JP2016194738A - Monitoring controller and control method of monitoring controller - Google Patents

Abstract

PROBLEM TO BE SOLVED: To provide a monitoring controller and a control method of the monitoring controller capable of performing monitoring control by using a monitoring control function for another reactor in the case when any abnormality is generated on a monitoring control function for specific reactor.SOLUTION: The monitoring controller controls plural units which are used for operation of a reactor group including at least a first reactor and a second reactor. The monitoring controller includes: a first main control unit 123A; a first sub control unit 124A; a second main control unit 123B; a second sub control unit 124B; and switching sections 113A and 113B. When a control function of the first main control unit and the first sub control unit is lost, the switching section switches the control of a first unit to a control using the second sub control unit.SELECTED DRAWING: Figure 1

Description

  Embodiments described herein relate generally to a monitoring control device and a control method for the monitoring control device.

  Nuclear power plants need to deal with serious accidents such as deliberate large aircraft crashes into the reactor building and terrorism. For this reason, it is required to install facilities for dealing with specific serious accidents so as not to impair the functions necessary for the operation of nuclear power plants when a serious accident occurs. The facility for handling specific serious accidents is required to be usable until an external support is received after an event such as a serious accident occurs, and damage to the reactor containment vessel can be prevented.

  A configuration in which multiple emergency control rooms with monitoring and control functions for each unit are concentrated in one building, rather than setting up facilities for handling specific serious accidents for each unit. Has been proposed. This is to take into account the interchange between units such as spare machines in the facilities for handling specific serious accidents.

  Furthermore, each emergency control room of each unit is configured to monitor only the corresponding unit. For this reason, each emergency control room of each unit does not exchange signals with the emergency control room of other units.

  On the other hand, the supervisory control function in each emergency control room has been proposed to employ a digital supervisory control system and perform multiplexing to prevent loss of function due to a single failure and enable online maintenance. ing.

“Rules on the Standards for the Location, Structure, and Equipment of Practical Power Reactors and Their Ancillary Facilities”, Nuclear Regulatory Commission, July 8, 2014

JP-A-7-230301

  However, in the conventional configuration, if any of the emergency control rooms of each unit loses its monitoring control function due to some abnormality, the monitoring control function for the facility facilities to handle specific serious accidents, etc. in the emergency control room where the abnormality occurred Has the problem of being lost.

  In addition, each unit's emergency control room does not send and receive signals to and from other units' emergency control rooms, so there is a problem that it takes a lot of time to restore the lost monitoring control function.

  For this reason, if there is any abnormality in the monitoring and control function of one reactor in a facility for handling specific serious accidents that controls multiple reactors, monitoring control is possible using the monitoring and control function of another reactor There is a need for a monitoring control apparatus and a control method for the monitoring control apparatus.

  The monitoring and control apparatus according to the present embodiment is a monitoring and control apparatus that controls a plurality of devices used for operation of a nuclear reactor group including at least a first nuclear reactor and a second nuclear reactor, and includes a first main system control unit A first standby system control unit, a second main system control unit, a second standby system control unit, and a switching unit. A 1st main system control part controls the 1st apparatus used for operation | movement of a 1st reactor among several apparatuses. The first standby system control unit is a control unit that replaces the first main system control unit, and is capable of controlling at least the first device and the second device. The second main system control unit controls the second device used for the operation of the second nuclear reactor among the plurality of devices. The second standby system control unit is a control unit that replaces the second main system control unit, and is capable of controlling at least the first device and the second device. The switching unit switches the control of the first device to the control using the second standby system control unit when the control functions of the first main system control unit and the first standby system control unit are lost.

  The monitoring control apparatus control method according to the present embodiment includes at least a first main system control unit, a first standby system control unit, a second main system control unit, and a second standby system control unit. It is the control method of the monitoring control apparatus provided. A 1st main system control part controls the 1st apparatus used for operation | movement of a 1st reactor among several apparatuses. The first standby system control unit is a control unit that replaces the first main system control unit, and is capable of controlling at least the first device and the second device. The second main system control unit controls the second device used for the operation of the second nuclear reactor among the plurality of devices. The second standby system control unit is a control unit that replaces the second main system control unit, and is capable of controlling at least the first device and the second device. The detection step detects loss of control functions of the first main system control unit and the first standby system control unit. In the holding step, the first input / output unit holds the command signal for the first device output from the first main system control unit via the first input / output unit in a state before loss occurs. . In the storing step, the command signal for the first device output from the first main system control unit via the first input / output unit is stored in the database in a state before occurrence of loss. The activation step activates the second standby control unit and starts outputting a command signal from the second standby system control unit based on the command signal stored in the database. The switching step switches the output of the command signal to the first device via the first input / output unit to the command signal output by the second standby system control unit.

  ADVANTAGE OF THE INVENTION According to this invention, when some abnormality arises in the monitoring control function of a certain nuclear reactor, the monitoring control apparatus which can perform monitoring control using the monitoring control function of another nuclear reactor can be provided.

FIG. 1 is a diagram illustrating an example of the configuration of a facility for handling specific serious accidents according to the first embodiment. FIG. 2 is a diagram illustrating an example of a conceptual diagram of a register configuration. FIG. 3 is a diagram illustrating an example of a conceptual diagram of a database. FIG. 4 is a diagram illustrating an example of the flow of the monitoring signal output from the field instrument. FIG. 5 is a diagram illustrating an example of the flow of signal output to field devices. FIG. 6 is a flowchart illustrating an example of a signal switching flow. FIG. 7 is a diagram illustrating an example of a configuration of a facility for handling specific serious accidents according to the second embodiment. FIG. 8 is a diagram illustrating an example of a conceptual diagram of a database. FIG. 9 is a diagram illustrating an example of the flow of the monitoring signal output from the field instrument. FIG. 10 is a diagram illustrating an example of a flow of signal output to field devices. FIG. 11 is a flowchart illustrating an example of a signal switching flow. FIG. 12 is a diagram illustrating an example of the configuration of a specific serious accident handling facility according to the third embodiment. FIG. 13 is a flowchart illustrating an example of a signal switching flow. FIG. 14 is a diagram illustrating an example of a display form of the interface unit.

  Embodiments of the present invention will be described below with reference to the drawings.

(First embodiment)
The facility for dealing with specific serious accidents according to the first embodiment, when the monitoring control function of a certain nuclear reactor is lost, controls the on-site equipment in this single nuclear reactor, and the standby system control unit in the other nuclear reactor. By switching to the control using this, it is intended to avoid losing the supervisory control function of the field equipment in this one nuclear reactor. More details will be described below.

  FIG. 1 is a diagram illustrating an example of a configuration of a specific serious accident handling facility 1 according to the first embodiment. As shown in FIG. 1, the specific serious accident handling facility 1 according to the present embodiment includes a shared emergency control room 110, a first emergency control room 120A, a second emergency control room 120B, The first cable treatment chamber 130A and the second cable treatment chamber 130B are provided. In the example of FIG. 1, the specific serious accident handling facility 1 is configured to monitor and control a first specific serious accident handling facility facility 140A and a second specific serious accident handling facility facility 140B. . In the following description, a symbol related to the facility of the first reactor, which is the first unit, will be denoted by A, and a symbol related to the facility of the second reactor, which is the second unit, will be denoted by B.

