WorldWideScience

Sample records for safety-critical hybrid systems

  1. Comparison study of hybrid VS critical systems in point kinetics

    International Nuclear Information System (INIS)

    Ritter, G.; Tommasi, J.; Slessarev, L.; Salvatores, M.; Mouney, H.; Vergnes, J.

    1999-01-01

    An essential motivation for hybrid systems is a potentially high level of intrinsic safety against reactivity accidents. In this respect, it is necessary to assess the behaviour of an Accelerator Driven System during a TOP, LOF or TOC accident. A comparison between a critical and sub-critical reactor shows a larger sensitivity for the critical system. The ADS has an unquestionable advantage in case of TOP but a less favourable behaviour as for LOFWS type of accidents. However in the ADS cases, the beam could be easily shut off during the transient. Therefore, a part of the R and D effort should be focused on the monitoring and control of power. (author)

  2. Safety physics inter-comparison of advanced concepts of critical reactors and ADS

    International Nuclear Information System (INIS)

    Slessarev, I.

    2001-01-01

    Enhanced safety based on the principle of the natural ''self-defence'' is one of the most desirable features of innovative nuclear systems (critical or sub-critical) regarding both TRU transmutation and ''clean'' energy producer concepts. For the evaluation of the ''self-defence'' domain, the method of the asymptotic reactivity balance has been generalised. The promising option of Hybrids systems (that use a symbiosis of fission and spallation in sub-critical cores) which could benefit the advantages of both Accelerated Driven Systems of the traditional type and regular critical systems, has been advocated. General features of Hybrid dynamics have been presented and analysed. It was demonstrated that an external neutron source of Hybrids can expand the inherent safety potential significantly. This analysis has been applied to assess the safety physics potential of innovative concepts for prospective nuclear power both for energy producers and for transmutation. It has been found, that safety enhancement goal defines a choice of sub-criticality of Hybrids. As for energy producers with Th-fuel cycle, a significant sub-criticality level is required due to a necessity of an improvement of neutronics together with safety enhancement task. (author)

  3. Using fuzzy self-organising maps for safety critical systems

    International Nuclear Information System (INIS)

    Kurd, Zeshan; Kelly, Tim P.

    2007-01-01

    This paper defines a type of constrained artificial neural network (ANN) that enables analytical certification arguments whilst retaining valuable performance characteristics. Previous work has defined a safety lifecycle for ANNs without detailing a specific neural model. Building on this previous work, the underpinning of the devised model is based upon an existing neuro-fuzzy system called the fuzzy self-organising map (FSOM). The FSOM is type of 'hybrid' ANN which allows behaviour to be described qualitatively and quantitatively using meaningful expressions. Safety of the FSOM is argued through adherence to safety requirements-derived from hazard analysis and expressed using safety constraints. The approach enables the construction of compelling (product-based) arguments for mitigation of potential failure modes associated with the FSOM. The constrained FSOM has been termed a 'safety critical artificial neural network' (SCANN). The SCANN can be used for non-linear function approximation and allows certified learning and generalisation for high criticality roles. A discussion of benefits for real-world applications is also presented

  4. Safety physics inter-comparison of advanced concepts of critical reactors and ADS

    Energy Technology Data Exchange (ETDEWEB)

    Slessarev, I. [CEA Cadarache, 13 - Saint-Paul-lez-Durance (France). Dept. d' Etudes des Reacteurs

    2001-07-01

    Enhanced safety based on the principle of the natural ''self-defence'' is one of the most desirable features of innovative nuclear systems (critical or sub-critical) regarding both TRU transmutation and ''clean'' energy producer concepts. For the evaluation of the ''self-defence'' domain, the method of the asymptotic reactivity balance has been generalised. The promising option of Hybrids systems (that use a symbiosis of fission and spallation in sub-critical cores) which could benefit the advantages of both Accelerated Driven Systems of the traditional type and regular critical systems, has been advocated. General features of Hybrid dynamics have been presented and analysed. It was demonstrated that an external neutron source of Hybrids can expand the inherent safety potential significantly. This analysis has been applied to assess the safety physics potential of innovative concepts for prospective nuclear power both for energy producers and for transmutation. It has been found, that safety enhancement goal defines a choice of sub-criticality of Hybrids. As for energy producers with Th-fuel cycle, a significant sub-criticality level is required due to a necessity of an improvement of neutronics together with safety enhancement task. (author)

  5. Safety Verification for Probabilistic Hybrid Systems

    DEFF Research Database (Denmark)

    Zhang, Lijun; She, Zhikun; Ratschan, Stefan

    2010-01-01

    The interplay of random phenomena and continuous real-time control deserves increased attention for instance in wireless sensing and control applications. Safety verification for such systems thus needs to consider probabilistic variations of systems with hybrid dynamics. In safety verification o...... on a number of case studies, tackled using a prototypical implementation....

  6. Safety-critical Java for embedded systems

    DEFF Research Database (Denmark)

    Schoeberl, Martin; Dalsgaard, Andreas Engelbredt; Hansen, René Rydhof

    2016-01-01

    This paper presents the motivation for and outcomes of an engineering research project on certifiable Javafor embedded systems. The project supports the upcoming standard for safety-critical Java, which defines asubset of Java and libraries aiming for development of high criticality systems....... The outcome of this projectinclude prototype safety-critical Java implementations, a time-predictable Java processor, analysis tools formemory safety, and example applications to explore the usability of safety-critical Java for this applicationarea. The text summarizes developments and key contributions...

  7. Traceability of Software Safety Requirements in Legacy Safety Critical Systems

    Science.gov (United States)

    Hill, Janice L.

    2007-01-01

    How can traceability of software safety requirements be created for legacy safety critical systems? Requirements in safety standards are imposed most times during contract negotiations. On the other hand, there are instances where safety standards are levied on legacy safety critical systems, some of which may be considered for reuse for new applications. Safety standards often specify that software development documentation include process-oriented and technical safety requirements, and also require that system and software safety analyses are performed supporting technical safety requirements implementation. So what can be done if the requisite documents for establishing and maintaining safety requirements traceability are not available?

  8. Architecture Level Safety Analyses for Safety-Critical Systems

    Directory of Open Access Journals (Sweden)

    K. S. Kushal

    2017-01-01

    Full Text Available The dependency of complex embedded Safety-Critical Systems across Avionics and Aerospace domains on their underlying software and hardware components has gradually increased with progression in time. Such application domain systems are developed based on a complex integrated architecture, which is modular in nature. Engineering practices assured with system safety standards to manage the failure, faulty, and unsafe operational conditions are very much necessary. System safety analyses involve the analysis of complex software architecture of the system, a major aspect in leading to fatal consequences in the behaviour of Safety-Critical Systems, and provide high reliability and dependability factors during their development. In this paper, we propose an architecture fault modeling and the safety analyses approach that will aid in identifying and eliminating the design flaws. The formal foundations of SAE Architecture Analysis & Design Language (AADL augmented with the Error Model Annex (EMV are discussed. The fault propagation, failure behaviour, and the composite behaviour of the design flaws/failures are considered for architecture safety analysis. The illustration of the proposed approach is validated by implementing the Speed Control Unit of Power-Boat Autopilot (PBA system. The Error Model Annex (EMV is guided with the pattern of consideration and inclusion of probable failure scenarios and propagation of fault conditions in the Speed Control Unit of Power-Boat Autopilot (PBA. This helps in validating the system architecture with the detection of the error event in the model and its impact in the operational environment. This also provides an insight of the certification impact that these exceptional conditions pose at various criticality levels and design assurance levels and its implications in verifying and validating the designs.

  9. Software Safety Risk in Legacy Safety-Critical Computer Systems

    Science.gov (United States)

    Hill, Janice L.; Baggs, Rhoda

    2007-01-01

    Safety Standards contain technical and process-oriented safety requirements. Technical requirements are those such as "must work" and "must not work" functions in the system. Process-Oriented requirements are software engineering and safety management process requirements. Address the system perspective and some cover just software in the system > NASA-STD-8719.13B Software Safety Standard is the current standard of interest. NASA programs/projects will have their own set of safety requirements derived from the standard. Safety Cases: a) Documented demonstration that a system complies with the specified safety requirements. b) Evidence is gathered on the integrity of the system and put forward as an argued case. [Gardener (ed.)] c) Problems occur when trying to meet safety standards, and thus make retrospective safety cases, in legacy safety-critical computer systems.

  10. The under-critical reactors physics for the hybrid systems

    International Nuclear Information System (INIS)

    Schapira, J.P.; Vergnes, J.; Zaetta, A.

    1998-01-01

    This day, organized by the SFEN, took place at Paris the 12 march 1998. Nine papers were presented. They take stock on the hybrid systems and more specifically the under-critical reactors. One of the major current preoccupation of nuclear industry is the problems of the increase of radioactive wastes produced in the plants and the destruction of the present stocks. To solve these problems a solution is the utilisation of hybrid systems: the coupling of a particle acceleration to an under-critical reactor. Historical aspects, advantages and performances of such hybrid reactors are presented in general papers. More technical papers are devoted to the spallation, the MUSE and the TARC experiments. (A.L.B.)

  11. Critical enrichment and critical density of infinite systems for nuclear criticality safety evaluation

    International Nuclear Information System (INIS)

    Naito, Yoshitaka; Koyama, Takashi; Komuro, Yuichi

    1986-03-01

    Critical enrichment and critical density of homogenous infinite systems, such as U-H 2 O, UO 2 -H 2 O, UO 2 F 2 aqueous solution, UO 2 (NO 3 ) 2 aqueous solution, Pu-H 2 O, PuO 2 -H 2 O, Pu(NO 3 ) 4 aqueous solution and PuO 2 ·UO 2 -H 2 O, were calculated with the criticality safety evaluation computer code system JACS for nuclear criticality safety evaluation on fuel facilities. The computed results were compared with the data described in European and American criticality handbooks and showed good agreement with each other. (author)

  12. The under-critical reactors physics for the hybrid systems; La physique des reacteurs sous-critiques des systemes hybrides

    Energy Technology Data Exchange (ETDEWEB)

    Schapira, J P [Institut de Physique Nucleaire, IN2P3/CNRS 91 - Orsay (France); Vergnes, J [Electricite de France, EDF, Direction des Etudes et Recherches, 75 - Paris (France); Zaetta, A [CEA/Saclay, Direction des Reacteurs Nucleaires, DRN, 91 - Gif-sur-Yvette (France); and others

    1998-03-12

    This day, organized by the SFEN, took place at Paris the 12 march 1998. Nine papers were presented. They take stock on the hybrid systems and more specifically the under-critical reactors. One of the major current preoccupation of nuclear industry is the problems of the increase of radioactive wastes produced in the plants and the destruction of the present stocks. To solve these problems a solution is the utilisation of hybrid systems: the coupling of a particle acceleration to an under-critical reactor. Historical aspects, advantages and performances of such hybrid reactors are presented in general papers. More technical papers are devoted to the spallation, the MUSE and the TARC experiments. (A.L.B.)

  13. Modelling and Verifying Communication Failure of Hybrid Systems in HCSP

    DEFF Research Database (Denmark)

    Wang, Shuling; Nielson, Flemming; Nielson, Hanne Riis

    2016-01-01

    Hybrid systems are dynamic systems with interacting discrete computation and continuous physical processes. They have become ubiquitous in our daily life, e.g. automotive, aerospace and medical systems, and in particular, many of them are safety-critical. For a safety-critical hybrid system......, in the presence of communication failure, the expected control from the controller will get lost and as a consequence the physical process cannot behave as expected. In this paper, we mainly consider the communication failure caused by the non-engagement of one party in communication action, i.......e. the communication itself fails to occur. To address this issue, this paper proposes a formal framework by extending HCSP, a formal modeling language for hybrid systems, for modeling and verifying hybrid systems in the absence of receiving messages due to communication failure. We present two inference systems...

  14. A Methodological Framework for Software Safety in Safety Critical Computer Systems

    OpenAIRE

    P. V. Srinivas Acharyulu; P. Seetharamaiah

    2012-01-01

    Software safety must deal with the principles of safety management, safety engineering and software engineering for developing safety-critical computer systems, with the target of making the system safe, risk-free and fail-safe in addition to provide a clarified differentaition for assessing and evaluating the risk, with the principles of software risk management. Problem statement: Prevailing software quality models, standards were not subsisting in adequately addressing the software safety ...

  15. Feasibility study of applying the passive safety system concept to fusion–fission hybrid reactor

    International Nuclear Information System (INIS)

    Yu, Zhang-cheng; Xie, Heng

    2014-01-01

    The fusion–fission hybrid reactor can produce energy, breed nuclear fuel, and handle the nuclear waste, etc., with the fusion neutron source striking the subcritical blanket. The passive safety system consists of passive residual heat removal system, passive safety injection system and automatic depressurization system was adopted into the fusion–fission hybrid reactor in this paper. Modeling and nodalization of primary loop, partial secondary loop and passive core cooling system for the fusion–fission hybrid reactor using relap5 were conducted and small break LOCA on cold leg was analyzed. The results of key transient parameters indicated that the actuation of passive safety system could mitigate the accidental consequence of the 4-inch cold leg small break LOCA on cold leg in the early time effectively. It is feasible to apply the passive safety system concept to fusion–fission hybrid reactor. The minimum collapsed liquid level had great increase if doubling the volume of CMTs to increase its coolant injection and had no increase if doubling the volume of ACCs

  16. A study of software safety analysis system for safety-critical software

    International Nuclear Information System (INIS)

    Chang, H. S.; Shin, H. K.; Chang, Y. W.; Jung, J. C.; Kim, J. H.; Han, H. H.; Son, H. S.

