ML20012A827
| ML20012A827 | |
| Person / Time | |
|---|---|
| Site: | General Atomics |
| Issue date: | 03/31/1989 |
| From: | GENERAL ATOMICS (FORMERLY GA TECHNOLOGIES, INC./GENER |
| To: | |
| Shared Package | |
| ML19293A201 | List: |
| References | |
| E117-1001, NUDOCS 9003120641 | |
| Download: ML20012A827 (48) | |
Text
.
o,,
TRIGA* Reactors w
i
. l' E117-1001 hl
- l t
+
NM-1000 SOFTWARE FUNCTIONAL SPECIFICATION i
PREPARED BY l'l
-GENERAL ATOMICS i
SAN DIEGO, CA.
E c
l e
March,1989 I
h GENERAL ATOMICS L
s
't,
,e-'
~
l P4 Table of Contents 1.0 Scope 2.0 Software Overvb'A 4
3.0 Safety Systek isgstrements 4.0 Sof t' ware Functaonal Requirementh l
.4.1 External. Device Interfaces.
t
'4.1.1' 4.1.2 Keyboard / Loca Display interface 4.1.3 Remote Computer. Interface.
4.2
' Data base Organization and Data Dictionary 4.3 4.4
-Conversions, Calculations, and Data-Smoothing
-4.4'.1-4.4.2; Percent ower. Calculation 4.4.3' Reactor Period Calculation I
4.5 NM-1000 Hardware Outputs 4.5.1 Digital Alarm outputs 4.5.2 Analog outputs 4.6 Battery' Backed Constant Storage 4.7 NM-1000 Startup and Operating System e
4.8 Background Self-Test 4.9 Error Detection 4.10 Watchdog timer 5.0 Timing Diagram 6.0 Processor / Memory Utilization & Expendability 1
a:i;
- 4' t
31 s
7.0 runctional Area / Functional Requirement Croci Reference 7-.*
Local Display 7.2 7.3-7.4 7.5 eactor ower anne s 7.6 Reactor Period - Both Channels 7.7 Remote Computer 7.3 Digital Outputs - General 7.8.1 Digital Outputs - High Alarm i
7.8.2 Digital Outputs - Low Alarm 7.8.3.
Digital outputs - Rate Alarm 7.8.4 Digital Outputs - Float Alarm 7.9 Analog Outputs 7.10 Battery Backed-up RAM 7.11 Diagnostics'/ Error Detection 7.12 WDT 7.13 Debug / Internal-l 7.14-Misc.-
8.0 Requirement Number / Item Cross Reference l
l l
I l.
l I
k t
,_f 2
p.
s 0,.
p.
e i.
if 1.0-Scope The purpose of this document is to provide a software functional ~!
specification for the development'of the h7.-1000 software. This document
- specifies :
i I
1)
All N7-1000 External inputs and the processing required by the 57.-1000.. Ranges, accuracies, and sampling-inte'rvals are specified.
!~
2)
-Data Base Organization and data base dictionary.
- j.
3)
All NT-1000 outputs and the processing required to ec,n t rol those outputs.
E 4)
All hardware initialization requirements.
5)
In-service test and diagnostic features.
6)
Calculations required to convert amplifier input to engineering.
units.
7)
Operating system specifications and requirementu.
8)
Operator input and display interface requirements.
9)
Remote computer (TRIGA Console) communications requirements.
10)
System timing and response time requirements.
11)
Cpt percent utilization and memory requirements.
3 L:
- ~_- -_.
i I
\\
J 2.0 Software Overview The NM-1000 software. will be responsible -for performing the following functions R2.010 1)
R2.020 2)
Interfacing with a local display and keyboard attached to the MMJr 1000 :This keyboard will be capable of' entering constant data thatc will control the operat.lon of, the NM-1000. The display will display,
selected internal data base items and optionally refresh their output on a periodic basis.
R2.030 3)
' Communicating with a
remote computer.
Typically, but -not i
necessarily, this computer will be a General Atomics TRIGA Console.
Computers attached to this computer link will be capable o.f inquiring about the status of internal NM-1000 data base items and controlling its operation.
R2'040 4)
Controlling the actuation of multiple digital outputs.
,'R2.050
'5)
Controlling multiple analog outputs.
- R2.060 6)'
Converting amplifier input values to reactor percent power. The reactor power calculation must account for the natural distribution of detector count rate for a given power level.
R2.070 7)
Calculating current rate of change of reactor power in terms of.
p reactor period.
R2.080 8)
R2.090 9)
Storing operator entered data values in non volatile RAM to allow the constant values to be retained in the event of loss of power to the NM-1000.
R2.100 10)
Self-test of hardware components and the reporting of their status, p
R2.110 11)
Monitor its own software execution and not allow the NM-1000 to continue performing its safety function if the sof tware modules are not executing properly.
4 1'
e K
+
p et g_..-
hi 3.0 Saf ety System Requirements As.part of a nuclear safety system..the NM-1000 performs both safet:.
and non: safety. functions.
To meet the safety syctem functional requirements the NM-1000 software is responsible for perfoiming the followkng functions :
., 3 1)
. Actuate the high level trip within 20 milliseconds of a detectable R3.010-high level percent power alarm.
.R3.020 2)
Proper actuation of the low level percent power trip.wi thin'
(
second of detectable alarm.
R3.030 3)
' Proper actuation of the rate of change percent power trip within i second of detectable alarm.
R3.040 4)
Actuating che floating percent power trip.
e Ia 1
-l i
i f
5
4.0 Software Functional Requirements 1
t This section outlines the NM-1000 functional requirements.
The sof tware developed f or the NM-1000 will meet these functional requirements and shall be tested using the NM-1000 Sof tware Veri fiestion honram, l
4.1 External Device Interfaces The NM-1000 will interface with three devices that communicate with the NM-1000 via serial communications.
These devices
-M M Local Display, and Remote Computer Interface will requir-the NM-1000- to initialize and control the NM-1000 UART hardware, entablah communications with the device, and handle all data transfers to and from the device. Specific details concerning the devi as are detailed in the following sections.
4.1.1 Counter / Transmitter Communications The NM-1000 includes to a assembly. This assembly has a l
1)
Communicate with the NM-1000 at 4800 baud, 8 data bits, 2 stop bits and odd parity.
2)
Receive a command byte from the NM-1000 informing it which amplifiers are going to be used for the next sampling period.
