ML21286A386
Text
BFN-23 7.16 PROCESS COMPUTER SYSTEM 7.16.1 Safety Objective A process computer is provided for each unit which will supplement procedural requirements for the control of rod worth during control rod manipulations during reactor startup and shutdown. The process computer, also referred to as the Integrated Computer System (ICS), provides various functions to enhance Operations awareness of plant conditions.
7.16.2 Power Generation Objective The power generation objectives of the Process Computer System are to provide a quick and accurate determination of core thermal performance, to improve data reduction, accounting, and logging functions for both the nuclear boiler and balance of plant equipment, and to supplement procedural requirements for control rod manipulation during reactor startup and shutdown.
7.16.3 Safety Design Basis The rod worth minimizer subsystem of the process computer shall provide inputs to the rod block circuitry to supplement and aid in the enforcement of procedural restrictions on control rod manipulation, so that rod worth is limited to the values assumed in plant safety analysis.
7.16.4 Power Generation Design Basis
- 1. The Process Computer System shall be designed to periodically determine the three-dimensional power density distribution for the reactor core and provide printed logs which permit accurate assessment of core thermal performance.
- 2. The Process Computer System shall provide continuous monitoring of the core operating level and appropriate alarms based on established core operating limits to aid the operator in assuring that the core is operating within acceptable limits at all times, including periods of maneuvering.
7.16-1
BFN-23 7.16.5 Description 7.16.5.1 Computer System Components 7.16.5.1.1 Central Processor The process computer (ICS) is a distributed computer system with one central processing computer linked via a local area network to other computers which perform necessary process computer functions. The ICS performs various calculations, makes necessary interpretations, and provides for general input/output (I/O) control and buffered transmission between I/O devices and memory.
7.16.5.1.2 Data Storage Subsystem Each ICS processor has sufficient data storage media and backup capabilities to perform its intended function of program execution and on/off-line data manipulation and storage.
7.16.5.1.3 Peripheral Input/Output Subsystem Peripherals with the ICS include several color graphic terminals (see 7.16.5.1.5),
printers, color copiers, and digital display units distributed among the main control room, TSC, computer room, and some areas outside the power block.
7.16.5.1.4 Process Input/Output Subsystem For the central processing computer, the process I/O hardware consists of high-speed scanning multiplexers capable of scanning and time-tagging input readings. A high precision clock is connected to those multiplexers with "sequence of event" digital inputs providing several millisecond (msec) resolution for these time critical points. Any point connected to the I/O multiplexers is capable of being scanned from every 100 msec to every 60 seconds selectable through software settings. These same multiplexers provide digital outputs to operate alarms, etc.
For the RWM, dedicated digital multiplexers are provided to allow interface to the Reactor Manual Control System.
The ICS inputs are composed of various nuclear system instrumentation to provide status and monitoring of core performance, operations status, and rod worth minimizer function. Other inputs are composed of instrumentation related to steam plant performance monitoring and other monitoring functions.
7.16-2
BFN-23 7.16.5.1.5 Operator Consoles The main control room is provided with several color graphic terminals which graphically display information about the status of the plant and its various systems.
Most terminals are provided with a standard typewriter keyboard, multiple dedicated function keys, and a touch sensitive faceplate on the CRT monitor. Functions can be accessed by touch screen and/or keyboard use.
7.16.5.1.6 Programming and Maintenance Console The programming and maintenance consoles, located in the computer room, permit control of the computers for troubleshooting and maintenance functions.
7.16.5.2 Reactor Core Performance Function 7.16.5.2.1 Power Distribution Evaluation The local power density of every six-inch segment for every fuel assembly is calculated, using plant inputs of pressure, temperature, flow, Local Power Range Monitor (LPRM) levels, control rod positions, and the calculated fuel exposure. Total core thermal power is calculated from a reactor heat balance. A three dimension diffusion theory based core model is used to establish a compatible relationship between the core coolant flow and core power distribution. The results are subsequently interpreted as local power at specified axial segments for each fuel bundle in the core.
