Loss of Normal Feedwater Analysis by RELAP5/MOD3.3 in Support to Human Reliability Analysis

Similar documents
Effects of Delayed RCP Trip during SBLOCA in PWR

Verification and validation of computer codes Exercise

EXPERIMENTAL SUPPORT OF THE BLEED AND FEED ACCIDENT MANAGEMENT MEASURES FOR VVER-440/213 TYPE REACTORS

International Agreement Report

SENSITIVITY ANALYSIS OF THE FIRST CIRCUIT OF COLD CHANNEL PIPELINE RUPTURE SIZE FOR WWER 440/270 REACTOR

ASVAD THE SIMPLE ANSWER TO A SERIOUS PROBLEM. Automatic Safety Valve for Accumulator Depressurization. (p.p.)

NE 405/505 Exam 2 Spring 2015

Engineering & Projects Organization

Safety Analysis: Event Classification

FUNDAMENTAL SAFETY OVERVIEW VOLUME 2: DESIGN AND SAFETY CHAPTER P: REFERENCE OPERATING CONDITION STUDIES (PCC)

Research Article Remarks on Consistent Development of Plant Nodalizations: An Example of Application to the ROSA Integral Test Facility

RELAP5 Code Study of ROSA/LSTF Experiments on PWR Safety System Using Steam Generator Secondary-Side Depressurization

NUBIKI Nuclear Safety Research Institute, Budapest, Hungary

-. 30ýv. Entergy ARKANSAS NUCLEAR ONE - UNIT I IMPROVED TECHNICAL SPECIFICATIONS SUBMITTAL. 05/01101 Supplement Volume 2 of 2. (Sections 3.7 and 3.

Integrated Coping Strategies for Beyond-Design-Basis External Events

An Improved Modeling Method for ISLOCA for RI-ISI and Other Risk Informed Applications

Tools and Methods for Assessing the Risk Associated with Consequential Steam Generator Tube Rupture

CONTENTS OF THE PCSR CHAPTER 1 - INTRODUCTION AND GENERAL DESCRIPTION

Classical Event Tree Analysis and Dynamic Event Tree Analysis for High Pressure Core Melt Accidents in a German PWR

Simulation of Experiment on Aerosol Behaviour at Severe Accident Conditions in the LACE Experimental Facility with the ASTEC CPA Code

FUNDAMENTAL SAFETY OVERVIEW VOLUME 2: DESIGN AND SAFETY CHAPTER I: AUXILIARY SYSTEMS 2. VOLUME AND CHEMICAL CONTROL (RCV [CVCS])

Nuclear safety Lecture 4. The accident of the TMI-2 (1979)

Containment Isolation system analysis and its contribution to level 2 PSA results in Doel 3 unit

A comparative study of FLEX strategies to cope with Extended Station Blackout (SBO)

SAFETY DEMONSTRATION TESTS ON HTR-10

AP1000 European 19. Probabilistic Risk Assessment Design Control Document

The Nitrogen Threat. The simple answer to a serious problem. 1. Why nitrogen is a risky threat to our reactors? 2. Current strategies to deal with it.

Considerations for the Practical Application of the Safety Requirements for Nuclear Power Plant Design

Visual Observation of Nucleate Boiling and Sliding Phenomena of Boiling Bubbles on a Horizontal Tube Heater

V.H. Sanchez Espinoza and I. Gómez-García-Toraño

PRA Methodology Overview

IAEA Headquarters in Vienna, Austria 6 to 9 June 2017 Ref No.: CN-251. Ivica Bašić, Ivan Vrbanić APoSS d.o.o.

Assessing Combinations of Hazards in a Probabilistic Safety Analysis

Workshop Information IAEA Workshop

A c o n c e p t u a l c o m p a r a t i v e s t u d y o f F L E X s t r a t e g i e s t o c o p e w i t h e x t e n d e d S B O.

