Conventional reactor control systems have automatic and manual controls to maintain safe operating conditions as the demand is varied. The several control systems control operation of the reactor in response to given demand signals. Computer programs are used to analyze thermal and hydraulic characteristics of the reactor core for the control thereof. The analysis is based on nuclear data selected from analytical and empirical transient and accident events, and from reactor physics and thermal-hydraulic principles. In the event of an abnormal transient event, the reactor operator is usually able to diagnose the situation and take corrective action based on applicable training, experience and judgment. Whether the manual remedial action is sufficient or rapid enough depends upon the event and upon the operator's knowledge and training. If the event is significant (i.e., challenges any of the reactor safety limits), a reactor trip (also referred to as reactor shutdown, scram, or insertion of all control rods) may be required. Some transient events may occur quickly, i.e., faster than the capability of a human operator to react. In such an event, a reactor trip will be automatically effected.
A conventional nuclear reactor protection system comprises a multi-channel electrical alarm and actuating system which monitors operation of the reactor, and upon sensing an abnormal event initiates action to prevent an unsafe or potentially unsafe condition. The conventional protection system provides three functions: (1) reactor trip which shuts down the reactor when certain monitored parameter limits are exceeded; (2) nuclear system isolation which isolates the reactor vessel and all connections penetrating the containment barrier; and (3) engineered safety feature actuation which actuates conventional emergency systems such as cooling systems and residual heat removal systems.
An essential requirement of a nuclear reactor protection system is that it must not fail when needed. Therefore, unless the operator promptly and properly identifies the cause of an abnormal transient event in the operation of the reactor, and promptly effects remedial or mitigating action, conventional nuclear reactor protection systems will automatically effect reactor trip. However, it is also essential that reactor trip be avoided when it is not desired or necessary, i.e., when there is an error in the instrumentation or when the malfunction is small enough that reactor trip is unnecessary or when one shutdown function fails, the reactor protection system must not perform the next shutdown function if to do so would be unsafe.