Research on Safety System Configuration of HPR1000. China Nuclear Power Design Co., ltd: Li Sheng Jie
|
|
|
- Beryl Knight
- 5 years ago
- Views:
Transcription
1 Research on Safety System Configuration of HPR1000 China Nuclear Power Design Co., ltd: Li Sheng Jie
2 Personal profile Li Sheng Jie Senior engineer, director of Nuclear Island (NI) System Branch in NI Engineering Department of China Nuclear Power Design Co., ltd. Long been engaging in the engineering design of nuclear island main process systems, particularly specializing in the design of engineered safety features. Engaged in research and development and engineering design of CGN HPR1000 (formerly ACPR ) project since the kick-off in 2010, participating as the main person responsible for safety system configuration design of HPR
3 Content 0. Introduction of HPR1000 Project 1. 3-Independent-Train Engineered Safety Features (ESF) 2. Active+Passive provisions dedicated to Design Extension Conditions(DEC) 3. Improvement after Fukushima accident 3
4 0. Introduction of HPR1000 Project HPR1000 in FangChengGang Units 3, 4 is a 3-loop reactor, adopting the design concept of advanced pressurized water reactor with two main features on the configuration of safety systems: 3-Independent-Trains, Active+Passive. It meets the safety requirements of 3 rd generation NPP.
5 1. 3-Independent-Train Engineered Safety Features 1.1 Codes, regulations requirements Train Engineered Safety Features 1.3 Introduction of main Engineered Safety Features
6 1.1 Codes, regulations requirements 1)Redundancy The ESFs are required to consider single failure criterion and redundancy in SSR-2/1: Requirement 25: The single failure criterion shall be applied to each safety group incorporated in the plant design. TrainA Initiating events TrainA Initiating events Single failure Core TrainB Single failure TrainB Core TrainC Intact
7 1.1 Codes, regulations requirements 2)Independence Independence of ESFs is required in SSR-2/1: Requirement 21: Interference between safety systems or between redundant elements of a system shall be prevented by means such as physical separation, electrical isolation, functional independence and independence of communication (data transfer), as appropriate. Train A Core Train B
8 1.1 Codes, regulations requirements 3)Design simplification It is specified in URD: A very important improvement in safety system design for the Evolutionary Plant is to be accomplished by subjecting them to major simplification. This includes such design action as eliminating unnecessary piping cross-connections and branch lines, simplifying actuation logic, and minimizing the number of configuration changes and component actuations required under emergency conditions. Train A Train B Crossconnections and branch lines Core 3 independent trains Train B Train A Core Train C
9 1.1 Codes, regulations requirements 4)Postulated initiating events In SSR-2/1, the initiating events must be postulated in all states including shutdown states. Requirement 16: The postulated initiating events shall include all foreseeable failures of structures, systems and components of the plant, as well as operating errors and possible failures arising from internal and external hazards, whether in full power, low power or shutdown states.
10 1.1 Codes, regulations requirements 4)Postulated initiating events Compared to 2 nd generation NPPs, 15 initiating events in shutdown states are added in HPR1000 design, covering the Design Basis Conditions (DBC2~4) and Design Extension Conditions, so that safety systems can cope with a wider range of accident conditions.