    2004-01-01

    The core factors and requirements for the safety-critical software traced and the methodology adopted in each stage of software life cycle are presented. In concept phase, Failure Modes and Effects Analysis (FMEA) for the system has been performed. The feasibility evaluation of selected safety parameter was performed and Preliminary Hazards Analysis list was prepared using HAZOP(Hazard and Operability) technique. And the check list for management control has been produced via walk-through technique. Based on the evaluation of the check list, activities to be performed in requirement phase have been determined. In the design phase, hazard analysis has been performed to check the safety capability of the system with regard to safety software algorithm using Fault Tree Analysis (FTA). In the test phase, the test items based on FMEA have been checked for fitness guided by an accident scenario. The pressurizer low pressure trip algorithm has been selected to apply FTA method to software safety analysis as a sample. By applying CASE tool, the requirements traceability of safety critical system has been enhanced during all of software life cycle phases

  17. An intelligent hybrid system for surface coal mine safety analysis

    Energy Technology Data Exchange (ETDEWEB)

    Lilic, N.; Obradovic, I.; Cvjetic, A. [University of Belgrade, Belgrade (Serbia)

    2010-06-15

    Analysis of safety in surface coal mines represents a very complex process. Published studies on mine safety analysis are usually based on research related to accidents statistics and hazard identification with risk assessment within the mining industry. Discussion in this paper is focused on the application of AI methods in the analysis of safety in mining environment. Complexity of the subject matter requires a high level of expert knowledge and great experience. The solution was found in the creation of a hybrid system PROTECTOR, whose knowledge base represents a formalization of the expert knowledge in the mine safety field. The main goal of the system is the estimation of mining environment as one of the significant components of general safety state in a mine. This global goal is subdivided into a hierarchical structure of subgoals where each subgoal can be viewed as the estimation of a set of parameters (gas, dust, climate, noise, vibration, illumination, geotechnical hazard) which determine the general mine safety state and category of hazard in mining environment. Both the hybrid nature of the system and the possibilities it offers are illustrated through a case study using field data related to an existing Serbian surface coal mine.

  18. A Survey on Formal Verification Techniques for Safety-Critical Systems-on-Chip

    Directory of Open Access Journals (Sweden)

    Tomás Grimm

    2018-05-01

    Full Text Available The high degree of miniaturization in the electronics industry has been, for several years, a driver to push embedded systems to different fields and applications. One example is safety-critical systems, where the compactness in the form factor helps to reduce the costs and allows for the implementation of new techniques. The automotive industry is a great example of a safety-critical area with a great rise in the adoption of microelectronics. With it came the creation of the ISO 26262 standard with the goal of guaranteeing a high level of dependability in the designs. Other areas in the safety-critical applications domain have similar standards. However, these standards are mostly guidelines to make sure that designs reach the desired dependability level without explicit instructions. In the end, the success of the design to fulfill the standard is the result of a thorough verification process. Naturally, the goal of any verification team dealing with such important designs is complete coverage as well as standards conformity, but as these are complex hardware, complete functional verification is a difficult task. From the several techniques that exist to verify hardware, where each has its pros and cons, we studied six well-established in academia and in industry. We can divide them into two categories: simulation, which needs extremely large amounts of time, and formal verification, which needs unrealistic amounts of resources. Therefore, we conclude that a hybrid approach offers the best balance between simulation (time and formal verification (resources.

  19. 3rd International Workshop on Critical Systems Development with UML

    OpenAIRE

    Jan Jürjens; Eduardo B. Fernandez; Robert France; Bernhard Rumpe

    2017-01-01

    Topics of the Workshop include: --- Applications of UML to real-time systems security-critical systems dependable / safety-critical systems performance-critical systems embedded systems hybrid systems reactive systems --- Extensions of UML (UML-RT, UMLsec, Automotive UML, Embedded UML, ...) and new developments (UML 2.0, MDA) --- Modeling, synthesis, model transformation, code generation, testing, validation, and verification of critical systems using UML --- Aspect-oriented or Component-base...

  20. Design Information from the PSA for Digital Safety-Critical Systems

    International Nuclear Information System (INIS)

    Kang, Hyun Gook; Jang, Seung Cheol

    2005-01-01

    Many safety-critical applications such as nuclear field application usually adopt a similar design strategy for digital safety-critical systems. Their differences from the normal design for the non-safety-critical applications could be summarized as: multiple-redundancy, highly reliable components, strengthened monitoring mechanism, verified software, and automated test procedure. These items are focusing on maintaining the capability to perform the given safety function when it is requested. For the past several decades, probabilistic safety assessment (PSA) techniques are used in the nuclear industry to assess the relative effects of contributing events on plant risk and system reliability. They provide a unifying means of assessing physical faults, recovery processes, contributing effects, human actions, and other events that have a high degree of uncertainty. The applications of PSA provide not only the analysis results of already installed system but also the useful information for the system under design. The information could be derived from the PSA experience of the various safety-critical systems. Thanks to the design flexibility, the digital system is one of the most suitable candidates for risk-informed design (RID). In this article, we will describe the feedbacks for system design and try to develop a procedure for RID. Even though the procedure is not sophisticated enough now, it could be the start point of the further investigation for developing more complete and practical methodology

  1. Overview of Risk Mitigation for Safety-Critical Computer-Based Systems

    Science.gov (United States)

    Torres-Pomales, Wilfredo

    2015-01-01

    This report presents a high-level overview of a general strategy to mitigate the risks from threats to safety-critical computer-based systems. In this context, a safety threat is a process or phenomenon that can cause operational safety hazards in the form of computational system failures. This report is intended to provide insight into the safety-risk mitigation problem and the characteristics of potential solutions. The limitations of the general risk mitigation strategy are discussed and some options to overcome these limitations are provided. This work is part of an ongoing effort to enable well-founded assurance of safety-related properties of complex safety-critical computer-based aircraft systems by developing an effective capability to model and reason about the safety implications of system requirements and design.

  2. Safety Justification and Safety Case for Safety-critical Software in Digital Reactor Protection System

    International Nuclear Information System (INIS)

    Kwon, Kee-Choon; Lee, Jang-Soo; Jee, Eunkyoung

    2016-01-01

    Nuclear safety-critical software is under strict regulatory requirements and these regulatory requirements are essential for ensuring the safety of nuclear power plants. The verification & validation (V and V) and hazard analysis of the safety-critical software are required to follow regulatory requirements through the entire software life cycle. In order to obtain a license from the regulatory body through the development and validation of safety-critical software, it is essential to meet the standards which are required by the regulatory body throughout the software development process. Generally, large amounts of documents, which demonstrate safety justification including standard compliance, V and V, hazard analysis, and vulnerability assessment activities, are submitted to the regulatory body during the licensing process. It is not easy to accurately read and evaluate the whole documentation for the development activities, implementation technology, and validation activities. The safety case methodology has been kwon a promising approach to evaluate the level and depth of the development and validation results. A safety case is a structured argument, supported by a body of evidence that provides a compelling, comprehensible, and valid case that a system is safe for a given application in a given operating environment. It is suggested to evaluate the level and depth of the results of development and validation by applying safety case methodology to achieve software safety demonstration. A lot of documents provided as evidence are connected to claim that corresponds to the topic for safety demonstration. We demonstrated a case study in which more systematic safety demonstration for the target system software is performed via safety case construction than simply listing the documents

  3. Safety Justification and Safety Case for Safety-critical Software in Digital Reactor Protection System

    Energy Technology Data Exchange (ETDEWEB)

    Kwon, Kee-Choon; Lee, Jang-Soo [Korea Atomic Energy Research Institute, Daejeon (Korea, Republic of); Jee, Eunkyoung [KAIST, Daejeon (Korea, Republic of)

    2016-10-15

    Nuclear safety-critical software is under strict regulatory requirements and these regulatory requirements are essential for ensuring the safety of nuclear power plants. The verification & validation (V and V) and hazard analysis of the safety-critical software are required to follow regulatory requirements through the entire software life cycle. In order to obtain a license from the regulatory body through the development and validation of safety-critical software, it is essential to meet the standards which are required by the regulatory body throughout the software development process. Generally, large amounts of documents, which demonstrate safety justification including standard compliance, V and V, hazard analysis, and vulnerability assessment activities, are submitted to the regulatory body during the licensing process. It is not easy to accurately read and evaluate the whole documentation for the development activities, implementation technology, and validation activities. The safety case methodology has been kwon a promising approach to evaluate the level and depth of the development and validation results. A safety case is a structured argument, supported by a body of evidence that provides a compelling, comprehensible, and valid case that a system is safe for a given application in a given operating environment. It is suggested to evaluate the level and depth of the results of development and validation by applying safety case methodology to achieve software safety demonstration. A lot of documents provided as evidence are connected to claim that corresponds to the topic for safety demonstration. We demonstrated a case study in which more systematic safety demonstration for the target system software is performed via safety case construction than simply listing the documents.

  4. Product Engineering Class in the Software Safety Risk Taxonomy for Building Safety-Critical Systems

    Science.gov (United States)

    Hill, Janice; Victor, Daniel

    2008-01-01

    When software safety requirements are imposed on legacy safety-critical systems, retrospective safety cases need to be formulated as part of recertifying the systems for further use and risks must be documented and managed to give confidence for reusing the systems. The SEJ Software Development Risk Taxonomy [4] focuses on general software development issues. It does not, however, cover all the safety risks. The Software Safety Risk Taxonomy [8] was developed which provides a construct for eliciting and categorizing software safety risks in a straightforward manner. In this paper, we present extended work on the taxonomy for safety that incorporates the additional issues inherent in the development and maintenance of safety-critical systems with software. An instrument called a Software Safety Risk Taxonomy Based Questionnaire (TBQ) is generated containing questions addressing each safety attribute in the Software Safety Risk Taxonomy. Software safety risks are surfaced using the new TBQ and then analyzed. In this paper we give the definitions for the specialized Product Engineering Class within the Software Safety Risk Taxonomy. At the end of the paper, we present the tool known as the 'Legacy Systems Risk Database Tool' that is used to collect and analyze the data required to show traceability to a particular safety standard

  5. Analyzing Software Requirements Errors in Safety-Critical, Embedded Systems

    Science.gov (United States)

    Lutz, Robyn R.

    1993-01-01

    This paper analyzes the root causes of safety-related software errors in safety-critical, embedded systems. The results show that software errors identified as potentially hazardous to the system tend to be produced by different error mechanisms than non- safety-related software errors. Safety-related software errors are shown to arise most commonly from (1) discrepancies between the documented requirements specifications and the requirements needed for correct functioning of the system and (2) misunderstandings of the software's interface with the rest of the system. The paper uses these results to identify methods by which requirements errors can be prevented. The goal is to reduce safety-related software errors and to enhance the safety of complex, embedded systems.

  6. Computational methods for criticality safety analysis within the scale system

    International Nuclear Information System (INIS)

    Parks, C.V.; Petrie, L.M.; Landers, N.F.; Bucholz, J.A.

    1986-01-01

    The criticality safety analysis capabilities within the SCALE system are centered around the Monte Carlo codes KENO IV and KENO V.a, which are both included in SCALE as functional modules. The XSDRNPM-S module is also an important tool within SCALE for obtaining multiplication factors for one-dimensional system models. This paper reviews the features and modeling capabilities of these codes along with their implementation within the Criticality Safety Analysis Sequences (CSAS) of SCALE. The CSAS modules provide automated cross-section processing and user-friendly input that allow criticality safety analyses to be done in an efficient and accurate manner. 14 refs., 2 figs., 3 tabs

  7. SACS2: Dynamic and Formal Safety Analysis Method for Complex Safety Critical System

    International Nuclear Information System (INIS)

    Koh, Kwang Yong; Seong, Poong Hyun

    2009-01-01

    Fault tree analysis (FTA) is one of the most widely used safety analysis technique in the development of safety critical systems. However, over the years, several drawbacks of the conventional FTA have become apparent. One major drawback is that conventional FTA uses only static gates and hence can not capture dynamic behaviors of the complex system precisely. Although several attempts such as dynamic fault tree (DFT), PANDORA, formal fault tree (FFT) and so on, have been made to overcome this problem, they can not still do absolute or actual time modeling because they adapt relative time concept and can capture only sequential behaviors of the system. Second drawback of conventional FTA is its lack of rigorous semantics. Because it is informal in nature, safety analysis results heavily depend on an analyst's ability and are error-prone. Finally reasoning process which is to check whether basic events really cause top events is done manually and hence very labor-intensive and timeconsuming for the complex systems. In this paper, we propose a new safety analysis method for complex safety critical system in qualitative manner. We introduce several temporal gates based on timed computational tree logic (TCTL) which can represent quantitative notion of time. Then, we translate the information of the fault trees into UPPAAL query language and the reasoning process is automatically done by UPPAAL which is the model checker for time critical system

  8. A formal safety analysis for PLC software-based safety critical system using Z

    International Nuclear Information System (INIS)

    Koh, Jung Soo

    1997-02-01

    This paper describes a formal safety analysis technique which is demonstrated by performing empirical formal safety analysis with the case study of beamline hutch door Interlock system that is developed by using PLC (Programmable Logic Controller) systems at the Pohang Accelerator Laboratory. In order to perform formal safety analysis, we have built the Z formal specifications representation from user requirement written in ambiguous natural language and target PLC ladder logic, respectively. We have also studied the effective method to express typical PLC timer component by using specific Z formal notation which is supported by temporal history. We present a formal proof technique specifying and verifying that the hazardous states are not introduced into ladder logic in the PLC-based safety critical system. And also, we have found that some errors or mismatches in user requirement and final implemented PLC ladder logic while analyzing the process of the consistency and completeness of Z translated formal specifications. In the case of relatively small systems like Beamline hutch door interlock system, a formal safety analysis including explicit proof is highly recommended so that the safety of PLC-based critical system may be enhanced and guaranteed. It also provides a helpful benefits enough to comprehend user requirement expressed by ambiguous natural language

  9. Diversity for security: case assessment for FPGA-based safety-critical systems

    Directory of Open Access Journals (Sweden)

    Kharchenko Vyacheslav

    2016-01-01

    Full Text Available Industrial safety critical instrumentation and control systems (I&Cs are facing more with information (in general and cyber, in particular security threats and attacks. The application of programmable logic, first of all, field programmable gate arrays (FPGA in critical systems causes specific safety deficits. Security assessment techniques for such systems are based on heuristic knowledges and the expert judgment. Main challenge is how to take into account features of FPGA technology for safety critical I&Cs including systems in which are applied diversity approach to minimize risks of common cause failure. Such systems are called multi-version (MV systems. The goal of the paper is in description of the technique and tool for case-based security assessment of MV FPGA-based I&Cs.

