WO2017079950A1 - Nuclear power plant diverse driving system, method and diverse protection system - Google Patents

Nuclear power plant diverse driving system, method and diverse protection system Download PDF

Info

Publication number
WO2017079950A1
WO2017079950A1 PCT/CN2015/094496 CN2015094496W WO2017079950A1 WO 2017079950 A1 WO2017079950 A1 WO 2017079950A1 CN 2015094496 W CN2015094496 W CN 2015094496W WO 2017079950 A1 WO2017079950 A1 WO 2017079950A1
Authority
WO
WIPO (PCT)
Prior art keywords
signal
nuclear power
power plant
module
driving
Prior art date
Application number
PCT/CN2015/094496
Other languages
French (fr)
Chinese (zh)
Inventor
杨震
任立永
田亚杰
史觊
汪伟
梁玲
李静
谭国成
周叶翔
张小茹
彭华清
陈卫华
黄伟军
江辉
Original Assignee
中广核工程有限公司
中国广核集团有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中广核工程有限公司, 中国广核集团有限公司 filed Critical 中广核工程有限公司
Priority to PCT/CN2015/094496 priority Critical patent/WO2017079950A1/en
Publication of WO2017079950A1 publication Critical patent/WO2017079950A1/en

Links

Classifications

    • GPHYSICS
    • G21NUCLEAR PHYSICS; NUCLEAR ENGINEERING
    • G21DNUCLEAR POWER PLANT
    • G21D3/00Control of nuclear power plant
    • G21D3/04Safety arrangements
    • G21D3/06Safety arrangements responsive to faults within the plant
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02EREDUCTION OF GREENHOUSE GAS [GHG] EMISSIONS, RELATED TO ENERGY GENERATION, TRANSMISSION OR DISTRIBUTION
    • Y02E30/00Energy generation of nuclear origin

