280 likes | 357 Views
First safety approach of the DHR system of XT-ADS. B. Arien. General purpose. Main objective: identification of the possible failure modes of the DHR system and its weaknesses, its limits Methodological approach: master logic diagram (MLD) method Accidents into consideration:
E N D
General purpose • Main objective: identification of the possible failure modes of the DHR system and its weaknesses, its limits • Methodological approach: master logic diagram (MLD) method • Accidents into consideration: • Loss of heat sink (LOHS) • Loss of flow (LOF) • Combination of LOF and LOHS • Protected and unprotected cases
Main design assumptions • Primary system: • 2 groups pump-HX (2 pumps, 4 HXs) • Emergency electrical supply to pumps • Free convection if total loss of pumps • Secondary system: • 2 independent loops • Emergency electrical supply to pumps • Possibility of natural circulation to be considered • Tertiary system: no design information, supposed to work in natural circulation and is treated as a whole • Vault system (RVACS): no design information, supposed to work in natural circulation mode and treated as a whole
XT-ADS Sketch of the Secondary System and DHR System (Proposal)
MLD procedure For each accident type: • Step 1: identification of the failure modes that initiate the accident • Step 2: development of a MLD for the protected case • Step 3: development of a MLD for the unprotected case
Qi OK unsuccess question ? no yes MLD procedure Symbols: • DHR system fulfills its function (= .false.) • may contribute to DHR system failure (=.true.) • question related to any unresolved problem Accident initiating event Failure in DHR system
LOHS accident HX blockage (primary side) Secondary pump failure Pipe break in SCS Depressurization in SCS HX blockage (secondary side) Tertiary cooling system failure Accompanied by LOF Partial blockage Blockage by debris LOF&LOHS LBE freezing in HX Blockage by debris LOHS: step 1
Failure of core cooling in LOHS conditions Unprotected accident Protected accident Failure of core cooling under protected LOHS conditions Failure of core cooling under unprotected LOHS conditions Accelerator shutdown failure A B
OK OK OK OK OK DHR possible at atm. p in SCS ? yes no DHR possible by free convection in SCS A Q1 Q2 ? unsuccess no yes LOHS: step 2 Failure of core cooling under protected LOHS conditions If total secondary pump failure If single secondary pump failure If pipe break in 1 SCS loop If pipe breaks in whole SCS If depressur. in 1 SCS loop If depressur. in whole SCS If partial HX blockage (water side) If tertiary cooling system unavailable Failure of tertiary cooling system Vault System failure SCS pipe breaks caused by external accident Vault System failure Over- pressure in SCS Safety valve failures Vault System failure Failure of emergency electrical supply to secondary pumps Vault System failure Failure of electrical supply to secondary pumps Failure of SCS pressurization Vault System failure Free convection fails to take place in the secondary system
Failure of core cooling under unprotected LOHS conditions If total secondary pump failure If single secondary pump failure If pipe break in 1 SCS loop If pipe breaks in whole SCS If depressur. in 1 SCS loop If depressur. in whole SCS If partial HX blockage (water side) If tertiary cooling system unavailable Debris formation in SCS Failure of pressurization in 1 SCS loop Failure of SCS pressurization Failure of tertiary cooling system Single secondary pump failure Over- pressure in 1 SCS loop Safety valve failure Single pipe break in SCS Over- pressure in SCS Safety valve failures SCS pipe breaks caused by external accident B Q3 Q3 Nominal power can be removed by free convection in SCS unsuccess Failure of electrical supply to secondary pumps Failure of emergency electrical supply to secondary pumps yes ? Free convection fails to take place in the secondary system no LOHS: step 3
LOF accident HX blockage (primary side) Accidental core bypass Primary pump failure Accompanied by LOF LOF&LOHS LBE freezing in HX Blockage by debris LOF: step 1