The core evaluation analytical sequence is completed periodically and on demand, requiring several minutes to execute. Subsequent to executing the program the computer prints a periodic log for record purposes.
7.16.5.2.2 LPRM Calibration Flux level and position data from the Traversing Incore Probe (TIP) equipment are read into the computer. The computer evaluates the data and determines gain adjustment factors by which the LPRM amplifier gains can be altered to compensate for exposure-induced sensitivity loss. The gain adjustment factor computations indicate to the operator when such a calibration procedure is necessary.
7.16.5.2.3 Fuel Exposure Using the power distribution data, distribution of fuel exposure increments from the time of a previous power distribution calculation is determined and is used to update the distribution of cumulative fuel exposure. Each fuel bundle is identified by batch and location, and its exposure is stored for each of the axial segments used in the 7.16-3
BFN-23 power distribution calculation. These data are printed out on demand by the operator.
7.16.5.3 Rod Worth Minimizer Function The rod worth minimizer (RWM) function assists and supplements the operator with an effective backup control rod monitoring routine that enforces adherence to established startup, shutdown, and low power level control rod procedures. The computer prevents the operator from establishing control rod patterns that are not consistent with both defined Bank Position Withdraw Sequence (BPWS) sequencing constraints and corresponding prestored RWM sequences. Sequencing errors shall initiate appropriate rod select block, rod withdrawal block, and rod insert block interlock signals to the Reactor Manual Control Systems rod block circuitry. The RWM sequences stored in the computer memory are based on control rod withdrawal procedures designed to limit (and thereby minimize) individual control rod worths to acceptable levels as determined by the design basis rod drop accident.
The RWM function does not interfere with normal reactor operation, and in the event of a failure does not itself cause rod patterns to be established which would violate the above objective. The RWM function may be bypassed and its rod block function disabled only by specific procedural control initiated by the operator.
A small color graphic monitor is mounted on a panel in the control room to provide primary man-machine interface to the operators. The terminal has a touch sensitive screen. A small strip of buttons for hardwired indicators and system controls is mounted under the monitor.
7.16.5.3.1 RWM Inputs The following operator and sensor inputs are utilized by the RWM:
- a. Rod Test Sequence (touch area activated)
By selecting this input option, the operator is permitted to withdraw and reinsert any one control rod in the core while all other control rods are maintained in the fully inserted position.
- b. Normal/Bypass Mode An administratively controlled switch is provided to permit the operator to apply permissives to RWM rod block functions at any time during plant operation.
- c. System Initialize 7.16-4
BFN-23 This input is initiated by the operator to start or restart the RWM programs and system at any time during plant operation.
- d. Scan/Relatch Forces a full core scan, and relatches to the loaded RWM sequence if the RWM is operable and power is below the low power setpoint (LPSP).
- e. Substitute Control Rod Allows the operators to manually enter control rod positions for rods with defective position indicators.
- f. System Diagnostic Allows checking of rod block annunciators.
- g. Control Rod Selected The RWM recognizes the binary coded identification of the control rod selected by the operator.
- h. Control Rod Position The RWM recognizes the binary coded identification of the control rod position.
- i. Control Rod Drive Selected and Driving The RWM utilizes this input as a logic diagnostic verification of the integrity of the rod select input data.
- j. Control Rod Drift The RWM recognizes a position change of any control rod using the control rod drift indication. This information is used to evaluate requirements for automated full core scan updates and the status for permissible withdrawal or insertion of subsequently selected rods.
7.16-5
BFN-23
- k. Reactor Power Level Feedwater flow and steam flow signals are used to implement two digital inputs to permit program control of the RWM function. These two inputs, the low power setpoint and the low power alarm setpoint, are used to disable the RWM blocking function at power levels above the intended service range of the RWM function.
- l. Permissive Echoes Rod select, rod withdraw, and rod insert permissive echo inputs are utilized by the RWM as a verification "echo" feedback to the system hardware to assure proper response of a RWM output.
