WESTINGHOUSE CLASS 3 (Non-Proprietary)

Westinghouse Energy Systems



9402220258 940211 PDR ADOCK 05200003 A PDR WESTINGHOUSE CLASS 3 (Non-Proprietary)

Westinghouse Energy Systems



WCAP-8898 Addendum 2

Westinghouse Class 2 Version Exists as WCAP-8897, Addendum 2

# BYPASS LOGIC FOR THE WESTINGHOUSE INTEGRATED PROTECTION SYSTEM

AP600 Bypa is Logic Implementation Description

(C) WESTINGHOUSE ELECTRIC CORPORATION 1994
A license is reserved to the U.S. Government under contract DE-AC03-90SF1849

WF TINGHOUSE NON-PROPRIETARY CLASS !

Westinghouse Electric Corporation
Energy System Business Unit
Advanced Technology Business Area
P. O. Box 355
Pittsburgh Pennsylvania 15230

© 1994 Westinghouse Electric Corporation All Rights Reserved

## AP600 Bypass Logic Implementation Description

| Table of Contents                                         |
|-----------------------------------------------------------|
| 1.0 Introduction                                          |
| 2.0 Summary of Clarifications                             |
| 3.0 Reactor Trip Bypass Description                       |
| 3.6 - Logic Performed by Specialized DLU Circuits         |
| 4.0 ESF Bypass Implementation                             |
| 5.0 References                                            |
| List of Figures                                           |
| Figure 3.1- Reactor Trip Logic Operation                  |
| Figure 3.5 - Logic Performed by a Typical Tr. DLU Circuit |

## AP600 Bypass Logic Implementation Description

#### 1.0 Introduction

This report is an addendum to WCAP-8897, "Bypass Logic for the Westinghouse Integrated Protection System." WCAP-8897 functionally describes the bypass logic used in Westinghouse advanced instrumentation and control systems. This report describes the specific implementation of the reactor trip logic system that incorporates the bypasses of the reactor trip functions for the Westinghouse AP600 protection and safety monitoring system. This addendum does not alter the concepts presented in WCAP-8897, rather it expands upon those concepts by providing additional details of the system design.

The hardware used to implement the functions described in WCAP-8897 for the AP600 is described in WCAP-13382, "AP600 Instrumentation and Control Hardware Description." References will be made to specific sections of WCAP-13382 throughout this report. Other information about the design of the AP600 reactor trip logic and engineered safety features (ESF) actuation logic can be found in WCAP-13594, "Advanced Passive Plant Protection System Failure Modes and Effects Analysis," and WCAP-13633, "AP600 Instrumentation and Control Defense-in-Depth and Diversity Report."

Note: Addendum 1 to WCAP-8897 described the implementation of the functions described in WC/.P-8897 for the RESAR 414 reference plant.

#### 2.0 Summary of Clarifications

The RESAR 414 reference plant, that was addressed by WCAP-8897, used different technologies in its design than the AP600. This section identifies differences in the implementation that resulted from improvements in the implementation technology.

The functions of the trip bus and the reactor trip breaker bypass device described in WCAP-8897 have been implemented by the dynamic trip bus and reactor trip breaker arrangement.

The AP600 bypass path and power converter together are equivalent to the reactor trip breaker bypass device described in WCAP-8897.

The AP600 reactor trip subsystems are equivalent to the trip logic computers described in WCAP-8897.

In addition, two changes have been made in the AP600 functional design.

In the AP600 trip logic design, logic has been added to remove the global bypass permissive (and thereby generate a trip demand if a global bypass request is present) when two of the remaining cabinet sets have a trip demand.

Revision: 0 February 1, 1994

## AP600 Bypass Logic Implementation Description

The AP600 protection logic cabinets implementation uses 2-out-of-3 logic for the ESF power interface, as described in WCAP-13382.

#### 3.0 Reactor Trip Bypass Description

#### 3.1 Reactor Trip Logic Operation

Figure 3.1 illustrates the functional behavior of the reactor trip logic in three tables. The top two tables describe the logic performed in the four cabinet sets to trip the reactor trip breakers in one division. The bottom table describes how the four sets of reactor trip breakers combine to trip the plant.

The topmost table provides the trip logic associated with individual sensor channels in a cabinet set that are combined into the trip path. The cabinet set combines partial trip and bypass status from its own associated channel sets with partial trip and bypass status from the sensor channels associated with other cabinet sets. TRIP DEMAND means that conditions are met for the logic to send signals to the division's reactor trip breakers to trip. The numbers indicate the logic condition required for a trip to occur from the remaining channels.

The middle table shows the trip logic associated with the bypass path. The bypass path is enabled and the trip path disabled when a global bypass request is made for a cabinet set. This table describes the logic that is performed by the cabinet set when this global bypass request is made. If no other cabinet set is already in a global bypass state, and one or less cabinet sets have a trip demand, then the global bypass request is successful and the trip path is bypassed, as indicated by GLOBAL BYPASS in the table. Otherwise, the global bypass request fails and a trip demand is issued to that division's reactor trip breakers. This logic prevents the plant from being placed in an unsafe state by having more than one cabinet set bypassed at one time.

The bottom table describes how the reactor trip breaker sets produce a plant trip when tripped by the trip demand signals.