11 1.1 Codes, regulations requirements Initiating events of HPR1000 in shutdown states Uncontrolled RCCA bank withdrawal (in shutdown states) Uncontrolled RCCA withdrawal (in full power, hot shutdown and intermediate shutdown states) Small Break-LOCA, including injection line break of emergency boration system (in shutdown states, SIS is not connected in RHR mode) Cooling of Spent Fuel Pool in long term loss of offsite power (>2 hours) (in full power, hot shutdown and intermediate shutdown states) Loss one train of cooling system and support system of PTR (in reactor complete fuel unloading states) Loss term loss of offsite power (in intermediate shutdown and normal cold shutdown state) Boron dilution resulted by the non-isolated break of tube of heat exchanger (in shutdown states)
12 1.1 Codes, regulations requirements Initiating events of HPR1000 in shutdown states Intermediate break (in full power and shutdown sates) Small break-loca, including injection line break of emergency boration system (in shutdown states, SIS is connected in RHR mode) Break of RHR pipes located outside the containment ( DN250, in shutdown states) Inadvertent opening of Dedicate depressurization valves (in full power and shutdown states) Cooling of Spent Fuel Pool in case of non-isolated small break and isolated SIS break in RHR mode ( DN250) (in refueling cold shutdown states) Station black out (SBO) (in full power and shutdown states) Total loss of cooling chain (TLOCC) (in shutdown states)
13 1.1 Codes, regulations requirements 4) Support service systems In SSR-2/1, the requirement of support and service systems is: Requirement 27: The reliability, redundancy, diversity and independence of support service systems and the provision of features for their isolation and for testing their functional capability shall be commensurate with the significance to safety of the system being supported. The Engineered Safety Systems and the support systems (cooling source, HVAC, electrical, I&C) and the building configuration are all of 3 trains. Safety class of the support systems ensuring the function of safety systems keeps consistent with safety systems. The buildings and rooms accommodating these safety systems and support systems are separated physically, to withstand against the effects of internal and external hazards.
14 1.1 Codes, regulations requirements Conformity analysis of HPR1000 to the above codes and regulations requirements: Codes, regulations requirements HPR1000 Conformity Redundancy 3 trains (N+1) Independence Design Simplification Postulated initiating events Separation and independence among 3 trains Elimination of Cross-connections and branch lines Consider low power and shutdown states Support systems Redundancy, independence Considering initiating events (IE) and single failure criterion (SFC), to meet the requirements of independence, physical separation, design simplification, 3 independent and redundant safety trains are the smallest configuration for 3-loop reactors.
15 1. 3-Independent-Train Engineered Safety Features 1.1 Codes, regulations requirements Train Engineered Safety Features 1.3 Introduction of main Engineered Safety Features
16 1.2 3-Train Engineered Safety Features The 3-Train safety systems configuration of HPR1000 covers the full range of: All the safety systems and the support systems (cooling source, HVAC, electrical, I&C), as well as the building configuration are 3-Train. All the support systems coping with the function realization of safety systems, keeps consistent with safety systems in terms of safety class with a high reliability. The buildings and rooms accommodating these safety systems and support systems are separated physically, with a structure designed to meet the seismic requirements. 16
17 1.2 3-Train Engineered Safety Features Nuclear island building: All three safeguard buildings are classified as seismic class I. The safeguard building C, reactor building and fuel building can defend large commercial Air Plane Crash (APC). Nuclear Auxiliary Building Safeguard Building A Safeguard Building C Reactor Building Safeguard Building B Access Building Fuel Building Safeguard Building B Safeguard Building C Fuel Building Nuclear Auxiliary Building Safeguard Building A 17