- m. Diagnostic Inputs The RWM utilizes selected diagnostic inputs, such as cabinet over temperature and multiplexer on-line status, to verify the integrity and performance of the processor and associated data acquisition hardware.
7.16.5.3.2 RWM Outputs The RWM provides isolated contact outputs to plant instrumentation as follows:
- a. Blocks The RWM is interlocked with the Reactor Manual Control System to permit or inhibit selection, withdrawal, or insertion of a control rod. These actions do not affect any normal instrumentation displays associated with the selection of a control rod.
- b. Scan Mode This RWM output is used to synchronize acquisition of control rod position data during the scan mode.
7.16.5.3.3 RWM Indications The following information is available from both the color graphic monitor display located in the control room and the maintenance console in the computer room:
- a. Sequence selected
- b. Current group 7.16-6
BFN-23
- c. Currently selected rod
- d. Rods in group by ID
- e. Rod positions
- f. Insert limit
- g. Withdraw limit
- h. Insert error(s) by rod ID
- i. Withdraw error by rod ID
- j. Insert block
- k. Withdraw block
- l. Rod select warning
- m. Rods with substituted positions
- n. Status of sequence control
- o. View sequence forward/backward
- p. Emergency insert list Note: The electronic emergency insert list is not currently used. The emergency insert list is implemented by approved site procedures.
7.16.5.4 Alarm and Logging Functions 7.16.5.4.1 Analog Alarm
- a. The following alarm checks are available for any analog input:
- Sensor limit check Prior to engineering unit conversion, the point is checked against its defined transducer range. If found outside this range it is set to a bad quality.
- Reasonability check 7.16-7
BFN-23 The point is compared to its defined engineering range, and is assigned a bad quality if it is outside that range.
- User settable HI/HIHI/LO/LOLO checks For each of six "Modes" any point may have HI,HIHI,LO, and LOLO alarm settings, providing up to 24 different alarm settings per point.
- Alarm by reference to another analog point Any point can be set to alarm if it exceeds another point's value, thus providing variable alarm limits.
- b. All points in alarm will show up on the color graphic alarm display. Printing of alarm/return to normal on the designated printer in the control room can be selected on a point by point basis.
7.16.5.4.2 Digital Alarm All digital points can be set to alarm in either state (on/off, etc.), and will show up on the alarm display. It can be selected whether the point alarm will be printed in the control room.
7.16.5.4.3 Alarm History History of alarms is maintained in the on-line archive. Any change in quality code (i.e., alarm) is automatically entered in the archive.
7.16.5.4.4 Logs The ICS has the ability to produce various logs which can be printed on a periodic basis, upon occurrence of a plant trip or other event, and on operator demand.
7.16.5.5 Balance of Plant Functions Additional balance of plant functions are monitored as required.
7.16.6 Safety Evaluation As described in Chapter 14 ("Plant Safety Analysis" treatment of the control rod drop accident), the maximum rod worth below 10 percent power assumed was 0.025 k.
The rod worth minimizer operates to maintain the maximum rod worth below 0.01 k. At power levels above 10 percent of rated, the maximum rod worth possible was assumed in the control rod drop accident cases; thus no rod worth 7.16-8
BFN-23 control is required above 10 percent of rated power. Should the rod worth minimizer or program be inoperative for any reason, the reactor operator can maintain acceptable rod worth by adhering to preestablished control rod patterns and sequences when below 10 percent of rated power.
7.16.7 Inspection and Testing The Process Computer System is self checking. It performs diagnostic checks to determine the operability of certain portions of the system hardware, and it performs internal programming checks to verify that input signals and selected program computations are either within specific limits or within reasonable bounds.
RWM Technical Specification required testing is provided in Section 3.3.2.1 of the technical specifications. The surveillance procedures include provisions for verification of the proper annunciation of the selection error of at least one out-of-sequence control rod and verification of the RWM rod block function by moving an out-of-sequence control rod during reactor startups and shutdowns.
7.16-9