KR100848881B1 - Digital reactor protection system - Google Patents

Abstract

The present invention is a digital reactor protection system that receives a digital signal representing the operating state of the reactor-related devices of the power plant and safely shuts down the reactor when an abnormal condition occurs, and includes four channels for receiving and processing the digital signal. Receives and processes digital signals indicating the operating status of reactor-related devices in a power plant, but does not use a CPU and an operating system (OS), but uses a different digital signal processor (DSP). By including the start-up module and the engineering safety equipment start-up module, it is possible to prevent the occurrence of a common type of software failure in the digital reactor protection system using the operating system.

Reactor, trip signal, vice table module, simultaneous logic module, reactor stop start module, engineering safety equipment start module

Description

Digital Reactor Protection System {Digital Security System for Nuclear Power Plant}

1 is a view showing the functional configuration of the digital reactor protection system of the present invention.

2 is a diagram showing the configuration and hardware configuration for one channel of the digital reactor protection system according to the present invention.

3 is a diagram showing the configuration of a maintenance test panel providing a touch input for generating a control signal and a test signal and displaying information received from a power plant system.

The present invention relates to a digital reactor protection system, and to a reactor protection system using a DSP that does not use an operating system. In particular, the present invention relates to a digital nuclear reactor protection system that eliminates the common type failure of operating system software due to the nonuse of the operating system and eliminates the common mode failure of the digital reactor protection system by using different DSPs.

The reactor protection system provides a function to shut down the reactor in the event of an abnormality. It continuously monitors the input signal received from the measurement system and automatically generates a reactor stop signal if the input signal deviates from the safety set point. Stop it. Shutdown of the reactor opens the power circuit breaker for shutting down the reactor and cuts off the power supplied to the control rod drive, causing the control rod to fall into the reactor by gravity to stop the reactor.

The safety set points of the reactor protection system are selected to keep the plant safe, taking into account the plant's anticipated operational transients and the impact of virtual accidents. The reactor protection system shuts down the reactor and operates the engineering safety equipment system when the measured control values indicating the operational status are out of this setpoint, so that the core cooling and reactor building integrity is maintained in the event of an accident without exceeding the limits for nuclear fuel and reactor coolant systems. To function.

Conventional reactor protection systems are designed and operated on the basis of analog technology, such as Kori 2, 3, 4, Glory 1, 2, 3, 4, 5, 6, Uljin 3. 4, etc. It is difficult to secure component parts, and even though it is secured, it is expensive, and analog parts are mostly discontinued. Therefore, the digitization of the existing protection system is required for maintenance due to device aging.

Korean Patent Publication No. 2001-0013442 discloses a technique for digitizing such a protection system. Here, a technique for improving reliability by multiplexing a multi-processor processor into a plurality of channels using a programmable logic controller (PLC) is disclosed.

PLC is used for simple process control due to the relatively small number of I / Os processed per processor. In particular, PLC has the advantage of relatively good operation and maintenance with simple software. However, it is not standardized by each manufacturer. There is a problem that is limited to use or send and receive data. That is, the PLC controller has a problem of incompatibility between processors and output devices between different models.

And in digital system, the solution of common type failure of software should be considered. Since software must have a means of preventing such common type failures under the assumption that common type failures may occur in any case, the above patent publication 0013442 cannot solve the common type failures in the reactor protection system itself. A separate Diversity Protection System is installed to shut down the reactor.

This allowed the diversity protection system, a separate protection system, to activate the reactor shutdown function after some time when the digital protection system was unable to function due to common type failure.

In conclusion, this method increases the design and equipment cost of the entire system because it requires the addition of a separate separate system, and when replacing the analog protection system of an existing nuclear power plant, a complex change requiring design changes of not only the reactor protection system but also other related systems is required. Problems arise.

Another prior art for digital systems is Korea Patent Publication No. 2002-0085222, which includes a pair of comparative logic processors and a pair of concurrent logic processors using different CPUs and operating systems, Simultaneous logic processors use Intel-based CPUs and QNX operating systems, while comparative logic and concurrent logic processors use Motorola-based CPUs and VxWorks operating systems to solve the problem. One comparative logic processor and a concurrent logic processor logically process the sequenced trip processing signal variables in a forward order, and the other comparative logic processor and a concurrent logic processor logically process backwards. In addition, a relay contact of a digital output module of a pair of simultaneous logic processors may be connected in a real wiring manner to form a logical “OR” circuit. Furthermore, such a comparative logic processor and a simultaneous logic processor can be implemented as a single board computer, and a method of producing high reliability software for a digital nuclear reactor protection system includes the steps of: (a) preparing a software requirement specification using a state diagram; (b) creating a design description for each software using a different operating system; (c) coding each software from the created design description; (d) conducting a module test for each coded software; And (e) comparing the test results for the respective software to determine whether an error occurred.

