System

This session continues decomposition of the {{entity:Emergency Diesel Generator}} for a UK nuclear licensed site (project se-emergency-diesel-generator-for-a-uk-nuclear-licensed-site). Two subsystems — {{entity:Starting and Control Subsystem}} and {{entity:Electrical Protection and Switchgear Subsystem}} — were complete entering this session. The {{entity:Diesel Engine Subsystem}} was selected as the highest-priority pending entry: it has the most downstream interfaces (fuel, cooling, alternator, starting control, monitoring), tightest start-time constraints (SYS-REQ-003: 10 seconds from LOOP), and the most safety-critical failure modes (overspeed, oil loss, crankcase explosion). All five pending subsystems carry SIL-2; the diesel engine was chosen on interface density and criticality grounds. The project now holds 68 requirements, 53 trace links, and 3 diagrams across 6 documents. Spec tree: 3 of 7 subsystems complete.

Decomposition

The {{entity:Diesel Engine Subsystem}} was broken into five components:

1. {{entity:Engine Block and Rotating Assembly}} {{hex:DEC51018}} — cylinder block, pistons, crankshaft, camshaft, flywheel; produces shaft torque at 1500 RPM; the load-bearing interface to the Alternator Subsystem.
2. {{entity:Fuel Injection System}} {{hex:C7F73218}} — jerk-pump or common rail plus injectors and mechanical fuel rack actuator; the physical implementation of the governor demand signal; receives conditioned diesel from the Fuel Oil System.
3. {{entity:Lubrication and Bearing System}} {{hex:46D53218}} — engine-driven gear pump, full-flow filter, oil cooler, pressure transducer, and hardwired 2.0 bar trip switch; a SIL-2 safety function independently of the governor electronics.
4. {{entity:Turbocharger and Charge Air System}} {{hex:CEC51018}} — exhaust-driven turbocharger and air-to-water intercooler; thermally coupled to the Cooling System, not the engine block; failure mode independent of engine structure.
5. {{entity:Engine Exhaust and Silencing System}} {{hex:CEC51018}} — exhaust manifold, silencer, roof stack; seismic restraint and back-pressure limits affect EDG building design independently of engine internals.

The lubrication system was separated explicitly to enforce the SIL-2 boundary: a combined “diesel engine” block would make the oil pressure trip path opaque to the requirements traceability. The turbocharger separation was driven by its distinct failure modes and the jacket-water thermal coupling to the Cooling System (IFC-REQ-010).

flowchart TB
  n0["component - Engine Block and Rotating Assembly"]
  n1["component - Fuel Injection System"]
  n2["component - Lubrication and Bearing System"]
  n3["component - Turbocharger and Charge Air System"]
  n4["component - Engine Exhaust and Silencing System"]
  n5["external - Fuel Oil System"]
  n6["external - Alternator Subsystem"]
  n7["external - Cooling System"]
  n8["external - Isochronous Governor System"]
  n5 -->|diesel fuel 3-6 bar| n1
  n1 -->|metered fuel spray| n0
  n8 -->|fuel rack demand| n1
  n0 -->|shaft torque 1500 RPM| n6
  n0 -->|exhaust gases| n3
  n3 -->|charge air below 45C| n0
  n7 -->|jacket water 70-85C| n0
  n2 -->|oil 3.5-5 bar| n0
  n0 -->|exhaust to atmosphere| n4

Analysis

The UHT classification of {{entity:Lubrication and Bearing System}} at {{hex:46D53218}} confirms it carries {{trait:Regulated}} and {{trait:System-Essential}} traits — consistent with its role as a safety trip source. The {{entity:Fuel Injection System}} at {{hex:C7F73218}} carries {{trait:Functionally Autonomous}} (operates from first engine rotation without external power), which is correct and cross-validates the design choice to use engine-driven injection rather than electrically boosted common rail.

Lint identified one high-severity finding: the concept “charge air system” extracted from requirement text lacked the {{trait:Physical Object}} trait. The full classified entity {{entity:Turbocharger and Charge Air System}} {{hex:CEC51018}} does carry {{trait:Physical Object}}. The finding is a text-extraction artefact — acknowledged and stored as LINT_ACKNOWLEDGED.

The high Jaccard similarity between {{entity:Safety Bus Transfer Contactor}} and {{entity:Diesel Engine Subsystem}} (82%) is an interesting cross-domain signal: both entities carry {{trait:System-Essential}}, {{trait:Regulated}}, {{trait:Functionally Autonomous}} traits. This confirms the diesel engine, like the transfer contactor, must function independently during grid failure — the autonomy requirement is physically embedded in both components.

Requirements

Eight {{sub:SUB-REQ-017}} through {{sub:SUB-REQ-024}} were created. Key engineering content:

• {{sub:SUB-REQ-017}}: Engine Block SHALL reach 1500 RPM within 10 seconds — derived from {{sys:SYS-REQ-001}} 50Hz frequency requirement (1500 RPM is non-negotiable for a 4-pole alternator) and {{sys:SYS-REQ-003}} start time.
• {{sub:SUB-REQ-019}}: Lubrication and Bearing System SHALL initiate shutdown within 1.5 seconds at oil pressure below 2.0 bar — SIL-2, hardwired path independent of governor; derives from {{sys:SYS-REQ-004}}.
• {{sub:SUB-REQ-020}}: Engine Block SHALL have mechanical overspeed trip at 1650 RPM (110% rated), independent of all electronic systems — IEC 61508 (Functional safety of E/E/PE safety-related systems) diversity requirement; governor software failure must not prevent this.
• {{sub:SUB-REQ-024}}: Crankcase explosion relief valve actuation SHALL initiate shutdown within 2 seconds via hardwired ECP input — safe state not covered by primary trip conditions in SYS-REQ-004.

Three new interface requirements: {{ifc:IFC-REQ-008}} (fuel supply at 3–6 bar), {{ifc:IFC-REQ-009}} (shaft coupling critical speed margin), {{ifc:IFC-REQ-010}} (jacket water 70–85°C, charge air below 45°C). Six verification entries added (VER-REQ-010 through VER-REQ-015), including a critical-speed analysis method for the shaft coupling and a SIL-2 independence check for the lubrication trip path.

Next

Four subsystems remain pending: {{entity:Alternator Subsystem}}, {{entity:Fuel Oil System}}, {{entity:Cooling System}}, and {{entity:Monitoring and Instrumentation Subsystem}}. The {{entity:Alternator Subsystem}} should be next — it is the direct output stage, has the tightest electrical protection interfaces with the completed Electrical Protection and Switchgear Subsystem, and its voltage regulation and excitation system requirements are needed before the Monitoring and Instrumentation Subsystem can be fully defined.