  First, schematic components will be described. The shared emergency control room 110 includes a first interface unit 111A, a second interface unit 111B, a shared emergency control room multiplex transmission line 112, One switching unit 113A and a second switching unit 113B are arranged.

  In the first emergency control room 120A, a first multiplex transmission path 121A and a first control unit 122A are arranged. Furthermore, the first control unit 122A includes a first main system control unit 123A, a first standby system control unit 124A, and a first database 125A.

  In the second emergency control room 120B, a second multiplex transmission path 121B and a second control unit 122B are arranged. Further, the second control unit 122B includes a second main system control unit 123B, a second standby system control unit 124B, and a second database 125B.

  In the first cable treatment room 130A, a cable treatment room multiplex transmission line 131 and a first input / output unit 132A are arranged. Further, the first input / output unit 132A includes a first input unit 133A, a first transmission unit 134A, and a first output unit 135A. Furthermore, the first output unit 135A includes a first signal conversion unit 136A and a first output hold switching unit 137A.

  In the second cable treatment room 130B, the above-described cable treatment room multiple transmission path 131 and the second input / output unit 132B are arranged. Furthermore, the second input / output unit 132B includes a second input unit 133B, a second transmission unit 134B, and a second output unit 135B. Furthermore, the second output unit 135B includes a second signal conversion unit 136B and a second output hold switching unit 137B.

  The first specific serious accident handling facility facility 140A includes a first on-site equipment 141A and a first on-site instrument 142A. The second specific serious accident handling facility facility 140B 2 on-site equipment 141B and a second on-site instrument 142B.

  Next, the contents of these components will be described in detail with reference to FIG. First, regarding the common emergency control room 110, this common emergency control room 110 is an area where operators are stationed and perform monitoring operations.

  The first interface unit 111A is connected to the shared emergency control room multiplex transmission line 112. The first interface unit 111A outputs a command signal input by the operator to the first field device 141A of the first specific serious accident handling facility facility 140A to the shared emergency control room multiplex transmission line 112. To do. In addition, the first interface unit 111A also sends a command signal input by the operator to the second field device 141B of the second specific serious accident handling facility facility 140B to the shared emergency control room multiplex transmission line 112. Output is possible. Further, the first interface unit 111A can monitor signals output from the field instruments 142A and 142B of the facility facilities 140A and 140B for handling specific serious accidents through the common emergency control room multiplex transmission line 112. Display on a monitor (not shown) in various display forms.

  The second interface unit 111B has the same configuration as the first interface unit 111A. That is, the second interface unit 111B outputs a command signal to the second field device 141B of the second specific serious accident handling facility facility 140B, and the first specific serious accident handling facility facility 140A The command signal can also be output to one field device 141A, and the signals input from the field instruments 142A and 142B are displayed on the monitor.

  The first switching unit 113A is connected to the first input / output unit 132A. The first switching unit 113A outputs a switching signal to the first input / output unit 132A according to the operation of the operator. The second switching unit 113B has the same configuration as the first switching unit 113A. That is, the second switching unit 113B outputs a switching signal to the second input / output unit 132B according to the operation of the operator. The shared emergency control room multiplex transmission line 112 is a transmission line used for transmitting an optical multiplex transmission signal between connected devices.

  Next, the configuration in the first emergency control room 120A will be described. The first emergency control room 120A is an area having a function of monitoring and controlling the first specific serious accident handling facility facility 140A of the first reactor.

  The first multiplex transmission path 121A is connected between the shared emergency control room multiplex transmission path 112 and the first control unit 122A. The first multiplex transmission path 121A is a transmission path used for transmitting an optical multiplex transmission signal.

  The first main system control unit 123A is connected to the first multiplex transmission path 121A and the first input / output unit 132A. Further, the first main system control unit 123A is connected to the interface units 111A and 111B via the first multiplex transmission line 121A and the shared emergency control room multiplex transmission line 112.

  The first main system controller 123A controls the first field device 141A. The first master control unit 123A receives a command signal from the interface units 111A and 111B to the first field device 141A via the first multiplex transmission line 121A and the shared emergency control room multiplex transmission line 112. Input according to the operation of the operator. Then, the first main system control unit 123A outputs a command signal corresponding to the input command signal to the first input / output unit 132A based on the register.

  On the other hand, the first standby control unit 124A is connected to the first multiplex transmission path 121A and the cable treatment room multiplex transmission path 131. Further, the first standby system control unit 124A is connected to the interface units 111A and 111B via the shared emergency control room multiplex transmission path 112. The first standby system control unit 124A is connected to the input / output units 132A and 132B via the cable treatment room multiplex transmission line 131.

  The first standby system control unit 124A is a control unit that replaces the first main system control unit 123A, and can control the first field device 141A. That is, the first standby system control unit 124A is a control unit provided for backup when the function of the first main system control unit 123A is stopped due to some factor. For this reason, when the first standby system control unit 124A detects an abnormality in the first main system control unit 123A, the first standby system control unit 124A performs the monitoring control function of the first main system control unit 123A. take over. Furthermore, the first standby control unit 124A has a general multiplexing configuration for taking over this supervisory control function.

  Furthermore, the first standby system control unit 124A is a control unit that replaces the second main system control unit 123B and the second standby system control unit 124B in the second emergency control room 120B. The field device 141B can be controlled. That is, the first standby system control unit 124A performs backup when the second main system control unit 123B and the second standby system control unit 124B stop functioning for some reason. Therefore, when the first standby system control unit 124A detects an abnormality in the second main system control unit 123B and the second standby system control unit 124B, the first standby system control unit 124A The monitoring control function of the second main system control unit 123B and the second standby system control unit 124B for the field device 142B is taken over.

  The command signal for the field device 141A input from the interface unit 111A is input to the first standby system control unit 124A via the shared emergency control room multiplex transmission path 112 and the first multiplex transmission path 121A. The first standby control unit 124A outputs a command signal corresponding to the input command signal to the input / output unit 132A based on the register.

  Further, the first standby system control unit 124A periodically sends and receives signals through the cable treatment room multiplex transmission line 131 in order to monitor the occurrence of mutual abnormality between the standby system control units 124A and 124B. ing. The first standby system control unit 124A can detect that an abnormality has occurred in the second standby system control unit 124B when the transmission signal of the second standby system control unit 124B to be monitored is interrupted. It is configured as follows.

  The first standby system control unit 124A receives the optical multiplex transmission signal output from the first main system control unit 123A via the first multiplex transmission path 121A. Further, the first standby system control unit 124A receives the optical multiplex transmission signal output from the second main system control unit 123B or the second standby system control unit 124B, the second multiplex transmission line 121B, and the shared emergency It is input via the time control room multiplex transmission line 112 and the first multiplex transmission line 121A. Thus, when the first standby system control unit 124A detects an abnormality in the first main system control unit 123A, the second main system control unit 123B, and the second standby system control unit 124B, an abnormality occurs. It is comprised so that control of the field equipment 141B can be started using the signal just before performing.

  The first database 125A is connected to the first standby system control unit 124A. Thereby, the first database 125A stores the contents of the command signal included in the optical multiplex transmission signal output from the first and second main system control units 123A and 123B. That is, the first database 125A stores the contents of the command signals for the field devices 141A and 141B input from the first and second main system control units 123A and 123B to the first standby system control unit 124A. Stored via the standby system control unit 124A.