3)
')
Send five character message packets every
+
containing the following information :
Byte 1)-
Most significant byte of Byte 2)-
Least significant byte o Byte 3)-
Most significant byte of Byte 4)-
Least significant byte of Byte 5)-
power supply byte containing tne following information Bit 7) -
Always on Bit 6) -
Always on Bit 3) -
Always on
') -
High voltage failure Bit
+
Bit 3) -
+15 volt failure 6
T:
m4 p
.n
~.'
_q vg Bit 2) -
-13 volt failure-Bit 1) -
UART (parity, framing, or overrun error No control byte received in t.he las
^
Bit 0) -
M The NM-1000 is responsible for:
R4.010:
1)
Programming its.UART to communicate with the
!/
R4.020 2)
Sending the control byte to the R4.030.
'3 )
Processing received amplifier counts, and
' R4.' 040 4)
Detecting and reporting communications errors.
1 4.1.2
-Koyboard / Local Display Interface s
!?
The NM-1000 contains a local Burr-Brown keyboard and display unit located inside the NM-1000 cabinaj;. This unit is capahle of displaying.,
text sont from phe NM-1000 and sending key depressions to the'NM-1000.
Two status lights are also located on the front panel. The Burr-Brown :
1)
Communicate with the NM-1000
$)
Contains function key and numeric keypad. input.
L 3)
Can display numeric and text data.
The NM-1000 19 responsible for
. R4.050 1)
Programming its UART-to communicate with the Burr-Brown.
lR4.060 2)
Using a consistent operator interaction for both displaying and',
entering data on the device.
R4.070 3)
Detecting invalid key entries.
i
-R4.080 4)
Displaying numeric values in fixed point, scientific notation, and ASCII character fields as required.
R4.090 5) on certain specific data base items, refresh the displayed value approx. every 2.5 seconds.
<R4.100-6)
Being capable of allowing the modification of some displayed fields while not allowing it for other fields.
R4.110 7)
Providing a method of clearing the internal NM-1000 error stack.
The NM-1000 sof tware will be responsible for maintaining a stack of the most recently detected errors. The local display will be capable of viewing and clearing the NM-1000 error stack.
7 l-l.
,\\
s
]h 8)
. Controlling the actuation of the two lights contained-on thc
' display. Under normal operating conditions both light'. nhall be r,f f, The lights shall be controlled as follows :
R4.120 1)
Upon-the detection of an error posted _on the internal error' stack the "Al" light shall be turned. When the error stack has been viewed and cleared,_the light shall'be turned off.
R4.130 2)
Upon' detection of a rate of[ change trip, high percent power trip, or loss of high voltage the "A2" light shall be. turned on and remain on until the condition no longer exists.
4.1.3 Remote Computer Interface The NM-1000 contains a serial port that optionally will,be used ta '
comunicate with another computer that will typically 'be used tc comunicate with _ the TRICA console._This port _ will be used for d a t,.2 inquiry - and to set. the NM-1000 mode as defined in the data base description. Optionally.the remote computer may request a status message be sent to it periodically as defined below. With the exception of the,
status message, all message level comunications between two computers will be initiated by the remote computer.
The NM-1000 is responsible for R4.140 1)-
Comunicating with the remote computer R4.150 2)
Receiving Data Base inquiry messages and sending responses.
'R4.160 3)
When requested, sending a message to the
- remote computer containing the following in ormation.
1)
Current reactor power in ASCII format.
p
'2 )
Current reactor period in ASCII format.
3)
Current status of the high, low, float, and rate of change digital outputs.
f-4)
Communications message checksum to insure data validity, li
>J l
l 8
l1 l
4.2 Data Base Organization and Data Dictionary To operate, the NM-1000 software will use an internal data base tc store the data it uses that must be accessed by either an operator using the Local Display or a remote computer. The Data Base items that are defined in the following paragraphs will be referenced in following sections that describe the NM-1000 operation.
Item Number Description R4.170 10, 11 Reactor Percent Value I
l r g l
p is a.
R4.130 12, 13 Reactor Period 1
Current reactor rate of change in terms of period.
l Infinite period (no change of reactor power) is considered +-100.00.
R4.190 14 Mode Selected
,s
+
t f
% k 4
.f'.
-.t_-_
R4.200 15 Output Relay Statuses The NM-1000 sof tware will be capable of actuating four trip relay outputs - High, Alert, Floating, and Low power. This data base item is provided to allow the viewing of the relay statuses from the NM-1000 Local Display. This data base item is an ASCII string that contains some combination of the characters H (high percent power), L (low percent power), F (floating trip), and R (rate of change) 9 1
i
m l~?~
)
-s
,a:
o L.
r p
to. indicate the presence of the trip status. Fari example, the value H,R indicates that = the' NM-1000 "
has detected High Power and Rate of Change trips.
a L.a?
R4.210 17-NM-1000 f TRIGA Console 5
y l'
When the TRICA console reques that the NM-1000 ;
send it a status message ever this data base item will contain t e message-tiac-was sent.-
1 R4.220 18 Linear Power Mantissa Mantissa of current-linear power.-
. ' R4'.230 19 Linear Power Exponent m
Exponent of current linear power.
\\'
I R4.240 20 Counting Amplifier counts per second 3
Amplifier counts r second.' Th'e NM-1000 will ' send,
commands to the instructingLt it which amplifier to turn on an ere the input counts are to come from -(either-actual or,
si is se ected-
=
owever. t e counter ts; turned off when the is selected ((14) ='0).
t R4.250 21 Alpha Count Offset The count rate signal -from the Neutron Detector t
contains alpha and neutrons. This data base item will contain the alpha count rato in counts por second. This value will be subtracted from (20) to obtain the Adjusted Amplifier CPS.
4.260 22 Adjusted Amplifier Counts Per Second
- 3 (20) - (21). Will contain the amplifier counts minus the alpha counts.
-R4.270 25 Counting Mode Percent Power Conversion Constant This conversion constant will convert (22) 'to percent reactor power. When in Counting mode, this value when multiplied by (22) will give the current reactor power.
-R4.280 28 Crossover Value 10 o
u' e
4 W
g.
4 l.
R4.290 29 Crossover Setpoint.