  10. Modeling interaction in the safety-critical embedded system using hybrid modeling language

    International Nuclear Information System (INIS)

    Lee, Na Young; Choi, Jin Young; Kim, Jin Hyun; Bang, Ki Seok; Lee, Jang Soo

    2004-01-01

    To adapt the advanced digital technologies in the Instrumentation and Control (I and C) system of Nuclear Power Plants (NPPs), the more rigorous certification process including a formal verification is required to apply the advanced digital technologies in the NPPs. In this work, we concentrated on development procedure of Real Time Operating System (RTOS) software for use in one of the safety critical systems, Plant Protection System (PPS). Statecharts is used during development process to specify and simulate the model RTOS model. Model certifier is used to verify properties, such as Schedulability, priority inversion. Since the RTOS cannot operate by itself, we assume set of tasks to check properties. Based on the assumption, two sets of tasks are implemented in this work. We executed simulation to check whether it shows correct behavior as we designed. Important properties are verified using Model certifier. For the RTOS, however, timing properties should be checked, and Statecharts has limitation since it does not support time in it, therefore, time is considered as discrete tick. So we chose timed automata based tool, UPPAAL to verify timing properties. Model was simplified and modified. But timing constraints can be more realistic. When properties are not satisfied we can modify scheduler based on timing records during simulation. (author)

  11. Tank waste remediation system nuclear criticality safety program management review

    International Nuclear Information System (INIS)

    BRADY RAAP, M.C.

    1999-01-01

    This document provides the results of an internal management review of the Tank Waste Remediation System (TWRS) criticality safety program, performed in advance of the DOE/RL assessment for closure of the TWRS Nuclear Criticality Safety Issue, March 1994. Resolution of the safety issue was identified as Hanford Federal Facility Agreement and Consent Order (Tri-Party Agreement) Milestone M-40-12, due September 1999

  12. Comparative analysis of operation and safety of subcritical nuclear systems and innovative critical reactors; Analyse comparative du fonctionnement et de la surete de systemes sous-critiques et de reacteurs critiques innovants

    Energy Technology Data Exchange (ETDEWEB)

    Bokov, P.M

    2005-05-01

    The main goal of this thesis work is to investigate the role of core subcriticality for safety enhancement of advanced nuclear systems, in particular, molten salt reactors, devoted to both energy production and waste incineration/transmutation. The inherent safety is considered as ultimate goal of this safety improvement. An attempt to apply a systematic approach for the analysis of the subcriticality contribution to inherent properties of hybrid system was performed. The results of this research prove that in many cases the subcriticality may improve radically the safety characteristics of nuclear reactors, and in some configurations it helps to reach the 'absolute' intrinsic safety. In any case, a proper choice of subcriticality level makes all analyzed transients considerably slower and monotonic. It was shown that the weakest point of the independent-source systems with respect to the intrinsic safety is thermohydraulic unprotected transients, while in the case of the coupled-source systems the excess reactivity/current insertion events remain a matter of concern. To overcome these inherent drawbacks a new principle of realization of a coupled sub-critical system (DENNY concept) is proposed. In addition, the ways to remedy some particular safety-related problems with the help of the core sub-criticality are demonstrated. A preliminary safety analysis of the fast-spectrum molten salt reactor (REBUS concept) is also carried out in this thesis work. Finally, the potential of the alternative (to spallation) neutron sources for application in hybrid systems is examined. (author)

  13. Safety verification of non-linear hybrid systems is quasi-decidable

    Czech Academy of Sciences Publication Activity Database

    Ratschan, Stefan

    2014-01-01

    Roč. 44, č. 1 (2014), s. 71-90 ISSN 0925-9856 R&D Projects: GA ČR GCP202/12/J060 Institutional support: RVO:67985807 Keywords : hybrid system s * safety verification * decidability * robustness Subject RIV: IN - Informatics, Computer Science Impact factor: 0.875, year: 2014

  14. A hybrid approach to quantify software reliability in nuclear safety systems

    International Nuclear Information System (INIS)

    Arun Babu, P.; Senthil Kumar, C.; Murali, N.

    2012-01-01

    Highlights: ► A novel method to quantify software reliability using software verification and mutation testing in nuclear safety systems. ► Contributing factors that influence software reliability estimate. ► Approach to help regulators verify the reliability of safety critical software system during software licensing process. -- Abstract: Technological advancements have led to the use of computer based systems in safety critical applications. As computer based systems are being introduced in nuclear power plants, effective and efficient methods are needed to ensure dependability and compliance to high reliability requirements of systems important to safety. Even after several years of research, quantification of software reliability remains controversial and unresolved issue. Also, existing approaches have assumptions and limitations, which are not acceptable for safety applications. This paper proposes a theoretical approach combining software verification and mutation testing to quantify the software reliability in nuclear safety systems. The theoretical results obtained suggest that the software reliability depends on three factors: the test adequacy, the amount of software verification carried out and the reusability of verified code in the software. The proposed approach may help regulators in licensing computer based safety systems in nuclear reactors.

  15. Safety-Critical Java for Embedded Systems

    DEFF Research Database (Denmark)

    Rios Rivas, Juan Ricardo

    for Java aims at providing a reduced set of the Java programming language that can be used for systems that need to be certified at the highest levels of criticality. Safety-critical Java (SCJ) restricts how a developer can structure an application by providing a specific programming model...... and by restricting the set of methods and libraries that can be used. Furthermore, its memory model do not use a garbage-collected heap but scoped memories. In this thesis we examine the use of the SCJ specification through an implementation in a time-predictable, FPGA-based Java processor. The specification is now...

  16. Critical Characteristics of Radiation Detection System Components to be Dedicated for use in Safety Class and Safety Significant System

    International Nuclear Information System (INIS)

    DAVIS, S.J.

    2000-01-01

    This document identifies critical characteristics of components to be dedicated for use in Safety Significant (SS) Systems, Structures, or Components (SSCs). This document identifies the requirements for the components of the common, radiation area, monitor alarm in the WESF pool cell. These are procured as Commercial Grade Items (CGI), with the qualification testing and formal dedication to be performed at the Waste Encapsulation Storage Facility (WESF) for use in safety significant systems. System modifications are to be performed in accordance with the approved design. Components for this change are commercially available and interchangeable with the existing alarm configuration This document focuses on the operational requirements for alarm, declaration of the safety classification, identification of critical characteristics, and interpretation of requirements for procurement. Critical characteristics are identified herein and must be verified, followed by formal dedication, prior to the components being used in safety related applications

  17. Tank waste remediation system nuclear criticality safety inspection and assessment plan

    International Nuclear Information System (INIS)

    VAIL, T.S.

    1999-01-01

    This plan provides a management approved procedure for inspections and assessments of sufficient depth to validate that the Tank Waste Remediation System (TWRS) facility complies with the requirements of the Project Hanford criticality safety program, NHF-PRO-334, ''Criticality Safety General, Requirements''

  18. Development of a hybrid safety system: Actuation of the secondary automatic depressurization system at an early stage

    International Nuclear Information System (INIS)

    Nishimoto, Masae; Umezawa, Shigemitsu; Okabe, Kazuharu; Matsuoka, Tsuyoshi

    1996-01-01

    A Hybrid Safety System, which is an optimum combination of active and passive safety systems, has been developed in order to improve the safety, reliability and economic features of the next generation of PWRs. The passive safety systems include Automatic primary Depressurization System (ADS), Secondary Automatic Depressurization System (SADS), advanced accumulators, gravity injection system and so on. In this study the authors have improved the actuation logic of the passive safety systems. The original logic in the previous study actuates ADS at an early stage of an event such as a Loss-of-Coolant Accident (LOCA), and this is followed by the actuation of SADS. In this study they divide SADS into two systems. The first, small SADS, uses small valves corresponding to the relief valves of the conventional PWR plants. The second, large SADS, corresponds to the original SADS using multiple valves of large capacity. With the new logic, the passive systems are actuated during a typical small LOCA. Small LOCA analyses using several break areas were performed for a 1,400 MWe PWR plant with a Hybrid Safety System. The results predict that core uncovery does not occur in the case of a relatively small break area and that core heat removal during a small LOCA is improved in comparison with the analyses for conventional PWR plants, where the secondary pressure remains higher during the event. The results also predict that this new logic make it possible to reduce the ADS valve size and the actuation pressure setpoint of the passive safety systems

  19. Maintaining scale as a realiable computational system for criticality safety analysis

    International Nuclear Information System (INIS)

    Bowmann, S.M.; Parks, C.V.; Martin, S.K.

    1995-01-01

    Accurate and reliable computational methods are essential for nuclear criticality safety analyses. The SCALE (Standardized Computer Analyses for Licensing Evaluation) computer code system was originally developed at Oak Ridge National Laboratory (ORNL) to enable users to easily set up and perform criticality safety analyses, as well as shielding, depletion, and heat transfer analyses. Over the fifteen-year life of SCALE, the mainstay of the system has been the criticality safety analysis sequences that have featured the KENO-IV and KENO-V.A Monte Carlo codes and the XSDRNPM one-dimensional discrete-ordinates code. The criticality safety analysis sequences provide automated material and problem-dependent resonance processing for each criticality calculation. This report details configuration management which is essential because SCALE consists of more than 25 computer codes (referred to as modules) that share libraries of commonly used subroutines. Changes to a single subroutine in some cases affect almost every module in SCALE exclamation point Controlled access to program source and executables and accurate documentation of modifications are essential to maintaining SCALE as a reliable code system. The modules and subroutine libraries in SCALE are programmed by a staff of approximately ten Code Managers. The SCALE Software Coordinator maintains the SCALE system and is the only person who modifies the production source, executables, and data libraries. All modifications must be authorized by the SCALE Project Leader prior to implementation

  20. Security for safety critical space borne systems

    Science.gov (United States)

    Legrand, Sue

    1987-01-01

    The Space Station contains safety critical computer software components in systems that can affect life and vital property. These components require a multilevel secure system that provides dynamic access control of the data and processes involved. A study is under way to define requirements for a security model providing access control through level B3 of the Orange Book. The model will be prototyped at NASA-Johnson Space Center.

  1. Quantitative reliability assessment for safety critical system software

    International Nuclear Information System (INIS)

    Chung, Dae Won; Kwon, Soon Man

    2005-01-01

    An essential issue in the replacement of the old analogue I and C to computer-based digital systems in nuclear power plants is the quantitative software reliability assessment. Software reliability models have been successfully applied to many industrial applications, but have the unfortunate drawback of requiring data from which one can formulate a model. Software which is developed for safety critical applications is frequently unable to produce such data for at least two reasons. First, the software is frequently one-of-a-kind, and second, it rarely fails. Safety critical software is normally expected to pass every unit test producing precious little failure data. The basic premise of the rare events approach is that well-tested software does not fail under normal routine and input signals, which means that failures must be triggered by unusual input data and computer states. The failure data found under the reasonable testing cases and testing time for these conditions should be considered for the quantitative reliability assessment. We will present the quantitative reliability assessment methodology of safety critical software for rare failure cases in this paper

  2. A formal safety analysis for PLC software-based safety critical system using Z

    International Nuclear Information System (INIS)

    Koh, Jung Soo; Seong, Poong Hyun

    1997-01-01

    This paper describes a formal safety analysis technique which is demonstrated by performing empirical formal safety analysis with the case study of beamline hutch door Interlock system that is developed by using PLC (Programmable Logic Controller) systems at the Pohang Accelerator Laboratory. In order to perform formed safety analysis, we have built the Z formal specifications representation from user requirement written in ambiguous natural language and target PLC ladder logic, respectively. We have also studied the effective method to express typical PLC timer component by using specific Z formal notation which is supported by temporal history. We present a formal proof technique specifying and verifying that the hazardous states are not introduced into ladder logic in the PLC-based safety critical system

  3. Nuclear criticality safety handbook. Version 2

    International Nuclear Information System (INIS)

    1999-03-01

    The Nuclear Criticality Safety Handbook, Version 2 essentially includes the description of the Supplement Report to the Nuclear Criticality Safety Handbook, released in 1995, into the first version of Nuclear Criticality Safety Handbook, published in 1988. The following two points are new: (1) exemplifying safety margins related to modelled dissolution and extraction processes, (2) describing evaluation methods and alarm system for criticality accidents. Revision is made based on previous studies for the chapter that treats modelling the fuel system: e.g., the fuel grain size that the system can be regarded as homogeneous, non-uniformity effect of fuel solution, and burnup credit. This revision solves the inconsistencies found in the first version between the evaluation of errors found in JACS code system and criticality condition data that were calculated based on the evaluation. (author)

  4. SCALE system cross-section validation for criticality safety analysis

    International Nuclear Information System (INIS)

    Hathout, A.M.; Westfall, R.M.; Dodds, H.L. Jr.

    1980-01-01

    The purpose of this study is to test selected data from three cross-section libraries for use in the criticality safety analysis of UO 2 fuel rod lattices. The libraries, which are distributed with the SCALE system, are used to analyze potential criticality problems which could arise in the industrial fuel cycle for PWR and BWR reactors. Fuel lattice criticality problems could occur in pool storage, dry storage with accidental moderation, shearing and dissolution of irradiated elements, and in fuel transport and storage due to inadequate packing and shipping cask design. The data were tested by using the SCALE system to analyze 25 recently performed critical experiments

  5. Qualification of safety-critical software for digital reactor safety system in nuclear power plants

    International Nuclear Information System (INIS)

    Kwon, Kee-Choon; Park, Gee-Yong; Kim, Jang-Yeol; Lee, Jang-Soo

    2013-01-01

    This paper describes the software qualification activities for the safety-critical software of the digital reactor safety system in nuclear power plants. The main activities of the software qualification processes are the preparation of software planning documentations, verification and validation (V and V) of the software requirements specifications (SRS), software design specifications (SDS) and codes, and the testing of the integrated software and integrated system. Moreover, the software safety analysis and software configuration management are involved in the software qualification processes. The V and V procedure for SRS and SDS contains a technical evaluation, licensing suitability evaluation, inspection and traceability analysis, formal verification, software safety analysis, and an evaluation of the software configuration management. The V and V processes for the code are a traceability analysis, source code inspection, test case and test procedure generation. Testing is the major V and V activity of the software integration and system integration phases. The software safety analysis employs a hazard operability method and software fault tree analysis. The software configuration management in each software life cycle is performed by the use of a nuclear software configuration management tool. Through these activities, we can achieve the functionality, performance, reliability, and safety that are the major V and V objectives of the safety-critical software in nuclear power plants. (author)

  6. Fundamentals of automotive and engine technology standard drives, hybrid drives, brakes, safety systems

    CERN Document Server

    2014-01-01

    Hybrid drives and the operation of hybrid vehicles are characteristic of contemporary automotive technology. Together with the electronic driver assistant systems, hybrid technology is of the greatest importance and both cannot be ignored by today’s car drivers. This technical reference book provides the reader with a firsthand comprehensive description of significant components of automotive technology. All texts are complemented by numerous detailed illustrations. Contents History of the automobile.- History of the Diesel engine.- Areas of use for Diesel engines.- Basic principles of the Diesel engine.- Basic principles of Diesel fuel-injection.- Basic principles of the gasoline engine.- Inductive ignition system.- Transmissions for motor vehicles.- Motor vehicle safety.- Basic principles of vehicle dynamics.- Car braking systems.- Vehicle electrical systems.- Overview of electrical and electronic systems in the vehicle.- Control of gasoline engines.- Control of Diesel engines.- Lighting technology.- Elec...

