Work on safety margin

Since safety margin is a crucial to NPP safety, both academic and industry have paid enormous attention and efforts to this subject. Regulators such as the CNSC also take the compliance of the safety margin requirement as a necessity of licensing [67]. The accomplished research work about safety margin can be generally categorized into two major areas: precise estimation and improvement techniques.

Since uncertainties exist in the current safety margin estimation as shown in Figure 2.2, lots of research efforts are paid in seeking techniques for more precise results. As what has been surveyed and discussed in [5], traditionally the safety margin estimation is mostly based on conservative evaluation model calculations. Thus, the derived safety margin has high conservatism which reflects untrue operating situation and limits potential enhancement of the plant performance. New estimation methods are then proposed and investigated. For defence-in-depth principle, both deterministic and probabilistic assessments are applied for such kind of safety margin estimation. The deterministic method still includes conservative method but with best estimate method as a complement for different analysis objectives and issues [68, 69]; while the probabilistic methods, which includes best estimate plus uncertainties, are increasingly being used [70- 72]. All these efforts concentrate on finding a more accurate way to quantify safety margins and their uncertainties. During a safety margin assessment of an NPP, both

conservative safety analysis (CSA) and probabilistic safety analysis (PSA) may be utilized together to present a complementary assessment to the regulators [73]. Furthermore, the estimation of the confidence of safety margin has special meaning to regulators for their confirmation of the safety satisfactory of a nuclear facility. Various attempts are developed for this safety mandatory goal [74, 75].

Since the current work has limited the scope on investigation of accidental transients of critical reactor parameters, the methods of determining the safety margin are not taken into consideration. However, research work carried out in this thesis does depend on what have been explored. For instance, the interaction between trip limit and safety limit determines the emphasis of the simulation work. The trip limit, which is of considerable significance to safety margin, is determined based on design based accidents (DBAs). In a CANDU NPP, there are total 10 trip parameters associated with the critical system variables. They are high reactor neutron power, high log rate neutron power, heat transport high pressure, heat transport low flow, reactor building high pressure, pressurizer low level, SG low level, moderator high temperature, heat transport low pressure, and SG feed-line low pressure. Any of these parameters across the predefined thresholds (even if temporarily in a transient) is considered to be a potential accident scenario. However, the trip decisions are made based on 2oo3 logics to reduce probability of spurious trips. To meet the acceptance criterion for a specific DBA, the trip limit is set such that the DBA does not pose any safety concerns to the plant system and operators. To ensure this, the trip limit is always set conservatively so that the safety limits are not jeopardized even in the worst case DBA. Significant amount of work has been done to determine those limits under specific operating conditions and postulated accident

scenarios. Two design parameters, margin to trip and margin to dryout, are discussed in [4], which provides a clear relationship between the trip limits and the safety limits. It is also critical to emphasize that an NPP is a complex dynamic system. Even after the trip action is initiated, surges in the system variables are still expected due to thermal inertia associated with the system. Compliance of safety limits at the instant of shutdown system initiation does not necessarily guarantee that the safety limits will not be violated in subsequent period. For this reason, a similar concept known as “shutdown margin” in the unit of reactivity is proposed [76], where the role within the framework of the reactor safety is also described as a reference to the current work. According to [5], the safety margins can either be 1) deterministic, or 2) probabilistic. For current work, only deterministic safety margins are considered, more specifically, in terms of the transient thermal power level.

Keeping adequate safety margin or even improving it has important implication to NPP maintenance and life extension projects [77]. It is intuitively understandable that one can increase the safety margins by lowering the corresponding trip thresholds or enhancing the safety limits. It has been shown in [4] that the probability of power surge exceeding the safety limit during an accident will decrease if the safety margin is increased by means of lowering the trip thresholds. One of the drawbacks associated with lowering the trip thresholds is that the reduced operating range of the reactor, e.g. lower temperature/pressure, resulting in an operating power de-rating. Thus, lowering power output leads to undesirable economical consequences. As for the safety limit enhancement, higher damage resistance of reactor components is required, for which large amount of extra expense on technology renovation cannot be avoided. Although

extra safety margin can be obtained in NPPs by investigating increased confidence on the toughness upper limits of physical barriers with further and appropriate approaches [78], it is still a way of confirming more accurate safety limit instead of enhancing the physical tolerances of the NPP hazard barriers.

Safety margin estimated by best estimate plus uncertainty is presented in an “improved” approach as compared to conservative calculation. This is again a more precise determination to approach the true value rather than expanding the original safety margin. Safety margin improvement is also followed with interest by other industries. Most of them are still in a form of addressing the uncertainty more rigorously [79]. In [80] and [81], dynamic safety margin is applied to improve the control of safety-critical systems. The technique of enhancing upper limit is adopted in mechanics inventions to widen the existing safety margin [82]. Even modification of reactor design has become a way of safety margin improvement [83]. However, none of these open publications have touched the area of controlling the post-accident transients for safety margin improvement.