KnE Energy & Physics | International Conference on Nuclear Energy Technologies and Sciences (2015) | pages: 94-105


Introduction

The electricity load of a nuclear power plant is proportional with the output of the thermal power generation. The thermal output of a nuclear power plant is controlled by the insertion or withdrawal of the control-rods into and out of the reactor core. In general, PWR-type nuclear power plant employs Control-rod Drive Mechanism (CRDM) system based on magnetic stepping-type mechanism, to move the control-rods up and down [1]. This mechanism consists of a pair of circular coils and latch-style jacks with armature. By providing electric current through the coils sequentially, the control-rod which is attached to the drive shaft can be moved up or down in steps. The control system which generates these sequences is called Control-rod Drive Mechanism Control System (CRDMCS) or sometimes abbreviated to Rod Control System (RCS). The RCS is employed in PWR reactors for controlling the supply current to the coils initiated by a reactor regulating system in response to a command signal to move the control-rods. The electromagnetic force, which is activated by the coils, causes the control-rods moving upward or downward by mechanical movement.

To ensure the safety and reliability, several researches have been carried out based on CRDM prototype or mathematical model. Simulation of the CRDM based on analytical mathematical model, numerical and finite element [15] have been performed to assess the behavior of the CRDM such as magnetic force, velocity of CRDM and drop analysis. Other approaches based on experiments were implemented using various prototypes to assess the reliability [69]. It was indicated that during the design of CRDM, the functional and performance test of the CRDM prototype have been carried out, such as drop test, impact pressure test, durability test as well as other main characteristics. Furthermore, in [10], it is demonstrated that APWR CRDM has been evaluated using FMEA and highlighted that there is no effect of single failure, which affects the actuation of the reactor protection system. Despite these previous investigations, the analysis of reliability which considers a Fault Tree Analysis (FTA) for common CRDM can not be found in any public references. This may be due to the proprietary design of the CRDM.

This paper aims to investigate the RCS reliability using the Fault Tree Analysis (FTA) method. The FTA method evaluates the system reliability by modeling the system through the fault tree-shaped diagram. In this paper, the FMEA based table of APWR CRDM in Reference [10] is used to identify basic events, which are part of developing the FTA diagram of RCS. The fault tree diagram was analyzed using the reliability analysis software ITEM TOOLKIT to obtain the minimal cutsets, which in turn can be used for the calculation of the probability and frequency of the system failures.

The Crdm System Description

The main function of CRDM is to adjust the position of the control-rod bank inside the reactor core. The system consists of Logic Cabinet and Power Cabinet as shown in Figure 1 [11]. The Logic Cabinet is comprised of processing part (Digital Controller) and output part. Logic function of this Cabinet is to provide command signals to control the sequential flow that will flow into each coil of Stationary Gripper, Moveable Gripper and Lift Mechanism installed on the CRDM. This signal is processed based on the input obtained automatically from the Reactor Regulating System (RRS) or manually from the operator.

Figure 1

Diagram of CRDM Interface [11]

Images/Fig1.jpg

The Power Cabinet consists of Transformer, Molded Case Circuit Breaker (MCCB) and Current Control Unit Part. The Power Cabinet receives AC power from the motor generator through the Reactor Trip Breaker (RTB) and CRDM Distribution Panel. The Power Cabinet is employed to transform the AC voltage into DC current by using a transformer, and DC current generated is distributed to each coil in CRDM sequentially through the control process of Current Control Unit is based on a command signal from Logic Cabinet. Mechanical Control System Configuration of Control-rod Drive is shown in Figure 2 below.

Figure 2

Mechanical control system of RCS [10]

Images/Fig2.jpg

The mechanism of insertion and withdrawal of control-rods can be described as follows [12].

  • 1) Control-rods withdrawal:

    • a) In the initial conditions, Stationary Gripper Coil receives electrical current, while the Moveable Gripper and the lifts Coil are disconnected (do not receive any current). Because of the current flowing through the coil Stationary Gripper, the control-rod is held by Stationary Gripper (a gripped state).

    • b) Moveable Gripper Coil is energized to engage the control-rod assemby groove.

    • c) Current flow in Stationary Gripper Coil is disconnected so that the grip on the control-rod is released.

    • d) Lift Coil is electromagnetically energized to lift (pulling) moveable Gripper together with the control-rods to a new position one step to the top.