  7. Diversity requirements for safety critical software-based automation systems

    International Nuclear Information System (INIS)

    Korhonen, J.; Pulkkinen, U.; Haapanen, P.

    1998-03-01

    System vendors nowadays propose software-based systems even for the most critical safety functions in nuclear power plants. Due to the nature and mechanisms of influence of software faults new methods are needed for the safety and reliability evaluation of these systems. In the research project 'Programmable automation systems in nuclear power plants (OHA)' various safety assessment methods and tools for software based systems are developed and evaluated. This report first discusses the (common cause) failure mechanisms in software-based systems, then defines fault-tolerant system architectures to avoid common cause failures, then studies the various alternatives to apply diversity and their influence on system reliability. Finally, a method for the assessment of diversity is described. Other recently published reports in OHA-report series handles the statistical reliability assessment of software based (STUK-YTO-TR 119), usage models in reliability assessment of software-based systems (STUK-YTO-TR 128) and handling of programmable automation in plant PSA-studies (STUK-YTO-TR 129)

  8. Outline of criticality safety research project

    International Nuclear Information System (INIS)

    Kobayashi, Iwao; Tachimori, Shoichi; Suzaki, Takenori; Takeshita, Isao; Miyoshi, Yoshinori; Nakajima, Ken; Sakurai, Satoshi; Yanagisawa, Hiroshi

    1987-01-01

    As the power generation capacity of LWRs in Japan increased, the establishment and development of nuclear fuel cycle have become the important subject. Conforming to the safety research project of the nation, the Japan Atomic Energy Research Institute has advanced the project of constructing a new research facility, that is, Nuclear Fuel Cycle Engineering Research Facility (NUCEF). In this facility, it is planned to carry out the research on criticality safety, upgraded reprocessing techniques, and the treatment and disposal of transuranium element wastes. In this paper, the subjects of criticality safety research and the research carried out with a criticality safety experiment facility which is expected to be installed in the NUCEF are briefly reported. The experimental data obtained from the criticality safety handbooks and published literatures in foreign countries are short of the data on the mixture of low enriched uranium and plutonium which is treated in the reprocessing of spent fuel from LWRs. The acquisition of the criticality data for various forms of fuel, the elucidation of the scenario of criticality accidents, and the soundness of the confinement system for gaseous fission products and plutonium are the main subjects. The Static Criticality Safety Facility, Transient Criticality Safety Facility and pulse column system are the main facilities. (Kako, I.)

  9. Criticality safety research on nuclear fuel cycle facility

    Energy Technology Data Exchange (ETDEWEB)

    Miyoshi, Yoshinori [Japan Atomic Energy Research Inst., Tokai, Ibaraki (Japan). Tokai Research Establishment

    2004-07-01

    This paper present d s current status and future program of the criticality safety research on nuclear fuel cycle made by Japan Atomic Energy Research Institute. Experimental research on solution fuel treated in reprocessing plant has been performed using two critical facilities, STACY and TRACY. Fundamental data of static and transient characteristics are accumulated for validation of criticality safety codes. Subcritical measurements are also made for developing a monitoring system for criticality safety. Criticality safety codes system for solution and power system, and evaluation method related to burnup credit are developed. (author)

  10. Validation of the Continuous-Energy Monte Carlo Criticality-Safety Analysis System MVP and JENDL-3.2 Using the Internationally Evaluated Criticality Benchmarks

    International Nuclear Information System (INIS)

    Mitake, Susumu

    2003-01-01

    Validation of the continuous-energy Monte Carlo criticality-safety analysis system, comprising the MVP code and neutron cross sections based on JENDL-3.2, was examined using benchmarks evaluated in the 'International Handbook of Evaluated Criticality Safety Benchmark Experiments'. Eight experiments (116 configurations) for the plutonium solution and plutonium-uranium mixture systems performed at Valduc, Battelle Pacific Northwest Laboratories, and other facilities were selected and used in the studies. The averaged multiplication factors calculated with MVP and MCNP-4B using the same neutron cross-section libraries based on JENDL-3.2 were in good agreement. Based on methods provided in the Japanese nuclear criticality-safety handbook, the estimated criticality lower-limit multiplication factors to be used as a subcriticality criterion for the criticality-safety evaluation of nuclear facilities were obtained. The analysis proved the applicability of the MVP code to the criticality-safety analysis of nuclear fuel facilities, particularly to the analysis of systems fueled with plutonium and in homogeneous and thermal-energy conditions

  11. Review of studies on criticality safety evaluation and criticality experiment methods

    International Nuclear Information System (INIS)

    Naito, Yoshitaka; Yamamoto, Toshihiro; Misawa, Tsuyoshi; Yamane, Yuichi

    2013-01-01

    Since the early 1960s, many studies on criticality safety evaluation have been conducted in Japan. Computer code systems were developed initially by employing finite difference methods, and more recently by using Monte Carlo methods. Criticality experiments have also been carried out in many laboratories in Japan as well as overseas. By effectively using these study results, the Japanese Criticality Safety Handbook was published in 1988, almost the intermediate point of the last 50 years. An increased interest has been shown in criticality safety studies, and a Working Party on Nuclear Criticality Safety (WPNCS) was set up by the Nuclear Science Committee of Organisation Economic Co-operation and Development in 1997. WPNCS has several task forces in charge of each of the International Criticality Safety Benchmark Evaluation Program (ICSBEP), Subcritical Measurement, Experimental Needs, Burn-up Credit Studies and Minimum Critical Values. Criticality safety studies in Japan have been carried out in cooperation with WPNCS. This paper describes criticality safety study activities in Japan along with the contents of the Japanese Criticality Safety Handbook and the tasks of WPNCS. (author)

  12. Regenerative braking strategies, vehicle safety and stability control systems: critical use-case proposals

    Science.gov (United States)

    Oleksowicz, Selim A.; Burnham, Keith J.; Southgate, Adam; McCoy, Chris; Waite, Gary; Hardwick, Graham; Harrington, Cian; McMurran, Ross

    2013-05-01

    The sustainable development of vehicle propulsion systems that have mainly focused on reduction of fuel consumption (i.e. CO2 emission) has led, not only to the development of systems connected with combustion processes but also to legislation and testing procedures. In recent years, the low carbon policy has made hybrid vehicles and fully electric vehicles (H/EVs) popular. The main virtue of these propulsion systems is their ability to restore some of the expended energy from kinetic movement, e.g. the braking process. Consequently new research and testing methods for H/EVs are currently being developed. This especially concerns the critical 'use-cases' for functionality tests within dynamic events for both virtual simulations, as well as real-time road tests. The use-case for conventional vehicles for numerical simulations and road tests are well established. However, the wide variety of tests and their great number (close to a thousand) creates a need for selection, in the first place, and the creation of critical use-cases suitable for testing H/EVs in both virtual and real-world environments. It is known that a marginal improvement in the regenerative braking ratio can significantly improve the vehicle range and, therefore, the economic cost of its operation. In modern vehicles, vehicle dynamics control systems play the principal role in safety, comfort and economic operation. Unfortunately, however, the existing standard road test scenarios are insufficient for H/EVs. Sector knowledge suggests that there are currently no agreed tests scenarios to fully investigate the effects of brake blending between conventional and regenerative braking as well as the regenerative braking interaction with active driving safety systems (ADSS). The paper presents seven manoeuvres, which are considered to be suitable and highly informative for the development and examination of H/EVs with regenerative braking capability. The critical manoeuvres presented are considered to be

  13. Modeling of requirement specification for safety critical real time computer system using formal mathematical specifications

    International Nuclear Information System (INIS)

    Sankar, Bindu; Sasidhar Rao, B.; Ilango Sambasivam, S.; Swaminathan, P.

    2002-01-01

    Full text: Real time computer systems are increasingly used for safety critical supervision and control of nuclear reactors. Typical application areas are supervision of reactor core against coolant flow blockage, supervision of clad hot spot, supervision of undesirable power excursion, power control and control logic for fuel handling systems. The most frequent cause of fault in safety critical real time computer system is traced to fuzziness in requirement specification. To ensure the specified safety, it is necessary to model the requirement specification of safety critical real time computer systems using formal mathematical methods. Modeling eliminates the fuzziness in the requirement specification and also helps to prepare the verification and validation schemes. Test data can be easily designed from the model of the requirement specification. Z and B are the popular languages used for modeling the requirement specification. A typical safety critical real time computer system for supervising the reactor core of prototype fast breeder reactor (PFBR) against flow blockage is taken as case study. Modeling techniques and the actual model are explained in detail. The advantages of modeling for ensuring the safety are summarized

  14. Autoclave nuclear criticality safety analysis

    Energy Technology Data Exchange (ETDEWEB)

    D`Aquila, D.M. [Martin Marietta Energy Systems, Inc., Piketon, OH (United States); Tayloe, R.W. Jr. [Battelle, Columbus, OH (United States)

    1991-12-31

    Steam-heated autoclaves are used in gaseous diffusion uranium enrichment plants to heat large cylinders of UF{sub 6}. Nuclear criticality safety for these autoclaves is evaluated. To enhance criticality safety, systems are incorporated into the design of autoclaves to limit the amount of water present. These safety systems also increase the likelihood that any UF{sub 6} inadvertently released from a cylinder into an autoclave is not released to the environment. Up to 140 pounds of water can be held up in large autoclaves. This mass of water is sufficient to support a nuclear criticality when optimally combined with 125 pounds of UF{sub 6} enriched to 5 percent U{sup 235}. However, water in autoclaves is widely dispersed as condensed droplets and vapor, and is extremely unlikely to form a critical configuration with released UF{sub 6}.

  15. 75 FR 71648 - Federal Motor Vehicle Safety Standards, Child Restraint Systems; Hybrid III 10-Year-Old Child...

    Science.gov (United States)

    2010-11-24

    ... No. NHTSA-2010-0158 Regulation Identifier No. (RIN) 2127-AJ44 Federal Motor Vehicle Safety Standards, Child Restraint Systems; Hybrid III 10-Year-Old Child Test Dummy AGENCY: National Highway Traffic Safety... (SNPRM). SUMMARY: This document proposes to amend Federal Motor Vehicle Safety Standard (FMVSS) No. 213...

  16. Nuclear Criticality Safety Handbook, Version 2. English translation

    International Nuclear Information System (INIS)

    2001-08-01

    The Nuclear Criticality Safety Handbook, Version 2 essentially includes the description of the Supplement Report to the Nuclear Criticality Safety Handbook, released in 1995, into the first version of the Nuclear Criticality Safety Handbook, published in 1988. The following two points are new: (1) exemplifying safety margins related to modeled dissolution and extraction processes, (2) describing evaluation methods and alarm system for criticality accidents. Revision has been made based on previous studies for the chapter that treats modeling the fuel system: e.g., the fuel grain size that the system can be regarded as homogeneous, non-uniformity effect of fuel solution, an burnup credit. This revision has solved the inconsistencies found in the first version between the evaluation of errors found in JACS code system and the criticality condition data that were calculated based on the evaluation. This report is an English translation of the Nuclear Criticality Safety Handbook, Version 2, originally published in Japanese as JAERI 1340 in 1999. (author)

  17. Anatomy of safety-critical computing problems

    International Nuclear Information System (INIS)

    Swu Yih; Fan Chinfeng; Shirazi, Behrooz

    1995-01-01

    This paper analyzes the obstacles faced by current safety-critical computing applications. The major problem lies in the difficulty to provide complete and convincing safety evidence to prove that the software is safe. We explain this problem from a fundamental perspective by analyzing the essence of safety analysis against that of software developed by current practice. Our basic belief is that in order to perform a successful safety analysis, the state space structure of the analyzed system must have some properties as prerequisites. We propose the concept of safety analyzability, and derive its necessary and sufficient conditions; namely, definability, finiteness, commensurability, and tractability. We then examine software state space structures against these conditions, and affirm that the safety analyzability of safety-critical software developed by current practice is severely restricted by its state space structure and by the problem of exponential growth cost. Thus, except for small and simple systems, the safety evidence may not be complete and convincing. Our concepts and arguments successfully explain the current problematic situation faced by the safety-critical computing domain. The implications are also discussed

  18. Martin Marietta Energy Systems Nuclear Criticality Safety Improvement Program

    International Nuclear Information System (INIS)

    Speas, I.G.

    1987-01-01

    This report addresses questions raised by criticality safety violation at several DOE plants. Two charts are included that define the severity and reporting requirements for the six levels of accidents. A summary is given of all reported criticality incident at the DOE plants involved. The report concludes with Martin Marietta's Nuclear Criticality Safety Policy Statement

  19. K-effective as a measure of criticality safety

    International Nuclear Information System (INIS)

    Venner, J.; Haley, R.M.; Bowden, R.L.

    2003-01-01

    This paper considers the relation between the neutron multiplication of a system, k-effective, and critical parameters. It aims to investigate whether k-effective is always the most appropriate measure of safety. For simple systems handbook data can be effectively utilized, applying a safety factor to critical masses. In such situations, the criticality safety margin is readily apparent. However, more complex systems may use the calculated value of neutron multiplication to assess the criticality safety of the system under investigation. A problem arises because there is no exact consistency between k-effective and the physical margin of subcriticality, in terms of parameters such as mass. In the UK, commonly accepted safety criteria are applied to limit the k-effective of the system being assessed. These margins of subcriticality have no definitive justification to support the values chosen and might be considered rather arbitrary in nature. This paper aims to answer this question of suitability by investigating the relation between k-effective and the physical critical parameters for a wide range of systems. It concludes that the safety criteria currently applied in the UK are valid, but some difference exists between safety factors applied to the mass of fissile material present and the corresponding value of k-effective. (author)

  20. RICIS Symposium 1992: Mission and Safety Critical Systems Research and Applications

    Science.gov (United States)

    1992-01-01

    This conference deals with computer systems which control systems whose failure to operate correctly could produce the loss of life and or property, mission and safety critical systems. Topics covered are: the work of standards groups, computer systems design and architecture, software reliability, process control systems, knowledge based expert systems, and computer and telecommunication protocols.

