ML19318C507

From kanterella
Jump to navigation Jump to search
Slide Presentation for 800519 Meeting Re Core Protection Calculation Sys Software
ML19318C507
Person / Time
Site: Arkansas Nuclear Entergy icon.png
Issue date: 05/19/1980
From:
ARKANSAS POWER & LIGHT CO.
To:
Shared Package
ML19318C502 List:
References
NUDOCS 8007010543
Download: ML19318C507 (50)
v  d  e


Text

_

c, .

J. . :. __

PROPOSED AGENDA CPC SOFTWARE CHANGES MAY 19, 1980 I. ANO-2 OPERATION EXPERIENCE AND NEED FOR SOFTWARE CHANGE II. DEFINITION OF CHANGES ,

A. CEAC PF CHANGES B. CPC/CEAC DIAGNOSTICS C. ASGT MODIFICATION i

D. HEAT FLUX FILTER E. OTHER CHANGES III. QUALIFICATION PROGRAM IV. TEST RESULTS A. PHASE I RESULTS B. PHASE II RESULTS l

C. NOISE TESTING l

V. SAFETY EVALUATION l VI.

SUMMARY

l l

o

~

8 0 0 7 010 SY33  ;

1 I.. CPC/EAC fMR/3 SCFNAE CPANGE - REASCNS/CIUECTIVES A. rFCCRIPTION EASONS: (1) TE AND-2 OPEPATING HISTORY HAS INDICATED UitESIPABLE SUSECPTIBILITY TO SPURIOUS EA R)SITION SIC #LS.

(2) OPEPATOR PEDEACK FAS INDICATED ESIPABLE CFANGES

' TO IFPROVE TE HIFAN INTEPFAE. (IMPROVED DISPt.AY ANDDIAGNOSTICCAPABILITY)

(3) ON-GOING FEVIB10F TE CPC/EAC SYSTEM BY C-E AND AP8L FAS IDENTIFIED EEDED EONCEIEiTS.

OBJECTIVES: (1) TO EDUE TE PROBABILITY OF SPURIOUS PLANT TRIPS.

(2) TO PROVIDE TE OPEPATOR WITH ADDITIONAL DIACESTIC INPOWATION AND IFPRONED INTERFAES, (3) TO IFPROVE ALGORITFl4 ACCURACY WHILE PAlhTAINING TE ESIGN BASIS PROTECTICN CRITERIA INCLUDING E0JIED UNCERTAINTIES AND DYNAMIC ALLcWANCES.

(O ENFANE OVEPALL SYSTEM PERPOPMNCE.

IN JANUARY,1979 APSL CONTPACTED WITH C-E TO EEGIN WORK ON SCFiWAE MODIFICATIONS TO ACCG'PLISH TE ABOVE OBJECTIVES. ITWASDECIDEDTO CCBIE THIS MODIFICATION WITH A PPE/ICUSLY PLANNED MDDIFICATICN EGARDING ASSWETRIC STEAM GENEPATOR TPANSIENTS TO AVOID TE ADDITICNAL EXPENSE OF SCFTWARE QUALIFICATICN TESTING TWIE PER C64-39(A).

2

TE ASSYitTRIC STEM GEBATOR TP#1SIENT PORTICN OF RE GRES PAD PFE/IOUSLY EEEi EFEFFED TO AS f03, AND TE OTER GREES AS MOD 2.

CCNSEQUEiTLY TE CGSIED GMES EECME MOD 2/3. DUE TO CEPATIONAL DIFFICULTIES ElCOUNTEED DURING EAC POWER FAIL ESTARTS AND FOLLCWING ESTARTS AFTER ECUIED SURVEIU.AfIE TESTS, A PORTICN OF TE FDD 2 -

GiAtE (PDD 2A) WAS IiftBEllED IN JUE,1979. -THIS 0%NGE WAS ESCRIBED TO TE NRC GC TASK FORCE DURING TEIR SEFIESER,1979 AllDIT. TE REdAINING FDD 2 CP#EES EEC#E MOD 2B AND TE COSIED CP#EE EEC#E MOD 2B/3.

- A TOTAL OF AFFFOXIPATELY 12CCO PAN-fiCURS FAVE EEEN EXPEiDED TO DATE BY CCFEUSTIGi ENGINEERING IN PEPARING AND TESTING TE P0D2B/3 CP#EES.

I hhEi TE MOD 2B/3 SOFTWARE IS IffLEFEITED #0-2 AVAILABILITY IS EXPECTED l TO IffROVE PAFEDLY. TE MOD 2 EEEITS WILL EE EALIZED IFTEIATELY, hHILE RE EEEITS CF TE P0D 3 PORTION WILL ECUIE AN ASSOCIATED TE0iNICAL SECIFICATION CPANGE PRIOR TO EDUCING TE LOW STEM GENERATOR - l WATER LE/EL SETPOINT.

1 e

4 3

B, OPERATING HIST 0fu IDEROUS PL41T TRIPS FAVE BEEN EXPERIENCED ON #0-2 kHICH APPEAR l

TO EE UNNECCESARY (SpuRicuS), F## OF THESE CCUG HAVE EEEN PIEENTED BY TE ICD 2B/3 SOFPdAE CHANES AND THE CHANE IN LCW STEE GENERATOR WATER LEEL.