18 1.2 3-Train Engineered Safety Features Engineered Safety Features : Systems Number of trains Safety classified Located building SIS/RHR (Safety Injection 3 yes 3 safeguard buildings /Residual Heat Removal) EFWS (Emergency Feedwater) 3 yes 3 safeguard buildings RBS (Emergency Boration) 3 yes Fuel building, safeguard building FPCTS (Fuel Pool Cooling and 3 yes Fuel building Treatment) ASDS (Atmospheric Steam 3 yes 2 safeguard buildings Dump) Support systems of safety systems: Support systems Number of Safety Located building trains classified CCWS (Component Cooling Water) 3 yes 3 safeguard buildings ESWS (Essential Service Water) 3 yes SEC pump room (independent from Conventional Island Cooling Water System ) 18
19 1.2 3-Train Engineered Safety Features Electrical systems: Electrical systems Number of trains Safety classified Located building EDG (Emergency Diesel 3 yes 3 diesel buildings Generator) 2h Batteries (Uninterruptible) 3 yes 3 safeguard buildings Electrical Division 3 yes 3 safeguard buildings Heating and ventilation systems: Heating and ventilation systems Number of Safety classified Located building trains SBCAVS (Safeguard Building 3 yes 3 safeguard buildings Controlled Area) EDVS (Electrical Division of 3 yes 3 safeguard buildings Safeguard Building) SCWS (Safety Chilled Water) 3 yes 3 safeguard buildings MCRACS (Main Control Room) 3 yes Safeguard building C 19
20 1.2 3-Train Engineered Safety Features I&C Systems: I&C Systems Engineered Safety Feature Actuation Cabinet Number Safety Located building of trains classified 3 yes 3 safeguard buildings 20
21 1. 3-Independent-Train Engineered Safety Features 1.1 Codes, regulations requirements Train Engineered Safety Features 1.3 Introduction of main Engineered Safety Features
22 1.3 Introduction of main Engineered Safety Features Safety Injection System (SIS/RHR) 3 100% No High Head Safety Injection (HHSI) Combine with RHR In-Containment Refueling Water Storage Tank (IRWST)
23 1.3 Introduction of main Engineered Safety Features Emergency ASG tank Safeguard building B Reactor building Feedwater System SIH (EFWS) 3 100% Emergency feedwater pump Power limiting valve Level control valve SG No normal feedwater function during ASG tank Safeguard building B SIH Reactor building startup and shutdown (compared to M310) Emergency feedwater pump Power limiting valve Level control valve SG Two redundant ASG tank Safeguard building A Reactor building valves ensure SIH isolation in SGTR Emergency feedwater pump Power limiting valve Level control valve SG
24 1.3 Introduction of main Engineered Safety Features Fuel building Reactor building Emergency Boration System (RBS) 3 100% Piston pump Enriched boron Train A Train B Emergency Boration Tank Emergency Boration Tank TO ATM TO ATM MT MT M Emergency Boration Pump M Emergency Boration Pump M Fuel building M M M RCP cold leg RCP cold leg Train C TO ATM Safeguard building C Emergency Boration Tank MT M M M RCP cold leg Emergency Boration Pump
25 1.3 Introduction of main Engineered Safety Features Cooling chain system (Component Cooling Water System CCWS) 3 100% 2 pumps and 2 heat exchangers are configurated in A/B trains, realizing preventive maintenance in power operation
26 1.3 Introduction of main Engineered Safety Features Cooling chain Train A Service water pump RRI RRI RRI/SEC heat exchanger system (Essential Service Water System ESWS) 3 100% 3 train, 5 sub-train in configuration, Sea Train C Sea Train B Seawater filter Seawater filter Seawater filter Service water pump Service water pump Service water pump Shellfish catcher Shellfish catcher Shellfish catcher RRI RRI RRI RRI RRI RRI RRI/SEC heat exchanger RRI/SEC heat exchanger RRI/SEC heat exchanger Discharge ditch realizing preventive maintenance in Sea Seawater filter Service water pump Shellfish catcher RRI RRI RRI/SEC heat exchanger power operation. Seawater filter Shellfish catcher
27 2. Design Extension Conditions (DEC) and provisions 2.1 Independence of DiD levels 2.2 Selection of DECs 2.3 Systems dedicated to DECs 2.4 Practical elimination of early or large radioactive releases
28 2.1 Independence of DiD levels In SSR-1/2, independence among different levels of DiD is required: 2.13:Defence in depth is implemented primarily through the combination of a number of consecutive and independent levels of protection that would have to fail before harmful effects could be caused to people or to the environment. If one level of protection or barrier were to fail, the subsequent level or barrier would be available. 4.13A. The levels of defence in depth shall be independent as far as practicable to avoid the failure of one level reducing the effectiveness of other levels. In particular, safety features for design extension conditions (especially features for mitigating the consequences of accidents involving the melting of fuel) shall as far as is practicable be independent of safety systems.