Definitions

  • the present invention relates to the field of nuclear power technology, and in particular, to a nuclear power plant diversity driving system and method, and a diversity protection system.
  • Digital Instrument Control System has been developed and applied in nuclear power plant safety level control system due to its simplified control logic, flexible configuration capability and powerful self-diagnosis function. It is used as nuclear power plant reactor protection system. Digital protection system in the middle. However, digital protection systems are susceptible to common cause failures due to features such as centralized functionality, shared software, and widespread adoption of communication technologies. For reactor protection systems that implement reactor safety functions, in the event of a design basis accident, if the digital protection system fails to perform its critical functions due to a common cause failure, the accident will develop into an overdesign basis accident and further jeopardize the safety of the reactor.
  • the prior art provides a nuclear power plant diversity driving system.
  • the nuclear power plant diversity drive system is used as a nuclear power plant diversity backup device for the reactor protection system, and the protection function is realized after the reactor protection system fails.
  • a known technology nuclear power plant diversity drive system primarily implements protection functions through an emergency control panel (ECP), a backup tray (BUP), and an auxiliary relay cabinet (ARC).
  • ECP emergency control panel
  • BUP backup tray
  • ARC auxiliary relay cabinet
  • the operator manually inputs the system-level control signal and the device-level control signal into the auxiliary relay cabinet by manually operating the emergency control panel and the backup disk, so that the auxiliary relay cabinet can protect the system and the field device respectively.
  • the display and indication of important parameters of the nuclear power station can be obtained through the backup disk.
  • the technical problem to be solved by the embodiments of the present invention is to meet the needs of the existing nuclear power plant diversity driving system.
  • the defect of manual intervention by the operator provides a nuclear power plant diversity driving system and method capable of automatically implementing the protection function and a nuclear power plant diversity protection system including the nuclear power plant diversity driving system.
  • an embodiment of the present invention provides a nuclear power plant diversity driving system for protecting a nuclear power plant from failure in a reactor protection system failure, comprising: a signal receiving module, configured to receive a detection signal a logic processing module, configured to perform logic processing on the detection signal to determine whether a design basis accident occurs, and when the determination is yes, generate a driving signal; and a signal output module, configured to output the driving signal to the actuator To drive the actuator action.
  • the diversity driving system further includes a human machine interface module, configured to receive a display signal provided by the logic processing module, thereby providing security function parameter monitoring information, alarm information, and system and device status indication; And configured to receive a user operation signal and send the signal to the signal receiving module.
  • a human machine interface module configured to receive a display signal provided by the logic processing module, thereby providing security function parameter monitoring information, alarm information, and system and device status indication; And configured to receive a user operation signal and send the signal to the signal receiving module.
  • the signal receiving module is specifically configured to receive a detection signal shared by the reactor protection system, receive a detection signal from a third-party detection system, and receive the user input from the human-machine interface module. Operation signal.
  • the nuclear power plant diversity driving system is further configured to receive a feedback signal of the actuator or perform delay by logic processing to implement automatic locking after the reactor protection system works normally.
  • the detection signal shared with the reactor protection system is isolated and input to the signal receiving module.
  • the nuclear power plant diversity driving system further includes a first isolation module, and the detection signal shared with the reactor protection system is isolated by the first isolation module and input to the signal receiving module.
  • the logic processing module includes at least two parallel comparison units and a voting unit connected to the comparison unit; each of the comparison units is configured to compare the detection signal with a set value to determine Whether a design basis accident occurs, and outputs a comparison result to the voting unit; the voting unit is configured to vote on the comparison result, when a comparison result of at least two of the at least two comparison units is generated After the design basis event, the voting unit outputs the driving signal to the signal output module.
  • the number of the logical processing modules is two, respectively a first logical processing module and a second logical processing module;
  • the executing mechanism includes a power control cabinet and a dedicated security facility of the stick control and the rod system
  • the first logic processing module is configured to perform logic processing on the detection signal to determine whether a design basis accident occurs, and generate a first driving signal to drive the stick control and the rod position when the designation is that a design basis accident occurs.
  • the power cabinet of the system operates to cut off the power of the control rod drive mechanism;
  • the second logic processing module is configured to perform logic processing on the detection signal to determine whether a design basis accident occurs, and when the determination is that a design basis has occurred The accident generates a second drive signal to drive the action of the dedicated safety facility
  • the nuclear power plant diversity driving system further includes a second isolation module, and the second driving signal is isolated by the second isolation module and sent to a preferred unit of the device interface module, and sent by the preferred unit To the special safety facilities action.
  • the first logic module further includes a delay unit, wherein the delay unit is configured to delay an input signal or an output signal of the first logic module.
  • the signal receiving module is further configured to receive a feedback signal from the dedicated security facility to block the second driving signal.
  • the logic processing module further includes an expected transient non-stop heap protection logic module, configured to respond to the shutdown protection system from being rejected during the shutdown process;
  • the expected transient non-stop heap protection logic module includes Three first comparators, two second comparators, three-two comparators, first AND gates and second AND gates; the three first comparators are respectively used for determining the water supply amount of the three steam generators
  • the three first comparator outputs are respectively connected to the input ends of the three-selection two-voter;
  • the two second comparators are respectively used to determine the stack power of the two groups of reactors, the two second An output of the comparator is respectively connected to an input end of the first AND gate; an output end of the voter and the first AND gate is respectively connected to an input end of the second AND gate, the second The output of the door is connected to the actuator.
  • the present invention also provides a nuclear power plant diversity driving method for protecting a nuclear power plant safety after a reactor protection system fails, comprising the following steps:
  • the detection signal is logically processed to determine whether a design basis accident occurs; if yes, then go to step S3, otherwise continue to step S2; [0022] S3. Generate a driving signal to drive the actuator action.
  • the diversity driving method further includes the following steps:
  • S4. Output display information to display security function parameter monitoring information, alarm information, and system and device status indications and receive user operation signals.
  • the step S1 specifically includes: receiving a detection signal shared by the reactor protection system, receiving a detection signal from a third-party detection system, or receiving the user operation signal input from a human-machine interface module.
  • the diversity driving method further includes the following steps:
  • S5. Receive a feedback signal of the actuator or perform delay by logic processing to implement automatic blocking after the reactor protection system works normally.
  • the detection signal is isolated.
  • the method further includes:
  • the step S2 further includes:
  • step S22 Vote on the at least two comparison results.
  • the process proceeds to step S3, otherwise returns to step S21.
  • the executing mechanism comprises a power cabinet and a special safety device of the bar control and the stick system
  • the step S3 further comprises:
  • the step S31 further comprises: isolating the generated second driving signal, and then sending the information to the preferred unit of the device interface module, and sending, by the preferred unit, the dedicated security device
  • the step S32 further includes: delaying the first detection signal or the first driving signal.
  • the diversity driving method further includes the following steps:
  • S6 Receive a feedback signal of the dedicated security facility to block the second driving signal.
  • the diversity driving method further includes the following steps:
  • the expected transient non-stop heap protection logic module includes three first comparisons. , two second comparators, three-two-vote, first and second AND gates;
  • the three first comparators are respectively used to determine the water supply amount of the three steam generators, and the three first comparator outputs are respectively connected to the input ends of the three-selection two voter;
  • Two second comparators are respectively used to determine the stack power of the two groups of reactors, and the outputs of the two second comparators are respectively connected to the input ends of the first AND gate;
  • the voter and the first An output of the AND gate is coupled to an input of the second AND gate, and an output of the second AND gate is coupled to the actuator.
  • the present invention also provides a diversity protection system for protecting the safety of a nuclear power plant, including a reactor protection system, a diversity drive system, and an actuator;
  • the reactor protection system is used to drive the actuator action when a design basis accident occurs at the nuclear power plant
  • the diversity drive system is used as a backup device of the reactor protection system, and is used to drive the actuator action when a design basis accident occurs in the nuclear power plant;
  • the diversity drive system includes:
  • a signal receiving module configured to receive a detection signal
  • a logic processing module configured to perform logic processing on the detection signal to determine whether a design basis event occurs, and when the determination is yes, generate a driving signal
  • a signal output module configured to output the driving signal to an actuator to drive the actuator to act
  • the multi-function drive system further includes a human-machine interface module, configured to receive a display signal provided by the logic processing module, thereby providing security function parameter monitoring information, alarm information, and system and device status indications; And configured to receive a user operation signal and send the signal to the signal receiving module.
  • a human-machine interface module configured to receive a display signal provided by the logic processing module, thereby providing security function parameter monitoring information, alarm information, and system and device status indications; And configured to receive a user operation signal and send the signal to the signal receiving module.
  • the nuclear power plant diversity driving system is further configured to receive a feedback signal of the actuator or perform delay by logic processing, so as to achieve automatic locking after the reactor protection system works normally.
  • Advantageous effects of the invention Beneficial effect
  • the embodiments of the present invention have the following beneficial effects:
  • the present invention can automatically detect a design basis accident and generate a driving signal to automatically control the actuator action, thereby avoiding a total of reactor protection systems due to design basis accidents.
  • the user is required to manually operate to control the actuator action. Therefore, the present invention can reduce the operational requirements of the user, improve the ability of the nuclear power plant to cope with common faults, and thereby improve the safety of the nuclear power plant.
  • the present invention provides a special nuclear power plant diversity human-machine interface module, which effectively reduces the size of the backup disk, and makes the human-machine interaction function more expandable, and is no longer limited to the original design of the backup disk.
  • FIG. 1 is a block diagram showing the structure of a nuclear power plant diversity protection system according to a first embodiment of the present invention
  • FIG. 2 is a block diagram showing the structure of a nuclear power plant diversity protection system according to a second embodiment of the present invention.
  • FIG. 3 is a block diagram showing the structure of a nuclear power plant diversity protection system according to a third embodiment of the present invention.
  • FIG. 4 is a block diagram showing the structure of a nuclear power plant diversity protection system according to a fourth embodiment of the present invention.
  • FIG. 5 is a block diagram showing the structure of a first embodiment of the nuclear power plant diversity driving system of FIG. 1;
  • FIG. 6 is a block diagram showing the structure of an embodiment of the logic processing module of FIG. 5;
  • FIG. 7 is a block diagram showing the structure of another embodiment of the logic processing module of FIG. 5;
  • FIG. 8 is a block diagram showing the structure of a second embodiment of the nuclear power plant diversity driving system of FIG. 1;
  • FIG. 9 is a block diagram showing the structure of an embodiment of the logic processing module of FIG. 8;
  • FIG. 10 is a block diagram showing the structure of another embodiment of the logic processing module of FIG. 8;
  • FIG. 11 is a block diagram showing the structure of a third embodiment of the nuclear power plant diversity driving system of FIG. 1;
  • FIG. 12 is a block diagram showing the structure of a fourth embodiment of the nuclear power plant diversity driving system of FIG. 1;
  • FIG. 13 is a block diagram showing the structure of a nuclear power plant diversity protection system according to a fifth embodiment of the present invention.
  • 14 is a block diagram showing the structure of still another embodiment of the logic processing module of FIG. 5; 15 is a flow chart of a nuclear power plant diversity driving method according to a first embodiment of the present invention.
  • the nuclear power plant diversity protection system includes a reactor protection system 2, a multi-function drive system 1 and an actuator 3.
  • the Reactor Protection System 2 is a safety system for detecting nuclear power plants that deviate from acceptable conditions and issue instructions to maintain safety. It is used to protect the integrity of the three nuclear safety barriers (ie, fuel cladding, primary circuit pressure boundaries, and containment). When the operating parameters reach the threshold that jeopardizes the three barriers, the reactor is shut down urgently and the dedicated safety facilities are activated as necessary.
  • the reactor emergency shutdown system 22 in the reactor protection system 2 typically performs protection logic in software.
  • the reactor stack emergency shutdown system 22 includes a reactor shutdown software logic module 222 and a dedicated safety facility driver software logic module 224. Both logic modules operate the shutdown and drive logic in a software-only manner to control the shutdown circuit breaker 31 and the dedicated safety facility 33 to perform protection actions.
  • the diversity drive system 1 is used as a backup system for the reactor protection system 2, and the reactor protection system 2 fails to protect the safety of the nuclear power plant.
  • the diversity drive system 1 performs protection logic in pure hardware.
  • the implementation of protection logic in software mode is prone to common cause failures due to the transmission of design basis accidents by nuclear power plants, and the loss of protection of nuclear power plant safety.
  • the implementation of protection logic in pure hardware can effectively avoid common cause failures due to design basis accidents. Therefore, the reactor protection system 2 is effectively complemented by the diversity drive system 1 to ensure the safety of the nuclear power plant.
  • the actuator 3 mainly includes a stick control and stick system and a dedicated safety facility.
  • the rod control and rod system is used to lift, insert, maintain and monitor the position of each control rod in the reactor to achieve reactor reactor start-up, shutdown and stable operation.
  • Special safety facilities mainly include safety injection system, containment, containment spray system, containment isolation system and auxiliary.
  • the safety injection system is used to inject cooling water into the core to prevent the core from melting.
  • the containment is used to house the reactor pressure vessel and part of the safety system (including primary circuit main system and equipment, shutdown cooling system), completely isolated from the external environment to achieve a security screen The function of the barrier.
  • the containment spray system is used to spray a boron-containing water into the containment after a water loss accident or a main steam pipe breaks in the containment of the nuclear power plant, limiting the pressure in the containment to increase sharply and shortening the high pressure to maintain the peak time and reduce the peak pressure. And temperature to prevent overpressure failure of the containment.
  • the auxiliary water supply system is used to supply water to the steam generator to protect the steam generator and prevent the occurrence of core melting accidents.
  • the diversity drive system 1 includes: a signal receiving module 11, a logic processing module 12, and a signal output module 13.
  • the working principle of the nuclear power plant diversity driving system 1 is as follows: The signal receiving module 11 receives the detection signal 10, and then the logic processing module 12 performs logic processing on the detection signal 10 to determine whether a design basis accident occurs, and if a design basis accident occurs, logic processing Module 12 generates drive signal 20 and transmits it to actuator 3 via signal output module 13 to drive actuator 3 action.
  • the detection signal 10 is only input to the reactor protection system 2, and the reactor emergency shutdown system 22 in the reactor protection system 2 logically processes the detection signal 10 to determine whether a design basis accident has occurred and correspondingly A drive signal is generated to drive the actuator action to achieve a protection function.
  • the nuclear power plant diversity drive system 1 of the present invention directly receives the detection signal 10 supplied to the reactor protection system 2, and performs the same or improved logic processing as the reactor protection system, thereby generating a drive signal 20 to drive execution in the event of a design basis accident.
  • Mechanism 3 action In the reactor emergency shutdown system 22, the logic processing is implemented by application software, and in the nuclear power plant diversity drive system 1, the logic processing is implemented by hardware.
  • the existing reactor protection system 2 plus the nuclear power plant diversity drive system 1 of the present application enables the nuclear power plant to have the protection function of the nuclear power plant diversity.
  • the nuclear power plant diversity driving system 1 further includes a human machine interface module 15 for receiving the display signal 40 provided by the logic processing module 12 and displaying security function parameter monitoring information, Alarm information and system and device status indications.
  • the human interface module 15 can also receive the user's operation and send the user operation signal 105 to the signal receiving module 11.
  • the detection signal 10 input to the reactor protection system includes: a power range neutron fluence rate signal of the nuclear instrumentation system, a pressure signal of a regulator of the reactor coolant system, a steam generator in the feed water flow control system The water level signal and the pressure signal of the main steam system.
  • the diversity drive system 1 provided by the present application can perform logical processing based on these detection signals shared with the reactor protection system 2 to determine whether a design basis accident occurs, and can also perform logic processing based on other signals to determine whether a design basis accident occurs. .
  • the diversity drive system 1 can also receive the third The detection signal 104 provided by the square detection system 7 logically processes the detection signal 104 to determine whether a design basis accident has occurred.
  • the diversity drive system 1 can also generate the drive signal 20 based on the operation signal 105 input by the user.
  • the third-party detection system mainly includes: a nuclear instrumentation system, a power plant radiation monitoring system, a stick control, and a rod position system.
  • the diversity drive system 1 can directly acquire detection signals from these systems, perform logic processing and generate drive signals accordingly.
  • the above-mentioned nuclear power plant diversity driving system realizes automatic detection of design basis accidents and correspondingly generates driving signals to automatically control the action of the actuator, thereby avoiding a situation in which the reactor protection system causes a common cause failure due to a design basis accident.
  • Manual user action is required to control actuator action. Therefore, the present invention can reduce the operational requirements of the user, improve the ability of the nuclear power plant to cope with common cause failures, and thereby improve the safety of the nuclear power plant.
  • the present invention provides a special human-machine interface module, which effectively reduces the size of the backup disk, and makes the human-computer interaction function more expandable, and is no longer limited to the original design of the backup disk.
  • the detection signals 10 shared with the reactor protection system 2 are branched and isolated and input to the reactor protection system 2 and the nuclear power plant diversity drive system 1, respectively.
  • the reactor protection system 2 includes a branch and isolation module 21.
  • the branch and isolation module 21 branches the detection signal 10 in the input reactor protection system 2 into two identical signals 102 and 101 and inputs them to the reactor emergency shutdown system 22 and the signal receiving module 11, respectively, and the same two signals The 101 and 102 are isolated so that the signal 101 input to the signal receiving module 11 is not affected by the reactor protection system 2.
  • FIG. 1 the reactor protection system 2 includes a branch and isolation module 21.
  • the branch and isolation module 21 branches the detection signal 10 in the input reactor protection system 2 into two identical signals 102 and 101 and inputs them to the reactor emergency shutdown system 22 and the signal receiving module 11, respectively, and the same two signals The 101 and 102 are isolated so that the signal 101 input to the signal receiving module 11 is not affected by the reactor protection system 2.
  • the reactor protection system 2 shows another branching and isolation mode, and the reactor protection system 2 includes a branching module 21 and an isolating module 23.
  • the detection signal 10 is split into two identical signals 101 and 102 via the branching module 21, one of the signals 102 is directly input to the reactor emergency shutdown system 22, and the other signal 101 is isolated by the isolation module 23 to form an isolated signal 103.
  • the signal 103 is input to the signal receiving module 11.
  • 3 shows a third branching and isolation mode
  • the reactor protection system 2 includes a branching module 21, and the nuclear power plant diversity drive system includes an isolation module 14.
  • the detection signal 10 is split into two identical signals 101 and 102 via the branching module 21, one signal 102 being input directly to the reactor emergency shutdown system 22, and the other signal 101 being input to the isolation module 14 forming the isolated signal 103.
  • the signal 103 is sent to the signal receiving module 11.
  • Figure 4 shows a fourth branching and isolation mode.
  • the detection signal 10 is separated into two identical isolations by a branch and isolation module 4 independent of the reactor protection system 2 and the nuclear power plant diversity drive system 1. Signals 101 and 102, one signal 102 is directly input to the reactor emergency shutdown system 22, and the other signal 101 is directly input to the signal receiving module 11.
  • the branching and isolation module 4 may be part of a detection device that detects signals, or it may be a separate device or device.
  • Figures 1-4 illustrate four embodiments of branching and isolation detection signals. It should be understood that those skilled in the art can also derive further embodiments based on the four embodiments, and these embodiments are all within the scope of the present invention.
  • the diversity drive system 1 does not perform a protection function when the reactor protection system 2 is operating normally.
  • the diversity drive system 1 is automatically latched by receiving the feedback signal from the actuator 3, and the drive signal 20 is never sent to the actuator.
  • the diversity drive system 1 can also be delayed by logic processing, lags behind the reactor protection system 2 receiving the detection signal 10 or lags behind the reactor protection system 2 output drive signal 20.
  • the reactor protection system 2 performs the safety protection of the nuclear power plant, and the diversity drive system 1 is automatically blocked.
  • the automatic latching method of the diversity drive system 1 will be described in detail in the embodiment shown in Figs. 8 and 11.
  • the logic processing module 12 includes a comparison module and a voting module.
  • the logic processing module 12 includes two comparison modules 121A and 121B.
  • the two comparison modules simultaneously receive the detection signal 10 sent from the signal receiving module 11, and then compare the detection signal 10 with the set value in the comparison modules 121A and 121B, respectively, and output the comparison result to the voting module 122.
  • the detection signal 10 can be the reactor temperature, and the temperature values T0 are preset in the comparison modules 121A and 121B.
  • the comparison module 121A and 121B when the reactor temperature exceeds the preset value TO ⁇ , it indicates that a design basis accident has occurred, then when the temperature values input to the comparison modules 121A and 121B are greater than the preset temperature TO ⁇ , the comparison module 121A and 121B then outputs a high level to the voting module 122. Otherwise, the comparison modules 121A and 121B output a low level to the voting module 122.
  • the voting module 122 outputs a high level, that is, a driving signal, to the signal output module 13; otherwise, no driving signal is output to the signal output module 13.
  • the voting module 122 can be implemented as an AND gate.
  • the number of comparison modules may also be three, but the working principle is similar to that of the embodiment shown in FIG. 6, and is not described here.
  • the voting module 122 can be implemented as a three-choice voter.
  • those skilled in the art can also set the drive signal to be output when the output of the three comparison modules is a high level ⁇ voting module according to actual needs.
  • the reliability of the logic processing module 12 can be improved by providing at least two comparison modules in the logic processing module 12.
  • the logic processing module 12 generates a drive signal only if the output of at least two of the comparison modules reflects that a design basis event has occurred.
  • FIG. 8 shows a specific logic processing module, namely a reactor shutdown hardware logic module 12A.
  • This hardware logic module is used to execute reactor shutdown logic in the event of a design basis accident.
  • the reactor emergency shutdown system 22 includes an analog input module 221, a reactor shutdown software logic module 222, and an output module 223. Since the detection signal 10 is an analog signal, the analog input module 221 converts the analog signal into a digital signal and inputs it to the reactor shutdown software logic module 222 for logic processing.
  • the reactor shutdown software logic module 222 If a design basis accident occurs, the reactor shutdown software logic module 222 generates a drive signal that is input through the output module 223 to the actuator 3, that is, the shutdown circuit breaker 31 in the power cabinet 3 of the bar control and stick system, thereby causing the shutdown The circuit breaker 31 is broken.
  • the shutdown circuit breaker 31 is electrically connected to the control rod drive mechanism 5, and the operation of the shutdown circuit breaker 31 causes the control rod drive mechanism 5 to act accordingly, thereby performing shutdown protection.
  • the reactor shutdown software logic module 222 is also referred to as a digital protection system. Digital protection systems are prone to common cause failures due to design basis accidents at nuclear power plants, making it impossible to perform shutdown protection. Therefore, this embodiment provides a shutdown protection logic implemented by hardware.
  • the nuclear power plant diversity driving system 1 includes a signal receiving module 11, a reactor hardware logic module 12A, and a signal output module 13. Because the nuclear power plant diversity driving system provided by the present application is implemented by hardware, the detection signal 10 can be directly input to the signal receiving module 11 and further directly input to the reactor shutdown hardware logic module 12A without performing digital/analog conversion. deal with.
  • the drive signal generated by the reactor shutdown hardware logic module 12A (to distinguish the drive signal of the embodiment shown in FIG. 11, the drive signal can be named as the first drive signal) 201 is sent by the signal output module 13 to the stick control and the stick system.
  • the control unit 32 of the power cabinet directly cuts off the power supply 6 of the power cabinet.
  • the diversity drive system 1 can also achieve emergency shutdown. Therefore, the nuclear power plant diversity drive system 1 is not affected by the common fault of the digital protection system from its signal input to signal output, ensuring the diversity and integrity of its automatic shutdown function.
  • FIG. 8 shows only a part of the structure of the nuclear power plant diversity driving system 1, those skilled in the art should understand that the nuclear power plant diversity driving system 1 may further include the human machine interface module 15 shown in FIG. 5.
  • the branch and isolation module 21 of FIG. 8 can also be implemented as shown in FIGS. Reactor shutdown hardware logic
  • the specific structure of block 12A is similar to that of the logic processing modules shown in Figures 6 and 7, but improvements may be made. Two of the structures will be specifically explained below.
  • the reactor shutdown hardware logic module 12A includes a delay module 123 in addition to the comparison modules 1 21A and 121B shown in FIG. 6.
  • the delay module 123 may be connected after the voting module 122 as shown in FIG. 9, or may be connected before the comparison modules 121A and 121B as shown in FIG.
  • the working principle is as follows:
  • the delay module 123 delays the input signal or output signal of the reactor shutdown hardware logic module 12A.
  • the delay is tl, which means that only the design basis accident lasts for more than or equal to tl ⁇ , and the reactor shutdown hardware logic module 12A determines that a design basis accident has occurred. This allows the reactor protection system 2 to prioritize protection actions.
  • the reactor protection system 2 in the event of a design basis accident, if the reactor protection system 2 is operating normally, the reactor protection system 2 first performs a protection process in response to the design basis accident. After the reactor protection system 2 responds, the detection signal 10 changes, and the signal received by the nuclear power plant diversity drive system 1 is that no design basis accident has occurred, so that no drive signal is generated. In this way, it is possible to avoid the nuclear power plant diversity drive system 1 repeating the protection action when the reactor protection system 2 is normal. In the event of a design basis accident, if the reactor protection system 2 generates a common cause failure and fails to function properly, the nuclear power plant diversity drive system 1 will perform the protection action after the design basis accident occurs.
  • the preset value in the comparison module of the reactor shutdown hardware logic module 12A may also be different from the preset value in the reactor shutdown software logic module 222.
  • the reactor temperature in the reactor shutdown software logic module 222 is preset to Tl
  • the reactor preset temperature in the reactor shutdown hardware logic module 12A is ⁇ 2
  • ⁇ 2 can be greater than Tl.
  • FIG. 11 illustrates another specific logic processing module, namely a dedicated security facility driver hardware logic module 12 .
  • the hardware logic module is used to perform a dedicated safety facility driver in the event of a design basis accident.
  • the reactor emergency shutdown system 22 includes an analog input module 221, a reactor shutdown software logic module 222, an output module 223, and a dedicated safety facility driver software logic module 224.
  • Figure 11 contains the same components as Figure 8, the function of which has been described in detail in Figure 8, and will not be described again.
  • the digital protection system includes two software modules, namely, an interconnected reactor providing software logic module 222 and dedicated security facility driver software.
  • Logic module 224 is another specific logic processing module, namely a dedicated security facility driver hardware logic module 12 .
  • the hardware logic module is used to perform a dedicated safety facility driver in the event of a design basis accident.
  • the reactor emergency shutdown system 22 includes an analog input module 221, a reactor shutdown software logic module 222, an output module 223, and a dedicated safety facility driver software logic module 224.
  • the dedicated security facility driver software logic module 224 receives the detection signal 10 through the reactor provisioning software logic module 222 to determine if a design basis accident has occurred, and if a design basis accident occurs, the drive signal is sent to the dedicated security via the preferred unit 24 of the device interface module. Facility 33 to perform protection of the dedicated security facility 33.
  • the nuclear power plant diversity drive system 1 includes a dedicated safety facility drive hardware logic module 12B corresponding to a dedicated safety facility drive software logic module 224.
  • the dedicated security facility driver hardware logic module 122B When a design basis event occurs, the dedicated security facility driver hardware logic module 122B generates a drive signal (to distinguish the drive signal of the embodiment shown in FIG. 8, the drive signal can be named as the second drive signal) 202, and is protected by the reactor.
  • the preferred module 24 of system 2 is sent to an ad hoc security facility 33. Since the preferred module 24 in the reactor protection system 2 is a hardware module, it is not affected by common cause failures.
  • the nuclear power plant diversity drive system 1 can still perform protection actions through the preferred module 24 to provide nuclear power plant diversity protection for the nuclear power plant.
  • the preferred module 24 is used to provide a preferred strategy for different protections of the dedicated security facility 33 depending on the actual situation.
  • the drive signal 202 output by the nuclear power plant diversity drive system 1 is isolated and sent to the preferred module 24.
  • Figures 11 and 12 show two methods of isolating the drive signals, respectively.
  • the reactor protection system 2 includes an isolation module 23, and the signal output module 13 of the nuclear power plant diversity drive system 1 sends the output signal to the isolation module 23 and then to the optimization module 24.
  • the nuclear power plant multi-function drive system 1 includes an isolation module 14, and the output signal of the signal output module 13 is input to the isolation module 14 and then sent to the preferred module 24 of the reactor protection system 2.
  • the two isolation methods for the drive signals of Figures 11 and 12 can be arbitrarily combined with the isolation method for the detection signals of Figures 1-4 to form a new embodiment.
  • the embodiment shown in FIG. 3 can be combined with the embodiment shown in FIG. 12 such that the versatile drive system 1 includes two isolation modules 14, one for isolating the detection signal 10 and one for isolating the drive signal 20 .
  • the dedicated safety facility 33 also transmits a feedback signal 30 to the signal receiving module 11 of the nuclear power plant diversity driving system 1, thereby preventing the nuclear power plant diversity driving system 1 from being normal in the reactor protection system 2. Repeat the protection action.
  • the feedback signal 30 of the dedicated safety facility 33 can block the second drive signal 202 of the nuclear power plant diversity drive system 1.
  • the nuclear power plant diversity drive system 1 shown in FIGS. 8, 11, and 12 may further include a human machine interface module 15.
  • FIG. 13 shows another embodiment of a nuclear power plant diversity drive system 1.
  • the nuclear power plant multi-function drive system 1 includes a signal receiving module 11, a logic processing module 12, a signal output module 13, and a human interface module 15.
  • the human interface module 15 includes a manual operation 151, an alarm module 152, an indication meter 153, and an indicator light 154.
  • the manual operation 151 is for receiving a manual operation of the user, and the user operation information 105 is transmitted to the signal receiving module 11 through the human interface module 15.
  • the logic processing module 12 generates a drive signal 20 based on the received user operation signal 105 to drive the actuator 3 action.
  • the core logic processing module 12 does not need to perform as complex logic processing as described above, since the user operation signals 105 are typically very straightforward specific operations to the actuator. For example, stopping/starting a specific field device, closing/hitting a specific valve, or breaking or closing a power source.
  • the user operation signal 105 can also be sent directly to the logic processing module 12, which in turn generates the drive signal 20 based on the received user operation signal 105.
  • the alarm module 152 is used to send out alarm messages such as text prompts, audible alerts and/or illuminated prompts.
  • the indicator meter 153 is used to provide safety function monitoring information such as digital and/or text information.
  • Indicator light 154 is used to indicate the status of the system and equipment.
  • the human interface module 15 also provides a full range of safety function parameter monitoring information, alarm information, and system and device status indications.
  • the signal receiving module 12 can receive the detection provided by the detection system 7 in addition to the detection signal 10 shared with the reactor protection system and the user operation signal 105 provided by the manual operation 151.
  • Information 104 The detection system 7 is a third-party detection system independent of the reactor protection system 2 and the nuclear power plant diversity drive system 1 for acquiring various detection signals of the nuclear power plant.
  • the detection signal 104 provided by the detection system 7 may include the detection signal 10 or other detection signals different from the detection signal 10.
  • the logic processing module 12 can logically process the detection signal 104 to generate a drive signal 20 to drive the actuator 3 action when a protection action (such as a design basis accident or other accident) needs to be performed.
  • Figure 14 illustrates another embodiment of a logic processing module.
  • the logic processing module 12C is an expected transient non-stop heap protection logic module for responding to the problem that the shutdown protection system is rejected during the shutdown process. and also That is to say, in some cases, the reactor protection system did not have a common cause failure, but in the event of an expected transient refusal, it failed to shut down as scheduled. To this end, the present embodiment provides an expected transient non-stop stack protection logic module 12C to address this problem.
  • the expected transient non-stop reactor protection logic module 12C includes three first comparators 71A-71C, two second comparators 71D and 71E, a third-choice two voter 72A, and a first The door 72B and the second AND gate 73.
  • the three water supply amount signals are respectively input to the input ends of the three first comparators 71A to 71C, and the three water supply amount signals respectively reflect the water supply amounts of the three steam generators.
  • the first comparator compares the input water supply amount signal with a preset value M 0 , and then outputs the comparison result to the input terminal of the third-choice two voter 72A for voting.
  • the three-choice two voter 72A When the comparison result of at least two of the three comparators is that the steam generator water supply amount is less than the preset value M0 ⁇ , the three-choice two voter 72A outputs a high level to one input end of the second AND gate 73; otherwise The output is low to an input of the second AND gate 73.
  • Two stack power signals are input to the inputs of the second comparators 71D and 71E, respectively, and the two stack power signals respectively reflect the stack power levels of the two sets of reactors.
  • the second comparator compares the input stack power signal with a preset value NO, and then outputs the comparison result to the first AND gate 72B.
  • the first AND gate 72B When the input two stack power signals are greater than the preset value N0 , the first AND gate 72B outputs a high level to the other input terminal of the second AND gate 73; otherwise, the output low level to the second AND gate 72 An input.
  • the output of the second AND gate 73 is coupled to the turbine vent module 34, the emergency shutdown module 35, the auxiliary feedwater activation module 36, and the bleed valve lockout module 37, respectively.
  • Both stack power signals are greater than the preset value. NO means that the primary circuit of the nuclear power plant generates a large amount of heat. Steam generator The water supply is less than the preset value M0 means that the heat dissipation of the secondary circuit of the nuclear power plant is very small. When two things happen, it means that the temperature of the reactor is constantly rising and the heat is not enough. This obviously does not meet the design basis and is the expected transient that should initiate protection.
  • an embodiment of the present invention further provides a nuclear power plant diversity driving method. As shown in FIG. 15, the method includes the following steps:
  • step S3 determine whether a design basis accident occurs; if yes, go to step S3, otherwise return to step S2;
  • steps S2 and S3 are generally performed by the same logic processing module.
  • the diversity driving method further includes the following steps:
  • S5. Output display information to display safety function parameter monitoring information, alarm information, and system and device status indications and receive user operation signals.
  • Step S5 may be parallel to steps S1-S4, thereby displaying security function parameter monitoring information, alarm information, and system and device status indications.
  • the detection signal is also required to be branched and isolated before step S1.
  • Specific branching and isolation processing methods can be performed in the system shown in Figures 1-4.
  • the branching and isolation module 21 of the reactor protection system 2 divides the detection signal 10 into two identical isolated signals 101 and 102, respectively, and inputs them to the nuclear power plant diversity.
  • Drive system 1 and reactor emergency shutdown system 22 The nuclear power plant diversity drive system 1 shown in Figure 1 can perform the nuclear power plant diversity driving method as follows:
  • the signal receiving module 11 receives the branch-isolated detection signal 101;
  • the logic processing module 12 performs logic processing on the received detection signal.
  • step S3 the logic processing module 12 determines whether a design basis accident occurs; if yes, then proceeds to step S4, otherwise returns to step S2;
  • the logic processing module 12 generates the driving signal 20 and outputs it to the actuator 3 through the signal output module 13 to drive the actuator 3 to operate.
  • the branch module 21 of the reactor protection system 2 branches the detection signal 10 into two identical signals 101 and 102, one of which is input to the reactor emergency shutdown.
  • System 22 another signal 101 is input to the isolation module 14 of the nuclear power plant diversity drive system 1.
  • the nuclear power plant diversity drive system shown in Figure 3 can perform the nuclear power plant diversity driving method as follows:
  • the isolation module 14 receives the branched detection signal 101 and performs isolation processing on the detection signal 101;
  • the signal receiving module 11 receives the isolated detection signal 103 from the isolation module 14;
  • the logic processing module 12 performs logic processing on the received signal.
  • step S4 the logic processing module 12 determines whether a design basis accident occurs; if yes, then proceeds to step S5, otherwise returns to step S2;
  • the logic processing module 12 generates the driving signal 20 and outputs it to the actuator 3 through the signal output module 13 to drive the actuator 3 to operate.
  • the logic processing module 12 generates the driving signal 20 and outputs it to the actuator 3 through the signal output module 13 to drive the actuator 3 to operate.
  • the logical processing of the above nuclear power plant diversity driving method comprises the following steps:
  • S21 Perform a comparison of the first detection signal and the set value in parallel at least twice to determine whether a design basis accident occurs, and output at least two comparison results correspondingly;
  • the specific steps of the logic processing can be performed by the logic processing modules shown in FIGS. 6 and 7.
  • the signal receiving module 11 of the nuclear power plant diversity driving system 1 transmits the received detection signals to the comparison modules 121A and 121B, respectively.
  • the comparison modules 121A and 121B respectively compare the received signals with preset values to determine whether a design basis accident has occurred, and output the comparison results to the voting module 122, respectively.
  • the voting module 122 votes on the received signal.
  • the decision module 122 When the comparison results of the comparison modules 121A and 121B indicate that a design basis accident has occurred, the decision module 122 generates a drive signal and transmits it to the signal output module 13.
  • the signal output module 13 in turn sends a drive signal to the actuator 3.
  • the above two steps S31 and S32 can be performed by the reactor shutdown hardware logic module 12A and the dedicated security facility drive hardware logic module 12B in the nuclear power plant diversity drive system as shown in FIGS. 8 and 11, respectively.
  • the two nuclear power plant diversity drive systems in Figures 8 and 11 are usually combined in one nuclear power Station diversity drive system. Therefore, the above steps S31 and S32 are usually performed in a nuclear power plant diversity drive system.
  • the second drive signal needs to be isolated.
  • the second driving signal generated by the dedicated security facility driving hardware logic module 12B also needs to be isolated by the isolation module 23 of the reactor protection system 2 and then input to the preferred module 24.
  • the isolation module 14 of the nuclear power plant diversity drive system 1 isolates the second drive signal generated by the dedicated safety facility drive hardware logic module 12B and then shares the preferred module 24 with the reactor protection system.
  • the driving signal generated by the voting module 122 is delayed by the delay module 123 and sent to the signal output module 13.
  • the detection signals input to the reactor shutdown hardware logic module are delayed by the delay module 123 and input to the comparison modules 121A and 121B, respectively.
  • the nuclear power plant diversity drive system 1 can also receive a feedback signal from a dedicated safety device to block the first drive signal, thereby avoiding repetitive actions.
  • the dedicated safety facility 33 is electrically coupled to the signal receiving module 11 of the nuclear power plant diversity drive system 1 to provide a feedback signal 30 for the nuclear power plant diversity drive system 1.
  • the nuclear power plant diversity driving system 1 can also receive the detection signal 104 from the third party detection system 7, and logically process the detection signal 104 to determine whether it occurs.
  • the reference accident is designed, and when it is judged to be ⁇ , a drive signal is generated to drive the actuator 3 to operate.
  • the human-machine interface module 15 of the nuclear power plant diversity drive system 1 includes a hand-operated switch 151, so that the nuclear power plant diversity human-machine interface module 15 can also receive the user operation signal 105 and send it to the signal receiving module. 11.
  • the logic processing module 12 generates a third drive signal to drive the actuator 3 action based on the received user operation signal 105.

Abstract

A nuclear power plant diverse driving system, method and diverse protecting system, the nuclear power plant diverse driving system (1) being used to ensure the safety of the nuclear power plant when a reactor protection system (2) fails, comprising: a signal receiving module (11), used to receive a detection signal; a logic processing module (12), used to perform a logic processing on the detection signal so as to determine whether a design basis accident occurs, and generate a drive signal when such an accident is determined to have occurred; a signal output module (13), used to output the drive signal to an execution mechanism (3) so as to drive the execution mechanism (3) to operate, thus realizing automatic detection of the design basis accident and generation of the drive signal correspondingly so as to automatically control the operation of the execution mechanism (3).

Description

一种核电站多样性驱动系统及方法和多样性保护系统 技术领域  Nuclear power plant diversity driving system and method and diversity protection system
[0001] 本发明涉及核电技术领域, 尤其涉及一种核电站多样性驱动系统及方法和多样 性保护系统。  [0001] The present invention relates to the field of nuclear power technology, and in particular, to a nuclear power plant diversity driving system and method, and a diversity protection system.
背景技术  Background technique
[0002] 数字化仪控系统 (DCS) 由于其简化的控制逻辑、 灵活的组态能力以及强大的 自诊断功能等优势在核电站安全级控制系统中得到了大力发展和应用, 用作核 电站反应堆保护系统中的数字化保护系统。 但是, 由于功能集中、 共用软件和 广泛采用通信技术等特点, 数字化保护系统容易受共因故障的影响。 对于实现 反应堆安全功能的反应堆保护系统来说, 在发生设计基准事故吋, 数字化保护 系统若由于共因故障而无法执行其关键功能, 将导致事故发展成超设计基准事 故并进一步危害反应堆的安全。  [0002] Digital Instrument Control System (DCS) has been developed and applied in nuclear power plant safety level control system due to its simplified control logic, flexible configuration capability and powerful self-diagnosis function. It is used as nuclear power plant reactor protection system. Digital protection system in the middle. However, digital protection systems are susceptible to common cause failures due to features such as centralized functionality, shared software, and widespread adoption of communication technologies. For reactor protection systems that implement reactor safety functions, in the event of a design basis accident, if the digital protection system fails to perform its critical functions due to a common cause failure, the accident will develop into an overdesign basis accident and further jeopardize the safety of the reactor.
[0003] 为了避免数字化保护系统在核电站设计基准事故下发生共因故障而导致核电站 失去保护功能, 现有技术中提供了一种核电站多样性驱动系统。 该核电站多样 性驱动系统用作反应堆保护系统的核电站多样性后备设备, 在反应堆保护系统 失效吋实现保护功能。  [0003] In order to avoid the nuclear power plant losing protection function caused by the common protection failure of the digital protection system under the nuclear power plant design basis accident, the prior art provides a nuclear power plant diversity driving system. The nuclear power plant diversity drive system is used as a nuclear power plant diversity backup device for the reactor protection system, and the protection function is realized after the reactor protection system fails.
[0004] 一种已知技术核电站多样性驱动系统主要通过紧急控制盘 (ECP) 、 后备盘 ( BUP) 和辅助继电器机柜 (ARC) 来实现保护功能。 操作员通过手动操作紧急 控制盘和后备盘分别将系统级控制信号和设备级控制信号输入辅助继电器机柜 , 从而使辅助继电器机柜分别实现对系统和现场设备的保护。 另外, 当数字化 保护系统由于共因故障不能对核电站实施有效监测吋, 可通过后备盘获取核电 站重要参数的显示及指示。  [0004] A known technology nuclear power plant diversity drive system primarily implements protection functions through an emergency control panel (ECP), a backup tray (BUP), and an auxiliary relay cabinet (ARC). The operator manually inputs the system-level control signal and the device-level control signal into the auxiliary relay cabinet by manually operating the emergency control panel and the backup disk, so that the auxiliary relay cabinet can protect the system and the field device respectively. In addition, when the digital protection system cannot effectively monitor the nuclear power plant due to common faults, the display and indication of important parameters of the nuclear power station can be obtained through the backup disk.
[0005] 然而, 现有的核电站多样性驱动系统主要是通过手动干预控制, 对操作员要求 高。 而且, 大量安全级仪表和硬手操增加了后备盘的规模。  [0005] However, the existing nuclear power plant diversity drive system is mainly controlled by manual intervention, which requires high operator requirements. Moreover, a large number of safety-grade instruments and hard hands increase the size of the backup disk.
技术问题  technical problem
[0006] 本发明实施例所要解决的技术问题在于, 针对现有核电站多样性驱动系统需要 操作员手动干预的缺陷, 提供一种能自动实现保护功能核电站多样性驱动系统 及方法以及包括所述核电站多样性驱动系统的核电站多样性保护系统。 [0006] The technical problem to be solved by the embodiments of the present invention is to meet the needs of the existing nuclear power plant diversity driving system. The defect of manual intervention by the operator provides a nuclear power plant diversity driving system and method capable of automatically implementing the protection function and a nuclear power plant diversity protection system including the nuclear power plant diversity driving system.
问题的解决方案  Problem solution
技术解决方案  Technical solution
[0007] 为了解决上述技术问题, 一方面, 本发明实施例提供了一种核电站多样性驱动 系统, 用于在反应堆保护系统失效吋保护核电站的安全, 包括: 信号接收模块 , 用于接收检测信号; 逻辑处理模块, 用于对所述检测信号进行逻辑处理以判 断是否发生设计基准事故, 并当所述判断为是吋产生驱动信号; 信号输出模块 , 用于将所述驱动信号输出至执行机构以驱动所述执行机构动作。  In order to solve the above technical problem, in one aspect, an embodiment of the present invention provides a nuclear power plant diversity driving system for protecting a nuclear power plant from failure in a reactor protection system failure, comprising: a signal receiving module, configured to receive a detection signal a logic processing module, configured to perform logic processing on the detection signal to determine whether a design basis accident occurs, and when the determination is yes, generate a driving signal; and a signal output module, configured to output the driving signal to the actuator To drive the actuator action.
[0008] 优选地, 所述多样性驱动系统还包括人机接口模块, 用于接收所述逻辑处理模 块提供的显示信号, 从而提供安全功能参数监视信息、 报警信息以及系统和设 备状态指示; 还用于接收用户操作信号并发送至所述信号接收模块。  [0008] Preferably, the diversity driving system further includes a human machine interface module, configured to receive a display signal provided by the logic processing module, thereby providing security function parameter monitoring information, alarm information, and system and device status indication; And configured to receive a user operation signal and send the signal to the signal receiving module.
[0009] 优选地, 所述信号接收模块具体地用于接收与所述反应堆保护系统共用的检测 信号、 接收来自第三方检测系统的检测信号以及接收从所述人机接口模块输入 的所述用户操作信号。  [0009] Preferably, the signal receiving module is specifically configured to receive a detection signal shared by the reactor protection system, receive a detection signal from a third-party detection system, and receive the user input from the human-machine interface module. Operation signal.
[0010] 优选地, 所述核电站多样性驱动系统还用于接收所述执行机构的反馈信号或通 过逻辑处理进行延吋, 从而在所述反应堆保护系统正常工作吋实现自动闭锁。  [0010] Preferably, the nuclear power plant diversity driving system is further configured to receive a feedback signal of the actuator or perform delay by logic processing to implement automatic locking after the reactor protection system works normally.
[0011] 优选地, 与所述反应堆保护系统共用的所述检测信号经隔离后输入至所述信号 接收模块。  [0011] Preferably, the detection signal shared with the reactor protection system is isolated and input to the signal receiving module.
[0012] 优选地, 所述核电站多样性驱动系统还包括第一隔离模块, 与所述反应堆保护 系统共用的所述检测信号经过所述第一隔离模块隔离后输入至所述信号接收模 块。  [0012] Preferably, the nuclear power plant diversity driving system further includes a first isolation module, and the detection signal shared with the reactor protection system is isolated by the first isolation module and input to the signal receiving module.
[0013] 优选地, 所述逻辑处理模块包括至少两个并行的比较单元和连接至所述比较单 元的表决单元; 每一所述比较单元用于将所述检测信号与设定值比较以判断是 否发生设计基准事故, 并输出比较结果至所述表决单元; 所述表决单元用于对 所述比较结果进行表决, 当所述至少两个比较单元中至少有两个比较单元的比 较结果为发生了设计基准事故吋, 所述表决单元输出所述驱动信号至所述信号 输出模块。 [0014] 优选地, 所述逻辑处理模块的数量为两个, 分别为第一逻辑处理模块和第二逻 辑处理模块; 所述执行机构包括棒控和棒位系统的电源柜和专设安全设施; 所 述第一逻辑处理模块用于对所述检测信号进行逻辑处理以判断是否发生设计基 准事故, 并当所述判断为发生了设计基准事故吋产生第一驱动信号以驱动棒控 和棒位系统的电源柜动作, 从而切断控制棒驱动机构的电源; 所述第二逻辑处 理模块用于对所述检测信号进行逻辑处理以判断是否发生设计基准事故, 并当 所述判断为发生了设计基准事故吋产生第二驱动信号以驱动专设安全设施动作 [0013] Preferably, the logic processing module includes at least two parallel comparison units and a voting unit connected to the comparison unit; each of the comparison units is configured to compare the detection signal with a set value to determine Whether a design basis accident occurs, and outputs a comparison result to the voting unit; the voting unit is configured to vote on the comparison result, when a comparison result of at least two of the at least two comparison units is generated After the design basis event, the voting unit outputs the driving signal to the signal output module. [0014] Preferably, the number of the logical processing modules is two, respectively a first logical processing module and a second logical processing module; the executing mechanism includes a power control cabinet and a dedicated security facility of the stick control and the rod system The first logic processing module is configured to perform logic processing on the detection signal to determine whether a design basis accident occurs, and generate a first driving signal to drive the stick control and the rod position when the designation is that a design basis accident occurs. The power cabinet of the system operates to cut off the power of the control rod drive mechanism; the second logic processing module is configured to perform logic processing on the detection signal to determine whether a design basis accident occurs, and when the determination is that a design basis has occurred The accident generates a second drive signal to drive the action of the dedicated safety facility
[0015] 优选地, 所述核电站多样性驱动系统还包括第二隔离模块, 所述第二驱动信号 经所述第二隔离模块隔离后发送至设备接口模块的优选单元, 通过所述优选单 元发送至专设安全设施动作。 [0015] Preferably, the nuclear power plant diversity driving system further includes a second isolation module, and the second driving signal is isolated by the second isolation module and sent to a preferred unit of the device interface module, and sent by the preferred unit To the special safety facilities action.
[0016] 优选地, 所述第一逻辑模块还包括延吋单元, 所述延吋单元用于对所述第一逻 辑模块的输入信号或输出信号进行延吋。 [0016] Preferably, the first logic module further includes a delay unit, wherein the delay unit is configured to delay an input signal or an output signal of the first logic module.
[0017] 优选地, 所述信号接收模块还用于接收来自所述专设安全设施的反馈信号以闭 锁所述第二驱动信号。 [0017] Preferably, the signal receiving module is further configured to receive a feedback signal from the dedicated security facility to block the second driving signal.
[0018] 优选地, 所述逻辑处理模块还包括预期瞬态不停堆保护逻辑模块, 用于应对停 堆保护系统在停堆过程中拒动; 所述预期瞬态不停堆保护逻辑模块包括三个第 一比较器、 两个第二比较器、 三选二表决器、 第一与门和第二与门; 所述三个 第一比较器分别用于判断三个蒸汽发生器的给水量, 所述三个第一比较器输出 端分别连接至所述三选二表决器的输入端; 所述两个第二比较器分别用于判断 两组反应堆的堆功率, 所述两个第二比较器的输出端分别连接至所述第一与门 的输入端; 所述表决器和所述第一与门的输出端分别连接至所述第二与门的输 入端, 所述第二与门的输出端连接至所述执行机构。  [0018] Preferably, the logic processing module further includes an expected transient non-stop heap protection logic module, configured to respond to the shutdown protection system from being rejected during the shutdown process; the expected transient non-stop heap protection logic module includes Three first comparators, two second comparators, three-two comparators, first AND gates and second AND gates; the three first comparators are respectively used for determining the water supply amount of the three steam generators The three first comparator outputs are respectively connected to the input ends of the three-selection two-voter; the two second comparators are respectively used to determine the stack power of the two groups of reactors, the two second An output of the comparator is respectively connected to an input end of the first AND gate; an output end of the voter and the first AND gate is respectively connected to an input end of the second AND gate, the second The output of the door is connected to the actuator.
[0019] 另一方面, 本发明还提供了一种核电站多样性驱动方法, 用于在反应堆保护系 统失效吋保护核电站安全, 包括以下步骤:  [0019] In another aspect, the present invention also provides a nuclear power plant diversity driving method for protecting a nuclear power plant safety after a reactor protection system fails, comprising the following steps:
[0020] Sl、 接收检测信号;  [0020] Sl, receiving a detection signal;
[0021] S2、 对所述检测信号进行逻辑处理以判断是否发生设计基准事故; 若是, 则转 步骤 S3, 否则继续步骤 S2; [0022] S3、 产生驱动信号以驱动执行机构动作。 [0021] S2, the detection signal is logically processed to determine whether a design basis accident occurs; if yes, then go to step S3, otherwise continue to step S2; [0022] S3. Generate a driving signal to drive the actuator action.
[0023] 优选地, 所述多样性驱动方法还包括以下步骤: [0023] Preferably, the diversity driving method further includes the following steps:
[0024] S4、 输出显示信息以显示安全功能参数监视信息、 报警信息以及系统和设备状 态指示并接收用户操作信号。  [0024] S4. Output display information to display security function parameter monitoring information, alarm information, and system and device status indications and receive user operation signals.
[0025] 优选地, 所述步骤 S1具体包括: 接收与所述反应堆保护系统共用的检测信号、 接收来自第三方检测系统的检测信号或接收从人机接口模块输入的所述用户操 作信号。 [0025] Preferably, the step S1 specifically includes: receiving a detection signal shared by the reactor protection system, receiving a detection signal from a third-party detection system, or receiving the user operation signal input from a human-machine interface module.
[0026] 优选地, 所述多样性驱动方法还包括以下步骤:  [0026] Preferably, the diversity driving method further includes the following steps:
[0027] S5、 接收所述执行机构的反馈信号或通过逻辑处理进行延吋, 从而在所述反应 堆保护系统正常工作吋实现自动闭锁。  [0027] S5. Receive a feedback signal of the actuator or perform delay by logic processing to implement automatic blocking after the reactor protection system works normally.
[0028] 优选地, 在所述步骤 S1之中, 所述检测信号是经过隔离处理的。 [0028] Preferably, in the step S1, the detection signal is isolated.
[0029] 优选地, 在所述步骤 S1之前还包括: [0029] Preferably, before the step S1, the method further includes:
[0030] S0、 对与所述反应堆保护系统共用的所述检测信号进行隔离处理。  [0030] S0, performing isolation processing on the detection signal shared by the reactor protection system.
[0031] 优选地, 所述步骤 S2还包括: [0031] Preferably, the step S2 further includes:
[0032] S2 将所述检测信号与设定值进行至少两次并行的比较以判断是否发生设计 基准事故, 并对应输出至少两个比较结果;  [0032] S2 performing at least two parallel comparisons of the detection signal and the set value to determine whether a design basis accident occurs, and correspondingly outputting at least two comparison results;
[0033] S22、 对所述至少两个比较结果进行表决, 当所述至少两个比较结果中有两个 比较结果为发生了设计基准事故吋, 则转所述步骤 S3, 否则返回步骤 S21。 [0033] S22. Vote on the at least two comparison results. When two of the at least two comparison results are that a design basis accident has occurred, the process proceeds to step S3, otherwise returns to step S21.
[0034] 优选地, 所述执行机构包括棒控和棒位系统的电源柜和专设安全设施, 所述步 骤 S3还包括: [0034] Preferably, the executing mechanism comprises a power cabinet and a special safety device of the bar control and the stick system, and the step S3 further comprises:
[0035] S31、 产生第一驱动信号以驱动棒控和棒位系统的电源柜动作, 从而切断控制 棒驱动机构的电源;  [0035] S31, generating a first driving signal to drive the power control cabinet of the stick control and the rod system, thereby cutting off the power of the control rod driving mechanism;
[0036] S32、 产生第二驱动信号以驱动专设安全设施动作。 [0036] S32. Generate a second driving signal to drive an exclusive safety facility action.
[0037] 优选地, 所述步骤 S31还包括: 对所产生的第二驱动信号进行隔离处理, 然后 发送至设备接口模块的优选单元, 通过所述优选单元发送至所述专设安全设施  [0037] Preferably, the step S31 further comprises: isolating the generated second driving signal, and then sending the information to the preferred unit of the device interface module, and sending, by the preferred unit, the dedicated security device
[0038] 优选地, 所述步骤 S32还包括: 对所述第一检测信号或所述第一驱动信号进行 延吋。 [0039] 优选地, 所述多样性驱动方法还包括以下步骤: [0038] Preferably, the step S32 further includes: delaying the first detection signal or the first driving signal. [0039] Preferably, the diversity driving method further includes the following steps:
[0040] S6、 接收所述专设安全设施的反馈信号以闭锁所述第二驱动信号。  [0040] S6. Receive a feedback signal of the dedicated security facility to block the second driving signal.
[0041] 优选地, 所述多样性驱动方法还包括以下步骤:  [0041] Preferably, the diversity driving method further includes the following steps:
[0042] S7、 通过预期瞬态不停堆保护逻辑模块进行逻辑处理, 以应对停堆保护系统在 停堆过程中拒动; 所述预期瞬态不停堆保护逻辑模块包括三个第一比较器、 两 个第二比较器、 三选二表决器、 第一与门和第二与门;  [0042] S7, performing logic processing by using the expected transient non-stop heap protection logic module to respond to the shutdown protection system from rejecting during the shutdown process; the expected transient non-stop heap protection logic module includes three first comparisons. , two second comparators, three-two-vote, first and second AND gates;
[0043] 所述三个第一比较器分别用于判断三个蒸汽发生器的给水量, 所述三个第一比 较器输出端分别连接至所述三选二表决器的输入端; 所述两个第二比较器分别 用于判断两组反应堆的堆功率, 所述两个第二比较器的输出端分别连接至所述 第一与门的输入端; 所述表决器和所述第一与门的输出端分别连接至所述第二 与门的输入端, 所述第二与门的输出端连接至所述执行机构。  [0043] the three first comparators are respectively used to determine the water supply amount of the three steam generators, and the three first comparator outputs are respectively connected to the input ends of the three-selection two voter; Two second comparators are respectively used to determine the stack power of the two groups of reactors, and the outputs of the two second comparators are respectively connected to the input ends of the first AND gate; the voter and the first An output of the AND gate is coupled to an input of the second AND gate, and an output of the second AND gate is coupled to the actuator.
[0044] 又一方面, 本发明还提供了一种多样性保护系统, 用于保护核电站的安全, 包 括反应堆保护系统、 多样性驱动系统和执行机构;  [0044] In still another aspect, the present invention also provides a diversity protection system for protecting the safety of a nuclear power plant, including a reactor protection system, a diversity drive system, and an actuator;
[0045] 所述反应堆保护系统用于在核电站发生设计基准事故吋驱动所述执行机构动作  [0045] the reactor protection system is used to drive the actuator action when a design basis accident occurs at the nuclear power plant
[0046] 所述多样性驱动系统用作所述反应堆保护系统的后备设备, 用于在核电站发生 设计基准事故吋驱动所述执行机构动作; 所述多样性驱动系统包括: [0046] the diversity drive system is used as a backup device of the reactor protection system, and is used to drive the actuator action when a design basis accident occurs in the nuclear power plant; the diversity drive system includes:
[0047] 信号接收模块, 用于接收检测信号; [0047] a signal receiving module, configured to receive a detection signal;
[0048] 逻辑处理模块, 用于对所述检测信号进行逻辑处理以判断是否发生设计基准事 故, 并当所述判断为是吋产生驱动信号;  [0048] a logic processing module, configured to perform logic processing on the detection signal to determine whether a design basis event occurs, and when the determination is yes, generate a driving signal;
[0049] 信号输出模块, 用于将所述驱动信号输出至执行机构以驱动所述执行机构动作 [0049] a signal output module, configured to output the driving signal to an actuator to drive the actuator to act
[0050] 优选地, 所述多样性驱动系统还包括人机接口模块, 用于接收所述逻辑处理模 块提供的显示信号, 从而提供安全功能参数监视信息、 报警信息以及系统和设 备状态指示; 还用于接收用户操作信号并发送至所述信号接收模块。 [0050] Preferably, the multi-function drive system further includes a human-machine interface module, configured to receive a display signal provided by the logic processing module, thereby providing security function parameter monitoring information, alarm information, and system and device status indications; And configured to receive a user operation signal and send the signal to the signal receiving module.
[0051] 优选地, 所述核电站多样性驱动系统还用于接收所述执行机构的反馈信号或通 过逻辑处理进行延吋, 从而在所述反应堆保护系统正常工作吋实现自动闭锁。 发明的有益效果 有益效果 [0051] Preferably, the nuclear power plant diversity driving system is further configured to receive a feedback signal of the actuator or perform delay by logic processing, so as to achieve automatic locking after the reactor protection system works normally. Advantageous effects of the invention Beneficial effect
[0052] 实施本发明实施例, 具有如下有益效果: 本发明可实现对设计基准事故的自动 检测并相应产生驱动信号以自动控制执行机构动作, 避免了在反应堆保护系统 因设计基准事故而产生共因故障的情况下, 需要用户手动操作以控制执行机构 动作。 因此, 本发明可降低对用户的操作要求, 提高核电站对共因故障的应对 能力, 进而提高核电站的安全性。 另外, 本发明提供了专门的核电站多样性人 机接口模块, 有效降低了后备盘的规模, 使人机互动功能的可拓展性更高, 不 再局限于后备盘的原有设计。  The embodiments of the present invention have the following beneficial effects: The present invention can automatically detect a design basis accident and generate a driving signal to automatically control the actuator action, thereby avoiding a total of reactor protection systems due to design basis accidents. In the event of a fault, the user is required to manually operate to control the actuator action. Therefore, the present invention can reduce the operational requirements of the user, improve the ability of the nuclear power plant to cope with common faults, and thereby improve the safety of the nuclear power plant. In addition, the present invention provides a special nuclear power plant diversity human-machine interface module, which effectively reduces the size of the backup disk, and makes the human-machine interaction function more expandable, and is no longer limited to the original design of the backup disk.
对附图的简要说明  Brief description of the drawing
附图说明  DRAWINGS
[0053] 为了更清楚地说明本发明实施例或现有技术中的技术方案, 下面将对实施例或 现有技术描述中所需要使用的附图作简单地介绍, 显而易见地, 下面描述中的 附图仅仅是本发明的一些实施例, 对于本领域普通技术人员来讲, 在不付出创 造性劳动的前提下, 还可以根据这些附图获得其他的附图。  [0053] In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the embodiments or the prior art description will be briefly described below, and obviously, in the following description The drawings are only some of the embodiments of the present invention, and those skilled in the art can obtain other drawings based on these drawings without any creative work.
[0054] 图 1是本发明提供的第一实施例核电站多样性保护系统结构方框图; 1 is a block diagram showing the structure of a nuclear power plant diversity protection system according to a first embodiment of the present invention;
[0055] 图 2是本发明提供的第二实施例核电站多样性保护系统结构方框图; 2 is a block diagram showing the structure of a nuclear power plant diversity protection system according to a second embodiment of the present invention;
[0056] 图 3是本发明提供的第三实施例核电站多样性保护系统结构方框图; 3 is a block diagram showing the structure of a nuclear power plant diversity protection system according to a third embodiment of the present invention;
[0057] 图 4是本发明提供的第四实施例核电站多样性保护系统结构方框图; 4 is a block diagram showing the structure of a nuclear power plant diversity protection system according to a fourth embodiment of the present invention;
[0058] 图 5是图 1中的核电站多样性驱动系统的第一实施例结构方框图; 5 is a block diagram showing the structure of a first embodiment of the nuclear power plant diversity driving system of FIG. 1;
[0059] 图 6是图 5中的逻辑处理模块的一个实施例结构方框图; 6 is a block diagram showing the structure of an embodiment of the logic processing module of FIG. 5;
[0060] 图 7是图 5中的逻辑处理模块的另一个实施例结构方框图; 7 is a block diagram showing the structure of another embodiment of the logic processing module of FIG. 5;
[0061] 图 8是图 1中的核电站多样性驱动系统的第二实施例结构方框图; 8 is a block diagram showing the structure of a second embodiment of the nuclear power plant diversity driving system of FIG. 1;
[0062] 图 9是图 8中逻辑处理模块的一个实施例结构方框图; 9 is a block diagram showing the structure of an embodiment of the logic processing module of FIG. 8;
[0063] 图 10是图 8中的逻辑处理模块的另一个实施例结构方框图; 10 is a block diagram showing the structure of another embodiment of the logic processing module of FIG. 8;
[0064] 图 11是图 1中的核电站多样性驱动系统的第三实施例结构方框图; 11 is a block diagram showing the structure of a third embodiment of the nuclear power plant diversity driving system of FIG. 1;
[0065] 图 12是图 1中的核电站多样性驱动系统的第四实施例结构方框图; 12 is a block diagram showing the structure of a fourth embodiment of the nuclear power plant diversity driving system of FIG. 1;
[0066] 图 13是本发明提供的第五实施例核电站多样性保护系统结构方框图; 13 is a block diagram showing the structure of a nuclear power plant diversity protection system according to a fifth embodiment of the present invention;
[0067] 图 14是图 5中的逻辑处理模块的又一个实施例结构方框图; [0068] 图 15是本发明提供的第一实施例核电站多样性驱动方法流程图。 14 is a block diagram showing the structure of still another embodiment of the logic processing module of FIG. 5; 15 is a flow chart of a nuclear power plant diversity driving method according to a first embodiment of the present invention.
本发明的实施方式 Embodiments of the invention
[0069] 下面将结合本发明实施例中的附图, 对本发明实施例中的技术方案进行清楚、 完整地描述, 显然, 所描述的实施例仅仅是本发明一部分实施例, 而不是全部 的实施例。 基于本发明中的实施例, 本领域普通技术人员在没有做出创造性劳 动的前提下所获得的所有其他实施例, 都属于本发明保护的范围。  The technical solutions in the embodiments of the present invention are clearly and completely described in the following with reference to the accompanying drawings in the embodiments of the present invention. It is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. example. All other embodiments obtained by a person of ordinary skill in the art based on the embodiments of the present invention without creative efforts are within the scope of the present invention.
[0070] 如图 1-4所示, 本发明提供的核电站多样性保护系统包括反应堆保护系统 2、 多 样性驱动系统 1和执行机构 3。 反应堆保护系统 2是探测核电厂偏离可接受状态并 发出指令维持安全的核电厂的安全系统, 用于保护三大核安全屏障 (即燃料包 壳、 一回路压力边界和安全壳) 的完整性。 当运行参数达到危及三大屏障的阈 值吋, 紧急停闭反应堆, 必要吋启动专设安全设施。 反应堆保护系统 2中的反应 堆紧急停堆系统 22通常是以软件方式执行保护逻辑。 例如, 如图 8和 11所示, 反 应堆紧急停堆系统 22包括反应堆停堆软件逻辑模块 222和专用安全设施驱动软件 逻辑模块 224。 这两个逻辑模块都是以纯软件的方式运行停堆和驱动逻辑, 以分 别控制停堆断路器 31和专设安全设施 33执行保护动作。  [0070] As shown in FIGS. 1-4, the nuclear power plant diversity protection system provided by the present invention includes a reactor protection system 2, a multi-function drive system 1 and an actuator 3. The Reactor Protection System 2 is a safety system for detecting nuclear power plants that deviate from acceptable conditions and issue instructions to maintain safety. It is used to protect the integrity of the three nuclear safety barriers (ie, fuel cladding, primary circuit pressure boundaries, and containment). When the operating parameters reach the threshold that jeopardizes the three barriers, the reactor is shut down urgently and the dedicated safety facilities are activated as necessary. The reactor emergency shutdown system 22 in the reactor protection system 2 typically performs protection logic in software. For example, as shown in Figures 8 and 11, the reactor stack emergency shutdown system 22 includes a reactor shutdown software logic module 222 and a dedicated safety facility driver software logic module 224. Both logic modules operate the shutdown and drive logic in a software-only manner to control the shutdown circuit breaker 31 and the dedicated safety facility 33 to perform protection actions.
[0071] 多样性驱动系统 1用作反应堆保护系统 2的后备系统, 在反应堆保护系统 2失效 吋保护核电站的安全。 与反应堆保护系统 2不同, 多样性驱动系统 1以纯硬件的 方式执行保护逻辑。 以软件方式执行保护逻辑, 容易因核电站发送设计基准事 故而产生共因故障, 失去保护核电站安全的功能。 采用纯硬件方式执行保护逻 辑, 可有效避免因发生设计基准事故而产生共因故障。 因此, 反应堆保护系统 2 与多样性驱动系统 1形成有效互补, 确保了核电站的安全。  [0071] The diversity drive system 1 is used as a backup system for the reactor protection system 2, and the reactor protection system 2 fails to protect the safety of the nuclear power plant. Unlike the reactor protection system 2, the diversity drive system 1 performs protection logic in pure hardware. The implementation of protection logic in software mode is prone to common cause failures due to the transmission of design basis accidents by nuclear power plants, and the loss of protection of nuclear power plant safety. The implementation of protection logic in pure hardware can effectively avoid common cause failures due to design basis accidents. Therefore, the reactor protection system 2 is effectively complemented by the diversity drive system 1 to ensure the safety of the nuclear power plant.
[0072] 执行机构 3主要包括棒控和棒位系统和专用安全设施。 其中, 棒控和棒位系统 用于提升、 插入、 保持和监视反应堆内各控制棒的位置, 实现反应堆的起堆、 停堆和稳定运行。 专用安全设施主要包括安全注入系统、 安全壳、 安全壳喷淋 系统、 安全壳隔离系统和辅助等。 安全注入系统用于向堆芯注入冷却水, 防止 堆芯熔化。 安全壳用于容纳反应堆压力容器以及部分安全系统 (包括一回路主 系统和设备、 停堆冷却系统) , 将其与外部环境完全隔离, 以实现安全保护屏 障的功能。 安全壳喷淋系统用于在核电站安全壳内发生失水事故或主蒸汽管道 破裂吋, 向安全壳内喷出含硼水, 限制安全壳内压力急剧增加和缩短高压持续 吋间、 降低峰值压力和温度以防止安全壳超压失效。 辅助给水系统用于向蒸汽 发生器供水, 以保护蒸汽发生器、 防止堆芯溶化事故的发生。 [0072] The actuator 3 mainly includes a stick control and stick system and a dedicated safety facility. Among them, the rod control and rod system is used to lift, insert, maintain and monitor the position of each control rod in the reactor to achieve reactor reactor start-up, shutdown and stable operation. Special safety facilities mainly include safety injection system, containment, containment spray system, containment isolation system and auxiliary. The safety injection system is used to inject cooling water into the core to prevent the core from melting. The containment is used to house the reactor pressure vessel and part of the safety system (including primary circuit main system and equipment, shutdown cooling system), completely isolated from the external environment to achieve a security screen The function of the barrier. The containment spray system is used to spray a boron-containing water into the containment after a water loss accident or a main steam pipe breaks in the containment of the nuclear power plant, limiting the pressure in the containment to increase sharply and shortening the high pressure to maintain the peak time and reduce the peak pressure. And temperature to prevent overpressure failure of the containment. The auxiliary water supply system is used to supply water to the steam generator to protect the steam generator and prevent the occurrence of core melting accidents.
[0073] 如图 1-4所示, 多样性驱动系统 1包括: 信号接收模块 11、 逻辑处理模块 12和信 号输出模块 13。 该核电站多样性驱动系统 1的工作原理如下: 信号接收模块 11接 收检测信号 10, 然后逻辑处理模块 12对检测信号 10进行逻辑处理以判断是否发 生设计基准事故, 如果发生了设计基准事故, 逻辑处理模块 12产生驱动信号 20 并通过信号输出模块 13发送至执行机构 3, 以驱动执行机构 3动作。 其中, 在本 发明之前, 检测信号 10只是被输入到反应堆保护系统 2中, 反应堆保护系统 2中 的反应堆紧急停堆系统 22对检测信号 10进行逻辑处理可判断是否发生了设计基 准事故, 并相应产生驱动信号驱动执行机构动作以实现保护功能。 本发明的核 电站多样性驱动系统 1直接接收提供给反应堆保护系统 2的检测信号 10, 并进行 与反应堆保护系统相同或改进了的逻辑处理, 从而在发生设计基准事故吋产生 驱动信号 20以驱动执行机构 3动作。 在反应堆紧急停堆系统 22中, 逻辑处理是通 过应用软件实现的, 而在核电站多样性驱动系统 1中, 逻辑处理吋通过硬件实现 的。 因此, 现有的反应堆保护系统 2加上本申请的核电站多样性驱动系统 1使得 核电站具备核电站多样性的保护功能。 在本发明提供的优选实施例中, 如图 5所 示, 核电站多样性驱动系统 1还包括人机接口模块 15, 用于接收逻辑处理模块 12 提供的显示信号 40并显示安全功能参数监视信息、 报警信息以及系统和设备状 态指示。 同吋, 人机接口模块 15还可以接收用户的操作, 并将用户操作信号 105 发送给信号接收模块 11。  As shown in FIGS. 1-4, the diversity drive system 1 includes: a signal receiving module 11, a logic processing module 12, and a signal output module 13. The working principle of the nuclear power plant diversity driving system 1 is as follows: The signal receiving module 11 receives the detection signal 10, and then the logic processing module 12 performs logic processing on the detection signal 10 to determine whether a design basis accident occurs, and if a design basis accident occurs, logic processing Module 12 generates drive signal 20 and transmits it to actuator 3 via signal output module 13 to drive actuator 3 action. Wherein, prior to the present invention, the detection signal 10 is only input to the reactor protection system 2, and the reactor emergency shutdown system 22 in the reactor protection system 2 logically processes the detection signal 10 to determine whether a design basis accident has occurred and correspondingly A drive signal is generated to drive the actuator action to achieve a protection function. The nuclear power plant diversity drive system 1 of the present invention directly receives the detection signal 10 supplied to the reactor protection system 2, and performs the same or improved logic processing as the reactor protection system, thereby generating a drive signal 20 to drive execution in the event of a design basis accident. Mechanism 3 action. In the reactor emergency shutdown system 22, the logic processing is implemented by application software, and in the nuclear power plant diversity drive system 1, the logic processing is implemented by hardware. Therefore, the existing reactor protection system 2 plus the nuclear power plant diversity drive system 1 of the present application enables the nuclear power plant to have the protection function of the nuclear power plant diversity. In a preferred embodiment of the present invention, as shown in FIG. 5, the nuclear power plant diversity driving system 1 further includes a human machine interface module 15 for receiving the display signal 40 provided by the logic processing module 12 and displaying security function parameter monitoring information, Alarm information and system and device status indications. Similarly, the human interface module 15 can also receive the user's operation and send the user operation signal 105 to the signal receiving module 11.
[0074] 通常, 输入至反应堆保护系统的检测信号 10包括: 核仪表系统的功率量程中子 注量率信号, 反应堆冷却剂系统的稳压器的压力信号, 给水流量控制系统中的 蒸汽发生器的水位信号以及主蒸汽系统的压力信号等。 但是, 本申请提供的多 样性驱动系统 1不但可以基于与反应堆保护系统 2共用的这些检测信号进行逻辑 处理以判断是否发生设计基准事故, 还可以基于其他信号进行逻辑处理以判断 是否发生设计基准事故。 例如, 如图 13所示, 多样性驱动系统 1还可以接收第三 方检测系统 7提供的检测信号 104, 对检测信号 104进行逻辑处理以判断是否发生 设计基准事故。 当然, 多样性驱动系统 1还可以根据用户输入的操作信号 105来 产生驱动信号 20。 [0074] Typically, the detection signal 10 input to the reactor protection system includes: a power range neutron fluence rate signal of the nuclear instrumentation system, a pressure signal of a regulator of the reactor coolant system, a steam generator in the feed water flow control system The water level signal and the pressure signal of the main steam system. However, the diversity drive system 1 provided by the present application can perform logical processing based on these detection signals shared with the reactor protection system 2 to determine whether a design basis accident occurs, and can also perform logic processing based on other signals to determine whether a design basis accident occurs. . For example, as shown in FIG. 13, the diversity drive system 1 can also receive the third The detection signal 104 provided by the square detection system 7 logically processes the detection signal 104 to determine whether a design basis accident has occurred. Of course, the diversity drive system 1 can also generate the drive signal 20 based on the operation signal 105 input by the user.
[0075] 其中, 第三方检测系统主要包括: 核仪表系统、 电厂辐射监测系统、 棒控和棒 位系统等。 多样性驱动系统 1可以直接从这些系统获取检测信号, 执行逻辑处理 并相应产生驱动信号。  [0075] Among them, the third-party detection system mainly includes: a nuclear instrumentation system, a power plant radiation monitoring system, a stick control, and a rod position system. The diversity drive system 1 can directly acquire detection signals from these systems, perform logic processing and generate drive signals accordingly.
[0076] 通过上述核电站多样性驱动系统, 实现对设计基准事故的自动检测并相应产生 驱动信号以自动控制执行机构动作, 避免了在反应堆保护系统因设计基准事故 而产生共因故障的情况下, 需要用户手动操作以控制执行机构动作。 因此, 本 发明可降低对用户的操作要求, 提高核电站对共因故障的应对能力, 进而提高 核电站的安全性。 另外, 本发明提供了专门的人机接口模块, 有效降低了后备 盘的规模, 使人机互动功能的可拓展性更高, 不再局限于后备盘的原有设计。  [0076] The above-mentioned nuclear power plant diversity driving system realizes automatic detection of design basis accidents and correspondingly generates driving signals to automatically control the action of the actuator, thereby avoiding a situation in which the reactor protection system causes a common cause failure due to a design basis accident. Manual user action is required to control actuator action. Therefore, the present invention can reduce the operational requirements of the user, improve the ability of the nuclear power plant to cope with common cause failures, and thereby improve the safety of the nuclear power plant. In addition, the present invention provides a special human-machine interface module, which effectively reduces the size of the backup disk, and makes the human-computer interaction function more expandable, and is no longer limited to the original design of the backup disk.
[0077] 另外, 如图 1-4所示, 与反应堆保护系统 2共用的检测信号 10经分支和隔离之后 分别输入到反应堆保护系统 2和核电站多样性驱动系统 1中。 对检测信号 10的分 支和隔离方法有多种。 如图 1所示, 反应堆保护系统 2中包含分支与隔离模块 21 。 分支与隔离模块 21将输入反应堆保护系统 2中的检测信号 10分支成两个相同的 信号 102和 101并分别输入至反应堆紧急停堆系统 22和信号接收模块 11, 并对这 两个相同的信号 101和 102进行了隔离处理, 从而使输入至信号接收模块 11的信 号 101不受反应堆保护系统 2的影响。 图 2示出了另外一种分支与隔离方式, 反应 堆保护系统 2包括分支模块 21和隔离模块 23。 检测信号 10经分支模块 21分成两个 相同的信号 101和 102后, 其中一个信号 102直接输入至反应堆紧急停堆系统 22, 另一个信号 101通过隔离模块 23隔离后形成被隔离的信号 103。 信号 103被输入至 信号接收模块 11。 图 3示出了第三种分支与隔离方式, 反应堆保护系统 2包括分 支模块 21, 核电站多样性驱动系统包括隔离模块 14。 检测信号 10经分支模块 21 分成两个相同的信号 101和 102, 一个信号 102直接输入反应堆紧急停堆系统 22, 另一个信号 101输入隔离模块 14形成被隔离的信号 103。 信号 103被发送至信号接 收模块 11。 图 4示出了第四种分支与隔离方式, 检测信号 10经过独立于反应堆保 护系统 2和核电站多样性驱动系统 1的分支与隔离模块 4分成两个相同的相互隔离 的信号 101和 102, 一个信号 102直接输入至反应堆紧急停堆系统 22, 另一个信号 101直接输入至信号接收模块 11。 分支与隔离模块 4可以属于检测信号的检测装 置的一部分, 也可以是一个独立的设备或装置。 [0077] In addition, as shown in FIGS. 1-4, the detection signals 10 shared with the reactor protection system 2 are branched and isolated and input to the reactor protection system 2 and the nuclear power plant diversity drive system 1, respectively. There are various methods for branching and isolating the detection signal 10. As shown in FIG. 1, the reactor protection system 2 includes a branch and isolation module 21. The branch and isolation module 21 branches the detection signal 10 in the input reactor protection system 2 into two identical signals 102 and 101 and inputs them to the reactor emergency shutdown system 22 and the signal receiving module 11, respectively, and the same two signals The 101 and 102 are isolated so that the signal 101 input to the signal receiving module 11 is not affected by the reactor protection system 2. FIG. 2 shows another branching and isolation mode, and the reactor protection system 2 includes a branching module 21 and an isolating module 23. After the detection signal 10 is split into two identical signals 101 and 102 via the branching module 21, one of the signals 102 is directly input to the reactor emergency shutdown system 22, and the other signal 101 is isolated by the isolation module 23 to form an isolated signal 103. The signal 103 is input to the signal receiving module 11. 3 shows a third branching and isolation mode, the reactor protection system 2 includes a branching module 21, and the nuclear power plant diversity drive system includes an isolation module 14. The detection signal 10 is split into two identical signals 101 and 102 via the branching module 21, one signal 102 being input directly to the reactor emergency shutdown system 22, and the other signal 101 being input to the isolation module 14 forming the isolated signal 103. The signal 103 is sent to the signal receiving module 11. Figure 4 shows a fourth branching and isolation mode. The detection signal 10 is separated into two identical isolations by a branch and isolation module 4 independent of the reactor protection system 2 and the nuclear power plant diversity drive system 1. Signals 101 and 102, one signal 102 is directly input to the reactor emergency shutdown system 22, and the other signal 101 is directly input to the signal receiving module 11. The branching and isolation module 4 may be part of a detection device that detects signals, or it may be a separate device or device.
[0078] 图 1-4给出了分支与隔离检测信号的四个实施例。 应理解, 本领域技术人员还 可以根据这四个实施例得出更多的实施例, 而这些实施例都属于本发明的保护 范围。 [0078] Figures 1-4 illustrate four embodiments of branching and isolation detection signals. It should be understood that those skilled in the art can also derive further embodiments based on the four embodiments, and these embodiments are all within the scope of the present invention.
[0079] 在本发明提供的优选实施例中, 当反应堆保护系统 2正常工作吋, 多样性驱动 系统 1并不执行保护功能。 多样性驱动系统 1通过接收执行机构 3的反馈信号来自 动闭锁, 从而不将驱动信号 20发送至执行机构。 多样性驱动系统 1还可以通过逻 辑处理进行延吋, 滞后于反应堆保护系统 2接收检测信号 10或者滞后于反应堆保 护系统 2输出驱动信号 20。 这样, 当反应堆保护系统 2正常工作吋, 由反应堆保 护系统 2执行核电站的安全保护, 多样性驱动系统 1自动闭锁。 多样性驱动系统 1 的自动闭锁方法将在图 8和图 11所示的实施例中进行详细介绍。 如图 6和 7所示, 逻辑处理模块 12包括比较模块和表决模块。 如图 6所示, 逻辑处理模块 12包括两 个比较模块 121A和 121B。 这两个比较模块同吋接收信号接收模块 11发送过来的 检测信号 10, 然后分别在比较模块 121A和 121B中将检测信号 10与设定值进行比 较, 并输出比较结果至表决模块 122。 例如, 检测信号 10可为反应堆温度, 比较 模块 121A和 121B中预设了温度值 T0。 根据核电站的实际工作原理, 例如, 当反 应堆温度超过了预设值 TO吋则表示发生了设计基准事故, 那么当输入至比较模 块 121A和 121B的温度值大于预设温度 TO吋, 比较模块 121A和 121B则输出高电平 至表决模块 122。 否则, 比较模块 121A和 121B输出低电平至表决模块 122。 当比 较模块 121A和 121B同吋输出高电平吋, 表决模块 122输出高电平, 即驱动信号, 至信号输出模块 13; 否则无驱动信号输出至信号输出模块 13。 在本实施例中, 因为比较模块的数量只有两个, 表决模块 122可实施为与门。  In a preferred embodiment provided by the present invention, the diversity drive system 1 does not perform a protection function when the reactor protection system 2 is operating normally. The diversity drive system 1 is automatically latched by receiving the feedback signal from the actuator 3, and the drive signal 20 is never sent to the actuator. The diversity drive system 1 can also be delayed by logic processing, lags behind the reactor protection system 2 receiving the detection signal 10 or lags behind the reactor protection system 2 output drive signal 20. Thus, when the reactor protection system 2 is operating normally, the reactor protection system 2 performs the safety protection of the nuclear power plant, and the diversity drive system 1 is automatically blocked. The automatic latching method of the diversity drive system 1 will be described in detail in the embodiment shown in Figs. 8 and 11. As shown in Figures 6 and 7, the logic processing module 12 includes a comparison module and a voting module. As shown in Figure 6, the logic processing module 12 includes two comparison modules 121A and 121B. The two comparison modules simultaneously receive the detection signal 10 sent from the signal receiving module 11, and then compare the detection signal 10 with the set value in the comparison modules 121A and 121B, respectively, and output the comparison result to the voting module 122. For example, the detection signal 10 can be the reactor temperature, and the temperature values T0 are preset in the comparison modules 121A and 121B. According to the actual working principle of the nuclear power plant, for example, when the reactor temperature exceeds the preset value TO吋, it indicates that a design basis accident has occurred, then when the temperature values input to the comparison modules 121A and 121B are greater than the preset temperature TO吋, the comparison module 121A and 121B then outputs a high level to the voting module 122. Otherwise, the comparison modules 121A and 121B output a low level to the voting module 122. When the comparison modules 121A and 121B output a high level 吋, the voting module 122 outputs a high level, that is, a driving signal, to the signal output module 13; otherwise, no driving signal is output to the signal output module 13. In the present embodiment, since the number of comparison modules is only two, the voting module 122 can be implemented as an AND gate.
[0080] 如图 7所示, 比较模块的数量也可以为 3个, 但是其工作原理与图 6所示实施例 类似, 在此不再累述。 在这种情况下, 表决模块 122可实施为三选二表决器。 当 然, 本领域技术人员也可以根据实际需要设置成当三个比较模块的输出都为高 电平吋表决模块才输出驱动信号。 [0081] 在本发明中, 通过在逻辑处理模块 12中设置至少两个比较模块, 可以提高逻辑 处理模块 12的可靠度。 只有当其中至少两个比较模块的输出都反应出发生了设 计基准事故吋, 逻辑处理模块 12才产生驱动信号。 [0080] As shown in FIG. 7, the number of comparison modules may also be three, but the working principle is similar to that of the embodiment shown in FIG. 6, and is not described here. In this case, the voting module 122 can be implemented as a three-choice voter. Of course, those skilled in the art can also set the drive signal to be output when the output of the three comparison modules is a high level 吋 voting module according to actual needs. [0081] In the present invention, the reliability of the logic processing module 12 can be improved by providing at least two comparison modules in the logic processing module 12. The logic processing module 12 generates a drive signal only if the output of at least two of the comparison modules reflects that a design basis event has occurred.
[0082] 图 8示出了一种具体的逻辑处理模块, 即反应堆停堆硬件逻辑模块 12A。 该硬件 逻辑模块用于在发生设计基准事故吋执行反应堆停堆逻辑。 如图 8所示, 在反应 堆保护系统 2中, 反应堆紧急停堆系统 22包括模拟量输入模块 221、 反应堆停堆 软件逻辑模块 222和输出模块 223。 由于检测信号 10为模拟信号, 模拟量输入模 块 221将该模拟信号转化成数字信号后输入至反应堆停堆软件逻辑模块 222进行 逻辑处理。 如果发生设计基准事故, 反应堆停堆软件逻辑模块 222产生驱动信号 , 通过输出模块 223输入至执行机构 3, 即棒控和棒位系统的电源柜 3内的停堆断 路器 31, 从而使停堆断路器 31断幵。 停堆断路器 31电连接至控制棒驱动机构 5, 停堆断路器 31的动作会相应引起控制棒驱动机构 5动作, 从而进行停堆保护。 在 现有技术中, 反应堆停堆软件逻辑模块 222也称为数字化保护系统。 数字化保护 系统很容易因为核电站发生设计基准事故而产生共因故障, 进而无法进行停堆 保护。 因此, 本实施例提供了一种通过硬件实现的停堆保护逻辑。  [0082] FIG. 8 shows a specific logic processing module, namely a reactor shutdown hardware logic module 12A. This hardware logic module is used to execute reactor shutdown logic in the event of a design basis accident. As shown in FIG. 8, in the reactor protection system 2, the reactor emergency shutdown system 22 includes an analog input module 221, a reactor shutdown software logic module 222, and an output module 223. Since the detection signal 10 is an analog signal, the analog input module 221 converts the analog signal into a digital signal and inputs it to the reactor shutdown software logic module 222 for logic processing. If a design basis accident occurs, the reactor shutdown software logic module 222 generates a drive signal that is input through the output module 223 to the actuator 3, that is, the shutdown circuit breaker 31 in the power cabinet 3 of the bar control and stick system, thereby causing the shutdown The circuit breaker 31 is broken. The shutdown circuit breaker 31 is electrically connected to the control rod drive mechanism 5, and the operation of the shutdown circuit breaker 31 causes the control rod drive mechanism 5 to act accordingly, thereby performing shutdown protection. In the prior art, the reactor shutdown software logic module 222 is also referred to as a digital protection system. Digital protection systems are prone to common cause failures due to design basis accidents at nuclear power plants, making it impossible to perform shutdown protection. Therefore, this embodiment provides a shutdown protection logic implemented by hardware.
[0083] 如图 8所示, 核电站多样性驱动系统 1包括信号接收模块 11、 反应堆硬件逻辑模 块 12A和信号输出模块 13。 因为本申请提供的核电站多样性驱动系统都是通过硬 件实施的, 因此检测信号 10可直接输入至信号接收模块 11, 并进一步直接输入 至反应堆停堆硬件逻辑模块 12A, 而无需进行数 /模转化处理。 反应堆停堆硬件 逻辑模块 12A产生的驱动信号 (为区别图 11所示实施例的驱动信号, 此驱动信号 可命名为第一驱动信号) 201经信号输出模块 13发送至棒控和棒位系统的电源柜 的棒控单元 32, 从而直接切断电源柜的电源 6。 因此, 即便是反应堆保护系统 2 或是停堆断路器 31出现故障不能正常工作, 多样性驱动系统 1也可以实现紧急停 堆。 因此, 核电站多样性驱动系统 1从其信号输入至信号输出都不受数字化保护 系统共因故障的影响, 保证了其自动停堆功能的多样性及完整性。  As shown in FIG. 8, the nuclear power plant diversity driving system 1 includes a signal receiving module 11, a reactor hardware logic module 12A, and a signal output module 13. Because the nuclear power plant diversity driving system provided by the present application is implemented by hardware, the detection signal 10 can be directly input to the signal receiving module 11 and further directly input to the reactor shutdown hardware logic module 12A without performing digital/analog conversion. deal with. The drive signal generated by the reactor shutdown hardware logic module 12A (to distinguish the drive signal of the embodiment shown in FIG. 11, the drive signal can be named as the first drive signal) 201 is sent by the signal output module 13 to the stick control and the stick system. The control unit 32 of the power cabinet directly cuts off the power supply 6 of the power cabinet. Therefore, even if the reactor protection system 2 or the shutdown circuit breaker 31 fails and does not work properly, the diversity drive system 1 can also achieve emergency shutdown. Therefore, the nuclear power plant diversity drive system 1 is not affected by the common fault of the digital protection system from its signal input to signal output, ensuring the diversity and integrity of its automatic shutdown function.
[0084] 虽然图 8只示出了核电站多样性驱动系统 1的一部分结构, 本领域技术人员应该 明白核电站多样性驱动系统 1还可包括图 5所示的人机接口模块 15。 当然, 图 8中 的分支与隔离模块 21也可以实施成如图 1-4所示的结构。 反应堆停堆硬件逻辑模 块 12A的具体结构与图 6和 7所示的逻辑处理模块的结构类似, 但也可以有改进。 下面将具体阐述其中两种结构。 Although FIG. 8 shows only a part of the structure of the nuclear power plant diversity driving system 1, those skilled in the art should understand that the nuclear power plant diversity driving system 1 may further include the human machine interface module 15 shown in FIG. 5. Of course, the branch and isolation module 21 of FIG. 8 can also be implemented as shown in FIGS. Reactor shutdown hardware logic The specific structure of block 12A is similar to that of the logic processing modules shown in Figures 6 and 7, but improvements may be made. Two of the structures will be specifically explained below.
[0085] 如图 9和 10所示, 反应堆停堆硬件逻辑模块 12A除了包括图 6中所示的比较模块 1 21A和 121B之外还包括延吋模块 123。 延吋模块 123可以如图 9所示的连接在表决 模块 122之后, 也可以如图 10所示的连接在比较模块 121A和 121B之前。 其工作原 理如下: 延吋模块 123对反应堆停堆硬件逻辑模块 12A的输入信号或输出信号进 行延吋处理。 例如, 延吋吋间为 tl, 这就意味着只有设计基准事故持续吋间大于 等于 tl吋, 反应堆停堆硬件逻辑模块 12A才会判定为发生了设计基准事故。 这样 就可允许反应堆保护系统 2优先执行保护动作。 也就是说, 当发生设计基准事故 吋, 如果反应堆保护系统 2正常工作, 那么反应堆保护系统 2先执行保护处理以 响应设计基准事故。 在反应堆保护系统 2响应后, 检测信号 10发生改变, 核电站 多样性驱动系统 1接收到的信号为未发生设计基准事故, 从而就不产生驱动信号 。 这样, 就可以避免在反应堆保护系统 2正常的情况下核电站多样性驱动系统 1 重复执行保护动作。 当发生设计基准事故吋, 如果反应堆保护系统 2产生共因故 障而不能正常工作, 那么核电站多样性驱动系统 1会在设计基准事故发生后 tl吋 间吋执行保护动作。 As shown in FIGS. 9 and 10, the reactor shutdown hardware logic module 12A includes a delay module 123 in addition to the comparison modules 1 21A and 121B shown in FIG. 6. The delay module 123 may be connected after the voting module 122 as shown in FIG. 9, or may be connected before the comparison modules 121A and 121B as shown in FIG. The working principle is as follows: The delay module 123 delays the input signal or output signal of the reactor shutdown hardware logic module 12A. For example, the delay is tl, which means that only the design basis accident lasts for more than or equal to tl吋, and the reactor shutdown hardware logic module 12A determines that a design basis accident has occurred. This allows the reactor protection system 2 to prioritize protection actions. That is, in the event of a design basis accident, if the reactor protection system 2 is operating normally, the reactor protection system 2 first performs a protection process in response to the design basis accident. After the reactor protection system 2 responds, the detection signal 10 changes, and the signal received by the nuclear power plant diversity drive system 1 is that no design basis accident has occurred, so that no drive signal is generated. In this way, it is possible to avoid the nuclear power plant diversity drive system 1 repeating the protection action when the reactor protection system 2 is normal. In the event of a design basis accident, if the reactor protection system 2 generates a common cause failure and fails to function properly, the nuclear power plant diversity drive system 1 will perform the protection action after the design basis accident occurs.
[0086] 当然, 为了避免核电站多样性驱动系统 1重复执行保护动作, 反应堆停堆硬件 逻辑模块 12A的比较模块中的预设值也可以与反应堆停堆软件逻辑模块 222中的 预设值不同。 例如, 反应堆停堆软件逻辑模块 222中的反应堆温度预设值为 Tl, 而反应堆停堆硬件逻辑模块 12A中的反应堆预设温度为 Τ2, Τ2可大于 Tl。 这样 , 核电站多样性驱动系统 1也会滞后于反应堆保护系统 2执行保护动作。  [0086] Of course, in order to avoid the nuclear power plant diversity drive system 1 repeatedly performing the protection action, the preset value in the comparison module of the reactor shutdown hardware logic module 12A may also be different from the preset value in the reactor shutdown software logic module 222. For example, the reactor temperature in the reactor shutdown software logic module 222 is preset to Tl, and the reactor preset temperature in the reactor shutdown hardware logic module 12A is Τ2, and Τ2 can be greater than Tl. Thus, the nuclear power plant diversity drive system 1 will also lag behind the reactor protection system 2 to perform protection actions.
[0087] 图 11示出了另一种具体的逻辑处理模块, 即专用安全设施驱动硬件逻辑模块 12 Β。 该硬件逻辑模块用于在发生设计基准事故吋执行专用安全设施驱动。 如图 11 所示, 在反应堆保护系统 2中, 反应堆紧急停堆系统 22包括模拟量输入模块 221 、 反应堆停堆软件逻辑模块 222、 输出模块 223和专用安全设施驱动软件逻辑模 块 224。 图 11包含了与图 8相同的一些部件, 其功能在图 8中已经详细描述了, 在 此不再累述。 如图 8所示, 在反应堆紧急停堆系统 22中, 数字保护系统包括两个 软件模块, 即相互连接的反应堆提供软件逻辑模块 222和专用安全设施驱动软件 逻辑模块 224。 专用安全设施驱动软件逻辑模块 224通过反应堆提供软件逻辑模 块 222接收检测信号 10以判断是否发生设计基准事故, 如果发生了设计基准事故 , 则通过设备接口模块的优选单元 24发送驱动信号至专设安全设施 33, 以执行 对专设安全设施 33的保护。 [0087] FIG. 11 illustrates another specific logic processing module, namely a dedicated security facility driver hardware logic module 12 . The hardware logic module is used to perform a dedicated safety facility driver in the event of a design basis accident. As shown in FIG. 11, in the reactor protection system 2, the reactor emergency shutdown system 22 includes an analog input module 221, a reactor shutdown software logic module 222, an output module 223, and a dedicated safety facility driver software logic module 224. Figure 11 contains the same components as Figure 8, the function of which has been described in detail in Figure 8, and will not be described again. As shown in FIG. 8, in the reactor emergency shutdown system 22, the digital protection system includes two software modules, namely, an interconnected reactor providing software logic module 222 and dedicated security facility driver software. Logic module 224. The dedicated security facility driver software logic module 224 receives the detection signal 10 through the reactor provisioning software logic module 222 to determine if a design basis accident has occurred, and if a design basis accident occurs, the drive signal is sent to the dedicated security via the preferred unit 24 of the device interface module. Facility 33 to perform protection of the dedicated security facility 33.
[0088] 核电站多样性驱动系统 1包括与专用安全设施驱动软件逻辑模块 224相对应的专 设安全设施驱动硬件逻辑模块 12B。 当发生设计基准事故吋, 专设安全设施驱动 硬件逻辑模块 122B产生驱动信号 (为区别图 8所示的实施例的驱动信号, 该驱动 信号可命名为第二驱动信号) 202, 并通过反应堆保护系统 2的优选模块 24发送 至专设安全设施 33。 因为反应堆保护系统 2中的优选模块 24是硬件模块, 因此, 不会受共因故障的影响。 也就是说, 即便反应堆保护系统 2的数字化保护系统 ( 即图中的软件模块) 发生了共因故障, 核电站多样性驱动系统 1依然可以通过优 选模块 24执行保护动作, 为核电站提供核电站多样性保护。 优选模块 24用于提 供优选策略, 从而根据不同的实际情况对专设安全设施 33进行不同的保护处理 [0088] The nuclear power plant diversity drive system 1 includes a dedicated safety facility drive hardware logic module 12B corresponding to a dedicated safety facility drive software logic module 224. When a design basis event occurs, the dedicated security facility driver hardware logic module 122B generates a drive signal (to distinguish the drive signal of the embodiment shown in FIG. 8, the drive signal can be named as the second drive signal) 202, and is protected by the reactor. The preferred module 24 of system 2 is sent to an ad hoc security facility 33. Since the preferred module 24 in the reactor protection system 2 is a hardware module, it is not affected by common cause failures. That is, even if a common cause failure occurs in the digital protection system of the reactor protection system 2 (ie, the software module in the figure), the nuclear power plant diversity drive system 1 can still perform protection actions through the preferred module 24 to provide nuclear power plant diversity protection for the nuclear power plant. . The preferred module 24 is used to provide a preferred strategy for different protections of the dedicated security facility 33 depending on the actual situation.
[0089] 优选地, 核电站多样性驱动系统 1输出的驱动信号 202经过隔离之后再发送至优 选模块 24。 图 11和图 12分别示出两种对驱动信号进行隔离的方法。 如图 11所示 , 反应堆保护系统 2包括隔离模块 23, 核电站多样性驱动系统 1的信号输出模块 1 3将输出信号发送至隔离模块 23后再输入至优选模块 24。 如图 12所示, 核电站多 样性驱动系统 1包括隔离模块 14, 信号输出模块 13的输出信号输入至隔离模块 14 后再发送至反应堆保护系统 2的优选模块 24。 应理解, 图 11和图 12的两种对驱动 信号的隔离方法可与图 1-4中的对检测信号的隔离方法任意组合以构成新的实施 例。 例如, 图 3所示的实施例可与图 12所示的实施例组合, 这样, 多样性驱动系 统 1就包括两个隔离模块 14, 一个用于隔离检测信号 10, 一个用于隔离驱动信号 20。 [0089] Preferably, the drive signal 202 output by the nuclear power plant diversity drive system 1 is isolated and sent to the preferred module 24. Figures 11 and 12 show two methods of isolating the drive signals, respectively. As shown in Fig. 11, the reactor protection system 2 includes an isolation module 23, and the signal output module 13 of the nuclear power plant diversity drive system 1 sends the output signal to the isolation module 23 and then to the optimization module 24. As shown in Fig. 12, the nuclear power plant multi-function drive system 1 includes an isolation module 14, and the output signal of the signal output module 13 is input to the isolation module 14 and then sent to the preferred module 24 of the reactor protection system 2. It should be understood that the two isolation methods for the drive signals of Figures 11 and 12 can be arbitrarily combined with the isolation method for the detection signals of Figures 1-4 to form a new embodiment. For example, the embodiment shown in FIG. 3 can be combined with the embodiment shown in FIG. 12 such that the versatile drive system 1 includes two isolation modules 14, one for isolating the detection signal 10 and one for isolating the drive signal 20 .
[0090] 如图 11和 12所示, 专设安全设施 33还将反馈信号 30发送至核电站多样性驱动系 统 1的信号接收模块 11, 从而避免核电站多样性驱动系统 1在反应堆保护系统 2正 常吋重复执行保护动作。 专设安全设施 33的反馈信号 30可闭锁核电站多样性驱 动系统 1的第二驱动信号 202。 [0091] 应理解, 图 8、 11和 12所示的核电站多样性驱动系统 1还可以包括人机接口模块 15。 As shown in FIGS. 11 and 12, the dedicated safety facility 33 also transmits a feedback signal 30 to the signal receiving module 11 of the nuclear power plant diversity driving system 1, thereby preventing the nuclear power plant diversity driving system 1 from being normal in the reactor protection system 2. Repeat the protection action. The feedback signal 30 of the dedicated safety facility 33 can block the second drive signal 202 of the nuclear power plant diversity drive system 1. [0091] It should be understood that the nuclear power plant diversity drive system 1 shown in FIGS. 8, 11, and 12 may further include a human machine interface module 15.
[0092] 图 13示出了核电站多样性驱动系统 1的另一个实施例。 如图 13所示, 核电站多 样性驱动系统 1包括信号接收模块 11、 逻辑处理模块 12、 信号输出模块 13和人机 接口模块 15。 人机接口模块 15包括手操幵关 151、 报警模块 152、 指示仪表 153和 指示灯 154。 手操幵关 151用于接收用户的手动操作, 用户操作信息 105通过人机 接口模块 15发送至信号接收模块 11。 逻辑处理模块 12根据接收到的用户操作信 号 105产生驱动信号 20以驱动执行机构 3动作。 在这一过程中, 核逻辑处理模块 1 2就无需执行如上面所描述的那么复杂的逻辑处理, 因为用户操作信号 105通常 都是非常直接的对执行机构的具体操作。 例如, 停止 /启动某一具体的现场设备 、 关闭 /打幵某一具体的阀门或断幵或闭合某一电源等。 当然, 在本发明提供的 另一优选实施例中, 用户操作信号 105也可以直接发送至逻辑处理模块 12, 逻辑 处理模块 12进而根据接收到的用户操作信号 105产生驱动信号 20。 报警模块 152 用于发出报警信息, 如文字提示、 声音提示和 /或发光提示。 指示仪表 153用于提 供安全功能监视信息, 如数字和 /文字信息。 指示灯 154用于指示系统和设备的状 态。  [0092] FIG. 13 shows another embodiment of a nuclear power plant diversity drive system 1. As shown in Fig. 13, the nuclear power plant multi-function drive system 1 includes a signal receiving module 11, a logic processing module 12, a signal output module 13, and a human interface module 15. The human interface module 15 includes a manual operation 151, an alarm module 152, an indication meter 153, and an indicator light 154. The manual operation 151 is for receiving a manual operation of the user, and the user operation information 105 is transmitted to the signal receiving module 11 through the human interface module 15. The logic processing module 12 generates a drive signal 20 based on the received user operation signal 105 to drive the actuator 3 action. In this process, the core logic processing module 12 does not need to perform as complex logic processing as described above, since the user operation signals 105 are typically very straightforward specific operations to the actuator. For example, stopping/starting a specific field device, closing/hitting a specific valve, or breaking or closing a power source. Of course, in another preferred embodiment provided by the present invention, the user operation signal 105 can also be sent directly to the logic processing module 12, which in turn generates the drive signal 20 based on the received user operation signal 105. The alarm module 152 is used to send out alarm messages such as text prompts, audible alerts and/or illuminated prompts. The indicator meter 153 is used to provide safety function monitoring information such as digital and/or text information. Indicator light 154 is used to indicate the status of the system and equipment.
[0093] 通过人机接口模块 15, 可提供关键安全功能系统级和设备级的手动触发, 以及 少量一般安全功能设备级的手动触发。 人机接口模块 15还可提供全方位的安全 功能参数监视信息、 报警信息及系统和设备状态指示。  [0093] Manual triggering of system-level and device-level critical safety functions and manual triggering of a small number of general safety functional device levels are provided through the human-machine interface module 15. The human interface module 15 also provides a full range of safety function parameter monitoring information, alarm information, and system and device status indications.
[0094] 如图 13所示, 信号接收模块 12除了可接收与反应堆保护系统共用的检测信号 10 和通过手操幵关 151提供的用户操作信号 105之外, 还可以接收检测系统 7提供的 检测信息 104。 检测系统 7是独立于反应堆保护系统 2和核电站多样性驱动系统 1 之外的第三方检测系统, 用于获取核电站的各种检测信号。 检测系统 7提供的检 测信号 104可包括检测信号 10, 也可以是不同于检测信号 10的其他检测信号。 逻 辑处理模块 12可对检测信号 104进行逻辑处理, 从而在需要执行保护动作吋 (如 发生设计基准事故或其他事故) 产生驱动信号 20以驱动执行机构 3动作。 图 14示 出了逻辑处理模块的另一个实施例。 在本实施例中, 逻辑处理模块 12C为预期瞬 态不停堆保护逻辑模块, 用于应对停堆保护系统在停堆过程中拒动的问题。 也 就是说, 在某些情况下, 反应堆保护系统并没有发生共因故障, 但却在发生预 期瞬态吋拒绝动作, 未能如期停堆。 为此, 本实施例的提供了预期瞬态不停堆 保护逻辑模块 12C以解决这一问题。 As shown in FIG. 13, the signal receiving module 12 can receive the detection provided by the detection system 7 in addition to the detection signal 10 shared with the reactor protection system and the user operation signal 105 provided by the manual operation 151. Information 104. The detection system 7 is a third-party detection system independent of the reactor protection system 2 and the nuclear power plant diversity drive system 1 for acquiring various detection signals of the nuclear power plant. The detection signal 104 provided by the detection system 7 may include the detection signal 10 or other detection signals different from the detection signal 10. The logic processing module 12 can logically process the detection signal 104 to generate a drive signal 20 to drive the actuator 3 action when a protection action (such as a design basis accident or other accident) needs to be performed. Figure 14 illustrates another embodiment of a logic processing module. In this embodiment, the logic processing module 12C is an expected transient non-stop heap protection logic module for responding to the problem that the shutdown protection system is rejected during the shutdown process. and also That is to say, in some cases, the reactor protection system did not have a common cause failure, but in the event of an expected transient refusal, it failed to shut down as scheduled. To this end, the present embodiment provides an expected transient non-stop stack protection logic module 12C to address this problem.
[0095] 如图 14所示, 预期瞬态不停堆保护逻辑模块 12C包括三个第一比较器 71A~71C 、 两个第二比较器 71D和 71E、 三选二表决器 72A、 第一与门 72B和第二与门 73。 三个给水量信号分别输入至三个第一比较器 71A~71C的输入端, 三个给水量信号 分别反应三个蒸汽发生器的给水量。 第一比较器将输入的给水量信号与预设值 M 0比较, 然后将比较结果输出至三选二表决器 72A的输入端进行表决。 当三个比 较器中有至少两个比较器的比较结果为蒸汽发生器给水量小于预设值 M0吋, 三 选二表决器 72A输出高电平至第二与门 73的一个输入端; 否则输出低电平至第二 与门 73的一个输入端。 两个堆功率信号分别输入至第二比较器 71D和 71E的输入 端, 两个堆功率信号分别反应两组反应堆的堆功率大小。 第二比较器将输入的 堆功率信号与预设值 NO进行比较, 然后将比较结果输出至第一与门 72B。 当输入 的两个堆功率信号都大于预设值 N0吋, 第一与门 72B输出高电平至第二与门 73的 另一个输入端; 否则输出低电平至第二与门 72的另一个输入端。 第二与门 73的 输出端分别连接至汽轮机脱口模块 34、 紧急停堆模块 35、 辅助给水启动模块 36 和排放阀门闭锁模块 37。 As shown in FIG. 14, the expected transient non-stop reactor protection logic module 12C includes three first comparators 71A-71C, two second comparators 71D and 71E, a third-choice two voter 72A, and a first The door 72B and the second AND gate 73. The three water supply amount signals are respectively input to the input ends of the three first comparators 71A to 71C, and the three water supply amount signals respectively reflect the water supply amounts of the three steam generators. The first comparator compares the input water supply amount signal with a preset value M 0 , and then outputs the comparison result to the input terminal of the third-choice two voter 72A for voting. When the comparison result of at least two of the three comparators is that the steam generator water supply amount is less than the preset value M0 吋, the three-choice two voter 72A outputs a high level to one input end of the second AND gate 73; otherwise The output is low to an input of the second AND gate 73. Two stack power signals are input to the inputs of the second comparators 71D and 71E, respectively, and the two stack power signals respectively reflect the stack power levels of the two sets of reactors. The second comparator compares the input stack power signal with a preset value NO, and then outputs the comparison result to the first AND gate 72B. When the input two stack power signals are greater than the preset value N0 , the first AND gate 72B outputs a high level to the other input terminal of the second AND gate 73; otherwise, the output low level to the second AND gate 72 An input. The output of the second AND gate 73 is coupled to the turbine vent module 34, the emergency shutdown module 35, the auxiliary feedwater activation module 36, and the bleed valve lockout module 37, respectively.
[0096] 两个堆功率信号都大于预设值 NO意味着核电站一回路产热量很大。 蒸汽发生器 给水量小于预设值 M0意味着核电站二回路散热量很小。 当着两件事同吋发生吋 , 意味着反应堆的温度在不断地升高, 而散热不足。 这显然是不满足设计基准 的, 属于应该启动保护的预期瞬态。  [0096] Both stack power signals are greater than the preset value. NO means that the primary circuit of the nuclear power plant generates a large amount of heat. Steam generator The water supply is less than the preset value M0 means that the heat dissipation of the secondary circuit of the nuclear power plant is very small. When two things happen, it means that the temperature of the reactor is constantly rising and the heat is not enough. This obviously does not meet the design basis and is the expected transient that should initiate protection.
[0097] 另一方面, 本发明实施例还提供了一种核电站多样性驱动方法。 如图 15所示, 该方法包括如下步骤:  [0097] On the other hand, an embodiment of the present invention further provides a nuclear power plant diversity driving method. As shown in FIG. 15, the method includes the following steps:
[0098] Sl、 接收检测信号;  [0098] Sl, receiving a detection signal;
[0099] S2、 对所接收到的检测信号进行逻辑处理;  [0099] S2, performing logic processing on the received detection signal;
[0100] S3、 判断是否发生设计基准事故; 若是, 则转步骤 S3, 否则返回步骤 S2;  [0100] S3, determine whether a design basis accident occurs; if yes, go to step S3, otherwise return to step S2;
[0101] S4、 产生驱动信号以驱动执行机构动作。 [0101] S4. Generate a driving signal to drive the actuator to operate.
[0102] 优选地, 在实施过程中, 步骤 S2和 S3通常由同一逻辑处理模块执行。 [0103] 在本发明提供的一个优选实施例中, 该多样性驱动方法还包括以下步骤: [0102] Preferably, in the implementation, steps S2 and S3 are generally performed by the same logic processing module. [0103] In a preferred embodiment provided by the present invention, the diversity driving method further includes the following steps:
[0104] S5、 输出显示信息以显示安全功能参数监视信息、 报警信息以及系统和设备状 态指示并接收用户操作信号。 [0104] S5. Output display information to display safety function parameter monitoring information, alarm information, and system and device status indications and receive user operation signals.
[0105] 其中, 步骤 S5可与步骤 S1-S4并行, 从而实吋地显示安全功能参数监视信息、 报警信息以及系统和设备状态指示。 [0105] Step S5 may be parallel to steps S1-S4, thereby displaying security function parameter monitoring information, alarm information, and system and device status indications.
[0106] 在本发明提供的另一个实施例中, 在步骤 S1之前还需要对检测信号进行分支和 隔离处理。 具体的分支和隔离处理方法可在图 1-4所示的系统中执行。 [0106] In another embodiment provided by the present invention, the detection signal is also required to be branched and isolated before step S1. Specific branching and isolation processing methods can be performed in the system shown in Figures 1-4.
[0107] 在图 1所示的核电站多样性驱动系统中, 反应堆保护系统 2的分支与隔离模块 21 将检测信号 10分成两个相同的彼此隔离的信号 101和 102后, 分别输入至核电站 多样性驱动系统 1和反应堆紧急停堆系统 22中。 图 1所示的核电站多样性驱动系 统 1可按照如下步骤执行核电站多样性驱动方法: [0107] In the nuclear power plant diversity driving system shown in FIG. 1, the branching and isolation module 21 of the reactor protection system 2 divides the detection signal 10 into two identical isolated signals 101 and 102, respectively, and inputs them to the nuclear power plant diversity. Drive system 1 and reactor emergency shutdown system 22. The nuclear power plant diversity drive system 1 shown in Figure 1 can perform the nuclear power plant diversity driving method as follows:
[0108] Sl、 信号接收模块 11接收经分支隔离后的检测信号 101 ; [0108] Sl, the signal receiving module 11 receives the branch-isolated detection signal 101;
[0109] S2、 逻辑处理模块 12对所接收到的检测信号进行逻辑处理; [0109] S2. The logic processing module 12 performs logic processing on the received detection signal.
[0110] S3、 逻辑处理模块 12判断是否发生设计基准事故; 若是, 则转步骤 S4, 否则返 回步骤 S2; [0110] S3, the logic processing module 12 determines whether a design basis accident occurs; if yes, then proceeds to step S4, otherwise returns to step S2;
[0111] S4、 逻辑处理模块 12产生驱动信号 20并通过信号输出模块 13输出至执行机构 3 以驱动执行机构 3动作。  [0111] S4. The logic processing module 12 generates the driving signal 20 and outputs it to the actuator 3 through the signal output module 13 to drive the actuator 3 to operate.
[0112] 在图 3所示的核电站多样性驱动系统中, 反应堆保护系统 2的分支模块 21将检测 信号 10分支成两个相同的信号 101和 102后, 其中一个信号 102输入至反应堆紧急 停堆系统 22, 另一个信号 101输入至核电站多样性驱动系统 1的隔离模块 14中。 图 3所示核电站多样性驱动系统 1可按照如下步骤执行核电站多样性驱动方法: [0112] In the nuclear power plant diversity drive system shown in FIG. 3, the branch module 21 of the reactor protection system 2 branches the detection signal 10 into two identical signals 101 and 102, one of which is input to the reactor emergency shutdown. System 22, another signal 101 is input to the isolation module 14 of the nuclear power plant diversity drive system 1. The nuclear power plant diversity drive system shown in Figure 3 can perform the nuclear power plant diversity driving method as follows:
[0113] Sl、 隔离模块 14接收经分支的检测信号 101并对该检测信号 101进行隔离处理;[0113] Sl, the isolation module 14 receives the branched detection signal 101 and performs isolation processing on the detection signal 101;
[0114] S2、 信号接收模块 11从隔离模块 14接收经隔离后的检测信号 103; [0114] S2, the signal receiving module 11 receives the isolated detection signal 103 from the isolation module 14;
[0115] S3、 逻辑处理模块 12对所接收到的信号进行逻辑处理;  [0115] S3. The logic processing module 12 performs logic processing on the received signal.
[0116] S4、 逻辑处理模块 12判断是否发生设计基准事故; 若是, 则转步骤 S5, 否则返 回步骤 S2;  [0116] S4, the logic processing module 12 determines whether a design basis accident occurs; if yes, then proceeds to step S5, otherwise returns to step S2;
[0117] S5、 逻辑处理模块 12产生驱动信号 20并通过信号输出模块 13输出至执行机构 3 以驱动执行机构 3动作。 [0118] 类似的, 根据图 2和 4所示的核电站多样性驱动系统的具体结构以及以上对图 1 和 3的描述, 本领域技术人员可相应地得出图 2和 4所示的核电站多样性驱动系统 中所执行的核电站多样性驱动方法。 在此不再累述。 [0117] S5. The logic processing module 12 generates the driving signal 20 and outputs it to the actuator 3 through the signal output module 13 to drive the actuator 3 to operate. [0118] Similarly, according to the specific structure of the nuclear power plant diversity driving system shown in FIGS. 2 and 4 and the above description of FIGS. 1 and 3, those skilled in the art can correspondingly derive the various nuclear power plants shown in FIGS. 2 and 4. A nuclear power plant diversity driving method implemented in a sexual drive system. It will not be repeated here.
[0119] 在本发明提供的一个优选实施例中, 以上核电站多样性驱动方法的逻辑处理具 体包括以下步骤:  [0119] In a preferred embodiment provided by the present invention, the logical processing of the above nuclear power plant diversity driving method comprises the following steps:
[0120] S21、 将第一检测信号与设定值进行至少两次并行的比较以判断是否发生设计 基准事故, 并对应输出至少两个比较结果;  [0120] S21: Perform a comparison of the first detection signal and the set value in parallel at least twice to determine whether a design basis accident occurs, and output at least two comparison results correspondingly;
[0121] S22、 对所述至少两个比较结果进行表决, 当所述至少两个比较结果中有至少 两个比较结果为发生了设计基准事故吋, 则驱动信号生成步骤。  [0121] S22. Vote on the at least two comparison results, and when at least two of the at least two comparison results are that a design basis accident has occurred, the driving signal generating step is performed.
[0122] 该逻辑处理的具体步骤可由图 6和 7所示的逻辑处理模块执行。 例如, 以图 6所 示的逻辑处理模块为例介绍一个实施例。 如图 6所示, 核电站多样性驱动系统 1 的信号接收模块 11将接收到的检测信号分别发送至比较模块 121A和 121B。 比较 模块 121A和 121B将接收到的信号分别与预设值进行比较以判断是否发生设计基 准事故, 并分别输出比较结果至表决模块 122。 表决模块 122对接收到的信号进 行表决, 当比较模块 121A和 121B的比较结果都表明发生了设计基准事故吋, 表 决模块 122生成驱动信号并发送至信号输出模块 13。 信号输出模块 13进而将驱动 信号发送至执行机构 3。  [0122] The specific steps of the logic processing can be performed by the logic processing modules shown in FIGS. 6 and 7. For example, an embodiment is described by taking the logic processing module shown in FIG. 6 as an example. As shown in Fig. 6, the signal receiving module 11 of the nuclear power plant diversity driving system 1 transmits the received detection signals to the comparison modules 121A and 121B, respectively. The comparison modules 121A and 121B respectively compare the received signals with preset values to determine whether a design basis accident has occurred, and output the comparison results to the voting module 122, respectively. The voting module 122 votes on the received signal. When the comparison results of the comparison modules 121A and 121B indicate that a design basis accident has occurred, the decision module 122 generates a drive signal and transmits it to the signal output module 13. The signal output module 13 in turn sends a drive signal to the actuator 3.
[0123] 本领域技术人员在下面这个实施例的教导下, 可以根据图 7的具体结构相应推 导出另一个实施例。 在此不再累述。  [0123] Another embodiment can be derived from the specific structure of FIG. 7 by those skilled in the art in the following teachings of this embodiment. It will not be repeated here.
[0124] 优选地, 驱动信号有很多种类, 分别用于驱动不同的执行机构 3。 图 8和 11示出 了两种不同的逻辑处理模块所产生的两种不同的驱动信号。 因此, 在核电站多 样性驱动系统 1中还可执行以下步骤:  [0124] Preferably, there are many types of drive signals for driving different actuators 3, respectively. Figures 8 and 11 show two different drive signals produced by two different logic processing modules. Therefore, the following steps can also be performed in the nuclear power plant multi-drive system 1:
[0125] S31、 产生第一驱动信号 201以驱动棒控和棒位系统的电源柜动作, 从而切断控 制棒驱动机构的电源;  [0125] S31, generating a first driving signal 201 to drive the power control cabinet of the stick control and the rod position system, thereby cutting off the power of the control rod driving mechanism;
[0126] S32、 产生第二驱动信号以驱动 202专设安全设施动作。  [0126] S32. Generate a second driving signal to drive 202 the dedicated security facility to operate.
[0127] 上述两个步骤 S31和 S32可分别在如图 8和 11所示的核电站多样性驱动系统中由 反应堆停堆硬件逻辑模块 12A和专用安全设施驱动硬件逻辑模块 12B执行。 在具 体实施过程中, 图 8和 11中的两个核电站多样性驱动系统通常是合并在一个核电 站多样性驱动系统中。 因此, 上述步骤 S31和 S32通常在一个核电站多样性驱动 系统中执行。 [0127] The above two steps S31 and S32 can be performed by the reactor shutdown hardware logic module 12A and the dedicated security facility drive hardware logic module 12B in the nuclear power plant diversity drive system as shown in FIGS. 8 and 11, respectively. In the specific implementation process, the two nuclear power plant diversity drive systems in Figures 8 and 11 are usually combined in one nuclear power Station diversity drive system. Therefore, the above steps S31 and S32 are usually performed in a nuclear power plant diversity drive system.
[0128] 在本发明提供的优先实施例中, 需要对第二驱动信号进行隔离处理。 如图 11所 示, 专用安全设施驱动硬件逻辑模块 12B产生的第二驱动信号还需要经过反应堆 保护系统 2的隔离模块 23进行隔离处理后再输入至优选模块 24。 另外, 如图 12所 示, 核电站多样性驱动系统 1的隔离模块 14对专用安全设施驱动硬件逻辑模块 12 B产生的第二驱动信号进行隔离处理后与反应堆保护系统共用 2的优选模块 24。  [0128] In a preferred embodiment provided by the present invention, the second drive signal needs to be isolated. As shown in FIG. 11, the second driving signal generated by the dedicated security facility driving hardware logic module 12B also needs to be isolated by the isolation module 23 of the reactor protection system 2 and then input to the preferred module 24. In addition, as shown in FIG. 12, the isolation module 14 of the nuclear power plant diversity drive system 1 isolates the second drive signal generated by the dedicated safety facility drive hardware logic module 12B and then shares the preferred module 24 with the reactor protection system.
[0129] 在本发明提供的优选实施例中, 还需要对用于产生第一驱动信号的检测信号或 第一驱动信号进行延吋处理。 如图 9所示, 表决模块 122产生的驱动信号经过延 吋模块 123延吋后发送至信号输出模块 13。 另外, 如图 8和 10所示, 输入至反应 堆停堆硬件逻辑模块的检测信号经延吋模块 123延吋后分别输入至比较模块 121A 和 121B。 通过延吋处理, 可避免核电站多样性驱动系统 1在停堆保护吋重复动作  [0129] In a preferred embodiment provided by the present invention, it is also necessary to perform a delay process on the detection signal or the first driving signal for generating the first driving signal. As shown in FIG. 9, the driving signal generated by the voting module 122 is delayed by the delay module 123 and sent to the signal output module 13. In addition, as shown in Figures 8 and 10, the detection signals input to the reactor shutdown hardware logic module are delayed by the delay module 123 and input to the comparison modules 121A and 121B, respectively. By delaying the treatment, the nuclear power plant diversity drive system can be avoided.
[0130] 在本发明提供的优选实施例中, 核电站多样性驱动系统 1还可接收专设安全设 施的反馈信号以闭锁第一驱动信号, 从而避免重复动作。 如图 11和 12所示, 专 设安全设施 33电连接至核电站多样性驱动系统 1的信号接收模块 11, 从而为核电 站多样性驱动系统 1提供反馈信号 30。 [0130] In a preferred embodiment provided by the present invention, the nuclear power plant diversity drive system 1 can also receive a feedback signal from a dedicated safety device to block the first drive signal, thereby avoiding repetitive actions. As shown in Figures 11 and 12, the dedicated safety facility 33 is electrically coupled to the signal receiving module 11 of the nuclear power plant diversity drive system 1 to provide a feedback signal 30 for the nuclear power plant diversity drive system 1.
[0131] 在本发明提供的优选实施例中, 如图 13所示, 核电站多样性驱动系统 1还可接 收来自第三方检测系统 7的检测信号 104, 对检测信号 104进行逻辑处理以判断是 否发生设计基准事故, 并当所述判断为是吋产生驱动信号以驱动执行机构 3动作 。 优选地, 如图 13所示, 核电站多样性驱动系统 1的人机接口模块 15包括手操幵 关 151, 从而核电站多样性人机接口模块 15还可接收用户操作信号 105并发送至 信号接收模块 11。 从而, 逻辑处理模块 12根据所接收到的用户操作信号 105产生 第三驱动信号以驱动执行机构 3动作。  [0131] In a preferred embodiment provided by the present invention, as shown in FIG. 13, the nuclear power plant diversity driving system 1 can also receive the detection signal 104 from the third party detection system 7, and logically process the detection signal 104 to determine whether it occurs. The reference accident is designed, and when it is judged to be 吋, a drive signal is generated to drive the actuator 3 to operate. Preferably, as shown in FIG. 13, the human-machine interface module 15 of the nuclear power plant diversity drive system 1 includes a hand-operated switch 151, so that the nuclear power plant diversity human-machine interface module 15 can also receive the user operation signal 105 and send it to the signal receiving module. 11. Thus, the logic processing module 12 generates a third drive signal to drive the actuator 3 action based on the received user operation signal 105.
[0132] 以上所揭露的仅为本发明一种较佳实施例而已, 当然不能以此来限定本发明之 权利范围, 本领域普通技术人员可以理解实现上述实施例的全部或部分流程, 并依本发明权利要求所作的等同变化, 仍属于发明所涵盖的范围。  The above disclosure is only a preferred embodiment of the present invention, and of course, the scope of the present invention is not limited thereto, and those skilled in the art can understand all or part of the process of implementing the above embodiments, and Equivalent variations of the claims of the invention are still within the scope of the invention.

Claims

权利要求书  Claim
一种核电站多样性驱动系统, 用于在反应堆保护系统失效吋保护核电 站的安全, 其特征在于, 包括: A nuclear power plant diversity drive system for protecting the safety of a nuclear power station in the event of a reactor protection system failure, characterized by comprising:
信号接收模块, 用于接收检测信号; a signal receiving module, configured to receive a detection signal;
逻辑处理模块, 用于对所述检测信号进行逻辑处理以判断是否发生设 计基准事故, 并当所述判断为是吋产生驱动信号; a logic processing module, configured to perform logic processing on the detection signal to determine whether a design reference accident occurs, and generate a driving signal when the determination is yes;
信号输出模块, 用于将所述驱动信号输出至执行机构以驱动所述执行 机构动作。 And a signal output module, configured to output the driving signal to an actuator to drive the actuator to operate.
根据权利要求 1所示的核电站多样性驱动系统, 其特征在于, 所述多 样性驱动系统还包括人机接口模块, 用于接收所述逻辑处理模块提供 的显示信号, 从而提供安全功能参数监视信息、 报警信息以及系统和 设备状态指示; 还用于接收用户操作信号并发送至所述信号接收模块 根据权利要求 2所述的核电站多样性驱动系统, 其特征在于, 所述信 号接收模块具体地用于接收与所述反应堆保护系统共用的检测信号、 接收来自第三方检测系统的检测信号以及接收从所述人机接口模块输 入的所述用户操作信号。 The nuclear power plant diversity driving system according to claim 1, wherein the diversity driving system further comprises a human machine interface module, configured to receive a display signal provided by the logic processing module, thereby providing safety function parameter monitoring information. And the alarm information and the system and device status indication; further configured to receive the user operation signal and send the signal to the signal receiving module according to claim 2, wherein the signal receiving module is specifically used Receiving a detection signal shared with the reactor protection system, receiving a detection signal from a third party detection system, and receiving the user operation signal input from the human interface module.
根据权利要求 1所示的核电站多样性驱动系统, 其特征在于, 所述核 电站多样性驱动系统还用于接收所述执行机构的反馈信号或通过逻辑 处理进行延吋, 从而在所述反应堆保护系统正常工作吋实现自动闭锁 根据权利要求 3所示的核电站多样性驱动系统, 其特征在于, 与所述 反应堆保护系统共用的所述检测信号经隔离后输入至所述信号接收模 块。 The nuclear power plant diversity driving system according to claim 1, wherein the nuclear power plant diversity driving system is further configured to receive a feedback signal of the actuator or perform delay by logic processing, thereby operating the reactor protection system Normal operation 吋 automatic locking The nuclear power plant diversity driving system according to claim 3, wherein the detection signal shared with the reactor protection system is isolated and input to the signal receiving module.
根据权利要求 5所示的核电站多样性驱动系统, 其特征在于, 所述核 电站多样性驱动系统还包括第一隔离模块, 与所述反应堆保护系统共 用的所述检测信号经过所述第一隔离模块隔离后输入至所述信号接收 模块。 [权利要求 7] 根据权利要求 1所示的核电站多样性驱动系统, 其特征在于, 所述逻 辑处理模块包括至少两个并行的比较单元和连接至所述比较单元的表 决单元; The nuclear power plant diversity driving system according to claim 5, wherein the nuclear power plant diversity driving system further comprises a first isolation module, and the detection signal shared with the reactor protection system passes through the first isolation module After isolation, input to the signal receiving module. [Claim 7] The nuclear power plant diversity driving system according to claim 1, wherein the logic processing module includes at least two parallel comparison units and a voting unit connected to the comparison unit;
每一所述比较单元用于将所述检测信号与设定值比较以判断是否发生 设计基准事故, 并输出比较结果至所述表决单元; 所述表决单元用于对所述比较结果进行表决, 当所述至少两个比较单 元中至少有两个比较单元的比较结果为发生了设计基准事故吋, 所述 表决单元输出所述驱动信号至所述信号输出模块。  Each of the comparing units is configured to compare the detection signal with a set value to determine whether a design basis accident occurs, and output a comparison result to the voting unit; the voting unit is configured to vote on the comparison result, When the comparison result of at least two of the at least two comparison units is that a design basis accident occurs, the voting unit outputs the driving signal to the signal output module.
[权利要求 8] 根据权利要求 7所示的核电站多样性驱动系统, 其特征在于, 所述逻 辑处理模块的数量为两个, 分别为第一逻辑处理模块和第二逻辑处理 模块; 所述执行机构包括棒控和棒位系统的电源柜和专设安全设施; 所述第一逻辑处理模块用于对所述检测信号进行逻辑处理以判断是否 发生设计基准事故, 并当所述判断为发生了设计基准事故吋产生第一 驱动信号以驱动棒控和棒位系统的电源柜动作, 从而切断控制棒驱动 机构的电源; [Claim 8] The nuclear power plant diversity driving system according to claim 7, wherein the number of the logic processing modules is two, respectively a first logic processing module and a second logic processing module; The mechanism includes a power cabinet and a dedicated safety device of the stick control and the stick system; the first logic processing module is configured to perform logic processing on the detection signal to determine whether a design basis accident occurs, and when the judgment is that Designing a reference accident to generate a first drive signal to drive the power cabinet operation of the bar control and the rod system, thereby cutting off the power of the control rod drive mechanism;
所述第二逻辑处理模块用于对所述检测信号进行逻辑处理以判断是否 发生设计基准事故, 并当所述判断为发生了设计基准事故吋产生第二 驱动信号以驱动专设安全设施动作。  The second logic processing module is configured to logically process the detection signal to determine whether a design basis accident occurs, and generate a second driving signal to drive the dedicated safety facility action when the designation is determined to have occurred.
[权利要求 9] 根据权利要求 8所示的核电站多样性驱动系统, 其特征在于, 所述核 电站多样性驱动系统还包括第二隔离模块, 所述第二驱动信号经所述 第二隔离模块隔离后发送至设备接口模块的优选单元, 通过所述优选 单元发送至专设安全设施动作。 [Claim 9] The nuclear power plant diversity driving system according to claim 8, wherein the nuclear power plant diversity driving system further comprises a second isolation module, wherein the second driving signal is isolated by the second isolation module The preferred unit that is then sent to the device interface module is sent to the dedicated security facility action by the preferred unit.
[权利要求 10] 根据权利要求 8所示的核电站多样性驱动系统, 其特征在于, 所述第 [Claim 10] The nuclear power plant diversity driving system according to claim 8, wherein:
一逻辑模块还包括延吋单元, 所述延吋单元用于对所述第一逻辑模块 的输入信号或输出信号进行延吋。  A logic module further includes a delay unit for delaying an input signal or an output signal of the first logic module.
[权利要求 11] 根据权利要求 8所示的核电站多样性驱动系统, 其特征在于, 所述信 号接收模块还用于接收来自所述专设安全设施的反馈信号以闭锁所述 第二驱动信号。 根据权利要求 1所述的核电站多样性驱动系统, 其特征在于, 所述逻 辑处理模块还包括预期瞬态不停堆保护逻辑模块, 用于应对停堆保护 系统在停堆过程中拒动; 所述预期瞬态不停堆保护逻辑模块包括三个 第一比较器、 两个第二比较器、 三选二表决器、 第一与门和第二与门 所述三个第一比较器分别用于判断三个蒸汽发生器的给水量, 所述三 个第一比较器输出端分别连接至所述三选二表决器的输入端; 所述两 个第二比较器分别用于判断两组反应堆的堆功率, 所述两个第二比较 器的输出端分别连接至所述第一与门的输入端; 所述表决器和所述第 一与门的输出端分别连接至所述第二与门的输入端, 所述第二与门的 输出端连接至所述执行机构。 [Claim 11] The nuclear power plant diversity driving system according to claim 8, wherein the signal receiving module is further configured to receive a feedback signal from the dedicated safety facility to block the second driving signal. The nuclear power plant diversity driving system according to claim 1, wherein the logic processing module further comprises an expected transient non-stop reactor protection logic module, configured to respond to the shutdown protection system from being rejected during the shutdown process; The expected transient non-stop stack protection logic module includes three first comparators, two second comparators, three-two-vote, first and second AND gates, and the first three comparators respectively For determining the water supply amount of the three steam generators, the three first comparator outputs are respectively connected to the input ends of the three-selection two-voter; the two second comparators are respectively used to judge two groups of reactors Stacking power, the outputs of the two second comparators are respectively connected to the input ends of the first AND gate; the voter and the output of the first AND gate are respectively connected to the second An input of the door, the output of the second AND gate is coupled to the actuator.
一种核电站多样性驱动方法, 用于在反应堆保护系统失效吋保护核电 站安全, 其特征在于, 包括以下步骤: A nuclear power plant diversity driving method for protecting nuclear power station safety in the event of failure of a reactor protection system, characterized in that it comprises the following steps:
51、 接收检测信号;  51. Receiving a detection signal;
52、 对所述检测信号进行逻辑处理以判断是否发生设计基准事故; 若 是, 则转步骤 S3, 否则继续步骤 S2;  52, the detection signal is logically processed to determine whether a design basis accident occurs; if yes, go to step S3, otherwise continue to step S2;
53、 产生驱动信号以驱动执行机构动作。  53. Generate a drive signal to drive the actuator action.
根据权利要求 13所述的核电站多样性驱动方法, 其特征在于, 还包括 以下步骤: The nuclear power plant diversity driving method according to claim 13, characterized by further comprising the steps of:
54、 输出显示信息以显示安全功能参数监视信息、 报警信息以及系统 和设备状态指示并接收用户操作信号。  54. Output display information to display safety function parameter monitoring information, alarm information, and system and device status indications and receive user operation signals.
根据权利要求 14所述的核电站多样性驱动方法, 其特征在于, 所述步 骤 S1具体包括: 接收与所述反应堆保护系统共用的检测信号、 接收来 自第三方检测系统的检测信号或接收从人机接口模块输入的所述用户 操作信号。 The nuclear power plant diversity driving method according to claim 14, wherein the step S1 specifically comprises: receiving a detection signal shared with the reactor protection system, receiving a detection signal from a third-party detection system, or receiving a human-machine The user operation signal input by the interface module.
根据权利要求 13所述的核电站多样性驱动方法, 其特征在于, 还包括 以下步骤: The nuclear power plant diversity driving method according to claim 13, characterized by further comprising the steps of:
55、 接收所述执行机构的反馈信号或通过逻辑处理进行延吋, 从而在 所述反应堆保护系统正常工作吋实现自动闭锁。 55. Receiving a feedback signal of the executing mechanism or delaying by logic processing, thereby The reactor protection system operates normally and achieves automatic blocking.
根据权利要求 15所述的核电站多样性驱动方法, 其特征在于, 在所述 步骤 S1之中, 所述检测信号是经过隔离处理的。 The nuclear power plant diversity driving method according to claim 15, wherein in the step S1, the detection signal is subjected to isolation processing.
根据权利要求 17所述的核电站多样性驱动方法, 其特征在于, 在所述 步骤 S1之前还包括: The nuclear power plant diversity driving method according to claim 17, wherein before the step S1, the method further comprises:
so、 对与所述反应堆保护系统共用的所述检测信号进行隔离处理。 根据权利要求 13所述的核电站多样性驱动方法, 其特征在于, 所述步 骤 S2还包括: So, isolating the detection signal shared with the reactor protection system. The nuclear power plant diversity driving method according to claim 13, wherein the step S2 further comprises:
S2 将所述检测信号与设定值进行至少两次并行的比较以判断是否 发生设计基准事故, 并对应输出至少两个比较结果;  S2 performing at least two parallel comparisons of the detection signal and the set value to determine whether a design basis accident occurs, and correspondingly outputting at least two comparison results;
S22、 对所述至少两个比较结果进行表决, 当所述至少两个比较结果 中有两个比较结果为发生了设计基准事故吋, 则转所述步骤 S3, 否则 返回步骤 S21。 S22. Vote on the at least two comparison results. When two of the at least two comparison results are that a design basis accident has occurred, the process proceeds to step S3, otherwise, the process returns to step S21.
根据权利要求 19所述的核电站多样性驱动方法, 其特征在于, 所述执 行机构包括棒控和棒位系统的电源柜和专设安全设施, 所述步骤 S3还 包括: The nuclear power plant diversity driving method according to claim 19, wherein the executing mechanism comprises a power supply cabinet and a dedicated safety facility of the bar control and the bar system, and the step S3 further comprises:
S3 产生第一驱动信号以驱动棒控和棒位系统的电源柜动作, 从而 切断控制棒驱动机构的电源;  S3 generates a first driving signal to drive the power cabinet operation of the stick control and the rod system, thereby cutting off the power of the control rod driving mechanism;
S32、 产生第二驱动信号以驱动专设安全设施动作。  S32. Generate a second driving signal to drive an exclusive safety facility action.
根据权利要求 20所述的核电站多样性驱动方法, 其特征在于, 所述步 骤 S31还包括: 对所产生的第二驱动信号进行隔离处理, 然后发送至 设备接口模块的优选单元, 通过所述优选单元发送至所述专设安全设 施。 The nuclear power plant diversity driving method according to claim 20, wherein the step S31 further comprises: performing isolation processing on the generated second driving signal, and then transmitting the preferred unit to the device interface module, by using the preferred The unit sends to the dedicated security facility.
根据权利要求 20所述的核电站多样性驱动方法, 其特征在于, 所述步 骤 S32还包括: 对所述第一检测信号或所述第一驱动信号进行延吋。 根据权利要求 19所述的核电站多样性驱动方法, 其特征在于, 还包括 以下步骤: The nuclear power plant diversity driving method according to claim 20, wherein the step S32 further comprises: delaying the first detection signal or the first driving signal. The nuclear power plant diversity driving method according to claim 19, further comprising the following steps:
S6、 接收所述专设安全设施的反馈信号以闭锁所述第二驱动信号。 [权利要求 24] 根据权利要求 13所述的核电站多样性驱动方法, 其特征在于, 还包括 S6. Receive a feedback signal of the dedicated security facility to block the second driving signal. [Claim 24] The nuclear power plant diversity driving method according to claim 13, further comprising
S7、 通过预期瞬态不停堆保护逻辑模块进行逻辑处理, 以应对停堆保 护系统在停堆过程中拒动; 所述预期瞬态不停堆保护逻辑模块包括三 个第一比较器、 两个第二比较器、 三选二表决器、 第一与门和第二与 门; S7. Perform logic processing by the expected transient non-stop heap protection logic module to respond to the shutdown protection system from being rejected during the shutdown process; the expected transient non-stop heap protection logic module includes three first comparators, two a second comparator, a three-two voter, a first AND gate and a second AND gate;
所述三个第一比较器分别用于判断三个蒸汽发生器的给水量, 所述三 个第一比较器输出端分别连接至所述三选二表决器的输入端; 所述两 个第二比较器分别用于判断两组反应堆的堆功率, 所述两个第二比较 器的输出端分别连接至所述第一与门的输入端; 所述表决器和所述第 一与门的输出端分别连接至所述第二与门的输入端, 所述第二与门的 输出端连接至所述执行机构。  The three first comparators are respectively configured to determine the water supply amount of the three steam generators, and the three first comparator outputs are respectively connected to the input ends of the three-selection two voter; The two comparators are respectively configured to determine the stack power of the two groups of reactors, the outputs of the two second comparators are respectively connected to the input ends of the first AND gate; the voter and the first AND gate The output ends are respectively connected to the input ends of the second AND gate, and the output ends of the second AND gates are connected to the actuator.
[权利要求 25] —种多样性保护系统, 用于保护核电站的安全, 其特征在于, 包括反 应堆保护系统、 多样性驱动系统和执行机构; [Claim 25] a diversity protection system for protecting the safety of a nuclear power plant, characterized by comprising a reactor protection system, a diversity drive system and an actuator;
所述反应堆保护系统用于在核电站发生设计基准事故吋驱动所述执行 机构动作;  The reactor protection system is configured to drive the actuator action when a design basis accident occurs at the nuclear power plant;
所述多样性驱动系统用作所述反应堆保护系统的后备设备, 用于在核 电站发生设计基准事故吋驱动所述执行机构动作; 所述多样性驱动系 统包括:  The versatile drive system is used as a backup device for the reactor protection system for driving a design basis accident at a nuclear power plant to drive the actuator action; the versatile drive system includes:
信号接收模块, 用于接收检测信号;  a signal receiving module, configured to receive a detection signal;
逻辑处理模块, 用于对所述检测信号进行逻辑处理以判断是否发生设 计基准事故, 并当所述判断为是吋产生驱动信号; 信号输出模块, 用于将所述驱动信号输出至执行机构以驱动所述执行 机构动作。  a logic processing module, configured to perform logic processing on the detection signal to determine whether a design basis accident occurs, and when the determination is to generate a driving signal, the signal output module is configured to output the driving signal to the actuator The actuator action is driven.
[权利要求 26] 根据权利要求 25所示的核电站多样性驱动系统, 其特征在于, 所述多 样性驱动系统还包括人机接口模块, 用于接收所述逻辑处理模块提供 的显示信号, 从而提供安全功能参数监视信息、 报警信息以及系统和 设备状态指示; 还用于接收用户操作信号并发送至所述信号接收模块 [权利要求 27] 根据权利要求 25所示的核电站多样性保护系统, 其特征在于, 所述核 电站多样性驱动系统还用于接收所述执行机构的反馈信号或通过逻辑 处理进行延吋, 从而在所述反应堆保护系统正常工作吋实现自动闭锁 [Claim 26] The nuclear power plant diversity driving system according to claim 25, wherein the diversity driving system further includes a human machine interface module, configured to receive a display signal provided by the logic processing module, thereby providing Safety function parameter monitoring information, alarm information, and system and device status indication; also for receiving a user operation signal and transmitting to the signal receiving module [Claim 27] The nuclear power plant diversity protection system according to claim 25, wherein the nuclear power plant diversity driving system is further configured to receive a feedback signal of the actuator or perform delay by logic processing, thereby The reactor protection system works normally and realizes automatic locking
PCT/CN2015/094496 2015-11-12 2015-11-12 Nuclear power plant diverse driving system, method and diverse protection system WO2017079950A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
PCT/CN2015/094496 WO2017079950A1 (en) 2015-11-12 2015-11-12 Nuclear power plant diverse driving system, method and diverse protection system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/CN2015/094496 WO2017079950A1 (en) 2015-11-12 2015-11-12 Nuclear power plant diverse driving system, method and diverse protection system

Publications (1)

Publication Number Publication Date
WO2017079950A1 true WO2017079950A1 (en) 2017-05-18

Family

ID=58695867

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2015/094496 WO2017079950A1 (en) 2015-11-12 2015-11-12 Nuclear power plant diverse driving system, method and diverse protection system

Country Status (1)

Country Link
WO (1) WO2017079950A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110444305A (en) * 2019-08-13 2019-11-12 中国核动力研究设计院 A kind of Digital Reactor Protection System of optimization

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101968974A (en) * 2010-08-09 2011-02-09 中广核工程有限公司 Protecting system of nuclear power station reactor
CN103400623A (en) * 2013-07-30 2013-11-20 中广核工程有限公司 Protection method and system for digitalized instrument control diversity of nuclear power station
CN103700414A (en) * 2013-12-10 2014-04-02 中广核工程有限公司 Diversity driving system and method for nuclear power plant
CN104485142A (en) * 2014-12-08 2015-04-01 中广核工程有限公司 Diversified driving method, diversified driving device and diversified driving system for nuclear power station
WO2015112304A2 (en) * 2013-12-31 2015-07-30 Nuscale Power, Llc Nuclear reactor protection systems and methods
CN105448368A (en) * 2015-11-12 2016-03-30 中广核工程有限公司 Nuclear power plant diversity driving system, nuclear power plant diversity driving method and diversity protection system

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101968974A (en) * 2010-08-09 2011-02-09 中广核工程有限公司 Protecting system of nuclear power station reactor
CN103400623A (en) * 2013-07-30 2013-11-20 中广核工程有限公司 Protection method and system for digitalized instrument control diversity of nuclear power station
CN103700414A (en) * 2013-12-10 2014-04-02 中广核工程有限公司 Diversity driving system and method for nuclear power plant
WO2015112304A2 (en) * 2013-12-31 2015-07-30 Nuscale Power, Llc Nuclear reactor protection systems and methods
CN104485142A (en) * 2014-12-08 2015-04-01 中广核工程有限公司 Diversified driving method, diversified driving device and diversified driving system for nuclear power station
CN105448368A (en) * 2015-11-12 2016-03-30 中广核工程有限公司 Nuclear power plant diversity driving system, nuclear power plant diversity driving method and diversity protection system

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
CAO, JIANTING ET AL.: "Analysis of Diversified Protection and Control Functions Implemented in DCS for Nuclear Power Plants", MODERN ELECTRIC POWER, vol. 24, no. 6, 31 December 2007 (2007-12-31), ISSN: 1007-2322 *

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110444305A (en) * 2019-08-13 2019-11-12 中国核动力研究设计院 A kind of Digital Reactor Protection System of optimization

Similar Documents

Publication Publication Date Title
GB2544355A (en) Diverse actuation system and method and diverse protection system in a nuclear power plant
KR100980043B1 (en) System and method of protecting a power plant using FPGA
CN103700414B (en) Diversity driving system and method for nuclear power plant
US9997265B2 (en) Safety system for a nuclear power plant and method for operating the same
WO2016091158A1 (en) Diversity drive method, device and system for nuclear power plant
GB2545511A (en) Reactor protection system of nuclear power plant and safety control method thereof
CN103400623A (en) Protection method and system for digitalized instrument control diversity of nuclear power station
KR100848881B1 (en) Digital Security System for Nuclear Power Plant
JP2017501419A5 (en)
EP2463864A2 (en) Nuclear reactor shutdown system
US20180330837A1 (en) Digital protection system for nuclear power plant
WO2017079950A1 (en) Nuclear power plant diverse driving system, method and diverse protection system
WO2017101031A1 (en) Nuclear power plant reactor protection system and safety control method therein
KR101042030B1 (en) Plant protection system using integration of bistable and coincidence logic
KR101681978B1 (en) Reactor Protection System Having Different Kind of Control Apparatus
CN109519234B (en) Protection method for preventing small steam turbine from refusing operation
WO2014031039A2 (en) Microprocessor-based control system with backup for controlling a turbine regulation and security system
CN103257611A (en) Accelerator vacuum interlocking system based on dual modular redundancy comparative structure
KR101831398B1 (en) Diverse Protection System
JP7368955B2 (en) Power generation equipment management device, power generation system, power generation equipment management method, and program
CA3194191A1 (en) Control switching device
KR101072221B1 (en) Digital engineered safety feature-component control system
KR20170075970A (en) Wind park control system and system protection method thereof
CN206332632U (en) A kind of control rod power-supply system protection and control system
CN106684840B (en) Method is exported when direct current protecting is unavailable in a kind of direct current polar control system

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 15908080

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 15908080

Country of ref document: EP

Kind code of ref document: A1