000 description 1
- 230000003449 preventive effect Effects 0.000 description 1
- 238000004801 process automation Methods 0.000 description 1
- 238000011160 research Methods 0.000 description 1
- 238000004092 self-diagnosis Methods 0.000 description 1
- 238000003860 storage Methods 0.000 description 1
- XLYOFNOQVPJJNP-UHFFFAOYSA-N water Substances O XLYOFNOQVPJJNP-UHFFFAOYSA-N 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G05—CONTROLLING; REGULATING
- G05B—CONTROL OR REGULATING SYSTEMS IN GENERAL; FUNCTIONAL ELEMENTS OF SUCH SYSTEMS; MONITORING OR TESTING ARRANGEMENTS FOR SUCH SYSTEMS OR ELEMENTS
- G05B9/00—Safety arrangements
- G05B9/02—Safety arrangements electric
- G05B9/03—Safety arrangements electric with multiple-channel loop, i.e. redundant control systems
Landscapes
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Engineering & Computer Science (AREA)
- Automation & Control Theory (AREA)
- Testing And Monitoring For Control Systems (AREA)
Abstract
The application relates to a diversified driving system of a nuclear power station, which comprises a main defense line control device, a main control device, a diversified control device, a main defense line actuating mechanism and a diversified actuating mechanism; the main defense line control device, the main control device and the diversified control device respectively receive the detection signals and determine the fault type according to the detection signals; when the fault type is single fault of the main defense line actuating mechanism, the master control device drives the diversified actuating mechanisms to act; when the fault type is single fault of the master control device, the master defense line control device starts and drives the master defense line executing mechanism to act; when the fault type is that the main defense line control device and the master control device simultaneously fail or the main defense line execution mechanism and the master control device both have single fault, the diversified control devices start and drive the diversified execution mechanisms to act. By adopting the scheme in the application, the common cause failure risk can be reduced.
Description
Technical Field
The application relates to the technical field of nuclear power, in particular to a diversified driving system of a nuclear power station.
Background
The digital instrument control system is widely applied to the nuclear power station safety level control system due to the advantages of simplified control logic, flexible configuration capability, strong self-diagnosis function and the like. Specifically, the system for protecting the reactor of the nuclear power plant is mainly a safe level 1 digital protection system. The level 1 safing digital protection system mainly undertakes the nuclear safety related functions, but the digital protection system is susceptible to a common cause failure (i.e., a failure resulting in the functional failure of several devices or components due to a specific single event or cause), and if the level 1 safing digital protection system fails to perform its critical function due to the common cause failure, the failure will progress to an over-design basis failure and further cause more serious consequences.
In the conventional technology, in order to avoid common cause failure of a digital protection system, a diversified driving system of a nuclear power station is provided on the level of a control system, and the system is used as a backup means of the digital protection system to realize a protection function when the safe level 1 digital protection system fails.
However, the diversified driving system of the nuclear power plant in the traditional technology mainly realizes diversified control aiming at the control system, and the problem of common cause failure risk still exists by adopting the diversified driving system of the nuclear power plant.
Disclosure of Invention
In view of the above, it is necessary to provide a diversified driving system for a nuclear power plant capable of reducing the risk of common cause failure.
A nuclear power station diversified driving system comprises a main defense line control device, a main control device, a diversified control device, a main defense line execution mechanism and a diversified execution mechanism;
the main defense line control device, the main control device and the diversified control device respectively receive the detection signals and determine the fault type according to the detection signals; when the fault type is single fault of the main defense line actuating mechanism, the master control device drives the diversified actuating mechanisms to act; when the fault type is single fault of the master control device, the master defense line control device starts and drives the master defense line executing mechanism to act; when the fault type is that the main defense line control device and the master control device simultaneously fail or the main defense line execution mechanism and the master control device both have single fault, the diversified control devices start and drive the diversified execution mechanisms to act.
In one embodiment, the detection signals include a main fence detection signal and a diversity detection signal.
In one embodiment, the diversified driving system of the nuclear power station further comprises a main defense line isolation and distribution device, wherein the main defense line isolation and distribution device receives the main defense line detection signal, splits the main defense line detection signal, and outputs the split main defense line detection signal to the main defense line control device and the main control device respectively.
In one embodiment, the main defense line control device and the master control device respectively receive the main defense line detection signal, compare the main defense line detection signal with preset fault level information, and determine a fault type corresponding to the main defense line detection signal.
In one embodiment, the diversified driving system of the nuclear power plant further comprises a diversified isolation distribution device, wherein the diversified isolation distribution device receives the diversified detection signals, splits the diversified detection signals, and outputs the split diversified detection signals to the master control device and the diversified control device respectively.
In one embodiment, the master control device and the diversified control device respectively receive the diversified detection signals, compare the diversified detection signals with preset fault level information, and determine the fault type corresponding to the diversified detection signals.
In one embodiment, the diversified driving system of the nuclear power station further comprises a main defense line optimization device, and the main defense line optimization device is respectively connected with the main defense line control device and the main control device;
when only a first main defense line control instruction of the main defense line control device is received, the main defense line optimization device drives the main defense line execution mechanism to act according to the first main defense line control instruction;
when only a second main defense line control instruction of the master control device is received, the main defense line optimization device drives the main defense line execution mechanism to act according to the second main defense line control instruction;
when a first main defense line control instruction and a second main defense line control instruction are received simultaneously, the main defense line optimizing device drives the main defense line executing mechanism to act according to the first main defense line control instruction.
In one embodiment, the main defence line control device comprises a main defence line operation panel, the main defence line operation panel is connected with the main defence line control device and used for responding to the main defence line control operation and controlling the main defence line control device to output a first main defence line control command to the main defence line optimization device.
In one embodiment, the diversified driving system of the nuclear power plant further comprises a diversified optimization device, and the diversified optimization device is respectively connected with the diversified control device and the master control device;
when only receiving a first diversified defense line control command of the diversified control device, the diversified optimization device drives the diversified execution mechanism to act according to the first diversified defense line control command;
when only receiving a second diversified defense line control instruction of the master control device, the diversified optimization device drives the diversified execution mechanism to act according to the second diversified defense line control instruction;
when a first diversified defense line control instruction and a second diversified defense line control instruction are received simultaneously, the diversified optimization device drives the diversified execution mechanism to act according to the first diversified defense line control instruction.
In one embodiment, the diversified control device comprises a diversified operation panel, the diversified operation panel is connected with the diversified control device and used for responding to the diversified control operation and controlling the diversified control device to output a first diversified defense line control command to the diversified optimization device.
In one embodiment, the diversified driving system of the nuclear power plant further comprises a control device operation panel, and the control device operation panel is connected with the master control device.
In one embodiment, the main defense line control device, the main control device and the diversified control device are further configured to compare the detection signal with preset fault level information respectively, determine a fault level, and determine a fault type according to the fault level.