THE NITROGEN INJECTION THREAT IN PWR REACTORS

FUNDAMENTAL SAFETY OVERVIEW VOLUME 2: DESIGN AND SAFETY CHAPTER F: CONTAINMENT AND SAFEGUARD SYSTEMS 7. CONTAINMENT HEAT REMOVAL SYSTEM (EVU [CHRS])

Dynamic Context Quantification for Design Basis Accidents List Extension and Timely Severe Accident Management

MIKE NET AND RELNET: WHICH APPROACH TO RELIABILITY ANALYSIS IS BETTER?

ON TRANSIENTS IN PUMA

NOT PROTECTIVELY MARKED. REDACTED PUBLIC VERSION HPC PCSR3 Sub-chapter 16.2 PSA Results and Discussion NNB GENERATION COMPANY (HPC) LTD

Review and Assessment of Engineering Factors

10. SYSTEM ANALYSIS. The assessment consist of two elements: Safety Analysis Report and an independent Review of Safety Report.

UKEPR Issue 01

HEALTH AND SAFETY EXECUTIVE HM NUCLEAR INSTALLATIONS INSPECTORATE

The Davis Besse Nuclear Power Plant Three Mile Island Accident Precursor Event September 24, 1977

SAFETY APPROACHES. The practical elimination approach of accident situations for water-cooled nuclear power reactors

Available online at ScienceDirect. Procedia Engineering 100 (2015 ) 24 32

IAEA Training in Level 2 PSA MODULE 8: Coupling Source Terms to Probabilistic Event Analysis (CET end-state binning)

Safety and efficiency go hand in hand at MVM Paks NPP

IAEA SAFETY STANDARDS for protecting people and the environment

Safety Classification of Structures, Systems and Components in Nuclear Power Plants

ACCIDENT MANAGEMENT AND EPR AT DUKOVANY NPP

IEM on Severe Accident Management in the light of the accident at the Fukushima Daïchi NPP

HTR Systems and Components

IAEA SAFETY STANDARDS for protecting people and the environment

Level 2 PSA for the VVER 440/213 Dukovany Nuclear Power Plant

Workshop Information IAEA Workshop

Advanced LOPA Topics

Traceable calibration of automatic weighing instruments in dynamic operation

Use of Computational Fluid Dynamic Fire Models to Evaluate Operator Habitability for Manual Actions in Fire Compartments

Extensive Damage Mitigation Guidelines (EDMG)

DISTRIBUTION LIST. Preliminary Safety Report Chapter 7 Safety Systems UK HPR1000 GDA. GNS Executive. GNS all staff. GNS and BRB all staff CGN EDF

RESULTS FROM THE APPLICATION OF UNCERTAINTY METHODS IN THE UMS AND IN BEMUSE

POWER Quantifying Correction Curve Uncertainty Through Empirical Methods

Event tree analysis. Prof. Enrico Zio. Politecnico di Milano Dipartimento di Energia. Prof. Enrico Zio

Ing. JOZEF BALÁŽ Ph.D. and Ing MILAN CVAN CSc

COMPUTING SOURCE TERMS WITH DYNAMIC CONTAINMENT EVENT TREES

PEPSE Modeling of Triple Trains of Turbines Sending Extraction Steam to Triple Trains of Feedwater Heaters

Every things under control High-Integrity Pressure Protection System (HIPPS)

THE CANDU 9 DISTRffiUTED CONTROL SYSTEM DESIGN PROCESS

Ranking of safety issues for

Preliminary Failure Mode and Effect Analysis for CH HCSB TBM

SHUTDOWN SYSTEMS: SDS1 AND SDS2

CHAPTER 7: THE FEEDBACK LOOP

Transient Analyses In Relief Systems

DETAILS OF THE ACCIDENT PROGRESSION IN 1F1

SOURCES AND EFFECT OF NON-CONDENSABLE GASES IN REACTOR COOLANT SYSTEM OF LWR

SIMULATION OF CONTAINMENT HYDROGEN CONTROL SYSTEM AT IGNALINA NPP

International Agreement Report

PI MODERN RELIABILITY TECHNIQUES OBJECTIVES. 5.1 Describe each of the following reliability assessment techniques by:

Experimental Verification of Integrated Pressure Suppression Systems in Fusion Reactors at In-Vessel Loss-of -Coolant Events

HIGH WIND PRA DEVELOPMENT AND LESSONS LEARNED FROM IMPLEMENTATION Artur Mironenko and Nicholas Lovelace

Hazard Operability Analysis

DRAFT REGULATORY GUIDE DG-1074

MELCOR code application to VVER440/V213 analyses

EMERGENCY CORE COOLING SYSTEM SIMPLIFICATION

Determination of the Design Load for Structural Safety Assessment against Gas Explosion in Offshore Topside

INFLUENCE OF MEASURING PROCESS AUTOMATION ON UNCERTAINTY OF MASS STANDARD AND WEIGHTS CALIBRATION.

START UP MODELING OF KAIST MICRO MODULAR REACTOR COMPRESSOR USING BETA LINE METHOD WITH GAMMA+ CODE

Modelling of the Separated Geothermal Water Flow between Te Mihi flash plants

UKEPR Issue 04

Accident Management Strategies for Mark I and Mark III BWRs

Enhancing NPP Safety through an Effective Dependability Management

APPENDIX B AN EXAMPLE RISK CALCULATION

Journal of Applied Fluid Transients, Vol 1-1, April 2014 (3-1)

Steam generator tube rupture analysis using dynamic simulation

Research Article Experimental Studies for the VVER-440/213 Bubble Condenser System for Kola NPP at the Integral Test Facility BC V-213

Contents. Foreword. Acknowledgements. General Introduction

Design and Analysis of Reactor Dish Vessel

Transcription:

Loss of Normal Feedwater Analysis by RELAP5/MOD3.3 in Support to Human Reliability Analysis ABSTRACT Andrej Prošek, Borut Mavko Jožef Stefan Institute Jamova cesta 39, SI-1 Ljubljana, Slovenia Andrej.Prosek@ijs.si, Borut.Mavko@ijs.si The current probabilistic safety assessment (PSA) standard recommends the use of bestestimate codes. The purpose of the study was to determine the operator action success criteria time window for manual start of auxiliary feedwater (AFW) during loss of normal feedwater transient using the best-estimate code. The time window was needed for updated human reliability analysis in the Krško nuclear power plant. In addition, deep insights to the PSA analyst were given, how different time windows influence the transient consequences. The RELAP5/MOD3.3 Patch3 best estimate code and base RELAP5 input model were used for the analysis. The time delay when the operator succeeds to start AFW pump was varied in the analysis to get the maximum time window. The results showed sufficient additional available time for the action, therefore recovery action could be considered in the human reliability analysis. It was also shown that uncertainty evaluation of best estimate calculation is not needed as available time is much larger than the time needed to perform the operator action. Finally, it was also shown that fast operator response prevents any risk. 1 INTRODUCTION To estimate the success criteria time windows of operator actions the results of a severe accident code such the MAAP has been used in the conventional probabilistic safety assessment (PSA). However, the PSA standard [1] recommends the use of best-estimate codes to improve the quality of a PSA. Therefore the RELAP5/MOD3.3 best-estimate computer code [2] was used to estimate the operator action success criteria time window needed for updated human reliability analysis. The specified time windows are important for human reliability analysis (HRA) to determine the likelihood of operator actions. The human error probability of certain action is lower if operators have more time available. In the control room of a nuclear power plant there is a team of operators, which is supervised by a shift supervisor. If operators have 1 or more minutes of additional time for action, it can be expected that colleagues or shift supervisor can observe and correct a possible error of their colleague. Consideration of recovery causes lower human error probability and may cause a different impact of human error to the overall probabilistic safety assessment results. The actual times needed for performing the action were assessed based on real simulator scenarios, while the time windows were determined by deterministic safety analysis. In the present study parametric calculations were performed for establishing auxiliary feedwater in case of transients. The most limiting transient was loss of normal feedwater. 35.1