Failure of core cooling under LOF conditions Unprotected accident Protected accident Failure of core cooling under protected LOF conditions Failure of core cooling under unprotected LOF conditions Accelerator shutdown failure C D
Failure of core cooling under protected LOF conditions If single primary pump failure If total primary pump failure If accidental core bypass OK OK Core bypass formation DHR possible in free convection mode and with core bypass ? unsuccess no yes Free convection fails to take place C Primary pumps fail to stop Q4 LOF: step 2
Failure of core cooling under unprotected LOF conditions If accidental core bypass If single primary pump failure If total primary pump failure Nominal power can be evacuated when 1 group is operating Nominal power can be evacuated in free convection mode OK OK Failure of electrical supply to primary pumps Failure of emergency electrical supply to primary pumps ? ? yes yes no no Single primary pump failure Core bypass formation D Nominal power can be evacuated in free convection mode and with core bypass Q5 Q6 Q7 unsuccess unsuccess ? unsuccess no yes Free convection fails to take place Primary pumps fail to stop LOF: step 3
LOF&LOHS accident Common cause failure generating LOF and LOHS Independent combinations of LOF and LOHS Dependent combinations of LOF and LOHS HX blockage (primary side) Partial blockage Freezing induced by LOF Blockage by debris LBE freezing in HX LOF&LOHS: step 1
Failure of core cooling under LOF&LOHS conditions Unprotected accident Protected accident Failure of core cooling under protected LOF&LOHS conditions Failure of core cooling under unprotected LOF&LOHS conditions Accelerator shutdown failure E F
Failure of core cooling under protected LOF&LOHS conditions Common cause failure for LOF and LOHS LOHS induced by LOF: HX blockage (primary side) Independent combinations of LOF and LOHS OK Total HX blockage by LBE freezing Partial HX blockage by debris Station black-out Failure of emergency electrical supply DHR possible by total free convection in the primary, secondary and tertiary systems Vault System failure ? DHR possible via VS in ‘degraded’ free convection mode Total primary pump failure Overcooling no yes E Free convection fails to take place in the secondary system ? unsuccess Q9 Q8 no unsuccess yes Failure of electrical supply to primary pumps Failure of emergency electrical supply to primary pumps Vault System failure LOF&LOHS: step 2
Failure of core cooling under unprotected LOF&LOHS conditions Common cause for LOF and LOHS Independent combinations of LOF and LOHS LOHS induced by LOF: HX blockage (primary side) Station black-out Failure of emergency electrical supply Nominal power can be evacuated by total free convection in the primary, secondary and tertiary systems Total HX blockage by LBE freezing Partial HX blockage by debris Q10 Debris formation in primary system ? Total primary pump failure Overcooling unsuccess no yes F Free convection fails to take place in the secondary system Failure of electrical supply to primary pumps Failure of emergency electrical supply to primary pumps LOF&LOHS: step 3
Problems to be solved • Q1: is the DHR possible with the SCS working in free convection mode? • Q2: is the DHR possible when the SCS is at atmospheric pressure? • Q3: can the nominal power be evacuated with the SCS working in free convection mode? • Q4: is the DHR possible with the primary system working in free convection mode and with the presence of a core bypass? • Q5: can the nominal power be evacuated when only one pump-HX group is operating in the primary system? • Q6: can the nominal power be evacuated with the primary system working in free convection mode ? • Q7: can the nominal power be evacuated with the primary system working in free convection mode and with the presence of a core bypass? • Q8: is the DHR possible with the primary, secondary and tertiary circuits working in free convection mode? • Q9: is the DHR possible via the VS with the primary system working in free convection mode and with a total blockage of the PHXs? • Q10: can the nominal power be evacuated with the primary, secondary and tertiary circuits working in free convection mode?