R4.300 30 R4.310 31 e
R4.320 32 M
R4.330 33 Conversion constant to convert (32) to normalize the 11
R4.340 34 Normalized R4.350 35 This conversion constant will convert to percent reactor war.
R4.360 38 R4.370 39 R4.380 40 Low Level Percent Power Trip Setpoint This trip setpoint will determine the percent power level at which the software will actuate W
the Low Level Trip. The software will actuate the trip when the r'eactor percent power has fallen below the trip setpoint and it will de-actuate the trip when it has exceeded 1.05 * (40).
R4.390 41 High Level Percent Power Trip Setpoint This trip setpoint will determine the percent power level at which the software will actuate the High Level Trip. The software will actuate the trip when the reactor percent power has risen above the trip setpoint and it will de actuate the trip when it has fallen below 0.95 * (41) and at least 10 seconds haave expired since the software first detected the trip.
12
'N R4.400 42 Floating Level Percent Power Trip Setpoint This trip setpoint will determine the percen: l power level at which the software will actuata l the Floating Level Trip. This trip can be used as l either a high or low level percent power trip by I setting (51) to the proper value. If (51) = 0 the trip is will be turned off, = 1 a low level, and
= 2 a high level.
If (51) = 1, the software will actuate the trip when the reactor percent power has fallen below the trip setpoint and it will de actuate the tri; when it has risen above 1.05 * (41).
1 If (51) = 2, the software will actuate the trip i when the reactor percent power has risen above the trip setpoint and it will de-actuate the trip when it has fallen below 0.95 * (41).
R4.410 43 Percent Power Rate of Change Trip Setpoint This trip setpoint will determine the reactor period level at which the software will actuate the Rate of Change Trip. The sof tware will actuate the trip when the reactor period has fallen below the trip setroint and it will de-actuate the trip when it has risn above 1.05 * (43).
R4.420 50 NM-1000 Operation Mode The operation mode data base item will provide a method of causing the software to perform special i
processing not associated with its norma!
l operation. Specifically the NM-1000 sof tware will recognize the following operation modes :
1 1
0 = Normal l
As it implies, the sof tware will operate norma).ly.
T G
w 8
.u b
h 1.
A 13
".E 1
o:
1
+
.j Modes 6 and 7 will not be entered-from the front j panel. These -modes will only be entered via : a ;
command sent from the TRIGA Console. These modes,I will cause.the NM-1000 to-inhibit trip actuation '
momentarily while the TRIGA reactor is pulsed or a square wave input is generated.
<P-6: Square Wave 7: Pulse l
R4.430' 51 Floating Level Trip Mode The data base item will control the operation of.
the-floating trip. It will take on three values.
0: Trip off.
1: Percent power low level trip 2: Percent power high Icvel trip.
'R4.440 52 Multi-Linear Mode 0: Auto 1: Manual R4.450 53 Locked Exponent i:
When (52) = 1 this value is-the fixed percent power exponent value'to be used when scaling the mantissa and exponent for DAC output.
o
'R4.460'-
54 Period Dac Full Scale.
p I
This data base item will control the scaling of.
the period (rate of change) DAC. It will take on one of three values :
a 0=
3 Second 1s 8 bit DAC output will be realed linearly with 0 : -0.868 and 255 : r8 685 7
1=
10 Second 8 bit DAC output will be scaled linearly with 0 : -0.261 and 255 : +2.605 2=
30 Second l
8 bit DAC output will be scaled linearly 14 1
c-.-
_.t t.
(;, ;
s...
with 0 = -0.087 and 255 : +0.868 r
r,I
~ R4. '4 70 -
57 Memory Address L
This data' base item will be intended to be used, by. sof tware. development personnel to enter a memory location to be displayed on the. Loca1L '
Console via (58). A memory address from 0 - 65.533-will be entered.
m T
R4.480 58-Memory Value i
V h-This data base item will contain tho' value stored J at the memory location specified in (57) above.
n
\\
P R4.490 59 NM-1000 Firmware Version' Number Display data base item that'will contain an tedt string containing the software version number.
1 R4.560 60 Error Stack When the software det.ects either a data entry'or'I
(
operational error, an error code will be pushed-on an internal error stack. This stack.will contain the nine most recently detected: errors.
Data base Items 60 through 68 will allow the error t
stack to be viewed.
15
un, A.
g g-
.2a a
G 5
e 4,3 1
j
....... _ ~ _....... _........ -.
.7 l
4: -
~
l
.:,..+,.~*
+
l 1
l l
l I
l l
1 l
l l
l l
l l
l l
16 l
l
O e
~
~.
. a 4..
1 1>
l 17
.~,.
C L.
s
......,.y l
l w
.w g
l 4.4.2 Percent Power Calculation Every the NM-1000 sof tware will be responsible for updating t e current en or Percent Power. The software will calculate reactor power based upon the current counter that has been selected for the power range as follows :
R4.570 1)
R4.580 2)
N Por both operating modes, the NM-1000 will check to make sure that the when the subtractions are made in the above equations that the results are always positive. If the subtractions result in a negative value, then the count rate has fallen below the entered background noise and errors SOERR or COERR wil,1 be entered on the error stack (60).
4.4.3 Reactor Period Calculation the NM-1000 will calculate the rate of change
,in reactor percent power in terms of reactor period ((12), (13)). The Reactor Period calculation sof tware will be responsible for performing the following calculation :
R4.590 Reactor Period ((12), (13))
26.05767 /
=
((log (PO) - log (P1) 18
O u
--i Where' PO = Current reactor percent power-P1 = Reactor percent power The denominator in the above equation is the rate of chan e in' terms' of decades er minute.
It is possible that the denominator.could be zero in which case the period will be considered - infinite-- and-be assigned the'. value-
-+100.00.
In all cases, the - reactor period will be limited to the range 100.00 to +100.00 seconds, t
e h
19
My i
t.
4.5 NM-1000 Hardware outputs The NM-1000 software is responsiblo for controlling both digital and
~
analec outputs.- The following two-sections specify the functional-requirements for the digital and analog outputs.
-4.5.1 Digital Alarm Outputs The NM-1000 software will be responsible for supporting ~three percent power level trip digital outputs - high, low, and floating (either-high p t
or low) along with one percent power rate of change trip.- Additionally it will be respon.sible,for updating the status of the two I hts (A1, & A2) attached to the NM-1000 Local Display. Every
'the software will determine the status of these digi 1 outputs an actuate the attached relays accordingly.