    • e) Stationary Gripper Coil is then energized to re-engage and to hold back the control-rod position staying in the position.

    • f) Current flow on moveable gripper coil is disconnected so that the grip on the control-rod is released.

    • g) Current flow in the Lift Coil is disconnected releasing the effect of electromagnetic force, then Moveable Gripper is drop to its original position one step lower than the current lifted control-rod position.

    • h) These previous steps are repeated, so that the control-rods are upward step by step.

  • 2) The insertion of control-rods.

    • a) Initial conditions, Stationary Gripper Coil which receives electric current will hold the control-rod, while Moveable Gripper and Lifts Coil are disconnected.

    • b) Lift Coil is energized and then electromagnetically lift (pulling) Moveable Gripper to the position of one step upward.

    • c) Moveable Gripper Coil is energized to engage the control-rods.

    • d) Current flow in Stationary Gripper Coil is disconnected so that the grip on the control-rod is released.

    • e) Current flow in the lifting Coil is disconnected, so that the influence of electromagnetic force is lost. Therefore, the Moveable Gripper including the control-rod drops downward one step.

    • f) Stationary Gripper Coil is energized to hold the control-rod position on the position of one step higher than its earlier one.

    • g) Current flow on Moveable Gripper Coil are disconnected disengaging the gripper from the control-rod.

    • h) The steps are repeated, so that the control-rods are downward step by step.

Methodology

CRDM System is evaluated using the reliability evaluation method of Fault Tree Analysis (FTA) [13]. FTA method is applied to evaluate the reliability of the system by developing a fault-tree diagram model. The model development is started by understanding the components, the modules arrangement, its functions as well as the working procedures.

As a first step in understanding how the system and components work, this research performes assessment and rearrangement of Failure Mode and Effect Analysis (FMEA) table of the CRDM obtained from Reference [10]. The adoption of FMEA analysis results is required to assist in identifying basic events for further developed fault tree diagram.

The fault tree diagram system is then developed based on the previous understanding of the functional block, working procedure, component and module of the system. At the top of fault tree, the assumption of the system failure mode is set. Based on the modes of system failure, several intermediate events leading to a system failure are elaborated. For each intermediate event occurrence, further intermediate events causing higher intermediate events are elaborated. The development of fault tree diagram is ended up on the basic event (ie: the failure of components or modules).

Fault tree diagram is quantified using the reliability software evaluation ITEM Toolkit. The quantification results in the form of a minimum cutset and probability or frequency of system failure. Cutset minimum is the smallest combination of basic event of failure that lead to system failure. The probability or frequency of system failure is calculated based on the probability or the frequency of basic event input.

Results and Discussions

The Development of Fault Tree Diagram

The Modeling of system reliability is one of the techniques to evaluate the reliability and safety of a system. Among various methods to create such model, FTA is the most widely used. The FTA method is a deductive method and using diagrams to illustrate the model of system failure. The analysis begins by assuming general events (such as the failure of a system) and ends up on the basis of events, which can be the causes of the general events. In developing the fault tree diagram with FTA method, FMEA analysis is useful as an initial step in identifying the basic events. The FMEA is a method of analysis, which is conducted to identify failure modes and the effects of the failure on each individual components of the system. This step is useful for understanding the function and contribution of components to the system. In contrast to the FTA, the FMEA method only identifies the effects of the failure of individual components to the system and is unable to consider how the combined effects of the system component fail. Thus, the identification results only show the effects of a single failure. In this research, the Table of FMEA Control-rod Drive Control System in [10] is used as a reference. That table is then reprocessed according to the understanding of the study of the functions and workings procedure of the components stated in the fault tree diagram model.

Fault tree diagram for CRDM begins by assuming the system to fail for functioning. The Failure Control Systems of CRDM to function, as shown in Figure 1, can occur due to Stationary Gripper malfunction, Moveable Gripper malfunction or Elevator Coil malfunction. The cause of the failure of each gripper or coil can then be pursued further, as shown in the fault tree diagram in Figure 3, 4 and 5.