35.2 2 ANALYSIS METHODOLOGY For calculations the RELAP5/MOD3.3 P3 computer code [2] and the qualified RELAP5 input model representing a two-loop pressurized water reactor, Westinghouse type, was used [3]. The base RELAP5 input model for nominal power, so called Master input deck, has been provided by Krško nuclear power plant (NPP). It has been used for several analyses, including reference calculations for Krško full scope simulator verification [3], [4] and is described in [5]. In the following the success criteria time windows and the analysis assumptions are described. The idea of the HRA method [6] was to use those deterministic safety analyses to perform sensitivity studies of human actions, which are supplement to safety systems actuations. Sensitivity studies include variations of timing of human action to determine the latest time, when operators have to perform the needed action in order that the main plant parameters are not exceeded their limits. The core cooling success criteria as defined in [4] were used. It is assumed if the hottest core fuel/clad node temperature in the reactor core exceeds 923 K for more than 3 minutes or if temperature of the core exceeds 1348 K, the core damage may occur, which may lead to accident state. For overpressurization the criterion is that primary pressure should not exceed the 18.95 MPa. Based on these criteria the time window was determined. The operator actions considered in the analysis were delayed AFW pump manual start, reactor coolant pump (RCP) trip per emergency operating procedure (one HPSI pump running and subcooling below 14 K) and HPSI pump termination according to emergency operating procedure criteria (pressurizer pressure above 13.83 MPa, pressurizer level above 1 % and subcooling greater than 19 K). The most limiting transient requiring operation of AFW is loss of normal feedwater. The success criterion is that capacity of one train of AFW is adequate to remove stored energy and decay heat, to prevent overpressurization of the primary system, and to prevent uncovering of the core resulting in the core heatup. The time needed to start the AFW pump was varied from 1 minute up to 7 minutes, i.e. from the fastest estimated time the operator can respond to the time too late for intervention. The transient starts with the main feedwater loss which was simulated by manual closure of main feedwater valves. These caused the steam generator (SG) level drop and reactor trip on low-low steam generator water level. On the reactor trip the turbine was tripped. In the cases with assumed AFW start delay the safety injection (SI) signal was generated on low steam line pressure. On SI signal the steam line was isolated disabling the steam dump operation. When the AFW pump started to inject, it enabled the secondary side cooling thorough SG power operated relief valves (PORVs), which depressurize the reactor coolant system (RCS) below the pressurizer (PRZ) PORV closure setpoint and then below the maximum pressure capacity of high-pressure safety injection (HPSI) pump. The HPSI injection efficiently prevents further core uncovery. 3 RESULTS The main results are shown in Table 1 and Figs. 1 through 8. Table 1 shows the main sequence of events. The main interest was to define the maximum time window to manually start AFW pump. The cases with and delay were added for comparison purposes to see, how delay influences the transient. The transient started with the loss of main feedwater at time. Due to the loss of heat sink the RCS average temperature started to increase at 2 s, what actuated the steam dump at 3 s. At 53 s the reactor tripped on low-low steam generator level, causing turbine trip. The RCS temperature dropped to no-load value. It can be seen that when the AFW started with 1 minute delay on loss of main feedwater, the reactor tripped but the SI signal generation was prevented (no HPSI injection). Also there was

