IGCAR : Annual Report - Indira Gandhi Centre for Atomic Research

IGC
Annual Report 2007
V.C.2. Development of Pulse Coded Safety
Logic System for PFBR
Reactor safety logic is designed
to initiate safety action against
Design Basis Events. The
reactor is shutdown by deenergizing
electromagnets and
dropping the absorber rods
under gravity. In PFBR,
shutdown is effected by two
independent shutdown systems,
viz., Control and Safety Rod
Drive Mechanism (CSRDM) and
Diverse Safety Rod Drive
Mechanism (DSRDM). Two
separate safety logics are
developed for CSRDM and
DSRDM, i.e., Safety Logic with
Fine Impulse Test (SLFIT) for
CSRDM, and Pulse Coded
Safety Logic (PCSL) for DSRDM.
The PCSL primarily utilizes the
fact that the vast majority of
faults in the logic circuitry result
in static conditions at the
output. It is arranged such that
the presence of a dynamic logic
signal is required to hold the
shutdown actuators and any
DC logic state will release
them. It is a dynamic, selftesting
logic and fail safe
design.
PCSL system will be
introduced for the first time in
Indian reactor. Being a safety
critical system, PCSL system was
developed in three phases. To
demonstrate the principle of
PCSL, a lab prototype PCSL
system with 3 parameters was
developed and tested
successfully with actual EM coil.
After completion of lab
prototype, functional prototype
PCSL System having all 14
parameters required for PFBR
was developed. It is
implemented using hardware,
not calling for software
verification and validation.
State-of-art technology has
been used for PCSL system. To
avoid clock failure, redundant
clock oscillator has been used.
The digital logic has been
implemented in Complex
Programmable Logic Devices
(CPLD), achieving high
reliability due to high level of
integration, less number of
interconnection and low power
consumption. To improve
further reliability, back plane
arrangement was done to avoid
loose interconnection. All the
10 number of Printed Circuit
Boards (PCB) are
accommodated in a 19" sub
rack. To drive the EM coil
current, Power MOSFETs are
used. To vary the current
through EM coils, rheostats
have been used. For current
indication, Indication Alarm
Meter (IAM) has been used
which also processes the alarm
to control room at low current.
To improve reliability of the
system, both the safety logic
systems were linked optically.
Being a digital logic, stuck at'1'
and stuck at '0' fault may occur.
Pulse pattern fault, latch test
fault, power gate fault, trip
parameter status annunciation
and cross link between two
safety logic faults are analyzed.
To diagnoses all these types of
faults, a diagnostic logic was
designed and implemented.
Diagnostic logic annunciates
alarm locally through LEDs, to
Control Room (CR) and Backup
Control Room (BCR) through
relays and to Distributed Digital
Control System (DDCS) through
opto-isolation. At the design
stage, diversity between two
safety logic systems is
maintained using different
design methodology, different
components having different
technology. The whole system
was assembled in a 19" rack.
To test the functionality of the
system manual simulators were
designed. The signal simulator
simulates the trip signals from
the reactor, control room
simulator designed for
displaying CR related outputs
and backup control room
simulator designed for
128 ENABLING TECHNOLOGIES