Figure 3

Top event of the CRDMCS Fault Three Diagram System; Top Event

Images/Fig3.jpg

As seen in Figure 4, Stationary Gripper fails to function due to damage, or sequential electric current required to generate a magnetic field fails to be supplied by Current Control Unit. This sequential current supply failure can be caused by firstly, the failure or damage Current Control Unit, MCCB, Transformer, Control Circuit inside the Current Control Unit. Secondly, the supply of electric current from the Motor Generator Unit does not reach the Power Cabinet. This type of fault can be caused by damaged Distribution Panel, spurious open of Reactor Trip Breaker or failure of the Motor Generator Unit (inoperable). Thirdly, the sequential current flow actuation command signal for Stationary Gripper coil is not received by Logic Cabinet. This third type of failure may be caused by the Digital Controller in Part Processing (both damaged), failure of the module output in Processing Part, or Power Supply for Logic Cabinet failed, as shown on Figure 4.

Figure 4

CRDMCS Fault Tree Diagram System; failure of Stationary Gripper

Images/Fig4.jpg

It should be noted here, in case of Moveable Gripper failure and lifts Coil scenarios, to move the control-rod is similar to those described in Stationary Gripper as included in the fault tree. One of the critical intermediate events in CRDMCS Fault Tree is Electrical Current Supply in the Power Cabinet, because if this event occurs then all of grippers and coil become fail. The fault tree diagram for Electrical Current Supply in the Power Cabinet Fail is shown in the Figure 6.

Figure 5

CRDMCS Fault Tree Diagram System; Failure of logic cabinet in Stationary Gripper line

Images/Fig5.jpg
Figure 6

CRDMCS Fault Tree Diagram System; failure of power supply in Power Cabinet

Images/Fig6.jpg

The Quantification Results and Discussion of Fault Tree Model

Fault tree diagram is quantified using reliability software ITEM TOOLKIT. Quantification goal is to obtain the least cutset which is the smallest combination of failures basic event (components) that can cause system failure. Moreover, the quantification of fault tree diagram is also intended to gain the probability or frequency of occurrence of the top event which is the assumption of a system failure. To obtain the value of the probability or frequency, data reliability of each basic event (components) which is expressed in terms of failure rate (failure rate) is required. The value of the failure rate for each basic event in this activity was obtained from several references as shown in Table 1, and the calculation result of the reliability of the system is shown in Table 2 below.

Table 1

Failure rate of each component

No Type of Component Failure Mode Failure Rate
1. Coil Part (CRDM_SGC_CP, CRDM_MGC_CP dan CRDM_LIC_CP) Broken/Malfunction 9,50E-6/hr [7]
2. Current Control Unit (PC_SGC_CCU, PC_MGC_CCU and PC_LIC_CCU) Malfunction 1,27E-5/hr [7]
3. MCCB (PC_SGC_MCCB, PC_MGC_MCCB and PC_LIC_MCCB) Open without command/Fail to stay in closed position 1,60E-8/hr [8]
4. Transformer (PC_LIC_TR, PC_SGC_TR and PC_MGC_TR) Malfunction 9,40E-8/hr [8]
5. Control Circuit (PC_LIC_CC, PC_MGC_CC dan PC_SGC_CC) Malfunction 1,43E-5/hr [7]
6. Power Supply (LC_LI_PS, LC_MG_PS and LC_PS) Fail to supply electric current 1,63E-5/hr [7]
7. Output Part (LC_MGC_OP, LC_LIC_OP and LC_SGC_OP) Malfunction / Fail to send signals 8,40E-6/h [9]
8. Processing Part (LC_01_PP, LC_02_PP, LC_MG_01_PP, LC_MG_02_PP, LC_LI_01_PP and LC_LI_02_PP) Malfunction / Fail to process signals 8,01E-6/hr [9]
9. Distribution Panel (CRDM_DP) Fail / Burn 2.0E-4/hr [10]
10. Trip Breaker (RTB) Malfunction 2,50E-7/hr [11]
11. Motor Generator Unit (MG_01and MG_02) Malfunction 5,20E-8/hr [8]
Table 2

The Calculation Results for System Unavailability and Availability

Unavailability Q 3.8390E-04/hr
Availability 9.9962E-01/hr
No of Cut Sets 27

Table 3 shows that the cause of system failure of CRDM is dominated by the failure of the Distribution Panel. As illustrated in Chart of CRDM in Figure 2, the Distribution Panel serves to distribute the electric current supply from the Motor Generator Unit to the three coil lines (Stationary Gripper, Moveable Gripper and Lifts Coil) in the Power Cabinet. If the Distribution Panel fails, all automatic lines are also fail to function.