  Next, the configuration in the second emergency control room 120B will be described. As shown in FIG. 1, the second emergency control room 120B has the same configuration as the first emergency control room 120A.

  That is, the second multiplex transmission path 121B is used to transmit an optical multiplex transmission signal. The second main system control unit 123B controls the second field device 141B, and outputs a command signal corresponding to the input command signal to the second input / output unit 132B based on the register.

  The second standby system control unit 124B is a control unit that replaces the second main system control unit 123B, and can control the second field device 141B. The second standby control unit 124B is configured to be able to output a command signal corresponding to the input command signal to the input / output unit 132B based on a register.

  Further, the second standby system control unit 124B detects that an abnormality has occurred in the first standby system control unit 124A when the transmission signal of the first standby system control unit 124A to be monitored is interrupted. It is configured to be able to do. When the second standby system control unit 124B detects an abnormality in the first main system control unit 123A, the first standby system control unit 124A, and the second main system control unit 123B, the second standby system control unit 124B outputs a signal immediately before the abnormality. It is comprised so that control of 1st field device 141A can be started using it.

  The second database 125B stores the contents of command signals input to the main system control units 123A and 123B.

  Next, the configuration in the first cable treatment chamber 130A will be described. As shown in FIG. 1, the first cable treatment room 130A is an area in which cables from the first specific serious accident handling facility facility 140A are collected.

  The cable treatment room multiplex transmission line 131 is an optical multiplex transmission line arranged in the cable treatment rooms 130A and 130B. For this reason, the transmission of the optical multiplex transmission signal between the cable treatment rooms 130A and 130B is performed using the cable treatment room multiplex transmission path 131. However, transmission / reception of electrical signals cannot be performed between the cable treatment rooms 130A and 130B, and the electrical connection is cut off.

  The first input / output unit 132A is connected to the first main system control unit 123A and the cable treatment room multiplex transmission path 131. The first input / output unit 132A is connected to the first on-site equipment 141A and the first on-site instrument 142A in the first specific serious accident handling facility facility 140A. The first field device 141A means a group of various devices provided on the site, and the first field instrument 142A means a group of various meters provided on the site.

  Further, the first input / output unit 132A holds the command signal input from the first main system control unit 123A and outputs the command signal to the first field device 141A. The first input / output unit 132A switches the first output path to the second output path according to the switching signal input from the first switching unit 113A.

  More specifically, the first output path is a path through the first transmission unit 134A and the first output hold switching unit 137A. The second output path is a path through the first signal conversion unit 136A and the first output hold switching unit 137A. The first transmission unit 134A converts the optical multiplex transmission signal input from the first main system control unit 123A into an electrical signal for each command signal and outputs the electrical signal.

  Further, for example, an electrical signal circuit corresponding to the command signal is provided between the first transmission unit 134A and the first output hold switching unit 137A. When the command signal input from the first transmission unit 134A is changed, the electrical signal circuit outputs an electrical signal corresponding to the changed content. Further, the first output hold switching unit 137A and the field device 141A are also connected in correspondence with each electric signal circuit corresponding one-to-one to the command signal.

  In accordance with the input of the switching signal from the first switching unit 113A, the first signal conversion unit 136A converts the input optical multiplex transmission signal into an electrical signal for each command signal and outputs the electrical signal. Similarly to the first transmission unit 134A, for example, an electric signal circuit corresponding to the command signal is provided between the first signal conversion unit 136A and the first output hold switching unit 137A. ing.

  Further, the first output hold switching unit 137A is input from the signal conversion unit 136A through a path for outputting the signal input from the first transmission unit 134A in accordance with the input of the switching signal from the first switching unit 113A. It is configured to be able to switch to a path for outputting the signal that has been output. The first output hold switching unit 137A is configured to hold the state of the electrical signal input to the first output hold switching unit 137A.

  The first input unit 133A outputs the monitoring signal input from the first field instrument 142A to the first transmission unit 134A. The first transmission unit 134A converts the input monitoring signal into an optical multiplex transmission signal, and then outputs it to the first main system control unit 123A and the cable treatment room multiplex transmission line 131.

  Next, the configuration in the second cable treatment chamber 130B will be described. As shown in FIG. 1, the second cable treatment chamber 130B also has the same configuration as the first cable treatment chamber 130A. That is, the second input / output unit 132B holds the command signal input from the second main system control unit 123B and outputs the command signal to the second field device 141B. The second input / output unit 132B switches the first output path to the second output path in accordance with the switching signal input from the second switching unit 113B.

  In accordance with the input of the switching signal from the second switching unit 113B, the second signal conversion unit 136B starts a process of converting the input optical multiplex transmission signal into an electrical signal for each command signal and outputting it. The second output holding switching unit 137B starts from the second signal conversion unit 136B through the path for outputting the signal input from the second transmission unit 134B in accordance with the input of the switching signal from the second switching unit 113B. It is configured to be able to switch to a path for outputting an input signal. Further, the second output hold switching unit 137B is configured to hold the state of the electrical signal input to the second output hold switching unit 137B.

  The second input unit 133B outputs the monitoring signal input from the second field instrument 142B to the second transmission unit 134B. The second transmission unit 134B converts the inputted monitoring signal into an optical multiplex transmission signal, and then outputs it to the second main system control unit 123B and the cable treatment room multiplex transmission line 131.

  Next, the configuration in the first specific serious accident handling facility facility 140A will be described. As shown in FIG. 1, the first on-site instrument 142A is composed of one or a plurality of instruments provided on the site, and various monitoring signals regarding the state of the first reactor are sent to the first input unit 133A. Output to. Here, as a field instrument, a pressure gauge, a thermometer, a flow meter, etc. are mentioned as an example. The first field device 141A is composed of one or a plurality of devices provided at the field, and is controlled according to a command signal input from the first input unit 133A. Here, examples of on-site equipment include control valves, pumps, dampers, and the like.

  Next, the configuration in the second specific serious accident handling facility facility 140B will be described. As shown in FIG. 1, the second specific serious accident handling facility facility 140B has the same configuration as the first specific serious accident handling facility facility 140A. That is, the second on-site instrument 142B outputs various monitoring signals related to the state of the second reactor to the second input unit 133B, and the second on-site equipment 141B is input from the second input unit 133B. Controlled according to the command signal.

  As can be understood from the above description, the shared emergency control room 110, the first emergency control room 120A, and the first cable treatment room 130A are provided with the first specific serious accident handling facility equipment for the first reactor. It is configured to be able to perform monitoring control of 140A. On the other hand, the shared emergency control room 110, the second emergency control room 120B, and the second cable treatment room 130B can perform monitoring control of the second specific serious accident handling facility facility 140B of the second reactor. It is configured as follows.

  Next, a register configuration related to the control functions of the main system control units 123A and 123B and the standby system control units 124A and 124B will be described with reference to FIG. FIG. 2 is a diagram illustrating an example of a register configuration. As shown in FIG. 2, the first main system control unit 123A has a unique register corresponding to a command for starting, stopping, etc. for each field device of the field device 141A composed of a plurality of devices. Provided.

