This invention relates to the monitoring of processes which demand of the monitor a high standard of performance and reliability. The invention has particular relationship to the monitoring of vital processes of nuclear reactor systems for supplying power. Such nuclear reactor systems include in addition to a nuclear reactor auxiliary apparatus such as steam generators, pressurizers, feed-water heaters, turbines, etc. This invention is uniquely and intimately applicable to the monitoring of nuclear reactor systems. In the interest of facilitating the understanding of this invention by dealing in concrete monitoring problems, this application is, to a large extent, confined to the problems of monitoring the operational processes of nuclear reactor systems. To the extent that the teaching of this invention is analogously, uniquely and intimately applicable to other systems, apparatus and processes, such application is within the scope of this application and within the scope of equivalents of the claims of any patent which may issue on or as a result thereof and the expression "nuclear reactor" or "nuclear reactor system" as it appears in this application and in the claims shall be taken to have general meaning for this purpose.
A number of parameters evaluating operational processes or properties of a nuclear reactor power systems are monitored continuously during its operation. Typically, among these parameters are included the average of the temperatures of the hot coolant flowing out of the reactor to the steam generator and of the cooler coolant returning to the reactor. Where there is a primary loop, as in the pressurized water reactor this is the average of the coolant outflow and return temperatures in the primary loop. A number of such averages may be derived by measuring the outlet and inlet temperatures along different points of the coolant conductors. Alternatively the outlet and inlet temperatures, rather than the average, may be monitored separately. Also included typically is the pressure of the coolant. A number of indications of this pressure may be derived from the pressurizer. The level of the water in the stream generator may be measured by a number of level gauges. Also positions of various switches, relay-contact or contactor or valves, may be monitored, for example, the positions of the switches which control the control-rod actuation apparatus, or the switch which controls the shim. The position of the valve which controls the coolant may be monitored. Compressed coolant, heated coolant, control-rod settings and settings of switches, relays, contactors and valves are referred to herein as operational processes of a nuclear reactor and their parameters are referred to as process states.
The operational processes are referred to in this application as having a status which is said to be normal if the process parameter is within critical limits or the process mechanism is set for normal operation of the reactor and off-normal if the parameter is outside of critical limits or the mechanism is set for off-normal operation. For example, a valve set to block or materially reduce the flow of coolant off-normal.
Monitoring apparatus functions to determine or detect the status of the operational process of a nuclear reactor power system. The nuclear reactor system includes a plurality of means, each responsive to a process state to indicate its status and the monitoring apparatus is responsive to this means.
Since the failure of a nuclear reactor system may lead to repair costs of hundreds of millions of dollars, the monitoring of vital functions must have the utmost dependability and reliability. The monitoring apparatus must meet the highest standards of performance. In fact, such high standards are imposed by the codes and regulations of the governing authorities where nuclear reactor power systems are installed. It is an object of this invention to provide monitoring apparatus meeting these high standards.
Since the ultimate effect of "downstream actions" of the monitoring apparatus is to trip the monitored nuclear station off the electric power grid, it is essential that no spurious operation of the station, induced by a single likely spurious fault, take place. This imposes the requirement of redundancy; i.e., the requirement of providing a plurality of like monitoring units which must respond to produce a tripping action. The expression "downstream action" means action, in the sequence or chain of operations, initiated by monitoring apparatus which occurs further away from the monitoring apparatus than a given reference point. "Upstream action" means action which occurs in this sequence between the reference point and the monitoring apparatus or occurs at the monitoring apparatus itself.
Among the conditions imposed on the monitoring apparatus is that it be tested to assure that its components are functioning properly to maintain the necessary dependability and reliability. The testing must be carried out frequently to achieve these purposes and particularly to detect, as soon as they occur or early thereafter, random failures and environmentally induced common failures. It is desirable, particularly since the testing occurs frequently, that the testing should neither reduce the reliability of the monitoring apparatus nor increase the threat of spurious operation. The demand for frequent testing is thus intimately related to the demand for redundancy.
Monitoring apparatus is made up of logic circuitry with modern digital electronic devices which have the demanded high reliability and performance. It is necessarily desirable that the circuitry and its components have the necessary cost trend. Consideration must also be given to the fact that the logic of the circuitry is changed after installation and importance must be assigned to the facility of making the changes and maintaining their cost at a low level.
In accordance with the teachings of the prior art there are provided testing facilities, external to the logic circuitry of the monitoring apparatus, which monitors the operating process measures. In such prior-art apparatus the testing facilities are more complicated than the operating-process logic circuitry, more difficult to maintain and more difficult and more costly to modify in service. In addition these facilities are operated manually or by a computer requiring that the monitoring apparatus be disconnected during the testing interval.
It is an object of this invention to overcome the drawbacks of the prior art and to provide monitoring apparatus including dependable and reliable and relatively uncomplicated testing apparatus of relatively low cost which shall, without either reducing the reliability of the monitoring apparatus or increasing the threat of spurious operation, permit frequent testing so as to impart confidence in the dependability and reliability of the monitoring apparatus, and detect random failures and environmentally induced common failures of the monitoring apparatus as soon as they occur or early thereafter, and which shall lend itself readily to low cost maintenance and shall readily permit changes in its logic at low cost.