The diversified driving system of the nuclear power station utilizes the main defense line control device, the main control device and the diversified control device respectively receive the detection signals, the fault type is determined according to the detection signals, different control devices can be respectively adopted to drive corresponding executing mechanisms to act when the main defense line executing mechanism has a single fault, the main control device has a single fault, the main defense line control device and the main control device have simultaneous faults and the main defense line executing mechanism and the main control device have single faults, diversified control over the control devices and the executing mechanisms is realized, the diversified driving system of the whole nuclear power station can be prevented from being out of work when partial control devices and/or executing mechanisms have faults, and the common cause failure risk can be reduced.
Drawings
FIG. 1 is a block diagram of a diversified drive system of a nuclear power plant according to an embodiment;
FIG. 2 is a block diagram of a diversified driving system of a nuclear power plant according to another embodiment;
FIG. 3 is a schematic diagram of a nuclear power plant fault analysis in one embodiment;
FIG. 4 is a block diagram of the configuration of a primary defensive line preferred device and a diversity preferred device in one embodiment;
FIG. 5 is a block diagram of the main defence line optimization and diversification optimization in another embodiment;
fig. 6 is a block diagram showing a configuration of a diversified driving system of a nuclear power plant in still another embodiment.
Detailed Description
In order to make the objects, technical solutions and advantages of the present application more apparent, the present application is described in further detail below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the present application and are not intended to limit the present application.
In one embodiment, as shown in fig. 1, a diversified driving system of a nuclear power plant is provided, which includes a main defense line control device 102, a general control device 104, a diversified control device 106, a main defense line actuator 108, and a diversified actuator 110;
the main defense line control device 102, the main control device 104 and the diversified control device 106 respectively receive the detection signals and determine the fault type according to the detection signals; when the fault type is single fault of the main defense line execution mechanism 108, the master control device 104 drives the diversified execution mechanisms 110 to act; when the fault type is single fault of the master control device 104, the master defense line control device 102 starts and drives the master defense line execution mechanism 108 to act; when the fault type is that the main defense line control device 102 and the general control device 104 simultaneously fail or the main defense line execution mechanism 108 and the general control device 104 both have single fault, the diversified control device 106 starts and drives the diversified execution mechanism 110 to act.
The main defense line control device is a control platform with a higher level of main defense line control, the safety classification and the output instruction priority are higher than those of the main control device, and a first main defense line control instruction can be output to control a main defense line execution mechanism. The main defense line control device can generate main defense line control interlocking and output the main defense line control interlocking to the main control device so as to realize interlocking control. The main defense line control device mainly realizes the group manual operation, the group automatic action and the system state monitoring and alarming of the function level, the starting condition of the execution control function can be triggered by a detection signal or the manual operation of an operator on a main defense line operation panel, the starting condition does not depend on a main control device and a diversified control device, and when the main control device fails, the main defense line control device also does not completely depend on the setting of a default value of the main control device, and the control of a main defense line execution mechanism can be realized according to the detection signal, so that the process system is maintained in a safe and controllable state.
The main defense line control interlock is mainly used for ensuring that a second main defense line control instruction sent by the main control device is consistent with a first main defense line control instruction sent by the main defense line control device, and the main control device is made to know that a high-level platform sends an instruction. When the master control device has no fault, the command issued by the high-level main defense line control device influences the control output of the master defense line control device. When the master control device fails, the output of the control instruction of the second main defense line is not influenced.
It should be noted that, the safety classification of the main defense line control device combined with the executed control function may be safety level 1 or safety level 2, if the safety classification is safety level 1, the main defense line control device may be implemented by using a safety level 1 digital or non-digital control platform, and if the safety classification is safety level 2, the main defense line control device may be implemented by using a safety level 2 control platform.
The main control device can realize all control functions of the main defense line executing mechanism and the diversified executing mechanism, namely, the interlocking action covers the functions of the main defense line controlling mechanism and the diversified controlling mechanism, and the main functions of the main control device comprise manual operation and automatic linkage of single equipment, mutual switching control after the faults of the main defense line executing mechanism and the diversified executing mechanism, monitoring of states and abnormity of the single equipment and the function level, and monitoring and alarming of process parameters of the equipment and the system function level. If the master control device receives the main defense line control interlocking signal from the main defense line control device, a second main defense line control instruction can be generated according to the logic processing requirement in the system, and if the master control device receives the diversified control interlocking signal from the diversified control device, a second diversified defense line control instruction can be generated according to the logic processing requirement in the system.
In addition, the master control device can also realize independent and autonomous control, and when the master defense line control interlocking signal and the diversified control interlocking signal fail, the master control device can automatically trigger and generate a second master defense line control instruction or a second diversified control instruction by combining the detection signal acquired by the master defense line control interlocking signal and the diversified control interlocking signal.
The detection signals comprise main defense line detection signals and diversified detection signals, the main defense line detection signals can trigger to generate second main defense line control instructions, and the diversified detection signals can trigger to generate second diversified defense line control instructions. The main control device can adopt a platform which is lower than the main defense line control device in safety classification, and the platform can select a digital or non-digital control platform and has no diversified design requirements with the main defense line control device. For example, the security classification of the overall control device may be secure level 2/secure level 3/non-secure level.
The master control device is also provided with a corresponding control device operation panel, and manual operation and equipment monitoring controlled by the master control device can be realized. The state of the plant can also be monitored by manual intervention when the automatic control commands fail. The corresponding control device operation panel can adopt an operation display panel which is the same as the master control device in safety classification, and the display and monitoring technology is different from that of a main defense line operation panel. For example, a digital resistive display touch screen may be used with the operation and display.
The diversified control device is a diversified backup platform which can control the diversified actuating mechanism after the common cause failure of the main defense line control device and the main control device. After the diversified control device receives the detection signal, the detection signal is logically processed, and a first diversified line-of-defense control instruction can be generated to drive the diversified actuating mechanisms to act when the main line-of-defense control device and the main control device simultaneously fail or the main line-of-defense actuating mechanism and the main control device respectively have a single failure.
Like the main line-of-defense control device, the diverse control device may generate diverse control interlocks and output the same to the main control device. The diversified control device mainly realizes the group manual operation, the group automatic action and the system state monitoring and alarming of the function level, the starting condition of the executive control function can be triggered by a detection signal or can be manually operated by an operator on the diversified operation panel, the starting condition does not depend on the master control device and the main defense line control device, and when the master control device and the main defense line control device are in failure, the starting condition does not depend on the default values of the master control device and the main defense line control device completely, and the process system can be maintained in a safe and controllable state.
The diversified control interlock is mainly used for ensuring that a second diversified control line control instruction sent by the master control device is consistent with a first diversified control line control instruction sent by the diversified control device, and the master control device is made to know that an instruction is sent by a high-level platform. When the master control device has no fault, the command issued by the high-level diversified control device influences the control output of the master control device. When the master control device fails, the output of the second various defense line control instructions is not influenced.
It should be noted that the diversified control device combines with the safety classification of the control function to be executed, and has diversified requirements with the main defense line control device and the main control device, and in order to prevent the failure of the overall control function caused by common cause failure, a technology different from that of the main defense line control device can be adopted. For example, if the main line-of-defense control device is a digital technology, the diversified control device can adopt a non-digital technology. The safety classification of the diversified control devices can be any one of a safety 1 level, a safety 2 level and a safety 3 level.