  1. An aspect-oriented approach for designing safety-critical systems

    Science.gov (United States)

    Petrov, Z.; Zaykov, P. G.; Cardoso, J. P.; Coutinho, J. G. F.; Diniz, P. C.; Luk, W.

    The development of avionics systems is typically a tedious and cumbersome process. In addition to the required functions, developers must consider various and often conflicting non-functional requirements such as safety, performance, and energy efficiency. Certainly, an integrated approach with a seamless design flow that is capable of requirements modelling and supporting refinement down to an actual implementation in a traceable way, may lead to a significant acceleration of development cycles. This paper presents an aspect-oriented approach supported by a tool chain that deals with functional and non-functional requirements in an integrated manner. It also discusses how the approach can be applied to development of safety-critical systems and provides experimental results.

  2. Reliability estimation of safety-critical software-based systems using Bayesian networks

    International Nuclear Information System (INIS)

    Helminen, A.

    2001-06-01

    Due to the nature of software faults and the way they cause system failures new methods are needed for the safety and reliability evaluation of software-based safety-critical automation systems in nuclear power plants. In the research project 'Programmable automation system safety integrity assessment (PASSI)', belonging to the Finnish Nuclear Safety Research Programme (FINNUS, 1999-2002), various safety assessment methods and tools for software based systems are developed and evaluated. The project is financed together by the Radiation and Nuclear Safety Authority (STUK), the Ministry of Trade and Industry (KTM) and the Technical Research Centre of Finland (VTT). In this report the applicability of Bayesian networks to the reliability estimation of software-based systems is studied. The applicability is evaluated by building Bayesian network models for the systems of interest and performing simulations for these models. In the simulations hypothetical evidence is used for defining the parameter relations and for determining the ability to compensate disparate evidence in the models. Based on the experiences from modelling and simulations we are able to conclude that Bayesian networks provide a good method for the reliability estimation of software-based systems. (orig.)

  3. Study of potential of nuclear waste transmutation and safety characteristics of an hybrid system: sub critical accelerator reactor; Etude du potentiel de transmutation et des caracteristiques de surete d`un systeme hybride: accelerateur reacteur sous critique

    Energy Technology Data Exchange (ETDEWEB)

    Tchistiakov, A

    1998-04-01

    The study of potential of nuclear waste transmutation for the new reactor systems - hybrid reactors - was the object of this work. Global review of different projects is presented. The basic physical parameters definitions, as neutron surplus and relative importance of external source neutrons, are introduced and explained. For these parameters, numerical values are obtained. The advantage in neutron surplus of fast system is noted. Equilibrium model and corresponding toxicities of different isotopes nd nuclear cycles are presented. Numerical analysis for equilibrium model converge validation are performed also. The study of neutron consumption by `transmutable` Long-Lived Fission Products (Tc, I and Cs) show the possibility of their incineration in dedicated fast hybrid reactors. Equilibrium model shown the influence of reprocessing losses level to cycle toxicity level. Relations between specific fuel inventories (mass normalised by power unit) for thermal and fast spectra are examined. The differences are relatively small. Finally, few hybrid reactor concepts with different objects were analysed. These studies confirm that in frameworks of certain Nuclear Energy scenarios the fast hybrid systems can reduce significantly the radio-toxicity of fuel cycle. Preliminary analyses of sub-critical reactor behaviour show big potential of this reactor type in `Transient of Power` kind of accident, even if more detailed study is necessary. (author)

  4. Analysing context-dependent deviations in interacting with safety-critical systems

    International Nuclear Information System (INIS)

    Paterno, Fabio; Santoro, Carmen

    2006-01-01

    Mobile technology is penetrating many areas of human life. This implies that the context of use can vary in many respects. We present a method that aims to support designers in managing the complex design space when considering applications with varying contexts and help them to identify solutions that support users in performing their activities while preserving usability and safety. The method is a novel combination of an analysis of both potential deviations in task performance and most suitable information representations based on distributed cognition. The originality of the contribution is in providing a conceptual tool for better understanding the impact of context of use on user interaction in safety-critical domains. In order to present our approach we provide an example in which the implications of introducing new support through mobile devices in a safety-critical system are identified and analysed in terms of potential hazards

  5. Decomobil, Deliverable 3.6, Human Centred Design for Safety Critical Transport Systems

    OpenAIRE

    PAUZIE, Annie; MENDOZA, Lucile; SIMOES, Anabela; BELLET, Thierry; MOREAU, Fabien

    2014-01-01

    The scientific seminar on 'Human Centred Design for Safety Critical Transport Systems' organized in the framework of DECOMOBIL has been held the 8th of September 2014 in Lisbon, Portugal, hosted by ADI/ISG. The aims of the event were to present the scientific problematic related to the safety of the complex transport systems and the increasing importance of human-­centred design, with a specific focus on Resilience Engineering concept, a new approach to safety management in highly complex sys...

  6. Nuclear criticality safety department training implementation

    International Nuclear Information System (INIS)

    Carroll, K.J.; Taylor, R.G.; Worley, C.A.

    1996-01-01

    The Nuclear Criticality Safety Department (NCSD) is committed to developing and maintaining a staff of qualified personnel to meet the current and anticipated needs in Nuclear Criticality Safety (NCS) at the Oak Ridge Y-12 Plant. The NCSD Qualification Program is described in Y/DD-694, Qualification Program, Nuclear Criticality Safety Department This document provides a listing of the roles and responsibilities of NCSD personnel with respect to training and details of the Training Management System (TMS) programs, Mentoring Checklists and Checksheets, as well as other documentation utilized to implement the program. This document supersedes Y/DD-696, Revision 2, dated 3/27/96, Training Implementation, Nuclear Criticality Safety Department. There are no backfit requirements associated with revisions to this document

  7. KAERI software safety guideline for developing safety-critical software in digital instrumentation and control system of nuclear power plant

    International Nuclear Information System (INIS)

    Lee, Jang Soo; Kim, Jang Yeol; Eum, Heung Seop.

    1997-07-01

    Recently, the safety planning for safety-critical software systems is being recognized as the most important phase in the software life cycle, and being developed new regulatory positions and standards by the regulatory and the standardization organization. The requirements for software important to safety of nuclear reactor are described in such positions and standards. Most of them are describing mandatory requirements, what shall be done, for the safety-critical software. The developers of such a software. However, there have been a lot of controversial factors on whether the work practices satisfy the regulatory requirements, and to justify the safety of such a system developed by the work practices, between the licenser and the licensee. We believe it is caused by the reason that there is a gap between the mandatory requirements (What) and the work practices (How). We have developed a guidance to fill such gap, which can be useful for both licenser and licensee to conduct a justification of the safety in the planning phase of developing the software for nuclear reactor protection systems. (author). 67 refs., 13 tabs., 2 figs

  8. KAERI software safety guideline for developing safety-critical software in digital instrumentation and control system of nuclear power plant

    Energy Technology Data Exchange (ETDEWEB)

    Lee, Jang Soo; Kim, Jang Yeol; Eum, Heung Seop

    1997-07-01

    Recently, the safety planning for safety-critical software systems is being recognized as the most important phase in the software life cycle, and being developed new regulatory positions and standards by the regulatory and the standardization organization. The requirements for software important to safety of nuclear reactor are described in such positions and standards. Most of them are describing mandatory requirements, what shall be done, for the safety-critical software. The developers of such a software. However, there have been a lot of controversial factors on whether the work practices satisfy the regulatory requirements, and to justify the safety of such a system developed by the work practices, between the licenser and the licensee. We believe it is caused by the reason that there is a gap between the mandatory requirements (What) and the work practices (How). We have developed a guidance to fill such gap, which can be useful for both licenser and licensee to conduct a justification of the safety in the planning phase of developing the software for nuclear reactor protection systems. (author). 67 refs., 13 tabs., 2 figs.

  9. A desktop 3D printer in safety-critical Java

    DEFF Research Database (Denmark)

    Strøm, Tórur Biskopstø; Schoeberl, Martin

    2012-01-01

    there exist several safety-critical Java framework implementations, there is a lack of safety-critical use cases implemented according to the specification. In this paper we present a 3D printer and its safety-critical Java level 1 implementation as a use case. With basis in the implementation we evaluate......It is desirable to bring Java technology to safety-critical systems. To this end The Open Group has created the safety-critical Java specification, which will allow Java applications, written according to the specification, to be certifiable in accordance with safety-critical standards. Although...

  10. Systems for hybrid cars

    Science.gov (United States)

    Bitsche, Otmar; Gutmann, Guenter

    Not only sharp competition but also legislation are pushing development of hybrid drive trains. Based on conventional internal combustion engine (ICE) vehicles, these drive trains offer a wide range of benefits from reduced fuel consumption and emission to multifaceted performance improvements. Hybrid electric drive trains may also facilitate the introduction of fuel cells (FC). The battery is the key component for all hybrid drive trains, as it dominates cost and performance issues. The selection of the right battery technology for the specific automotive application is an important task with an impact on costs of development and use. Safety, power, and high cycle life are a must for all hybrid applications. The greatest pressure to reduce cost is in soft hybrids, where lead-acid embedded in a considerate management presents the cheapest solution, with a considerable improvement in performance needed. From mild to full hybridization, an improvement in specific power makes higher costs more acceptable, provided that the battery's service life is equivalent to the vehicle's lifetime. Today, this is proven for the nickel-metal hydride system. Lithium ion batteries, which make use of a multiple safety concept, and with some development anticipated, provide even better prospects in terms of performance and costs. Also, their scalability permits their application in battery electric vehicles—the basis for better performance and enhanced user acceptance. Development targets for the batteries are discussed with a focus on system aspects such as electrical and thermal management and safety.

  11. Design aspects of safety critical instrumentation of nuclear installations

    Energy Technology Data Exchange (ETDEWEB)

    Swaminathan, P. [Electronics Group, Indira Gandhi Centre for Atomic Research, Kalpakkam 603 102, Tamil Nadu (India)]. E-mail: swamy@igcar.ernet.in

    2005-07-01

    Safety critical instrumentation systems ensure safe shutdown/configuration of the nuclear installation when process status exceeds the safety threshold limits. Design requirements for safety critical instrumentation such as functional and electrical independence, fail-safe design, and architecture to ensure the specified unsafe failure rate and safe failure rate, human machine interface (HMI), etc., are explained with examples. Different fault tolerant architectures like 1/2, 2/2, 2/3 hot stand-by are compared for safety critical instrumentation. For embedded systems, software quality assurance is detailed both during design phase and O and M phase. Different software development models such as waterfall model and spiral model are explained with examples. The error distribution in embedded system is detailed. The usage of formal method is outlined to reduce the specification error. The guidelines for coding of application software are outlined. The interface problems of safety critical instrumentation with sensors, actuators, other computer systems, etc., are detailed with examples. Testability and maintainability shall be taken into account during design phase. Online diagnostics for safety critical instrumentation is detailed with examples. Salient details of design guides from Atomic Energy Regulatory Board, International Atomic Energy Agency and standards from IEEE, BIS are given towards the design of safety critical instrumentation systems. (author)

  12. Design aspects of safety critical instrumentation of nuclear installations

    International Nuclear Information System (INIS)

    Swaminathan, P.

    2005-01-01

    Safety critical instrumentation systems ensure safe shutdown/configuration of the nuclear installation when process status exceeds the safety threshold limits. Design requirements for safety critical instrumentation such as functional and electrical independence, fail-safe design, and architecture to ensure the specified unsafe failure rate and safe failure rate, human machine interface (HMI), etc., are explained with examples. Different fault tolerant architectures like 1/2, 2/2, 2/3 hot stand-by are compared for safety critical instrumentation. For embedded systems, software quality assurance is detailed both during design phase and O and M phase. Different software development models such as waterfall model and spiral model are explained with examples. The error distribution in embedded system is detailed. The usage of formal method is outlined to reduce the specification error. The guidelines for coding of application software are outlined. The interface problems of safety critical instrumentation with sensors, actuators, other computer systems, etc., are detailed with examples. Testability and maintainability shall be taken into account during design phase. Online diagnostics for safety critical instrumentation is detailed with examples. Salient details of design guides from Atomic Energy Regulatory Board, International Atomic Energy Agency and standards from IEEE, BIS are given towards the design of safety critical instrumentation systems. (author)

  13. A safety-critical decision support system evaluation using situation awareness and workload measures

    International Nuclear Information System (INIS)

    Naderpour, Mohsen; Lu, Jie; Zhang, Guangquan

    2016-01-01

    To ensure the safety of operations in safety-critical systems, it is necessary to maintain operators' situation awareness (SA) at a high level. A situation awareness support system (SASS) has therefore been developed to handle uncertain situations [1]. This paper aims to systematically evaluate the enhancement of SA in SASS by applying a multi-perspective approach. The approach consists of two SA metrics, SAGAT and SART, and one workload metric, NASA-TLX. The first two metrics are used for the direct objective and subjective measurement of SA, while the third is used to estimate operator workload. The approach is applied in a safety-critical environment called residue treater, located at a chemical plant in which a poor human-system interface reduced the operator's SA and caused one of the worst accidents in US history. A counterbalanced within-subjects experiment is performed using a virtual environment interface with and without the support of SASS. The results indicate that SASS improves operators' SA, and specifically has benefits for SA levels 2 and 3. In addition, it is concluded that SASS reduces operator workload, although further investigations in different environments with a larger number of participants have been suggested. - Highlights: • The suitability of a cognitive decision support system is investigated. • An evaluation approach considering situation awareness and workload measures is proposed. • A computerized system based on the proposed approach is implemented. • The implemented system is used in a safety-critical environment.

  14. A Practical Risk Assessment Methodology for Safety-Critical Train Control Systems

    Science.gov (United States)

    2009-07-01

    This project proposes a Practical Risk Assessment Methodology (PRAM) for analyzing railroad accident data and assessing the risk and benefit of safety-critical train control systems. This report documents in simple steps the algorithms and data input...

  15. System Guidelines for EMC Safety-Critical Circuits: Design, Selection, and Margin Demonstration

    Science.gov (United States)

    Lawton, R. M.

    1996-01-01

    Demonstration of safety margins for critical points (circuits) has traditionally been required since it first became a part of systems-level Electromagnetic Compatibility (EMC) requirements of MIL-E-6051C. The goal of this document is to present cost-effective guidelines for ensuring adequate Electromagnetic Effects (EME) safety margins on spacecraft critical circuits. It is for the use of NASA and other government agencies and their contractors to prevent loss of life, loss of spacecraft, or unacceptable degradation. This document provides practical definition and treatment guidance to contain costs within affordable limits.