TE CAUSES FOR TESE UNIECESSARY TRIPS CAN EE CATEC{RIZED AS FOLLOWS:

(1) SPURICUS CEA RSPT SIG4ALS (2) CEADRCPSATLCWPOWERL&ELS  ;

(3) CEAC INTET1ITTENT FAILUES (PRCCESSCR AND/CR DATA LINKS)

(14) DIFFICULTY CF STEM GEEPATOR LEVEL CCfffROL a LCW PGERS IN PNUAL TE POLLOWING SLIDES EETAIL THE PAST #D-2 TRIPS hHICH CAN EE ATTRIBUTED TO TFESE TYPES OF &E1TS, o

1

e *

  1. 0-2. TRIPS W1101 WOULD/mY (?) IIAVE IEEN IRVBIIB) BY CPC/CEAC MOD 2B/3 OWrf , 'l -

PAGE1 ,

DME Rx IGER (%) TRIP CNJSE MOD 2B -M003 12-17-78 5 S/G LEVEL YES 32-17-78 5 S/GLEVEL  ?

12-18-78 5 S/G LEVEL  ?

12-18-78 11 S/GlEVEL  ?

12-20-78 10 S/GLEVEL YES 12-29-78 19 S/GLEVEL . YES 12-30-78 20 DNBR (CEAC)  ?

1-0G-79 20 DNBR(RSPT) YES 1-07-79 5 DNBR(RSFI) YES 1-11-79 5 DNBR(CEAC)  ?

1-19-79 20 S/GLEVEL  ?

1-31-79 18 S/G LEVEL YES 1-31-79 <1 DNBR(RSPI) YES 06-79 <1 DNBR (CEAC)  ?

  1. 0-2 TRIPS Wil01 W0llD/l%Y (?) IIAVE BEDI PRB/ENlEI) BY CfUCEAC MDD 2B/3 OWLE 5 -

PAGE2 IMIE Rx IUUt (%) TRIP CMJSE M002B MDD3 ,

~ 6-07-79 11 RE (CEA mw)  ?

6-08-79 1 S/GLEVEL YES 6-09-79 10 S/GLEVEL YES 6-10-79 2. RE (CEA moe)  ?

6-13-79 10 S/G[fVEL g YES 6-20-79 37 S/GLEVEL 7 -

6-20-79 1 DNBR (CEA moe)  ?

6-21-79 1 DNBR (CEA mm)  ?

6-21-79 2 S/G LEVEL YES 6-21-79 15 N E (CEAD  ?

8-07-79 53 RlBR (CEA mw)  ?

8-lli-79 <1 RM (RSPD YES 8-18-79 29 DNBR (RSFD YES 8-18-79 <1 DNBR (RSPD YES O

I ND-2 TRIPS 1411011RA1)/mY (?) IlWE PEEN PIDENIED BY CPC/&E MOD 2B/3 OIANGE 6 Pace 3 IWE Rx IMR (%) TRIPCAUSE M002B M003 8-19-79 16 INE (RSPD YES 9-23-79 7 DIER (RSPD YES 12-02-79 6 S/GLEVEL YES 3-18-80 <1 fiNBR (CEA DRT)  ?

3-19-80 9 S/GLEvct -

YES 3-20-80 till INE (CEK)  ?

3-20-80 6 S/G 11YEL YES li-19-80 10 S/G IIVEL YES 11-211- 8 0 80 DNBR (RSPD YES 11-25-80 80 IN3R (RSPD YES

7

  1. D-2 TRIFS hHIG IICLD/MIGhT(?) PAVE EEEN PEENTED BY TE itD2B/3 SOFil@E CFAIE.S TOTAL to.- TRIPS hHIG MOD 2B WUJLD PAVE PPE/ENTED = 10 TOTAL fo. TRIPS kHIG MOD 2B MIGHT PAVE PFE/ENTED = 11 :

TOTAL fo. TRIPS hHIG MOD 3 hCULD FAVE PFE/ENTED = 12 i TOTAL N0. TRIPS hHIG MOD 3 MIGHT FAVE PPE/ENTED = _5 TOTAL = 38 6

9 4

W ,

8 Mil FRTCES

1. F0D2B/3WOFKINITIATEDJN11ARY15,1979
2. DESCRIPTICN CF CFM5.S (FItkD TP#64Ilito TO AP&L NOMER 29,1979
3. AP&L CafLETED INITIAL SAFETY EVAUJATION J#ll!ARY 20,1980
4. EESCRIPTION CF CPANGES TPAG1ITTED TO NRC FOR FE/IB4 JN1!ARY 31,1980
5. AP&L EETE41IED TPAT CP#iGES DID NOT CCNSTITUTE AN lf1FE/IB1ED SAFETY QUESTION PAY 6,1980
6. SArtTY E/ALUATION TPR&1ltid TO NRC PAY 6,1980 l
7. INITIAL PLANNED DATE FOR IFFLEEITATICN PAY 17,1980
8. PESENT PLRED DATE FOR IPPLEENTATION PAY 24,1980 9