R4.600 The Low Level Percent Power digital output will be actuated when the reactor percent power (10) has fallen below the low level trip setpoint (40) and it will de-actuate the trip when it has exceeded 1.05 * (40).
R4.610 The High Level Percent Power digital output will be actuatod when the -
reactor percent power has risen above the high level trip setpoint (41).-
and it will de-actuate the trip when it has fallen below 0.95 * (41) and at least 10 seconds have expired since the softwsre first detected the trip and actuated the digital output.
R4.620 The Floating Level Percent Power Trip Setpoint will be used as either-a high or low level percent power trip. Data base item (51) will be used -
to control the type of trip. If (51) = 0 the trip will be (not actuated under all operating conditions), = 1 the Floating Trip will operate as a t
~
low reactor-percent power trip, and if = 2 it will operate as a high '
reactor percent power trip.
If,(51) = 1, the software will actuate.the trip when the reactor percent power has fallen below (42) and it will de-actuate the trip
-when-it has risen above 1.05 * (41).
If (51) = 2, the software will actuate the trip when the reactor percent power has risen above the trip setpoint and it will de-
~
actuate the trip when it has fallen below 0.95 * (41).
R4.630 The Percent Power Rate of Change Trip will actuate the trip when the reactor period (12) has fallen below the trip setpoint (43) and it will de-actuate the trip when it has risen above 1.05 * (43)
'R4.640 The "Al" light'will be turned on whenever an error code is on the NM-1000 error stack and turned off when the error stack is empty.
R4.650 The "A2" light will be turned on rate of change, high percent power, or loss of high voltage is detected.
20
h i,
?
LJ +
)
1 i
4.5.2 Analog Outputs 1
?
The NM-1000 supports six 8 bit analog outputs and is responsible.for l-updating their value every The six analog outputs' defined as follows :
i 1)
DAC #1 -
Log (adjusted counts /second)
R Scaled from Low
=
0.0 High
=
5.0 R4.670 2)
DAC #2 -
Log (Reactor Percent' Power) : Log (('.0))
L Scaled from Low
=
Log (2.0E-8) :-7.69897' High Log (2.0E+2) = 2.30103
=
R4.680 3)
DAC #4 -
Reactor Percent power-(10).
i Scaled from Low
=
0 High
=
120 R4,690 4)
DAC #5 -
Mantissa (linear power) (18)
Scaled from Low
=
0 High
=
10 R4.700 5)-
DAC #6 -
Exponent (linear power) (19)
Scaled from Low-
=
E-8 High
=
E+2
~
R4.710-6)
DAC #3 -
Reactor period (12)
This analog output is controlled by the value of data base item (54).
If ((54) = 0)
Scaled from Low
=
.868 High
=
8.685 If ((54) = 1)
Scaled from Low
=
261 High
=
2.605 If ((54) = 2)
Scaled from Low
=
.0868 High
=
0.868 21
4.6 Battery Backed-up Constant Storage R4.720 To allow the NM-1000 to have constants that can be modified from tho.
front pane 1~and retain their value during a loss of power to the NM-1000 the NM-1000 hardware design will allow for a specified area.of RAM memory to be battery backed-up.
This will allow certain data, usually entered-from the front panel, to not have to be re-entered af ter a loss of. power. ;
Specifically, the following values will be stored in Battery backed up RAM.
It_cm Number Description e
21 25 29
' Crossover Setpoint.
31 33 35_
39 40
.Lo'w Level Percent Power Trip Setpoint 41' High Level Percent Power Trip Setpoint 42 Floating Level Percent Power Trip Setpoint 43 Percent Power Rate of Change Trip Setpoint H
51 Ploating Level Trip Mode L
54 Period Dac Full Scale L
l l-22
~S.
-l 5
-4.7-
.NM-1000 Startup and Operating System' The NM-1000 sof tware will be composed of multiple modules that execute under the control of master scheduler or operating system. This sof tware will be responsible for controlling the execution of the sof tware modules i
~
and initializing the peripheral hardware. Specifically it will' be l
. responsible for starting up the system. and initializing the NM-1000 i hardware as follows :
)
R4.730 1)
Zero filling RAM J
All MM-1000 applications ' RAM will be zero filled when the system is initialized. This will allow applications software:,
to be assured that mernory has been erased and that the data.!
area has been initialized to a known state.
3 R4.740 2)
Initializing the The. UART responsible for. communicating with the Wa will be initialized and programed to commun2cate er baud rate, stop bits, and parity.
I' R4.750 3)
Initializing the Local Display UART The UART responsible for communicating with the Local Display-will be initialized and programed to communicate at the proper l'
baud rate, stop bits, and parity, l-L R4.760 4)
Initializing the Remote Computer UART The UART responsible for communicating with the Remote.
Computer will be initialized and programed to communicate at L
the proper baud rate, stop bits, and parity.
R4.770-5)
Initia11 zing the Interrupt Handlers All cormnunications with external devices will be done via interrupts. All Interrupt Handlers will be initialized to process communication transmit and receive interrupts.
R4.780 6)
Initializing the
'R4.790 7)
Initialize Battery Backed RAM The Battery backed-up RAM checksum will be calculated and l
compared with the value stored in battery backed-up RAM. Also, the program version stored in Battery backed-up RAM will be L
compared with the current program version. If both values 23 E
6 fe(
y.
m l.
.r-i match, then it will' be assumed that non-volatile RAM has -
remained intact and battery backed up RAM will not. be ',
initialized. If either of these values do not match, then the 33 memory will be initialized to their default values.
R4'.800 8)
Clearing the Local Display Appropriate consnands will be sent to the Local Display to I initialize and clear the device.
Upon successful hardware initialization the startup task will be responsible for controlling the execution of the NM-1000 applications and diagnostics software.
4.8 Background Self-Test The NM-1000 will be capable of performing a series of background self,
test and diagnostics while performing its power monitoring function. Thes,e !
diagnostics will test the integrity of the NM-1000 hardware and where possible report the detected error to the user via the error stack for viewing on the Local Console. Specifically the NM-1000 will have self-test.
diagnostics to check R4.810 1)
EPROM
[
Executable instructions and data contained in the'EPROM's containing the NM-1000 software will be tested for validity.