The detection signal is used for detecting whether the diversified driving system of the nuclear power station normally operates. For example, the detection signal may specifically refer to a pressure detection signal. For another example, the detection signal may specifically be a temperature detection signal. The detection signal is measured by the instrument and is output to the main defense line control device, the main control device and the diversified control device. The main defense line actuating mechanism and the diversified actuating mechanism are in diversified backup operation relation, when the main defense line actuating mechanism breaks down, the diversified actuating mechanism can execute the functions of the main defense line actuating mechanism according to the control instruction, diversified measures are considered, common cause failure of the main defense line actuating mechanism is prevented, and the main defense line actuating mechanism and the diversified actuating mechanism can adopt equipment with different execution principles.
For example, the main defense line executing mechanism and the diversified executing mechanism can adopt an air-cooling refrigerating unit and a water-cooling refrigerating unit respectively. Furthermore, it is also possible to use equipment from different manufacturers on the same principle or to use different equipment parameters. For example, for devices with different voltage levels, 380V and 220V are used for the external power supply.
In order to reduce the risk that the overall diversified driving system of the nuclear power plant fails when the detection signal fails, the detection signal in the present application may be a main-defense line detection signal output to the main-defense line control device and a diversified detection signal output from the diversified control device. In the application, the main defense line and the diversified defense line mostly adopt parameters with the same physical dimension, and the corresponding main defense line detection signal and the diversified defense line detection signal can be parameters such as measurement temperature, pressure and flow. And according to the severity of the preventive consequence represented by the parameters, the diversified driving system of the nuclear power station can gradually and gradually invest diversified backup means.
Specifically, the main defense line control device, the main control device and the diversified control device respectively receive the detection signals, and the fault grade can be determined by comparing the detection signals with preset fault grade information, so that the fault type is determined according to the fault grade, and corresponding control is performed. The preset fault level information may be a parameterized function based on an object or a corresponding table of discrete parameters, and in combination with the condition of the parameters, the preset fault level information is converted into a corresponding fault level to be output, and signals at the same fault level trigger the same control device to function, where the parameter refers to a detection value corresponding to the detection signal, and for example, the parameter may specifically be a temperature value, a pressure value, and the like corresponding to the detection signal.
For example, the preset fault level information may be a relation function or a relation table between the input parameter and the fault level, or a corresponding relation function or a relation table between a result of the input parameter after function conversion and the fault level, and the problem of disordered logic processing due to inconsistent meanings of the result dimensions after conversion of different input parameters can be solved by unifying the meanings of the output dimensions.
Specifically, different control devices can be triggered to take over corresponding control according to different fault levels and fault types. When the fault type is the single fault of the main defense line executing mechanism, the main defense line executing mechanism is indicated to be unavailable, the main control device can drive the diversified executing mechanisms to act, when the fault type is the single fault of the main control device, the main control device is indicated to be unavailable, the main defense line controlling device can start and drive the main defense line executing mechanism to act at the moment, when the fault type is the simultaneous fault of the main defense line controlling device and the main control device or the single fault of the main defense line executing mechanism main control device, the main defense line controlling device and the main control device are indicated to be unavailable, and the diversified controlling device starts and drives the diversified executing mechanisms to act at the moment.
It should be noted that, after receiving the detection signal, the main defense line control device, the main control device, and the diversified control device respectively determine the type of the fault according to the detection signal to determine their own working modes. The main defense line executing mechanism and the diversified executing mechanism in the embodiment can be obtained from different manufacturers or different manufacturing processes by adopting different technologies, so that the problem that the whole system fails due to common cause faults of process equipment is solved. In order to simplify and reduce the scale and cost of the main defense line control device and the diversified control devices, the main control device is adopted in the embodiment to realize the main control of the main defense line execution mechanism and the diversified execution mechanism, and the main control device can support the control of the main control device only when the process equipment fails (namely, when the failure type is a single failure of the main defense line execution mechanism, the main control device can drive the diversified execution mechanisms to act).
The main defense line control device and the diversified control device only execute partial key safety action control and maintain the equipment in a safe state. In other words, in this embodiment, when the main line-of-defense actuator fails singly, the control platform does not need to be switched, and the main control device still controls the main control device, and the main control device can determine whether the main line-of-defense actuator fails according to the detection signal, and if the main line-of-defense actuator fails, the main line-of-defense actuator drives the diversified actuators to operate. If the master control device is in fault, the main defense line control device or the diversified control device judges whether the master defense line control device or the diversified control device needs to take over control or not according to the detection signal.
The diversified driving system of the nuclear power station utilizes the main defense line control device, the main control device and the diversified control device respectively receive the detection signals, the fault type is determined according to the detection signals, different control devices can be respectively adopted to drive corresponding executing mechanisms to act when the main defense line executing mechanism has a single fault, the main control device has a single fault, the main defense line control device and the main control device have simultaneous faults and the main defense line executing mechanism and the main control device have single faults, diversified control over the control devices and the executing mechanisms is realized, the diversified driving system of the whole nuclear power station can be prevented from being out of work when partial control devices and/or executing mechanisms have faults, and the common cause failure risk can be reduced.
In one embodiment, the detection signals include a main fence detection signal and a diversity detection signal.
The main defense line detection signal and the diversified detection signal are respectively from different instruments, the detection signals can be parameters of the same physical dimension, such as temperature or pressure, and also can be parameters of different physical dimensions, such as pressure, which can represent liquid in the tank body by using the pressure of the seal tank, and the liquid level can be used for directly measuring the liquid in the tank body. The detection parameters of the same physical dimension need to be configured by diversified instruments, and specifically, the parameters of the same physical measuring range can be measured by instruments of different measurement principles or instruments of different manufacturing plants. For example, if the main defensive line detection signal and the diversified detection signal are temperature detection signals, the main defensive line instrument and the diversified instrument can respectively adopt a thermal resistance instrument and a thermocouple instrument.
Specifically, the detection signal includes a main line detection signal and a diversified detection signal, wherein the main line detection signal is used for being output to the main line control device and the main control device, and the diversified detection signal is used for being output to the diversified control device and the main control device.
In the embodiment, different measurement technologies are adopted, so that the temperature can be measured by adopting the measurement technology of the thermoelectric potential of the thermocouple when the common cause failure and the resistance measurement method of the thermal resistance measurement technology are failed. In addition, because different instruments are adopted, and detection signals are respectively and independently collected to the main defense line control device and the diversified control device, an independent collection loop is formed, and the phenomenon that the diversified driving system is integrally invalid when the detection signals are invalid is avoided.
In one embodiment, the diversified driving system of the nuclear power station further comprises a main defense line isolation and distribution device, wherein the main defense line isolation and distribution device receives the main defense line detection signal, splits the main defense line detection signal, and outputs the split main defense line detection signal to the main defense line control device and the main control device respectively.
Specifically, the main defense line isolation and distribution device can realize the signal splitting of analog signals and switching values from the acquisition source, is mainly used for splitting the main defense line detection signals after receiving the main defense line detection signals output by the instrument, and respectively outputs the split main defense line detection signals to the main defense line control device and the main control device. It should be noted that, when the main defense line isolation and distribution device fails, the main defense line detection signals of the slave main defense line control device and the main control device fail, and at this time, the main control device can also be interfered by the manual control command of the main defense line operation panel on the main defense line control device, so that the main control device is maintained in a certain safety state.