SLM9R/ OF GMR

1. CEAC PF CHANGES (ITEMS 1,2A,10,13,13)
2. CPC/CEAC DIAGNOSTICS (ITEMS 8,9,14)
3. ASGT MODIFICATION (ITEM 12)
4. HEAT FLUX FILTER (ITEM 11)
5. OTHER MISCELLANEOUS CHANGES (ITEMS 3,5,6,7) 1 i

9

CEAC PF CHANGES OBJECTIVE:

REDUCE THE NUMBER OF UNNECESSARY CPC TRIPS AS A RESULT OF CEA DEVIATION LOGIC, PREVIOUS DESIGNr

1. THE CEAC CALCULATED ONE " WORST CASE" PENALTY FACTOR WHICH WAS APPLIED TO DNBR AND LPD,
2. THE PF WAS APPLIED TO THE ONE PIN RADIAL PEAK.
3. THE CEAC/RSPT INOPERABLE MODE LOGIC LEAVES BOTH CEACS IN-SERVICE OR TAKES BOTH CEACS OUT-OF-SERVICE.

l CHANGES: I

1. SEPARATE DNBR AND LPD PENALTY FACTORS.
2. PENALTY FACTORS DEPENDENT ON:

A. MAGNITUDE OF DEVIATION B. DIRECTION OF DEVIATION C. SUBGROUP WITH DEVIATION D. CEA CONFIGURATION E. TIME 3'. DATA TRANSMITTED TO CPC EROM CEAC A. FAIL FLAG B. BIG PENALTY FACTOR FLAG C. DNBR AND LPD PENALTY FACTOR

4. APPLY PF TO HEAT FLUX IN STATIC DNBR LOGIC.
5. MODIFY THE CEAC/RSPT IN0PERABLE MODE LOGIC SUCH THAT ONE CEAC CAN BE LEFT IN-SERVICE.
6. MODIFY CEAC CRT DISPLAY.

4 9

  • e I

e O

g C g C 2 8 88RS SS aR2*

eso 9 ,

S .

e N .

== e .

  • * . m
    • 9 9

- e .

=. O e .

I 1 - 9 , .

- # 1

  • m j
  • " # E.

1-

  • 3 e

. . 5 o l

\ O 9 - * - l 3

- G 4 g

- e . . d

  • a L =-. e. J v

e _

3-

  • D

't- y l .= e , p

= e .

* * . 1 k
  • l

.,a J ~. e l G.

- e

[j

_ m

.= = se o

i 1

, , - G.  : , l 9

-

  • _ a O. g iU [ ']

o l

, - a - l

,A p ,

" . - i O

i a: .

m o

1 i "

ak

-T m .

- y

- an.

g 1

W e

[,f' 4 o

" * . ~m 9

o l ** O g

" 'I

  • =
m. S "

g 5 G -

i, m. 6 -

4- -

- S - N me 3

.o 9 ** ~

I

  • Og * =

I a. e -

e **

q

  • = G l,

=== e

  • T*

m e -

t

)

- e .

    • S' w e - *

-1 O **

1F a. e ** -

i g

o o C C C C C C C C C C C o o n o,= c m co N G W3 v r3 N c'*

e e=

e r= -

N T= - *=

9 s

l 4.. *

(

( 1

% i l Q + ."

. l

)

t

  • W 25 t2 C3 E! 23 23 23 E3 13 Wr tu C3 m A r tu g + + + + + + + + + + + + + + + o r -mrm  :

fft m m m E E3 ru 3 r  : -

mmmm  :

m mr .e  :

tu  :

rramm O  :

- - ru - CD  :

- ru m m r G  :~

E3 NW-m W

  • fu I"" t 53 I"" ll m a m e .s C4 -

g-rerr z E r-mtm m W W W1 A  :

1 m ci ru A r u -

- mmmm 1 "

P Jerm ru ru ru ru -

- b c_

O. a..

  • 19 m W C/)

- e.- l N N fu fu  : C"3 U

Q fu 2* J 2"I"" r c2 " <

r lll" W

. U *

  • *
  • m m e - es  : .

' m u14 4  ::

  • 1

.T m .EI - m fu l

i m m e r- e  :-

4 .a .s .3 b a m r m .s O d

== J J .a .3 C  :'l N

r - r t: I"" -

N - F" !"* C3 f"" ll 3 ru a r e m A  :

~

l

. Q. l J  !

- r-mm u.  :

d - m=r b.