#### 3.2 - Reactor Trip Path Block Diagram

Figure 3.2 is taken directly from WCAP-13382 (figure 4.1-5) and shows the overall architecture of the dynamic trip bus² in a single integrated protection cabinet.

See figure 5.1-1 in WCAP-13382 for the breaker arrangement.

2Section 4.1.6 of WCAP-13382

3Section 3.7.2 of WCAP-13382

Revision: 0 February 1, 1994

## AP600 Bypass Logic Implementation Description

This

Figures 3.3 and 3.4 present the logic implemented by these subsystems for the trip and bypass paths.

3.3 - Typical Sensor Channel Reactor Trip - Trip Path Logic

Figure 3.3 shows the 2-out-of-4 logic that implements a single sensor channel reactor trip function, such as pressurizer level, in one cabinet set of the integrated protection cabinets. [

4Section 3.7.3 of WCAP-13382

Section 4.1.2 of WCAP-13382

6Section 4.1.5 of WCAP-13382

Section 4.1.4 of WCAP-13382

Revision: 0 February 1, 1994

## AP600 Bypass Logic Implementation Description

Jax.

3.4 - Global Bypass - Bypass Path Logic

Figure 3.4 shows the logic for the global bypass path. [

150

3.5 - Logic Performed by a Typical Trip Path DLU Circuit

Figure 3.5 shows the logic implemented by a standard trip path DLU8 in greater detail. [

8Section 3.7.3 of WCAP-13382

Revision: 0

February 1, 1994

## AP600 Bypass Logic Implementation Description

 $]^{3,i}$ 

3.6 - Logic Performed by Specialized DLU Circuits

Figure 3.6 shows the logic implemented by a DLU circuit board that implements the four specialized DLU functions shown in the preceding figures. [

Jan.

Revision: 0 February 1, 1994

# WESTINGHOUSE CLASS 3 (NON-PROPRIETARY) AP600 Bypass Logic Implementation Description

SENSOR CHANNELS (PARTIAL) TRIPPED

|   | 0                                   | 1                | 2                        | 3               | 4              |  |
|---|-------------------------------------|------------------|--------------------------|-----------------|----------------|--|
| 0 | 2/4                                 | 1/3              | TRIP<br>DEMAND           | TRIP<br>DEMAND  | TRIP<br>DEMAND |  |
| 1 | 2/3                                 | 1/2              | TRIP                     | TRIP            |                |  |
| 2 | 1/2                                 | TRIP<br>DEMAND   | TRIP<br>DEMAND           |                 |                |  |
| 3 | TRIP<br>DEMAND                      | TRIP<br>DEMAND   | TRIF                     | TRIP PATH LOGIC |                |  |
| 4 | TRIP<br>DEMAND                      |                  |                          |                 |                |  |
|   |                                     | CABINET S        | ETS WITH TRIP DE         | MAND            |                |  |
|   | 0                                   | 1                | 2                        | 3               |                |  |
| 1 | GLOBAL<br>BYPASS                    | GLOBAL<br>BYPASS | TRIP<br>DEMAND           | TRIP<br>DEMAND  |                |  |
| 2 | TRIP<br>DEMAND                      | TRIP<br>DEMAND   | TRIP<br>DEMAND           |                 |                |  |
| 3 | TRIP<br>DEMAND                      | TRIP<br>DEMAND   |                          | -               |                |  |
| 4 | TRIP<br>DEMAND                      | BYPAS            | —<br>SS PATH LC          | GIC             |                |  |
|   | TE OF CABI<br>BAL BYPAS<br>CABIN    |                  | ST                       |                 |                |  |
|   | a see the same and the same and the |                  |                          |                 |                |  |
|   | REACTO                              | R TRIP BREAK     | OTHER<br>KER SETS TRIPPE | CABINE          |                |  |
|   | REACTO<br>0                         | R TRIP BREAK     |                          |                 |                |  |

## REACTOR TRIP BREAKER LOGIC

Figure 3.1 - REACTOR TRIP LOGIC OPERATION

Revision 0 Feburary 1, 1994

6

WESTINGHOUSE CLASS 3 (NON-PROPRIETARY)
AP600 Bypass Logic Implementation Description

FIGURE 3.2 IS PROPRIETARY

Figure 3.2 - REACTOR TRIP PATH BLOCK DIAGRAM (Figure 4.1-5 of WCAP-13382)

Revision 0 Feburary 1, 1994



FIGURE 3.3 IS PROPRIETARY

Figure 3.3 - TYPICAL SENSOR CHANNEL REACTOR TRIP - TRIP PATH LOGIC

Revision 0 Feburary 1, 1994

8



a,c

# FIGURE 3.4 IS PROPRIETARY

Figure 3.4 - GLOBAL BYPASS - BYPASS PATH LOGIC

Revision 0 Feburary 1, 1994

5

WESTINGHOUSE CLASS 3 (NON-PROPRIETARY)
AP600 Bypass Logic Implementation Description

T a.c

FIGURE 3.5 IS PROPRIETARY

Figure 3.5 - LOGIC PERFORMED BY A TYPICAL TRIP PATH DLU CIRCUIT

# FIGURE 3.6 IS PROPRIETARY

Figure 3.6 - LOGIC PERFORMED BY SPECIALIZED DLU CIRCUITS
11