  In the register of the first main system control unit 123A, the register corresponding to the command signal of the first field device 141A is set to No. 1000 to 1XXX. An operation command for a specific field device 141A is input to the first main system control unit 123A via the first interface unit 111A. The first main system control unit 123A reflects it in each register corresponding to each operation command. Based on these registers, the first main system control unit 123A collectively outputs a plurality of command signals corresponding to each field device 141A in the form of an optical multiplex transmission signal.

  The register configuration of the second main control unit 123B is also equivalent to the register configuration of the first main control unit 123A. That is, the register of the second main system control unit 123B has a unique register corresponding to a command such as start and stop for each field device of the field device 141B composed of a plurality of devices. . In the second main system control unit 123B, the register corresponding to the command signal of the second field device 141B is set to 2000-2XXX.

  The first standby system control unit 124A can also control the on-site equipment 141A according to the same operation command as that of the first main system control unit 123A. The first standby system control unit 124A employs a register configuration in which the register configurations of the main system control units 123A and 123B are arranged in order in order to have an operation function for both the field devices 141A and 141B. Yes. In the first standby system control unit 124A, the register corresponding to the command signal of the first field device 141A is set to 1000 to 1XXX in the same manner as the register included in the first main system control unit 123A.

  Further, in the first standby system control unit 124A, the register corresponding to the command signal of the second field device 141B is set to 2000-2XXX as in the register provided in the second main system control unit 123B. . As a result, the registers of the first standby system control unit 124A are set so that register numbers do not overlap for each of the on-site equipments 141A and 141B related to each reactor.

  The register of the second standby system control unit 124B has the same configuration as the register of the first standby system control unit 124A. That is, the register of the second standby system control unit 124B has a register configuration in which the register configurations of the main system control units 123A and 123B are arranged in order in order to have an operation function for both the field devices 141A and 141B. Adopted.

  Next, the configuration of the first database 125A when the above-described register configuration is adopted will be described with reference to FIG. FIG. 3 is a diagram illustrating an example of a conceptual diagram of a database. As shown in FIG. 3, when the first standby system control unit 124A detects an abnormality in the second main system control unit 123B and the second standby system control unit 124B, the first standby system control unit 124A The second main system control unit 123B and the second standby system control unit 124B are instructed to store the register states before the occurrence of the abnormality. Upon receiving the command, the first database 125A stores the saved register state in a state where it can be read from the first standby system control unit 124A. Thereby, the first standby control unit 124A can start the control of the second field device 141B in the second specific serious accident handling facility facility 140B based on the saved register state.

  The second database 125B has the same configuration as the first database 125A. That is, when the second standby system control unit 124B detects an abnormality in the first main system control unit 123A and the first standby system control unit 124A, the second standby system control unit 124B performs the first main system control unit 124B with respect to the second database 125B. The system controller 123A and the first standby controller 124A are instructed to store register states before the occurrence of an abnormality. Receiving the command, the second database 125B stores the saved register state in a state where it can be read from the second standby control unit 124B. Thereby, the second standby control unit 124B can start the control of the first field device 141A in the first specific serious accident handling facility facility 140A based on the saved register state. The above is the details of the overall configuration of the specific serious accident handling facility 1 according to the first embodiment.

  In the present embodiment, the specific serious accident handling facility 1 constitutes a control device, the interface units 111A and 111B constitute an operation unit, and the field devices 141A and 141B operate the reactor group. It constitutes a plurality of devices used.

  Next, the flow of the monitoring signal output from the first on-site instrument 142A to the interface units 111A and 111B will be described with reference to FIG. FIG. 4 is a diagram illustrating an example of the flow of the monitoring signal output from the first on-site instrument 142A. As shown in FIG. 4, the monitoring signal output from the first field instrument 142A is output from the first transmission unit 134A via the input unit 133A, and is connected to the first main system control unit 123A and the cable treatment room. Input to the multiplex transmission line 131. The monitoring signal input to the cable treatment room multiplex transmission path 131 is output from the cable treatment room multiplex transmission path 131 to the standby system controllers 124A and 124B.

  The monitoring signal input to the first main system control unit 123A and the first standby system control unit 124A is shared emergency control via the first multiplex transmission path 121A and the shared emergency control room multiplex transmission path 112. The data is output to the first interface unit 111 </ b> A installed in the chamber 110. Thereby, the operator can monitor the monitoring signal via the display of the first interface unit 111A. Similarly, the second standby control unit 124B receives the monitoring signal input from the cable treatment room multiplex transmission line 131 via the second multiplex transmission line 121B and the shared emergency control room multiplex transmission line 112. Output to the second interface unit 111B.

  As described above, the monitoring signal output from the first on-site instrument 142A is input to the first main system control unit 123A, the first standby system control unit 124A, and the second standby system control unit 124B, and the interface unit. 111A and 111B are configured so that monitoring can be performed. Similarly, the monitoring signal output from the second on-site instrument 142B is input to the second main system control unit 123B, the first standby system control unit 124A, and the second standby system control unit 124B, and the interface unit 111A. 111B can be monitored.

  Next, the flow of signals from the interface units 111A and 111B to the field devices 141A and 141B will be described with reference to FIG. FIG. 5 is a diagram illustrating an example of a signal output flow from the interface units 111A and 111B to the first field device 141A. As shown in FIG. 5, in the situation where the first main system control unit 123A is normally operating, the operation command input from the first interface unit 111A is sent to the shared emergency control room multiplex transmission line 112 and the first transmission line 112A. The signal is input to the first main system control unit 123A via one multiplex transmission path 121A.

  In the first main system control unit 123A, a register corresponding to the operation command is changed. The first master control unit 123A outputs an optical multiplex transmission signal including a command signal corresponding to the changed register to the first transmission unit 134A. The electric signal circuit disposed between the first transmission unit 134A and the first output hold switching unit 137A is configured to change the electric signal according to the change contents when the command signal input from the first transmission unit 134A is changed. Output a signal. Then, the first output hold switching unit 137A outputs a control signal to the first field device 141A.

  On the other hand, when some abnormality occurs and both the first main system control unit 123A and the first standby system control unit 124A lose their control functions, the second standby control unit 124B monitors the first field device 141A. Take over control functions. In this case, the operation command input in the second interface unit 111B is input to the second standby system control unit 124B via the shared emergency control room multiplex transmission path 112 and the second multiplex transmission path 121B. The In the second standby system control unit 124B, the register corresponding to this operation command is changed. The second standby control unit 124B outputs an optical multiplex transmission signal including a command signal corresponding to the changed register to the first signal conversion unit 136A via the cable treatment room multiplex transmission line 131.

  Here, the first signal conversion unit 136A starts the process of converting the optical multiplex transmission signal into an electric signal in conjunction with the operation of the first switching unit 113A when the monitoring control function is switched. Furthermore, the first output holding switching unit 137A is linked to the operation of the first switching unit 113A, and the signal output path is changed from the first path via the first transmission unit 134A to the first as described above. Is switched to the second route via the signal converter 136A. Then, the first output hold switching unit 137A outputs a control signal to the first field device 141A.

  Thus, the specific serious accident handling facility 1 according to the present embodiment is configured so that the first on-site equipment 141A provided in the first reactor can be operated from either of the interface units 111A and 111B. Has been. Similarly, the second field device 141B provided in the second nuclear reactor is configured to be operated from either the interface unit 111A or 111B.