In the case of the single board computer as above, a software operating system must be used, and stability analysis or verification of common type failures for these operating systems has not been performed, and no verification of the operating system is performed. When operating a system with a commercial operating system, there is a problem that no defense against potential errors of the software can be made.

In addition, errors in the operating system and application software installed in a single board computer can cause common mode failures in multiple devices, and these failures can destroy the multiplicity built in hardware, and in some cases, digital instrumentation control system. There is a problem that could break down one or more layers of defense in depth, which consists of monitoring, control, reactor shutdown and engineering safety functions.

Generally, software errors are classified into specification error, design error, and coding error. If the specification is wrong, serious software error can be derived because software containing error can be developed from the beginning of software development. In addition, even if the specification is well-formed, design errors may result from misinterpretation of the specification or use of inadequate and inadequate logic, software coding errors occur during code production, and typical code errors include input errors, incorrect numbers, and omissions. And the use of uncertain expressions has led to a problem of deterioration of reliability from these errors.

 A common mode process defines events in which a single event affects multiple devices and systems simultaneously, making their function impossible.

In designing safety-related instrumentation and control systems for nuclear power plants, it is important to ensure safety and high reliability. In order to solve these requirements, there are methods such as securing reliability and securing safety through multiplicity. However, in case of common mode failure due to one cause, physical dependencies exist among multiple devices even in a multi-system consisting of channels such as a protection system. The safety and high reliability built up through the multiplicity at the same time has collapsed at the same time there has been a problem that the safety system does not perform the desired function.

In the existing analog system, if each channel of the multiplexed safety system is sufficiently independent, the possibility of common mode failure inside the system is estimated to be very low except for the possibility of common mode failure due to external influence.

However, in the safety system using digital technology, since many functions are implemented in software on one hardware, the design and design of digital devices that can cause common mode failure in software and hardware in the system as well as external influence on the function of the system. It is known to be vulnerable to programming errors.

Because the digital system has a lot of information and information processing ability unlike the existing analog system, and also share a lot of data transmission, processing functions, and process maintenance than the analog system. Such sharing is a big advantage of digital systems, but it has a weakness in common mode failure and can destroy the multiplicity built as hardware. Therefore, the possibility of common mode failure in designing the digital safety system has emerged as a very important issue.

The defenses against common mode failures include the quality, multiplicity, isolation and diversity that the safety system must have. Diversity is defined as performing redundant functions using different technologies, signals, and algorithms. Types of diversity include human, design, device, signal, software, and functional diversity. Too high levels of diversity have the potential for degrading the quality and safety requirements of the safety system. Therefore, the design of the safety system should take into account the level of diversity that does not compromise quality and safety.

The present invention is to solve the problems presented above, by developing a system using a DSP without using an operating system to prevent common type failures occurring in a digital protection system using an operating system, a conventional system The aim is to provide a digital protection system that further improves safety and reliability.

In order to achieve the above object, a digital reactor protection system using a digital signal processor DSP that does not use an operating system according to the present invention constitutes a digital reactor protection system using a different type of DSP that does not use an operating system. .

The digital reactor protection system of the present invention consists of a vice table module, a simultaneous logic module, a reactor stop start module, and an engineering safety equipment start module with one DSP, and the same module is reconfigured with different DSPs to add two sets. To be one channel.

Hereinafter, exemplary embodiments of the present invention will be described in detail with reference to the accompanying drawings.

1 is a view showing the functional configuration of a digital reactor protection system using a DSP that does not use an operating system according to the present invention.

Referring to the drawings, the digital reactor protection system consists of four channels (A, B, C, and D), each of which is a Vistable Module (BSM), Coincidence Module (CCM), and reactor shutdown. It consists of a Reactor Trip Initiation Module (RIM), an Engineering Safety Equipment Initiation Module (EIM), and a Maintenance and Test Panel (MTP).