In this embodiment, the main defense line isolation and distribution device is used to receive, split and distribute the main defense line detection signals, so that the transmission of the main defense line detection signals can be realized.
In one embodiment, the main defense line control device and the master control device respectively receive the main defense line detection signal, compare the main defense line detection signal with preset fault level information, and determine a fault type corresponding to the main defense line detection signal.
Specifically, main defence line detected signal can be exported to main defence line controlling means and total controlling means, and main defence line controlling means and total controlling means can compare main defence line detected signal and predetermine fault level information after receiving main defence line detected signal, determine the fault level to determine the fault type according to the fault level, and carry out corresponding control. Different fault grades correspond to different fault types, and different fault grades can trigger different control devices to perform corresponding control. For example, when the preset fault level information includes a corresponding relation table between the detection value corresponding to the main defensive line detection signal and the fault level, the fault level corresponding to the main defensive line detection signal can be determined by looking up the table, and in the corresponding relation table, a corresponding detection value interval is set for each fault level.
In this embodiment, after the main line of defense detection signal is received, the main line of defense detection signal is compared with preset fault level information, so that the fault type corresponding to the main line of defense detection signal can be determined.
In one embodiment, the diversified driving system of the nuclear power plant further comprises a diversified isolation distribution device, wherein the diversified isolation distribution device receives the diversified detection signals, splits the diversified detection signals, and outputs the split diversified detection signals to the master control device and the diversified control device respectively.
Specifically, diversified isolation allocation device can realize analog signal and the signal split of switching value from gathering the source, and mainly used carries out the split to diversified detected signal after receiving the diversified detected signal of instrument output, exports diversified detected signal after the split respectively to master control device and diversified control device. For example, the diversified isolation and distribution device can specifically adopt analog and relay circuit isolation and distribution modules. It should be noted that, when the diversified isolation distribution devices fail, the diversified detection signals from the diversified control devices and the master control device fail, and at this time, the master control device can also be interfered by the manual control command of the diversified operation panel on the diversified control devices, so that the master control device is maintained in a certain safety state.
In this embodiment, the diversified detection signals are received, split, and distributed by using the diversified isolation and distribution device, so that transmission of the diversified detection signals can be realized.
In one embodiment, the master control device and the diversified control device respectively receive the diversified detection signals, compare the diversified detection signals with preset fault level information, and determine the fault type corresponding to the diversified detection signals.
Specifically, diversified detection signals can be output to the master control device and the diversified control device, and the master control device and the diversified control device can compare the diversified detection signals and preset fault level information after receiving the diversified detection signals, determine the fault level, determine the fault type according to the fault level and perform corresponding control.
Different fault grades correspond to different fault types, and different fault grades can trigger different control devices to perform corresponding control. For example, when the preset fault level information includes a correspondence table between detection values corresponding to the diversified detection signals and fault levels, the fault level corresponding to the diversified detection signals may be determined by looking up the table, and in the correspondence table, a corresponding detection value section is provided for each fault level.
In this embodiment, after receiving the diversified detection signals, the diversified detection signals are compared with the preset fault level information, so that the fault types corresponding to the diversified detection signals can be determined.
In one embodiment, the diversified driving system of the nuclear power station further comprises a main defense line optimization device, and the main defense line optimization device is respectively connected with the main defense line control device and the main control device;
when only a first main defense line control instruction of the main defense line control device is received, the main defense line optimization device drives the main defense line execution mechanism to act according to the first main defense line control instruction;
when only a second main defense line control instruction of the master control device is received, the main defense line optimization device drives the main defense line execution mechanism to act according to the second main defense line control instruction;
when a first main defense line control instruction and a second main defense line control instruction are received simultaneously, the main defense line optimizing device drives the main defense line executing mechanism to act according to the first main defense line control instruction.
The main defense line optimization device is used for receiving main defense line control instructions of the main defense line control device and the main control device and realizing the priority management output function of the main defense line control instructions, and the priority of a first main defense line control instruction output by the main defense line control device is higher than that of a second main defense line control instruction output by the main control device. The driving action of the main defense line executing mechanism comprises starting the main defense line executing mechanism and closing the main defense line executing mechanism.
Specifically, when only a first main defense line control instruction of the main defense line control device is received, the main defense line optimization device can drive the main defense line execution mechanism to act according to the first main defense line control instruction, when only a second main defense line control instruction of the main control device is received, the main defense line optimization device can drive the main defense line execution mechanism to act according to the second main defense line control instruction, and when the first main defense line control instruction and the second main defense line control instruction are received simultaneously, the main defense line optimization device can drive the main defense line execution mechanism to act according to the first main defense line control instruction because the priority of the first main defense line control instruction is higher than that of the second main defense line control instruction.
Furthermore, the main defense line optimization device can also collect feedback signals of the main defense line executing mechanism and output the feedback signals to the main defense line control device, the master control device and the like to realize state display and logic judgment of the main defense line executing mechanism.
In this embodiment, the master defense line priority management output function can be realized by the master defense line optimization device.
In one embodiment, the main defence line control device comprises a main defence line operation panel, the main defence line operation panel is connected with the main defence line control device and used for responding to the main defence line control operation and controlling the main defence line control device to output a first main defence line control command to the main defence line optimization device.
The main defense line operating panel mainly realizes manual operation of an operator on the main defense line control device and monitors parameters of the main defense line control device. The main line-of-defense operation panel can adopt an operation display panel which is the same as the main line-of-defense control device in safety classification, and the display and monitoring technology is different from the operation display panel of the main control device. For example, a security level digitizing display, a mouse, etc. may be used.
In this embodiment, the main defense line control operation can be realized through the main defense line operation panel.
In one embodiment, the diversified driving system of the nuclear power plant further comprises a diversified optimization device, and the diversified optimization device is respectively connected with the diversified control device and the master control device;
when only receiving a first diversified defense line control command of the diversified control device, the diversified optimization device drives the diversified execution mechanism to act according to the first diversified defense line control command;
when only receiving a second diversified defense line control instruction of the master control device, the diversified optimization device drives the diversified execution mechanism to act according to the second diversified defense line control instruction;
when a first diversified defense line control instruction and a second diversified defense line control instruction are received simultaneously, the diversified optimization device drives the diversified execution mechanism to act according to the first diversified defense line control instruction.
The diversified optimization device is used for receiving diversified defense line control instructions of the diversified control device and the master control device and realizing the function of managing and outputting the priority of the diversified defense line control instructions, and the priority of a first diversified defense line control instruction output by the diversified control device is higher than that of a second diversified defense line control instruction output by the master control device. Actuating the diverse actuators includes activating the diverse actuators and deactivating the diverse actuators.
