triple modular redundancy
DESCRIPTION
TMR concept for safety and safety critical systemTRANSCRIPT
TRIPLE MODULAR REDUNDANCY (TMR)
Turbine Protection SystemKAPP-3&4
Nuclear Power Corporation of India Limited
Conventional triplicated System
• Output vote is a simple majority vote• A failure in any element of each channel, e.g. Ch. A Input, will result in
that complete channel’s failure.• This is 3-2-0 architecture
TMR Architecture
• Each stage of the system is triplicated.• Outputs from each preceding stage is majority voted to provide both fault
tolerance and fault detection. • Diagnostics are also used to ensure that covert failures are detected and
result in the correct fail-safe reaction.
TMR…
• For example, – a fault within Input Ch. A will be localized to that input – unlike the standard triplicated system, will allow Processor Ch. A and
Output Ch. A to continue operation, – the input is now operating 1-oo-2D whilst the remainder of the system
continues to operate 2-oo-3
• Triple Modular Redundant architecture with diagnostics, supporting a 2-oo-3D reverting to 1-oo-2D reverting to fail-safe, or 3-2-0 operation.
• The 1-oo-2D operation is a transient mode of operation where active and standby modules are installed; in this case, the degradation is 3-2-3-2-0.
Thank You