1

.c3

= mm 2'es =*r 2" ru ~

)

+ + + E3 tl2 C3

+ + C3

+ + C3+ + + + + + + + +

C3 22 C3 tl3

.M. 3.'.

tu C3 CEE .3 r tu 1

l 1

.e . .. ..

me a a m m a a m H mr N E2 m .a r N

<> + + + + <> + + + + <>- + + ++ <>

r- em  :

M mm  :

m C2 N .n r  :

mmmm  :

m H W W.Nr - r.  :

rramm @  :

--N- @  :

- mmmr H  :

e a

h bJ IF1 t- -M m F ll  !

m e m e .s C4 .

n-Me

- rrrr =:,

h i e r=mem

- W W U1 m Q -

~

U. >-

m

-mmmmu m .a r 1  : <

a l O-tn

(* G" .--

10PTmmNm - a L .a Nmme NNNN

U c::"

LLJ U

QN JFrm"

- rrrr 1 1

m m r ** m ---

== m W .3 .2 M m. mN -

rmmer

- .a .a .s .m + =

N .a m r m .m Y  :

== .5 .D .2 .3 H  :

e Nr rEmF - =

u r- li i m .a r r m A  :

g J -

- r-mm u  :

. g -merr g  :

anurm  :

- M 2"lr" 2* -

4 4 + e t 4 + +c2+ + c2+ + + + T3+ e p:2 m c3 c2 A r N C2 l W1 r N 23 .2

. .C.2 1

CPC/CEAC DIAGNOSTICS

, ORIFCTIVF.

PROVIDE ADDITIONAL CPC AND CEAC DIAGNOSTICS TO IDENTIFY THE CAUSE OF SPURIOUS CPC TRIPS.

PREVIOUS DESIGN:

SENSOR STATUS WORDS PROVIDED INFORMATION THAT A CPC SENSOR HAD FAILED.

CHANGES:

1. FAILED SENSOR STACKS IN CPCS AND CEACS A. STORES UP TO 6 ENTRIES B. CONTAINS SENSOR ID, STATUS, AND TIME OF ENTRY C. ACCESSED FROM:.
t. OPERATOR'S MODULE It. TELETYPE WHEN CALCULATOR IN-TEST
2. SNAPSHOT OF DATA l l

A. CONTAINS INPUTS, ADDRESSABLE CONSTANTS, INTERMEDIATE VARIABLES AND OUTPUTS.

B. BUFFER FILLED: , I I. IN CEAC, FOR AN OFF-NORAML PF OUTPUT  !

II. IN CPC, FOR A CHANNEL TRIP. l C. ACCESSED FROM TELETYPE WHEN CALCULATOR IS IN-TEST. l

3. LOGIC ADDED TO PREVENT SPURIOUS PENALTIES AS A RESULT OF RSPT ASSOCIATED INSTRUMENTATION ANOMALIES.

l

'l1 l

l ASGT MODIFICATION OBJECTIVE:

PERMIT REDUCTION (AFTER NRC APPROVAL) 0F THE LOW STEAM GENERATOR LEVEL TRIP SETPOINT BY PROVIDING PROTECTION FOR SELECTED ASGTS IN THE CPCS.

PREVIOUS DESIGN:

NONE CHANGER APPLY A PENALTY FACTOR TO DNBR BASED ON A COMPENSATED DIFFERENCE IN THE COLD LEG TEMPERATURES.

o Coto Les /cmerwene Orrreeroce Cornerasnzoa ro< ASG7s^

COAPFMSMED c

go .

AcruAL M

Co LO LErr 4T C'O,, --- Te e. E ww.9_G2.*n - - --

i  !

3 l l

85- 8 1

1 I

I I

I I

I I

10

~

l i

I l 1

i CPC l GEAISE O l er i

I 5 -

1 i

i i

i i

l n I I , ,  ! .

l j 2 3 Y 8 l 1

-tine (SEC.)

e l

.. l I

~ HEAT FLUX FILTER MODIFICATIONS OBJECTIVEr TO ' REDUCE THE SENSITIVITY TO NOISE OF THE THERMAL POWER TO HEAT-FLUX COMPENSATION TO NOISE EFFECTS.

PREVIOUS DESIGNr

1. TWO FILTERS A. OPTIMIZED FOR INCREASING POWER  ;

l

a. OPTIMIZED FOR DECREASING POWER l
2. INPUT TO FILTERS IS MAXIMUM 0F CPC THERMAL POWER l

A.1D CPC FLUX F0WER.  !

CHANGES:

1. PROVIDE A SEPARATE HEAT FLUX FILTER OPTIMIZED FOR INCREASING POWER WHICH USES THERMAL POWER AS INPUT.
2. USE THE CURRENT FILTER OPTIMIZED FOR INCREASING POWER FOR NEUTRON FLUX POWER ONLY.
3. FILTER FOR DECREASING POWER TRANSIENTS USES THERMAL POWER AS INPUT. ,
4. CPC HEAT FLUX IS THE MAXIMUM-0F THE OUTPUTS FROM THESE THREE FILTERS.

y REASON FOR HEAT FLUX CHANGE FOR PREVIOUS SOFTWARE

1. THE CPC POWER INPUT TO THE HEAT FLUX FILTER MUST BE A CONSERVATIVE ESTIMATE DE POWER. THE CPC POWER IS THE MAXIMUM 0F THE TOTAL THERMAL POWER AND THE NEUTRON FLUX POWER,
2. THE HEAT FLUX LAGS THE CORE POWER.

