Článek doc. Františka Hezoučkého nazvaný Český a slovenský průmysl a nový jaderný blok – jde i o prestiž našeho průmyslu ve světě jsme umístili na úvodní stránku webu. Autor se v něm odkazuje na svůj článek, který vyšel v časopise Jaderná bezpečnost 5/6 2019 v anglickém jazyce. Přinášíme ho v plném znění pro doplnění informací k dané problematice.
A Few Unanswered Questions About AP1000
František Hezoučký, University of West Bohemia
Desctriptory INIS: AP1000, RESIDUAL HEAT, OPERATOR, CONTAINMENT, SECONDARY CRITICALITY, REACTOR COOLING PUMPS, LOCA, SAFETY SYSTEMS
Short introduction of AP 1000
There are many promising and innovative ideas in the AP1000 design, e.g.:
►Canned reactor cooling pumps (RCP) with flywheels from depleted uranium,
►Using natural circulation for residual heat removal in abnormal operation modes and in case of LOCA accident and therefore minimization of expensive active safety systems,
►In-vessel retention (IVR) of melted corium in case of serious accident, etc.
There are, however, some potential questions related to such low-cost solutions. They require explanation. It is quite well known, that AP1000 was offered to some other European countries (Finland, UK) in the past, but decision for realization was not positive in any of them.
Here are some questions related to AP1000, which need to be answered:
1. Containment and Shield building
The shield building is just a “chimney” for natural circulation. It would not be an adequate containment by itself since the building is ventilated. There are some additional questions:
a) How is a single containment justified when the standard established in UK for GIII+ e.g. EPR GDA is for double containment?
b) The tank at the top of the containment building is part of the passive safety system, so the vulnerability of it by virtue of its position and a single impact barrier seems to be incompatible with its class 1 safety status.
c) The shield building could be also vulnerable to mortar attack in our present-day terrorist threatened world.
d) It is impossible to test periodically the passive function of metallic containment. It would be difficult, and the adverse effects on the containment of testing are likely to be undesirable. To date, testing has been done on part-scale models in which size and flow rates of the full-scale system have not been replicated.
e) The shield building is designed to protect the cylindrical shell against aircraft crash. However, in case of attack to the upper part, under the "bottle neck", where air inlets are located, could conceivably break off. The main concern is the vulnerability of the storage tank which has Class 1 safety system status.
2. Reactor Cooling Pumps – RCPs
The RCPs are designed as canned pumps, which have no deficiency of standard RCPs’ sealing systems. Such canned RCPs have, however, a rundown time just 20 seconds since diameter of the flywheel is small. I.e. the AP1000 design shall calculate with inertia of the coolant flow till residual and accumulated heat is able to be cooled by natural circulation. After electrical power stoppage of all RCPs, the short-time-boiling of coolant will very probably occur. Deposit of H3BO3 on fuel cladding is possible in such case.
Note: EPR and all WWERs RCPs have rundown 150 - 180 seconds.
RCPs have no ratchet pawl. I.e. - in case of one of RCPs stoppage, shut downed RCP will transit into the turbine mode with quite high negative RPMs. Such RCP will not be possible to start again before shutting down of whole power unit, then start all RCPs on low speed in the pump mode, and new start-up of the unit. It is not practical for operation.
3. In-Vessel Retention (IVR)
In-vessel retention (IVR) is a beautiful idea, however, some specialist experts have a problem to accept any solution which is based just on calculation. There is also concern, that long term IVR cooling can cause deposit of H3BO3 and thermo-insulation of reactor pressured vessel (RPV) wall. It should be determined how such effect is presumed in safety analysis. Some specialist experts are more concerned about core disruption and the ability to maintain a control and cooling configuration in the event of a large scale LOCA.
Note: Mitsubishi has also IVR in its new design but uses (firefighting) water for cooling of RPV’s outside surface and gives no full credit to IVR. Therefore, the core catcher is also presumed in Mitsubishi design.
4. Diesel generators
There seem to be non-safety qualified (safety) systems. With two diesel generators in one proximal location, both diesels could, theoretically, be lost at the same time. E.g. consequently, after a destruction of the upper part of the shield building, both active and passive cooling features would be non-functional.
The Safety Case for AP 1000 puts different components and systems into a number of classifications. Only Class 1 systems are required to have full protection from seismic, external hazards etc. The passive safety systems are Class 1. The active systems which require pumps, valves and electrical supplies are not. So, diesels are not treated as Class 1 Safety systems. This is in keeping with the Westinghouse design philosophy. I and some of my colleagues have had a problem with this concept. There is also an unanswered question.
5. Secondary Criticality
In the Westinghouse seminar at the Prague Technical University, "secondary criticality” did not appear to be taken into account. Wouldn't it be the case, in a steam-line rupture, when the coolant temperature falls down quickly (after scram) due to SG evaporation, the reactor could become critical at quite a high temperature, in spite of inserted mechanical absorbers, if the H3BO3 concentrate is not immediately injected? This is not something we have examined.
6. Fast closing/opening valves
Fast closing/opening valves are driven by an explosive (squib valves). Therefore, it is impossible to test them periodically every year. Westinghouse presumes testing 20% of them every 18 months. I.e. every squib valve can be tested in 7,5 years. It seems to be insufficient for valves related to safety systems Class 1.
There is very little operating experience of squib valves of the size planned for AP1000. The issue of functional testing has also been raised, as well as the question of managing explosive devices within a site.
It seems to be only a detail that RCPs are designed for 60 Hz in light of above-mentioned safety concerns. Nevertheless, long-term reliability of converter 50/60 Hz for RCP’s power supply is the task for future operators .
Published in Bezpečnost jaderné energie 5/6, 2019