+
When the'EPROM's are originally made a checksum (addition of,
all memory. locations) will be placed at a specific location-i in memory. When processor time becomes available, the NM-1000 :
software will calculate the EPROM checksum and compare it with "
the value stored in memory. If they do not match, an error will be reported by the diagnostic self-test software.
l R4.820~
2)
RAM N
RAM locations used to store the NM-1000's data will be checked i to insure that the memory locations are working properly. When processor time becomes available, the NM-1000 will write i a rotating pattern to memory and read it back to insure that the pattern read matches the pattern written. If the values do not match, then the memory location cannot be counted ' upon to accurately store data and an error will be reported to the diagnostic self-test software.
R4.830 3)
Battery Backed up RAM D
Battery Backed up RAM is used to store constant data that is to be retained during loss of power. When Battery backed-up RAM is updated, a checksum will be calculated in stored at a specific location memory along with the sof tware version that calculated the checksum. The diagnostic software will check l
24 L
L
to insure that the current calculated checksum of battery l backed up RAM matches the checksum stored in memory. It wil' i also check to see that the firmware version stored in batter; !
I backed up RAM matches the one currently running in the machine. This second check will be done to insure that EPRCX i
memory boards have not been changed and a new firmware version loaded into the machine. If either the checksum or the l
firmware versions do not match an error will be reported te l the diagnostic self-test software.
4.9 Error Detection I
The NM-1000 will be capable of detecting 24 error conditions. Some of I them will be detected by the self-test diagnostics and others will be detected during normal operations. When an error is detected, the error will be posted on the error stack and the A! light actuated. This section provides a more detailed description of the detected error Error Gdg Descrintion R4.850 CXFAIL Failure, no input to NM-1000 from assembi. No in ut message packets are eing rece2ve com the.
and communications has been lost.
~ ' '
R4.860 CXSYN The NM-1000 sof tware unable to establish conununication with the M R4.870 CXBUSY busy error. When the NM-1000 so tware atte te to send its control byte to the the UART was busy.
R4.880 CXCBE R4.890 CXCOMM R4.900 CX-15V r supply a us e
R4.910 CX+15v
+15V power supply failure. The
+15 volt power supply has failed in the 25
' ~
er supply status byt<
R4.920 CXHIV high failure. The higt vo tage as at e in the as er supply status yte in t R4.930 MI-15V Microprocessor Assembly -15V failure. The -15 volt power supply has failed in the NM-1000.
R4.940 MI+15V Microprocessor Assembly +15V failure. The +15 volt power supply has failed in the NM-1000.
RA.950 SDX0VR R4.960 SOERR R4.970 COERR R4.980 BADRAM Bad RAM error. The internal RAM diagnostic has detected one or more bad memory locations. Data that was road from a memory location did not match the value that was written to it.
R4.990 BADROM Bad ROM error. The internal ROM diagnostic has detected that computed checksum of the EPROM memory containing the software instructions does not match the checksum stored in the EPROMS. This error will indicate a f ailure in the EPROM memory devices.
R4.1000 halt light Interrupt overrun / watch-dog timer trip.
R4.1010 BADRAM Battery backed up RAM failure.
26
F c-
+
n g
s.-
)
j
.+,
4.16 Watchdog Timer 1
R4.1920 The Watchdog Timer is a hardware circuit that isusedtoinsurethat) f the NM-1966 sof tware is. executing properly. It will be the software's{
responsibility to reset the watchadog timer circuit frequently enough'to j preventing it from terminating the program execution. The NM-1000 is toi e
!J reset the watchdog timer only af ter it has made sure that key parts of j the software are executing properly.
When the watchdog - timer is timed j out, a halt light will turn on.
The higl level output will go to a l tripped condtion.
e
[
l i
i h
i i
h i
t P'
r f
27
w-.
,a g
4 5.0 1
28
~.
1000 Software timing diagram is a time line of a t>T cal E i
time interval beginning at system reset. It is composed of 13 ame 2nes representing the execution status of the 13 ma.ior NM-1000 j
software compenents. For an individual software component, when the time B
line is low the component will be in an idle state and is not executing.
When the time line goes high the software component will be executing and performing its function. The 13 sof tware components r.ctivity during its execution are described as follows :
1 2) l 3)
Digital Smoothing Amplifier inputs will be digitally smoothed to arrive at a g
current amplifier count rate and stored for use by subsequent
)
calculations.
)
4)
Percent Power Calculation Amplifier input counts will be used to calculate the current reactor power ((10), (11)).
5)
Period Calculation Reactor power will be used to calculato current period ((12),
(13)).
6)
DAC Outputs Update DAC output values will be calculated and output to the NM-1000 DAC output hardware.
7)
Digital Outputs Update Digital output statuses will be calculated and output to the NM-1000 digital outputs.
29
- 4 l
)
8)
Local Display Transmit i
Every the Local Display message will be !
formatted and the rst character will be output to tho i device. Subsequent character output will occur via device !
interrupts, f
9)
Remote Computer Transmit Every theRemoteComputermessagewillbel formatted and the first character will be output to the !
device. Subsequent character output will occur via device,
interrupts.
10)
Diagnostic Self-Test The NM-1960 Diagnostic Self-test will be performed.
t 11)
Watchdog-Timer Roset i
The sof tware will check to see that the sof tware components l are executing properly. If they are, watchdog timer will be reset.
12)
Local Terminal Receive Input key depressions on the local terminal can occur at any i
time and they will be received via interrupts and buffered -
for subsequent processing.
13)
Remote Computer Receive Remote Computer message characters can be received at any t3me and they will be received via interrupts and buffered for I
subsequent processing.
6.6 Processor / Memory Utilization & Expendability R6.010 The design of the NM-1000 software will be such that it provides a reasonable amount of additional software capabilities at a future date.
Specifically the hardware will provide the capability to add additional EPROM, RAM, and battery backed-up RAM via additional memory boards. The software will be written in a modular fashion using a mix of higher level and assembly languages in a manner consistent with good design principles.
The software will be able to perform its specified functions within the specified time res'.rictions.
i 30
E O.
i o
)
7.9 Functional Area / Functional Requirement Cross Reference j
l 1
7.1 Local Display
)
Itam Eta i a 1 Descriction
-1 2.020 3.1.(3)
This keyboard will be capable of entering constant data and will display data base items and optionally refresh their output on a periodic basis.
-2 4.050 3.1.(1)
Program the UART to communicate with the Local Display.
