Design of Advanced Integrated Reactor Protection System for Commercial Fast Breeder Reactor

Shutdown systems are one of the most important one for the safety of the reactor core. In case of any abnormal event or any parameter going abnormal or otherwise, it trips the reactor. Hence this system should be highly reliable. The reliability of the Present shutdown system could not be improved beyond a certain limit, due to many interconnections between the sub systems in the safety chain. i.e. Different sensors, processing electronics, safety logic are located physically at different and far off locations connected with cables, passing through cable trays, penetrations and buildings. New design configuration has been proposed, where there is only single system (PCB) comprising of processing electronics and comparison with thresholds, with voting logic built into the control rods itself. This eliminates the need for one exclusive safety logic system. With this design, the reliability promised to be more than the existing system, without the need for more than one shutdown system. With this design, the reliability promised to be more than the existing system, without the need for more than one shutdown system. The thesis discusses the details of the design made and improvements in the reliability factor.


Introduction
Department of Atomic Energy (DAE) has prepared action plan to set up 5 Fast Breeder Reactors each of 500 MWe capacities by 2020.Prototype Fast Breeder Reactor (PFBR) is the forerunner of the second stage of India's three stage nuclear power program.PFBR is 500 MWe, mixed oxide fuelled, sodium cooled pool type reactor.
Reactor safety logic system is designed to initiate safety action against Design Basis Events (DBE).Reactor shutdown system is intended to protect the reactor from neutronic and thermal Incidents.In case of any abnormal event or any parameter going abnormal or otherwise, it trips the reactor.Hence this system should be highly reliable.
In the present system, sensors and the control rods are located adjacent to each other.But the connection is through various intermediate stages.These stages are located physically at different places.
A dedicated system is required for performing the 2/3 voting logic, i.e. safety logic.Hence, again separate testing logic is required to test the healthiness of the safety logics.Diverse routes are required for the cable routing for the A, B, C channels.Penetrations are required for the cables to pass through in route.The reliability of the entire shutdown system could not be improved beyond 10 -6 R/y even with two diverse safety logics connected to diverse shutdown system working on diverse parameters.
Therefore the reliability of the present shutdown system could not be improved beyond a certain limit, due to many interconnections between the sub systems in the safety chain.i.e.Different sensors, processing electronics, safety logic are located physically at different and far off locations connected with cables, passing through cable trays, penetrations and buildings.Hence new design has been proposed with different configuration.

Shutdown System of PFBR
In the present design as shown in Figure1, Prototype Fast Breeder Reactor (PFBR) is provided with two independent fast acting and diverse shutdown systems (SDS), namely SDS1 and SDS2 to detect any abnormalities in reactor core and to initiate safety action.Each system is capable of shutting down the reactor

Shutdown System of CFBR
In PFBR shutdown system, for every diverse function a different circuits and logics are provided.For example to provide redundancy 2/3 logic has been incorporated and therefore a different PCB is dedicated specially for 2/3 logic.Similarly, a special circuit is designed based on PCSL principle particularly for online testing of healthiness of the system.Such a design principle requires more number of components and interconnections within the circuits.Therefore, the complexity of the system gets increased which finally affect the reliability of the system.However the sensors and control rods are located adjacent to each other.But connection is done through various intermediate stages and these stages are located physically at different places and for their interconnection lengthy cables are required.The SCRAM signals may be affected by noise due to the lengthy cable.Diverse routes are required for the cable routing for the A, B, C channels.Penetrations are required for the cables to pass through in route.Hence the reliability of the entire shutdown system could not be improved beyond 10 -6 R/y even with two diverse safety logics connected to diverse shutdown system working on diverse parameters.
Therefore, the basic concept of this new design is to reduce the number of components and interconnect them in parallel phase, to the extent possible and decrease complexity thus increasing the reliability of the system as flow diagram of new design is shown in Figure4.
In new design configuration only single system (PCB) comprising of processing electronics and comparison with thresholds along with voting logic built into the control rods itself.This eliminates the need for one exclusive safety logic system.With this design, the reliability promised is better than the existing system, without the need for more than one shutdown system.The block diagram of new design is shown in Figure5 and the complete circuit in Figure6.