The vice table module 20 receives a process variable value (a signal generated by various sensors installed in a power plant facility) from the measurement system 10 and determines a trip state by comparing a predetermined value with a predetermined value for each process variable. The trip state of the vice table module 20 is transmitted to the simultaneous logic module 30 of the same channel and another channel through the safety communication network (100 of FIG. 2).

The simultaneous logic module 30 determines whether the corresponding channel is tripped by voting with the results of the other channels in the trip output for each variable determined by the channel visetable module 20. In the simultaneous logic module 30, the output of the visetable module 20 of two or more channels among the four channels is based on the trip output result of the visetable module 20 of the own channel and the trip output of the visetable module 20 of the other three channels. If a trip occurs, a variable-specific trip is created. Variables for stopping the reactor during the output of the simultaneous logic module 30 is transmitted to the reactor stop start module 40 and variables for operating the engineering safety equipment are sent to the engineering safety equipment start module 50.

The reactor stop start module 40 and the engineering safety equipment start module 50 receive an output from the simultaneous logic module 30 to prevent generation of unnecessary trip signals due to unexpected disturbances inside the protection system. The final reactor shutdown signal and the engineering safety equipment start-up signal are sent when the delay routine is executed and the trip state is kept constant during the delay time.

The maintenance test panel 60 is used to display the operating status of the system and to perform trip channel bypass and test. The safety level soft controller (SGSC: 80a) is installed in the main control room and used to display the status of the system and perform functions such as control.

The system consists of four channels, and one channel is separated using another DSP. The configuration of one channel will be described in detail.

2 shows an example of configuration of one channel of a digital protection system using a DSP according to the present invention.

General components used in the present embodiment will be briefly described first.

The sub rack is mounted in a 19-inch standard rack that accommodates digital signal processing cards (DSPs), network interface cards (NICs), and sub-rack power cards (SRPCs) that make up the vice table module, and has a height of 3U. The sub-rack's backplane has a VMEbus structure that supplies power to the installed cards, transfers data between modules through the VMEbus, and has slots for installing 8 to 16 cards.

The digital signal processing card (DSP) performs algorithms such as application algorithms and tests. The card consists of the data processing part and the VMEbus Master Controller part for controlling the VMEbus. The card uses a 32-bit digital signal processor and has an EPLD, ROM, and RAM. The application that processes the signal is stored in ROM. There is an LED display on the front of the module to check the module status.

The network interface card (NIC) is designed for data transmission between subracks and subracks, channels and channels, systems and systems, and includes EPLDs for optical signal processing and EPLDs for VMEbus slaves.

 The Sub-Rack Power Card (SRPC) supplies power to the cards in the subracks.

In an embodiment of the present invention, one channel of the digital reactor protection system is the sum of the A1 and A2 channels. As shown in FIG. 2, the A1 channel includes a vice table module (BSM1: 20a), a simultaneous logic module (CCM1: 30a), a reactor stop start module (RIM1: 50a), and an engineering safety equipment start module (EIM1: 40a). The A2 channel consists of a vice table module (BSM2: 20b), a simultaneous logic module (CCM2: 30b), a reactor stop start module (RIM2: 50b), and an engineering safety equipment start module (EIM2: 40b).

The A1 channel and the A2 channel are configured independently without interworking, and the A1 channel and the A2 channel are combined to form an A channel.

Channels A1 and A2 use different types of DSPs that do not use an operating system to rule out common type failures. In the A1 channel, the ViseTable module (BSM1: 20a) receives and processes the values of digitized process variables from the nuclear instrumentation system (NIS: 10a), the process instrumentation system (PIS: 10b), and the core protection system (SCOPS: 60a). The vise table module processes the comparison logic with respect to the set value for each input signal and transmits the result to the simultaneous logic module (CCM) 30a. SC signal acquisition card that accepts field signal for signal acquisition and conversion function (current / voltage conversion card for nuclear power plant, reed switch position transfer card for nuclear power plant, frequency / voltage change card for nuclear power plant, resistance / for nuclear power plant Voltage change card, etc.) and AD conversion card (analog-to-digital conversion card based on VME-bus for nuclear power plant) that converts analog signal through it, DSP card (nuclear power) to transport this signal to decision system Digital processor cards for power plants are used.