1

3. THE CPC THERMAL POWER LAGS THE HEAT FLUX, i
4. FOR INCREASING POWER TRANSIENTS, WITH THE CPC NEUTRON FLUX POWER NON-CONSERVATIVE, THE CPC THERMAL POWER MUST BE c0MPENSATED WITH A DYNAUIC TERM AND A STATIC 0FFSET TO ASSURE THAT THE CPC TOTAL THERMAL POWER IS GREATER THAN THE ACTUAL POWER. THIS TOTAL THERMAL POWER IS l THEN LAGGED TO PROVIDE THE CPC HEAT FLUX. l l

1 i

l

CEA 8ANK WI RA '"^ L

- , FRon) fa. LL f0 u)ER

(*lo AO ?-

O.5 xIO'Y ^ (

sec

.fo R. 0 -

-k - Acraat Au x Poweg 107.0 -

. - Acraat Mes, fiax

.f 0 6.0 -

)( - C PC STATIC 7~4cnmAt Powgg 105.0 -

10V. O -

.t o 3. 0 -

10.z.0 -

102.0 -

X f00.0 -

n-0 O 30 7?me 10 20 VO SO cscQ

FOR MOD 2B/3 SOFTWARE:

1. THERMAL POWER IS COMPENSATED BY THE DYNAf11C THERMAL-POWER TERM AND THE HEAT FLUX FILTER S0 THAT THE RESULTING HEAT FLUX IS CONSERVATIVE WITH RESPECT TO THE ACTUAL HEAT FLUX.

CEA 8ANK WIMRA U' AL '

/~Ron]

fa. LL f0 u) ER

'07 *

(*AD (o.sxio'Yh$.) .

SEc .108.0 -

-$c - Acra.st fxux Powag i 07.o - . - Acraat. Hes, Max

)( - CPC STATIC 7~4cnn?AL Pawgg 10G * ~ .

a - cec corneensceo went f2a x 105.0 -

.101.0 -

1 o 3. 0 -

1 02.0 -

.fod . O -

100.0 -

/ W

, i ,

i .

91.0 TIME O 10- "20 0 ' #8'")

MISCELLANEOUS' MODIFICATIONS

1. CONSTANTS, ADDRESSABLE CONSTANTS, AND POINT ID'S FOR THE MODIFICATIONS LISTED ABOVE.
2. MODIFICATIONS TO THE CALCULATIONAL SEQUENCE TO INCREASE EFFICIENCY AND ACCURACY.
3. ADDED A DEADBAND TO THE LOW END OF THE EXCORE SIGNAL RANGE TO AVOID SPURIOUS OUT-0F-RANGE ALARMS.-
4. MODIFICATION TO THE LOW LIMIT CHECK LOGIC FOR EXCORE SIGNALS CORRECTED FOR SHAPE ANNEALING.
5. MODIFICATION TO THE SATURATION TRIP LOGIC.
6. MINOR MODIFICATION TO THE PERIODIC TEST OUTPUT LOGIC.
7. IMPLEMENT MEASURED VALUES OF CERTAIN POWER DISTRIBUTION CONSTANTS.

l

QUALIFICATION PROGRAM ALL CHANGES WERE MADE AND TESTED IN ACCORDANCE WITH A. CEN-39(A)-P, REVISION 02, THE CPC PROTECTION ALGORITHM SOFTWARE CHANGE PROCEDURE, DECEMBER 21, 1978.

B. CEN-39(A)-P, SUPPLEMENT 1-P, REVISION 01, JANUARY 5, 1979.

THE FOLLOWING WAS PERFORMED:

PHASE I TESTS ALL MODULES MODIFIED TESTS ALL MODULES WHICH ACCESS COMSTANTS THAT WERE MODIFIED PHASE II INPUT SWEEP TEST 2000 CASES FOR CPC 1200 CASES FOR CEAC DYNAMIC SOFTWARE VERIFICATION TEST LIVE INPUT SINGLE-PARAMETER TEST

-l

1 THE FOLLOWING DESIGN DOCl'MENTS WERE MODIFIED AND QA'D:

1. Functional Description for a CPC, 00000-ICE-3208, Rev. 03, February 18, 1980.
2. Functional Description for a CEAC, 00000-ICE-3234, Rev. 02, March 20,1980. '
3. ANO-2 Cycle 1 CPC and CEAC Data Base Document, 6370-ICE-3212 Rev. 03, April 18,1980.

4 General Specification for Software Design of CPCs, 00000-ICE-3010 Rev. 04, i May 15, 1980. l S. General Specification for Software Design of CEACs, 00000-ICE-3026, Rev. 03, i May 15, 1980.

6. General Specification for Software Design for CPC/CEAC Executive System.

00000-ICE-3031, Rev. 01, May 15,1980.

7. CPCS Phase I Design Qualification Test Report, 6370-ICE-3717, Rev. 03, May 16, 1980.
8. CPC/CEAC System Phase II Software Verification Test Report, 6370-ICE-3726, Rev.

02, May 14, 1980.