  16. Some Challenges in the Design of Human-Automation Interaction for Safety-Critical Systems

    Science.gov (United States)

    Feary, Michael S.; Roth, Emilie

    2014-01-01

    Increasing amounts of automation are being introduced to safety-critical domains. While the introduction of automation has led to an overall increase in reliability and improved safety, it has also introduced a class of failure modes, and new challenges in risk assessment for the new systems, particularly in the assessment of rare events resulting from complex inter-related factors. Designing successful human-automation systems is challenging, and the challenges go beyond good interface development (e.g., Roth, Malin, & Schreckenghost 1997; Christoffersen & Woods, 2002). Human-automation design is particularly challenging when the underlying automation technology generates behavior that is difficult for the user to anticipate or understand. These challenges have been recognized in several safety-critical domains, and have resulted in increased efforts to develop training, procedures, regulations and guidance material (CAST, 2008, IAEA, 2001, FAA, 2013, ICAO, 2012). This paper points to the continuing need for new methods to describe and characterize the operational environment within which new automation concepts are being presented. We will describe challenges to the successful development and evaluation of human-automation systems in safety-critical domains, and describe some approaches that could be used to address these challenges. We will draw from experience with the aviation, spaceflight and nuclear power domains.

  17. Licensing process for safety-critical software-based systems

    Energy Technology Data Exchange (ETDEWEB)

    Haapanen, P. [VTT Automation, Espoo (Finland); Korhonen, J. [VTT Electronics, Espoo (Finland); Pulkkinen, U. [VTT Automation, Espoo (Finland)

    2000-12-01

    System vendors nowadays propose software-based technology even for the most critical safety functions in nuclear power plants. Due to the nature of software faults and the way they cause system failures new methods are needed for the safety and reliability evaluation of these systems. In the research project 'Programmable automation systems in nuclear power plants (OHA)', financed together by the Radiation and Nuclear Safety Authority (STUK), the Ministry of Trade and Industry (KTM) and the Technical Research Centre of Finland (VTT), various safety assessment methods and tools for software based systems are developed and evaluated. As a part of the OHA-work a reference model for the licensing process for software-based safety automation systems is defined. The licensing process is defined as the set of interrelated activities whose purpose is to produce and assess evidence concerning the safety and reliability of the system/application to be licensed and to make the decision about the granting the construction and operation permissions based on this evidence. The parties of the licensing process are the authority, the licensee (the utility company), system vendors and their subcontractors and possible external independent assessors. The responsibility about the production of the evidence in first place lies at the licensee who in most cases rests heavily on the vendor expertise. The evaluation and gauging of the evidence is carried out by the authority (possibly using external experts), who also can acquire additional evidence by using their own (independent) methods and tools. Central issue in the licensing process is to combine the quality evidence about the system development process with the information acquired through tests, analyses and operational experience. The purpose of the licensing process described in this report is to act as a reference model both for the authority and the licensee when planning the licensing of individual applications

  18. Licensing process for safety-critical software-based systems

    International Nuclear Information System (INIS)

    Haapanen, P.; Korhonen, J.; Pulkkinen, U.

    2000-12-01

    System vendors nowadays propose software-based technology even for the most critical safety functions in nuclear power plants. Due to the nature of software faults and the way they cause system failures new methods are needed for the safety and reliability evaluation of these systems. In the research project 'Programmable automation systems in nuclear power plants (OHA)', financed together by the Radiation and Nuclear Safety Authority (STUK), the Ministry of Trade and Industry (KTM) and the Technical Research Centre of Finland (VTT), various safety assessment methods and tools for software based systems are developed and evaluated. As a part of the OHA-work a reference model for the licensing process for software-based safety automation systems is defined. The licensing process is defined as the set of interrelated activities whose purpose is to produce and assess evidence concerning the safety and reliability of the system/application to be licensed and to make the decision about the granting the construction and operation permissions based on this evidence. The parties of the licensing process are the authority, the licensee (the utility company), system vendors and their subcontractors and possible external independent assessors. The responsibility about the production of the evidence in first place lies at the licensee who in most cases rests heavily on the vendor expertise. The evaluation and gauging of the evidence is carried out by the authority (possibly using external experts), who also can acquire additional evidence by using their own (independent) methods and tools. Central issue in the licensing process is to combine the quality evidence about the system development process with the information acquired through tests, analyses and operational experience. The purpose of the licensing process described in this report is to act as a reference model both for the authority and the licensee when planning the licensing of individual applications. Many of the

  19. Criticality safety studies at VTT Energy

    International Nuclear Information System (INIS)

    Roine, T.; Anttila, M.

    1995-01-01

    At VTT Energy a compact reactor physics calculation system is applied in many kind of problems. Generation of group constants for static and dynamic core calculations, flux and dose rate calculations as well as criticality safety studies are performed basically with the same codes. In the presentation a short overview of the wide variety of criticality safety problems analyzed at VTT Energy is given. The calculation system with some illustrative examples is also described. (12 refs., 1 tab.)

  20. Criticality safety validation: Simple geometry, single unit 233U systems

    International Nuclear Information System (INIS)

    Putman, V.L.

    1997-06-01

    Typically used LMITCO criticality safety computational methods are evaluated for suitability when applied to INEEL 233 U systems which reasonably can be modeled as simple-geometry, single-unit systems. Sixty-seven critical experiments of uranium highly enriched in 233 U, including 57 aqueous solution, thermal-energy systems and 10 metal, fast-energy systems, were modeled. These experiments include 41 cylindrical and 26 spherical cores, and 41 reflected and 26 unreflected systems. No experiments were found for intermediate-neutron-energy ranges, or with interstitial non-hydrogenous materials typical of waste systems, mixed 233 U and plutonium, or reflectors such as steel, lead, or concrete. No simple geometry experiments were found with cubic or annular cores, or approximating infinite sea systems. Calculations were performed with various tools and methodologies. Nine cross-section libraries, based on ENDF/B-IV, -V, or -VI.2, or on Hansen-Roach source data, were used with cross-section processing methods of MCNP or SCALE. The k eff calculations were performed with neutral-particle transport and Monte Carlo methods of criticality codes DANT, MCNP 4A, and KENO Va

  1. Is Model-Based Development a Favorable Approach for Complex and Safety-Critical Computer Systems on Commercial Aircraft?

    Science.gov (United States)

    Torres-Pomales, Wilfredo

    2014-01-01

    A system is safety-critical if its failure can endanger human life or cause significant damage to property or the environment. State-of-the-art computer systems on commercial aircraft are highly complex, software-intensive, functionally integrated, and network-centric systems of systems. Ensuring that such systems are safe and comply with existing safety regulations is costly and time-consuming as the level of rigor in the development process, especially the validation and verification activities, is determined by considerations of system complexity and safety criticality. A significant degree of care and deep insight into the operational principles of these systems is required to ensure adequate coverage of all design implications relevant to system safety. Model-based development methodologies, methods, tools, and techniques facilitate collaboration and enable the use of common design artifacts among groups dealing with different aspects of the development of a system. This paper examines the application of model-based development to complex and safety-critical aircraft computer systems. Benefits and detriments are identified and an overall assessment of the approach is given.

  2. Use of modern software - based instrumentation in safety critical systems

    International Nuclear Information System (INIS)

    Emmett, J.; Smith, B.

    2005-01-01

    Many Nuclear Power Plants are now ageing and in need of various degrees of refurbishment. Installed instrumentation usually uses out of date 'analogue' technology and is often no longer available in the market place. New technology instrumentation is generally un-qualified for nuclear use and specifically the new 'smart' technology contains 'firmware', (effectively 'soup' (Software of Uncertain Pedigree)) which must be assessed in accordance with relevant safety standards before it may be used in a safety application. Particular standards are IEC 61508 [1] and the British Energy (BE) PES (Programmable Electronic Systems) guidelines EPD/GEN/REP/0277/97. [2] This paper outlines a new instrument evaluation system, which has been developed in conjunction with the UK Nuclear Industry. The paper concludes with a discussion about on-line monitoring of Smart instrumentation in safety critical applications. (author)

  3. Software reliability for safety-critical applications

    International Nuclear Information System (INIS)

    Everett, B.; Musa, J.

    1994-01-01

    In this talk, the authors address the question open-quotes Can Software Reliability Engineering measurement and modeling techniques be applied to safety-critical applications?close quotes Quantitative techniques have long been applied in engineering hardware components of safety-critical applications. The authors have seen a growing acceptance and use of quantitative techniques in engineering software systems but a continuing reluctance in using such techniques in safety-critical applications. The general case posed against using quantitative techniques for software components runs along the following lines: safety-critical applications should be engineered such that catastrophic failures occur less frequently than one in a billion hours of operation; current software measurement/modeling techniques rely on using failure history data collected during testing; one would have to accumulate over a billion operational hours to verify failure rate objectives of about one per billion hours

  4. Nuclear Criticality Safety Department Qualification Program

    International Nuclear Information System (INIS)

    Carroll, K.J.; Taylor, R.G.; Worley, C.A.

    1996-01-01

    The Nuclear Criticality Safety Department (NCSD) is committed to developing and maintaining a staff of highly qualified personnel to meet the current and anticipated needs in Nuclear Criticality Safety (NCS) at the Oak Ridge Y-12 Plant. This document defines the Qualification Program to address the NCSD technical and managerial qualification as required by the Y-1 2 Training Implementation Matrix (TIM). This Qualification Program is in compliance with DOE Order 5480.20A and applicable Lockheed Martin Energy Systems, Inc. (LMES) and Y-1 2 Plant procedures. It is implemented through a combination of WES plant-wide training courses and professional nuclear criticality safety training provided within the department. This document supersedes Y/DD-694, Revision 2, 2/27/96, Qualification Program, Nuclear Criticality Safety Department There are no backfit requirements associated with revisions to this document

  5. Estimating Impact and Frequency of Risks to Safety and Mission Critical Systems Using CVSS

    NARCIS (Netherlands)

    Houmb, S.H.; Nunes Leal Franqueira, V.; Engum, E.A.

    2008-01-01

    Many safety and mission critical systems depend on the correct and secure operation of both supportive and core software systems. E.g., both the safety of personnel and the effective execution of core missions on an oil platform depend on the correct recording storing, transfer and interpretation of

  6. The Department of Energy nuclear criticality safety program

    International Nuclear Information System (INIS)

    Felty, J.R.

    2004-01-01

    This paper broadly covers key events and activities from which the Department of Energy Nuclear Criticality Safety Program (NCSP) evolved. The NCSP maintains fundamental infrastructure that supports operational criticality safety programs. This infrastructure includes continued development and maintenance of key calculational tools, differential and integral data measurements, benchmark compilation, development of training resources, hands-on training, and web-based systems to enhance information preservation and dissemination. The NCSP was initiated in response to Defense Nuclear Facilities Safety Board Recommendation 97-2, Criticality Safety, and evolved from a predecessor program, the Nuclear Criticality Predictability Program, that was initiated in response to Defense Nuclear Facilities Safety Board Recommendation 93-2, The Need for Critical Experiment Capability. This paper also discusses the role Dr. Sol Pearlstein played in helping the Department of Energy lay the foundation for a robust and enduring criticality safety infrastructure.

  7. Nuclear criticality safety parameter evaluation for uranium metallic alloy

    Energy Technology Data Exchange (ETDEWEB)

    Sanchez, Andrea; Abe, Alfredo, E-mail: andreasdpz@hotmail.com, E-mail: abye@uol.com.br [Instituto de Pesquisas Energeticas e Nucleares (IPEN/CNEN-SP), Sao Paulo, SP (Brazil). Centro de Energia Nuclear

    2013-07-01

    Nuclear criticality safety during fuel fabrication process, transport and storage of fissile and fissionable materials requires criticality safety analysis. Normally the analysis involves computer calculations and safety parameters determination. There are many different Criticality Safety Handbooks where such safety parameters for several different fissile mixtures are presented. The handbooks have been published to provide data and safety principles for the design, safety evaluation and licensing of operations, transport and storage of fissile and fissionable materials. The data often comprise not only critical values, but also subcritical limits and safe parameters obtained for specific conditions using criticality safety calculation codes such as SCALE system. Although many data are available for different fissile and fissionable materials, compounds, mixtures, different enrichment level, there are a lack of information regarding a uranium metal alloy, specifically UMo and UNbZr. Nowadays uranium metal alloy as fuel have been investigated under RERTR program as possible candidate to became a new fuel for research reactor due to high density. This work aim to evaluate a set of criticality safety parameters for uranium metal alloy using SCALE system and MCNP Monte Carlo code. (author)

  8. Application of an integrated PC-based neutronics code system to criticality safety

    International Nuclear Information System (INIS)

    Briggs, J.B.; Nigg, D.W.

    1991-01-01

    An integrated system of neutronics and radiation transport software suitable for operation in an IBM PC-class environment has been under development at the Idaho National Engineering Laboratory (INEL) for the past four years. Four modules within the system are particularly useful for criticality safety applications. Using the neutronics portion of the integrated code system, effective neutron multiplication values (k eff values) have been calculated for a variety of benchmark critical experiments for metal systems (Plutonium and Uranium), Aqueous Systems (Plutonium and Uranium) and LWR fuel rod arrays. A description of the codes and methods used in the analysis and the results of the benchmark critical experiments are presented in this paper. In general, excellent agreement was found between calculated and experimental results. (Author)

  9. Safety critical systems handbook a straightforward guide to functional safety : IEC 61508 (2010 edition) and related standards

    CERN Document Server

    Smith, David J

    2010-01-01

    Electrical, electronic and programmable electronic systems increasingly carry out safety functions to guard workers and the public against injury or death and the environment against pollution. The international functional safety standard IEC 61508 was revised in 2010, and this is the first comprehensive guide available to the revised standard. As functional safety is applicable to many industries, this book will have a wide readership beyond the chemical and process sector, including oil and gas, power generation, nuclear, aircraft, and automotive industries, plus project, instrumentation, design, and control engineers. * The only comprehensive guide to IEC 61508, updated to cover the 2010 amendments, that will ensure engineers are compliant with the latest process safety systems design and operation standards* Helps readers understand the process required to apply safety critical systems standards* Real-world approach helps users to interpret the standard, with case studies and best practice design examples...

