Apparatus and method of evaluating response time of nuclear plant protection system

Abstract

Provided is an apparatus for evaluating a response time of a plant protection system. The apparatus includes: a classification module classifying a design process related to a response time requirement of each channel performing a safety function into four operations of a safety analysis operation, a system design operation, a response time analysis operation, and a response time test operation; and an integrated evaluation module determining whether a response time evaluation is proper based on a time t1 derived in the safety analysis operation, a time t2 derived in the system design operation, a time t3 derived in the response time analysis operation, and a time t4 derived in the response time test operation.

Claims

1. An apparatus including a processor for evaluating a response time of a plant protection system in a nuclear power plant, the apparatus, comprising: a safety analysis circuitry in the processor that measures an analytical response time t1 that is a response time of a system performing a safety function; a system design circuitry in the processor that measures a designed response time t2 representing a total sum of individual response times allocated to each device of a plurality of devices constituting an instrumentation channel; a response time analysis circuitry in the processor that measures an estimated response time t3 representing a response time quantitatively analyzed in each device constituting the instrumentation channel; a response time test circuitry in the processor that divides each device constituting the instrumentation channel into n grouping regions and measures a measured response time t4 representing a response time measured over the n grouping regions including an overlap, where the overlap is provided at an edge of the adjacent regions; and an integrated evaluation circuitry in the processor to determine that a response time requirement is satisfied in each of the safety analysis circuitry, the system design circuitry, the response time analysis circuitry, and the response time test circuitry when t4<t3<t2<t1 are all satisfied, wherein the apparatus sequentially determines whether t1>t2 is satisfied, whether t2>t3 is satisfied, and whether t3>t4 is satisfied, wherein the devices constituting the instrumentation channel comprise a transmitter, a signal processor, the plant protection system, and a reactor trip switchgear system, wherein the measured response time t4 is calculated as $t4=\underset{k=1}{\overset{n}{.Math.}}{\mathrm{RT}}_{\mathrm{Overlapped}}\left(k\right)$ where k denotes a grouping region of each device constituting the instrumentation channel and n denotes the number of grouping regions, and RToverlapped (k) denotes a measured response time of a kth device having an overlap, and wherein the transmitter, the signal processor, the plant protection system, and the reactor trip switchgear system constituting the instrumentation channel are divided into three grouping regions such that a first grouping region is the transmitter, a second grouping region is the signal processor and the plant protection system, and a third grouping region is the reactor trip switchgear system.

2. The apparatus of claim 1, wherein, when t1−t2=M1, t2−t3=M2, and t3−t4=M3, the integrated evaluation circuitry determines whether a first condition of M1>0, M2>0, and M3>0 and a second condition of t1=t4+M1+M2+M3 are both satisfied.

3. The apparatus of claim 1, wherein the designed response time t2 is calculated as $t2=\underset{i=1}{\overset{m}{.Math.}}{\mathrm{RT}}_{\mathrm{Allocated}}\left(i\right),$ where i denotes each device constituting the instrumentation channel, m denotes a total number of devices constituting the instrumentation channel, and RT.sub.Allocated(i) denotes a response time allocated to an ith device constituting the instrumentation channel.

4. The apparatus of claim 1, wherein the estimated response time t3 is calculated as $t3=\underset{j=1}{\overset{n}{.Math.}}{\mathrm{RT}}_{\mathrm{Quantified}}\left(j\right),$ where j denotes each device constituting the instrumentation channel, n denotes a total number of devices constituting the instrumentation channel, and RT.sub.Quantified(j) denotes a quantitatively analyzed response time of a jth device.

5. The apparatus of claim 4, wherein the plant protection system among the devices constituting the instrumentation channel comprises a comparison logic processor and a coincidence logic processor that execute software.