9. Program Listings for CPC, 00000-ICE-3910, Rev. 03, May 15,1980.
10. Program Listings for CEAC, 00000-ICE-3926, Rev. 03, May 15,1980.
11. Program Listings for CPC/CEAC Executive System, 00000-ICE-3931, Rev. 02, May 15, 1980.
12. Test and Certification Analysis of CPC System Software for Channels C and D 6370-ICE-3631, Rev. 04, May 16,1980.
13. Test and Certification Ar alysis of CPC System Software for Channels A and B, 6370-ICE-3629. Rev. 04, May 16,1980.

i i

SOFTWARE VERIFICATION TESTS

1. PHASE I MODULE TESTING II. PHASE 11 TESTING A. INPUT SWEEP B. DYNAMIC SOFTWARE VERIFICATION C. LIVE INPUT SINGLE PARAMETER  !

l III. NOISE TESTING I

O

PHASE I MODULE-TESTING I. TEST REQUIREMENTS (PER CEN-39(A)-P)

A. TEST ALL MODIFIED MODULES B. TEST MODULES ACCESSING UPDATED CONSTANTS II. TESTS WERE PERFORMED ON ALL MODULES III. TEST RESULTS A. CPC - NO ERRORS B. CEAC - NO ERRORS C. EXECUTIVE - 2 DISCREPANCIES BETWEEN SPECIFICATION AND IMPLEMENTATION

1. IN A SEGMENT OF CODE USED FOR PERIODIC TEST.

A. FIRST DISCOVERED IN ORIGINAL PHASE I TEST B. DOES NOT IMPACT NORMAL OPERATION OR PERIODIC TESTING.

I 9

2. IN THE CEAC AUT0-RESTART CODING:

A. IMMEDIATELY AFTER AN AUT0-RESTART, WITH THE FAIL BIT SET, THE PENALTY FACTOR VALUE IN THE PF OUTPUT WORD TRANSMITTED TO THE CPC'S IS NOT AS SPECIFIED.

B. ERROR NOT CORRECTED - DOES NOT IMPACT CPC OR CEAC OPERATION

1. CPC IGNORES VALUE OF CEAC PF WORD IF FAIL BIT SET.
2. PENALTY FACTORS IN PF WORD ARE CORRECT AFTER 0.1 SECONDS.
3. FAIL BIT IS NOT RESET FOR APPROXIMATELY

.12 SECONDS.

O

PHASE II TESTING I. INPUT SWEEP TESTING A. OBJECTIVES

1. DETERMINE PROCESSING UNCERTAINTIES
2. VERIFY INITIALIZATION
3. IDENTIFY ABNORMALITIES B. MINIMUM 0F 500 TEST CASES REQUIRED C. CPC TEST 1, 2000 TEST CASES l
2. OBJECTIVES OF TEST MET A. PROCESSING UNCERTAINTIES LESS THAN REV. 02 SOFTWARE  !
s. NO ABNORMALITIES UNCOVERED
c. ALL TEST CASES INITIALIZED I D. CEAC TEST 1, 1200 TEST CASES
2. OBJECTIVES OF TEST MET l

A. PROCESSING UNCERTAINTIES DETERMINED i

s. ALL TEST CASES INITIALIZED l
c. NO ABNORMALITIES UNCOVERED
1. INTERMEDIATE VALUES IN 24 TEST CASES DIFFERENT DUE TO AN IMPLEMENTATION DIFFERENCE. DOES NOT IMPACT CEAC PENALTY FACTOR OUTPUTS,
2. ONE CASE DID NOT MEET ACCEPTANCE CRITERIA DUE TO DIFFERENCES IN MACHINE PRECISION-ABOUT- A BREAKPOINT.

PHASE II TESTS (CONTINUED)

II. DYNAMIC SOFTWARE VERIFICATION TEST (DSVT)

A. OBJECTIVES

1. VERIFY DYNAMIC RESPONSE
2. HELP ASSURE CORRECT SOFTWARE IMPLEMENTATION B. TEST CASES
1. FIVE. REQUIRED BY CEN-39(A)-P
2. NINE CASES RUN A. FIVE REQUIRED CASES
a. THREE ADDITIONAL CEA DROP CASES
c. ASGT CASE C. RESULTS - DSVT OBJECTIVES MET

PHASE II TEST (CONTINUED)

III. LIVE INPUT SINGLE PARAMETER (LISP) TEST A. OBJECTIVES

1. VERIFY DYNAMIC RESPONSE
2. HELP ASSURE CORRECT IMPLEMENTATION OF SOFTWARE
3. EVALUATE HARDWARE / SOFTWARE SYSTEM B. TEST CASES
1. FIVE REQUIRED BY CEN-39(A)-P
2. SIX CASES RUN A. FIVE REQUIRED CASES .

i B. ONE PART-LENGTH CEA DROP CASE C. RESULTS - LISP 6BJECTIVES MET l

l 2

e

a i

NOISE TESTING A. OBJECTIVE

1. EVALUATE SOFTWARE RESPONSE TO PROCESS NOISE.

B. RESULTS 4

1. THE REV. 03 RESPONSE IS VERY SIMILAR TO THE REV. 02 RESPONSE.

i i

I

l O

9 m . _ __ - .. ,_,. -

e e

- _ = . . .

L3 0

O v

  • = e C3 i

O.

s2 e

=

it l

l 3 u

o O

~

r4 x4 ..

e C3 0

8 1

C te l _

J\! '

C3 C

6i i r c4 3 i -

%hI o.

A

s. >
a. 0:

O! .

c --

P I Cd wM l m r . 0 ==

$ & .~

t

t. (3 Li.

l - 43 e . .E 3 *= .