  10. Study on criticality safety evaluation of a system where flood will never occur

    International Nuclear Information System (INIS)

    Naito, Yoshitaka; Yamamoto, Toshihiro; Komuro, Yuichi; Itahara, Kuniyuki.

    1995-03-01

    Criticality safety evaluation for a single unit containing nuclear fuel has usually been performed on the assumption that there is a fully thick water reflector around the unit. For a system where flood will never occur, however, the thick reflector assumption is usually not applied recently. In such cases, a method is proposed, which models surrounding structural material and branch pipes as 2.5cm thick water reflector. This report shows that reactivity worth of structural material and branch pipes is, in many cases, less than that of 2.5cm thick water reflector. Further, another method is shown to evaluate criticality safety for a multiple unit system, using computed results with surrounding structural material and branch pipes neglected. And it is shown with many sample calculations that the method with 2.5cm thick water reflector in place of structural material and pipes gives safety side results to similar systems to real reprocessing plants. (author)

  11. Event tree analysis for the system of hybrid reactor

    International Nuclear Information System (INIS)

    Yang Yongwei; Qiu Lijian

    1993-01-01

    The application of probabilistic risk assessment for fusion-fission hybrid reactor is introduced. A hybrid reactor system has been analysed using event trees. According to the character of the conceptual design of Hefei Fusion-fission Experimental Hybrid Breeding Reactor, the probabilities of the event tree series induced by 4 typical initiating events were calculated. The results showed that the conceptual design is safe and reasonable. through this paper, the safety character of hybrid reactor system has been understood more deeply. Some suggestions valuable to safety design for hybrid reactor have been proposed

  12. Enhanced Thermal Management System for Spent Nuclear Fuel Dry Storage Canister with Hybrid Heat Pipes

    International Nuclear Information System (INIS)

    Jeong, Yeong Shin; Bang, In Cheol

    2016-01-01

    Dry storage uses the gas or air as coolant within sealed canister with neutron shielding materials. Dry storage system for spent fuel is regarded as relatively safe and emits little radioactive waste for the storage, but it showed that the storage capacity and overall safety of dry cask needs to be enhanced for the dry storage cask for LWR in Korea. For safety enhancement of dry cask, previous studies of our group firstly suggested the passive cooling system with heat pipes for LWR spent fuel dry storage metal cask. As an extension, enhanced thermal management systems for the spent fuel dry storage cask for LWR was suggested with hybrid heat pipe concept, and their performances were analyzed in thermal-hydraulic viewpoint in this paper. In this paper, hybrid heat pipe concept for dry storage cask is suggested for thermal management to enhance safety margin. Although current design of dry cask satisfies the design criteria, it cannot be assured to have long term storage period and designed lifetime. Introducing hybrid heat pipe concept to dry storage cask designed without disrupting structural integrity, it can enhance the overall safety characteristics with adequate thermal management to reduce overall temperature as well as criticality control. To evaluate thermal performance of hybrid heat pipe according to its design, CFD simulation was conducted and previous and revised design of hybrid heat pipe was compared in terms of temperature inside canister

  13. Criticality Safety Evaluation for the TACS at DAF

    Energy Technology Data Exchange (ETDEWEB)

    Percher, C. M. [Lawrence Livermore National Lab. (LLNL), Livermore, CA (United States); Heinrichs, D. P. [Lawrence Livermore National Lab. (LLNL), Livermore, CA (United States)

    2011-06-10

    Hands-on experimental training in the physical behavior of multiplying systems is one of ten key areas of training required for practitioners to become qualified in the discipline of criticality safety as identified in DOE-STD-1135-99, Guidance for Nuclear Criticality Safety Engineer Training and Qualification. This document is a criticality safety evaluation of the training activities and operations associated with HS-3201-P, Nuclear Criticality 4-Day Training Course (Practical). This course was designed to also address the training needs of nuclear criticality safety professionals under the auspices of the NNSA Nuclear Criticality Safety Program1. The hands-on, or laboratory, portion of the course will utilize the Training Assembly for Criticality Safety (TACS) and will be conducted in the Device Assembly Facility (DAF) at the Nevada Nuclear Security Site (NNSS). The training activities will be conducted by Lawrence Livermore National Laboratory following the requirements of an Integrated Work Sheet (IWS) and associated Safety Plan. Students will be allowed to handle the fissile material under the supervision of an LLNL Certified Fissile Material Handler.

  14. 2011 Annual Criticality Safety Program Performance Summary

    Energy Technology Data Exchange (ETDEWEB)

    Andrea Hoffman

    2011-12-01

    The 2011 review of the INL Criticality Safety Program has determined that the program is robust and effective. The review was prepared for, and fulfills Contract Data Requirements List (CDRL) item H.20, 'Annual Criticality Safety Program performance summary that includes the status of assessments, issues, corrective actions, infractions, requirements management, training, and programmatic support.' This performance summary addresses the status of these important elements of the INL Criticality Safety Program. Assessments - Assessments in 2011 were planned and scheduled. The scheduled assessments included a Criticality Safety Program Effectiveness Review, Criticality Control Area Inspections, a Protection of Controlled Unclassified Information Inspection, an Assessment of Criticality Safety SQA, and this management assessment of the Criticality Safety Program. All of the assessments were completed with the exception of the 'Effectiveness Review' for SSPSF, which was delayed due to emerging work. Although minor issues were identified in the assessments, no issues or combination of issues indicated that the INL Criticality Safety Program was ineffective. The identification of issues demonstrates the importance of an assessment program to the overall health and effectiveness of the INL Criticality Safety Program. Issues and Corrective Actions - There are relatively few criticality safety related issues in the Laboratory ICAMS system. Most were identified by Criticality Safety Program assessments. No issues indicate ineffectiveness in the INL Criticality Safety Program. All of the issues are being worked and there are no imminent criticality concerns. Infractions - There was one criticality safety related violation in 2011. On January 18, 2011, it was discovered that a fuel plate bundle in the Nuclear Materials Inspection and Storage (NMIS) facility exceeded the fissionable mass limit, resulting in a technical safety requirement (TSR) violation. The

  15. Critical/non-critical system methodology report

    International Nuclear Information System (INIS)

    1989-01-01

    The method used to determine how the waste Isolation Pilot Plant (WIPP) facilities/systems were classified as critical or non-critical to the receipt of CH waste is described within this report. All WIPP critical facilities/systems are listed in the Operational Readiness Review Dictionary. Using the Final Safety Analysis Report (FSAR) as a guide to define the boundaries of the facilities/systems, a direct correlation of the ORR Dictionary to the FSAR can be obtained. The critical facilities/systems are those which are directly related to or have a critical support role in the receipt of CH waste. The facility/systems must meet one of the following requirements to be considered critical: (a) confinement or measure of the release of radioactive materials; (b) continued receipt and/or storage of transuranic waste (TRU) without an interruption greater than one month according to the shipping plan schedule; (c) the environmental and occupational safety of personnel meets the established site programs; and (d) the physical security of the WIPP facilities

  16. The PSA of safety-critical digital I and C system: the determination of important factors and sensitivity analysis

    International Nuclear Information System (INIS)

    Kang, H. G.; Sung, T. Y.; Eom, H. S.; Jeong, H. S.; Park, J. K.; Lee, K. Y.; Park, J. K.

    2002-01-01

    This report is prepared to suggest a practical Probabilistic Safety Assessment (PSA) methodology of safety-critical digital instrumentation and control (I and C) systems. Even though conventional probabilistic safety assessment methods are immature for applying to microprocessor-based digital systems, practical needs force to apply it because the result of probabilistic safety assessment plays very important role in proving the safety of a designed system. Microprocessors and software technologies make the digital system very complex and hard to analyze the safety of their applications. The aim of this is: (1) To summarize the factors which should be represented by the model for probabilistic safety assessment and to propose a standpoint of evaluation for digital systems. (2) To quantitatively presents the results of a mathematical case study which examines the analysis framework of the safety of digital systems in the context of the PSA. (3) To show the results of a sensitivity study for some critical factors

  17. Plant safety review from mass criticality accident

    International Nuclear Information System (INIS)

    Susanto, B.G.

    2000-01-01

    The review has been done to understand the resent status of the plant in facing postulated mass criticality accident. From the design concept of the plant all the components in the system including functional groups have been designed based on favorable mass/geometry safety principle. The criticality safety for each component is guaranteed because all the dimensions relevant to criticality of the components are smaller than dimensions of 'favorable mass/geometry'. The procedures covering all aspects affecting quality including the safety related are developed and adhered to at all times. Staff are indoctrinated periodically in short training session to warn the important of the safety in process of production. The plant is fully equipped with 6 (six) criticality detectors in strategic places to alert employees whenever the postulated mass criticality accident occur. In the event of Nuclear Emergency Preparedness, PT BATAN TEKNOLOGI has also proposed the organization structure how promptly to report the crisis to Nuclear Energy Control Board (BAPETEN) Indonesia. (author)

  18. CSER 96-014: criticality safety of project W-151, 241-AZ-101 retrieval system process test

    Energy Technology Data Exchange (ETDEWEB)

    Vail, T.S., Fluor Daniel Hanford

    1997-02-06

    This Criticality Safety Evaluation Report (CSER) documents a review of the criticality safety implications of a process test to be performed in tank 241-AZ-101 (101-AZ). The process test will determine the effectiveness of the retrieval system for mobilization of solids and the practicality of the system for future use in the underground storage tanks at Hanford. The scope of the CSER extends only to the testing and operation of the mixer pumps and does not include the transfer of waste from the tank. Justification is provided that a nuclear criticality is extremely unlikely, if not impossible, in this tank.

  19. Nuclear criticality safety guide

    International Nuclear Information System (INIS)

    Pruvost, N.L.; Paxton, H.C.

    1996-09-01

    This technical reference document cites information related to nuclear criticality safety principles, experience, and practice. The document also provides general guidance for criticality safety personnel and regulators

  20. Nuclear criticality safety guide

    Energy Technology Data Exchange (ETDEWEB)

    Pruvost, N.L.; Paxton, H.C. [eds.

    1996-09-01

    This technical reference document cites information related to nuclear criticality safety principles, experience, and practice. The document also provides general guidance for criticality safety personnel and regulators.

  1. Fault tree synthesis for software design analysis of PLC based safety-critical systems

    International Nuclear Information System (INIS)

    Koo, S. R.; Cho, C. H.; Seong, P. H.

    2006-01-01

    As a software verification and validation should be performed for the development of PLC based safety-critical systems, a software safety analysis is also considered in line with entire software life cycle. In this paper, we propose a technique of software safety analysis in the design phase. Among various software hazard analysis techniques, fault tree analysis is most widely used for the safety analysis of nuclear power plant systems. Fault tree analysis also has the most intuitive notation and makes both qualitative and quantitative analyses possible. To analyze the design phase more effectively, we propose a technique of fault tree synthesis, along with a universal fault tree template for the architecture modules of nuclear software. Consequently, we can analyze the safety of software on the basis of fault tree synthesis. (authors)

  2. How to interpret safety critical failures in risk and reliability assessments

    International Nuclear Information System (INIS)

    Selvik, Jon Tømmerås; Signoret, Jean-Pierre

    2017-01-01

    Management of safety systems often receives high attention due to the potential for industrial accidents. In risk and reliability literature concerning such systems, and particularly concerning safety-instrumented systems, one frequently comes across the term ‘safety critical failure’. It is a term associated with the term ‘critical failure’, and it is often deduced that a safety critical failure refers to a failure occurring in a safety critical system. Although this is correct in some situations, it is not matching with for example the mathematical definition given in ISO/TR 12489:2013 on reliability modeling, where a clear distinction is made between ‘safe failures’ and ‘dangerous failures’. In this article, we show that different interpretations of the term ‘safety critical failure’ exist, and there is room for misinterpretations and misunderstandings regarding risk and reliability assessments where failure information linked to safety systems are used, and which could influence decision-making. The article gives some examples from the oil and gas industry, showing different possible interpretations of the term. In particular we discuss the link between criticality and failure. The article points in general to the importance of adequate risk communication when using the term, and gives some clarification on interpretation in risk and reliability assessments.

  3. Evaluating Models of Human Performance: Safety-Critical Systems Applications

    Science.gov (United States)

    Feary, Michael S.

    2012-01-01

    This presentation is part of panel discussion on Evaluating Models of Human Performance. The purpose of this panel is to discuss the increasing use of models in the world today and specifically focus on how to describe and evaluate models of human performance. My presentation will focus on discussions of generating distributions of performance, and the evaluation of different strategies for humans performing tasks with mixed initiative (Human-Automation) systems. I will also discuss issues with how to provide Human Performance modeling data to support decisions on acceptability and tradeoffs in the design of safety critical systems. I will conclude with challenges for the future.

  4. Criticality safety

    International Nuclear Information System (INIS)

    Walker, G.

    1983-01-01

    When a sufficient quantity of fissile material is brought together a self-sustaining neutron chain reaction will be started in it and will continue until some change occurs in the fissile material to stop the chain reaction. The quantity of fissile material required is the 'Critical Mass'. This is not a fixed quantity even for a given type of fissile material but varies between quite wide limits depending on a number of factors. In a nuclear reactor the critical mass of fissile material is assembled under well-defined condition to produce a controllable chain reaction. The same materials have to be handled outside the reactor in all stages of fuel element manufacture, storage, transport and irradiated fuel reprocessing. At any stage it is possible (at least in principle) to assemble a critical mass and thus initiate an accidental and uncontrollable chain reaction. Avoiding this is what criticality safety is all about. A system is just critical when the rate of production of neutrons balances the rate of loss either by escape or by absorption. The factors affecting criticality are, therefore, those which effect neutron production and loss. The principal ones are:- type of nuclide and enrichment (or isotopic composition), moderation, reflection, concentration (density), shape and interaction. Each factor is considered in detail. (author)

  5. 48 CFR 209.270 - Aviation and ship critical safety items.

    Science.gov (United States)

    2010-10-01

    ... Requirements 209.270 Aviation and ship critical safety items. ... 48 Federal Acquisition Regulations System 3 2010-10-01 2010-10-01 false Aviation and ship critical safety items. 209.270 Section 209.270 Federal Acquisition Regulations System DEFENSE ACQUISITION...