Specifically, when only receiving a first diversified defense line control instruction of the diversified control device, the diversified optimization device can drive the diversified execution mechanism to act according to the first diversified defense line control instruction, when only receiving a second diversified defense line control instruction of the master control device, the diversified optimization device can drive the diversified execution mechanism to act according to the second diversified defense line control instruction, and when simultaneously receiving the first diversified defense line control instruction and the second diversified defense line control instruction, the diversified optimization device can drive the diversified execution mechanism to act according to the first diversified defense line control instruction because the priority of the first diversified defense line control instruction is higher than that of the second diversified defense line control instruction. Furthermore, the diversified optimization device can also collect feedback signals of the diversified actuating mechanisms and output the feedback signals to the diversified control device, the master control device and the like to realize state display and logic judgment of the diversified actuating mechanisms.
In this embodiment, the diversified defense line control instruction priority management output function can be realized by the diversified optimization device.
In one embodiment, the diversified control device comprises a diversified operation panel, the diversified operation panel is connected with the diversified control device and used for responding to the diversified control operation and controlling the diversified control device to output a first diversified defense line control command to the diversified optimization device.
Specifically, the diversified operation panel mainly realizes manual operation of an operator on the diversified control device and monitoring of parameters and the like in the diversified control device, the operation display panel which is the same as the diversified control device in safety classification can be adopted, and the display and monitoring technology is different from the operation display panel of the main defense line operation panel and the main control device. For example, the diversified operation panel may employ an analog display. Specifically, the diversified operating panel can be specifically a paperless recorder, an analog digital display indicator, an entity button, a knob switch and the like. When the diversified isolation distribution device has faults, diversified detection signals from the diversified control device and the master control device fail, and the control system can be intervened through a manual control command of the diversified operation panel to be maintained in a certain safety state.
In this embodiment, various defensive line control operations can be realized through the diversified operation panel.
In one embodiment, as shown in fig. 2, a diversified driving system for a nuclear power plant is provided, which includes a main defense line operating panel, a main defense line isolation and distribution device, a main defense line control device, a main defense line optimization device, a main defense line executing mechanism, a main control device, an operating panel (i.e., a control device operating panel), a backup panel, a diversified operating panel, a diversified isolation and distribution device, a diversified control device, a diversified optimization device, and a diversified executing mechanism.
The main defence line detection signal can be output to the main defence line control device and the master control device after the splitting and the distribution of the main defence line isolation distribution device, the diversified detection signal can be output to the diversified control device and the master control device after the splitting and the distribution of the diversified isolation distribution device, so that the main defence line detection signal can be detected by the main defence line control device, the master control device analyzes the main defence line detection signal, the diversified detection signal and the diversified detection signal, and the fault grade and the fault type are determined to trigger the control device to execute the control operation. The backup panel is used as a backup operation panel to realize the control of the main defense line control device and the main control device.
As shown in fig. 3, the main fault types are analyzed below, and since the main line of defense and the equipment of diversified line of defense (control device, preferred device, actuator) are equipment of different technologies, the probability of simultaneous fault of such equipment is compromised, so that the case of simultaneous failure of one main line of defense component and diversified component is not considered here.
In the initial state: the running parts comprise a master control device, a master defense line optimizing device and a master defense line executing mechanism:
failure 1: when the single fault of the main defense line actuating mechanism is superposed with the single fault or the common cause fault of the main defense line control device and the main control device. The automatic condition starting diversified control device starts a diversified actuating mechanism, and can ensure the normal operation of the system. The components operated after the fault comprise a diversified control device, a diversified optimized device and a diversified actuating mechanism.
And (3) failure 2: the master control device/the master line-of-defense control device have common cause of failure. The automatic condition starting diversified control device starts a diversified actuating mechanism, and can ensure the normal operation of the system. The operation part after the fault comprises a diversified control device, a diversified optimized device and a diversified actuating mechanism.
Failure 3: the master control device has single fault. The manual or automatic starting instruction enables the main defense line control device to take over the control of the main defense line executing mechanism, and the normal operation of the system can be ensured. The components operated after the fault comprise a main defense line control device, a main defense line optimization device and a main defense line execution mechanism.
Failure 31: the single fault of the master control device is superposed with the single fault of the main defense line control device. The automatic condition starting diversified control device starts a diversified actuating mechanism, and can ensure the normal operation of the system. The components operated after the fault comprise a diversified control device, a diversified optimized device and a diversified actuating mechanism.
Failure 32: the master control device is used for superposing the single fault of the main defense line actuating mechanism. The automatic starting condition can start the diversified control device, and the system can start the diversified actuating mechanism, thereby ensuring the normal operation of the system. The components operated after the fault comprise a diversified control device, a diversified optimized device and a diversified actuating mechanism. While the main line-of-defense control and main line-of-defense preferred devices are available, the control path fails due to a failure of the main line-of-defense actuator.
And 4, fault: the main line-of-defense actuator fails singly or in common. And the master control device judges the process parameter conditions, and then starts the diversified actuating mechanism to ensure the normal operation of the system. The operation part after the fault comprises a master control device, a diversified optimization device and a diversified execution mechanism.
Failure 41: the main line of defense actuating mechanism single fault or common cause fault superposes the single fault of the master control device. The automatic starting condition can start the diversified control device, and the system can start the diversified actuating mechanism, thereby ensuring the normal operation of the system. The components operated after the fault comprise a diversified control device, a diversified optimized device and a diversified actuating mechanism. While the main line-of-defense control and main line-of-defense preferred devices are available, the control path fails due to a failure of the main line-of-defense actuator.
The automatic starting condition refers to that the main defense line control device analyzes the main defense line detection signal, the main control device analyzes the main defense line detection signal and the diversified detection signal, and the diversified control device analyzes the diversified detection signal, and after the fault grade and the fault type are determined, the control device is triggered to execute the control operation. For example, the automatic start condition may be high start and low stop as shown in table 1, where high 1, high 2, high 3, high 4 and low 1, low 2, low 3, low 4 refer to the detection value intervals set in the fault level information in advance, and may be set by itself as needed, and the size relationship is low 4< low 3< low 2< low 1< high 2< high 3< high 4.
TABLE 1
In one embodiment, a specific implementation case of the diversified driving system of the nuclear power plant in the application is described in combination with an example of the design of the nuclear power plant.
The main control platforms of the nuclear power plant are first introduced (the control devices, the preferred devices and the actuators in the present application can select the corresponding control platform according to the safety level requirements).
The RPS (reactor protection system) is a control system of F-SC1 (safety level 1), is an integrated reactor protection and dedicated safety control system, and mainly detects design reference conditions (DBC) -2/3/4, and when protection parameters reach or exceed set values determined by fault research, starts automatic reactor tripping and/or automatic start of dedicated safety implementation actions and supporting systems thereof, so as to enable the nuclear power plant to enter and maintain a controlled state. The RPS has four channels and three columns. Each channel of the RPS contains two independent subsystems to achieve functional diversity. RPS mostly uses digital safety control platform in nuclear power station.