7, - *

(D.

h .- l

  • 6 f  :

S. 'l 8 H.

N f

w s .o .

1 - e I h 43 l C e= =e f$

l .e o .-

e w

O

"""'" 'd -J l

e

% #hs e.,. ' V

" J ,

t e 7 l = =

  • i l l l U 1

IC a G3 o a

& Q.

o ofI ea t P.m m .

  • C. g tg
  • r.

=

. r. *r. g g o3 *e.

r l e-a3 i ._.

i . .

4 +== , me

.m,# 'd e awX. a I', < - .

CJ:

%-= c.m

=

I e .a g vv l .

o 9

o l _

o a

n

. g -

U "

o N

i l o

9 0

\'

t

  • O.
g. J o -

o I

o ,

o E~

O 9 =;

e D -

n =

CL o u 9 l Z

e E

~

Nl d o J

% C 2 f 2 < o Om

=

o e uJ -

O> ,

e w g Oz ( 4 ,

. Z ,

l 2 1 d' f I t o IC o o "

  • o o ao N'

p a l *'* me me ao

, CO O b i u gN g

a j

v]U ca E

'si"3 8

UU i

l. __ i

'W 8

e O'

g . . . . . _

O i g** *

k. O se W. . s-N
r. ~ ., e n

.. r --

4J

[.

p.

O O.

.. a * .6 g**# .... 'J

. O 6

3.a.%. ..- a.

ts

, e

.- d e* fe s

$. *5 #

.m e<

q's g

Q d '.

"2*. U .

7 1- a.

} , g-

4. * .-

. - ,-:..* e4

%s  !

T

.- s I '* -

O= )

0 .m,

  1. -* 5' O i^.

'v a, f~. -

o o

w.c

, h.*j*, f4 o .-

x

.s

.-P

- g,g -

- 1 1

'.+ O a

- - -bl

. -

  • o c 3*=*. e.-

v3 e >=.=. }, .

e i Q Y' s -*

s '. .

1 A *=**

of** *

..*b c.

s m

_, ,-a. - , .

L. .

y . .. - e. s. .

~

f. Ta h -k,,. U a gy, . ** .,

8 O .

+-

e g

i I

- d' ,cj - } 3 P

  • ra *

.. .py,

- .- g . .

.w*

W O

,-_ i- ,

"w . I _

i i t.t I

r

  • u O

a O

a e

a C

a O

un O

  • = (** "

r

. P3 -= 0 O w4 L.. - *  !

^*

e4 e4 e4 o;4 20 as 3 e4 ea i l

t~ers i

us l t

.e.

.I

.
  • ,s,  : .c x

.. hunc

h. m .

O  %

4 ed % #

j .u .

6 4

1

- - ~ - - - - - - - - - - - - - . , . - _ _ ,

m h

e e

=

d,

$ y*.**)... -

k .

. .**s.,, p o

e

~

.. .. ~i=:t* .

i Q M n* a t ., j g~ =-

N S *.* .

' [

  • . * ..* p:f .

c3

. * ., ., . , .-.

  • o.

+ . co eg*,.

  • 3** -

N T . +,+ .***

l 6 o '

t ;4 .v.

  • o
  • l **.

( I

  • N l I -
s.
  • f+.*% < . -
4. , * + n ==
  • A.* . o o

c3

@  %~

+

2*

ca H  ?'E * *** * . um

/*, ** N wx

)

p 6

.** - W3 ==

N A'*'

a o*

w

.n.

>- e @ M

+

N . J.*.*t,  %

g a J pf. * .: *

,.t** . -

C s M.. . g.+ t* N

~ .

" a.

1- t ON 8 O LC. e w Y. * .- .' .* -

v)>

m

  • }...s
    • m Q
  • .j **D* 5 OZ *+ - ,

z .ly:* :s'.s z f  ; * .

~ t i e 1C o o a o

o k h

  • g

- o o~

I-- " " "

ily N E ..

Z DO 8g t a w

UJU t . ctx HGNQ C1 UU .

W GUlIHW g t

e t

c i

I

. THEMARGINOFSAFETYISNOTDECREASEDIF:

~

A) THE CONSEQUENCES (I.E. RADIOLOGICAL EXPOSURE TO THE PUBLIC) 0F THE LIMITING DESIGN BASES EVENTS ARE NO MORE SEVERE, AND a) THE CONFIDENCE LEVEL IN THE CAPABILITY OF THE SYSTEM TO PERFORM ITS SAFETY FUNCTION IS MAINTAINED

)

9 w

WITHRESPECTTOITEMi)

THE CPC I5 REQUIRED TO INITIATE A REACTOR TRIP TO ASSURE THAT THE SAFDL (s.a. DNBR AND LPD ) ARE NOT VIOLAIED FOR SPECIFIED DBEs.

MEASUREMENT, CALCULATION AND PROCESSING UNCERTAINTIES AND l DYNAMIC ALLOWANCES MUST BE CONSIDERED IN THE TRIP LOGIC e

4 J

t t

9 0

e

. 4 s

ge J.3 "a ij .

Ij'

{

k .