  Next, a flow until an abnormality occurs in the first control unit 122A and the monitoring control function is switched to the second standby system control unit 124B will be described based on FIG. FIG. 6 is a flowchart illustrating an example of a signal switching flow. Here, it is assumed that both the first main system control unit 123A and the first standby system control unit 124A have lost their control functions due to an abnormality such as a fire in the first emergency control room 120A. To do.

  Due to the occurrence of this abnormality, the optical multiplex transmission signals from the first main system control unit 123A and the first standby system control unit 124A are interrupted. Thereby, the interruption of the optical multiplex transmission signal is detected by the first output holding switching unit 137A (S10), and the state of the electric signal before the electric signal interruption is held by the first output holding switching unit 137A ( S11).

  The second standby system control unit 124B detects that the optical multiplex transmission signal input from the first standby system control unit 124A has been interrupted. Next, the second standby system control unit 124B changes the register state in the first main system control unit 123A or the first standby system control unit 124A immediately before the abnormality occurs from the timing when the optical multiplex transmission signal is interrupted. Identify. The second standby control unit 124B stores the specified register state in the second database 125B in a state where the specified register state is held (S12).

  Next, in the second interface unit 111B, which is the switching destination of the monitoring operation function, a switching operation command is issued to the second standby system control unit 124B when operated by the operator (S13). As a result, the second standby control unit 124B reads the register state before the occurrence of the abnormality stored in the second database 125B and starts outputting the optical multiplex transmission signal. The optical multiplex transmission signal output from the second standby system control unit 124B is input to the first signal conversion unit 136A via the cable treatment room multiplex transmission path 131 (S14).

  Here, after the second standby system control unit 124B is activated, the operator operates the first switching unit 113A (S15). Thereby, the first signal conversion unit 136A starts a process of converting the optical multiplex transmission signal input from the second standby control unit 124B into an electrical signal. Further, the electrical signal converted by the first signal conversion unit 136A is output to the first output hold switching unit 137A (S16).

  Next, the first output holding switching unit 137A switches the output path in accordance with the operation of the first switching unit 113A. As a result, the electrical signal output path from the first main system control unit 123A is switched to the electrical signal output path from the second standby system control unit 124B. Thereby, the 2nd standby system control part 124B starts control of the 1st field equipment 141A which is the equipment of the 1st reactor (S17).

  In this way, in the process of FIG. 6, the electrical signal output to the first field device 141A is maintained in the state before the occurrence of the abnormality, and the second standby control unit 124B performs the first main operation before the occurrence of the abnormality. The control state of the system control unit 123A is taken over. For this reason, in the process of FIG. 6, even if the optical multiplex transmission signal from the first main system control unit 123A or the first standby system control unit 124A is interrupted, the first output hold switching unit 137A holds the signal. Since the output of the electric signal is not interrupted, the operation of the first field device 141A in the first reactor can be maintained in the state before the occurrence of the abnormality.

  Furthermore, in the process of FIG. 6, the second standby control unit 124B starts controlling the first field device 141A based on the data in the second database 125B when an abnormality is detected. For this reason, the operation state of the first field device 141A is continuously maintained, and the control of the first field device 141A can be switched to the second standby control unit 124B.

  In the process of FIG. 6, the control of the second standby system control unit 124B is started by an operation from the second interface unit 111B, and the second standby system control unit 124B is operated by the operation of the first switching unit 113A. Is a two-step operation for switching the output path from the first field device 141A to the first field device 141A. For this reason, erroneous operation can be prevented.

  In this way, when the first output hold switching unit 137A is switched, it is not necessary to compare the signals before and after the switching, and the first field device 141A can be operated continuously. Therefore, the monitoring control function is switched between the control units 122A and 122B without directly comparing the electrical signals between the first control unit 122A and the second control unit 122B. Yes. As a result, it is possible to prevent adverse effects such as electrical leakage from other machines.

  In order to take over the operation state of the first field device 141A, it is conceivable to compare electric signals in the output holding switching units 137A and 137B that perform path switching. However, a control unit for comparison is separately required. This control unit also needs to be multiplexed in order to prevent loss of function due to a single failure.

  On the other hand, according to the specific serious accident handling facility 1 according to the present embodiment, the emergency control rooms 120A and 120B are provided with databases 125A and 125B that record operation information of all units. Further, standby system control units 124A and 124B that can continuously take over the operation state of the on-site equipment 141A and 141B by taking over the operation information accumulated in these databases 125A and 125B are arranged. Thereby, even when the monitoring control function is lost in the first control unit 122A, the first control unit 122A that has lost the monitoring control function from the second standby system control unit 124B performs the monitoring control. It is possible to continue the operation of the on-site equipment 141A. Similarly, even when the monitoring control function is lost in the second control unit 122B, it is possible to continue to operate the second field device 141B from the first standby system control unit 124A. In this way, the lost monitoring control function can be taken over without comparing the electrical signals between the control units 122A and 122B.

  Further, even when the optical multiplex transmission signal from the main system control units 123A and 123B or the standby system control units 124A and 124B is interrupted, the electrical signals from the input / output units 132A and 132B are provided by providing the output holding switching units 137A and 137B. It is configured so that the output of For this reason, since the state of the electrical signal before the occurrence of the abnormality is maintained, the operations of the field devices 141A and 141B are maintained in the state before the occurrence of the abnormality. Thereby, it has the structure which the influence of abnormality generation of control part 122A, 122B to field equipment 141A, 141B becomes the minimum.

  Even when the switching units 113A and 113B are operated by mistake during normal operation, the standby system control units 124A and 124B do not emit optical multiplex transmission signals during normal operation. For this reason, after erroneous operation of the switching units 113A and 113B, the optical multiplex transmission signal input to the input / output units 132A and 132B is interrupted. Thereby, it has become the structure which does not have influence of an erroneous operation on field equipment 141A, 141B. Further, during normal operation, the operation from the second standby control unit 124B to the first field device 141A cannot be performed without the operation of the first switching unit 113A. For this reason, erroneous operation can be prevented.

  As described above, according to the specific serious accident handling facility 1 according to the present embodiment, when the first control unit 122A loses its monitoring control function, the first reactor which is the facility of the first reactor is used. The control of the on-site device 141A is switched to the control using the second standby system control unit 124B. For this reason, even when the monitoring control function of the first control unit 122A is lost by controlling the control of the first field device 141A by the second standby control unit 124B, the control of the first field device 141A is controlled. Loss of function can be avoided.

(Second Embodiment)
The facility for handling specific serious accidents according to the second embodiment, when both the supervisory control function of one reactor and the supervisory control function by the standby control unit in another reactor that can replace it are lost, By switching the control of the field equipment in this one reactor that lost the supervisory control function to the control using the standby system control unit of the other reactor, the supervisory control function of the field equipment in this one reactor is changed. It is an attempt to avoid losing. Hereinafter, a different part from 1st Embodiment mentioned above is demonstrated.

  FIG. 7 is a diagram illustrating an example of a configuration of the specific serious accident handling facility 1 according to the second embodiment. As shown in FIG. 7, the specific serious accident handling facility 1 according to the present embodiment is different from the specific serious accident handling facility 1 according to the first embodiment in the third emergency control room 120C, 3 cable treatment chambers 130C. In this embodiment, the standby system control units 124A, 124B, and 124C are configured to be able to control the field devices 141A, 141B, and 141C. In the following description, C is attached to the reference numerals for the third reactor, which is Unit 3.

  In the shared emergency control room 110, a third interface unit 111C and a third switching unit 113C are further arranged.

  In the third emergency control room 120C, a third multiplex transmission path 121C and a third control unit 122C are arranged. The third control unit 122C includes a third main system control unit 123C, a third standby system control unit 124C, and a third database 125C.

  In the third cable treatment chamber 130C, a cable treatment chamber multiplex transmission path 131 provided in common with the cable treatment chambers 130A and 130B and a third input / output unit 132C are arranged. The third input / output unit 132C includes a third input unit 133C, a third transmission unit 134C, and a third output unit 135C. The third output unit 135C includes a third signal conversion unit 136C and a third output hold switching unit 137C.

  Next, the contents of these components will be described in detail with reference to FIG. First, regarding the common emergency control room 110, the third interface unit 111C provided in the common emergency control room 110 has the same configuration as the first interface unit 111A. In other words, the third interface unit 111C is connected to the shared emergency control room multiplex transmission line 112, and is an operator for the on-site equipment 141A, 141B, 141C of the facility facilities 140A, 140B, 140C for dealing with specific serious accidents. Can be output via the shared emergency control room multiplex transmission line 112. In addition, the third interface unit 111C receives the monitoring signal output from the field instruments 142A, 142B, 142C of the specific serious accident handling facility facilities 140A, 140B, 140C via the shared emergency control room multiplex transmission line 112, The information is displayed on a monitor (not shown) in a display form that can be monitored by the operator.

  The third switching unit 113C has a configuration equivalent to that of the first switching unit 113A. That is, the third switching unit 113C outputs a switching signal to the third input / output unit 132C in accordance with the operation of the operator.

  Next, the configuration in the third emergency control room 120C will be described. As shown in FIG. 7, the third emergency control room 120C has the same configuration as the first emergency control room 120A. That is, the third multiplex transmission path 121C is used for transmitting an optical multiplex transmission signal. The third main system control unit 123C controls the third field device 141C provided in the third nuclear reactor, and inputs a command signal corresponding to the input command signal to the third input device based on the register. Output to the output unit 132C.

  The third standby system control unit 124C is a control unit that replaces the third main system control unit 123C, and can control the field devices 141A, 141B, and 141C. The third standby control unit 124C is configured to be able to output a command signal corresponding to the input command signal to the input / output units 132A, 132B, and 132C based on the register.

  Further, the third standby system control unit 124C can detect that an abnormality has occurred in the standby system control units 124A and 124B when the transmission signals of the monitored standby system control units 124A and 124B are interrupted. It is configured as follows. When the third standby system control unit 124C detects an abnormality in the first main system control unit 123A, the first standby system control unit 124A, and the second standby system control unit 124B, the signal immediately before the abnormality is detected. Is used to start control of the first field device 141A. In addition, when the third standby system control unit 124C detects an abnormality in the first standby system control unit 124A, the second standby system control unit 123B, and the second standby system control unit 124B, the signal immediately before the abnormality is detected. Is used to start control of the second field device 141B. In other words, the standby system control units 124A, 124B, and 124C are configured to be able to control any of the field devices 141A, 141B, and 141C.

  The third database 125C stores the contents of command signals input to the main system control units 123A, 123B, 123C.

  Next, the configuration in the third cable treatment chamber 130C will be described. As shown in FIG. 7, the third cable treatment chamber 130C has the same configuration as the first cable treatment chamber 130A. That is, the third input / output unit 132C holds the command signal input from the third main system control unit 123C and outputs the command signal to the third field device 141C. The third input / output unit 132C switches the first output path to the second output path in accordance with the switching signal input from the third switching unit 113C.

  The third signal conversion unit 136C starts the process of converting the input optical multiplex transmission signal into an electrical signal for each command signal and outputting it in accordance with the input of the switching signal from the third switching unit 113C. Further, the third output holding switching unit 137C receives the switching signal from the third switching unit 113C, and outputs a signal input from the third transmission unit 134C from the third signal conversion unit 136C. Switch to the path to output the signal input from. The third output hold switching unit 137C is configured to hold the state of the electrical signal input to the third output hold switch unit 137C.

  The third input unit 133C outputs the monitoring signal input from the third field instrument 142C to the third transmission unit 134C. The third transmission unit 134C converts the inputted monitoring signal into an optical multiplex transmission signal, and then outputs it to the third main system control unit 123C and the cable treatment room multiplex transmission line 131.

  Next, the configuration in the third specific serious accident handling facility facility 140C will be described. As shown in FIG. 7, the third specific serious accident handling facility facility 140C has the same configuration as the first specific serious accident handling facility facility 140A. That is, the third field instrument 142C is composed of one or a plurality of instruments provided at the field, and outputs various monitoring signals related to the state of the third reactor to the third input unit 133C. On the other hand, the third field device 141C is composed of one or a plurality of devices provided in the field, and is controlled according to the command signal input from the third input unit 133C.

  Next, the first database 125A according to the present embodiment will be described with reference to FIG. FIG. 8 is a diagram illustrating an example of a conceptual diagram of a database. As can be seen from FIG. 8 and FIG. 7 described above, the first standby control unit 124A can acquire the optical multiplex transmission signal output from the main control units 123A, 123B, and 123C. Thereby, the first standby system control unit 124A processes the optical multiplex transmission signals output from the main system control units 123A, 123B, and 123C. For this reason, the first standby system control unit 124A can collect the contents of the command signal included in the input optical multiplex transmission signal for each unit and for each time series, and store them in the first database 125A. is there.

  The standby system control units 124B and 124C have the same configuration as the first standby system control unit 124A, and can acquire the optical multiplex transmission signals output from the main system control units 123A, 123B, and 123C. As a result, the databases 125B and 125C summarize the contents of the command signal included in the optical multiplex transmission signal input from the main control units 123A, 123B, and 123C for each unit and for each time series and store them in the databases 125B and 125C. To do. Similarly to the first embodiment, the standby system control units 124A, 124B, and 124C periodically exchange signals to monitor the operation status of each other via the cable treatment room multiplex transmission line 131. .

  Next, the flow of the monitoring signal output from the first on-site instrument 142A to the interface units 111A, 111B, and 111C will be described with reference to FIG. FIG. 9 is a diagram illustrating an example of the flow of the monitoring signal output from the on-site instrument 141A. The difference from the first embodiment described above will be described. The monitoring signal from the first field device 141A is input to the cable treatment room multiplex transmission line 131, and the cable treatment room multiplex transmission line 131 transmits the first standby system. In addition to the control unit 124A and the second standby system control unit 123B, it is also output to the third standby system control unit 124C. The third standby control unit 124C receives the monitoring signal input from the cable treatment room multiplex transmission line 131 via the third multiplex transmission line 121C and the shared emergency control room multiplex transmission line 112, as a third interface. To the unit 111C.

  As described above, the monitoring signal from the first on-site instrument 142A is input to the first main system control unit 123A and the standby system control units 124A, 124B, and 124C, and can be monitored by the interface units 111A, 111B, and 111C. It is configured. Similarly, the monitoring signal from the second field instrument 142B is input to the second main system control unit 123B and the standby system control units 124A, 124B, and 124C, and can be monitored by the interface units 111A, 111B, and 111C. In addition, the monitoring signal from the third field instrument 142C is input to the third main system control unit 123C and the standby system control units 124A, 124B, and 124C, and can be monitored by the interface units 111A, 111B, and 111C. It is configured.

  Next, the flow of signals from the interface units 111A, 111B, and 111C to the first field device 141A will be described with reference to FIG. FIG. 10 is a diagram illustrating an example of a flow of signal output to the first field device 141A. Explaining the difference from the first embodiment described above, some abnormality occurs in the first main system control unit 123A, the first standby system control unit 124A, and the second standby system control unit 124B, and these are both When the control function is lost, the third standby control unit C takes over the monitoring control function.

  Specifically, the operation command input in the third interface unit 111C is input to the third standby system control unit 124C via the shared emergency control room multiplex transmission path 112 and the third multiplex transmission path 121C. Is done. As a result, the register corresponding to this operation command is changed in the third standby control unit 124C. Next, the third standby control unit 124C outputs an optical multiplex transmission signal including a command signal corresponding to the changed register to the first signal conversion unit 136A via the cable treatment room multiplex transmission line 131. .

  Similarly, the operation command is transmitted from the second interface unit 111B to the first signal conversion unit 136A, and of course, the operation command is also transmitted from the first interface unit 111A to the first signal conversion unit 136A. . As described above, the first field device can be obtained from any of the interface units 111A, 111B, and 111C by transmitting an operation command to the first signal conversion unit 136A from any of the interface units 111A, 111B, and 111C. 141A can be operated. Similarly, the field devices 141B and 141C can be operated from any of the interface units 111A, 111B, and 111C.

  Next, a flow for switching the monitoring control function to the standby control units 124B and 124C when an abnormality occurs in the first emergency control room 120A or the first control unit 122A will be described with reference to FIG. . FIG. 11 is a flowchart illustrating an example of a signal switching flow. Here, the processes from S10 to S17 shown in FIG. 11 are performed in the same manner as the process of FIG. 6 of the first embodiment, so that the monitoring control function of the first reactor, which is the first unit, is the second standby. It is assumed that the system control unit 124B has been switched (S17).

  If a further abnormality occurs in the second standby system control unit 124B (S18-YES), the monitoring control function for the first reactor may be lost again. Therefore, the first output hold switching unit 137A holds the state of the electrical signal before the occurrence of the abnormality (S11). Further, when the third standby system control unit 124C detects an abnormality in the second standby system control unit 124B due to the interruption of the optical multiplex transmission signal, the third standby system control unit 124C again holds the state of the register before the occurrence of the abnormality. The process starts with the system control unit 124C (S12). Thereafter, the flow of S13 to S17 is repeated again, and the control function can be switched to the third standby control unit 124C.

  As described above, in the process of FIG. 11, the third standby system control unit 124C takes over the control state of the second standby system control unit 124B before the occurrence of the abnormality. Therefore, even if an abnormality occurs in the second standby system control unit 124B after switching the monitoring control function for the first field device 141A to the second standby system control unit 124B, the third standby system control unit The monitoring control function can be switched to 124C. Further, by providing a standby system control unit for each of the plurality of reactors to be monitored and controlled, the robustness of the monitoring and control function can be enhanced as the number of reactors to be monitored and controlled increases.

  As described above, according to the specific serious accident handling facility 1 according to the present embodiment, for example, when the first control unit 122A and the second standby system control unit 124B lose their monitoring control functions, The control of the first on-site equipment 141A, which is the facility of the first reactor, is switched to the control using the third standby system control unit 124C. As described above, the monitoring control function of the first control unit 122A and the second standby system control unit 124B is lost by controlling the control of the first field device 141A by the third standby system control unit 124C. Even in this case, the loss of the control function of the first field device 141A can be avoided.

(Third embodiment)
The monitoring and control apparatus according to the third embodiment recommends the operation of the on-site equipment of one reactor when the monitoring and control function of one reactor is switched to control using the standby system control unit of another reactor. Based on the above, it was determined whether it was necessary to change the operating state of the on-site equipment of this single reactor, so that the operation of the on-site equipment in this single nuclear reactor was avoided in a dangerous direction. It is. Hereinafter, a different part from 2nd Embodiment mentioned above is demonstrated.

  FIG. 12 is a diagram illustrating an example of the configuration of the monitoring control device according to the third embodiment. As shown in FIG. 12, the specific serious accident handling facility 1 according to the third embodiment further includes determination units 126A, 126B, and 126C in the second embodiment described above.

  The determination units 126A, 126B, and 126C store recommended operation information for the on-site equipments 141A, 141B, and 141C of all the reactors in the reactor group including the first to third reactors. This recommended operation information is information on desirable operation states of the field devices 141A, 141B, and 141C when the monitoring control function is switched to another standby system control unit. This recommended operation information is determined from the viewpoint of fail-safe.

  In addition, when switching the monitoring control function to another standby system control unit 124A, 124B, 124C, the determination unit 126A, 126B, 126C changes the operation state in the field devices 141A, 141B, 141C based on this recommended operation information. Whether or not is necessary is determined. More specifically, the determination units 126A, 126B, and 126C determine whether or not the field devices 141A, 141B, and 141C need to be started and stopped. And determination part 126A, 126B, 126C outputs the information regarding the necessity of the change of the operation state in field device 141A, 141B, 141C with respect to interface part 111A, 111B, 111C.

  FIG. 13 is a flowchart illustrating an example of a signal switching flow. The operation of the second determination unit 126B when the monitoring control function of the first reactor that is Unit 1 is transferred to the second standby system control unit 124B of the second reactor that is Unit 2 using FIG. Will be explained. FIG. 14 is a diagram illustrating an example of a display form of the interface unit 111B according to the present embodiment.

  A switching operation command is input from the second interface unit 111B to the second standby system control unit 124B (S13). In this case, the second standby system control unit 124B reads the register status of the first main system control unit 123A from the second database 125B. The second determination unit 126B compares the read register state with the recommended operation information of the first field device 141A stored in the second determination unit 126B.

  For example, the register corresponding to the operation instruction of the first field device 141A read by the second determination unit 126B is “1” when each field instrument is in the activated state, and is in the stopped state. In some cases, it is “0”. On the other hand, the recommended operation information stored in the second determination unit 126B is “1” for each on-site instrument when the activation state is desirable when switching the monitoring control function, and the stop state is When desirable, it is “0”.

  As illustrated in FIG. 14, when the state of the field device is different from the recommended operation information, the information on the corresponding device is displayed in red or inversion when the device list screen is displayed. The display such as red or inversion is an example of a display mode that alerts the operator that the state of the field device is different from the recommended operation information. In the example of FIG. 14, the recommended operation information of the first field device 141A is output to the monitor 114B of the second interface unit 111B by the second standby system control unit 124B (S20).

  Next, the operator who is monitoring the second interface unit 111B confirms the display of the recommended operation information. When the operator determines that one of the field devices 141A of the first field device 141A needs to be stopped at the time of switching, an instruction to stop the corresponding field device is issued on the second interface unit 111B. A command is issued to the standby system control unit 124B (S21). Thereby, the register of the corresponding field device in the second standby system control unit 124B is changed, and a signal instructing the stop is output from the second standby system control unit 124B. As described above, in the process of FIG. 14, when switching the control of the first field device 141A to the second standby system control unit 124B, the operator determines whether or not the operation state of the first field device 141A needs to be changed. judge.

  Moreover, although it is contrary to the recommended operation information by the second determination unit 126B for some reason, it may be required to maintain the operation state of the first field device 141A before the abnormality occurs. For this reason, the determination units 126A, 126B, and 126C receive the first confirmation signal confirming the operation state of the first on-site device 141A on the second interface 111B by the operator. It is configured to have a function that allows the operation of the field device 141A.

  The determination units 126A, 126B, and 126C are activated and stopped for all field devices of the first field device 141A for which the recommended operation information is displayed by the second determination unit 126B on the second interface 111B. After the issuance or confirmation operation of the equal command is performed by the operator, the switching flow is executed. As a result, the monitoring control function of the first unit can be switched to the second standby control unit 124B.

  As described above, the specific serious accident handling facility 1 according to the third embodiment, when switching the monitoring control function to the standby system control unit 124A, 124B, 124C of the other unit, for the on-site equipment 141A, 141B, 141C, The operator confirms the state of the field device different from the recommended operation state through the interface units 111A, 111B, and 111C, and can determine whether the corresponding field device should be started, stopped, or left as it is. I made it. As a result, the operations of the field devices 141A, 141B, and 141C may be different from the recommended operations, thereby avoiding exposure to unexpected danger. Furthermore, when the monitoring control function is switched to the standby system control unit 124A, 124B, 124C of another unit, the operation of the field devices 141A, 141B, 141C different from the recommended operation can be safely continued by inputting a confirmation signal. it can.

  As described above, according to the specific serious accident handling facility 1 according to the present embodiment, when switching the monitoring control function to the other standby control units 124A, 124B, and 124C, the field equipment that is different from the recommended operation state The operator can check the state of the above via the interface units 111A, 111B, and 111C. Thereby, the operation of the field devices 141A, 141B, 141C different from the recommended operation can be stopped, started, or continued.

  Although several embodiments have been described above, these embodiments are presented as examples only and are not intended to limit the scope of the invention. The novel apparatus and methods described herein can be implemented in a variety of other forms. In addition, various omissions, substitutions, and changes can be made to the forms of the apparatus and method described in the present specification without departing from the spirit of the invention. The appended claims and their equivalents are intended to include such forms and modifications as fall within the scope and spirit of the invention.

1: Specific serious accident handling facilities, 111A, 111B, 111C: Interface unit, 113A, 113B, 113C: Switching unit, 120A, 120B, 120C: Emergency control room, 123A, 123B, 123C: Main system control unit, 124A , 124B, 124C: standby system control unit, 125A, 125B, 125C: database, 131: cable treatment room multiplex transmission line, 137A, 137B, 137C: output holding switching unit, 140A, 140B, 140C: facilities for dealing with specific serious accidents, etc. Equipment, 141A, 141B, 141C: Field equipment

Claims (11)

A monitoring and control device for controlling a plurality of devices used for operation of a nuclear reactor group including at least a first nuclear reactor and a second nuclear reactor,
A first main system control unit for controlling a first device used for operating the first reactor among the plurality of devices;
A first standby system control unit capable of controlling at least the first device, and a control unit replacing the first main system control unit;
A second main system control unit for controlling a second device used for operating the second reactor among the plurality of devices;
A second standby system control unit capable of controlling at least the first device and the second device, and a control unit replacing the second main system control unit;
A switching unit that switches the control of the first device to control using the second standby system control unit when the control functions of the first main system control unit and the first standby system control unit are lost. When,
A monitoring control device comprising: An optical transmission path used for communication between the plurality of devices and the first standby system control unit and the second standby system control unit;
The monitoring control device according to claim 1, wherein the second standby control unit switched by the first switching unit controls the first device via the optical transmission path. The second standby system control unit has at least a register corresponding to a command signal of the first device and the second device,
The second standby control unit switched by the switching unit outputs the command signal to the first device based on data in the register corresponding to the command signal of the first device. The monitoring control apparatus according to 1 or 2. An operation unit corresponding to the first reactor and the second reactor;
The monitoring control according to claim 3, wherein the second standby system control unit outputs the command signal to the first device based on data in the register corresponding to an operation command input from the operation unit. apparatus. The first main system control unit has a first register corresponding to a command signal of the first device,
The second main system control unit has a second register corresponding to a command signal of the second device,
The monitoring control apparatus according to claim 4, further comprising a database that is used by the second standby control unit and stores at least data of the first register and data of the second register. The first standby system control unit and the second standby system control unit regularly exchange signals with each other, and when the output of the signal of the first standby system control unit is interrupted, The database stores the data in the first register corresponding to the time at which it was interrupted;
The monitoring control device according to claim 5, wherein the second standby system control unit starts control of the first device based on the stored data of the first register. In addition to holding the command signal input from the first main system control unit, further comprising a first input / output unit for outputting the command signal to the first device,
The first input / output unit outputs a first output path for outputting the command signal input from the first main system control unit, and the command signal input from the second standby system control unit. And a second output path for outputting,
The monitoring control device according to claim 6, wherein the first input / output unit switches the first output path to the second output path in accordance with an instruction from the switching unit. The nuclear reactor group further includes at least a third nuclear reactor, and a third main system control unit that controls a third device used for operation of the third nuclear reactor among the plurality of devices;
And a third standby system control unit capable of controlling at least the first device and the third device, as well as a control unit replacing the third main system control unit,
The switching unit controls the first device when the control functions of the first main system control unit, the first standby system control unit, and the second standby system control unit are lost. The monitoring control apparatus according to claim 1, wherein the control is switched to control using a third standby system control unit.   9. The determination unit according to claim 1, further comprising: a determination unit configured to determine whether the operation state of the first device needs to be changed when switching the control of the first device to the second standby control unit. The monitoring and control device according to Item. The first main system control unit and the first standby system control unit are disposed in a first emergency control room,
The second control unit and the second standby system control unit are disposed in a second emergency control room,
The first device is disposed in the facility facility for handling the first specific serious accident, etc.
The monitoring control device according to any one of claims 1 to 9, wherein the second device is disposed in a facility facility for handling a second specific serious accident or the like. A first main system control unit for controlling a first device used for operating the first reactor among a plurality of devices;
A first standby system control unit capable of controlling at least the first device, and a control unit replacing the first main system control unit;
A second main system control unit for controlling a second device used for operating the second reactor among the plurality of devices;
A control method for a monitoring and control apparatus, which is a control unit that replaces the second main system control unit, and includes at least the first device and a second standby system control unit that can control the second device. Because
A detection step of detecting loss of control functions of the first main system control unit and the first standby system control unit;
The first input / output unit holds the command signal for the first device output from the first main control unit via the first input / output unit in a state before the occurrence of the loss. Holding step;
Storing a command signal for the first device output from the first main control unit via the first input / output unit in a database in a state before the occurrence of the loss;
An activation step of activating the second standby control unit and starting outputting the command signal from the second standby system control unit based on the command signal stored in the database;
A switching step of switching the output of the command signal to the first device via the first input / output unit to the command signal output by the second standby control unit;
A control method for a monitoring control apparatus comprising:

Images