An SAS (safety automation system) is a control system of F-SC2 (safety level 2), which performs automatic and manual functions and provides monitoring information, brings a nuclear power plant from a controlled state to a safe state, and performs maintenance under DBC-2/3/4. It also performs the function of designing extended regime A (DEC-A) to mitigate the consequences of nuclear power plant process system accidents. In addition, SAS is also used to perform auxiliary support functions (e.g., cooling water systems, ventilation and air conditioning systems, etc.). The SAS has A, B, C three columns. The SAS uses a digital safety and control platform in the nuclear power plant, and has a digital platform using the same technology as the RPS and a digital platform using a different technology.
PSAS (plant Standard Automation System) is an F-SC3 (safety level 3) control system that performs FC 3/non-safety level functions to monitor and control power plants under normal operating conditions (DBC-1 and DBC-2 correspond to abnormal operation before failure). The PSAS is also used to implement ancillary functions, called extra security functions. PSAS uses a digital control platform different from RPS in nuclear power plant.
The HDS (diversified special control system) is an F-SC2 (safety level 2) control platform, and the current nuclear power station mainly realizes control by a simple hardware-based technology, and the adopted technology is different from RPS, SAS and PSAS system platforms. The HDS system is different from the existing DAS (diversified drive) system of the nuclear power plant, when the RPS is unavailable (including common cause failure or single failure (partial column failure)), the DAS system is switched to the DAS system to accept the control function in the RPS system, the DAS system takes over the control of an actuator in a whole manner, at the moment, the equipment monitoring parameter of the equipment in a KIC (nuclear power plant computer information and control system) is unavailable due to the RPS failure, and because the RPS and the DAS monitor the single equipment, if the equipment state is monitored, the equipment state is manually switched to an operation display panel of the DAS from the KIC monitoring whole to monitor the equipment state. HDS systems are control diverse actuators, unlike RPS monitoring devices. When a main defense line actuator fails or a column of main defense line control devices fails, the HDS system controls and starts the diversified actuating mechanisms, and the HDS only monitors the states and parameters of the diversified actuating mechanisms and the diversified meters. Instead of monitoring the same device, the operator needs to monitor the operation display panels of the KIC and the HDS at the same time, and does not need to switch the operation on the operation display panels.
The CIM (equipment interface module) mainly implements priority management between different control commands, and for one actuator, priority management of different control commands from a protection system, a safety automation system and/or a process automation system, a diversity drive system and a serious accident instrumentation and control system is completed in the CIM. For example, the CIM may be a complex programmable logic device based CIM1 (shown in FIG. 4) or a simple hardware based CIM2 (shown in FIG. 5).
The application of the diversified driving system of the nuclear power plant in the application to the ventilation system of the electric train room of the safe factory building is explained below.
The room ventilation system (DVL) of the electric columns of the safety factory building comprises 3 columns which respectively correspond to A, B, C columns of electric rooms of the safety factory building, the ventilation configuration of the electric rooms of each column of the safety factory building is the same, each column comprises a column of main defensive line ventilation columns (namely main defensive line execution mechanisms) and a column of diversified ventilation columns (namely diversified execution mechanisms), and the ventilation columns are mainly used for keeping the temperature and humidity of the room and the ventilation times. The main defense line ventilation column and the diversified ventilation columns are in a main-standby relation, diversified design requirements are met, and the integral failure of the 3 columns of the safe plant is prevented after the common cause failure. Each factory building of the ventilation system of the electric train rooms of the safe factory building adopts 2 trains of equipment for air supply and exhaust, and each equipment adopts diversified execution configuration, so that the problem of integral control failure caused by common cause failure of an execution mechanism or an instrument is solved.
As shown in fig. 6, the diversified control strategy of each plant ventilation system of the safe plant electric train room ventilation system includes: the main defense line control device selects a safe level 1 control system (specifically, an RPS control system); the 'master control device' selects a safe 2-level/safe 3-level control system (specifically, an SAS control system); the 'diversified control device' selects a safe level 1/safe level 2 control system (specifically, an HDS control system); the main defense line optimizing device selects CIM-1, and the diversity optimizing device selects CIM-2; the main defense line executing mechanism and the diversified executing mechanism adopt products of different manufacturers, and cold sources adopt cold sources of different principles. The main defense line detection system (generating main defense line detection signals) and the diversified detection system (generating diversified detection signals) adopt instruments of different manufacturers or different measurement principles. The switch board belongs to the actuator range, selects the power supply and the electric loop design of different power supply types so as to realize the diversification of the electric loop. The specific diversified configuration scheme is shown in table 2.
TABLE 2
The specific control function implementation and fault handling are as follows:
the main defense line executing mechanism of the DVL system is controlled by the SAS and the RPS, and the diversified executing mechanism of the DVL system is controlled by the SAS and the HDS. CIM-1 and CIM-2 are respectively used for a main defense line optimization device and a diversity optimization device of the DVL system.
In normal operation, the main line of defense actuator of the DVL system is controlled by the SAS to maintain environmental conditions.
If the main line of defense actuator of the DVL system sends a common cause failure, the diverse actuators of the DVL system will be started, still controlled by the SAS.
If a SAS of a column fails, the RPS of the same column will be used for control of the main line of defense actuator of the DVL system.
If a common cause failure of the RPS and SAS is transmitted, the HDS will be used to drive and control the diverse actuators of the DVL system.
The control functions of the specific control system include:
1) DVL main defense line:
1.1 instrument control system RPS:
1. manual control: main line fan, isolation valve, electricity add equipment such as can realize manual start-up in groups and close at the security level platform, set up manual button in groups and rent and start-stop equipment.
2. Automatic control: when the following condition 1 or condition 2 is satisfied, the main line-of-defense actuator automatically acts (the condition is triggered by a main line-of-defense detection signal):
condition 1(RPS take over start condition): when the room temperature of the electrical instrument is higher than the H2 threshold value, the RPS sends a starting instruction; (when the RPS sends out a starting instruction, the main defense line adjusting logic is effective, otherwise, the adjusting instruction is not output), wherein the H2 threshold value can be set according to the requirement, and the adjusting logic effectively shows that the adjusting loop needs to output the instruction under the working condition;
condition 2(RPS take over closing condition): when the air supply temperature measured by the main air-defense line air supply temperature sensor lasts for 5 minutes and is less than or equal to 15 ℃ or more than or equal to 24 ℃ and the temperature measured by the temperature meter among the electrical instruments exceeds the temperature H2 threshold value, or when the air supply temperature measured by the air supply temperature sensor exceeds the temperature high threshold value (Tmax is more than or equal to 26 ℃), the RPS sends a closing instruction.
3. And (3) adjusting and controlling: the RPS adjustment logic is consistent with the SAS adjustment logic, and is valid when the RPS sends a starting instruction, and is invalid when the RPS does not send a starting instruction.
4. And monitoring and alarming the system-level and function-level state parameters of the main defense line, namely monitoring and alarming the overall state of the system and the overall state of the executive function corresponding to the control system of the main defense line.
1.2 instrument control system SAS:
1. main air-conditioning unit and air supply control:
1) manually starting air supply of a main defense line in groups, and keeping the constant state of a heater and a cooling coil through air supply temperature regulation;
2) when the air supply temperature of the main defense line or the pressure difference of the fan can not meet the design requirements, an alarm is sent out in the main control room and the air supply line is automatically switched to the diversified air supply line, wherein the design requirements can be set in combination with specific working conditions, for example, after the fan is started, the front-back differential pressure of the fan is required to be high, and if the fan is started, the front-back differential pressure is low, the design requirements are not met.
