Jung S' KOH

1
The First Workshop on The Applications of
Field-Programmable Gate Arrays in Nuclear Power
Plants
Licensing Experience for FPGA/CPLD
in Digital-Based Safety Systems in Korea
Oct 0810, 2008

• Jung S. KOH
• Korea Institute of Nuclear Safety

2
CONTENTS

• Introduction
• - Status of IC System in KOREA
• - CPLD/FPGA design process
• 2. UCN 5 CPLD Failure and Evaluation
• 3. SKN 34 FPGA Evaluation
• 4. Conclusion

3
1. Introduction Status of IC System

• NPPs in Operation 20 units
• PWR WH(6), FR(2), KSNP(8)
• PHWR CANDU(4)
• Partial Digitalized Protection System
• Wolsong 1,2,3,4
• Younggwang 3,4,5,6
• Ulchin 3,4
• Fully Digitalized Protection System
• Ulchin 56
• Shin-Wolsong 12
• Shin-Kori 12
• Shin-Kori 34
• Digital Upgrading Plant
• Kori unit 1 (1998)

4
IC Systems in Korean NPPs

• IC Systems Digitalized in Korean Nuclear Power
  Plants
• The colored blocks represent IC systems
  with digital modules.

PCS
Mark VI
/PLC
Hybrid
(HFC)
(GE)
Ovation(W/H)
Shin Kori No. 3,4
PLC
PLC
Analog/PLC
Ovation
PLC
Mark VI
Compact
(APR-1400)
(ABB-CE)
(ABB-CE)
(ABB-CE)
(W/H)
(ABB-CE)
(GE)
Workstation
5
ASIC vs PLD

• ASIC(Application Specific IC)
• Semi-custom chip design
• Dedicated to single function, or limited range of
  functions
• A typical ASIC is a circuit, where functions are
  designed by the customer and layout and the
  fabrication is done by the silicon vendor
• Personalized at the factory
• PLD(Programmable Logic Device)
• Personalized at the client site
• (EE)PROM, PLA, PAL, CPLD/FPGA
• CPLD(Complex PLD)
• a more Complex PLD that consists of an
  arrangement of multiple SPLD-like blocks on a
  single chip
• FPGA(Field-Programmable Gate Array)
• FPGA is a FPD featuring a general structure that
  allows very high logic capacity

6
CPLD/FPGA Design Process
Design Flow
Design Specification
Define I/O
Design Entry
Functional Simulation
Map, Place, Route
Timing Simulation
Download
Debug
7
2. UCN 5 CPLD Failure and Evaluation
Event at Ulchin 5

• Date June 29, 2004
• Reactor Type PWR 2 Loops (KSNP)
• Power Level Rx Power 100, Gen Power 1056MWe

Description
A 13.8 kV circuit breaker was made open without
any operators actions. Two of four reactor
coolant pumps stopped and made the reactor shut
down by Departure from Nucleate Boiling Ratio-Low
signal.
8
2. UCN 5 CPLD Failure and Evaluation
Cause

• Communication master of Plant Control
  System(PCS) generated a false signal to a control
  card for the circuit breaker of reactor coolant
  pumps.

Corrective Action

• The communication master module which made the
  false signal was replaced with new one.
• It was required that in-depth analysis of the
  damaged network card be performed.

9
Architecture of PCS at UCN 5
10
Communication Master at PCS
MSS / OIS
NTHIFR
C-Link
Remote 1
Remote 2
Remote n
B214 LAN Controller
Local Memory
P209 System Processor
B210 PCC Controller
Public Memory
Local Memory
Local Memory
ICL
ICL
ECS-05 Controller
SBC04 Loop Controller
Communication Processor
A233 Backplane
ICL MCL link
ICL MCL link
ICL MCL link
ICL MCL link
System Processor
Dual Port Memory
SBC04/ ECSIO
SBC04/ ECSIO
M/A Station
AFS IO
AFS IO
11
PCS System Diagram
Main Control Room
Auto-cad Promise-e One-step Maintenance
Tools(S/W)
Display Dynamic Logic
HUB
100 Base TX
(UDP)
MSS
JCRT
DBM Service DDB Service
DDB Re-broadcast(Token-Passlt-gtUDP) UCP(Universal
Communication Packet) Firewall (Protection)
NTHIFR
(Gateway)
C-Link (Ethernet) 10 MBPS F.O ISO Cable UCP,
Token-Passing
M/A
CSM
REMOTE(3,4,5,6,7,9)
FOT
Main Control Room
C P C
D PM
Only one port is available for each SBC-04N
MULTIBUS
P C C
C P U
P C C
P C C
RS-232 (9.6 KBPS)
P C C
P C C
RS-485
DPM
B 214
B 210
B 210
B 210
P 209
DPM
EPROM (APPL.)
EPROM (SYS)
DI/DO Card
64KB
Field DI/DO
E P R O M
E P R O M
E P R O M
CHASIS A
CHASIS B
R A M
R A M
RS-422
RS-485(UCN5,6) 350 KBPS ICL (1 link 64 Cards)
Q 1 3 7
HSIM (F.O)
TX
Q 1 3 6
I/O E N T R Y
CPU (386EX)
188 EB (ICL)
D PM
Bit to Bit (Direct)
RX
I/F Card
E P R O M
CPLD
Field AI/AO
RS-485
SBC-04N
4DI/4DO
AI/AO Card
CPU
12
2. UCN 5 CPLD Failure and Evaluation

• Role of CPLD in UCN-5 PCS
• Major Functions
• - System Initialization
• - Bus Interface, I/O Card Control and Memory
  Control
• - Peripheral Channel Control
• Importance of CPLDs
• - Generating Control Signal between Processor
  and Memory, Processor and I/O Channels ? Precise
  Timing Accuracy is required for Control Signal