29 2.1 Independence of DiD levels HPR1000 establishes provisions at each DiD level, systems for mitigating the consequences of a severe accident and the ESFs are independent from each other. HPR1000 Systems Safety Injection System Emergency Feedwater System Emergency Boration System Atmospheric Steam Dump System Secondary Passive Heat Removal System Diverse Actuation System (I&C) SBO Diesel Generator Containment Heat Removal System Extra Cooling System Severe Accident I&C System Levels of defence in depth DiD-3 DiD-4a DiD-4b
30 2. Design Extension Conditions (DEC) and provisions 2.1 Independence of DiD levels 2.2 Selection of DECs 2.3 Systems dedicated to DECs 2.4 Practical elimination of early or large radioactive releases
31 2.2 Selection of Design Extension Conditions Requirement for Design Extension Conditions in SSR-1/2: Requirement 20: A set of design extension conditions shall be derived on the basis of engineering judgement, deterministic assessments and probabilistic assessments for the purpose of further improving the safety of the nuclear power plant by enhancing the plant s capabilities to withstand, without unacceptable radiological consequences, accidents that are either more severe than design basis accidents or that involve additional failures. These design extension conditions shall be used to identify the additional accident scenarios to be addressed in the design and to plan practicable provisions for the prevention of such accidents or mitigation of their consequences.
32 2.2 Selection of Design Extension Conditions Criteria for selecting Design Extension Conditions of HPR1000: 10-5 /reactoryear (r.y) 10-8 /r.y Selection of Design basis accident Preliminary PSA analysis Selection of accident sequences Engineering judgement & deterministic assessments Final PSA analysis Categorization of accident sequences Provisions System Configuration
33 2.2 Selection of Design Extension Conditions DECs of HPR1000 Loss of secondary cooling function (power/shutdown states) Small-break LOCA, with MHSI or LHSI failure (power state) Initiating small-break LOCA, with MHSI or LHSI failure (shutdown state) RHR system failure or after LOOP RHR recovery failure (shutdown state) Station blackout accident (SBO) (power/shutdown states) Station blackout accident, with loss of fuel pool cooling system Emergency shutdown failure resulting from reactor trip signal failure (power state) Emergency shutdown failure resulting from stuck rod (power state) DECs of HPR1000 Non-RCV homogeneous dilution with failure of dilution source isolation (shutdown state) Small-break LOCA or SGTR, with MHSI or LHSI failure (power state) Total loss of cooling chain (TLOCC), with a break on reactor coolant pumps seals (power state) Total loss of cooling chain (TLOCC) (shutdown state) SGTR (10 tubes in one SG) Main steam line break, with SGTR (1 tube in the affected SG) SGTR (1 tube), with failure to close a main steam relief valve (VDA) (power state)
34 1.20E Selection of Design Extension Conditions PSA results(cdf<10-6 ): 1.00E E E E E E-06 华龙一号 HPR1000 URD EUR 2.00E E E-07 Core Damage 堆芯损坏频率 Probability ( 堆年 )(/r.y)
35 2.2 Selection of Design Extension Conditions PSA results (LRF<10-7 ): 1.20E E E E E E E-07 华龙一号 HPR1000 URD EUR 2.00E E E-08 大量释放频率 ( 堆年 ) Large Release Frequency (/r.y)
36 2. Design Extension Conditions (DEC) and provisions 2.1 Independence of DiD levels 2.2 Selection of DECs 2.3 Systems dedicated to DECs 2.4 Practical elimination of early or large radioactive releases
37 2.3 Systems designed for Design Extension Conditions Containment Heat Removal System (CHRS) 2 100% Backflushing of Strainers Containment spray Passive IVR (In- Vessel Retention)
38 2.3 Systems designed for Design Extension Conditions Extra Cooling System (ECS) 2 100% Diverse cooling tower heat sink
39 2.3 Systems designed for Design Extension Conditions Secondary Passive Heat Removal System (SPHRS) 3 50% Passive circulation Water makeup for Emergency Feedwater Tank and Spent Fuel Pool
40 2. Design Extension Conditions (DEC) and provisions 2.1 Independence of DiD levels 2.2 Selection of DECs 2.3 Systems dedicated to DECs 2.4 Practical elimination of early or large radioactive releases
41 2.4 Practical elimination of early or large releases Requirements for Practical elimination of early or large releases in SSR-1/2 : 2.11 Plant event sequences that could result in high radiation doses or in a large radioactive release have to be practically eliminated and plant event sequences with a significant frequency of occurrence have to have no, or only minor, potential radiological consequences The design shall be such that the possibility of conditions arising that could lead to an early radioactive release or a large radioactive release is practically eliminated. Practical elimination of early or large releases involves a very wide range of study, in this presentation, we only discuss HPR1000 s engineered safety features effects on practical elimination. Example of accident sequences that have to be practically eliminated :
42 2.4 Practical elimination of early or large releases Positive reactivity insertion resulting in severe core degradation: 1)CVCS is designed to automatically isolate from CVCS volume control tank and switch to IRWST. This can evidently reduce the possibility of non-rcv homogeneous dilution accident caused by CVCS water makeup or by operator errors; 2)Emergency boration system dedicatedly designed, can automatically start up and compensate the reactivity. High pressure core-meltdown resulting in direct containment heating: 1)Dedicate depressurization valves are designed to discharge when the core outlet temperature exceeds the threshold. Severe accident analysis indicates that, if pressure is lower than 2 Mpa a. when reactor core melts, there is no risk of high pressure core-meltdown, preventing the containment from being directly heated.