2. Air exhaust control of a main defense line:
1) the main defense lines are manually started in groups to exhaust air and are linked with air supply.
2) Air exhaust and return air volume regulation: the return air volume and the exhaust air volume are automatically adjusted according to the outdoor temperature (winter)/enthalpy value (summer), and the automatic adjustment includes PID (Proportion Integration Differentiation), PI (Proportion Integration Differentiation) and the like.
3. The state and the instrument parameters of each device of the main defense line are monitored, and a process alarm is given, wherein the process alarm is mainly displayed on an operation panel of the main defense line.
4. And monitoring and alarming state parameters of a system level and a functional level of a main defense line.
2) DVL diversified defense line:
2.1 instrument control system HDS:
1. manual operation: and manually starting and closing the groups, and setting a group of manual button renting start-stop equipment.
2. Automatic: when the temperature between the instrument control cabinets or the storage battery cabinets or the temperature between the electrical cabinets or the main air supply temperature is larger than a threshold H3, the diversified actuating mechanism is automatically started, wherein the threshold H3 can be automatically set as required.
3. Adjusting: the temperature regulation and the air quantity regulation are set to be fixed in opening degree, a certain regulation function is guaranteed, when the HDS sends a starting instruction, the regulation logic is effective, otherwise, the regulation logic is ineffective, and the fixed opening degree refers to that the valve is opened to a certain opening degree value, such as 10% opening degree, and a certain air quantity, water quantity and the like are kept. The temperature can be not higher than a certain value under a certain extreme condition, the effective regulating logic means that the regulating logic of the HDS has an effect after the HDS takes over, otherwise, signals are not output to a diversified actuating mechanism.
4. Monitoring and alarming of state parameters of diversified defense line system level and function level.
2.2 instrument control system SAS:
1. diversified air conditioning unit and air supply:
1) the air supply of the main defense line is started manually in groups, and the constant state is maintained through the air supply temperature adjusting heater and the cooling coil.
2) When the diversified air supply temperature or the pressure difference of the fan cannot meet the design requirements, an alarm is sent out in the main control room and the air supply line is automatically switched to the diversified air supply line.
2. Air exhaust of diversified defense lines:
1) the main defense lines are manually started in groups to exhaust air and are linked with air supply.
2) Air exhaust and return air volume regulation: the return air and exhaust air volume are automatically adjusted according to the outdoor temperature (winter)/enthalpy value (summer).
3. Monitoring the state and instrument parameters of each device of the diversified defense lines, and giving a process alarm;
4. monitoring and alarming of state parameters of diversified defense line system level and function level.
Through the diversified actuating system of nuclear power station that provides in this application, can realize following technological effect:
the system has the advantages that firstly, diversified design from the equipment layer to the control layer of the main defense line and the diversified defense line is realized, diversified control reliability is improved, when the equipment layer or the executing mechanism fails, the other diversified control system ensures normal operation of the system, the failure of the whole system caused by the failure of the executing mechanism is avoided, diversified optimization devices, isolation distribution modules, actuators and detection signals are adopted, and the problem of integral failure caused by the common fault of a single signal source or a single executing mechanism is effectively solved;
secondly, if the main defense line executing mechanism fails, and the main control device fails singly, under the condition that the main defense line control device is available, the diversified executing mechanisms are started by the diversified control device under the condition that other main defense line control devices are not influenced, and other normal parts of equipment can still be controlled in the main defense line control device;
thirdly, the situation that a variety of control devices and a main defense line control device bear more control functions can be avoided, a mode that a main control device bears partial functions is adopted, the variety of control devices and the main defense line control device reserve main grouped automatic or grouped control functions, and the scale and the cost of a control platform of the variety of control devices and the main defense line control device can be greatly reduced;
fourthly, the reliability of the system can be improved by adopting diversified optimized devices, and the integral failure of the system caused by common cause faults of the optimized devices can be avoided;
fifthly, independent diversified detection signals are adopted, fault diagnosis and platform switching can be realized according to respective detection systems, and the risk that a main defense line and a diversified control platform are started to function inefficiently due to the fact that a certain platform signal is unavailable is avoided;
and sixthly, an operation panel of a main defense line control device is added, the safety classification is consistent with the main defense line control device, the problems that an earlier project operation panel (KIC) is lower in safety classification and cannot meet the requirement of manual monitoring operation and a safety class calling path are solved, meanwhile, the backup of monitoring of multiple levels can be realized on a two-level monitoring panel, and the reliability is improved. When the KIC fails, the main defense line operating panel takes over control, when the main defense line operating panel and the KIC fail, the main defense line operating panel and the KIC are switched to the backup panel control, and when the backup panel, the main defense line operating panel and the KIC fail, the main defense line operating panel and the KIC take over control;
and seventhly, when the operation display panel of the 'master control device' fails, the monitoring can be realized by the main defense line operation panel of the main defense line control device, and if the main defense line operation panel also fails, the monitoring can be realized by the diversified operation panel of the diversified control device. Compared with the prior art, the control system and the main line-of-defense control system in the prior art adopt the same display panel, and when the operation display panel is in failure, the whole failure scheme is adopted, the first-level equipment line-of-defense is added in the technical scheme, and the reliability of the system is improved. In addition, compared with the prior art that the KIC is divided into the PS operation display disk and the SAS operation display disk, when the SAS operation display disk is unavailable, the operation display disk is switched to the PS operation display disk, and when the SAS operation display disk and the ACP backup disk are unavailable, the operation display disk of the 'main defense line control device' and the 'main control device' is independently divided by the technical scheme, and the reliability of the system is improved.
Claims (12)
1. A diversified driving system of a nuclear power station is characterized by comprising a main defense line control device, a main control device, a diversified control device, a main defense line execution mechanism and a diversified execution mechanism;
the main defense line control device, the master control device and the diversified control devices respectively receive detection signals and determine fault types according to the detection signals; when the fault type is that the main defense line actuating mechanism has a single fault, the master control device drives the diversified actuating mechanisms to act; when the fault type is the single fault of the master control device, the main defense line control device starts and drives the main defense line execution mechanism to act; and when the fault type is that the main defense line control device and the master control device simultaneously fail or the main defense line executing mechanism and the master control device respectively have a single fault, the diversified control device starts and drives the diversified executing mechanism to act.
2. The nuclear power plant diversified drive system of claim 1, wherein the detection signal comprises a main defence line detection signal and a diversified detection signal.
3. The diversified driving system of nuclear power plant according to claim 2, further comprising a main defense line isolation and distribution device, wherein the main defense line isolation and distribution device receives the main defense line detection signal, splits the main defense line detection signal, and outputs the split main defense line detection signal to the main defense line control device and the main control device, respectively.
4. The diversified driving system of nuclear power plant according to claim 2, wherein said main defense line control device and said master control device respectively receive said main defense line detection signal, compare said main defense line detection signal with preset fault level information, and determine a fault type corresponding to said main defense line detection signal.
