1. Field of the Invention
The present invention relates to a control circuit for an Engineered Safety Features Actuation System (ESFAS). More particularly, the present invention relates to an ESFAS control circuit utilizing energize to actuate relays to selectively energize ESFAS components. The present invention further relates to a method of testing the energize to actuate ESFAS control circuit to ensure proper operability of the circuit.
2. Description of Related Art
Nuclear power plants generate significant amounts of radioactive products due to the fission process. Thus, a major objective in designing nuclear power plants is to prevent any release of these radioactive fission products. In this regard, nuclear plant designers utilize multiple barriers to the prevention of fission product release. To ensure the integrity of the multiple barriers, the so-called xe2x80x9cdefense-in-depthxe2x80x9d approach is employed. This approach employs at least three defense mechanisms to preventing fission product release. These three mechanisms include prevention, protection, and mitigation.
The prevention mechanism relates to the complete avoidance of events that could ultimately result in fission product release. Thus, robust components and systems, and stringent operating practices are utilized to prevent such events. Of course, even though components and systems are robustly designed, and procedures are fastidiously written, component failures and operational errors inevitably occur. Thus, the protection mechanism relates to those highly unlikely events that result in plant shutdown and could lead to fission product release, despite the prevention mechanism. Any conceivable component, system, and operator failure is analyzed to ensure appropriate protective measures are in place to effectively protect against such events. The mitigation mechanism relates to those events that could result in severe core damage and significant fission product release, despite the prevention and protection mechanisms. Highly unlikely events that result in core damage are postulated, and systems are designed to mitigate the effects of such events.
One of the systems utilized to mitigate severe core damaging events is the Engineered Safety Features (ESF) system. The ESF system includes components to ensure rapid core shutdown, and continued core cooling to limit fuel damage and fission product release to the reactor vessel and containment. The ESF system further includes components to ensure continued integrity of the containment building should any fission products be released from the fuel.
Many ESF systems utilize an Engineered Safety Features Actuation System (ESFAS) to selectively actuate individual ESF components. Usually, an ESFAS is designed with component relays to actuate one or more components. In this design, the component actuation relays are configured to be normally energized, and de-energize to actuate the particular component(s).
The so-called de-energize to actuate design discussed above requires the component actuation relays to be continuously energized. This continuous energization has caused numerous ESFAS relay failures, many of which have failed in a non-conservative (e.g., non-actuate) state. Moreover, while it seems fairly intuitive that the de-energize to actuate design provides an inherent xe2x80x9cfail-safexe2x80x9d design feature should power be lost to the ESFAS, the fact is, that if power is lost to the ESFAS, it is likely lost to the particular components, as well.
Thus, there is a need in the art to provide an ESFAS that eliminates the failure mechanisms associated with continuous relay energization. There is also a need to provide an ESFAS that eliminates this failure mechanism without jeopardizing the defense-in-depth design of the nuclear power plant.
In one aspect of the present invention, a component actuation circuit for an engineered safety features actuation system (ESFAS) includes a plurality of coincidence logic contacts, and a plurality of parallel-connected ESFAS component relays. Each of the coincidence logic contacts closes in response to a command signal. The plurality of parallel-connected ESFAS component relays are connected in series between at least two of the plurality of coincidence logic contacts. Closure of at least two of the coincidence logic contacts energizes the parallel-connected ESFAS component relays, thereby energizing a plurality of ESFAS components.
In another aspect of the present invention, a component actuation circuit for a nuclear power plant engineered safety features actuation system (ESFAS), includes ESFAS component actuation means, and coincidence logic means. The ESFAS component actuation means selectively actuates a plurality of ESFAS components. The coincidence logic means selectively connects/disconnects a power source to/from the ESFAS component actuation means in accordance with a minimally 2-of-4 coincidence logic scheme.
In still another aspect of the present invention, a method of continuously monitoring the operability of each of a plurality of parallel-connected relays includes connecting equivalent resistance elements in series on both sides of the plurality of parallel-connected relays. The equivalent resistance elements are connected to a power source, and a voltage drop across each of the equivalent resistance elements is monitored. The equivalent resistances each exhibit an electrical resistance sufficiently high to prevent any of the plurality of parallel-connected relays from energizing.
