Wired sensors are used in many applications for the purpose of safety shutdown, control, and/or monitoring. A sensor usually measures a physical variable, e.g., temperature, pressure, level, or flow rate, and converts it into an electrical signal. The electrical signal may then be processed by a transmitter and converted into a standard analog signal or digital network signal, sent over wires, and received and used by a device located a distance away.
The requirements for the reliability of the wired sensors in industrial settings can be extremely stringent. One application example of wired sensors is the safety shutdown systems for industrial facilities, e.g., nuclear power plants (NPPs). Safety shutdown systems are important for the industrial facilities, where system malfunctions can harm people, damage equipment, or be costly in a number of other ways. As such, these facilities require safety shutdown systems with high availability, which is heavily dependent on the reliability of the wired sensors used. The other application is the monitoring systems for the levels of liquid storage tanks used in safety-critical applications, e.g., fuel storage tanks for diesel power generators used in hospitals.
In NPPs, safety shutdown systems are responsible for terminating the nuclear chain of reaction in an emergency. Such a situation would arise if the system detected a serious undesirable state in, e.g., a reactor, a heat transport system, a pressurizer, or a steam generator. Exemplary scenarios include high neutron fluxes, high coolant temperatures, high steam generator water levels that may damage turbines, and low steam generator water levels that may damage steam generators. The decision of whether to shutdown the reactor is made based on the measurements from the wired sensors.
Shutdown of a nuclear reactor is usually achieved through insertion of shutdown rods or injection of liquid neutron absorbing poison into the reactor core. A NPP shutdown system typically includes three or four shutdown channels. Typically, the shutdown of the reactor is initiated following 2-out-of-3 or 2-out-of-4 decision logics. Shutdown logic is defined here as the logic by which shutdown decisions are made. Such logic design is intended to both improve the availability of the shutdown systems through redundancy and meanwhile reduce the spurious trip rate.
For each shutdown channel, a comparator obtains the measurements of trip variables from sensors and compares them with predefined limits to decide whether to issue a trip signal from this channel. Once the comparator determines that one or more trip variables have exceeded the predefined limits, the channel will be immediately tripped. In addition, an overriding system allows NPP operators to manually trip the channel if necessary.
The term, trip, is defined as meaning that the safety shutdown system acts to shutdown a facility, e.g., to shutdown the reactor in a NPP. If 2-out-of-3 logic is used, a particular facility is shutdown when at least two shutdown channels are tripped.
The following are examples of trip variables for the safety shutdown systems of NPPs:                Neutron power;        Rate of log neutron power;        Primary heat transport pressure;        Reactor core differential pressure;        Reactor building pressure;        Pressurizer water level;        Steam generator water level; and        Boiler feedline pressure.        
The incorrect measurements or failure of sensors can cause undesirable consequences associated with the safety shutdown systems. Sensors may malfunction due to bias, drifts, precision degradation, or even complete failures. Errors may also be introduced during the transmission of measurement signals, which for example may be current or voltage signals.
In the safety shutdown systems of NPPs, wired sensors are used to measure and transmit trip variables. The inaccuracy or failure of the wired sensors could lead to serious consequences because a safety shutdown system relies on the accuracy of those transmitted measurements. If the reactor is spuriously tripped, a significant economic loss may be incurred because the process to restart a NPP can take over 48 hours due to reactor poison-out. The alternative is that the sensors fail to detect a malfunction and serious harm to the NPP facilities, the environment, and/or the public may occur. Therefore, ensuring the measurement reliability, accuracy, and precision of the sensors in a NPP safety shutdown system is of crucial importance.
Currently, various strategies have been taken to address the potential inaccuracy or failure of sensors in safety shutdown systems: 1) the use of 2-out-of-3 or 2-out-of-4 logic, so that the measurement error or failure of one sensor will not lead to the stop of the chain reaction; 2) the regular testing, inspection, and maintenance of all sensors.
However, these tests have their shortcomings. For example, during the tests, one of the shutdown channels will be taken out of service. As a result, the spurious trip rate will increase. Therefore, the frequencies of the tests should be optimized. Nevertheless, various faults with the sensors can occur between two scheduled tests.
Some industrial facilities have computerized systems to monitor the safety shutdown systems. All the measurements used by the monitoring systems are from wired sensors included in the shutdown systems. The measurements from the sensors for the same trip variable are compared against each other to validate the measurements and to detect possible faults.
Another application example of wired sensors is monitoring levels of storage tanks for liquid such as diesel, gasoline, and waste water. The level measurements from the wired level sensors are transmitted to level display modules through wires. Reliable level measurements are critical to the safe and efficient operation of the storage tanks.
In the prior art, a number of methods and systems to improve the reliability of sensors have been disclosed. U.S. Pat. Nos. 6,594,620, 5,680,409, 5,548,528, and 5,442,562 disclose the process-model-based methods and systems for detecting sensor faults and validating sensors, which require accurate process models. U.S. Pat. No. 7,200,469 discloses an apparatus and method for processing sensor output signals, where two wired sensors are used. U.S. Pat. Nos. 7,359,702, 6,853,887, 5,531,402, 6,236,334, 6,389,321 disclose systems using both wired and wireless communication channels, where the wireless channel is usually used as a backup for the wired channel.
The present invention seeks to overcome the aforementioned deficiencies of the prior art by providing a system and method using wireless sensors to validate wired sensors to improve the reliability of the wired sensors.