43 2.4 Practical elimination of early or large releases Steam explosion possible to threaten containment integrity: 1)IVR is designed in HPR1000 and guaranteed successful by means of calculation analysis and experimental verification. It can prevent the molten core get contacted with large amount of water. Hydrogen deflagration: 1)Containment combustible gas control system is designed in HPR1000, measures eliminating hydrogen including passive hydrogen recombiner and hydrogen igniter can practically prevent the hydrogen concentration from reaching deflagration level.
44 2.4 Practical elimination of early or large releases Containment bypass: 1)RHR is evaluated with RCS normal operation pressure, avoiding breaks outside containment when connecting to primary loop. 2)EFWS can be automatically isolated when SGTR occur, MHSI pump head is lower than the steam safety valve setpoint, preventing the affected SG from being overfilled and radioactive materials from being released to the environment.
45 2.4 Practical elimination of early or large releases Other provisions: Besides the provisions dedicated designed for Practical elimination, HPR1000 is also equipped with redundant and diverse provisions for DECs, which can significantly reduce the probability of core melting caused by multi-failure sequences. And can provide non-permanent mitigation provisions when severe accidents caused by extreme external hazard (e.g. Fukushima) happen. Provisions SBO power supply Secondary passive heat removal system Extra cooling system Containment heat removal system Feed and Bleed Secondary loop fast cooling Diverse I&C systems Safety chilled water system Containment filtration and exhaust system Non-permanent equipment Functions Provide power supply reliability Passively remove residual heat Provide diverse heat sink Remove heat in containment Remove heat by primary loop Fast reduce primary and secondary temperature and pressure Provide diverse shutdown control measures Provide diverse safety equipment cooling containment heat and radioactivity exhaust Provide mobile power supply and makeup water for primary/secondary loop and spent fuel pool
46 2.4 Practical elimination of early or large releases PSA of complex accident sequences Quantitative analysis results show that the probability of complex sequences which are more probable to cause core damage accident is decreased to below 10-8 after considering effect of these systems. In this research, events below this probability can be estimated as practically eliminated. Quantitative analysis results of typical complex sequences based on internal events are given as follows:
47 2.4 Practical elimination of early or large releases Complex accident sequences Provision Quantitative results (/r.y) Without provision With provision SBO in power state SBO Diesel 2.81E E E E-06 未考虑措施 Without provision 考虑措施 With provision 0.00E E E E E E E-06
48 2.4 Practical elimination of early or large releases Complex accident sequences Loss of offsite power with secondary feedwater failure in power state Provision Quantitative results (/r.y) Without provision With provision SPHRS 5.23E E E-06 未考虑措施 Without provision 考虑措施 With provision 3.54E E E E E-06
49 2.4 Practical elimination of early or large releases Complex accident sequences Loss of RHRs in shutdown state Provision ECS CHRS Quantitative results (/r.y) Without provision 3.38E-06 With provision 5.16E E E-06 未考虑措施 Without provision 考虑措施 With provision 0.00E E E E E E E E E-06
50 2.4 Practical elimination of early or large releases Complex accident sequences SGTR with secondary feedwater failure in power state Provision Open pressurizer safety valve to feed and bleed primary loop Quantitative results (/r.y) Without With provision provision 2.06E E E E-06 未考虑措施 Without provision 考虑措施 With provision 0.00E E E E E E-06
51 2.4 Practical elimination of early or large releases Complex accident sequences Small LOCA or SGTR, with MHSI failure in power state Provision Secondary loop fast cooling Quantitative results (/r.y) Without provision 5.23E-06 With provision 3.54E E E-07 未考虑措施 Without provision 考虑措施 With provision 0.00E E E E E E E E E-07