5. The diversified driving system of nuclear power plant according to claim 2, further comprising a diversified isolation distribution device, wherein said diversified isolation distribution device receives said diversified detection signals, splits said diversified detection signals, and outputs the split diversified detection signals to said master control device and said diversified control device, respectively.
6. The diversified driving system of nuclear power plant according to claim 2, wherein said general control device and said diversified control device respectively receive said diversified detection signals, compare said diversified detection signals with preset fault level information, and determine the fault type corresponding to said diversified detection signals.
7. The diversified driving system of nuclear power plant according to claim 1, further comprising a main defense line optimizing device, wherein the main defense line optimizing device is respectively connected with the main defense line control device and the master control device;
when only a first main defense line control instruction of the main defense line control device is received, the main defense line optimization device drives the main defense line execution mechanism to act according to the first main defense line control instruction;
when only a second main defense line control instruction of the master control device is received, the main defense line optimization device drives the main defense line execution mechanism to act according to the second main defense line control instruction;
when the first main defense line control instruction and the second main defense line control instruction are received simultaneously, the main defense line optimization device drives the main defense line executing mechanism to act according to the first main defense line control instruction.
8. The diversified driving system of nuclear power plant according to claim 7, wherein said main defense line control device includes a main defense line operating panel, said main defense line operating panel being connected to said main defense line control device for controlling said main defense line control device to output a first main defense line control command to said main defense line optimization device in response to a main defense line control operation.
9. The diversified driving system of nuclear power plant according to claim 1, further comprising diversified optimization means respectively connected to said diversified control means and said general control means;
when only receiving a first diversified defense line control command of the diversified control device, the diversified optimization device drives the diversified execution mechanism to act according to the first diversified defense line control command;
when only receiving a second diversified defense line control instruction of the master control device, the diversified optimization device drives the diversified execution mechanism to act according to the second diversified defense line control instruction;
when the first diversified defense line control instruction and the second diversified defense line control instruction are received simultaneously, the diversified optimization device drives the diversified execution mechanism to act according to the first diversified defense line control instruction.
10. The diversified driving system of nuclear power plant according to claim 9, wherein said diversified control means comprises a diversified operation panel, said diversified operation panel being connected to said diversified control means for controlling said diversified control means to output a first diversified wire-proof control command to said diversified preferred means in response to a diversified control operation.
11. The nuclear power plant diverse drive system of claim 1, further comprising a control device operating panel connected to the master control device.
12. The diversified driving system of nuclear power plant according to claim 1, wherein said main defense line control device, said master control device and said diversified control device are further configured to compare said detection signal with preset fault level information, respectively, to determine a fault level, and to determine a fault type according to said fault level.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110978110.5A CN113741167A (en) | 2021-08-24 | 2021-08-24 | Diversified driving system of nuclear power station |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110978110.5A CN113741167A (en) | 2021-08-24 | 2021-08-24 | Diversified driving system of nuclear power station |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN113741167A true CN113741167A (en) | 2021-12-03 |
Family
ID=78732652
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110978110.5A Pending CN113741167A (en) | 2021-08-24 | 2021-08-24 | Diversified driving system of nuclear power station |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113741167A (en) |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20020052673A1 (en) * | 2000-11-01 | 2002-05-02 | Korea Advanced Institute Of Science And Technology | Digital online active test plant protection system in a nuclear power plant and method thereof |
| CN104485142A (en) * | 2014-12-08 | 2015-04-01 | 中广核工程有限公司 | Diversified driving method, diversified driving device and diversified driving system for nuclear power station |
| JP2017020884A (en) * | 2015-07-10 | 2017-01-26 | 株式会社東芝 | State monitoring system for nuclear power station and state monitoring method for the same |
| CN209928296U (en) * | 2019-06-27 | 2020-01-10 | 宁波奥崎仪表成套设备有限公司 | Multiple redundancy control system for electric heating of nuclear power station pipeline |
| CN111681792A (en) * | 2020-05-14 | 2020-09-18 | 岭东核电有限公司 | ATWT control device and nuclear power equipment |
-
2021
- 2021-08-24 CN CN202110978110.5A patent/CN113741167A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20020052673A1 (en) * | 2000-11-01 | 2002-05-02 | Korea Advanced Institute Of Science And Technology | Digital online active test plant protection system in a nuclear power plant and method thereof |
| CN104485142A (en) * | 2014-12-08 | 2015-04-01 | 中广核工程有限公司 | Diversified driving method, diversified driving device and diversified driving system for nuclear power station |
| JP2017020884A (en) * | 2015-07-10 | 2017-01-26 | 株式会社東芝 | State monitoring system for nuclear power station and state monitoring method for the same |
| CN209928296U (en) * | 2019-06-27 | 2020-01-10 | 宁波奥崎仪表成套设备有限公司 | Multiple redundancy control system for electric heating of nuclear power station pipeline |
| CN111681792A (en) * | 2020-05-14 | 2020-09-18 | 岭东核电有限公司 | ATWT control device and nuclear power equipment |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US20240087761A1 (en) | Nuclear reactor protection systems and methods | |
| US5291190A (en) | Operator interface for plant component control system | |
| US5621776A (en) | Fault-tolerant reactor protection system | |
| KR100808787B1 (en) | Plant Protection System | |
| KR100980043B1 (en) | System and method of protecting a power plant using FPGA | |
| JP5758692B2 (en) | Nuclear power plant supervisory control system | |
| EP0781451B1 (en) | Reactor protection system | |
| WO2020087647A1 (en) | Nuclear power plant digital auxiliary control panel system and design method, and control system | |
| US6292523B1 (en) | Digital engineered safety features actuation system | |
| KR101300743B1 (en) | Building management control system which uses full redundancy type direct digital controller | |
| CN113741167A (en) | Diversified driving system of nuclear power station | |
| KR102085617B1 (en) | Instrumentation control system of nuclear power plant | |
| CN115622870B (en) | Whole ship monitoring alarm system of offshore wind power installation platform | |
| CN113337312B (en) | Pressure control system and method for gas collecting pipe | |
| CN115237181A (en) | Gas turbine temperature monitoring and fault simulation system | |
| KR101782101B1 (en) | Central heating and hot water supply ststem and method including dual control unit | |
| JPH04299720A (en) | Electronic computer containing working environment securing function | |
| KR20010038807A (en) | NFT Card and S/G Level control loop Fault Tolerance Facility | |
| Shin et al. | DIVERSITY AND DEFENSE-IN-DEPTH ANALYSIS FOR I&C SYSTEMS OF RESEARCH REACTORS: A CASE STUDY ON TWO RESEARCH REACTORS | |
| CN117406818B (en) | Power distribution room environment adjusting method and system based on track robot | |
| Yu et al. | Instrumentation and Control System | |
| JPS5833701A (en) | Backup system of n:1 for dispersed hierarchy system | |
| Lind et al. | The KN-3000 particle accelerator control expert system (PACES) | |
| Hajek et al. | The structure of an expert system to diagnose and supply a corrective procedure for nuclear power plant malfunctions | |
| CN116878001A (en) | Control system and control method for waste liquid incinerator |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |