WO1998056008A1 - Digital engineered safety features actuation system - Google Patents

Digital engineered safety features actuation system Download PDF

Info

Publication number
WO1998056008A1
WO1998056008A1 PCT/US1998/010895 US9810895W WO9856008A1 WO 1998056008 A1 WO1998056008 A1 WO 1998056008A1 US 9810895 W US9810895 W US 9810895W WO 9856008 A1 WO9856008 A1 WO 9856008A1
Authority
WO
WIPO (PCT)
Prior art keywords
safety features
engineered safety
digital
actuation
logic
Prior art date
Application number
PCT/US1998/010895
Other languages
French (fr)
Inventor
Raymond R. Senechal
Gary D. Altenhein
Donald D. Zaccara
Stephen G. Bransfield
Robert E. Bryan
Arthur G. King
Glenn J. Mccloskey
Frank J. Safryn
Stephen J. Wilkosz
Paul L. Yanosy
Original Assignee
Abb Combustion Engineering Nuclear Power, Inc.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from US09/076,094 external-priority patent/US6292523B1/en
Application filed by Abb Combustion Engineering Nuclear Power, Inc. filed Critical Abb Combustion Engineering Nuclear Power, Inc.
Priority to AU76039/98A priority Critical patent/AU7603998A/en
Publication of WO1998056008A1 publication Critical patent/WO1998056008A1/en

Links

Classifications

    • GPHYSICS
    • G21NUCLEAR PHYSICS; NUCLEAR ENGINEERING
    • G21DNUCLEAR POWER PLANT
    • G21D3/00Control of nuclear power plant
    • G21D3/04Safety arrangements
    • GPHYSICS
    • G21NUCLEAR PHYSICS; NUCLEAR ENGINEERING
    • G21CNUCLEAR REACTORS
    • G21C17/00Monitoring; Testing ; Maintaining
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02EREDUCTION OF GREENHOUSE GAS [GHG] EMISSIONS, RELATED TO ENERGY GENERATION, TRANSMISSION OR DISTRIBUTION
    • Y02E30/00Energy generation of nuclear origin
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02EREDUCTION OF GREENHOUSE GAS [GHG] EMISSIONS, RELATED TO ENERGY GENERATION, TRANSMISSION OR DISTRIBUTION
    • Y02E30/00Energy generation of nuclear origin
    • Y02E30/30Nuclear fission reactors

Definitions

  • shut-down and safe-operation systems are dedicated to monitoring plant operation and evaluating numerous safety-related parameters.
  • the shut-down system and/or the safe- operation system can automatically effect the appropriate remedial action. It is imperative that these safety control systems, known as plant protection systems, operate reliably, and accordingly, it is imperative that all measured and sensed parameters be valid.
  • the plant protection system may initiate a reactor trip (RT), i.e., the rapid, controlled, and safe shut-down of the reactor by actuating various field systems and remote actuation devices.
  • RT reactor trip
  • the shut-down is often accomplished by the lowering of moderating control rods into the reactor core to cause the reactor to become sub-critical.
  • an invention for use in the nuclear industry is disclosed for providing an Automatic Self-Testing system for remote sensors utilizing multi-sensor, multi-channel redundant monitoring and control circuits.
  • the system senses or measures a parameter by a plurality of independent and sensor specific processing paths, each of which is provided with parallel redundant sub-paths that can each be sequentially inserted into the processing path to effect normal processing or be disassociated from the processing path to effect testing.
  • Each sensor provides, either directly or indirectly, a digital value to a comparator which compares the measured value with a pre-determined value that is, in turn, provided to coincidence logic that evaluates the output of its comparator with the input of the comparators of the other processing paths to provide an output indicative of a pass/fail condition.
  • That invention advantageously provides an automatic self- testing system for verifying both the signal path processing functions and the validity of various logic states in parameter sensing systems, particularly parameter sensing systems using multiple redundant processing paths.
  • DPPS Digital Plant Protection System
  • the DPPS is characterized by a plurality of cross-connected sensed-parameter processing channels that provide a suitably conditioned digital value to a digital comparator that tests the conditioned digital value against a pre-determined value to determine whether or not the sensed- parameter has been exceeded.
  • a comparator is associated with each of the plural channels and receives a separate measurement of the sensed parameter for each channel. If a sensed-parameter is determined to be out-of-specification on a two- out-of-four basis, a 'trip' signal is generated to effect remedial action.
  • ESF Engineered Safety Features
  • DSP Digital Engineered Safety Features Actuation System
  • DPPS Digital Plant Protection System
  • the DPPS, the Automatic Self Testing System described above and the DESFAS of the present invention constitute a nuclear plant reactor protection system.
  • the DESFAS continuously monitors the DPPS initiation circuit for each ESF system.
  • the present invention provides an interface between the DPPS and remote actuation devices which effect remedial action in the event that the DPPS generates a 'trip' signal.
  • controls are provided for remote equipment components, such as solenoid valves, motor operated valves, pumps, fans and dampers.
  • a primary object of this invention is to provide a digital interface with existing or recently-developed component control systems.
  • Fig. 1 is a functional block diagram showing the interrelationship between the outputs of the DPPS system communicating with the DESFAS system of the invention communicating with a plurality of ESF Component Control Systems.
  • Fig. 2 is a frontal plan view of a digital ESFAS auxiliary relay cabinet for use with the system of the invention.
  • Fig. 3 is a block diagram of a digital ESFAS cabinet control system of the invention, showing a typical train of the two-train system according to the invention.
  • Fig. 4 is a functional block diagram of a typical DESFAS auxiliary cabinet logic diagram according to the invention.
  • Fig. 5 is a DESFAS single train block diagram in greater detail than Fig. 3.
  • Fig. 5 A is a schematic block view of an optical modem.
  • Fig. 5B is a schematic block view of an input and an output optical cable connected together via fiber optic coupling.
  • Fig. 6 is a pictorial plan view of a printed circuit board with board- mounted relays and voltage dropping resistors.
  • Fig. 6A is a pictorial plan view of the printed circuit board of Fig. 6 with connecting jumpers substituted for the resistors.
  • FIG. 6B is a schematic circuit diagram of a voltage-dropping resistor in series with the coil of its relay.
  • FIG. 6C is a schematic circuit diagram of a jumper wire in substitution for the voltage dropping resistor.
  • Fig. 7 is a simplified functional block diagram for a typical DESFAS auxiliary cabinet test logic arrangement.
  • Fig. 8 is a schematic circuit of an optical coupler used to effect a measure of optical isolation.
  • Fig. 9 is a circuit diagram for a dual opto-isolated coupler with a feedback indication for use with the system of this invention and other more general systems.
  • Fig. 10 is a block diagram of a universal optically isolated selectable system, wherein Fig. 10A is the optically isolated selectable system according to the invention, and Fig. 1 OB is a circuit diagram showing a use of a selectable A or
  • Fig. 11 is a functional block diagram for a dual input optically isolated selectable output relay module for use with the invention and with other systems.
  • FIG. 12 is functional abbreviated circuit diagram for a dual input optically isolated output driver with isolated output status, for optional use with the invention or with other systems.
  • Fig. 1 shows a functional block diagram for a Digital Engineered Safety Features Actuation System (DESFAS) interfacing with a Digital Plant Protection System (DPPS) discussed above, shown generally by the reference numeral 20.
  • the DPPS is characterized by a first plurality, preferably four, of cross-connected sensed-parameter processing channels A through D, designated respectively as channels 21 through 24 (no cross-connections are shown in Figure 1).
  • Each channel provides a suitably conditioned digital value (not shown) to a digital comparator (not shown) that tests the conditioned digital value against a pre-determined value to determine whether or not the sensed-parameter has been exceeded. If a sensed-parameter is determined to be out-of-specification on a two- out-of-four channel basis, a 'trip' signal is generated to effect remedial action.
  • each DPPS channel 21 through 24 generates a second plurality of actuation or initiation outputs for transmission to a like plurality of DESFAS trains.
  • two trains A and B are shown, designated respectively as trains 25 and 26.
  • channel 21 generates two actuation or initiation outputs 27a and 27b, one which is transmitted to train 25 and the other which is transmitted to train 26.
  • channels 22 through 24 generate a like number of actuation or initiation outputs.
  • Each of the channels 21 through 24 provides redundant actuation or initiation outputs for one of many Engineered Safety Features (ESF) systems.
  • ESF Engineered Safety Features
  • Various ESF systems monitored by separate DPPS channels include: (1) primary systems comprising a Safety Injection Actuation Signal (SIAS), a Containment Isolation Actuation Signal (CIAS), and a Recirculation Actuation Signal (RAS); and (2) secondary systems comprising a Containment Spray Actuation Signal (CSAS), a Main Steam Isolation Signal (MSIS), and Auxiliary Feedwater Actuation Signals AFAS 1 and AFAS 2. These signals are also outputs from a conventional plant protection system.
  • SIAS Safety Injection Actuation Signal
  • CUAS Containment Isolation Actuation Signal
  • MSIS Main Steam Isolation Signal
  • AFAS 1 and AFAS 2 Auxiliary Feedwater Actuation Signals
  • actuation or initiation outputs such as 27a and 27b are provided to a pair of Trains A and B of the invention of the subject application. It should be understood that the DESFAS Auxiliary Cabinets, to be discussed below, are required for Train A and Train B, and that this specification typically describes in detail only a single Train.
  • the outputs 28 and 29 from the Trains 25 and 26 are provided to four Component Control Systems 30 to 33 for controlling the components such as pumps and valves according to the status of the initiation signals. Actuation of various ESF systems controlled by Component Control Systems 30 through 33 is discussed in greater detail below.
  • DESFAS Auxiliary Cabinets serve as an interface between the ESFAS portion of the DPPS, as seen from Fig. 1 and the remote actuation devices (not shown).
  • the DESFAS Auxiliary Cabinets contain the circuits which interface with the Plant Control System (PCS) which actuate ESF systems, including the solenoid valves, motor operated valves, pumps, fans, and dampers, upon receipt of a DESFAS signal, i.e. an actuation or initiation signal, from the DPPS, according to established specifications.
  • PCS Plant Control System
  • the ESF systems are actuated independently by a selective two-out-of-four logic, as shown in Figs. 3 and 4, which will be further discussed.
  • simultaneous operation of two manual pushbuttons, shown in Fig. 4 as MANUAL ACTUATE signals of a particular ESF system will also cause actuation of that system.
  • the DESFAS of the present invention also includes maintenance and test panel (MTP) interfaces to test both DPPS initial input interfaces as well as the function of the DESFAS trip logic. Once an actuation has been initiated, the trip logic is locked out and will not reset automatically when the DPPS/DEFAS initiation signal has cleared. The trip logic must be manually reset after the DPPS/DESFAS initiation signal has cleared.
  • the DESFAS design includes terminal blocks to interface with the Remote Initiation Reset Panel on the Main Control Board (MCB).
  • MBC Remote Initiation Reset Panel on the Main Control Board
  • the lockout and reset features are applicable to all ESF systems except cycling as follows: select circuits in the Auxiliary Feedwater Actuation Systems 1 and 2, and the Main Steam Isolation System are not locked out and do not require resetting.
  • the DESFAS equipment is arranged to control two groups whose actuation circuits are mechanically separated.
  • One of the groups will include all fans and pumps, while the second group includes its other valves and dampers, as shown in Fig. 3.
  • each group smaller subgroups are arranged such that testing of several components may be performed simultaneously without affecting normal plant operation, as shown in Fig. 6 and as described in the '556 copending application as noted above.
  • a test selector switch or keypad on the Maintenance and Test Panel 55 as shown in Fig. 3 selects the desired sub-group.
  • Manual controls are provided to actuate the subgroups manual trip and to lock out relays.
  • DPPS initial input interfaces may also be tested without any component (pump or valve) actuation.
  • the DESFAS Auxiliary Cabinets continuously monitor the DPPS initiation circuit output for each ESF system, as shown in Fig. 1. Annunciation (not shown) is provided for the initiation circuit actuation. The DESFAS Auxiliary Cabinets will automatically initiate protective action upon receipt of the selective two-out-of- four initiation inputs from the DPPS for each ESF system, as discussed in the concurrently filed provisional application mentioned above.
  • connections between the DPPS Channels A to D, the DESFAS Trains A and B, and the CCS channels A to D are multi-signal for providing isolated signals among the components such as by fiber-optic communication or isolated conductive wire components such as copper. Isolated status and test feedback signals are provided from Trains A and B to the DPPS Channels 21 to 24, and between Trains 25 and 26 through the maintenance and test panel 55 (Fig. 3).
  • Fig. 2 shows a single Digital ESFAS Auxiliary Relay Cabinet, shown with its front doors removed to illustrate the functional layout of the system.
  • the DESFAS is designed as two completely separated cabinets, one to house each of trains A and B (references 25 and 26 of Fig. 1).
  • One cabinet, as representatively shown in Fig. 2. by the reference numeral 34, will actuate Train A components and the other cabinet (not shown) will actuate Train B components.
  • the two cabinets are substantially identical in construction with the exception of the cabinet nameplate and the terminal block color coding.
  • the cabinets physically are arranged to comply with design criteria conventional in the art.
  • the cabinet 34 of Fig. 2 shows three locations 35 to 37 for receiving the actuation and initiation signals from DPPS channels A to D as shown in Fig. 1 and for housing those interconnections discussed in that figure.
  • Fig. 3 generally shows the DESFAS Auxiliary Cabinet Actuation Logic and Circuits for a single DESFAS cabinet, designated by the reference numeral 40, in a functional block diagram form.
  • a main purpose of the Fig. 3 arrangement 40 is to actuate DESFAS components upon receipt of a DESFAS channel signal from a typical channel of the DPPS 42.
  • the logic and I/O of the DESFAS is divided into two groups. Those groups are directed to pumps I/O 44, pumps I/O 46, valves I/O 48, and valves I/O 50, each of which is connected to and from the DPPS output circuits for a representative one of the DPPS Channels A to D, as seen in Fig. 3.
  • Each group thus has its own programmable logic controller (PLC) and I/O.
  • PLC programmable logic controller
  • the functional division of the PLCs is as follows: two PLCs 51 and 52 manage the pumps and fans in the safety features systems SIAS, CIAS, RAS, CSAS, AFAS-4 and AFAS-2 as shown in Fig. 3 and as discussed in connection with Fig. 1.
  • Two PLCs 53 and 54 manage the valves and dampers in the safety features systems previously mentioned. The components thus discussed are housed in the ESFAS cabinet 40.
  • a DESFAS PLC 51, 52, 53, 54 actuates DESFAS subgroup relays on a selective two-out-of-four basis.
  • the sub-group relays in turn operate necessary components for complete system actuation.
  • a maintenance and test panel (MTP) 55 is provided for intercommunications between the primary and secondary systems, as well as to monitor each system and initiate testing of the logic within each system.
  • the outputs of the logic and I/O groups 44, 46, 48 and 50 are selectively provided to the systems PDAS 56, PCS 57, and PAS 58, wherein the PCS system 57 operations the Plant pumps and valves as suggested by the block 59.
  • the solid lines represent a hardwired interface between the DPPS operating in a bidirectional mode, while the dashed lines connecting with the MTP provide a data link between the pump and valve systems.
  • MSIS is shown in Fig. 4 wherein ESFAS initiation signals from the DPPS are provided to OR gates 60 and 61 providing outputs to the combinations of NOT gates, AND gates, time delay circuits and Latch circuits resulting in presentation of logic signals to the output AND gates 62 and 63.
  • the ESF systems are actuated independently by a selective two-out-of-four logic.
  • simultaneous operation of two manual pushbuttons of a particular ESF system will cause actuation of that system.
  • manual pushbuttons are represented by MANUAL ACTUATE inputs 64 and 65.
  • the trip logic is locked out and will not reset automatically when the DPPS/DESFAS initiation signal has cleared.
  • the DESFAS design includes terminal blocks to interface with a Remote Initiation and Reset Panel (not shown) on the Main Control Board (not shown) for the power plant.
  • the described lockout and reset features are preferably applicable to all above-described ESF systems except for select circuits within the AFAS 1 and 2 and the MSIS, both of which are not locked out and do not require resetting.
  • Fig. 5 shows a detailed block diagram of a single Train A, indicated generally by reference 70, with columns Bl, B2, B3, and B4 and rows R01, R02, R03, and R04 to provide redundant communications and processors.
  • Each of the four subgroupings shown in Figure 5 may represent logic and I/O groups of Figure 3, wherein each of the groups may also include further redundancy as needed.
  • the redundant communications and processors are interconnected via fiber optic lines 71, leading to a substantial reduction in the amount of relays, fuses and general wiring is achieved with the DESFAS of the present invention. Actuation or initiation signals are transmitted to each subgroup relay through fiber optic cable 72, which also carries ESF system actuation information from DESFAS train A to field components (not shown).
  • DESFAS Train A which performs the functions as described above with reference to Figure 3.
  • Trains A and B are further interconnected with fiber optic line 74.
  • the DESFAS of the present invention utilizes fiber optic interconnects between its various subgroups as well as for overall data communication between the trains.
  • various electrically powered modems are interposed within the fiber optic circuit.
  • a modem M is provided with an input cable IN and output cable OUT, both cables connected to the modem M by conventional connectors ST. Additionally, the modem M is provided with source power PWR.
  • a conventional fiber optic connector FOC is removably attached or otherwise mounted to or associated with the modem M.
  • the fiber optic connector FOC can be mounted to the modem M by a bracket (not shown) or connected to the modem M by a flexible lanyard.
  • the modem M may be bypassed by disconnecting the input cable IN and the output cable OUT and connecting these cable together via the fiber optic coupler FOC as shown in FIG. 5B to thereby maintain the physical and optical integrity of the fiber optic pathway.
  • Each ESF system also utilizes electromechanical relays as part of its operation system.
  • PLC programmable logic controllers
  • PLC programmable logic controllers
  • a 24 VDC output or a 12 VDC output to energize or de-energize the coil of a power-switching relay.
  • relays that are optimally suited for a particular power-switching function are those designed to be energized by 12 VDC and these relays must often be mated to a 24 VDC PLC.
  • the present invention utilizes a printed circuit board (PCB) mounted relay organization that can be used in either 24 VDC or 12 VDC systems.
  • a printed circuit board PCB is provided with two relays Kl and K2 and two voltage-dropping resistors Rl and R2.
  • the relays Kl and K2 have 12 VDC coils and my be obtained, for example, from the KiloVac Corporation.
  • the voltage-dropping resistor Rl is in series-circuit with the coil of the relay Kl.
  • the resistance value of the voltage-dropping resistor Rl is chosen so that the resistor Rl and the coil Kl define a voltage divider that will provide 12 VDC to the coil Kl when the supply voltage is 24 VDC. In this way, a 12 VDC relay can be used with a 24 VDC supply.
  • the voltage- dropping resistor Rl is removed and a wire jumper JP1 is wired or otherwise inserted into the circuit in substitution for voltage dropping resistor Rl.
  • the voltage-dropping resistor R2 is removed and a wire jumper JP2 is wired or otherwise inserted into the circuit in substitution for voltage dropping resistor R2. Substitution of jumpers for voltage dropping resistors is shown in Fig.
  • the jumper JP1 allows the 12 VDC coil Kl to be connected directly to a 12 VDC source.
  • the circuitry for the relay K2 is the same as described for the relay Kl.
  • a second resistor (unnumbered) is shown in dotted line illustration; this second resistor may used use to define a true voltage divider with the resistor Rl with the operating voltage for the coil of the relay Kl provided from the intermediate connection between the two resistors.
  • Fig. 7 shows a simplified test logic system in block diagram form for use with the system thus described.
  • the ESFAS initiation signals from DPPS are provided to input OR gates and channeled through the shown logic circuits to provide Group I test and clear status indicator outputs as seen at numeral 80.
  • a MTP 73 of Fig. 5 testing of the DESFAS actuation and initiation logic from the DPPS inputs to the selective two-out-of- four logic, shown in Figs. 4 and 7, is enabled.
  • individual testing of each subgroup relay is enabled at 81 in Fig. 7.
  • the test logic system of Fig. 7 also enables tests to verify that there are no spurious connections between groups of relays.
  • the digital plant protection system disclosed herein utilizes programmed logic circuit (PLC) arrays that are designed to provide a 24 VDC output that is switched on or off under the control of the logic array. Since the PLCs are critical to system operation, it is important that they be isolated from overvoltage situations. In accordance with the present invention, system integrity is assured by utilizing optical couplers at the output of the PLCs and in all other voltage-switching contexts. As shown in FIG.
  • PLC programmed logic circuit
  • the optical coupler OC includes a pair of PN light emitting diode, Dl and D2, that are parallel connected (in opposing conduction directions) across input terminals INI and IN2.
  • a DC input voltage applied to the input terminals INI and IN2 will cause one of the two diodes (depending upon the polarity of the input voltage) to emit light.
  • a photo-transistor PT has its emitter and base connected between output terminals OUT1 and OUT2 and undergoes a change in trans-conductance as a function of the light emitted by the diode(s) driven into conduction. As a consequence, voltage levels applied to the terminals INI and IN2 will cause a corresponding change in the trans-conductance of the phototransistor PT.
  • the input-to- output electrical isolation provided by a typical optical coupler can be in the 3-5 kilovolt range; accordingly, the isolation provided by opto-coupler can assure system integrity.
  • opto-coupler In the context of digital plant protection systems, which require all devices to meet the IEEE Class IE requirement, the use of opto- couplers in this context serves to increase system reliability.
  • Fig. 9 shows an dual opto-isolated coupler with feedback indication for use with this or other inventions. Specifically, an opto-coupler was needed to allow the controlling output to be from either input 1 or input 2 with included protection from one input feeding back through to the other input.
  • Input DC signals 91 and 92 are provided respectively to steering diodes 93 and 94 to provide an input to a collection of a photo-transistor in the opto-isolator 95.
  • FIG. 10A and 10B shown a universal optically isolated selectable A,B type relay output for use with this or other inventions, as designated by the reference numeral 100.
  • An input is provided from the PLC outputs of the circuit of Fig. 3 to the input terminals 101 and 102 in circuit with an opto-isolator 103 coupling a photo-transistor pair for operating a relay pair shown generally at numeral 105.
  • the selectable A or B type contact arrangement is shown more specifically in Fig. 10B where terminal 106 is a common terminal, terminal 107 provides an output of either NC or NO state.
  • Fig. 11 is another dual input optically isolated selectable output relay module, shown generally by the reference numeral 110 to provide a user with a selectable Form A or B contact and a Form C contact format with an additional wire.
  • the inputs from the PLC outputs of Fig. 3 are provided to the inputs 111 and 112 in circuit with steering diodes 113 and 114 with input status LEDs 115 and 116 in circuit with the inputs to show the presence of a signal.
  • the steered input is provided to an opto-coupler 117 driving a relay 118 for an A/B Selector Switch 119 to provide outputs as in Figs. 9 and 10.
  • Fig. 12 is still another sample of such a dual input optically isolated output driver with an isolated output status, shown generally at the reference numeral 120.
  • a separate optically coupled output 121 is provided by optically coupling the relay 122 output from the opto-coupler 123.
  • the DESFAS and its subcomponents described above provides a digital interface between a DPPS and any ESF system within a nuclear power plant.
  • the DESFAS of the present invention continuously monitors the DPPS initiation circuit which governs each ESF system.
  • the present invention provides an interface between the DPPS and remote actuation devices which effect remedial action in the event that the DPPS generates a 'trip' signal.
  • controls are provided for remote equipment components, such as solenoid valves, motor operated valves, pumps, fans and dampers.
  • the DESFAS may easily be coordinated with the prior discussed systems of an Automatic Self-Testing System and a Digital Plant Protection System, both of which are described in copending applications identified above. Together, the DPSS, the Automatic Self Testing System and the DESFAS of the present invention constitute a complete nuclear plant reactor protection system. In addition, the DESFAS system of present invention may easily be interfaced with other nuclear plant control component control systems.
  • high energy initiation relay interfaces are provided to actuate safety related Class IE circuits as required by any signals generated by the DESFAS of the present system.
  • various optically isolated couplings are described. One such optical coupling may also be used to isolate the power supplies of Class IE safety-related equipment.
  • Fiber optic connections are described between various components of the system. Using these fiber optic connections, both input tests and logic fault tests may be conducted to verify DESFAS operability without damaging the integrity of the DESFAS monitoring. Individual testing of each subgroup relay is also disclosed. Finally, a test logic system enables tests to verify that there are no spurious connections between groups of relays.

Abstract

An interface between a Plant Protection System and Engineered Safety Features in a nuclear power plant is disclosed for continuously monitoring the plant protection system initiation circuit for each remotely actuated Engineered Safety Feature system to effect remedial action in the event that the Plant Protection System generates a 'trip' signal. By using actuation inputs from the Plant Protection System and manual, operator implemented inputs, controls are provided for remote equipment components, such as solenoid valves, motor operated valves, pumps, fans and dampers.

Description

DIGITAL ENGINEERED SAFETY FEATURES ACTUATION SYSTEM The subject matter of the present application is disclosed in applicants' co- pending Provisional U.S. Patent Application Nos. 60/048,922 and 60/048,923, both filed June 6, 1997, from both of which priority is claimed.
CROSS REFERENCE TO RELATED APPLICATION
The subject matter of this provisional application generally relates to the subject matter in pending U.S. Application, Serial No. 08/848,556, filed April 29, 1997, based on a provisional application filed on June 20, 1996, the disclosure of which is incorporated herewith for completeness of disclosure. In addition, the subject matter of this application is related to that disclosed in an application (Atty. Docket ABB- 144) filed on even date herewith by the present inventors and entitled "Digital Plant Protection System," the subject matter of which is incorporated herein by reference.
BACKGROUND OF THE INVENTION
In nuclear power plants, independent shut-down and safe-operation systems are dedicated to monitoring plant operation and evaluating numerous safety-related parameters. In the event one or more measured parameters indicate the existence of an unsafe condition, the shut-down system and/or the safe- operation system can automatically effect the appropriate remedial action. It is imperative that these safety control systems, known as plant protection systems, operate reliably, and accordingly, it is imperative that all measured and sensed parameters be valid.
In the context of nuclear plant protection systems, it is not uncommon to measure a multitude of parameters related to plant operation. These parameters include, for example, temperatures, pressures, flow rates, power density, neutron flux, fluid levels, etc. Other functions of the plant protection system include the status-monitoring of various components including valves, pumps, motors, control devices and generators.
Additionally, the plant protection system, under certain defined conditions, may initiate a reactor trip (RT), i.e., the rapid, controlled, and safe shut-down of the reactor by actuating various field systems and remote actuation devices. In the case of a pressurized light water reactor, the shut-down is often accomplished by the lowering of moderating control rods into the reactor core to cause the reactor to become sub-critical. In co-pending U.S. Application Serial No. 08/848,556 noted above, an invention for use in the nuclear industry is disclosed for providing an Automatic Self-Testing system for remote sensors utilizing multi-sensor, multi-channel redundant monitoring and control circuits. The system senses or measures a parameter by a plurality of independent and sensor specific processing paths, each of which is provided with parallel redundant sub-paths that can each be sequentially inserted into the processing path to effect normal processing or be disassociated from the processing path to effect testing. Each sensor provides, either directly or indirectly, a digital value to a comparator which compares the measured value with a pre-determined value that is, in turn, provided to coincidence logic that evaluates the output of its comparator with the input of the comparators of the other processing paths to provide an output indicative of a pass/fail condition. That invention advantageously provides an automatic self- testing system for verifying both the signal path processing functions and the validity of various logic states in parameter sensing systems, particularly parameter sensing systems using multiple redundant processing paths.
In copending U.S. Provisional Application Serial No. 60/048,922, noted above, an invention for use in the nuclear industry is disclosed for providing a Digital Plant Protection System (DPPS) that utilizes digital signals and which has a greater mean time between failure. The DPPS is characterized by a plurality of cross-connected sensed-parameter processing channels that provide a suitably conditioned digital value to a digital comparator that tests the conditioned digital value against a pre-determined value to determine whether or not the sensed- parameter has been exceeded. A comparator is associated with each of the plural channels and receives a separate measurement of the sensed parameter for each channel. If a sensed-parameter is determined to be out-of-specification on a two- out-of-four basis, a 'trip' signal is generated to effect remedial action.
BRIEF SUMMARY OF THE INVENTION
It is an object of the present invention to provide a digital interface between the DPPS and Engineered Safety Features (ESF) of a nuclear power plant.
It is a further object of the present invention to provide a Digital Engineered Safety Features Actuation System (DESFAS) for use with pressurized water reactors.
Coordinated with the prior discussed system of the '556 copending application, a Digital Plant Protection System (DPPS) has been developed, as noted above. Together, the DPPS, the Automatic Self Testing System described above and the DESFAS of the present invention constitute a nuclear plant reactor protection system. The DESFAS continuously monitors the DPPS initiation circuit for each ESF system. Thus, the present invention provides an interface between the DPPS and remote actuation devices which effect remedial action in the event that the DPPS generates a 'trip' signal. According to the present invention, by using actuation inputs from the DPPS and manual, operator implemented inputs, controls are provided for remote equipment components, such as solenoid valves, motor operated valves, pumps, fans and dampers.
U.S. Patent No. 5,267,277, issued November 30, 1993, assigned to the assignee of this invention describes in detail a prior control system known by the trademark "NUPLEX 80+". It is another overall and general object of this invention to retrofit or interface with the nuclear plant control component control systems, including those described in the '277 patent. Accordingly, the disclosure of the '277 patent is incorporated by reference.
Thus, a primary object of this invention is to provide a digital interface with existing or recently-developed component control systems.
Other objects and features of the invention will be seen from a detailed review of this specification and the accompanying drawings taken with the materials incorporated by reference.
BRIEF DESCRIPTION OF THE DRAWINGS
In the drawings:
Fig. 1 is a functional block diagram showing the interrelationship between the outputs of the DPPS system communicating with the DESFAS system of the invention communicating with a plurality of ESF Component Control Systems.
Fig. 2 is a frontal plan view of a digital ESFAS auxiliary relay cabinet for use with the system of the invention.
Fig. 3 is a block diagram of a digital ESFAS cabinet control system of the invention, showing a typical train of the two-train system according to the invention.
Fig. 4 is a functional block diagram of a typical DESFAS auxiliary cabinet logic diagram according to the invention.
Fig. 5 is a DESFAS single train block diagram in greater detail than Fig. 3. Fig. 5 A is a schematic block view of an optical modem.
Fig. 5B is a schematic block view of an input and an output optical cable connected together via fiber optic coupling.
Fig. 6 is a pictorial plan view of a printed circuit board with board- mounted relays and voltage dropping resistors. Fig. 6A is a pictorial plan view of the printed circuit board of Fig. 6 with connecting jumpers substituted for the resistors.
Fig. 6B is a schematic circuit diagram of a voltage-dropping resistor in series with the coil of its relay. FIG. 6C is a schematic circuit diagram of a jumper wire in substitution for the voltage dropping resistor.
Fig. 7 is a simplified functional block diagram for a typical DESFAS auxiliary cabinet test logic arrangement.
Fig. 8 is a schematic circuit of an optical coupler used to effect a measure of optical isolation.
Fig. 9 is a circuit diagram for a dual opto-isolated coupler with a feedback indication for use with the system of this invention and other more general systems.
Fig. 10 is a block diagram of a universal optically isolated selectable system, wherein Fig. 10A is the optically isolated selectable system according to the invention, and Fig. 1 OB is a circuit diagram showing a use of a selectable A or
B type contact for the system of Fig. 10A, each of which is also capable of use with other systems.
Fig. 11 is a functional block diagram for a dual input optically isolated selectable output relay module for use with the invention and with other systems.
FIG. 12 is functional abbreviated circuit diagram for a dual input optically isolated output driver with isolated output status, for optional use with the invention or with other systems.
DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS
Fig. 1 shows a functional block diagram for a Digital Engineered Safety Features Actuation System (DESFAS) interfacing with a Digital Plant Protection System (DPPS) discussed above, shown generally by the reference numeral 20. As noted above, the DPPS is characterized by a first plurality, preferably four, of cross-connected sensed-parameter processing channels A through D, designated respectively as channels 21 through 24 (no cross-connections are shown in Figure 1). Each channel provides a suitably conditioned digital value (not shown) to a digital comparator (not shown) that tests the conditioned digital value against a pre-determined value to determine whether or not the sensed-parameter has been exceeded. If a sensed-parameter is determined to be out-of-specification on a two- out-of-four channel basis, a 'trip' signal is generated to effect remedial action.
In Figure 1, each DPPS channel 21 through 24 generates a second plurality of actuation or initiation outputs for transmission to a like plurality of DESFAS trains. In a preferred configuration, shown in Figure 1 , two trains A and B are shown, designated respectively as trains 25 and 26. Thus, in the preferred configuration, channel 21 generates two actuation or initiation outputs 27a and 27b, one which is transmitted to train 25 and the other which is transmitted to train 26. Similarly, channels 22 through 24 generate a like number of actuation or initiation outputs.
Each of the channels 21 through 24 provides redundant actuation or initiation outputs for one of many Engineered Safety Features (ESF) systems. Various ESF systems monitored by separate DPPS channels include: (1) primary systems comprising a Safety Injection Actuation Signal (SIAS), a Containment Isolation Actuation Signal (CIAS), and a Recirculation Actuation Signal (RAS); and (2) secondary systems comprising a Containment Spray Actuation Signal (CSAS), a Main Steam Isolation Signal (MSIS), and Auxiliary Feedwater Actuation Signals AFAS 1 and AFAS 2. These signals are also outputs from a conventional plant protection system.
As noted above, actuation or initiation outputs such as 27a and 27b are provided to a pair of Trains A and B of the invention of the subject application. It should be understood that the DESFAS Auxiliary Cabinets, to be discussed below, are required for Train A and Train B, and that this specification typically describes in detail only a single Train.
The outputs 28 and 29 from the Trains 25 and 26 are provided to four Component Control Systems 30 to 33 for controlling the components such as pumps and valves according to the status of the initiation signals. Actuation of various ESF systems controlled by Component Control Systems 30 through 33 is discussed in greater detail below.
Before proceeding to a detailed discussion of the components which comprise the DESFAS of the present invention, the overall functioning of the system will be discussed to present an operational overview. It is important to note that the DESFAS Auxiliary Cabinets serve as an interface between the ESFAS portion of the DPPS, as seen from Fig. 1 and the remote actuation devices (not shown). The DESFAS Auxiliary Cabinets contain the circuits which interface with the Plant Control System (PCS) which actuate ESF systems, including the solenoid valves, motor operated valves, pumps, fans, and dampers, upon receipt of a DESFAS signal, i.e. an actuation or initiation signal, from the DPPS, according to established specifications. The ESF systems are actuated independently by a selective two-out-of-four logic, as shown in Figs. 3 and 4, which will be further discussed. In addition, simultaneous operation of two manual pushbuttons, shown in Fig. 4 as MANUAL ACTUATE signals of a particular ESF system, will also cause actuation of that system. The DESFAS of the present invention also includes maintenance and test panel (MTP) interfaces to test both DPPS initial input interfaces as well as the function of the DESFAS trip logic. Once an actuation has been initiated, the trip logic is locked out and will not reset automatically when the DPPS/DEFAS initiation signal has cleared. The trip logic must be manually reset after the DPPS/DESFAS initiation signal has cleared. The DESFAS design includes terminal blocks to interface with the Remote Initiation Reset Panel on the Main Control Board (MCB). The lockout and reset features are applicable to all ESF systems except cycling as follows: select circuits in the Auxiliary Feedwater Actuation Systems 1 and 2, and the Main Steam Isolation System are not locked out and do not require resetting.
The DESFAS equipment is arranged to control two groups whose actuation circuits are mechanically separated. One of the groups will include all fans and pumps, while the second group includes its other valves and dampers, as shown in Fig. 3.
Within each group, smaller subgroups are arranged such that testing of several components may be performed simultaneously without affecting normal plant operation, as shown in Fig. 6 and as described in the '556 copending application as noted above.
A test selector switch or keypad on the Maintenance and Test Panel 55 as shown in Fig. 3 selects the desired sub-group. Manual controls are provided to actuate the subgroups manual trip and to lock out relays. DPPS initial input interfaces may also be tested without any component (pump or valve) actuation.
Before returning to the detailed drawings, it should be noted that the DESFAS Auxiliary Cabinets continuously monitor the DPPS initiation circuit output for each ESF system, as shown in Fig. 1. Annunciation (not shown) is provided for the initiation circuit actuation. The DESFAS Auxiliary Cabinets will automatically initiate protective action upon receipt of the selective two-out-of- four initiation inputs from the DPPS for each ESF system, as discussed in the concurrently filed provisional application mentioned above.
It will be appreciated that the connections between the DPPS Channels A to D, the DESFAS Trains A and B, and the CCS channels A to D are multi-signal for providing isolated signals among the components such as by fiber-optic communication or isolated conductive wire components such as copper. Isolated status and test feedback signals are provided from Trains A and B to the DPPS Channels 21 to 24, and between Trains 25 and 26 through the maintenance and test panel 55 (Fig. 3). A detailed description of all features of the DESFAS of the present invention will now be provided.
Fig. 2 shows a single Digital ESFAS Auxiliary Relay Cabinet, shown with its front doors removed to illustrate the functional layout of the system. As mentioned above, the DESFAS is designed as two completely separated cabinets, one to house each of trains A and B (references 25 and 26 of Fig. 1). One cabinet, as representatively shown in Fig. 2. by the reference numeral 34, will actuate Train A components and the other cabinet (not shown) will actuate Train B components. The two cabinets are substantially identical in construction with the exception of the cabinet nameplate and the terminal block color coding. The cabinets physically are arranged to comply with design criteria conventional in the art.
The cabinet 34 of Fig. 2 shows three locations 35 to 37 for receiving the actuation and initiation signals from DPPS channels A to D as shown in Fig. 1 and for housing those interconnections discussed in that figure.
Fig. 3 generally shows the DESFAS Auxiliary Cabinet Actuation Logic and Circuits for a single DESFAS cabinet, designated by the reference numeral 40, in a functional block diagram form. A main purpose of the Fig. 3 arrangement 40 is to actuate DESFAS components upon receipt of a DESFAS channel signal from a typical channel of the DPPS 42.
Within the DESFAS cabinet 40, the logic and I/O of the DESFAS is divided into two groups. Those groups are directed to pumps I/O 44, pumps I/O 46, valves I/O 48, and valves I/O 50, each of which is connected to and from the DPPS output circuits for a representative one of the DPPS Channels A to D, as seen in Fig. 3. Each group thus has its own programmable logic controller (PLC) and I/O. The functional division of the PLCs is as follows: two PLCs 51 and 52 manage the pumps and fans in the safety features systems SIAS, CIAS, RAS, CSAS, AFAS-4 and AFAS-2 as shown in Fig. 3 and as discussed in connection with Fig. 1. Two PLCs 53 and 54 manage the valves and dampers in the safety features systems previously mentioned. The components thus discussed are housed in the ESFAS cabinet 40.
When the DESFAS Auxiliary Cabinet receives initiation signals from the DPPS 42, a DESFAS PLC 51, 52, 53, 54 actuates DESFAS subgroup relays on a selective two-out-of-four basis. The sub-group relays in turn operate necessary components for complete system actuation. A maintenance and test panel (MTP) 55 is provided for intercommunications between the primary and secondary systems, as well as to monitor each system and initiate testing of the logic within each system. The outputs of the logic and I/O groups 44, 46, 48 and 50 are selectively provided to the systems PDAS 56, PCS 57, and PAS 58, wherein the PCS system 57 operations the Plant pumps and valves as suggested by the block 59. Note that the solid lines represent a hardwired interface between the DPPS operating in a bidirectional mode, while the dashed lines connecting with the MTP provide a data link between the pump and valve systems.
Typical logic for all ESF actuations except AFAS-1 and AFAS-2 and
MSIS is shown in Fig. 4 wherein ESFAS initiation signals from the DPPS are provided to OR gates 60 and 61 providing outputs to the combinations of NOT gates, AND gates, time delay circuits and Latch circuits resulting in presentation of logic signals to the output AND gates 62 and 63.
According to the logic of Figure 4, the ESF systems are actuated independently by a selective two-out-of-four logic. In addition, simultaneous operation of two manual pushbuttons of a particular ESF system will cause actuation of that system. In Fig. 4, manual pushbuttons are represented by MANUAL ACTUATE inputs 64 and 65. In a preferred logic arrangement, once an actuation has been initiated, the trip logic is locked out and will not reset automatically when the DPPS/DESFAS initiation signal has cleared. Instead, the DESFAS design includes terminal blocks to interface with a Remote Initiation and Reset Panel (not shown) on the Main Control Board (not shown) for the power plant. A simultaneous operation of two MANUAL RESETS 66 and 67 manually resets trip logic after an initiation signal has cleared. The described lockout and reset features are preferably applicable to all above-described ESF systems except for select circuits within the AFAS 1 and 2 and the MSIS, both of which are not locked out and do not require resetting.
Fig. 5 shows a detailed block diagram of a single Train A, indicated generally by reference 70, with columns Bl, B2, B3, and B4 and rows R01, R02, R03, and R04 to provide redundant communications and processors. Each of the four subgroupings shown in Figure 5 may represent logic and I/O groups of Figure 3, wherein each of the groups may also include further redundancy as needed. Advantageously, the redundant communications and processors are interconnected via fiber optic lines 71, leading to a substantial reduction in the amount of relays, fuses and general wiring is achieved with the DESFAS of the present invention. Actuation or initiation signals are transmitted to each subgroup relay through fiber optic cable 72, which also carries ESF system actuation information from DESFAS train A to field components (not shown). All information is also communicated to Maintenance and Test panel 73 of DESFAS Train A, which performs the functions as described above with reference to Figure 3. Trains A and B are further interconnected with fiber optic line 74. As shown in greater detail in Figs. 5 A and 5B, the DESFAS of the present invention utilizes fiber optic interconnects between its various subgroups as well as for overall data communication between the trains. As part of the fiber optic systems, various electrically powered modems are interposed within the fiber optic circuit. As shown in FIG. 5A, a modem M is provided with an input cable IN and output cable OUT, both cables connected to the modem M by conventional connectors ST. Additionally, the modem M is provided with source power PWR. In accordance with the present invention, a conventional fiber optic connector FOC is removably attached or otherwise mounted to or associated with the modem M. For example, the fiber optic connector FOC can be mounted to the modem M by a bracket (not shown) or connected to the modem M by a flexible lanyard. In the event that the modem M undergoes an internal failure or loses power, the modem M may be bypassed by disconnecting the input cable IN and the output cable OUT and connecting these cable together via the fiber optic coupler FOC as shown in FIG. 5B to thereby maintain the physical and optical integrity of the fiber optic pathway.
Each ESF system also utilizes electromechanical relays as part of its operation system. In general, commercial programmable logic controllers (PLC), depending upon their manufacturer, provide a 24 VDC output or a 12 VDC output to energize or de-energize the coil of a power-switching relay. Oftentimes, relays that are optimally suited for a particular power-switching function are those designed to be energized by 12 VDC and these relays must often be mated to a 24 VDC PLC. In order to provide a measure of installation flexibility for 12 VDC relays in those situations in which the relay can be driven by either a 12 VDC or a 24 VDC source, the present invention utilizes a printed circuit board (PCB) mounted relay organization that can be used in either 24 VDC or 12 VDC systems. As shown in FIG. 6, a printed circuit board PCB is provided with two relays Kl and K2 and two voltage-dropping resistors Rl and R2. The relays Kl and K2 have 12 VDC coils and my be obtained, for example, from the KiloVac Corporation. As shown in FIG. 6B (for the relay Kl) the voltage-dropping resistor Rl is in series-circuit with the coil of the relay Kl. The resistance value of the voltage-dropping resistor Rl is chosen so that the resistor Rl and the coil Kl define a voltage divider that will provide 12 VDC to the coil Kl when the supply voltage is 24 VDC. In this way, a 12 VDC relay can be used with a 24 VDC supply. In the event that the relay Kl is to be used with a 12 VDC supply, the voltage- dropping resistor Rl is removed and a wire jumper JP1 is wired or otherwise inserted into the circuit in substitution for voltage dropping resistor Rl. Similarly, the voltage-dropping resistor R2 is removed and a wire jumper JP2 is wired or otherwise inserted into the circuit in substitution for voltage dropping resistor R2. Substitution of jumpers for voltage dropping resistors is shown in Fig. 6A. As shown in the diagram of FIG. 6C, the jumper JP1 allows the 12 VDC coil Kl to be connected directly to a 12 VDC source. The circuitry for the relay K2 is the same as described for the relay Kl. In FIG. 6B, a second resistor (unnumbered) is shown in dotted line illustration; this second resistor may used use to define a true voltage divider with the resistor Rl with the operating voltage for the coil of the relay Kl provided from the intermediate connection between the two resistors.
Fig. 7 shows a simplified test logic system in block diagram form for use with the system thus described. The ESFAS initiation signals from DPPS are provided to input OR gates and channeled through the shown logic circuits to provide Group I test and clear status indicator outputs as seen at numeral 80. In a preferred embodiment, through Train A MTP 73 of Fig. 5, testing of the DESFAS actuation and initiation logic from the DPPS inputs to the selective two-out-of- four logic, shown in Figs. 4 and 7, is enabled. Moreover, individual testing of each subgroup relay is enabled at 81 in Fig. 7. Finally, the test logic system of Fig. 7 also enables tests to verify that there are no spurious connections between groups of relays.
In the design of plant protection systems it is important that circuits by isolated from one another so that an over-voltage situation in one circuit will not affect the operation of another circuit. In general, the digital plant protection system disclosed herein utilizes programmed logic circuit (PLC) arrays that are designed to provide a 24 VDC output that is switched on or off under the control of the logic array. Since the PLCs are critical to system operation, it is important that they be isolated from overvoltage situations. In accordance with the present invention, system integrity is assured by utilizing optical couplers at the output of the PLCs and in all other voltage-switching contexts. As shown in FIG. 8, the optical coupler OC includes a pair of PN light emitting diode, Dl and D2, that are parallel connected (in opposing conduction directions) across input terminals INI and IN2. A DC input voltage applied to the input terminals INI and IN2 will cause one of the two diodes (depending upon the polarity of the input voltage) to emit light. A photo-transistor PT has its emitter and base connected between output terminals OUT1 and OUT2 and undergoes a change in trans-conductance as a function of the light emitted by the diode(s) driven into conduction. As a consequence, voltage levels applied to the terminals INI and IN2 will cause a corresponding change in the trans-conductance of the phototransistor PT. The input-to- output electrical isolation provided by a typical optical coupler can be in the 3-5 kilovolt range; accordingly, the isolation provided by opto-coupler can assure system integrity. In the context of digital plant protection systems, which require all devices to meet the IEEE Class IE requirement, the use of opto- couplers in this context serves to increase system reliability.
In the case of the DESFAS of the present invention, wherein multiple outputs from the DPPS are provided as input to the DESFAS, protection is required to prevent feedback from one input to the DESFAS from affecting another input. Fig. 9 shows an dual opto-isolated coupler with feedback indication for use with this or other inventions. Specifically, an opto-coupler was needed to allow the controlling output to be from either input 1 or input 2 with included protection from one input feeding back through to the other input. Input DC signals 91 and 92 are provided respectively to steering diodes 93 and 94 to provide an input to a collection of a photo-transistor in the opto-isolator 95. A negative input voltage source is shown at 96 while a positive output voltage is shown at 97 connected to the emitter of the coupled transistor in the opto-isolator 95. A feedback indicator 98 is in circuit with the coupled transistor to provide an indication of feedback. Figs. 10A and 10B shown a universal optically isolated selectable A,B type relay output for use with this or other inventions, as designated by the reference numeral 100. An input is provided from the PLC outputs of the circuit of Fig. 3 to the input terminals 101 and 102 in circuit with an opto-isolator 103 coupling a photo-transistor pair for operating a relay pair shown generally at numeral 105. The selectable A or B type contact arrangement is shown more specifically in Fig. 10B where terminal 106 is a common terminal, terminal 107 provides an output of either NC or NO state.
Fig. 11 is another dual input optically isolated selectable output relay module, shown generally by the reference numeral 110 to provide a user with a selectable Form A or B contact and a Form C contact format with an additional wire. The inputs from the PLC outputs of Fig. 3 are provided to the inputs 111 and 112 in circuit with steering diodes 113 and 114 with input status LEDs 115 and 116 in circuit with the inputs to show the presence of a signal. The steered input is provided to an opto-coupler 117 driving a relay 118 for an A/B Selector Switch 119 to provide outputs as in Figs. 9 and 10.
Fig. 12 is still another sample of such a dual input optically isolated output driver with an isolated output status, shown generally at the reference numeral 120. A separate optically coupled output 121 is provided by optically coupling the relay 122 output from the opto-coupler 123.
The DESFAS and its subcomponents described above provides a digital interface between a DPPS and any ESF system within a nuclear power plant. The DESFAS of the present invention continuously monitors the DPPS initiation circuit which governs each ESF system. Thus, the present invention provides an interface between the DPPS and remote actuation devices which effect remedial action in the event that the DPPS generates a 'trip' signal. According to the present invention, by using actuation inputs from the DPSS and manual, operator implemented inputs, controls are provided for remote equipment components, such as solenoid valves, motor operated valves, pumps, fans and dampers. The DESFAS may easily be coordinated with the prior discussed systems of an Automatic Self-Testing System and a Digital Plant Protection System, both of which are described in copending applications identified above. Together, the DPSS, the Automatic Self Testing System and the DESFAS of the present invention constitute a complete nuclear plant reactor protection system. In addition, the DESFAS system of present invention may easily be interfaced with other nuclear plant control component control systems.
In order to interface between DPPS and ESF systems, high energy initiation relay interfaces are provided to actuate safety related Class IE circuits as required by any signals generated by the DESFAS of the present system. Moreover, to prevent unwanted feedback between input signals from the DPPS and output signals of the DESFAS, various optically isolated couplings are described. One such optical coupling may also be used to isolate the power supplies of Class IE safety-related equipment. Fiber optic connections are described between various components of the system. Using these fiber optic connections, both input tests and logic fault tests may be conducted to verify DESFAS operability without damaging the integrity of the DESFAS monitoring. Individual testing of each subgroup relay is also disclosed. Finally, a test logic system enables tests to verify that there are no spurious connections between groups of relays.
Preferred embodiments of the present invention have been disclosed. A person of ordinary skill in the art will realize, however, that certain modifications and alternative forms will come within the teachings of this invention. Therefore, the following claims should be studied to determine the true scope and content of the invention.

Claims

1. A Digital Engineered Safety Features Actuation System, comprising: a first plurality of initiation signal inputs from a Plant Protection
System; said inputs received by a second plurality of logic trains; said trains converting said input into pre-determined actuation outputs; and said outputs provided to a fourth plurality of Component Control
Systems for controlling Engineered Safety Features system components.
2. A Digital Engineered Safety Features Actuation System as in claim
1, wherein said Plant Protection System provides digital initiation signal inputs.
3. A Digital Engineered Safety Features Actuation System as in claim
2, wherein said digital initiation signal inputs are conditioned.
4. A Digital Engineered Safety Features Actuation System as in claim 1 , wherein said initiation signal inputs are received from a first plurality of Plant
Protection System channels.
5. A Digital Engineered Safety Features Actuation System as in claim 1 , wherein said second plurality is two.
6. A Digital Engineered Safety Features Actuation System as in claim 1 , wherein said inputs are received by primary and secondary logic processors and I/O devices.
7. A Digital Engineered Safety Features Actuation System as in claim
6, wherein said primary and secondary logic processors and I/O devices provide said actuation outputs to said Component Control Systems.
8. A Digital Engineered Safety Features Actuation System as in claim
7, wherein said primary and secondary logic processors and I/O devices are further connected to a train maintenance and test panel to monitor said primary and secondary logic processors.
9. A Digital Engineered Safety Features Actuation System as in claim
8, wherein said maintenance and test panel may initiate testing of the logic within said primary and secondary logic systems.
10. A Digital Engineered Safety Features Actuation System as in claim 1 , wherein said logic trains are comprised of a fifth plurality of logic and I/O groups.
1 1. A Digital Engineered Safety Features Actuation System as in claim
10, wherein said logic trains are comprised of a four logic and I/O groups.
12. A Digital Engineered Safety Features Actuation System as in claim
1 1 , wherein said four groups control primary valves and dampers, primary pumps, secondary valves and dampers, and secondary pumps, respectively.
13. A Digital Engineered Safety Features Actuation System as in claim
12, wherein each said group further includes a separate I/O module and a separate programmable logic circuit.
14. A Digital Engineered Safety Features Actuation System as in claim
13, wherein said programmable logic circuits actuate Engineered Safety Feature relays on a selective two-out-of-four basis.
15. A Digital Engineered Safety Features Actuation System as in claim
14, wherein each said group programmable logic circuit and I/O module are further connected to a train maintenance and test panel to monitor said programmable logic circuits and I/O modules.
16. A Digital Engineered Safety Features Actuation System as in claim
15, wherein said maintenance and test panel may further initiate testing of the logic within each said programmable logic circuit and I/O module.
17. A Digital Engineered Safety Features Actuation System as in claim 16, wherein each said group programmable logic circuit and I/O module are further connected to a train maintenance and test panel by fiber optic data lines.
18. A Digital Engineered Safety Features Actuation System as in claim
17, wherein said logic trains further include a MANUAL ACTUATE input to selectively actuate Engineered Safety Features.
19. A Digital Engineered Safety Features Actuation System as in claim
18, wherein said logic trains further include a MANUAL RESET input to reset said logic trains after said input clears.
20. A Digital Engineered Safety Features Actuation System as in claim 1, wherein said logic trains actuate Engineered Safety Features relays on a selective two-out-of-four basis.
21. A Digital Engineered Safety Features Actuation System as in claim
20, wherein said logic trains further include a MANUAL ACTUATE input to selectively actuate Engineered Safety Features.
22. A Digital Engineered Safety Features Actuation System as in claim
21, wherein said logic trains further include a MANUAL RESET input to reset said logic trains after said input clears.
23. A Digital Engineered Safety Features Actuation System as in claim 1 , wherein said inputs are optically isolated to prevent input feedback
24. A Digital Engineered Safety Features Actuation System as in claim
23, wherein said feedback prevention is accomplished using dual input optically isolated output driver.
25. A Digital Engineered Safety Features Actuation System as in claim
24, wherein said optically isolated output driver further includes a selectable output relay module.
26. A Digital Engineered Safety Features Actuation System as in claim
25, wherein said optically isolated output driver further includes a separate optically-coupled output.
27. A Digital Engineered Safety Features Actuation System as in claim 1, wherein said Engineered Safety Features systems are actuated using high energy relays which accommodate either 12 VDC or 24 VDC actuation outputs.
28. A Digital Engineered Safety Features Actuation System as in claim 1 , wherein said trains communicate with said Plant Protection System using fiber optic data lines.
29. A Digital Engineered Safety Features Actuation System, comprising: means for receiving a first plurality of conditioned digital input initiation signals from a plant protection system; means for converting said input signals into a second plurality of digital output actuation signals; means for converting said output actuation signals into Engineered Safety Features systems actuation.
30. A Digital Engineered Safety Features Actuation System as in claim 29, wherein said means for receiving a first plurality of conditioned digital input signals further includes means for manually providing said conditioned digital input initiation signals.
31. A Digital Engineered Safety Features Actuation System as in claim 30, further including means for removing said output actuation signals upon clearing of said input initiation signals.
32. A Digital Engineered Safety Features Actuation System as in claim 31, wherein said means for removing said output actuation signals includes a MANUAL RESET means.
33. In a nuclear power plant reactor protection system, an interface between a Plant Protection System and Engineered Safety Features of the power plant, comprising: a first plurality of cross-connected processing channels, said channels each generating a second plurality of initiation signal inputs received by a second plurality of logic trains, each said logic train further comprising: a third plurality of Component Control Systems for controlling actuation of at least one of the Engineered Safety Features.
34. An interface between a Plant Protection System and Engineered Safety Features of a nuclear power plant as in claim 33, wherein said second plurality is two.
35. An interface between a Plant Protection System and Engineered Safety Features of a nuclear power plant as in claim 34, wherein said logic trains actuate the Engineered Safety Features upon receipt of a selective two-out-of-four of said initiation signal inputs.
36. An interface between a Plant Protection System and Engineered Safety Features of a nuclear power plant as in claim 35, wherein said logic trains further include a MANUAL ACTUATE input to selectively actuate the Engineered Safety Features.
37. An interface between a Plant Protection System and Engineered Safety Features of a nuclear power plant as in claim 36, wherein said logic trains further include a MANUAL RESET input to reset said logic trains after said input clears.
38. An interface between a Plant Protection System and Engineered Safety Features of a nuclear power plant as in claim 37, wherein said logic trains are each further connected to a train maintenance and test panel to monitor said Component Control Systems.
39. An interface between a Plant Protection System and Engineered Safety Features of a nuclear power plant as in claim 38, wherein said maintenance and test panel may initiate testing of the logic within said Component Control Systems.
40. An interface between a Plant Protection System and Engineered Safety Features of a nuclear power plant as in claim 39, wherein said third plurality is four.
41. An interface between a Plant Protection System and Engineered Safety Features of a nuclear power plant as in claim 40, wherein said four Component Control Systems control primary valves and dampers, primary pumps, secondary valves and dampers, and secondary pumps, respectively.
42. An interface between a Plant Protection System and Engineered Safety Features of a nuclear power plant as in claim 41, wherein each Component Control System further includes a separate I/O module and a separate programmable logic circuit.
43. An interface between a Plant Protection System and Engineered Safety Features of a nuclear power plant as in claim 42, wherein said trains communicate with said cross-connected processing channels using fiber optic data lines.
44. An interface between a Plant Protection System and Engineered Safety Features of a nuclear power plant as in claim 42, wherein said logic trains communicate with said maintenance and test panel using fiber optic data lines.
45. An interface between a Plant Protection System and Engineered
Safety Features of a nuclear power plant as in claim 44, wherein said initiation signal inputs are optically isolated to prevent input feedback.
46. An interface between a Plant Protection System and Engineered Safety Features of a nuclear power plant as in claim 45, wherein said feedback prevention is accomplished using dual input optically isolated output driver.
47. An interface between a Plant Protection System and Engineered Safety Features of a nuclear power plant as in claim 46, wherein said optically isolated output driver further includes a selectable output relay module.
48. An interface between a Plant Protection System and Engineered Safety Features of a nuclear power plant as in claim 47, wherein said optically isolated output driver further includes a separate optically-coupled output.
49. An interface between a Plant Protection System and Engineered Safety Features of a nuclear power plant as in claim 48, wherein said Engineered Safety Features systems are actuated using high energy relays which accommodate either 12 VDC or 24 VDC actuation outputs.
50. A method for providing an interface between a Plant Protection System and Engineered Safety Features of a nuclear power plant, comprising: receiving a first plurality of conditioned digital input initiation signals from a plant protection system; converting said input signals into a second plurality of digital output actuation signals; converting said output actuation signals into Engineered Safety Features systems actuation.
51. A method for providing an interface between a Plant Protection System and Engineered Safety Features as in claim 50, further including the step of removing said output actuation signals upon clearing of said input initiation signals.
52. A method for providing an interface between a Plant Protection System and Engineered Safety Features as in claim 51, wherein the output actuation signals actuate the Engineered Safety Features upon receipt of a selective two-out-of-four of said initiation signal inputs.
53. A method for providing an interface between a Plant Protection System and Engineered Safety Features as in claim 52, further including the step of monitoring said input initiation signals and said output actuation signals through a maintenance and test panel.
54. A method for providing an interface between a Plant Protection System and Engineered Safety Features as in claim 53, further including the step of testing said input initiation signals and said output actuation signals through said maintenance and test panel.
55. A method for providing an interface between a Plant Protection System and Engineered Safety Features as in claim 54, further including the step of connecting said maintenance and test panel to said input initiation signals and said output actuation signals with fiber optic data lines.
PCT/US1998/010895 1997-06-06 1998-05-29 Digital engineered safety features actuation system WO1998056008A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
AU76039/98A AU7603998A (en) 1997-06-06 1998-05-29 Digital engineered safety features actuation system

Applications Claiming Priority (4)

Application Number Priority Date Filing Date Title
US4892397P 1997-06-06 1997-06-06
US60/048,923 1997-06-06
US09/076,094 US6292523B1 (en) 1997-06-06 1998-05-12 Digital engineered safety features actuation system
US09/076,094 1998-05-12

Publications (1)

Publication Number Publication Date
WO1998056008A1 true WO1998056008A1 (en) 1998-12-10

Family

ID=26726676

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US1998/010895 WO1998056008A1 (en) 1997-06-06 1998-05-29 Digital engineered safety features actuation system

Country Status (3)

Country Link
CN (1) CN1265220A (en)
AU (1) AU7603998A (en)
WO (1) WO1998056008A1 (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR100408493B1 (en) * 2001-05-07 2003-12-06 한국전력기술 주식회사 System for digital reactor protecting to prevent common mode failures and control method of the same
EP2629301A1 (en) * 2010-10-12 2013-08-21 Mitsubishi Heavy Industries, Ltd. Control system for nuclear power facility

Families Citing this family (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6853530B1 (en) * 2000-09-15 2005-02-08 General Electric Company Apparatus and method for actuating a mechanical device
CN101656115A (en) * 2009-08-25 2010-02-24 北京广利核系统工程有限公司 Cabinet monitoring system of safety-level cabinet monitoring device
CN102280148B (en) * 2011-04-29 2014-01-22 清华大学 Integration testing method and system for digital protection system of high temperature gas cooled reactor
CN104252885B (en) * 2013-06-28 2017-11-14 中广核工程有限公司 A kind of nuclear power station Double-number amount output card configures system and method
CN104464861A (en) * 2014-12-02 2015-03-25 中广核工程有限公司 Nuclear power station rotating machine driving control method and device
CN108022662B (en) * 2016-11-03 2021-06-29 斗山重工业株式会社 Digital protection system of nuclear power station
KR101992299B1 (en) * 2017-05-15 2019-06-25 두산중공업 주식회사 Nuclear power plant digital protection system
CN107291062B (en) * 2017-04-01 2023-10-20 福建福清核电有限公司 Logic function test device for nuclear-level digital instrument control system of pressurized water reactor nuclear power plant
CN108088862B (en) * 2018-02-09 2023-05-23 丹东市祯晟科技有限公司 Wireless integrated X-ray flaw detector control system

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US3888772A (en) * 1972-04-04 1975-06-10 Westinghouse Electric Corp Communication between redundant protection and safeguards logic systems within nuclear reactor power plants by means of light
GB2180975A (en) * 1985-09-23 1987-04-08 Nat Nuclear Corp Ltd Safety systems, eg for nuclear reactors
US4661310A (en) * 1983-10-27 1987-04-28 Westinghouse Electric Corp Pulsed multichannel protection system with saturable core magnetic logic units
US4752869A (en) * 1985-05-09 1988-06-21 Westinghouse Electric Corp. Auxiliary reactor protection system
US5287390A (en) * 1989-11-02 1994-02-15 Combustion Engineering, Inc. Alarm system for a nuclear control complex
US5621776A (en) * 1995-07-14 1997-04-15 General Electric Company Fault-tolerant reactor protection system
WO1997049020A2 (en) * 1996-06-20 1997-12-24 Combustion Engineering, Inc. Automatic self-testing system

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US3888772A (en) * 1972-04-04 1975-06-10 Westinghouse Electric Corp Communication between redundant protection and safeguards logic systems within nuclear reactor power plants by means of light
US4661310A (en) * 1983-10-27 1987-04-28 Westinghouse Electric Corp Pulsed multichannel protection system with saturable core magnetic logic units
US4752869A (en) * 1985-05-09 1988-06-21 Westinghouse Electric Corp. Auxiliary reactor protection system
GB2180975A (en) * 1985-09-23 1987-04-08 Nat Nuclear Corp Ltd Safety systems, eg for nuclear reactors
US5287390A (en) * 1989-11-02 1994-02-15 Combustion Engineering, Inc. Alarm system for a nuclear control complex
US5621776A (en) * 1995-07-14 1997-04-15 General Electric Company Fault-tolerant reactor protection system
WO1997049020A2 (en) * 1996-06-20 1997-12-24 Combustion Engineering, Inc. Automatic self-testing system

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR100408493B1 (en) * 2001-05-07 2003-12-06 한국전력기술 주식회사 System for digital reactor protecting to prevent common mode failures and control method of the same
EP2629301A1 (en) * 2010-10-12 2013-08-21 Mitsubishi Heavy Industries, Ltd. Control system for nuclear power facility
EP2629301A4 (en) * 2010-10-12 2014-03-19 Mitsubishi Heavy Ind Ltd Control system for nuclear power facility
US9627877B2 (en) 2010-10-12 2017-04-18 Mitsubishi Heavy Industries, Ltd. Control system and method for nuclear power facility

Also Published As

Publication number Publication date
AU7603998A (en) 1998-12-21
CN1265220A (en) 2000-08-30

Similar Documents

Publication Publication Date Title
US6292523B1 (en) Digital engineered safety features actuation system
US6049578A (en) Digital plant protection system
KR102514568B1 (en) Nuclear reactor protection systems and methods
US11728051B2 (en) Nuclear reactor protection systems and methods
KR100808787B1 (en) Plant Protection System
US5621776A (en) Fault-tolerant reactor protection system
EP0180085B1 (en) Distributed microprocessor based sensor signal processing system for a complex process
US5586156A (en) Reactor protection system with automatic self-testing and diagnostic
KR100926013B1 (en) Component Interface Module
KR100848881B1 (en) Digital Security System for Nuclear Power Plant
EP0781451B1 (en) Reactor protection system
WO1998056008A1 (en) Digital engineered safety features actuation system
CN109920562A (en) A kind of protection system control device for nuclear power station
KR100875467B1 (en) Digital Reactor Protection System with Independent Redundancy Structure Redundancy
JP3258769B2 (en) Reactor control rod monitoring and control system
KR20010013440A (en) Digital engineered safety features actuation system

Legal Events

Date Code Title Description
WWE Wipo information: entry into national phase

Ref document number: 98807604.7

Country of ref document: CN

AK Designated states

Kind code of ref document: A1

Designated state(s): AL AM AT AU AZ BA BB BG BR BY CA CH CN CZ DE DK EE ES FI GB GE GH GM GW HU ID IL IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MD MG MK MN MW MX NO NZ PL PT RO RU SD SE SG SI SK SL TJ TM TR TT UA UG UZ VN YU ZW

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): GH GM KE LS MW SD SZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE BF BJ CF CG CI CM GA GN ML MR NE SN TD TG

DFPE Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101)
121 Ep: the epo has been informed by wipo that ep was designated in this application
WWE Wipo information: entry into national phase

Ref document number: 1019997011443

Country of ref document: KR

NENP Non-entry into the national phase

Ref document number: 1999502578

Country of ref document: JP

REG Reference to national code

Ref country code: DE

Ref legal event code: 8642

122 Ep: pct application non-entry in european phase
NENP Non-entry into the national phase

Ref country code: CA

WWP Wipo information: published in national office

Ref document number: 1019997011443

Country of ref document: KR

WWR Wipo information: refused in national office

Ref document number: 1019997011443

Country of ref document: KR