WO2017079950A1 - Système d'entraînement divers de centrale nucléaire, procédé et système de protection divers - Google Patents

Système d'entraînement divers de centrale nucléaire, procédé et système de protection divers Download PDF

Info

Publication number
WO2017079950A1
WO2017079950A1 PCT/CN2015/094496 CN2015094496W WO2017079950A1 WO 2017079950 A1 WO2017079950 A1 WO 2017079950A1 CN 2015094496 W CN2015094496 W CN 2015094496W WO 2017079950 A1 WO2017079950 A1 WO 2017079950A1
Authority
WO
WIPO (PCT)
Prior art keywords
signal
nuclear power
power plant
module
driving
Prior art date
Application number
PCT/CN2015/094496
Other languages
English (en)
Chinese (zh)
Inventor
杨震
任立永
田亚杰
史觊
汪伟
梁玲
李静
谭国成
周叶翔
张小茹
彭华清
陈卫华
黄伟军
江辉
Original Assignee
中广核工程有限公司
中国广核集团有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中广核工程有限公司, 中国广核集团有限公司 filed Critical 中广核工程有限公司
Priority to PCT/CN2015/094496 priority Critical patent/WO2017079950A1/fr
Publication of WO2017079950A1 publication Critical patent/WO2017079950A1/fr

Links

Classifications

    • GPHYSICS
    • G21NUCLEAR PHYSICS; NUCLEAR ENGINEERING
    • G21DNUCLEAR POWER PLANT
    • G21D3/00Control of nuclear power plant
    • G21D3/04Safety arrangements
    • G21D3/06Safety arrangements responsive to faults within the plant
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02EREDUCTION OF GREENHOUSE GAS [GHG] EMISSIONS, RELATED TO ENERGY GENERATION, TRANSMISSION OR DISTRIBUTION
    • Y02E30/00Energy generation of nuclear origin