52 2.4 Practical elimination of early or large releases Complex accident sequences Loss of main feedwater resulting in ATWS Provision EBS Diverse I&C Quantitative results (/r.y) Without provision 2.78E-05 With provision 8.94E E-05 未考虑措施 Without provision 8.94E-10 考虑措施 With provision 0.00E E E E E E E-05
53 2.4 Practical elimination of early or large releases Complex accident sequences Loss of cooling chain with RCP seal break and MHSI failure in power state Provision Safety chilled water system Quantitative results (/r.y) Without provision 2.98E-08 With provision 2.87E E E-08 Without 未考虑措施 provision With 考虑措施 provision 0.00E E E E E E E E-08
54 3. Non-permanent measures after Fukushima accident 3.1 Primary water makeup and containment heat removal 3.2 Secondary water makeup 3.3 Spent fuel pool water makeup 3.4 Mobile power supply
55 3.1 Primary water makeup and containment heat removal Related requirements in SSR-1/2 : 6.28B: The design shall also include features to enable the safe use of nonpermanent equipment for restoring the capability to remove heat from the containment. HPR1000 is able to remove heat from the containment with mobile equipment when severe accidents happen and permanent equipment are unavailable (usually because of active equipment failure or loss of all power supply). Mobile equipment Mobile emergency pump Mobile emergency power supply Hand-carried mobile pump Function Water makeup for primary loop Power supply for pumps, valves and cooling towers Water makeup for heat sink feedwater pool
56 3.1 Primary water makeup and containment heat removal CHRS Heat exchanger ECS Cooling Tower Makeup water tank Hand-carried mobile pump Heat exchanger End filter Reactor vessel Mobile emergency pump Containment heat removal pump Intercycle circulation pump End circulation pump Mobile emergency power supply
57 3. Non-permanent measures after Fukushima accident 3.1 Primary water makeup and containment heat removal 3.2 Secondary water makeup 3.3 Spent fuel pool water makeup 3.4 Mobile power supply
58 3.2 Secondary water makeup If long-term LOOP (>72h) happens in power state, EFWS water tank and permanent back-up water supply will be used up. Mobile equipment can be used to provide makeup water for EFWS water tank (train A/B), so that secondary heat removal function is maintained. Hand-carried mobile pump EFWS water tank Emergency feedwater pump Power limiting valve Water level Regulating valve SG
59 3. Non-permanent measures after Fukushima accident 3.1 Primary water makeup and containment heat removal 3.2 Secondary water makeup 3.3 Spent fuel pool water makeup 3.4 Mobile power supply
60 3.3 Spent fuel pool water makeup Hand-carried mobile pump Related requirements in SSR-1/2: 6.68: The design shall also include features to enable the safe use of nonpermanent equipment to ensure sufficient water inventory for the long term cooling of spent fuel and for providing shielding against radiation. HPR1000 design meets the requirement above and refers to NEI12-06 to address emergency water makeup and spray function to spent fuel pool, which can provide a better cooling effect when spent fuel elements are uncovered.
61 3. Non-permanent measures after Fukushima accident 3.1 Primary water makeup and containment heat removal 3.2 Secondary water makeup 3.3 Spent fuel pool water makeup 3.4 Mobile power supply
62 3.4 Mobile power supply Related requirements in SSR-1/2 : 6.45A: The design shall also include features to enable the safe use of nonpermanent equipment to restore the necessary electrical power supply.. Mobile power supply is designed in HPR1000, enhancing provisions for SBO, so that safety functions like containment heat removal and spent fuel pool cooling are guaranteed after severe accidents. Containment heat removal pump and valve Extra cooling system circulation Extra cooling system cooling tower fan Spent fuel pool cooling pump and valve Containment filtration and exhaust system chemical addition pump and mixing pump
63