I think you're trying really hard to salvage a point talking about hundreds of megawatts of "decay heat" days later.
An operating reactor isn't making "decay heat".
The claim made is that the cooling system is passively safe in shutdown. Fudging the amount of decay heat by a couple orders of magnitude, and then arguing about "what if it doesn't shut down" is a bogus argument.
Obviously if you cannot reduce a reactor below nameplate power indefinitely, you have a big problem. Thankfully, we have multiply-redundant protections against this in modern designs: redundant control rod assemblies, neutron poisoning, positive stability, etc. Other than Chernobyl (a clearly bad design), all cases of delayed shutdown experienced so far have been innocuous and we've learned a lot from them.
I can only assume my original point wasn’t clear. The normal amount of decay heat is the best case possibility and should be handed just fine by any reasonable design. I don’t think there’s any reason to assume a design has that kind of fatal flaws. “quickly lose multiple GW of heat in an emergency and as much as 200+MW of heat for days after a shutdown.” Was in reference to something compounding the issue of which their’s two main issues either it didn’t shutdown quickly or it didn’t shutdown completely.
I am objecting to is the assumption that safety systems should assume things are fine in an emergency. Chernobyl had multiple compounding issues, many other accidents where less serious because X and Y happened but Z didn’t happen. Depending on such trends continuing results in a false sense of security.
A passively safe system doesn’t mean there isn’t damage. It’s perfectly reasonable for a design to say in the event of X, Y, and Z stuffs going to break. Causing a billion dollars in damage is a perfectly reasonable trade off, losing containment isn’t.
PS: Part of that is acknowledging bad designs are going to happen, we engineers are going to make mistakes. Which means not all assumptions hold.
This would be the only possible explanation, and it is directly contradicted by calling it "decay heat".
It's pretty tricky to think of a scenario where you'd have 5-10% of nameplate days after attempted shutdown.
The worst incident where there was a failed shutdown-- other than Chernobyl-- that I'm aware of was a 1980 BWR incident.
* The reactor was at nearly no power except decay power for the entire duration of the incident: half the rods fully inserted.
* Manual remediation got all the rods in within 15 minutes.
* Last-ditch shutdown procedures, e.g. SLCS, were unnecessary because there was still sufficient control and rapid rampdown of reactor output.
* This is an old BWR design and...
* Procedures were updated and improved, and even with these old BWR designs we've had no subsequent incidents in 40 years.
Failure to shut down is indeed something really, really bad-- but insisting that cooling be designed to withstand this is a bit silly. Instead, we'd best design to be sure to avoid failures to shutdown, excursions in power far over nameplate, etc... rather than insist cooling systems survive fundamentally unsurvivable events without any intervention. E.g. we don't criticize SL-1's cooling design for not surviving the excursion to 10,000x nameplate.
An operating reactor isn't making "decay heat".
The claim made is that the cooling system is passively safe in shutdown. Fudging the amount of decay heat by a couple orders of magnitude, and then arguing about "what if it doesn't shut down" is a bogus argument.
Obviously if you cannot reduce a reactor below nameplate power indefinitely, you have a big problem. Thankfully, we have multiply-redundant protections against this in modern designs: redundant control rod assemblies, neutron poisoning, positive stability, etc. Other than Chernobyl (a clearly bad design), all cases of delayed shutdown experienced so far have been innocuous and we've learned a lot from them.