MicroprocessorPPT 6

CANDU Owners Group Inc.
Strength Through Cooperation

1

Application of Microprocessor based
Technology

2
Issues Faced by CANDU
Nuclear Plants
In early 80s lack of well designed, reliable control
hardware incorporating complex logic was
experienced by the industry
Incorporation of mathematical functions and logic
needed individual modules and more hardware.
Reliability and cost of implementation was
negatively affected
The technology made it difficult to meet certain
unavailability targets required by safety systems
The cost of implementation and maintenance
increased as the hardware complexity grew.

3
Applications of microprocessor-
based hardware
Several instrument companies introduced
microprocessor based control modules that could
incorporate complex logic and math functions.
The impact of microprocessor based hardware was
not fully assessed by the nuclear industry at the time
However, the potential benefits offered by these new
technology could not be ignored
OPG (then Ontario Hydro) decided to use the new
technology in 1985 for implementation of Incore
LOCA conditioning signal for ECIS modifications in
Pickering A Station

4
Microprocessor-based hardware
in safety related ECIS
The hardware chosen was manufactured by
Fischer & Porter (F&P) Chameleon, model#
50KM2111. This hardware offered an excellent
measurement platform, accuracy, reliability and
functional flexibility
The functional requirements were programmed in
Chameleon using a menu-driven pre-developed
FTRAN language. The implementation was simple
and easily incorporated. The product offered
more flexibility and features than a safety related
application would require.

5
Processor Application in safety
System
In-core LOCA conditioning signal for ECIS
6
Other microprocessor based
Applications in Safety System
Demand for better logic modules led other process
industries (Chemical, paper, mining etc) to use more
microprocessor based systems. The nuclear industry
stayed behind due to unproven technology.
However, demand for enhanced performance
requirements in nuclear safety related applications led to
use of F&P Chameleon microprocessor-based hardware
in safety related applications. Such as
Dump Arrest Logic modification in Pickering A in 1986
P-Trip logic in Bruce A in 1989
These applications were successful and met the reliability
and functional safety targets

7
Software Safety Concerns
In late 80s increased use of microprocessor-
based hardware and computer systems raised
the concern of software QA, particularly in safety
related applications. A number of failures due to
inadequate rigour and software quality were
experienced by the industry. Ontario Hydro
management conducted an assessment of rigour
and quality used in software developed by F&P
for Chameleon applications.
The assessment identified a number of
deficiencies in the hardware platform and
software configuration

8
Software QA Concerns (1)
Atomic Energy Control Board (AECB) was informed
about the findings and the action plans. The findings
were published in Ontario Hydro D&D report # 88107. It
was decided that Ontario Hydro would correct all
deficiencies in 3 safety related applications of
Chameleons in Pickering A and Bruce A Stations. The
following deficiencies were identified:
Design deficiencies:
Lack of failure detection and fail-safe output
Lack of data checking and corrective action
Lack of self checking
Lack of Application Watchdog Timer
9
Lack of Target System Configuration Control
Lack of inhibition of serial communication of data into
the system
Lack of use of custom EPROM
Lack of controlled use of Chameleon front panel
(Human factors issue)
Lack of compliance of system response time to <1.0
sec.
10
Lack of Application Software Development
Guidelines
Lack of development of Software Designers
Handbook containing
Guidelines for High level design
Software design logistics
Coding
Testing
Configuration management
Lack of revision to application software
11
Power House Emergency
Venting (PHEV)
About 1988-1991, Ontario Hydro embarked on the
design and retrofit of Power House Emergency
Venting (PHEV) system for Pickering A & B
Stations to protect the environment of the
Control Rooms upon a steam break. This
system required a very fast action which would
initiate the opening of Power House Emergency
Venting upon a steam break in the Powerhouse.
A design analysis of using relay logic versus
microprocessor-based system was carried out
and it was decided that use of a microprocessor-
based hardware would be necessary to comply
with the safety mission
12
Venting (PHEV)
Pickering Design undertook the responsibility of
developing a technical specification that would
meet the timing requirements of vent opening
and compliance of software QA as found in
D&D report # 88107. In addition software
standards IEC880 and CSA Q396.1.1 was used
to ensure the software quality. An application
watchdog timer was designed so that any
hardware or software related failures are
promptly detected and force the outputs to a
fail-safe mode.
13
Venting (PHEV)
Pickering A & B PHEV used 22 chameleons to
implement the functionalities of the new safety
related system. AECB Staff members
scrutinized the whole process and were
satisfied. To date the system has been
performing very well and MTBF has exceed
well over 200,000 hours. The original design
analysis used MTBF to be less than 40,000
hours.
14
Development of Software
Standards (1)
In late 80s, Ontario Hydro felt the need for a well
designed software engineering standard for
application of microprocessor based hardware
in safety related applications. Ontario Hydro
and AECL developed a software engineering
standard that would define
A minimum set of software engineering processes to
be followed in creating and revising the software
The minimum set of outputs to be produced by the
processes
Requirements for the content of the outputs
15
Development of Software
Standards (2)
The standard was developed based on the
standards available at that time and experience
gained from Darlington shutdown system
software developments:
IEC 880 Software for computers in the safety
system of Nuclear Power Stations
CAN/CSA-Q396.1.1-89 Quality Assurance Program
for the Development of Software Used in Critical
Applications
Experience gained from licensing the Darlington
Shutdown System Trip Computers
16
Development of Digital Trip
Meter (1)
Development of the digital trip meter played a
pivotal role in checking out the feasibility of the
newly developed software standards in real
time applications.
A digital trip meter without microprocessors would
not satisfy instrument performance
requirements, e.g., stability, accuracy,
flexibility etc. Hence, using microprocessor-
based technology using a bargraph design with
digital indication was thought to be the best
option.
17
Meter (2)
The digital trip meter development was targeted to fulfil
the requirements of Heat Transport High Temperature
Trip (HTHTT) parameter.
The hardware development contract was awarded to
Ametek Dixson, who were well experienced in
developing digital/bargraph meters.
Ontario Hydro provided software expertise. The design
used a 16-bit trip processor, (Intel 87C654), EPROM,
bargraph (tri colour), two digital read-outs for process
value and set point and option to view margin to trip.
The software development followed Ontario
Hydro/AECL Standard for Safety Critical Software,
982C-H69002-0001.
18
Meter
19
Digital Trip Meter
20
Conclusion
The development of Digital Trip Meter
demonstrated successful use of software
engineering standards for safety related
applications. The success of the process
provided additional confidence for use of the
software engineering standard on redesign of
more complex application of software for
Darlington Shutdown System 1 & 2.
The progressive experience gained on
software QA has helped the CANDU Industry
to undertake more challenging projects.
21
Acknowledgement

The authors wish to acknowledge the
support received from Messrs. Mike
Viola and Rick Hohendorf of Ontario
Power Generation (OPG) for review of
the paper and for the permission to COG
for use of some of the information in
preparation of this document.
22
Questions

??

MicroprocessorPPT 6

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

MicroprocessorPPT 6

Uploaded by

Copyright:

Available Formats

CANDU Owners Group Inc.

Strength Through Cooperation

You might also like