Description

BRIEF DESCRIPTION OF THE DRAWINGS

(1) These and/or other aspects will become apparent and more readily appreciated from the following description of the embodiments, taken in conjunction with the accompanying drawings in which:

(2) FIG. 1 illustrates an internal configuration diagram of a response time evaluation apparatus 100 of a plant protection system according to an embodiment;

(3) FIG. 2 illustrates a flowchart for evaluating the response time of a plant protection system according to an embodiment;

(4) FIG. 3 illustrates the relationship between a safety limit and a safety analysis according to an embodiment; and

(5) FIGS. 4 and 5 illustrate an example of evaluating the response time of a plant protection system of an APR1400 nuclear power plant in a response time evaluation apparatus of a plant protection system according to an embodiment.

(6) FIG. 6 illustrates an example of evaluating response time of a plant protection system of an APR 1400 nuclear power plant according to another embodiment.

DETAILED DESCRIPTION

(7) Reference will now be made in detail to embodiments, examples of which are illustrated in the accompanying drawings, wherein like reference numerals refer to like elements throughout. In this regard, the present embodiments may have different forms and should not be construed as being limited to the descriptions set forth herein. Accordingly, the embodiments are merely described below, by referring to the figures, to explain aspects of the present description. As used herein, the term “and/or” includes any and all combinations of one or more of the associated listed items.

(8) Hereinafter, embodiments of the present disclosure will be described with reference to the accompanying drawings. In the specification and drawings, like reference numerals may denote like elements. In the following description, detailed descriptions of well-known functions or configurations will be omitted since they would unnecessarily obscure the subject matters of the present disclosure.

(9) FIG. 1 illustrates an internal configuration diagram of a response time evaluation apparatus 100 of a plant protection system according to an embodiment.

(10) According to an embodiment, the response time evaluation apparatus 100 of a plant protection system may be applied to a response time-related design process of an instrumentation system channel performing a safety function of reactor shutdown and engineering safety equipment operation in Korean standard nuclear power plants, OPR1000, APR1400 nuclear power plants, and all domestic nuclear power plants, and to various other nuclear power plant design processes.

(11) The plant protection system performs two safety functions of reactor shutdown and engineering safety equipment operation. An instrumentation channel for a reactor shutdown function includes a transmitter, a signal converter, a plant protection system, and a reactor trip switchgear system. An instrumentation channel for an engineering safety equipment operation function includes a transmitter, a signal converter, a plant protection system, an engineering safety equipment control system, and a final drive. Each safety function may have four multi-instrumentation channels, and the suitability of each channel may be determined according to the response time requirement test requirements in accordance with the periodic inspection requirements of technical guidelines for operation.

(12) According to an embodiment, the response time evaluation apparatus 100 of a plant protection system may classify a design process related to the response time requirement of each channel performing a safety function into four operations of safety analysis, system design, response time analysis, and response time test through a classification module (not illustrated), and each design process may be implemented in a safety analysis module 110, a system design module 120, a response time analysis module 130, and a response time test module 140.

(13) The safety analysis module 110 may measure an analytical response time t1 that is a response time of a system performing a safety function.

(14) The system design module 120 may measure a designed response time t2 representing the total sum of individual response times allocated to each device constituting an instrumentation channel. The designed response time t2 may be calculated as Equation 1.

(15) $\begin{array}{cc}t2=\underset{i=1}{\overset{m}{.Math.}}{\mathrm{RT}}_{\mathrm{Allocated}}\left(i\right)& \mathrm{Equation}1\end{array}$

(16) In this case, i denotes each device constituting the instrumentation channel, m denotes the total number of devices constituting the instrumentation channel, and RT.sub.Allocated(i) denotes a response time allocated to an ith device constituting the instrumentation channel. RTOverlapped(k) denotes an overlappingly measured response time of a kth device.

(17) The response time analysis module 130 may measure an estimated response time t3 representing a response time quantitatively analyzed in each device constituting the plant protection system. The estimated response time t3 may be calculated as Equation 2.

(18) $\begin{array}{cc}t3=\underset{j=1}{\overset{n}{.Math.}}{\mathrm{RT}}_{\mathrm{Quantified}}\left(j\right)& \mathrm{Equation}2\end{array}$

(19) In this case, j denotes each device constituting the plant protection system, n denotes the total number of devices constituting the plant protection system, and RT.sub.Quantified(j) denotes a quantitatively analyzed response time of a jth device. RTOverlapped(k) denotes an overlappingly measured response time of a kth device.

(20) The response time test module 140 may divide each device constituting the instrumentation channel into n regions and measure a measured response time t4 representing a response time measured overlappingly between the n regions. The measured response time t4 may be calculated as Equation 3.

(21) $\begin{array}{cc}t4=\underset{k=1}{\overset{o}{.Math.}}{\mathrm{RT}}_{\mathrm{Overlapped}}\left(k\right)& \mathrm{Equation}3\end{array}$

(22) Herein, k denotes a grouping region of each device constituting the instrumentation channel and o denotes the number of grouping regions.

(23) Referring to FIG. 6, when the devices constituting the instrumentation channel are a transmitter 610, a signal processor 620, a plant protection system 630, and a reactor trip switchgear system 640, the transmitter 610 may be grouped as a first group, the signal processor 620 and the plant protection system 630 may be grouped as a second group, and the reactor trip switchgear system 640 may be grouped as a third group. Thereafter, the measured response time t4 may be calculated by summing the response times measured overlappingly between a response time 610a of the first group, a response time 620a of the second group, and a response time 630a of the third group.

(24) According to an embodiment, the response time evaluation apparatus 100 of a plant protection system may further include an integrated evaluation module 150 determining that a response time requirement is satisfied in each of the safety analysis module 110, the system design module 120, the response time analysis module 130, and the response time test module 140. According to an embodiment, the integrated evaluation module 150 may be implemented in hardware through a processor or the like.

(25) The integrated evaluation module 150 may sequentially determine whether t1>t2 is satisfied, whether t2>t3 is satisfied, and whether t3>t4 is satisfied. Referring to FIG. 2, when t1−t2=M1 (S210), t2−t3=M2 (S220), and t3−t4=M3 (S230), if a first condition of M1>0, M2>0, and M3>0 (S210, S220, S230) and a second condition of t1=t4+M1+M2+M3 (S240) are both satisfied, the integrated evaluation module 150 may determine that a response time requirement is sequentially satisfied in each of the safety analysis module 110, the system design module 120, the response time analysis module 130, and the response time test module 140.

(26) When a condition of t1−t2=M1>0 (S210) is not satisfied, the integrated evaluation module 150 may correct a design problem of the instrumentation channel (S211). Next, when a condition of t2−t3=M2>0 (S220) is not satisfied, the problem of a response time analysis is corrected (S221). Also, when a condition of t3−t4=M3>0 (S230) is not satisfied, the problem of a test is corrected (S231).

(27) According to another embodiment, when the second condition (S240) is satisfied, the integrated evaluation module 150 may further determine whether a safety limit requirement (S242) illustrated in FIG. 3 is satisfied through a logical sum operation (S250). The response time evaluation apparatus 100 of the plant protection system may determine that the response time evaluation has passed when the second condition (S240) and the safety limit requirement (S242) are satisfied.

(28) FIG. 3 illustrates an example of the relationship between a safety limit 310 and a safety analysis 320 according to an embodiment.

(29) The safety limit 310 may be a value ensuring the physical integrity of a device preventing the leakage of a radioactive material in the event of a nuclear power plant accident. The safety analysis 320 may determine an analytical limit 330 and an analytical response time t1 340 ensuring that the process variable does not exceed the safety limit in the event of a nuclear power plant accident.

(30) According to an embodiment, the analytical limit 330 may determine a trip setpoint 331 considering the uncertainty of an instrumentation system channel from the analysis limitation based on the safety-related instrument setpoint determination methodology, and an allowable value 332 defined as a limit in which the trip setpoint 331 may change during a test period may be determined considering a period test error in a trip setpoint.

(31) According to an embodiment, the suitability of the analytical response time t1 340 may be sequentially and integrally evaluated by a designed response time t2 341 determined at the time of system design as the uppermost requirement for the response time of a system performing a safety function, an estimated response time t3 342 determined at the time of system analysis, and a measured response time t4 343 determined at the time of system test.

(32) FIG. 4 illustrates an example of applying a response time evaluation apparatus of a plant protection system to an APR1400 nuclear power plant according to an embodiment.

(33) An example of obtaining an analytical response time t1 in a safety analysis module is as follows.

(34) The most restrictive design standard accidents requiring a steam generator low-level reactor shutdown function in the APR1400 nuclear power plant are a condenser vacuum loss and a water pipe breakage. In the case of a condenser vacuum loss, the safety analysis limit used in the safety analysis may be 40.7%, and the analytical response time t1 may be 1.25 seconds (s).

(35) This may mean that a reactor shutdown may be initiated at a steam generator level of 40.7% in the event of a condenser vacuum loss, and a safety analysis allowable standard may be satisfied when a reactor is shut down after 1.25 seconds.

(36) Also, in the case of a water pipe breakage, the analytical limit used in the safety analysis may be 28.4%, and the analytical response time t1 may be 1.25 seconds. This may mean that a reactor shutdown may be initiated at a steam generator level of 28.4% in the event of a water pipe breakage, and a safety analysis allowable standard may be satisfied when a reactor is shut down after 1.25 seconds. Thus, the analytical response time t1 of a steam generator low-level reactor shutdown function of the APR1400 nuclear power plant may be 1.25 seconds (401), which may be the uppermost requirement for a plant protection system channel.

(37) An example of obtaining a designed response time t2 in a system design module is as follows.

(38) As illustrated in FIG. 4, a plant protection system channel 400 performing a steam generator low-level reactor shutdown function of the APR1400 nuclear power plant may include a transmitter 410, a signal processor 420, a plant protection system 430, and a reactor trip switchgear system 440. In order to verify whether the system design satisfying an analytical response time t1 of 1.25 seconds has been performed, it may be necessary to verify whether the total sum of the response times allocated to each component satisfies the analytical response time requirement. By verifying through a design specification that the response times allocated to the respective components are 0.2 seconds (410a), 0.05 seconds (420a), 0.705 seconds (430a), and 0.1 seconds (440a) (403), it may be verified that the designed response time t2 is 1.055 seconds (402) and this value satisfies an analytical response time t1 of 1.25 seconds. Thus, it may be verified that the system design satisfying the requirement for the analytical response time t1 has been performed.

(39) An example of obtaining an estimated response time t3 in a response time analysis module is as follows.

(40) Referring to FIG. 4, it may be verified that the estimated response time t3 by the response time analysis is 0.2 seconds (410a) of a transmitter, 0.05 seconds (420a) of a signal processor, 0.705 seconds (430a) of a plant protection system, and 0.1 seconds (440a) of a reactor trip switchgear system, a total sum thereof is 0.992 seconds, and this satisfies a designed response time t2 of 1.055 seconds. Thus, it may be verified through the response time analysis that the estimated response time t3 satisfies the designed response time t2.

(41) However, as illustrated in FIG. 5, the plant protection system 430 of the APR1400 nuclear power plant may include a comparison logic processor 531 and a coincidence logic processor 536. Since the comparison logic processor 531 and the coincidence logic processor 536 include a software processor (not illustrated) and various other components such as an analog input module 532, a first control module 533, a time delay 534, a second control module 537, a digital output module 538, a safety data link 535, and an interposing relay 539, a separate analysis thereof may be required as in Table 1.

(42) TABLE-US-00001 TABLE 1 Components Channel Response Time (s) Analog Input Module (532) 0.02 First Control Module (533) 0.058 Time Delay (534) 0.48 Safety Data Link (535) 0.013 Second Control Module (537) 0.034 Digital Output Module (538) 0.012 Interposing Relay (539) 0.025 Total Response Time 0.642 Response Time Requirement 0.705

(43) As for the other components (410, 420, and 440 in FIG. 4), without performing a separate analysis thereof, it may be verified that each design requirement satisfies the response time through the device design and device manufacturer specifications.

(44) A process of calculating a measured response time t4 in a response time test module is as follows.

(45) A response time test for a plant protection system channel performing a steam generator low-level reactor shutdown function of the APR1400 nuclear power plant may be performed by grouping and overlapping three groups 610a, 620a, and 630a, as illustrated in FIG. 6. It may be verified whether the sum of the test results in each section satisfies the estimated response time t3 that is the response time analysis result.

(46) Tables 2 and 3 describe the response time test results for a first steam generator and a second steam generator with respect to each of channels A, B, C, and D. It may be verified that the measured response time t4 for each channel, which is the response time test result of each channel, satisfies the estimated response time t3.

(47) TABLE-US-00002 TABLE 2 Channel Response Time (s) Components CH. A CH. B CH. C CH. D Transmitter (610a) 0.091 0.055 0.104 0.120 Signal Processor and Plant Protection System (620a) 0.610 0.609 0.614 0.615 Reactor Trip Switchgear System (630a) 0.084 0.084 0.084 0.084 Measured Response Time t4 0.785 0.748 0.802 0.819 Estimated Response Time t3 0.992 Designed Response Time t2 1.055 Analytical Response Time t1 1.250

(48) TABLE-US-00003 TABLE 3 Channel Response Time (s) Components CH. A CH. B CH. C CH. D Transmitter (610a) 0.066 0.064 0.076 0.075 Signal Processor and Plant Protection System (620a) 0.603 0.620 0.618 0.619 Reactor Trip Switchgear System (630a) 0.084 0.084 0.084 0.084 Measured Response Time t4 0.753 0.768 0.778 0.778 Estimated Response Time t3 0.992 Designed Response Time t2 1.055 Analytical Response Time t1 1.250

(49) Although Tables 1 to 3 illustrate an example of applying the response time evaluation method of the present disclosure to the APR1400 nuclear power plant, the present disclosure is not limited thereto and the response time may be evaluated based on the analytical response time, the designed response time, the estimated response time, and the measured response time of the response time-related design process result of the instrumentation system channel performing a safety function in Korean standard nuclear power plants, OPR1000, and all domestic nuclear power plants.

(50) The present disclosure may also be embodied as computer-readable code on a computer-readable recording medium. The computer-readable recording medium may be any data storage device that may store data that may be thereafter read by a computer system.

(51) Examples of the computer-readable recording medium may include read-only memories (ROMs), random-access memories (RAMs), compact disk read-only memories (CD-ROMs), magnetic tapes, floppy disks, and optical data storage devices. The computer-readable recording medium may also be distributed over network-coupled computer systems so that the computer-readable code may be stored and executed in a distributed fashion.

(52) The response time evaluation apparatus and method of the plant protection system proposed in the present disclosure may ensure the safety of the nuclear power plant by sequentially and integrally evaluating the problems in the response time design process of the instrumentation system channel performing a safety function, and may improve the economical efficiency of the nuclear power plant by preventing unnecessary operation stopping by detecting the problems during the operation thereof.

(53) Example embodiments have been described above with reference to the drawings. Although particular terms are used herein, they are only used to describe the present disclosure and are not intended to limit the scope of the present disclosure defined by the following claims.

(54) Therefore, those of ordinary skill in the art will understand that various modifications and other equivalent embodiments may be derived therefrom. Thus, the spirit and scope of the present disclosure should be defined by the appended claims.

(55) It should be understood that embodiments described herein should be considered in a descriptive sense only and not for purposes of limitation. Descriptions of features or aspects within each embodiment should typically be considered as available for other similar features or aspects in other embodiments.

(56) While one or more embodiments have been described with reference to the figures, it will be understood by those of ordinary skill in the art that various changes in form and details may be made therein without departing from the spirit and scope of the disclosure as defined by the following claims.