Through this, the signal passed through the communication network is sent to the BSM, the receiving card (VME-bus based safety communication card for nuclear power plant) to the DSP card (digital processor card for nuclear power plant) comparing the set values. It is sent back through the network, to the CCM, and through the receiving card to perform 2 out of 4 logic on the DSP card. At this time, the signals are also received from other channels for comparison.

The concurrent logic module (CCM) 30a performs the "2 out of 4" logic and transmits the results to the reactor shutdown initiation module (RIM) 50a and the engineering safety equipment initiation module (EIM: 40a). The decision signal confirmed through this process is sent to RIM through the receiving card. After checking how many signal cycles the same decision is made to confirm the final error signal, the DSP card is based on the digital output card (VME-bus for nuclear power plant). The digital output card is sent to a large relay configured to shut down the reactor. That is, the reactor stop start module (RIM) 50a sends a digital output to stop the reactor if the trip signal continues for a certain time. The digital output DO of the reactor stop start module sends signals to the under voltage trip relay 51b and the shunt trip relay 51a, respectively. The A2 channel is also the same as A1. The stop circuit breaker (TCB) 52a of the final stage to stop the reactor is opened when the low voltage trip relay 51b contact is opened or the shunt trip relay 51a contact is closed, thereby interrupting the power supplied to the reactor control rod drive device. All control rods freeze within the reactor to shut down the reactor.

The engineering safety equipment start-up module (EIM: 40a) sends the engineering safety equipment start-up signal to the safety class control system (SGCS: 90a) when the trip signal continues for a certain period of time. To be.

All data transmissions are made through the safety network and the communication between A1 and A2 is independent and not connected to each other. Each module has a network interface card (NIC) for communication, and communication between channels is performed by a sub-network switch (SS: 100a, 100b).

The safety communication network is designed on the basis of temporal locality of reference and spatial locality of reference, and applies the data transmission method of broadcasting method in consideration of the characteristics of message traffic. Based on the channeling requirements of the sub-network configuration criteria, each channel of the system is divided into four sub-networks. Each lower network is a unit of TDM management through a dedicated sub-network switch (SS) and performs communication with other lower networks through the SS.

The DSP (Digital Signal Processor) module has a 3U board size based on the VMEbus standard and consists of a digital signal processor, a VMEbus controller, and a control logic circuit.

The network interface card (NIC) is designed for data transmission between modules and between modules, channels and channels, between systems and systems, and includes EPLDs for optical signal processing and EPLDs for VMEbus slaves.

The maintenance test panel (MTP: 70a) consists of four channels located at the top of the plant protection system cabinet. MTP is a control module that provides a touch input for generating control signals and test signals to each module of the plant protection system, and a display for displaying the status information and test results received from the instrumentation protection plant core protection system. I have a module

The display module of MTP receives and displays the system status information through the network connection on the LCD panel and displays the information necessary for maintenance and testing. The display module is mounted in the plant protection system cabinet to receive and display all status information about each module of the plant protection system.

The control module receives direct input through the touch screen (or separate keypad) of the LCD panel at the request of the operator to perform functions such as operation bypass, channel bypass, manual reset, change of setting value, and the like. It also generates test signals sent directly to the vice-table module, simultaneous logic module, reactor shutdown initiation module and engineering safety facility start-up module of the plant protection system and the core protection system and monitors the status of the system.

The display and control module uses an LCD controller to control the TFT-LCD panel as shown in FIG. 3 and is configured as an ARM Core processor based module for the operation of control signals and application software for digital input and output, optical communication control, and the like. It is. In addition, the module for controlling the touch screen shown in FIG. 2 is designed independently from the TFT-LCD, and uses an ultrasonic touch sensing method, and uses a touch controller for this purpose. The DSP processor is used to control these functions and to control the optical communication.

The operation process of the system of the present invention will be described schematically.

The type of signal inputted first depends on the power plant equipment, but is roughly as follows.

-Enough signals are entered to monitor the status of the safety equipment on site process systems (temperature, pressure, flow, level, speed, etc. of fluids, gases, etc.) to monitor the hazardous conditions of the plant.

Control rods and position and motion signals associated with the control rods and their assemblies are inputted to keep the reactor in a safe state at all times.

Signals from nuclear instrumentation systems that can indirectly determine reactor reactivity and output

Signals of this type have the concept of SET POINT, such as tolerance, through calculation of responsiveness and fluid states at the time of initial design. Judgment plays a role in generating a signal to make a nuclear reactor safe.