Core bypass formation Primary pumps fail to stop and if Q4 true Core bypass formation if Q4 false DHR possible in free convection mode and with core bypass Q4 ? Cut sets for protected LOF Failure of core cooling under protected LOF conditions :
Single primary pump failure Accelerator shutdown failure if Q5 false and Failure of electrical supply to primary pumps Failure of emergency electrical supply to primary pumps Accelerator shutdown failure if Q6 false and and Failure of core cooling under protected LOF conditions : Core bypass formation Primary pumps fail to stop Accelerator shutdown failure if Q7 true and and Core bypass formation Accelerator shutdown failure if Q7 false and Nominal power can be evacuated in free convection mode Q5 Q7 Q6 Nominal power can be evacuated in free convection mode and with core bypass Nominal power can be evacuated when 1 group is operating ? ? ? Cut sets for unprotected LOF
Free convection fails to take place in the secondary system Failure of emergency electrical supply to secondary pumps Vault System failure Failure of electrical supply to secondary pumps if Q1 true and and and Failure of emergency electrical supply to secondary pumps Vault System failure Failure of electrical supply to secondary pumps if Q1 false and and Failure of core cooling under protected LOHS conditions : Overpressure in SCS Safety valve failures Vault System failure SCS pipe breaks caused by external accident Vault System failure DHR possible by free convection in SCS and and and ? Q1 Q2 Failure of tertiary cooling system Vault System failure and DHR possible at atm. p ? Failure of SCS pressurization Vault System failure if Q2 false and Cut sets for protected LOHS
Accelerator shutdown failure Failure of emergency electrical supply to secondary pumps Free convection fails to take place in the secondary system Failure of electrical supply to secondary pumps and and and Single secondary pump failure Accelerator shutdown failure Free convection fails to take place in the secondary system and and Single pipe break in SCS Accelerator shutdown failure and SCS pipe breaks caused by external accident Accelerator shutdown failure and Overpressure in 1 SCS loop Safety valve failure Accelerator shutdown failure and and Failure of core cooling under unprotected LOHS conditions Nominal power can be removed by free convection in SCS : Overpressure in SCS Safety valve failures Accelerator shutdown failure and ? and Failure of SCS pressurization Accelerator shutdown failure and if Q3 true Q3 Depressur. of 1 SCS loop Accelerator shutdown failure and Debris formation in SCS Accelerator shutdown failure and Failure of tertiary cooling system Accelerator shutdown failure and Cut sets for unprotected LOHS (a)
Accelerator shutdown failure Failure of emergency electrical supply to secondary pumps Failure of electrical supply to secondary pumps and and Single secondary pump failure Accelerator shutdown failure and SCS pipe breaks caused by external accident Accelerator shutdown failure and Overpressure in 1 SCS loop Safety valve failure Accelerator shutdown failure and and Failure of core cooling under unprotected LOHS conditions Nominal power can be removed by free convection in SCS Single pipe break in SCS Accelerator shutdown failure : and Overpressure in SCS Safety valve failures Accelerator shutdown failure and ? and Failure of SCS pressurization Accelerator shutdown failure and if Q3 false Q3 Depressur. of 1 SCS loop Accelerator shutdown failure and Debris formation in SCS Accelerator shutdown failure and Failure of tertiary cooling system Accelerator shutdown failure and Cut sets for unprotected LOHS (b)
if Q9 true if Q9 true if Q8 true Station black-out Vault System failure Failure of emergency electrical supply Free convection fails to take place in the secondary system and and and Station black-out Vault System failure Failure of emergency electrical supply if Q8 false and and Failure of electrical supply to primary pumps Failure of emergency electrical supply to primary pumps Vault System failure and and and Overcooling ? DHR possible via VS in ‘degraded’ free convection mode Failure of electrical supply to primary pumps Failure of emergency electrical supply to primary pumps and and Overcooling ? Q9 Q8 Independent combinations of LOF and LOHS DHR possible by total free convection in the primary, secondary and tertiary systems Cut sets for protected LOF&LOHS Failure of core cooling under protected LOF&LOHS conditions :
Station black-out Accelerator shutdown failure Failure of emergency electrical supply Free convection fails to take place in the secondary system if Q10 true and and and Station black-out Accelerator shutdown failure Failure of emergency electrical supply if Q10 false and and Q10 Failure of electrical supply to primary pumps Failure of emergency electrical supply to primary pumps Accelerator shutdown failure ? and and and Overcooling Nominal power can be evacuated by total free convection in the primary, secondary and tertiary systems Independent combinations of LOF and LOHS Accelerator shutdown failure and Accelerator shutdown failure Debris formation in primary system and Cut sets for unprotected LOF&LOHS Failure of core cooling under unprotected LOF&LOHS conditions :
Conclusions and future work • A qualitative analysis was performed: • to provide first indications on the DHR performance • to guide the future work • Some unresolved questions require a quantitative analysis • Design needs to be completed • Choice of the SCS (Ansaldo or SCKCEN) • RELAP (or TRAC) model has to be developed for the simulation of the whole system in most of the transients • CFD model of the primary system has to be developed • Free convection simulation • Calibration of the RELAP model • Reassessment of the DHR system behaviour in accidental situations