Table 3

Minimal Cutset

No. Unavailability Minimal Cutset
1 2.0000E-04 CRDM_DP
2 1.6300E-05 LC_PS
3 1.6300E-05 LC_LI_PS
4 1.6300E-05 LC_MG_PS
5 1.4300E-05 PC_MGC_CC
6 1.4300E-05 PC_SGC_CC
7 1.4300E-05 PC_LIC_CC
8 1.2700E-05 PC_LIC_CCU
9 1.2700E-05 PC_SGC_CCU
10 1.2700E-05 PC_MGC_CCU
11 9.5000E-06 CRDM_LIC_CP
12 9.5000E-06 CRDM_SGC_CP
13 9.5000E-06 CRDM_MGC_CP
14 8.4000E-06 LC_LIC_OP
15 8.4000E-06 LC_SGC_OP
16 8.4000E-06 LC_MGC_OP
17 9.4000E-08 PC_LIC_TR
18 9.4000E-08 PC_SGC_TR
19 9.4000E-08 PC_MGC_TR
20 2.5000E-08 RTB
21 1.6000E-08 PC_MGC_MCCB
22 1.6000E-08 PC_LIC_MCCB
23 1.6000E-08 PC_SGC_MCCB
24 6.4160E-11 LC_LI_01_PP ::LC_LI_02_PP
25 6.4160E-11 LC_MG_01_PP ::LC_MG_02_PP
26 6.4160E-11 LC_01_PP ::LC_02_PP
27 2.7040E-15 MG_01 ::MG_02

In addition, Table 3 also shows that almost all minimal cutsets are basic events (23 cutsets of existing cutsets of 27). This reality suggests that the failure or success of the control-rod drive system depend on the success of each component of the basic events.

In terms of safety, the failure and the success of the CRDM are not significant, as shown in the FMEA analysis results (see Reference 10). Failure of one of the component in the system will cause a reactor trip as soon as the control-rods are not engaged properly. As described in the previous section, the function of Stationary Gripper, Moveable Gripper and Lifts Gripper are to engage and hold device control-rods alternately. If one of the components fails, the gripper in Stationary Gripper, Moveable Gripper or Lifts Gripper will also fail and the control-rods fall freely.

On the other hand, in terms of reliability, the CRDMCS failure impacts on economic factors of the reactor. The success of CRDMCS to function is required by the operator during a reactor power settings. When there is a transient in the power reactor (within normal limits), CRDMCS is required to move the control rod up and down automatically to control the reactor power remaining in stable value. CRDMCS failures which led to frequent shutdowns of the reactor will decrease the availability and the economic value of the reactor.

In the safety system, the failure of system must not happen. Therefore, the reliability of the system should be at the level close to 100% by providing redundancy of up to 4, so that the system becomes complex and expensive. However, for systems that are not related to safety such as CRDMCS, providing many redundancies for the systems will cause additional difficulties in maintenance (because the system becomes complex) and make the installation not economical (system becomes expensive). Therefore, a solution to improve the reliability of systems that are not related to safety is to provide components with very high quality for critical components.

Table 4 shows three importance values (criticality important measure) of each basic event to the occurrence of the top event (system failure). Firstly, F-Vesely Importance values demonstrates the contribution of basic event to the top event. The second important measure, i.e. The BirnBaun Importance value, shows the sensitivity of the probability of occurrence of the top event as the function of changes in the value of basic event probabilities. Meanwhile, B-Proschan Importance values indicate the probability of the top event as a result of all minimal cutsets containing critical basic events [12]. Based on the calculations results given in Table 4, it is shown that the Distribution Panel is a basic event that has the largest contribution (52%) compared with other events. The calculation results also indicate that 23 minimal cutsets, which consist of one basic event have a much higher sensitivity than other combined basic events.