13
2. UCN 5 CPLD Failure and Evaluation

• Target Board for CPLD Design Evaluation
• AFS-SBC-04N Loop Controller
• ECS-05 P209 Communication Master Board
• ECS-05 B214 LAN Controller
• ECS-05 B210 Programmable Communication
  Controller
• ECS-05 A233 Backplane Board
• Required Materials for CPLD Design Evaluation
• Detailed Design Specification
• Software Design Specification
• Schematic Diagram and VHDL Source
• Test reports
• - Auto-start Regression Test Report
• - SBC-04N Spike Signal Resolution Regression
  Test Report
• - PCS P209 Processor Failure Analysis

14
2. UCN 5 CPLD Failure and Evaluation

• CPLD Design Evaluation
• Simulation using Design Tools (ex, Xilinx ISE
  5.1Li)
• Real-Hardware Testing Waveform Analysis with
  Simulation Result
• Design Evaluation Result and Findings
• 2 minor Design Error in Initializing and 1
  Critical Design Error in
• Control Signal of A233 Board (BUSY Signal)
• The longer rising edge of BUSY signal can confuse
  bus communication masters

15
Real Hardware Testing Model
16
Real Hardware Testing

• Real-Hardware Testing

17
3. SKN 34 FPGA Evaluation 

• In Korea, the utility has implemented new digital
  technology into the design of IC system starting
  with Younggwang (YGN) units 34 in 1989 and the
  application of new digital technology has been 
  expanded to succeeding units ever since.
• For Ulchin units 34 and YGN units 56, the
  engineered safety feature actuation system
  (ESFAS) of BOP are computer based plant control
  system (PCS). IC system of Ulchin units 56,
  including reactor trip system (RTS) and ESFAS,
  have been designed using digital technology but
  the main control room and the remote shutdown
  panels are still using the same conventional
  designs as the previous units.
• But, SKN 34 is fully designed with digital
  technologies.
• The major components of each channel and train in
  PPS/ESF-CCS of SKN 34 are comprised of the
  Bistable Processor(BP), Local Coincidence
  Processor(LCP), Interface Test Processor(ITP) and
  Maintenance and Test Panel(MTP), Minimum
  Inventory Switches, ESCM(ESF-CCS Soft Control
  Module), Group Controller, Loop Controller, etc.
• The SKN 34 PPS/ESF-CCS systems are
  microprocessor-based systems using ABB Advant
  PLCs.

18
MMIS Layout
19
FPGA in ESF-CCS Design

• Group Controller
• located at IC Equipment Room, - connected to
  Loop Controller
• Loop Controller
• interfaced with local actuator such as pumps,
  valves via CIM(FPGA based)
• One input for system level automatic initiation
  of ESF and a second input for manual initiation
  of ESF (manual component actuation signal from
  ESCM and minimum inventory switches,
  respectively)
• ESCM(ESF-CCS Soft Control Module)
• interfaced with loop controller in order to
  control local pumps, valves, and etc.
• function to safe shutdown with manual operation
  and indication
• Minimum Inventory switches
• manual NSSS ESF System Level Actuation Switches
• control required for EOP
• - components required to perform safe
  shutdown

20
ESF-CCS configuration

21
FPGA Qualification

• 1) Key issues in SKN 34 PSAR stage
• Cyber Security Software Quality during planning
  stage
• EMI equipment qualification of digital systems
• System Integrity with Fail-Safe design
• FPGA Qualification
• Logic of Loop Controller
• Communication Independence between safety and
  Non-safety System
• 2) Criteria used in Review
• - Standard Review Guideline
• - Reg. Guide 1.152 IEEE-ANS-7-4.3.2
• IEEE Std 603, "Criteria for Protection System for
  NPGS"

22
FPGA Qualification
Discussion and Evaluation Findings -
FPGA technology is used in Component Interface
Module (CIM) of the ESF-CCS. - FPGA such as
EPM7128SL84, A54SX16, and A54SX16P is used in the
CIM. - provide documentation that the
software design installed in FPGA shall meet the
IEEE Std. 7-4.3.2 requirements. - KINS
required the following documentation 1) H/W
Function Requirement, H/W Specification,
Application Specification (Logic Definitions),
VV Plan 2) I/O Definition and Schematic
Diagrams 3) Simulation Waveform (Test Bit
Stream) 4) Map/Place/Route Fuse File
5) Test Vector File with Simulated Waveforms
6) JTAG File 7) Board Level Functional
Testing


23
4. Conclusion

• FPGA/CPLD is NOT same with Hardware Design
• It is similar to Software Design
• FPGA design process shall meet the requirements
  in
• IEEE 7-4.3.2
• For evaluating FPGA/CPLD design, followings
  documents are required
• H/W Function Requirement Specifications
• VV Plan
• Design Source Code and Final Design Output File
• Simulation Waveform and Board Level Testing
  Waveforms
• Intermediate Design Files from Design Tools
• Test Vector File with Simulated Waveforms

24
Minimum Document for CPLD/FPGA Design

• General CPLD/FPGA Design Process and Document

Design Specification

• Functional Spec, I/O Signal Spec, Test plan

Define I/O

• Technical Document for Functional Requirement
• for Specific I/O Signal

• HDL(VHDL/VerilogHDL) design files
• Schematic diagram

Design Entry

• Test-Vector for Functional Simulation
• Simulation Result and Analysis Report

Functional Simulation

• Intermediate Output File from Design Tool
• (EX, User Constraints File)

Map, Place, Route

• Test vector for Timing Simulation
• Timing simulation Result and Analysis Report
• Report Files from Design Tool

Timing Simulation
Download

• JTAG file

Board-level Test

• Board Level Evaluation Report