28
Development of digital I&C system in HTR-PM Shi Guilian CTEC
Development of digital I&C system in HTR-PM
Shi Guilian
CTEC
2
1. CTEC Profile
2. HTR-PM DCS Development Overview
3. HTR-PM Safety DCS Development
4. HTR-PM NC DCS Development
5. Conclusions
CONTENTS
3
HollySys
1.CTEC Profile-Organization
10
departments
708
employees
GMs
Go
v . P
roje
ct
HR
FIN
AN
CE
AD
MIN
EN
GIN
EER
ING
R&
D
PR
OD
UC
TIO
N
Lin
e
MA
RK
ET
ING
PR
OJE
CT
A
dm
in
QU
ALIF
Y
Gov. Functional Business BD Centre
Providing full-life-cycle and end to end digital I&C system solution and service to NPPs
4
1. CTEC Profile-products
5
2014Independent 3rd party V&V certificate on
FirmsysISTEC
2013
design/manufacturing license on 1E panels &civil 1E
electric equipment
NRC preliminary evaluation on Firmsys
Function safety certificate by SIL3SIL3
2011
3rd party V&V evaluation by TUV
CMMI L4
EDF supplier qualification for electric , I&C
TUV
CMMI L4
2010
Design license on civil nuclear safety
electric equipment
Manufacturing license on civil nuclear
safety electric equipment
ISO14001/OHSAS18001
ISO14001
OHSAS18
001
2009 enterprise standard Q/GLHJ
2008 CMMI L3 CMMI L3
2006 ISO9001 ISO9001
1. CTEC Profile-Certificates
6
Projects covering all the in-service NPPs and majority new builds, the
reactor types including CPR1000,ACPR1000, M310, EPR, HTR, CNP, CEFR, etc.。
1. CTEC Profile- Projects
CPR1000: 14 unit DCS
•HYH 1-4、ND 1-4、YJ 1-4、
FCG 1-2
•13 delivered to NPP
•5 under commercial operation
ACPR1000:4
•2 :Integration in CTEC(YJ56)
•2 : : in contract negotiation
(HYH56) (Big step, FirmSys )
•NC-DCS 、 Safety-DCS、BOP
I&C , DCS simulator in FSS 、
Emergency system etc.
No. Project Contract time
1 HTR-PM digital RPS prototype 2009.09
2 HTR-PM digital RPS supply 2009.09
3 HTR-PM non-safety DCS prototype 2010.04
4 HTR-PM non-safety DCS supply 2010.07
5 HTR-PM DEH(Digital Electric Hydraulic Control System) 2012.09
7
安全级DCS
非安全级DCS
汽轮机控制系统
DEH
全厂一体化DCS
2. HTR-PM DCS - contracts
UNIT Safety DCS NC-DCS
System Design SW V&V
NI designpurchaser
Contract NI BOP design
DEH purchaser
Equipment development
Safety Equipment qualification
Basic / Detail design
Manufacture, integration, test.
Technical support
8
2. HTR-PM DCS - contracts
9
2. HTR-PM DCS - roadmap
First engineering prototype ,then real system manufactured
Same software and hardware with the actual DCS
Safety DCS: 1:1 engineering prototype
NC DCS: verify key design, DCS Architecture, new control logic, MMI ect.
With almost all level2 configuration and 30% of level1 input/output
10
2. HTR-PM DCS - roadmap
The safety-DCS equipment is dedicated for HTR-PM Safety-DCS .
11
3.7 核级DCS(FirmSys)应用业绩
2. HTR-PM DCS – system structure
HTR-PMSafety DCS
HTR-PMNC-DCS
ACPR1000Safety DCS YJ56
ACPR1000NC-DCS YJ56(U5 and U7)
ControlStation
28 45 46 50
Cabinet 38 108 91 58
Input and output signal
3458 13679 9846 11000
Operator station
Total 204 in MCR *22 in RSS *2
4 in cabinet *2
135 ENG
16 16
Display 300 200 640*2 900
Safetyfunctions
14 RTS3 ESFAS
21 RTS7 ESFAS
2. HTR-PM DCS R&D-System Scale
HTR-PM Safety DCS : simplified and reliable ;
HTR-PM NC DCS: enriched, completed functions, of similar scale to a ACPR1000 unit.