Table 4

Importance Measure Basic Events/Components

No Components/Basic Events F-Vesely BirnBaun B-Proschan
1 Distribution Panel (CRDM_DP) 0.5209 1 0.5209
2 Power Supply (LC_LI_PS, LC_MG_PS and LC_PS) 0.0424 1 0.0424
3 Control Circuit (PC_LIC_CC, PC_MGC_CC dan PC_SGC_CC) 0.0372 1 0.0372
4 Current Control Unit (PC_SGC_CCU, PC_MGC_CCU and PC_LIC_CCU) 0.0331 1 0.0331
5 Coil Part (CRDM_SGC_CP, CRDM_MGC_CP and CRDM_LIC_CP) 0.0247 1 0.0247
6 Output Part (LC_MGC_OP, LC_LIC_OP and LC_SGC_OP) 0.0219 1 0.0219
7 Transformer (PC_LIC_TR, PC_SGC_TR and PC_MGC_TR) 2.44E-04 1 2.44E-04
8 Trip Breaker (RTB) 6.50E-05 1 6.50E-05
9 Circuit Breaker (PC_SGC_MCCB, PC_MGC_MCCB and PC_LIC_MCCB) 4.16E-05 1 4.16E-05
10 Processing Part Module (LC_01_PP, LC_02_PP, LC_MG_01_PP, LC_MG_02_PP, LC_LI_01_PP and LC_LI_02_PP) 1.67E-07 8.01e-6 1.67E-07
11 Motor Generator (MG_01and MG_02) 7.04E-12 5.2e-8 7.04E-12

Conclusion

The reliability of Control-rod Drive Control System has been evaluated using Fault Tree Analysis. During the modeling of the system, the FMEA table of CRDMCS from the reference has been used to identifify the basic events based on the component failures. It is concluded that the failure of single or combined components of the system will hinder the success of the function of the complete system. Although the system fails to operate, those failures do not affect the safety system, because the system is only designed in reactor normal operation. If the system fails, the control-rods will fall freely into the reactor core immediately. Through the Fault Tree Analysis Method, a system failure is assumed and described in the form of a fault tree diagram to show basic events of the logical combination which become the cause of the system failure. It was found that the Distribution Panel is a major contributor to the cause of system failure. Quantification results also demonstrate that the majority of minimal cutsets consist of single component failure. This can be understood because the system is not a safety-related system, as well as only for normal operation purpose. Therefore, the application of redundancy can be minimized and the success of the system operation is mainly based on the implementation of high degree of reliability components.

References

[1] 

A. TanakaDevelopment of a 3-D simulation analysis system for PWR control rod drive mechanismInternational Journal of Pressure Vessels and Piping2008859655661.

[2] 

V. Rajan Babu G. Thanigaiyarasu P. ChellapandiMathematical modelling of performance of safety rod and its drive mechanism in sodium cooled fast reactor during scram action.Nuclear Engineering and Design20142780601617.

[3] 

S. A. M. ShiraziThe simulation of a model by SIMULINK of MATLAB for determining the best ranges for velocity and delay time of control rod movement in LWR reactors.Progress in Nuclear Energy20125416467.

[4] 

K. H. YoonControl rod drop analysis by finite element method using fluid–structure interaction for a pressurized water reactor power plant.Nuclear Engineering and Design20092391018571861.

[5] 

N. K. Singh D. N. Badodkar M. SinghNumerical and experimental study of hydraulic dashpot used in the shut-off rod drive mechanism of a nuclear reactor.Nuclear Engineering and Design20142730469482.

[6] 

V. Rajan BabuTesting and qualification of Control & Safety Rod and its drive mechanism of Fast Breeder Reactor.Nuclear Engineering and Design20102407) 17281738.

[7] 

Y.-P. Chyou D.-D. Yu Y.-N. ChengPerformance validation on the prototype of control rod driving mechanism for the TRR-II project.Nuclear Engineering and Design20042272195207.

[8] 

E. Ramesh S. Usha. Reliability analysis of control rod drive mechanisms of FBTR for reactor startup and power controlReliability, Safety and Hazard (ICRESH), 2010 2nd International Conference on2010.

[9] 

H. IidaLong-term stability of Sm2Co17-type magnets for control rod drive mechanism (CRDM) in a nuclear reactor.Magnetics, IEEE Transactions on199531636533655.

[10] 

Mitsubishi Heavy Industries, L.US-APWR Technical Report. FMEA of Control Rod Drive Mechanism. Control System2007.

[11] 

E. P. R. InstituteNuclear Maintenance Applications Center: Westinghouse Full-Length Rod Control System - Life Cycle Management Planning Sourcebook2006.

[12] 

C. J. RoslundDigital nuclear control rod control system. 2012Google Patents.

[13] 

C. A. EricsonHazard Analysis Techniques for System Safety.2005New JerseyJohn Wiley & Sons.

FULL TEXT

Statistics

  • Downloads 42
  • Views 327

Navigation

Refbacks



ISSN: 2413-5453