-3 4.060 3.1.(3)
Use a
consistent operator interaction for both displaying and entering data on the device.
-4 4.070 3.1.(4)
Detecting invalid key entries.
-5 4.080 3.1.(5)
Display numeric values in fixed point, scientific notation.
-6 4.090 3.1.(5) on certain specific data base items. refresh the displayed value approx. every 2.5 seconds.
-7 4.100 3.1.(4)
Be capable of allowing the modification of some displayed fleids while not allowing it for other fields.
-8 4.750 3.1.(1)
Initialize the Local Display UART at startup.
-9
,4.770 3.1.(2)
Initialize the Interrupt Handlers.
-10 4.800 3.1.(1)
Clear the Local Display at startup.
31
_._...m._
l l
l 7.2 Item Er_q 1 AIE 1 Descrintion
-1 2.010 3.1.(5)
-2 2.080 3.1.(5) s l.!'.{!$
l
-4 4.020 3.1.(2)
-5 4.030 3.1.(6)
Processing received
-6 4.040 ****
Detecting and reporting consnunications errors.
l j
-7 4.740 3.1.(2)
-8 4.770 3.1.(2)
Initializing the Interrupt Handlers at startup.
l t
32
7.3 11.tm P_ta 'l M !! Pfscription
-1 4.170 3.2 (3)
(10) (11) = (22) * (25).
$2.(
~
-3 4.240 3.2.(3)
-4 4.250 3.2.(5)
-5 4.260 3.2.(5)
(22)
. ( 4 ')
. g
- 4. =
-8 4.290 3.2.(1)
(29) Crossover Setpoint. Please see (28), above.
-9 4.510 3.2.(2)
-10 4.530 3.2 (2)
If (Item 28 > Item 29) and (Item 38 < Item 39) and (14)
= 0 an error is detected.
-12 4.560 3.2.(7)
-13 4.570 3.2.(4)
-14 4.660 3.2.(3)
DAC IA1 -
Log (adjusted counts /second) 3.2.(4)
Scaled from Low =
0.0 High =
5.0 1
33 i
- p. ; _
. 'g
- i.
y!,m 3
.s l
p, I
ry.
.=
N.
\\ ' -
ikb t 9 :.
s.
W, i
- -15 14.959 3.2.(2).
SDX0VR error is detected if '-(Item 28 ~ > Item 29) and'i (Item 38 (' Item 39). (14)
- 1 if.this error is, detected.
- 4.969 3.2.(6)
SOERR error is detected if (29)- L(21) < 0.
p H--
]Inp p
't v
~;
a 7
f 4
4 c
'w l
-r j$ i '
i.
h,. [i ' J,
. v; t
. I h
-)
l-s
.t c, -
.)
f 1
?
4
-t
.s
-n.
.f
- s. v
'i a) 6
.l s
=
3 i
i
'i 1
~$
o
.h y
?
iu i
+
?
r t
34 o:
1 I.!. r l-1 l y.:
bc ;., l
.w -- :.,.. - - - - - - - -.. -... - - - - - -
--L-----:------
~ _........
O e
7.4 Item F>ta 1 AIP.1 Drserietion
-1 4.170 3.3.(4)
-2 4.300 3.3.(1)
-3 4.310 3.3.(2)
-4 4.320 3.3.(2)
-5 4.330 3.3.(3)
-6 4.340 3.3.(3) 3.'
)
i
-8 4.360 3.3.(3) 3.3.(6)
-9 4.370 3.1.(6)
)
~ 'Of~7
-10 4.520 3.1.(8)
-11 4.550 3.1.(6)
-12 4.580 3.3.(5) 1_._
-13 4.665 3.3.(9)
DAC #2 output will use log (35) and scale from 0.00 to 5.0.
-14 4.970 3.3.(7)
COERR error is detected if (30) - (31) < 0.
35
t
- .c 3
7.5 Reactor Power - Both Channels It.tm Rea l AR 1 Description
-1 2.060 3.3.(9)
Converting amplifier input values to reactor percent power.
The reactor power calculation must account for the natural distribution of detector count rate for a given power level.
i
-2 4.670 3.3.(9)
DAC #2 - Log (Reactor Percent Power) : Log ((10))
Scaled from Low :
Log (2.0E-8) :-7.69897 High :
Log (2.0E+2) = 2.30103 t
-3 4.680 3.3.(9)
DAC #4 - Reactor Percent power (10)
Scaled from' Low 0
High :
120 f
i I
i 1
1 l
l l
l l
l 36
...i 7.6 Reactor Period - Both Channels J.Lem Ren 1 ATI.1 Description
-1 2.070 3.4.(3)
Calculating current rate of change of reactor power in terms of reactor period.
-2 4.180 3.4.(2)
Infinite period (no change of reactor power) is considered
+-100.00.
-3 4.590 3.4.(3)
(12),(13)
= 26.05767 /
((log (PO) - log (P1)) E Where PO Current reactor percent ower P1 : React cent power ago
-4 4.710 3.4.(3)
DAC #3 - Reactor period (12) s output is controlled by the value of data base item (54).
3.4.(3)
If ((54) = 0)
Scaled from Low
.868 High =
8.685 3.4.(4)
If ((54) = 1)
Scaled from Low :
.261 High =
2.605 l
3.4.(5)
If ((54) = 2) i Scaled from Low =
.0868 High :
0.868 l
-5 4.460 3.4.(3)
(54) = 0, 3 second period
= 1, 10 second period 2, 30 second period 37
7.7 Remote Computer 11.3m Rt1 !!
ATP ?.
Deseriorion
-1 2.030 3.5 (1) conmuunicate with a remote computer. Remote 3.5.(2) computer can inquire about the status of internal NM-1000 data base items and control its operation.
-2 4.140 3.5 (1)
Consuunicate with the remote computer at 9600 baud, 8 data bits, 6 stop bits and no parity.
s
-3 4.150 3.5.(2)
Receive data base inquiry messages and send responses.
-4 4.160 3.5.(3)
When requested, sendir.g a message every to the remote computer containing te o owing information.
1)
Current reactor power in ASCII format.
2)
Current reactor period in ASCII format.
3)
Current status of the high, low, float, and rate of change digital outputs.
4)
Communications message checksum to insure data validity.
-5 4.210 3.5.(3)
(17)
- See 4.160 above.