35.3 no need to trip the RCPs and there was no steam discharge through the SG PORVs. When AFW manual start was delayed 1 to 2 minutes, the SI signal was generated on the low steam line pressure. The basic reason were almost empty steam generators after 1 minutes what deteriorated stored and decay heat removal. Therefore at 594 s the RCS average temperature started to increase, by this modulating open the steam dump valves. Due to the increased steam dump flow the secondary side pressure started to decrease, what resulted in SI signal generation on low steam line pressure. The SI signal caused normal charging and letdown isolation and main steam line isolation. By main steam line isolation the steam dump was lost. The HPSI pump started to run on SI signal. However, due to the high primary pressure the HPSI pumps did not inject before the AFW pump start, which very quickly enables cooling by SG PORVs. The HPSI pumps were very efficient in recovering the RCS mass and pressure; therefore they were terminated when SI termination criteria were fulfilled. The RCPs were not tripped for cases with small AFW start delay, because adequate subcooling existed. When AFW delay was 2 minutes or larger, the subcooling was lost and with HPSI pumps running the criterion for tripping RCPs was fulfilled. Table 1: Sequence of main events Event Analyzed cases (AFW delay) Main feedwater closure.1.1.1.1.1.1.1.1 Rx trip signal generation 52.9 52.9 52.9 52.9 52.9 52.9 52.9 52.9 Turbine trip 52.9 52.9 52.9 52.9 52.9 52.9 52.9 52.9 Steam dump discharge 3--> 3-615 3-617 3-617 3-617 3-617 3-617 3-617 SI signal generation N.A. 615.1 616.9 616.9 616.9 616.9 616.9 616.9 Letdown isolation N.A. 615.2 617. 617. 617. 617. 617. 617. Steam line 1 and 2 isolation N.A. 615.2 617. 617. 617. 617. 617. 617. RCP 1 and 2 trip N.A. N.A. N.A. 1587.2 1587.2 1587.2 1587.2 1587.2 AFW 1 start (by assumption) 65 65 125 185 245 35 365 425 SG PORV first discharge N.A. 934 1275 1855 246 36 366 426 HPSI pump injection start N.A. N.A. N.A. 22 256 31 363 43 HPSI termination N.A. 62 125 245 4585 5594 6512 7372 Figures 1 through 8 show the important plant and safety variables, from which the time window was determined. Parametric analyses were performed to give information how influences the time of manual start of the AFW no. 1 pump. Case with 1 minute delayed start of AFW pump shows that the cooling is sufficient (no PRZ PORV and SG PORV discharge). In the case with 1 minutes delay there is no discharge on the primary side, while for sufficient cooling the SG PORVs operation is needed. For delays 2 minutes and more, there is discharge also through the PRZ PORVs. Figure 1 shows that the RCS was not overpressurized. At the time when one AFW pump was started to inject into the secondary side, cooling of the secondary side caused the pressurizer pressure to drop below the PRZ PORV closure setpoint and then below the maximum pressure capacity of HPSI pump. Figure 2 shows the RCS mass inventory. Depletion occurred due to the PRZ PORV discharge, but the RCS mass is efficiently recovered by HPSI pumps injection. When the RCS mass is depleted to approximately one third, the core starts to heat up as shown in Fig. 3. The parametric analysis showed that the core significantly heats up with AFW pump start delayed more than 5 minutes.

35.4 18 delayed AFW pump start 16 Pressure (MPa) 14 12 1 8 6 Figure 1: Pressurizer pressure 16 12 Mass (t) 8 4 HPSI pumps injection start Figure 2: RCS mass inventory Figure 4 shows the HPSI injected mass into the RCS, which is approximately balanced with the mass discharged through the PRZ PORV shown in Fig. 5. It should be noted that safety injection is terminated by operator when criteria are fulfilled. Secondary side parameters are shown in Figs. 6 through 8 for steam generator no. 1 (SG1) in which AFW was injecting.

35.5 16 1348 K Temperature (K) 12 8 4 Time [s] Figure 3: Cladding temperature at 11/12 height of the core 12 Mass (t) 1 8 6 4 2 Figure 4: Integrated HPSI flow Figure 6 shows the SG1 pressure. At turbine trip the pressure initially increased and then started to slowly drop during steam dump operation. On SI signal generation at 617 s the pressure again increased to SG1 PORV setpoint and then oscillates due to SG1 PORV cycling. The SG1 PORV cycling can be seen from Figure 7, showing mass released. Figure 8 shows the SG1 wide range level. The level started to increase at the time when the AFW flow was established.