三. Engineering Prototype development Process
NPP and system requirements
Computer-based system requirements
Computer system requirements
protection system specificationPAMS specification
Safety protection system specification
Safety signal isolation cabinet specification
Other components
Computer system design
SW requiremen
ts computer system
integration
HW requiremen
ts
SW design
HW design
SW implementa
tion
HW realization
protection cabinet
design
Structure design of
cabinets and modules
cabinet assembly
Safety Software VV
Qualify control
Continuous running test
environment test
EMC test
seismic test
Function test
Protection cabinet X, protection cabinet y
channel monitoring cabinet, safety display device
signal isolation cabinet, safety control cabinet, ESFAC
Design Development Qualification
routine test reportcontinuous running test
reportEMC test report
environmental test reportseismic test report
protection system periodic test device, protection system integration test device
En
gin
eerin
g p
roto
typ
e in
teg
ratio
n
HW system design
HW integration
Pro
tectio
n sy
stem
specific
atio
n Manufacturing of cabinets and
modules
3. HTR-PM safety-DCS – overall requirement
1、Function requirements:
Signal isolation distribution, reactor trip, engineering safety
features actuation, MCR ventilation, post accident data monitoring
2 、Structure requirement:4 channels redundancy, 2 layers of 2/4
voting structure, with consistency logic, 2 diversity group in each
channel.
3、main performance:
Response time: delay from monitoring variable signal input to
ESFAS/trip actuation signal output(ESFAC side) ≤300ms
Analogue acquisition precision:0.1%
3. HTR-PM Safety DCS R&D – System Structure• Signal isolation device
• Signal process device x/y
• logic voting device x/y
• PAMS display
• Channel monitoring device
• Safety actuation device A/B
• MCR ventilation control
• Signal isolation cabinet
• Protection logic x/y cabinet
• Channel monitoring cabinet
• MCR ventilation cabinet
• Safety actuation cabinet
• Safety display unit
2014/12/3016page
。Including: Isolation, IO signal , control &
protection arithmetic equipment, safety
display and control equipment, safety
communication network, communication
gateway, power supply, cabinets. 42 HW
equipment, 15 mechanical equipment, 13
Software , 70 in total
HTR-PM Safety-DCS
Hardware(42)
主控/通信 (5 种)
IO/调理 (3种/2种)
电源
(2 种)
转接 & 切换 & 继电器
& 监视 (30 种)
机柜(5种)
机箱、面板(10种)
工程师站软件
(6 种)
嵌入式软件
(7种)
Mechanical
(15 )
Software(13)
2. HTR-PM DCS – equipment List
第 17 页
3. HTR-PM Safety DCS Development-Equipment Technical Features
In accordance to safety I&C standard: SW design: HAD102/16, IEC-
60880 HW design: IEC-60987
Deterministic software:No Commercial OS 、break is not used in the
normal running. Fixed Memory allocation, Fixed task scheduled
Reliability design and analysis through the whole process
Point-to-point communication technology
High-coverage self-diagnostic design technology
safety information display design technology without commercial OS.
3. Safety DCS – Software V&V
◇Responsible by INET;◇V&V implemented in all phases of safety SW
life cycle;◇in accordance with IEEE 1012, L4(the highest) ;
◇executed under the principle of threeindependence
Stage Nun Status
Basic design 186 closed
SoftwareReq.
16 closed
Software architecture
Design 18 closed
Software detail design
21 closed
Unit test 44 closed
System test 8 closed
Total 293 closed
19
2013年10月 2014年8月
机柜制造Cabinet manufacturing
机箱制造Rack manufacturing
PCB制造PCB
manufacturing
PCBA制造PCBA
manufacturing
鉴定试验执行EUT集成
EUT integrati
on
鉴定试验程序test procedure
测试装置研发test
device R&D
试验室评估Lab evaluation
鉴定试验先决条件检查Qualificati
on test pre-
condition check
基准试验
Baselinetest
环境试验
Environment test
EMC试验
EMC test
抗震试验
Seismic test
鉴定试验总结报告
Test report
现场监查Field
inspection
现场见证Field witness
现场见证Field witness
现场见证Field witness
现场见证Field witness 专家评审会
Experts evaluation
第三方制造3rd party manufacturer
第三方试验室3rd party lab
CTEC
说明remark:
专家会&NRO监管expert panel &NRO
标准分析Standard analysis
专家评审会Experts
evaluation
鉴定方案qualification
plan
鉴定大纲qualification
program
专家评审会Experts
evaluation
EUT设计 EUT design
鉴定设计阶段Design
鉴定分析阶段Analysis
鉴定准备阶段Preparation
鉴定执行阶段Implemtation
鉴定总结阶段Sum-up
Equipment Qualification Process
3.HTR-PM Safety DCS
IEEE323
IEC60780
GB/T12727
IEEE344
IEC60980
IEC 61000-4
IEC 61000-6
TR-107330
IEC 60068-2
环境试验environment test
EMC试验EMC test
抗震试验seismic test
GB/T13625
HAF.J.0053
GB/T 17626 GB/T4824
GB/T9254
TR-107330
GB/T2423
RG1.209 RG1. 180 RG1.100
RCC-E
TR-107330
基准试验baseline test
RG1.209
20
2014-3-24环境试验通过
Environmental testpassed
2014-5-28EMC试验通过
EMC test passed
2013-9-24鉴定大纲专家会
Qualification plan expert review
2014-7-8抗震试验通过Seismic test
passed
Environmental test
EMC test
Seismic test
3. HTR-PM Safety DCS - Equipment qualification Progress
Basic design
DF1 DF2 DF3 CFC ManufactureSystem test
Installation
Engineering prototype design, manufacture and qualify
Finished task
On going task
Not started task
Engineering prototype qualification tests finished.