I s =<8 '

2

$iu 6 2 y T c T ~3 1 h 'l .

3 c4 +

N d 2 o Z

O .

e d - s d

s -

d E

, e a a  :

m

'd j1

$U l' l V

) e w

v c

x

> ssT l

)

1 3

I i

0 l e ~

2 .

O

43- 4 d

a 1

o e Y d, T-3_ w

! } $a513 ase+3 o 3 e

5

'i4 4

h

  • 3
  • 1 9 &

y b 5 n

ch ' &

o y

a,

}f 2 -

5 g3 ~

g i a

2 f- 0 i

' N ,a I

$. % 51 i {l -9 c3.sc k

X i \

1 ,

3 i

2 O

I kt e

f

- j l

m .

Y.

2 o

)

a H 2 -

s  :

i I- 3  %

g s  :

a) F 4

$ e E

~1 .

n 2.

H

.o o - g  !

4 2 G.

2 t w o

+-~

4 0 S i a f ,3 E 3 -

+.

z E 5

(

~

i 0

  • f e 1

1 V,)

~

4

$D 8

o o

b Cf

  • li

$p E e 6 O

S O 9 0

4

+

2. -

00

.e '

7  %

e 3

43 ~

2  % -

o o _

_ _ _ _ _ _ -4 q -P w

1,. .

2 5 9 l A~

@ 3 -

l U

g

'n o

L 2______~-

  • O H ~ 2 O t_ m o ,
  • _. e G. _ __ ' 1 2 y '

o i I

o

. +1 s

. ~

a 2 1 E -

~

O i?

9e 1 a= N9 ~

-o ~

'  :.0 3

o o

b

  • Cs

. _ , . _.. . - - _ -.ev.---

, ee .

l THE MOD 2B/3 SOFPdARE IS MORE ACCURATE AND THE PR0 ABILITY BAND 'dIDTH IS REDUCED .

O I

o e

O h%

0 em

4. ' . . D .

i EN

- @0 f$

N, l

es o<

a a h 4

  • 8 L

s \

/2 l i

+ ~

s > o E

e '1

~

o  ;

Ia 3 f O

a

> ss 0e (c /* x e

3 1

0 2 .

B 05-9

/

e i

l l

,. )

. N  !

4  !

Q a o >

\

o i H

s c *t

-g o

9 is 0 e &G 4

- p -

q H

. o j ' e q

2 q o -

9O

~

O A 3

i b e -

E

{ !

g a ( -

+2 4

o f.

1 ,a T1> g

~

t.j .

K 7

o S

a 0

4 Q/ .

O t4J

%E o 0 pre W m ew o h*

e. 9 9

A o o

o g w w > g g[' *

% W f

y $ A. b

. , \g '

O E &

5NC  %  % n * -

d oy J O' 4' I 6 D$ M ih N

3 2 9

dkme pwg

& *+

z ,3r n h m m x y .w u o N

b. E to u 4 h to N~ 4 4  %

w O W %* .

o g

v" LH m .

o - g try ,

m m w o a fm .k N

NuO u $u M W hQ $

m l

tw W W Rv g 1 to s6 0 N y .

p cy6 6 e y

i N O O m NW OT k 2 3 sa ..

g g ut TEo $*# M D Q M w

V M bW N) ^

cy g.

a m h m F

  • o n gt 5 6j's 9o h .

6 gw a w y b w s .

? w

= W x O $ D Y h 2 $ (

3

$ N.

.= ,$$_ w_. ,$ 6, e ej e O qm 0 "

3 w

  • M M*

m N N y

< w CO M

U H l

CONCULSION .

THE MOD 2B/3 SOFTWARE IS A MORE ACCURATE VERSION AND REDUCES THE SPREAD ON THE MINIMUM DNBR VALUES FOR DBEs THE LIMITING TRANSIENT WILL HAVE CONSEQUENCES NO MORE ADVERSE THAN THE PREVIOUS SOFTWARE OTHER EVENTS WHICH HAVE RESULTED IN UNNECESSARY TRIPS ARE AVOIDED .

i O

9 4

WITH RESPECT TO ITEM a)

THE PURPOSE OF CEN-39(A) IS TO ASSURE'THAT THE CONFIDENCE IN THE SYSTEM IS NOT DEGRADED DUE TO SOFTWARE CHANGES .

SINCE THE MOD 2B/3 SOFTWARE CHANGES WERE SUCCESSFULLY PERFORMED IN ACCORDANCE WITH CEN-39(A), THE CONFIDENCE LEVEL IN THE SYSTEM IS MAINTAINED 4

I l

WITH RESPECT TO ITEM s)

THE PURPOSE OF CEN-39(A) IS TO ASSURE'THAT THE CONFIDENCE IN THE SYSTEM IS NOT DEGRADED DUE TO SOFTWARE CHANGES SINCE THE MOD 2B/3 SOFTWARE CHANGES WERE SUCCESSFULLY PERFORMED IN ACCORDANCE WITH CEN-39(A), THE CONFIDENCE LEVEL IN THE SYSTEM IS MAINTAINED G

9 8

.

Retrieved from "https://kanterella.com/w/index.php?title=ML19318C507&oldid=2496131"