35.6 Mass (t) 12 1 8 6 4 2 Figure 5: Integrated PRZ PORVs flow 1 8 Pressure (MPa) 6 4 2 SI signal generation Figure 6: Steam generator no. 1 pressure The maximum available time to start AFW pump according to success criteria is 6 minutes. When action is faster, the benefits could be seen. Based on the simulator experience [8], for starting the AFW the operator needs from 1 to 1 minutes. For the human reliability analysis only the information of sufficient time for recovery action was needed. However, the PSA analyst can use more information from deterministic analysis. The results showed that any releases from primary system could be prevented if action is performed in 1 minutes.

35.7 Mass (t) 1 8 6 4 2 Figure 7: Integrated SG1 PORV flow 1 8 Level (%) 6 4 2 Figure 8: Steam generator no. 1 wide range level This information gives additional insight into the risks and importance of fast operator response. Fast operator action to manually start AFW pump means no risk while very late response (more than 1 hour) would lead to core uncovery. Due to sufficient time window it is considered that recovery action could be performed.

35.8 4 CONCLUSIONS In the present study deterministic safety analyses with RELAP5/MOD3.3 Patch 3 computer code were performed as a support to the human reliability analysis. Safety analyses are needed for determination of time parameters, which are inputs for human reliability analysis within the probabilistic safety assessment. The operator action success criteria time window in the case of loss of normal feedwater, the most limiting transient, was estimated. The results showed sufficient additional available time for the action, therefore recovery action could be considered in the human reliability analysis. It was also shown that uncertainty evaluation of best estimate calculation is not needed in spite of the fact that the event is significant contributor to the risk, because available time is much larger than the time needed to perform the operator action. Finally, it was also shown that fast operator response could prevent any risk in the case of loss of normal feedwater transient. ACKNOWLEDGMENTS The author acknowledges the financial support from the state budget by the Slovenian Research Agency program no. P2-26. The RELAP5/MOD3.3 Krško NPP base input model is courtesy of Krško NPP. REFERENCES [1] ASME, Standard for Probabilistic Risk Assessment for Nuclear Power Plant Applications RA-S-22, The American Society of Mechanical Engineers, 22. [2] USNRC, RELAP5/MOD3.3 code manual, Vols. 1 to 8, Information Systems Laboratories, Inc., Rockville, Maryland, Idaho Falls, Idaho, prepared for USNRC, 26. [3] A. Prošek, I. Parzer, B. Krajnc, Simulation of hypothetical small-break loss-of-coolant accident in modernized nuclear power plant, Electrotechnical Review, 71(4), 24, pp. 199-24. [4] R. P. Prior, J. P. Chaboteaux, F. P. Wolvaardt, M. T. Longton, R. Schene, Best estimate success criteria in the Krsko IPE, Proc. of the PSA/PRA and Severe Accident, Nuclear Society of Slovenia, Ljubljana, Slovenia (1994). [5] A. Prošek, B. Mavko, RELAP5/MOD3.3 Code Validation with Plant Abnormal Event, Science and Technology of Nuclear Installations, Vol. 28, doi:1.1155/28/745178. [6] M. Čepin, X. He, Development of a Method for Consideration of Dependence between Human Failure Events, Proc. ESREL 26, Estoril, Portugal, September 18-22, 26, pp. 285-291. [7] I. Parzer, B. Mavko, B. Krajnc, Simulation of a hypothetical loss-of-feedwater accident in a modernized nuclear power plant, Journal of Mechanical Engineering, 49(9), 23, pp. 43-444. [8] A. Prošek, M. Čepin, Impact of deterministic safety analysis on human reliability analysis, Proc. of the Risk, Quality and Reliability Conference 27, (RQR 27), Ostrava, Czech Republic (27).

2024 © sportdocbox.com Privacy Policy | Terms of Service | Feedback