Go all out to ensure the actual system delivery!
3. HTR-PM Safety DCS – Progress
2015 SEP.
Function requirements:
Non-safety DCS is used to monitor operation ,control and analyze data of reactors,
BOP, CI, DEH, and DAS,.
Main performance:
Min. control cycle≤50ms
SOE time resolution≤ 1ms,inter-station SOE time resolution≤ 2ms
System availability≥99.99%
4. HTR-PM non-safety DCS R&D-Overall Requirement
23
4. HTR-PM NC-DCS-system structure
NC-DCS
Control station
45
Cabinet 108
IO 13679
Operatorstation
13
Display 200
1994 1995 1996 1997 1998 1999 2000 2001 2002 2003 2004
大数据量管理
中间件与软总线
OPC开放接口
HS1000
HS2000
MACS
SMARTPRO
MACS
SCADA
HOLLiAS
工业以太网+PROFIBUS总线
SM系列低功耗高可靠性模块
面对对象的实时数据库
微内核结构与伸缩性应用
专业化DCS
大容量系统结构
32位QNX
IEC61131-3
多域结构
矢量图形OOD/OOP
集成系统
国际合作
基于WINDOWS的组态软件功能块、梯形图和计算公式多重系统自诊断在线下装系统全冗余ARCNET令牌网+CAN总线
实时DOS-RTX
全汉字界面
点阵图形
VME总线HS2000
CAS
PC工程定制开发
DAS5000
国家军工质量保证体系
ISO9001
CMMI L3
HOLLiAS产品发展路线图
HOLLiAS-N
2007
4. HTR-PM NC-DCS-HOLLiAS-N
HOLLiAS-N:
Software NPP specialized function:
HMI system compatible with nuclear Human factor engineering
standard
Alarm system compatible with IEC 62241
Digital procedure
Specialized graphic symbols ,function block and SPDS calculation.
Authorization Management customized to NPP operator shift.
Hardware:
Metal shell,increase anti -Seismic and EMC capability
Environmental adaption intensified
NPP specialized hardware: priority logic module, etc..
第 25 页
NC-DCS prototype:
In the end of 2011, the prototype was delivered to INET.
Actual NC-DCS:
Integration of software and hardware finished in this month. After 9
months of system factory test and factory acceptance test , The System will
be ready to be delivered in Jul. 2015
4. HTR-PM NC DCS- Progress
2015 JUL.
5. Conclusions
2009 technical meeting 2011 Mr.zhang Zuoyi and Wu yulong visit CTEC
2012 System integration 2014 Seismic test passed
HTR-PM DCS has been under execution for 5 years( 2009-2014) . It has taken CTEC
150 man/year so far. With close cooperation with INET, Chinergy and Shanghai
Electric, CTEC overcame difficulties, like iterative design, voluminous customization
work, new technology, and lacking of drawings. However, the accomplishment of
the planned milestones prepared CTEC for the following work in HTR-PM DCS
1. The 1ST integrated DCS, including safety DCS, non-safety DCS, DEH
supplied by Chinese supplier. Rod control system and DEH are integrated
in non-safety DCS. Simplified interface, integrated platform, and easy to
use and maintenance
2. CTEC obtained knowledge of 4th generation HTR-PM digital I&C, key
design technology, and riched its DCS products by participation in HTR-
PM. HTR-PM Safety DCS project provided valuable experience for CTEC’s
development and application of FIRMSYS, a safety protection control
system platform.
3. The qualification solution by customized HTR-PM safety DCS prototype
helps simply safety DCS design, V&V, qualification and safety review of
the actual system, but results in some problems in system upgrade and
maintenance. With the satisfactory application of FIRMSYS in 1000mw
PWR and platform qualification , the future HTR-PM safety DCS could be
provided based on a qualified safety DCS platform.
5. Conclusions
Thank you for your attention