Function of Different Components
The three most important parameters to be monitored in a reactor are Neutronics, temperature and flow.These are always maintained within the specified range to ensure the safety of the reactor.If any of these crosses the threshold limits SCRAM is actuated.Since TPv1 = 10^6(5-i/p) Where 10^6 is the gain of op-amp.
Similarly, if i/p < 5V, Then (5-i/p) will Negative, Therefore TPv1 = -Saturation and generate Logic '0'.A free wheeling diode shall be connected across each EM coil to suppress the back-EMFgenerated due to switching of IGBTs.Direct connection of diode across the coil causes increase in drop time.A resistor of 300 Ω shall be connected in series with the diode as a compromise between effective surge suppression and fast drop time.

Manual Scram
Manual SCRAM is an operator command from Control Room (CR) and Back-up Control Room (BCR) to initiate fast shut down of the reactor under specific conditions.The Manual SCRAM over rides all logic conditions and de-energizes all the Electro-magnet (EM) coils when the push button is actuated from either Control Room (CR) or Back-up Control Room (BCR).Here the push button input is converted to Relay contacts, which are connected in series with the EM coils.

Mosfet
Since rheostat is bulky in size therefore it is replaced by MOSFET which is work as a active resistance.It provides to control the EM coil currents.Indicating Alarm Meters (IAM) is provided to show the current as well as to alarm if current goes below to set limits.Relays are provided to cut the coil current directly on Manual SCRAM.

Data for Power Gates Design
Number of EM coils : 12

i)
Operating current range of EM coil : 1 A to 1.5 A ii) EM coil resistance: 7.5 W at 298 K(25 °C).
iii) Ambient temperature range in which EM coils are operated : 298 K to 353 K iv) EM coil lead resistance : negligible

Response Time
Response time of Safety Logic shall not exceed 1 ms in response to a SCRAM order (excluding the response time of EM-Coil) i.e. from the instant SCRAM order is issued to safety logic, the de-energization of EM coil shall start within1ms.

Adaptability
Reserve parameters shall be provided for adding SCRAM parameters in future, if required.

Design Principle
The safety logic system design is meeting all the basic design principle as follows: 1) Redundancy: Three parallel PCB are connected to a coil and each PCB is capable of shutting down the reactor independently.We can also connect extra coil or control rod to provide redundancy.
2) Fail-safe: Pull-down resistor is use in eachinput stage.Therefore if any component becomes fail due to any cause the current is passes in ground by pull down resistor and the reactor shutdown automatically.
3) Isolation: Each input and output is connect with isolator to provide isolation the circuit.
4) Independence: Three parallel PCB are connected to a coil and Each PCB provided different Power Supply.
There is no any relationship between the three PCB which is connected to a coil.Therefore each PCB is capable of shutting down the reactorindependently.

5)
Testability: A Monostablemulivibrator is connected to provide testability.It works as a Pulse Generator whose generates pulses of time period of 1 sec.It continuously generates the pulse after 1 second who continuously checks the healthiness of the system.
6) Diversity: Three different PCB is connected to a single coil as in Figure16.Here Logic is design using basic gates, digital and analog circuits.We can design the other two PCB using DSP and microprocessor for providing diversity.
All the components used are standard and has fast response time.A 300 ohm resistance is connected to the coil for provide fast response to the coil.
Figure18.Block diagram for diversity principle

Reliability Calculations ofthe CFBR Shutdown System
Reliability is the probability of a system or device performing its purpose adequately for the period of time intended under the operating conditions encountered.Reliability prediction is done here using the standard handbook of reliability prediction of Electronic equipment MIL-HDBK-217-F notice-2.

Figure 4 .
Figure 4. Flow diagram of shutdown system