Therefore, the system's operation is to generate a reactor stop signal (trip signal) that accurately and sensitively reacts to dangerous conditions that are outside the actual set point, returning the reactor to a safe state.

There are two ways to verify the actual signal and the signal due to the error.

First of all, there are two situations of self-verification.

The first verification method is the signal verification that occurs on the cards that accept the signal, and implements the hardware-based operation of ignoring the signal, which is mainly beyond the signal generation range. Can be. In this process, the signal values beyond the generation range or with excessive changes are filtered out.

In the second verification method, each signal is compared with a setpoint through two internal channels in four channels, that is, eight channels, with "2 out of 4" logic (more than two out of four exceed the setpoint). Through comparison, the logic to make it work should be filtered to filter out errors that may occur due to errors in the signal transmission process. In other words, if two or more signal transmission processes among four do not occur at the same time, it is a system logic that does not malfunction.

This is the logic that applies to all nuclear power, which has been further developed so that the current system has a system with two different processor bases in one channel, which can prevent errors unless these two internal channels fail simultaneously. To make it work.

In addition, this system basically does not use the operating system and basically excludes simultaneous failure due to the error of the operating system of other systems.

All systems with an operating system are forced to allocate memory by the operating system.

This may cause errors in the operating system-dominated area, such as memory allocation, due to minor problems in the operating system, which may include the possibility of failure in all systems containing the operating system at the same time. .

The system of the present invention directly portes application programs of assembly language to the DSP using the DSP, thereby eliminating all memory domination and time allocation by the operating system and allowing each application program to directly access the memory. It is designed to prevent simultaneous failure at the source.

In this way, the malfunction signal does not occur unless two faults occur simultaneously through the "2 out of 4" logic, so memory and signal allocation by each application is operated stably and reliable system operation. Makes it possible.

In the embodiment of the present invention, when the measurement variable value for the core output, the pressure, the water level, or the temperature in the vise table module BSM exceeds a set value, a stop signal is generated and input to the simultaneous logic module (CCM). The vice table module compares an input value with a safety limit value if each safety variable value exceeds a preset safety limit value, and outputs a trip signal for each variable if the safety limit value is exceeded. The vice table module includes not only the trip output but also a pre-trip output function for the trip pre-warning, and the set value for the pre-trip is also the same set-point type as in the case of the trip. It also provides a bypass feature to prevent unnecessary shutdowns during normal reactor startup or shutdown.

The simultaneous logic module sends the results to the reactor stop start module and the engineering safety equipment start module after 2/4 simultaneous logic, and the reactor stop start module (RIM) sends the reactor stop signal to the reactor stop circuit breaker. ) Sends the start signal of engineering safety equipment to safety class control system through safety communication network.

The simultaneous logic module receives the trip request signal from the vice-table module of each protection channel and the signal based on the bypass state and performs 2/4 simultaneous logic to generate the trip start signal. In the simultaneous logic module, if two or more vice tables of four channels output the trip based on the trip output result of the vice table module of the own channel and the trip output of the vice table module of the other three channels, the final trip for each variable is generated. The same is true for Yepprip, and it also provides trip channel bypass for maintenance or testing. In plant operation mode, where safety functions are not required, they are bypassed to prevent inadvertent shutdown. It is also bypassed to test the channel one channel at a time. One safety-grade soft controller per channel is provided for human-machine linkage, such as bypassing the stop channel, bypassing the operation and resetting the variable set point.

The start logic module has a start module for the reactor stop function and the operation of the engineering safety equipment separately. The start logic module receives a start signal from each channel and generates a final start signal through a time delay. The output of the reactor stop start module is sent to the reactor stop circuit breaker to stop the reactor when a trip signal is generated. The engineering safety equipment start-up module sends the engineering safety equipment start-up signal to the safety class control system through the safety communication network. The reactor stop start circuit is composed of analog circuits for final output, and receives an automatic trip start signal from the reactor stop start module and a manual trip request signal from the main control room. Both signals are logically "OR" to trip the reactor shutdown circuit.