In a further aspect of the present invention, method of testing coil continuity of a plurality of parallel-connected, normally de-energized relays includes sequentially series-connecting each of the relays to (1) a resistance element and (2) a power source having a predetermined voltage level. A voltage drop across the resistance element is monitored. The resistance element exhibits an electrical resistance sufficiently high to prevent each of said relays from fully energizing.
In yet a further aspect of the present invention, a method of testing the contacts in a circuit including a plurality of parallel-connected relays and a plurality of parallel-connected contacts connected in series with the plurality of parallel-connected relays includes shutting one of the contacts and series-connecting the shut contact to a power source via a first resistance element. A voltage drop across the shut contact is monitored. A contact resistance of the shut contact is determined.
In yet still a further aspect of the present invention, a method of individually testing the operability of each of a plurality of parallel-connected component actuation relays includes series-connecting one of the component actuation relays to a power source via a component test contact and a resistance element. Proper operation of one or more components controlled by the component actuation relay connected to the power source is verified. These steps are then repeated for each of the plurality of parallel-connected component actuation relays.
In still another aspect of the present invention, a component actuation circuit for an engineered safety features actuation system (ESFAS) includes a plurality of coincidence logic contacts and a plurality of ESFAS component relays connected in parallel with one another. The coincidence logic contacts are connected to a power source, and each of the coincidence logic contacts closes in response to a command signal. The parallel-connected ESFAS component relays are connected in series between at least two of the plurality of coincidence logic contacts. At least one diode on both sides of each of the plurality of parallel-connected ESFAS component relays are connected in series with each of the plurality of parallel-connected ESFAS component relays. At least one lockout contact is connected in series with the plurality of parallel-connected ESFAS component relays, and in parallel with at least one of the plurality of coincidence logic contacts. A lockout relay is connected in parallel with the plurality of parallel-connected ESFAS component relays, and closes the at least one lockout contact, thereby maintaining the plurality of parallel-connected ESFAS component relays energized. A plurality of manually initiated contacts is connected in series with the plurality of parallel-connected ESFAS component relays, and in parallel with at least one of the plurality of coincidence logic contacts. A plurality of resistance elements is connected (1) in series with the plurality of parallel-connected ESFAS component relays and (2) in parallel with at least one of the plurality of coincidence logic contacts. The resistance elements exhibit an electrical resistance sufficiently high to prevent the plurality of parallel-connected ESFAS component relays from energizing when the plurality of coincidence logic contacts are open. At least one test relay contact is connected in series with each of the plurality of parallel-connected ESFAS component relays, and in parallel with at least one of the plurality of coincidence logic contacts. At least one limiting resistor and a diode test contact are connected in series with the at least one test relay contact. A test resistor is connected in series with the at least one test relay contact. A monitoring circuit is connected in parallel with the test resistor. At least one load test resistor and a load test contact are connected in series with at least one of the plurality of resistance elements. At least one monitoring circuit is connected in parallel with at least one of the plurality of resistance elements. An alarm circuit is connected to the at least one monitoring circuit. The alarm circuit generates an alarm when the monitoring circuit senses an abnormal condition. Closure of at least two of the plurality of coincidence logic contacts, or at least two of the plurality of manually initiated contacts, energizes the plurality of ESFAS component relays, thereby energizing one or more EFSAS components.
The present invention provides distinct features and advantages over related ESFAS designs. Specifically, the use of energize to actuate component actuation relays provides increased reliability and extended relay lifetime.
The present invention also provides for continuous passive monitoring and periodic active monitoring of the ESFAS to assure proper continuity of the entire ESFAS when in a non-actuate mode. Thus, a full simultaneous actuation of an entire ESF function is not required.
These and other features and advantages of the present invention will become more apparent to those skilled in the art when the following detailed description is read in conjunction with the accompanying drawings.