Definitions

  • the present invention relates to the field of nuclear power technology, and in particular, to a nuclear power plant diversity driving system and method, and a diversity protection system.
  • Digital Instrument Control System has been developed and applied in nuclear power plant safety level control system due to its simplified control logic, flexible configuration capability and powerful self-diagnosis function. It is used as nuclear power plant reactor protection system. Digital protection system in the middle. However, digital protection systems are susceptible to common cause failures due to features such as centralized functionality, shared software, and widespread adoption of communication technologies. For reactor protection systems that implement reactor safety functions, in the event of a design basis accident, if the digital protection system fails to perform its critical functions due to a common cause failure, the accident will develop into an overdesign basis accident and further jeopardize the safety of the reactor.
  • the prior art provides a nuclear power plant diversity driving system.
  • the nuclear power plant diversity drive system is used as a nuclear power plant diversity backup device for the reactor protection system, and the protection function is realized after the reactor protection system fails.
  • a known technology nuclear power plant diversity drive system primarily implements protection functions through an emergency control panel (ECP), a backup tray (BUP), and an auxiliary relay cabinet (ARC).
  • ECP emergency control panel
  • BUP backup tray
  • ARC auxiliary relay cabinet
  • the operator manually inputs the system-level control signal and the device-level control signal into the auxiliary relay cabinet by manually operating the emergency control panel and the backup disk, so that the auxiliary relay cabinet can protect the system and the field device respectively.
  • the display and indication of important parameters of the nuclear power station can be obtained through the backup disk.
  • the technical problem to be solved by the embodiments of the present invention is to meet the needs of the existing nuclear power plant diversity driving system.
  • the defect of manual intervention by the operator provides a nuclear power plant diversity driving system and method capable of automatically implementing the protection function and a nuclear power plant diversity protection system including the nuclear power plant diversity driving system.
  • an embodiment of the present invention provides a nuclear power plant diversity driving system for protecting a nuclear power plant from failure in a reactor protection system failure, comprising: a signal receiving module, configured to receive a detection signal a logic processing module, configured to perform logic processing on the detection signal to determine whether a design basis accident occurs, and when the determination is yes, generate a driving signal; and a signal output module, configured to output the driving signal to the actuator To drive the actuator action.
  • the diversity driving system further includes a human machine interface module, configured to receive a display signal provided by the logic processing module, thereby providing security function parameter monitoring information, alarm information, and system and device status indication; And configured to receive a user operation signal and send the signal to the signal receiving module.
  • a human machine interface module configured to receive a display signal provided by the logic processing module, thereby providing security function parameter monitoring information, alarm information, and system and device status indication; And configured to receive a user operation signal and send the signal to the signal receiving module.
  • the signal receiving module is specifically configured to receive a detection signal shared by the reactor protection system, receive a detection signal from a third-party detection system, and receive the user input from the human-machine interface module. Operation signal.
  • the nuclear power plant diversity driving system is further configured to receive a feedback signal of the actuator or perform delay by logic processing to implement automatic locking after the reactor protection system works normally.
  • the detection signal shared with the reactor protection system is isolated and input to the signal receiving module.
  • the nuclear power plant diversity driving system further includes a first isolation module, and the detection signal shared with the reactor protection system is isolated by the first isolation module and input to the signal receiving module.
  • the logic processing module includes at least two parallel comparison units and a voting unit connected to the comparison unit; each of the comparison units is configured to compare the detection signal with a set value to determine Whether a design basis accident occurs, and outputs a comparison result to the voting unit; the voting unit is configured to vote on the comparison result, when a comparison result of at least two of the at least two comparison units is generated After the design basis event, the voting unit outputs the driving signal to the signal output module.
  • the number of the logical processing modules is two, respectively a first logical processing module and a second logical processing module;
  • the executing mechanism includes a power control cabinet and a dedicated security facility of the stick control and the rod system
  • the first logic processing module is configured to perform logic processing on the detection signal to determine whether a design basis accident occurs, and generate a first driving signal to drive the stick control and the rod position when the designation is that a design basis accident occurs.
  • the power cabinet of the system operates to cut off the power of the control rod drive mechanism;
  • the second logic processing module is configured to perform logic processing on the detection signal to determine whether a design basis accident occurs, and when the determination is that a design basis has occurred The accident generates a second drive signal to drive the action of the dedicated safety facility
  • the nuclear power plant diversity driving system further includes a second isolation module, and the second driving signal is isolated by the second isolation module and sent to a preferred unit of the device interface module, and sent by the preferred unit To the special safety facilities action.
  • the first logic module further includes a delay unit, wherein the delay unit is configured to delay an input signal or an output signal of the first logic module.
  • the signal receiving module is further configured to receive a feedback signal from the dedicated security facility to block the second driving signal.
  • the logic processing module further includes an expected transient non-stop heap protection logic module, configured to respond to the shutdown protection system from being rejected during the shutdown process;
  • the expected transient non-stop heap protection logic module includes Three first comparators, two second comparators, three-two comparators, first AND gates and second AND gates; the three first comparators are respectively used for determining the water supply amount of the three steam generators
  • the three first comparator outputs are respectively connected to the input ends of the three-selection two-voter;
  • the two second comparators are respectively used to determine the stack power of the two groups of reactors, the two second An output of the comparator is respectively connected to an input end of the first AND gate; an output end of the voter and the first AND gate is respectively connected to an input end of the second AND gate, the second The output of the door is connected to the actuator.
  • the present invention also provides a nuclear power plant diversity driving method for protecting a nuclear power plant safety after a reactor protection system fails, comprising the following steps:
  • the detection signal is logically processed to determine whether a design basis accident occurs; if yes, then go to step S3, otherwise continue to step S2; [0022] S3. Generate a driving signal to drive the actuator action.
  • the diversity driving method further includes the following steps:
  • S4. Output display information to display security function parameter monitoring information, alarm information, and system and device status indications and receive user operation signals.
  • the step S1 specifically includes: receiving a detection signal shared by the reactor protection system, receiving a detection signal from a third-party detection system, or receiving the user operation signal input from a human-machine interface module.
  • the diversity driving method further includes the following steps:
  • S5. Receive a feedback signal of the actuator or perform delay by logic processing to implement automatic blocking after the reactor protection system works normally.
  • the detection signal is isolated.
  • the method further includes:
  • the step S2 further includes:
  • step S22 Vote on the at least two comparison results.
  • the process proceeds to step S3, otherwise returns to step S21.
  • the executing mechanism comprises a power cabinet and a special safety device of the bar control and the stick system
  • the step S3 further comprises:
  • the step S31 further comprises: isolating the generated second driving signal, and then sending the information to the preferred unit of the device interface module, and sending, by the preferred unit, the dedicated security device
  • the step S32 further includes: delaying the first detection signal or the first driving signal.
  • the diversity driving method further includes the following steps:
  • S6 Receive a feedback signal of the dedicated security facility to block the second driving signal.
  • the diversity driving method further includes the following steps:
  • the expected transient non-stop heap protection logic module includes three first comparisons. , two second comparators, three-two-vote, first and second AND gates;
  • the three first comparators are respectively used to determine the water supply amount of the three steam generators, and the three first comparator outputs are respectively connected to the input ends of the three-selection two voter;
  • Two second comparators are respectively used to determine the stack power of the two groups of reactors, and the outputs of the two second comparators are respectively connected to the input ends of the first AND gate;
  • the voter and the first An output of the AND gate is coupled to an input of the second AND gate, and an output of the second AND gate is coupled to the actuator.
  • the present invention also provides a diversity protection system for protecting the safety of a nuclear power plant, including a reactor protection system, a diversity drive system, and an actuator;
  • the reactor protection system is used to drive the actuator action when a design basis accident occurs at the nuclear power plant
  • the diversity drive system is used as a backup device of the reactor protection system, and is used to drive the actuator action when a design basis accident occurs in the nuclear power plant;
  • the diversity drive system includes:
  • a signal receiving module configured to receive a detection signal
  • a logic processing module configured to perform logic processing on the detection signal to determine whether a design basis event occurs, and when the determination is yes, generate a driving signal
  • a signal output module configured to output the driving signal to an actuator to drive the actuator to act
  • the multi-function drive system further includes a human-machine interface module, configured to receive a display signal provided by the logic processing module, thereby providing security function parameter monitoring information, alarm information, and system and device status indications; And configured to receive a user operation signal and send the signal to the signal receiving module.
  • a human-machine interface module configured to receive a display signal provided by the logic processing module, thereby providing security function parameter monitoring information, alarm information, and system and device status indications; And configured to receive a user operation signal and send the signal to the signal receiving module.
  • the nuclear power plant diversity driving system is further configured to receive a feedback signal of the actuator or perform delay by logic processing, so as to achieve automatic locking after the reactor protection system works normally.
  • Advantageous effects of the invention Beneficial effect
  • the embodiments of the present invention have the following beneficial effects:
  • the present invention can automatically detect a design basis accident and generate a driving signal to automatically control the actuator action, thereby avoiding a total of reactor protection systems due to design basis accidents.
  • the user is required to manually operate to control the actuator action. Therefore, the present invention can reduce the operational requirements of the user, improve the ability of the nuclear power plant to cope with common faults, and thereby improve the safety of the nuclear power plant.
  • the present invention provides a special nuclear power plant diversity human-machine interface module, which effectively reduces the size of the backup disk, and makes the human-machine interaction function more expandable, and is no longer limited to the original design of the backup disk.
  • FIG. 1 is a block diagram showing the structure of a nuclear power plant diversity protection system according to a first embodiment of the present invention
  • FIG. 2 is a block diagram showing the structure of a nuclear power plant diversity protection system according to a second embodiment of the present invention.
  • FIG. 3 is a block diagram showing the structure of a nuclear power plant diversity protection system according to a third embodiment of the present invention.
  • FIG. 4 is a block diagram showing the structure of a nuclear power plant diversity protection system according to a fourth embodiment of the present invention.
  • FIG. 5 is a block diagram showing the structure of a first embodiment of the nuclear power plant diversity driving system of FIG. 1;
  • FIG. 6 is a block diagram showing the structure of an embodiment of the logic processing module of FIG. 5;
  • FIG. 7 is a block diagram showing the structure of another embodiment of the logic processing module of FIG. 5;
  • FIG. 8 is a block diagram showing the structure of a second embodiment of the nuclear power plant diversity driving system of FIG. 1;
  • FIG. 9 is a block diagram showing the structure of an embodiment of the logic processing module of FIG. 8;
  • FIG. 10 is a block diagram showing the structure of another embodiment of the logic processing module of FIG. 8;
  • FIG. 11 is a block diagram showing the structure of a third embodiment of the nuclear power plant diversity driving system of FIG. 1;
  • FIG. 12 is a block diagram showing the structure of a fourth embodiment of the nuclear power plant diversity driving system of FIG. 1;
  • FIG. 13 is a block diagram showing the structure of a nuclear power plant diversity protection system according to a fifth embodiment of the present invention.
  • 14 is a block diagram showing the structure of still another embodiment of the logic processing module of FIG. 5; 15 is a flow chart of a nuclear power plant diversity driving method according to a first embodiment of the present invention.
  • the nuclear power plant diversity protection system includes a reactor protection system 2, a multi-function drive system 1 and an actuator 3.
  • the Reactor Protection System 2 is a safety system for detecting nuclear power plants that deviate from acceptable conditions and issue instructions to maintain safety. It is used to protect the integrity of the three nuclear safety barriers (ie, fuel cladding, primary circuit pressure boundaries, and containment). When the operating parameters reach the threshold that jeopardizes the three barriers, the reactor is shut down urgently and the dedicated safety facilities are activated as necessary.
  • the reactor emergency shutdown system 22 in the reactor protection system 2 typically performs protection logic in software.
  • the reactor stack emergency shutdown system 22 includes a reactor shutdown software logic module 222 and a dedicated safety facility driver software logic module 224. Both logic modules operate the shutdown and drive logic in a software-only manner to control the shutdown circuit breaker 31 and the dedicated safety facility 33 to perform protection actions.
  • the diversity drive system 1 is used as a backup system for the reactor protection system 2, and the reactor protection system 2 fails to protect the safety of the nuclear power plant.
  • the diversity drive system 1 performs protection logic in pure hardware.
  • the implementation of protection logic in software mode is prone to common cause failures due to the transmission of design basis accidents by nuclear power plants, and the loss of protection of nuclear power plant safety.
  • the implementation of protection logic in pure hardware can effectively avoid common cause failures due to design basis accidents. Therefore, the reactor protection system 2 is effectively complemented by the diversity drive system 1 to ensure the safety of the nuclear power plant.
  • the actuator 3 mainly includes a stick control and stick system and a dedicated safety facility.
  • the rod control and rod system is used to lift, insert, maintain and monitor the position of each control rod in the reactor to achieve reactor reactor start-up, shutdown and stable operation.
  • Special safety facilities mainly include safety injection system, containment, containment spray system, containment isolation system and auxiliary.
  • the safety injection system is used to inject cooling water into the core to prevent the core from melting.
  • the containment is used to house the reactor pressure vessel and part of the safety system (including primary circuit main system and equipment, shutdown cooling system), completely isolated from the external environment to achieve a security screen The function of the barrier.
  • the containment spray system is used to spray a boron-containing water into the containment after a water loss accident or a main steam pipe breaks in the containment of the nuclear power plant, limiting the pressure in the containment to increase sharply and shortening the high pressure to maintain the peak time and reduce the peak pressure. And temperature to prevent overpressure failure of the containment.
  • the auxiliary water supply system is used to supply water to the steam generator to protect the steam generator and prevent the occurrence of core melting accidents.
  • the diversity drive system 1 includes: a signal receiving module 11, a logic processing module 12, and a signal output module 13.
  • the working principle of the nuclear power plant diversity driving system 1 is as follows: The signal receiving module 11 receives the detection signal 10, and then the logic processing module 12 performs logic processing on the detection signal 10 to determine whether a design basis accident occurs, and if a design basis accident occurs, logic processing Module 12 generates drive signal 20 and transmits it to actuator 3 via signal output module 13 to drive actuator 3 action.
  • the detection signal 10 is only input to the reactor protection system 2, and the reactor emergency shutdown system 22 in the reactor protection system 2 logically processes the detection signal 10 to determine whether a design basis accident has occurred and correspondingly A drive signal is generated to drive the actuator action to achieve a protection function.
  • the nuclear power plant diversity drive system 1 of the present invention directly receives the detection signal 10 supplied to the reactor protection system 2, and performs the same or improved logic processing as the reactor protection system, thereby generating a drive signal 20 to drive execution in the event of a design basis accident.
  • Mechanism 3 action In the reactor emergency shutdown system 22, the logic processing is implemented by application software, and in the nuclear power plant diversity drive system 1, the logic processing is implemented by hardware.
  • the existing reactor protection system 2 plus the nuclear power plant diversity drive system 1 of the present application enables the nuclear power plant to have the protection function of the nuclear power plant diversity.
  • the nuclear power plant diversity driving system 1 further includes a human machine interface module 15 for receiving the display signal 40 provided by the logic processing module 12 and displaying security function parameter monitoring information, Alarm information and system and device status indications.
  • the human interface module 15 can also receive the user's operation and send the user operation signal 105 to the signal receiving module 11.
  • the detection signal 10 input to the reactor protection system includes: a power range neutron fluence rate signal of the nuclear instrumentation system, a pressure signal of a regulator of the reactor coolant system, a steam generator in the feed water flow control system The water level signal and the pressure signal of the main steam system.
  • the diversity drive system 1 provided by the present application can perform logical processing based on these detection signals shared with the reactor protection system 2 to determine whether a design basis accident occurs, and can also perform logic processing based on other signals to determine whether a design basis accident occurs. .
  • the diversity drive system 1 can also receive the third The detection signal 104 provided by the square detection system 7 logically processes the detection signal 104 to determine whether a design basis accident has occurred.
  • the diversity drive system 1 can also generate the drive signal 20 based on the operation signal 105 input by the user.
  • the third-party detection system mainly includes: a nuclear instrumentation system, a power plant radiation monitoring system, a stick control, and a rod position system.
  • the diversity drive system 1 can directly acquire detection signals from these systems, perform logic processing and generate drive signals accordingly.
  • the above-mentioned nuclear power plant diversity driving system realizes automatic detection of design basis accidents and correspondingly generates driving signals to automatically control the action of the actuator, thereby avoiding a situation in which the reactor protection system causes a common cause failure due to a design basis accident.
  • Manual user action is required to control actuator action. Therefore, the present invention can reduce the operational requirements of the user, improve the ability of the nuclear power plant to cope with common cause failures, and thereby improve the safety of the nuclear power plant.
  • the present invention provides a special human-machine interface module, which effectively reduces the size of the backup disk, and makes the human-computer interaction function more expandable, and is no longer limited to the original design of the backup disk.
  • the detection signals 10 shared with the reactor protection system 2 are branched and isolated and input to the reactor protection system 2 and the nuclear power plant diversity drive system 1, respectively.
  • the reactor protection system 2 includes a branch and isolation module 21.
  • the branch and isolation module 21 branches the detection signal 10 in the input reactor protection system 2 into two identical signals 102 and 101 and inputs them to the reactor emergency shutdown system 22 and the signal receiving module 11, respectively, and the same two signals The 101 and 102 are isolated so that the signal 101 input to the signal receiving module 11 is not affected by the reactor protection system 2.
  • FIG. 1 the reactor protection system 2 includes a branch and isolation module 21.
  • the branch and isolation module 21 branches the detection signal 10 in the input reactor protection system 2 into two identical signals 102 and 101 and inputs them to the reactor emergency shutdown system 22 and the signal receiving module 11, respectively, and the same two signals The 101 and 102 are isolated so that the signal 101 input to the signal receiving module 11 is not affected by the reactor protection system 2.
  • the reactor protection system 2 shows another branching and isolation mode, and the reactor protection system 2 includes a branching module 21 and an isolating module 23.
  • the detection signal 10 is split into two identical signals 101 and 102 via the branching module 21, one of the signals 102 is directly input to the reactor emergency shutdown system 22, and the other signal 101 is isolated by the isolation module 23 to form an isolated signal 103.
  • the signal 103 is input to the signal receiving module 11.
  • 3 shows a third branching and isolation mode
  • the reactor protection system 2 includes a branching module 21, and the nuclear power plant diversity drive system includes an isolation module 14.
  • the detection signal 10 is split into two identical signals 101 and 102 via the branching module 21, one signal 102 being input directly to the reactor emergency shutdown system 22, and the other signal 101 being input to the isolation module 14 forming the isolated signal 103.
  • the signal 103 is sent to the signal receiving module 11.
  • Figure 4 shows a fourth branching and isolation mode.
  • the detection signal 10 is separated into two identical isolations by a branch and isolation module 4 independent of the reactor protection system 2 and the nuclear power plant diversity drive system 1. Signals 101 and 102, one signal 102 is directly input to the reactor emergency shutdown system 22, and the other signal 101 is directly input to the signal receiving module 11.
  • the branching and isolation module 4 may be part of a detection device that detects signals, or it may be a separate device or device.
  • Figures 1-4 illustrate four embodiments of branching and isolation detection signals. It should be understood that those skilled in the art can also derive further embodiments based on the four embodiments, and these embodiments are all within the scope of the present invention.
  • the diversity drive system 1 does not perform a protection function when the reactor protection system 2 is operating normally.
  • the diversity drive system 1 is automatically latched by receiving the feedback signal from the actuator 3, and the drive signal 20 is never sent to the actuator.
  • the diversity drive system 1 can also be delayed by logic processing, lags behind the reactor protection system 2 receiving the detection signal 10 or lags behind the reactor protection system 2 output drive signal 20.
  • the reactor protection system 2 performs the safety protection of the nuclear power plant, and the diversity drive system 1 is automatically blocked.
  • the automatic latching method of the diversity drive system 1 will be described in detail in the embodiment shown in Figs. 8 and 11.
  • the logic processing module 12 includes a comparison module and a voting module.
  • the logic processing module 12 includes two comparison modules 121A and 121B.
  • the two comparison modules simultaneously receive the detection signal 10 sent from the signal receiving module 11, and then compare the detection signal 10 with the set value in the comparison modules 121A and 121B, respectively, and output the comparison result to the voting module 122.
  • the detection signal 10 can be the reactor temperature, and the temperature values T0 are preset in the comparison modules 121A and 121B.
  • the comparison module 121A and 121B when the reactor temperature exceeds the preset value TO ⁇ , it indicates that a design basis accident has occurred, then when the temperature values input to the comparison modules 121A and 121B are greater than the preset temperature TO ⁇ , the comparison module 121A and 121B then outputs a high level to the voting module 122. Otherwise, the comparison modules 121A and 121B output a low level to the voting module 122.
  • the voting module 122 outputs a high level, that is, a driving signal, to the signal output module 13; otherwise, no driving signal is output to the signal output module 13.
  • the voting module 122 can be implemented as an AND gate.
  • the number of comparison modules may also be three, but the working principle is similar to that of the embodiment shown in FIG. 6, and is not described here.
  • the voting module 122 can be implemented as a three-choice voter.
  • those skilled in the art can also set the drive signal to be output when the output of the three comparison modules is a high level ⁇ voting module according to actual needs.
  • the reliability of the logic processing module 12 can be improved by providing at least two comparison modules in the logic processing module 12.
  • the logic processing module 12 generates a drive signal only if the output of at least two of the comparison modules reflects that a design basis event has occurred.
  • FIG. 8 shows a specific logic processing module, namely a reactor shutdown hardware logic module 12A.
  • This hardware logic module is used to execute reactor shutdown logic in the event of a design basis accident.
  • the reactor emergency shutdown system 22 includes an analog input module 221, a reactor shutdown software logic module 222, and an output module 223. Since the detection signal 10 is an analog signal, the analog input module 221 converts the analog signal into a digital signal and inputs it to the reactor shutdown software logic module 222 for logic processing.
  • the reactor shutdown software logic module 222 If a design basis accident occurs, the reactor shutdown software logic module 222 generates a drive signal that is input through the output module 223 to the actuator 3, that is, the shutdown circuit breaker 31 in the power cabinet 3 of the bar control and stick system, thereby causing the shutdown The circuit breaker 31 is broken.
  • the shutdown circuit breaker 31 is electrically connected to the control rod drive mechanism 5, and the operation of the shutdown circuit breaker 31 causes the control rod drive mechanism 5 to act accordingly, thereby performing shutdown protection.
  • the reactor shutdown software logic module 222 is also referred to as a digital protection system. Digital protection systems are prone to common cause failures due to design basis accidents at nuclear power plants, making it impossible to perform shutdown protection. Therefore, this embodiment provides a shutdown protection logic implemented by hardware.
  • the nuclear power plant diversity driving system 1 includes a signal receiving module 11, a reactor hardware logic module 12A, and a signal output module 13. Because the nuclear power plant diversity driving system provided by the present application is implemented by hardware, the detection signal 10 can be directly input to the signal receiving module 11 and further directly input to the reactor shutdown hardware logic module 12A without performing digital/analog conversion. deal with.
  • the drive signal generated by the reactor shutdown hardware logic module 12A (to distinguish the drive signal of the embodiment shown in FIG. 11, the drive signal can be named as the first drive signal) 201 is sent by the signal output module 13 to the stick control and the stick system.
  • the control unit 32 of the power cabinet directly cuts off the power supply 6 of the power cabinet.
  • the diversity drive system 1 can also achieve emergency shutdown. Therefore, the nuclear power plant diversity drive system 1 is not affected by the common fault of the digital protection system from its signal input to signal output, ensuring the diversity and integrity of its automatic shutdown function.
  • FIG. 8 shows only a part of the structure of the nuclear power plant diversity driving system 1, those skilled in the art should understand that the nuclear power plant diversity driving system 1 may further include the human machine interface module 15 shown in FIG. 5.
  • the branch and isolation module 21 of FIG. 8 can also be implemented as shown in FIGS. Reactor shutdown hardware logic
  • the specific structure of block 12A is similar to that of the logic processing modules shown in Figures 6 and 7, but improvements may be made. Two of the structures will be specifically explained below.
  • the reactor shutdown hardware logic module 12A includes a delay module 123 in addition to the comparison modules 1 21A and 121B shown in FIG. 6.
  • the delay module 123 may be connected after the voting module 122 as shown in FIG. 9, or may be connected before the comparison modules 121A and 121B as shown in FIG.
  • the working principle is as follows:
  • the delay module 123 delays the input signal or output signal of the reactor shutdown hardware logic module 12A.
  • the delay is tl, which means that only the design basis accident lasts for more than or equal to tl ⁇ , and the reactor shutdown hardware logic module 12A determines that a design basis accident has occurred. This allows the reactor protection system 2 to prioritize protection actions.
  • the reactor protection system 2 in the event of a design basis accident, if the reactor protection system 2 is operating normally, the reactor protection system 2 first performs a protection process in response to the design basis accident. After the reactor protection system 2 responds, the detection signal 10 changes, and the signal received by the nuclear power plant diversity drive system 1 is that no design basis accident has occurred, so that no drive signal is generated. In this way, it is possible to avoid the nuclear power plant diversity drive system 1 repeating the protection action when the reactor protection system 2 is normal. In the event of a design basis accident, if the reactor protection system 2 generates a common cause failure and fails to function properly, the nuclear power plant diversity drive system 1 will perform the protection action after the design basis accident occurs.
  • the preset value in the comparison module of the reactor shutdown hardware logic module 12A may also be different from the preset value in the reactor shutdown software logic module 222.
  • the reactor temperature in the reactor shutdown software logic module 222 is preset to Tl
  • the reactor preset temperature in the reactor shutdown hardware logic module 12A is ⁇ 2
  • ⁇ 2 can be greater than Tl.
  • FIG. 11 illustrates another specific logic processing module, namely a dedicated security facility driver hardware logic module 12 .
  • the hardware logic module is used to perform a dedicated safety facility driver in the event of a design basis accident.
  • the reactor emergency shutdown system 22 includes an analog input module 221, a reactor shutdown software logic module 222, an output module 223, and a dedicated safety facility driver software logic module 224.
  • Figure 11 contains the same components as Figure 8, the function of which has been described in detail in Figure 8, and will not be described again.
  • the digital protection system includes two software modules, namely, an interconnected reactor providing software logic module 222 and dedicated security facility driver software.
  • Logic module 224 is another specific logic processing module, namely a dedicated security facility driver hardware logic module 12 .
  • the hardware logic module is used to perform a dedicated safety facility driver in the event of a design basis accident.
  • the reactor emergency shutdown system 22 includes an analog input module 221, a reactor shutdown software logic module 222, an output module 223, and a dedicated safety facility driver software logic module 224.
  • the dedicated security facility driver software logic module 224 receives the detection signal 10 through the reactor provisioning software logic module 222 to determine if a design basis accident has occurred, and if a design basis accident occurs, the drive signal is sent to the dedicated security via the preferred unit 24 of the device interface module. Facility 33 to perform protection of the dedicated security facility 33.
  • the nuclear power plant diversity drive system 1 includes a dedicated safety facility drive hardware logic module 12B corresponding to a dedicated safety facility drive software logic module 224.
  • the dedicated security facility driver hardware logic module 122B When a design basis event occurs, the dedicated security facility driver hardware logic module 122B generates a drive signal (to distinguish the drive signal of the embodiment shown in FIG. 8, the drive signal can be named as the second drive signal) 202, and is protected by the reactor.
  • the preferred module 24 of system 2 is sent to an ad hoc security facility 33. Since the preferred module 24 in the reactor protection system 2 is a hardware module, it is not affected by common cause failures.
  • the nuclear power plant diversity drive system 1 can still perform protection actions through the preferred module 24 to provide nuclear power plant diversity protection for the nuclear power plant.
  • the preferred module 24 is used to provide a preferred strategy for different protections of the dedicated security facility 33 depending on the actual situation.
  • the drive signal 202 output by the nuclear power plant diversity drive system 1 is isolated and sent to the preferred module 24.
  • Figures 11 and 12 show two methods of isolating the drive signals, respectively.
  • the reactor protection system 2 includes an isolation module 23, and the signal output module 13 of the nuclear power plant diversity drive system 1 sends the output signal to the isolation module 23 and then to the optimization module 24.
  • the nuclear power plant multi-function drive system 1 includes an isolation module 14, and the output signal of the signal output module 13 is input to the isolation module 14 and then sent to the preferred module 24 of the reactor protection system 2.
  • the two isolation methods for the drive signals of Figures 11 and 12 can be arbitrarily combined with the isolation method for the detection signals of Figures 1-4 to form a new embodiment.
  • the embodiment shown in FIG. 3 can be combined with the embodiment shown in FIG. 12 such that the versatile drive system 1 includes two isolation modules 14, one for isolating the detection signal 10 and one for isolating the drive signal 20 .
  • the dedicated safety facility 33 also transmits a feedback signal 30 to the signal receiving module 11 of the nuclear power plant diversity driving system 1, thereby preventing the nuclear power plant diversity driving system 1 from being normal in the reactor protection system 2. Repeat the protection action.
  • the feedback signal 30 of the dedicated safety facility 33 can block the second drive signal 202 of the nuclear power plant diversity drive system 1.
  • the nuclear power plant diversity drive system 1 shown in FIGS. 8, 11, and 12 may further include a human machine interface module 15.
  • FIG. 13 shows another embodiment of a nuclear power plant diversity drive system 1.
  • the nuclear power plant multi-function drive system 1 includes a signal receiving module 11, a logic processing module 12, a signal output module 13, and a human interface module 15.
  • the human interface module 15 includes a manual operation 151, an alarm module 152, an indication meter 153, and an indicator light 154.
  • the manual operation 151 is for receiving a manual operation of the user, and the user operation information 105 is transmitted to the signal receiving module 11 through the human interface module 15.
  • the logic processing module 12 generates a drive signal 20 based on the received user operation signal 105 to drive the actuator 3 action.
  • the core logic processing module 12 does not need to perform as complex logic processing as described above, since the user operation signals 105 are typically very straightforward specific operations to the actuator. For example, stopping/starting a specific field device, closing/hitting a specific valve, or breaking or closing a power source.
  • the user operation signal 105 can also be sent directly to the logic processing module 12, which in turn generates the drive signal 20 based on the received user operation signal 105.
  • the alarm module 152 is used to send out alarm messages such as text prompts, audible alerts and/or illuminated prompts.
  • the indicator meter 153 is used to provide safety function monitoring information such as digital and/or text information.
  • Indicator light 154 is used to indicate the status of the system and equipment.
  • the human interface module 15 also provides a full range of safety function parameter monitoring information, alarm information, and system and device status indications.
  • the signal receiving module 12 can receive the detection provided by the detection system 7 in addition to the detection signal 10 shared with the reactor protection system and the user operation signal 105 provided by the manual operation 151.
  • Information 104 The detection system 7 is a third-party detection system independent of the reactor protection system 2 and the nuclear power plant diversity drive system 1 for acquiring various detection signals of the nuclear power plant.
  • the detection signal 104 provided by the detection system 7 may include the detection signal 10 or other detection signals different from the detection signal 10.
  • the logic processing module 12 can logically process the detection signal 104 to generate a drive signal 20 to drive the actuator 3 action when a protection action (such as a design basis accident or other accident) needs to be performed.
  • Figure 14 illustrates another embodiment of a logic processing module.
  • the logic processing module 12C is an expected transient non-stop heap protection logic module for responding to the problem that the shutdown protection system is rejected during the shutdown process. and also That is to say, in some cases, the reactor protection system did not have a common cause failure, but in the event of an expected transient refusal, it failed to shut down as scheduled. To this end, the present embodiment provides an expected transient non-stop stack protection logic module 12C to address this problem.
  • the expected transient non-stop reactor protection logic module 12C includes three first comparators 71A-71C, two second comparators 71D and 71E, a third-choice two voter 72A, and a first The door 72B and the second AND gate 73.
  • the three water supply amount signals are respectively input to the input ends of the three first comparators 71A to 71C, and the three water supply amount signals respectively reflect the water supply amounts of the three steam generators.
  • the first comparator compares the input water supply amount signal with a preset value M 0 , and then outputs the comparison result to the input terminal of the third-choice two voter 72A for voting.
  • the three-choice two voter 72A When the comparison result of at least two of the three comparators is that the steam generator water supply amount is less than the preset value M0 ⁇ , the three-choice two voter 72A outputs a high level to one input end of the second AND gate 73; otherwise The output is low to an input of the second AND gate 73.
  • Two stack power signals are input to the inputs of the second comparators 71D and 71E, respectively, and the two stack power signals respectively reflect the stack power levels of the two sets of reactors.
  • the second comparator compares the input stack power signal with a preset value NO, and then outputs the comparison result to the first AND gate 72B.
  • the first AND gate 72B When the input two stack power signals are greater than the preset value N0 , the first AND gate 72B outputs a high level to the other input terminal of the second AND gate 73; otherwise, the output low level to the second AND gate 72 An input.
  • the output of the second AND gate 73 is coupled to the turbine vent module 34, the emergency shutdown module 35, the auxiliary feedwater activation module 36, and the bleed valve lockout module 37, respectively.
  • Both stack power signals are greater than the preset value. NO means that the primary circuit of the nuclear power plant generates a large amount of heat. Steam generator The water supply is less than the preset value M0 means that the heat dissipation of the secondary circuit of the nuclear power plant is very small. When two things happen, it means that the temperature of the reactor is constantly rising and the heat is not enough. This obviously does not meet the design basis and is the expected transient that should initiate protection.
  • an embodiment of the present invention further provides a nuclear power plant diversity driving method. As shown in FIG. 15, the method includes the following steps:
  • step S3 determine whether a design basis accident occurs; if yes, go to step S3, otherwise return to step S2;
  • steps S2 and S3 are generally performed by the same logic processing module.
  • the diversity driving method further includes the following steps:
  • S5. Output display information to display safety function parameter monitoring information, alarm information, and system and device status indications and receive user operation signals.
  • Step S5 may be parallel to steps S1-S4, thereby displaying security function parameter monitoring information, alarm information, and system and device status indications.
  • the detection signal is also required to be branched and isolated before step S1.
  • Specific branching and isolation processing methods can be performed in the system shown in Figures 1-4.
  • the branching and isolation module 21 of the reactor protection system 2 divides the detection signal 10 into two identical isolated signals 101 and 102, respectively, and inputs them to the nuclear power plant diversity.
  • Drive system 1 and reactor emergency shutdown system 22 The nuclear power plant diversity drive system 1 shown in Figure 1 can perform the nuclear power plant diversity driving method as follows:
  • the signal receiving module 11 receives the branch-isolated detection signal 101;
  • the logic processing module 12 performs logic processing on the received detection signal.
  • step S3 the logic processing module 12 determines whether a design basis accident occurs; if yes, then proceeds to step S4, otherwise returns to step S2;
  • the logic processing module 12 generates the driving signal 20 and outputs it to the actuator 3 through the signal output module 13 to drive the actuator 3 to operate.
  • the branch module 21 of the reactor protection system 2 branches the detection signal 10 into two identical signals 101 and 102, one of which is input to the reactor emergency shutdown.
  • System 22 another signal 101 is input to the isolation module 14 of the nuclear power plant diversity drive system 1.
  • the nuclear power plant diversity drive system shown in Figure 3 can perform the nuclear power plant diversity driving method as follows:
  • the isolation module 14 receives the branched detection signal 101 and performs isolation processing on the detection signal 101;
  • the signal receiving module 11 receives the isolated detection signal 103 from the isolation module 14;
  • the logic processing module 12 performs logic processing on the received signal.
  • step S4 the logic processing module 12 determines whether a design basis accident occurs; if yes, then proceeds to step S5, otherwise returns to step S2;
  • the logic processing module 12 generates the driving signal 20 and outputs it to the actuator 3 through the signal output module 13 to drive the actuator 3 to operate.
  • the logic processing module 12 generates the driving signal 20 and outputs it to the actuator 3 through the signal output module 13 to drive the actuator 3 to operate.
  • the logical processing of the above nuclear power plant diversity driving method comprises the following steps:
  • S21 Perform a comparison of the first detection signal and the set value in parallel at least twice to determine whether a design basis accident occurs, and output at least two comparison results correspondingly;
  • the specific steps of the logic processing can be performed by the logic processing modules shown in FIGS. 6 and 7.
  • the signal receiving module 11 of the nuclear power plant diversity driving system 1 transmits the received detection signals to the comparison modules 121A and 121B, respectively.
  • the comparison modules 121A and 121B respectively compare the received signals with preset values to determine whether a design basis accident has occurred, and output the comparison results to the voting module 122, respectively.
  • the voting module 122 votes on the received signal.
  • the decision module 122 When the comparison results of the comparison modules 121A and 121B indicate that a design basis accident has occurred, the decision module 122 generates a drive signal and transmits it to the signal output module 13.
  • the signal output module 13 in turn sends a drive signal to the actuator 3.
  • the above two steps S31 and S32 can be performed by the reactor shutdown hardware logic module 12A and the dedicated security facility drive hardware logic module 12B in the nuclear power plant diversity drive system as shown in FIGS. 8 and 11, respectively.
  • the two nuclear power plant diversity drive systems in Figures 8 and 11 are usually combined in one nuclear power Station diversity drive system. Therefore, the above steps S31 and S32 are usually performed in a nuclear power plant diversity drive system.
  • the second drive signal needs to be isolated.
  • the second driving signal generated by the dedicated security facility driving hardware logic module 12B also needs to be isolated by the isolation module 23 of the reactor protection system 2 and then input to the preferred module 24.
  • the isolation module 14 of the nuclear power plant diversity drive system 1 isolates the second drive signal generated by the dedicated safety facility drive hardware logic module 12B and then shares the preferred module 24 with the reactor protection system.
  • the driving signal generated by the voting module 122 is delayed by the delay module 123 and sent to the signal output module 13.
  • the detection signals input to the reactor shutdown hardware logic module are delayed by the delay module 123 and input to the comparison modules 121A and 121B, respectively.
  • the nuclear power plant diversity drive system 1 can also receive a feedback signal from a dedicated safety device to block the first drive signal, thereby avoiding repetitive actions.
  • the dedicated safety facility 33 is electrically coupled to the signal receiving module 11 of the nuclear power plant diversity drive system 1 to provide a feedback signal 30 for the nuclear power plant diversity drive system 1.
  • the nuclear power plant diversity driving system 1 can also receive the detection signal 104 from the third party detection system 7, and logically process the detection signal 104 to determine whether it occurs.
  • the reference accident is designed, and when it is judged to be ⁇ , a drive signal is generated to drive the actuator 3 to operate.
  • the human-machine interface module 15 of the nuclear power plant diversity drive system 1 includes a hand-operated switch 151, so that the nuclear power plant diversity human-machine interface module 15 can also receive the user operation signal 105 and send it to the signal receiving module. 11.
  • the logic processing module 12 generates a third drive signal to drive the actuator 3 action based on the received user operation signal 105.

Landscapes

  • Physics & Mathematics (AREA)
  • Engineering & Computer Science (AREA)
  • Business, Economics & Management (AREA)
  • Emergency Management (AREA)
  • Plasma & Fusion (AREA)
  • General Engineering & Computer Science (AREA)
  • High Energy & Nuclear Physics (AREA)
  • Testing And Monitoring For Control Systems (AREA)

Abstract

La présente invention concerne un système d'entraînement divers de centrale nucléaire, un procédé et un système de protection divers, le système d'entraînement divers de centrale nucléaire (1) étant utilisé pour assurer la sécurité de la centrale nucléaire lorsqu'un système de protection de réacteur (2) est en échec, comprenant : un module de réception de signal (11), utilisé pour recevoir un signal de détection ; un module de traitement logique (12), utilisé pour effectuer un traitement logique sur le signal de détection de manière à déterminer si un accident de base de conception survient, et générer un signal de commande lorsqu'il est déterminé qu'un accident s'est produit ; un module de sortie de signal (13), utilisé pour délivrer en sortie le signal de commande à un mécanisme d'exécution (3) afin d'amener le mécanisme d'exécution (3) à fonctionner, de manière à réaliser une détection automatique de l'accident de base de conception et la génération du signal d'entraînement en correspondance de façon à commander automatiquement le fonctionnement du mécanisme d'exécution (3).
PCT/CN2015/094496 2015-11-12 2015-11-12 Système d'entraînement divers de centrale nucléaire, procédé et système de protection divers WO2017079950A1 (fr)

Priority Applications (1)

Application Number Priority Date Filing Date Title
PCT/CN2015/094496 WO2017079950A1 (fr) 2015-11-12 2015-11-12 Système d'entraînement divers de centrale nucléaire, procédé et système de protection divers

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/CN2015/094496 WO2017079950A1 (fr) 2015-11-12 2015-11-12 Système d'entraînement divers de centrale nucléaire, procédé et système de protection divers

Publications (1)

Publication Number Publication Date
WO2017079950A1 true WO2017079950A1 (fr) 2017-05-18

Family

ID=58695867

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2015/094496 WO2017079950A1 (fr) 2015-11-12 2015-11-12 Système d'entraînement divers de centrale nucléaire, procédé et système de protection divers

Country Status (1)

Country Link
WO (1) WO2017079950A1 (fr)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110444305A (zh) * 2019-08-13 2019-11-12 中国核动力研究设计院 一种优化的数字化反应堆保护系统

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101968974A (zh) * 2010-08-09 2011-02-09 中广核工程有限公司 一种核电站反应堆保护系统
CN103400623A (zh) * 2013-07-30 2013-11-20 中广核工程有限公司 核电站数字化仪控多样性保护方法和系统
CN103700414A (zh) * 2013-12-10 2014-04-02 中广核工程有限公司 核电站多样性驱动系统及方法
CN104485142A (zh) * 2014-12-08 2015-04-01 中广核工程有限公司 核电站多样性驱动方法、装置及系统
WO2015112304A2 (fr) * 2013-12-31 2015-07-30 Nuscale Power, Llc Systèmes et procédés de protection de réacteur nucléaire
CN105448368A (zh) * 2015-11-12 2016-03-30 中广核工程有限公司 一种核电站多样性驱动系统及方法和多样性保护系统

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101968974A (zh) * 2010-08-09 2011-02-09 中广核工程有限公司 一种核电站反应堆保护系统
CN103400623A (zh) * 2013-07-30 2013-11-20 中广核工程有限公司 核电站数字化仪控多样性保护方法和系统
CN103700414A (zh) * 2013-12-10 2014-04-02 中广核工程有限公司 核电站多样性驱动系统及方法
WO2015112304A2 (fr) * 2013-12-31 2015-07-30 Nuscale Power, Llc Systèmes et procédés de protection de réacteur nucléaire
CN104485142A (zh) * 2014-12-08 2015-04-01 中广核工程有限公司 核电站多样性驱动方法、装置及系统
CN105448368A (zh) * 2015-11-12 2016-03-30 中广核工程有限公司 一种核电站多样性驱动系统及方法和多样性保护系统

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
CAO, JIANTING ET AL.: "Analysis of Diversified Protection and Control Functions Implemented in DCS for Nuclear Power Plants", MODERN ELECTRIC POWER, vol. 24, no. 6, 31 December 2007 (2007-12-31), ISSN: 1007-2322 *

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110444305A (zh) * 2019-08-13 2019-11-12 中国核动力研究设计院 一种优化的数字化反应堆保护系统

Similar Documents

Publication Publication Date Title
GB2544355A (en) Diverse actuation system and method and diverse protection system in a nuclear power plant
KR100980043B1 (ko) Fpga를 이용한 발전소 보호 시스템 및 보호 방법
CN103700414B (zh) 核电站多样性驱动系统及方法
KR102127582B1 (ko) 풍력 터빈의 요 모터를 위한 구동 제어 장치 및 방법
US9997265B2 (en) Safety system for a nuclear power plant and method for operating the same
WO2016091158A1 (fr) Procédé de commande de diversité, dispositif et système pour centrale nucléaire
GB2545511A (en) Reactor protection system of nuclear power plant and safety control method thereof
CN103400623A (zh) 核电站数字化仪控多样性保护方法和系统
KR100848881B1 (ko) 디지털 원자로 보호 시스템
JP2017501419A5 (fr)
EP2463864A2 (fr) Système d'arrêt de réacteur nucléaire
US20180330837A1 (en) Digital protection system for nuclear power plant
KR20090054837A (ko) 삼중화된 bp와 cp 및 2/3 논리의 개시회로 구조를 갖는디지털 원자로 보호계통 및 그 구동 방법
WO2017079950A1 (fr) Système d'entraînement divers de centrale nucléaire, procédé et système de protection divers
WO2017101031A1 (fr) Système de protection de réacteur de centrale nucléaire et son procédé de commande de sécurité
KR101042030B1 (ko) 비교논리 및 동시논리를 통합한 발전소보호계통
KR101681978B1 (ko) 이종 제어기기를 포함하는 원자로 보호계통
CN109519234B (zh) 一种防止小汽轮机拒动的保护方法
CN105863745B (zh) 一种并网发变组出口开关跳闸时联跳汽轮机的控制方法
WO2014031039A2 (fr) Système de commande à microprocesseurs à redondance pour commander un système de régulation et de protection de turbines
CN103257611A (zh) 一种基于双模冗余比较结构的加速器真空联锁系统
KR101831398B1 (ko) 다양성보호계통시스템
JP7368955B2 (ja) 発電設備管理装置、発電システム、発電設備管理方法、およびプログラム
CA3194191A1 (fr) Dispositif de commutation de commande
KR101072221B1 (ko) 디지털 공학적 안전설비-기기제어계통

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 15908080

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 15908080

Country of ref document: EP

Kind code of ref document: A1