The reactor stop breaker is activated by the digital output of the reactor stop start module. The final trip output of the reactor start module opens one of four stop circuit breakers for each channel. There are two output signals of the reactor stop start module, which are "OR" in the reactor stop start circuit to control the shunt trip device and the undervoltage trip device of the reactor stop circuit breaker. The reactor stop breakers are arranged to have an optional 2/4 operating logic on the power line between the power supply and the control rod drive powering the control rod drive. Two parallel current paths are constructed between the power supply and the control rod drive, each passage having two circuit breakers connected in series. This arrangement requires the opening of at least two optional breakers, one in each of the parallel passages, for power interruption to the control rod drive. When power to the drive is cut off, the control rods fall to the core by gravity and spring forces.

The maintenance test team generates test signals sent directly to the vise table module, simultaneous logic module, reactor shutdown start module, engineering safety equipment start-up module, and core protection system and monitors the status of the system. The maintenance test team receives system status information through communication network connection and displays the necessary information. The maintenance testing group provides the human machine linkages required for the initiation of automatic testing, provides manual tests for the function of the protective system that is not automatically tested, and is connected to the network for testing with each module in the plant protection system cabinet.

Digital reactor protection system using DSP that does not use the operating system of the present invention eliminates common type failure by using different DSPs that do not use the operating system, so that A2 is common even if A1 in one channel has common type failure. As it is not affected by tangible failure, no abnormality occurs in performing the reactor protection function, thus providing a digital reactor protection system with improved safety and reliability, and economical efficiency.

Digital reactor protection system using DSP that does not use the operating system of the present invention will bring enormous economic benefits if it is replaced by the plant to be built and the plant in operation later. Will bring.

Claims (10)

delete It is a digital reactor protection system that receives a digital signal indicating the operating status of reactor-related devices in a power plant and safely shuts down the reactor when an abnormal condition occurs. It includes four channels for receiving and processing digital signals, each channel using a different digital signal processor (DSP) without using a CPU and an operating system (OS), Two first vise table modules and a second vise table module for receiving the digital signal and outputting a trip signal for each variable if it is out of a set value limit by comparing with a preset value set for each reactor-related device; Votes the trip signal for each variable determined by the first vise table module with the result of the other channel by receiving the trip signal of each first vise table module in three channels different from the trip signal of the first vise table module. A first simultaneous logic module for determining whether to trip by judging by a method; Votes the trip signal of each variable determined by the second vise table module with the result of the other channel by receiving the trip signal of each second vise table module in three channels different from the trip signal of the second vise table module. A second simultaneous logic module for determining whether to trip by judging by a method; A first reactor stop start module for outputting a reactor stop signal after confirming that the trip signal determined by the first simultaneous logic module is maintained for a predetermined time; And a second reactor stop start module for outputting a reactor stop signal after checking whether the trip signal determined by the second simultaneous logic module is maintained for a predetermined time. A digital reactor protection system, characterized in that it prevents the occurrence of software common type failures that occur in a digital reactor protection system using an operating system. The method according to claim 2, If any one of the signals of the first reactor stop start module and the second reactor stop start module is a trip signal, the output of the corresponding channel is recognized as a trip determination signal, and the other three channels are recognized as being trip determined in the same manner. And a power circuit breaker which finally trips the reactor when a trip determination signal occurs in two or more channels out of four channels. The method according to claim 2, A first engineering safety equipment starting module for outputting a trip signal for starting the engineering safety equipment after checking whether the trip signal determined by the first simultaneous logic module is maintained for a predetermined time; A second engineering safety equipment starting module for outputting a trip signal for starting the engineering safety equipment after checking whether the trip signal determined by the second simultaneous logic module is maintained for a predetermined time; If any one of the signals of the first engineering safety equipment start module and the second engineering safety equipment start module is generating a trip signal, the output of the channel is determined to be tripped and tripped in the same manner for all three other channels. And a safety rating control system for initiating the operation of the engineering safety equipment upon recognizing that it has been determined and determining that it has been tripped over two of the four channels. The method according to claim 2, The first simultaneous logic module and the second concurrent logic module, Characterized in that the trip signal of the first and second vise table module and the trip signal of each vise table module in the three different channels as an input and judges whether or not to trip by judging by a "2 out of 4" logic method. Reactor protection system delete The method according to any one of claims 2, 3, 4, 5, Each of the above modules is a single board type module consisting of a digital signal processor, a VMEbus controller, and a control logic circuit using VME BUS, respectively. delete delete delete

Images