-6 4.760 3.5.(1)
Initialize the Remote Computer UART at startup.
-7 4.770 3.5.(2)
Initialize the remote computer UART interrupt handlers at startup.
38
h ', =,
p 7.8 Digital outputs - General 11.tm Eta i gi Descriotion
-1 2.040 3.6 Controlling the actuation of multiple digital outputs.
-2 4.200 3.6 (15) =
Contains some combination of the characters H (high percent power), L (low percent power), P (floating trip), and R (rate of change) to indicate the presence of the trip status.
7.8.1 Digital Outputs - High Alarm 11em Ana i Mi Descrintion
-1 3.010 3.6(1)
Actuate the high level trip within 20 milliseconds of.a detectable high level percent power alarm.
-2 4.390 3.6.(2)
If (le) > (41), actuate the trip. Latch the trip for 10 seconds and de-actuate it when (10) has fallen below 0.95
- (41).
-3 4.610 3.6.(2)
Same as 4.390 above.
-4 4.650 3.6.(1)
Turn on the "A2" when high level trip is detected.
7.8.2 Digital Outputs - Low Alam 11.em Rea i a1 Descriotion
-1 3.020 3.6.(3)
Actuate the low level percent power trip within 1 second of detectable low alarm.
-2 4.380 3.6.(4)
If (10) < (40), actuate the trip. De-actuate the trip when (10) > 1.05 * (40).
-3 4.600 3.6.(4)
Same as 4.380 above.
7.8.3 Digital outputa - Rate Alam lita Reg i mi Description
-1 3.030 3.6.(2)
Actuate the rate trip within 1 second of detectable alarm.
-2 4.410 3.6.(3)
If (12) < (43), actuate the trip. De actuate the trip l when 1.05 * (12) > (43).
-3 4.630 3.6.(3)
Same as 4.410 above.
(
-4 4.650 Turn on the "A2" when high level trip is detected.
39
E l
i
=*.
I i
l 7.8.4 Digital outputs - Float Alarm i
1(g3 Rgg i ATE 1 -
Description
-1 3.040 3.6.(1)
Actuating the floating percent power trip.
-2 4.400 3.6.(6)
If (51) = 0, the trip is not actuated under any power I level.
3.6.(7)
If (51) = 1, If (16) < (42) actuate the trip. De-actuate the trip when 1.05 * (19) > (42).
j 3.6.(2)
If (51) = 2, If (16) > (42) actuate the trip. De-actuate the tri.p when 1.05 * (le) < (42).
-3 4.430 3.6.(1)
(51)
= 0. Ploating Trip off.
thru
= 1. Percent power low level trip 3.6.(7)
= 2. Percent power high level trip.
-4 4.620 Same as 4.438.
7.9 Anales Outputs ltta Egg i ATE 1 Deserlotion
-1 4.220 3.7.(1)
(18) Mantissa of current linear power.
-2 4.230 3.7.(1)
(19) Exponent of current linear power.
-3 4.440 3.7.(1)
(52) Multi-Linear Mode 3.7.(3) 9 = Auto 1 = Manual
-4 4.450 3.7.(3)
(53) Locked Exponent When (52) = 1 this value is the fixed percent power exponent value to be used when scaling the mantissa and exponent for DAC output.
-5.
4.690 3.7.(2)
DAC #5 - Mantissa (linear power) (18)
Scaled from Low =
0 High =
le
-6 4.700 3.7.(2)
DAC #6 - Exponent (linear power) (19)
Scaled from Low =
E-8 High =
E+2 40
7 k
r.
7.19 Battery Backed up RAM ILtm Rea i mi Deserlotion
-1 2.099 3.8.(1)
Store operator entered data values in non-volatile RAM to allow the constant values to be retained in the event i
of loss of power to the NM-1996.
-2 4.720 3.8.(1)
The following data base items are stored in Battery backed up RAM.
21, 25, 29, 31, 33, 35, 39, 40, 41, 42, 43, 51, 54
-3 4.799 3.8.(2)
Initialize Battery Backed RAM at startup if checksum /
firnware version change.
7.11 Diagnostics / Error Detection Itta lta i mi Descrietion
-1 2.100 3.9 Self-test of hardware components and the reporting of their status.
-2 4.110 3.9.(1)
Providing a method of clearing the internal NM-1996 error stack. The local display will be capable of viewing and clearing the NM-1968 error stack.
-3 4.120 3.9.(1)
Upon the detection of an error posted on the internal error stack the "Al" light is turned on. When the error stack has been viewed and cleared, the light is turned off.
-4 4.130 3.9 (1)
Upon detection of a rate of change trip, high percent power trip, or loss of high voltage the "A2" light is turned on and remain on until the condition no longer exists.
-5 4.500 3.9.(1)
When the software detects either a data entry or operational error, an error code is pushed on an internal error stack. Data base Items 68 through 68 allow the error stack to be viewed.
-6 4.640 3.9.(2)
The "Al" light is turned on whenever an error code is on !
the NM-1999 error stack and turned off when the error stack is empty.
-7 4.810 3.9.(3)
EPROM background diagnostic.
41
4 s
I
-8 4.820 3.9.(4)
RAM background diagnostic.
l
-9 4.830 3.9.(5)
Battery Backed up RAM background diagnostic.
-10 4.850 3.9.(6) no input to NM-1000
-11 4.860 3.9.(7)
J~
~'r The NM-1000 ei~ ~o es a. '
' ' c.d nic' tion with the so tware l'
U
-12 4.870 3.9.(8)
~ '~i-
^~
l When the NM-1000 !
so tware aR w 'L. _ i- ~ ' on. 1
's~ co rol byte to the !
-13 4.880 3.9.(9) control byte error. The oc receive a control byte
-14 4.890 3.9.(10) l
-15 4.900 3.9.(11) CX-15V,
-15V power supply failure.
-16 4.910 3.9.(12) CX+15V,
+15V power supply failure.
1
-17 4.920 3.9.(13) CXHIV, high voltage failure.
-18 4.930 3.9.(14) MI-15V, Microprocessor Assembly -15V failure.
l
-19 4.940 3.9.(15) MI+15V, Microprocessor Assembly +15V failure.
-20 4.980 3.9.(4)
BADRAM, Bad RAM error.
-21 4.990 3.9.(3)
BADROM, Bad ROM error.
l
-22 4.1010 3.9.(5)
BADRAM, Battery backed up RAM failure.
