MicroprocessorPPT-6

5/22/2018 MicroprocessorPPT-6

1/22

CANDU Owners Group Inc.

Strength Through Cooperation

1

Application of Microprocessor basedTechnology


2/22



2

Issues Faced by CANDU

Nuclear Plants

In early 80s lack of well designed, reliable control

hardware incorporating complex logic was

experienced by the industry

Incorporation of mathematical functions and logic

needed individual modules and more hardware.Reliability and cost of implementation was

negatively affected

The technology made it difficult to meet certain

unavailability targets required by safety systemsThe cost of implementation and maintenance

increased as the hardware complexity grew.


3/22



3

Applications of microprocessor-

based hardware

Several instrument companies introducedmicroprocessor based control modules that could

incorporate complex logic and math functions.

The impact of microprocessor based hardware was

not fully assessed by the nuclear industry at the time

However, the potential benefits offered by these new

technology could not be ignored

OPG (then Ontario Hydro) decided to use the newtechnology in 1985 for implementation of Incore

LOCA conditioning signal for ECIS modifications in

Pickering A Station


4/22



4

Microprocessor-based hardware

in safety related ECIS

The hardware chosen was manufactured byFischer & Porter (F&P) Chameleon, model#

50KM2111. This hardware offered an excellent

measurement platform, accuracy, reliability and

functional flexibility

The functional requirements were programmed in

Chameleon using a menu-driven pre-developed

FTRAN language. The implementation was simpleand easily incorporated. The product offered

more flexibility and features than a safety related

application would require.


5/22



5

Processor Application in safety

System

In-core LOCA conditioning signal for ECIS


6/22



6

Other microprocessor based

Applications in Safety System

Demand for better logic modules led other processindustries (Chemical, paper, mining etc) to use moremicroprocessor based systems. The nuclear industrystayed behind due to unproven technology.

However, demand for enhanced performancerequirements in nuclear safety related applications led touse of F&P Chameleon microprocessor-based hardwarein safety related applications. Such as

Dump Arrest Logic modification in Pickering A in 1986P-Trip logic in Bruce A in 1989

These applications were successful and met the reliabilityand functional safety targets


7/22



7

Software Safety Concerns

In late 80s increased use of microprocessor-based hardware and computer systems raisedthe concern of software QA, particularly in safetyrelated applications. A number of failures due to

inadequate rigour and software quality wereexperienced by the industry. Ontario Hydromanagement conducted an assessment of rigourand quality used in software developed by F&P

for Chameleon applications.The assessment identified a number ofdeficiencies in the hardware platform andsoftware configuration


8/22



8

Software QA Concerns (1)

Atomic Energy Control Board (AECB) was informedabout the findings and the action plans. The findings

were published in Ontario Hydro D&D report # 88107. It

was decided that Ontario Hydro would correct all

deficiencies in 3 safety related applications ofChameleons in Pickering A and Bruce A Stations. The

following deficiencies were identified:

Design deficiencies:

Lack of failure detection and fail-safe outputLack of data checking and corrective action

Lack of self checking

Lack of Application Watchdog Timer


9/22



9


Lack of Target System Configuration Control

Lack of inhibition of serial communication of data into

the system

Lack of use of custom EPROMLack of controlled use of Chameleon front panel

(Human factors issue)

Lack of compliance of system response time to


10/22



10


Lack of Application Software DevelopmentGuidelines

Lack of development of Software Designers

Handbook containing

Guidelines for High level design

Software design logistics

Coding

Testing

Configuration management

Lack of revision to application software


11/22



11

Power House Emergency

Venting (PHEV)

About 1988-1991, Ontario Hydro embarked on thedesign and retrofit of Power House EmergencyVenting (PHEV) system for Pickering A & BStations to protect the environment of the

Control Rooms upon a steam break. Thissystem required a very fast action which wouldinitiate the opening of Power House EmergencyVenting upon a steam break in the Powerhouse.

A design analysis of using relay logic versusmicroprocessor-based system was carried outand it was decided that use of a microprocessor-based hardware would be necessary to complywith the safety mission


12/22



12


Venting (PHEV)

Pickering Design undertook the responsibility ofdeveloping a technical specification that would

meet the timing requirements of vent opening

and compliance of software QA as found in

D&D report # 88107. In addition softwarestandards IEC880 and CSA Q396.1.1 was used

to ensure the software quality. An application

watchdog timer was designed so that any

hardware or software related failures are

promptly detected and force the outputs to a

fail-safe mode.


13/22



13


Venting (PHEV)

Pickering A & B PHEV used 22 chameleons toimplement the functionalities of the new safety

related system. AECB Staff members

scrutinized the whole process and were

satisfied. To date the system has beenperforming very well and MTBF has exceed

well over 200,000 hours. The original design

analysis used MTBF to be less than 40,000

hours.

CANDU O G I


14/22



14

Development of Software

Standards (1)

In late 80s, Ontario Hydro felt the need for a welldesigned software engineering standard for

application of microprocessor based hardware

in safety related applications. Ontario Hydro

and AECL developed a software engineeringstandard that would define

A minimum set of software engineering processes to

be followed in creating and revising the software

The minimum set of outputs to be produced by the

processes

Requirements for the content of the outputs

CANDU O G I


15/22



15

Development of Software

Standards (2)

The standard was developed based on thestandards available at that time and experience

gained from Darlington shutdown system

software developments:

IEC 880 Software for computers in the safety

system of Nuclear Power Stations

CAN/CSA-Q396.1.1-89 Quality Assurance Program

for the Development of Software Used in Critical

Applications

Experience gained from licensing the Darlington

Shutdown System Trip Computers

CANDU O G I


16/22



16

Development of Digital Trip

Meter (1)

Development of the digital trip meter played apivotal role in checking out the feasibility of the

newly developed software standards in real

time applications.

A digital trip meter without microprocessors would

not satisfy instrument performance

requirements, e.g., stability, accuracy,

flexibility etc. Hence, using microprocessor-based technology using a bargraph design with

digital indication was thought to be the best

option.

CANDU Owners Group Inc

f


17/22



17


Meter (2)

The digital trip meter development was targeted to fulfilthe requirements of Heat Transport High TemperatureTrip (HTHTT) parameter.

The hardware development contract was awarded toAmetek Dixson, who were well experienced in

developing digital/bargraph meters.Ontario Hydro provided software expertise. The designused a 16-bit trip processor, (Intel 87C654), EPROM,bargraph (tri colour), two digital read-outs for process

value and set point and option to view margin to trip.The software development followed OntarioHydro/AECL Standard for Safety Critical Software,982C-H69002-0001.


D l f Di i l T i


18/22



18


Meter



19/22



19

Digital Trip Meter



20/22



20

Conclusion

The development of Digital Trip Meterdemonstrated successful use of software

engineering standards for safety related

applications. The success of the process

provided additional confidence for use of the

software engineering standard on redesign of

more complex application of software for

Darlington Shutdown System 1 & 2.The progressive experience gained on

software QA has helped the CANDU Industry

to undertake more challenging projects.



21/22



21

Acknowledgement

The authors wish to acknowledge the

support received from Messrs. Mike

Viola and Rick Hohendorf of OntarioPower Generation (OPG) for review of

the paper and for the permission to COG

for use of some of the information inpreparation of this document.



22/22



22

Questions

??

MicroprocessorPPT-6

Documents

Transcript of MicroprocessorPPT-6