42
h l
(I
- i
)
J
[.-
j 7.12 Watchdog Timor I
t
. }
ltag ] Lag i gi Descriotion j
-1 2.119 3.18.(1) Monitor its own software execution and not allow the NM-l l
1999 to continue performing its safety function if the !
software modules are not executing properly.
i
-2 4.199 3.19.(1) WDOG error Interrupt overrun / watch-dos timer trip.
-3 4.1929 3.1.(2)
Watchdog Timer reset if software is executing properly.
7.13 Debus / Internal 11.ta Esa i mi Descriotlen l
+
-1 4.479 3.11.(2) (57), A memory address from 9 - 65,535 is entored to caus'e a memory location to be displayed.
i
-2 4.489-3.11.(2) (58),.the value stored at the memory location specified in (57) above.
-3 4.499 3.11.(3) (59), NM-1999 Firmware Version Number l
-4 6.919 N/A The design of the NM-1999 software will be such that it ;
provides a reasonable amount of additional software ;
capabilities at a future date, specifically the hardware i will provide the capability to add additional EPROM, RAM, !
and battery backed-up RAM via additional ammary boards, The software will be written in a modular fashion using i
a mix of higher level and assembly languages in a manner ;
consistent with good design principles.
j l
i 43
l t
a 7.14 Misc.
lita Eta i gti Descriotion
-1 2.050 3.7 Control multiple analog outputs l
-2 4.730 3.12.(1) Zero fill RAM at startup.
[
l
-3 4.780 3.12.(2) Initialize the Smoothing Algorithm.
1
-4 4.420 3.6 (50)
NM-1000 Operation Mode The operation mode data base item will provide a method l
of causing the sof tware to perfona special processing not associated with its normal operation. Specifically the NM-1000 software will recognize the following operation modes :
0 Normal l
As it implies, the software will operate normally.
M Modes 6 and 7 will not be entered from the front panel.
These modes will only be entered via a command sent from the TRIGA Console. These modes will cause the NM-1000 to inhibit trip actuation momentarily while the TRIGA reactor is pulsed or a square wave input is generated.
6 = Square Wave 7: Pulse 44
- t 8.9 Requirement Number / Item Cross Reference 2.819 -
7.2-1 4.359 - 7.4-7 2.929 -
7.1-1 4.369 - 7.4-8 2.939 -
7.7-1 4.379 - 7.4-9 2.949 -
7.8-1 4.389 - 7.8.2-2 1.058 -
7.14-1 4.399 - 7.8.1-2 2.969 -
7.5-1 4.499 - 7.8.4-2 2.978 -
7.6-1 4.419 - 7.8.3-2 2.989 -
7.3-2 4.429 - 7.14-4 2.999 -
7.10-1 4.439 - 7.8.4-3 2.199 -
7.11-1 4.449 - 7.9.3 2.118 -
7.12-2 4.459 - 7.9.4 3.019 -
-7.8.1-1 4.469 - 7.6-5 3.929 -
7.8.2-1 4.479 - 7.13-1 3.039 -
7.8.3-1 4.489 - 7.13-2 3.949 -
7.8.4-1 4.499 - 7.13-3 4.019 -
7.2-3,
4.599 - 7.11-5 4.929 -
7.2-4 4.519 - 7.3.9 4.939 -
7.2-5 4.529 - 7.4.19 4.948 -
7.2-6 4.539 - 7.3-19 4.959 -
7.1-2 4.549 - 7.3-11 4.969 -
7.1-3 4.559 - 7.4-11 4.979 -
7.1-4 4.569 - 7.3-12 4.989 -
7.1-5 4.579 - 7.3-13 4.999 -
7.1-6 4.589 - 7.4.12 4.199 -
7.1-7 4.599 - 7.6-3 4.119 -
7.11-2 4.699 - 7.8.2-3 4.129 -
7.11-3 4.619 - 7.8.1-3 4.139 -
7.11-4 4.629 - 7.8.4-4 4.149 -
7.7-2 4.639 - 7.8.3-3 4.159 -
7.7-3 4.649 - 7.11-6 4.169 -
7.7-4 4.659 - 7.8.1-4, 7.8.3-4 4.179 -
7.3-1,7.4-1 4.669 - 7.3-14 4.189 -
7.6-2 4.665 - 7.4-13 4.193 -
7.3-2 4.679 - 7.5.2 4.299 -
7.8-2 4.689 - 7.5-3 4.219 -
7.7-5 4.699 - 7.9-5 4.229 -
7.9-1 4.799 - 7.9-6 4.239 -
7.9-2 4.719 - 7.6-4 4.249 -
7.3-3 4.729 - 7.19-2 4.259 -
7.3-4 4.739 - 7.14-3 4.269 -
7.3-5 4.749 - 7.2-7 4.279 -
7.3-6 4.759 - 7.1-8 4.289 -
7.3-7 4.769 - 7.7-6 4.299 -
7.3-8 4.778 - 7.1-9, 7.2-8, 7.7-7 4.399 -
7.4-2 4.789 - 7.14-3 4.319 -
7.4-3 4.799 - 7.19-3 4.328 -
7.4-4 4.899 - 7.1-19 4.339 -
7.4-5 4.819 - 7.11-7 4.348 -
7.4-6 4.829 - 7.11-8 45
t r
i li
- l
,t :
4 4.839 -
7.11-9' 4.858 -
7.11-19 l
~
4.868 -
7.11-11 4.879 -
7.11-12 4.888 -
7.11-13 4.896 -
7.11-14 4.998 -
7.11-15 4.719 -
7.11-16
[
4.929 -
7.11-17 4.930 -
7.11-18 4.946 -
7.11-19 4.950 -
7.3-15 4.968 -
7.3-16 4.~976 -
7.4-14 4.986 -
7.11-29 4.996 -
7.A1-21 4.1900-7.12-2 4.1919-7.11-22 4.1928-7.12-3 6.018 -
7.13-4 l
1 i
i e
l l
....g\\
~
TRIGA* Reactors i
I l'
I I
l i
i l
I I
I I
I I;
+ CENERAL ATOMICS I P.O. Box 35600
- San Diego, CA 92138 5008 Phone (619)455 4265
- Telex 695065 GENATOM SOG
- Fax (619)455 4169 I
c