  6. Analysis of Critical Characteristics for Safety Graded Personnel Computers in the KNICS Architecture

    International Nuclear Information System (INIS)

    Lee, Hyun Chul; Lee, Dong Young

    2009-01-01

    Critical characteristics analysis of a safety related item is to identify characteristics to be verified to replace an original item with the dedicated item. It is sure that the dedicated item meeting critical characteristics would perform its intended safety function instead of the specified item. KNICS project developed two safety systems: IDiPS RPS (Reactor Protection System) and IDiPS ESF-CCS (Engineered Safety Features-Component Control System). Two safety systems of IDiPS are equipped with personnel computers, so-called COMs (Cabinet Operator Modules), in their cabinets. The personnel computers, COMs, are responsible for safety system monitoring, testing, and maintaining. Even though two safety systems are safety critical system, the personnel computers of two systems, i.e. COMs, are not graded as safety-graded items. Regulation requirements are expected to be strengthened, and the functions of the personnel computer may be enhanced to include safety-related functions and safety functions, it would be necessary that the grade of the personnel computers is adjusted to a higher level, the safety grade. To try to upgrade a non safety system, i.e. COMs, to a safety system, its safety functions and requirements, i.e. critical characteristics, must be identified and verified. This paper describes the process of the identification of critical characteristics and the results of analysis

  7. Request from nuclear fuel cycle and criticality safety design

    International Nuclear Information System (INIS)

    Hamasaki, Manabu; Sakashita, Kiichiro; Natsume, Toshihiro

    2005-01-01

    The quality and reliability of criticality safety design of nuclear fuel cycle systems such as fuel fabrication facilities, fuel reprocessing facilities, storage systems of various forms of nuclear materials or transportation casks have been largely dependent on the quality of criticality safety analyses using qualified criticality calculation code systems and reliable nuclear data sets. In this report, we summarize the characteristics of the nuclear fuel cycle systems and the perspective of the requirements for the nuclear data, with brief comments on the recent issue about spent fuel disposal. (author)

  8. Nuclear criticality information system

    International Nuclear Information System (INIS)

    Koponen, B.L.; Hampel, V.E.

    1981-01-01

    The nuclear criticality safety program at LLNL began in the 1950's with a critical measurements program which produced benchmark data until the late 1960's. This same time period saw the rapid development of computer technology useful for both computer modeling of fissile systems and for computer-aided management and display of the computational benchmark data. Database management grew in importance as the amount of information increased and as experimental programs were terminated. Within the criticality safety program at LLNL we began at that time to develop a computer library of benchmark data for validation of computer codes and cross sections. As part of this effort, we prepared a computer-based bibliography of criticality measurements on relatively simple systems. However, it is only now that some of these computer-based resources can be made available to the nuclear criticality safety community at large. This technology transfer is being accomplished by the DOE Technology Information System (TIS), a dedicated, advanced information system. The NCIS database is described

  9. Managing hybrid marketing systems.

    Science.gov (United States)

    Moriarty, R T; Moran, U

    1990-01-01

    As competition increases and costs become critical, companies that once went to market only one way are adding new channels and using new methods - creating hybrid marketing systems. These hybrid marketing systems hold the promise of greater coverage and reduced costs. But they are also hard to manage; they inevitably raise questions of conflict and control: conflict because marketing units compete for customers; control because new indirect channels are less subject to management authority. Hard as they are to manage, however, hybrid marketing systems promise to become the dominant design, replacing the "purebred" channel strategy in all kinds of businesses. The trick to managing the hybrid is to analyze tasks and channels within and across a marketing system. A map - the hybrid grid - can help managers make sense of their hybrid system. What the chart reveals is that channels are not the basic building blocks of a marketing system; marketing tasks are. The hybrid grid forces managers to consider various combinations of channels and tasks that will optimize both cost and coverage. Managing conflict is also an important element of a successful hybrid system. Managers should first acknowledge the inevitability of conflict. Then they should move to bound it by creating guidelines that spell out which customers to serve through which methods. Finally, a marketing and sales productivity (MSP) system, consisting of a central marketing database, can act as the central nervous system of a hybrid marketing system, helping managers create customized channels and service for specific customer segments.

  10. Method of V ampersand V for safety-critical software in NPPs

    International Nuclear Information System (INIS)

    Kim, Jang-Yeol; Lee, Jang-Soo; Kwon, Kee-Choon

    1997-01-01

    Safety-critical software is software used in systems in which a failure could affect personal or equipment safety or result in large financial or social loss. Examples of systems using safety-critical software are systems such as plant protection systems in nuclear power plants (NPPs), process control systems in chemical plants, and medical instruments such as the Therac-25 medical accelerator. This paper presents verification and validation (V ampersand V) methodology for safety-critical software in NPP safety systems. In addition, it addresses issues related to NPP safety systems, such as independence parameters, software safety analysis (SSA) concepts, commercial off-the-shelf (COTS) software evaluation criteria, and interrelationships among software and system assurance organizations. It includes the concepts of existing industrial standards on software V ampersand V, Institute of Electrical and Electronics Engineers (IEEE) Standards 1012 and 1059. This safety-critical software V ampersand V methodology covers V ampersand V scope, a regulatory framework as part of its acceptance criteria, V ampersand V activities and task entrance and exit criteria, reviews and audits, testing and quality assurance records of V ampersand V material, configuration management activities related to V ampersand V, and software V ampersand V (SVV) plan (SVVP) production

  11. Safety analysis of coupling system of hybrid (MED-RO) nuclear desalination system utilising waste heat from HTGR

    International Nuclear Information System (INIS)

    Raha, Abhijit; Kishore, G.; Rao, I.S.; Adak, A.K.; Srivastava, V.K.; Prabhakar, S.; Tewari, P.K.

    2010-01-01

    To meet the generation IV goals, High Temperature Gas Cooled Reactors (HTGRs) are designed to have relatively higher thermal efficiency and enhanced safety and environmental characteristics. It can provide energy for combined production of hydrogen, electricity and other industrial applications. The waste heat available in the HTGR power cycle can also be utilized for the desalination of seawater for producing potable water. Desalination is an energy intensive process, so use of waste heat from HTGR certainly makes desalination process more affordable to create fresh water resources. So design of the coupling system, as per the safety design requirement of nuclear desalination plant, of desalination plant with HTGR is very crucial. In the first part of this paper, design of the coupling system between hybrid Multi Effect Desalination-Reverse Osmosis (MED-RO) nuclear desalination plant and HTGR to utilize the waste heat in HTGR are discussed. In the next part deterministic safety analysis of the designed coupling system of are presented in detail. It was found that all the coupling system meets the acceptance criteria for all the Postulated Initiating Events (PIE's) limited to DBA. (author)

  12. Criticality safety validation: Simple geometry, single unit {sup 233}U systems

    Energy Technology Data Exchange (ETDEWEB)

    Putman, V.L.

    1997-06-01

    Typically used LMITCO criticality safety computational methods are evaluated for suitability when applied to INEEL {sup 233}U systems which reasonably can be modeled as simple-geometry, single-unit systems. Sixty-seven critical experiments of uranium highly enriched in {sup 233}U, including 57 aqueous solution, thermal-energy systems and 10 metal, fast-energy systems, were modeled. These experiments include 41 cylindrical and 26 spherical cores, and 41 reflected and 26 unreflected systems. No experiments were found for intermediate-neutron-energy ranges, or with interstitial non-hydrogenous materials typical of waste systems, mixed {sup 233}U and plutonium, or reflectors such as steel, lead, or concrete. No simple geometry experiments were found with cubic or annular cores, or approximating infinite sea systems. Calculations were performed with various tools and methodologies. Nine cross-section libraries, based on ENDF/B-IV, -V, or -VI.2, or on Hansen-Roach source data, were used with cross-section processing methods of MCNP or SCALE. The k{sub eff} calculations were performed with neutral-particle transport and Monte Carlo methods of criticality codes DANT, MCNP 4A, and KENO Va.

  13. Novel Hybrid Scheduling Technique for Sensor Nodes with Mixed Criticality Tasks

    Directory of Open Access Journals (Sweden)

    Mihai-Victor Micea

    2017-06-01

    Full Text Available Sensor networks become increasingly a key technology for complex control applications. Their potential use in safety- and time-critical domains has raised the need for task scheduling mechanisms specially adapted to sensor node specific requirements, often materialized in predictable jitter-less execution of tasks characterized by different criticality levels. This paper offers an efficient scheduling solution, named Hybrid Hard Real-Time Scheduling (H2RTS, which combines a static, clock driven method with a dynamic, event driven scheduling technique, in order to provide high execution predictability, while keeping a high node Central Processing Unit (CPU utilization factor. From the detailed, integrated schedulability analysis of the H2RTS, a set of sufficiency tests are introduced and demonstrated based on the processor demand and linear upper bound metrics. The performance and correct behavior of the proposed hybrid scheduling technique have been extensively evaluated and validated both on a simulator and on a sensor mote equipped with ARM7 microcontroller.

  14. Novel Hybrid Scheduling Technique for Sensor Nodes with Mixed Criticality Tasks.

    Science.gov (United States)

    Micea, Mihai-Victor; Stangaciu, Cristina-Sorina; Stangaciu, Valentin; Curiac, Daniel-Ioan

    2017-06-26

    Sensor networks become increasingly a key technology for complex control applications. Their potential use in safety- and time-critical domains has raised the need for task scheduling mechanisms specially adapted to sensor node specific requirements, often materialized in predictable jitter-less execution of tasks characterized by different criticality levels. This paper offers an efficient scheduling solution, named Hybrid Hard Real-Time Scheduling (H²RTS), which combines a static, clock driven method with a dynamic, event driven scheduling technique, in order to provide high execution predictability, while keeping a high node Central Processing Unit (CPU) utilization factor. From the detailed, integrated schedulability analysis of the H²RTS, a set of sufficiency tests are introduced and demonstrated based on the processor demand and linear upper bound metrics. The performance and correct behavior of the proposed hybrid scheduling technique have been extensively evaluated and validated both on a simulator and on a sensor mote equipped with ARM7 microcontroller.

  15. Physics related to control and safety of hybrid systems; Physique associee au controle et a la surete des systemes hybrides

    Energy Technology Data Exchange (ETDEWEB)

    Gueton, O

    2001-12-01

    Regarding nuclear waste management, ADS can be considered as large minor actinides burners. In a first part, a critical analysis of different reactor types shows that fast spectrum, helium coolant and nitride fuel, containing 100% minor actinides, agree perfectly with the high transmutation requirements of ADS. The control and safety demonstration of this system represents the main purpose of this study. Understanding spatial and dynamic behaviour of ADS flux is absolutely necessary. For this purpose, we have defined an indicator to quantify spatial decoupling. It shows, on the one hand, point kinetic deficiency to study local transients, and on the other hand, perturbations propagation differences between ADS and critical cores. Then, in a more concrete approach, accidental sequences (source transient, beam de-focalization, reactivity insertions, loss of flow, depressurization) are evaluated for this core, strongly loaded with minor actinides. It is shown that the automatic beam shutdown leads to preserve large safety margins for all studied transients. The accelerator emergency stop is induced by an unexpected evolution of the core control parameters. These parameters, except reactivity, can be directly measured in subcritical systems like in critical ones. Concerning reactivity, we suggest a new method for its absolute determination in ADS: at the time of reactor start-up, the reactivity must be calibrated by coupling two methods of relative reactivity measurements (pulsed source and Approached Source Multiplication) for successive subcritical levels. After that, the on-line follow-up of reactivity is obtained from this calibration like in a critical core. (authors)

  16. Agility in Development of Safety-Critical Software: A Conceptual Model

    DEFF Research Database (Denmark)

    Tordrup Heeager, Lise; Nielsen, Peter Axel

    2018-01-01

    Safety-critical information systems are being used increasingly as we see applications in new areas such as personal medical devices, traffic control and detection of pathogens. A current research debate is whether safety-critical systems must be developed with traditional waterfall processes...

  17. Stochastic Reachability Analysis of Hybrid Systems

    CERN Document Server

    Bujorianu, Luminita Manuela

    2012-01-01

    Stochastic reachability analysis (SRA) is a method of analyzing the behavior of control systems which mix discrete and continuous dynamics. For probabilistic discrete systems it has been shown to be a practical verification method but for stochastic hybrid systems it can be rather more. As a verification technique SRA can assess the safety and performance of, for example, autonomous systems, robot and aircraft path planning and multi-agent coordination but it can also be used for the adaptive control of such systems. Stochastic Reachability Analysis of Hybrid Systems is a self-contained and accessible introduction to this novel topic in the analysis and development of stochastic hybrid systems. Beginning with the relevant aspects of Markov models and introducing stochastic hybrid systems, the book then moves on to coverage of reachability analysis for stochastic hybrid systems. Following this build up, the core of the text first formally defines the concept of reachability in the stochastic framework and then...

  18. Intermediate probabilistic safety assessment approach for safety critical digital systems

    International Nuclear Information System (INIS)

    Taeyong, Sung; Hyun Gook, Kang

    2001-01-01

    Even though the conventional probabilistic safety assessment methods are immature for applying to microprocessor-based digital systems, practical needs force to apply it. In the Korea, UCN 5 and 6 units are being constructed and Korean Next Generation Reactor is being designed using the digital instrumentation and control equipment for the safety related functions. Korean regulatory body requires probabilistic safety assessment. This paper analyzes the difficulties on the assessment of digital systems and suggests an intermediate framework for evaluating their safety using fault tree models. The framework deals with several important characteristics of digital systems including software modules and fault-tolerant features. We expect that the analysis result will provide valuable design feedback. (authors)

  19. Software safety analysis techniques for developing safety critical software in the digital protection system of the LMR

    Energy Technology Data Exchange (ETDEWEB)

    Lee, Jang Soo; Cheon, Se Woo; Kim, Chang Hoi; Sim, Yun Sub

    2001-02-01

    This report has described the software safety analysis techniques and the engineering guidelines for developing safety critical software to identify the state of the art in this field and to give the software safety engineer a trail map between the code and standards layer and the design methodology and documents layer. We have surveyed the management aspects of software safety activities during the software lifecycle in order to improve the safety. After identifying the conventional safety analysis techniques for systems, we have surveyed in details the software safety analysis techniques, software FMEA(Failure Mode and Effects Analysis), software HAZOP(Hazard and Operability Analysis), and software FTA(Fault Tree Analysis). We have also surveyed the state of the art in the software reliability assessment techniques. The most important results from the reliability techniques are not the specific probability numbers generated, but the insights into the risk importance of software features. To defend against potential common-mode failures, high quality, defense-in-depth, and diversity are considered to be key elements in digital I and C system design. To minimize the possibility of CMFs and thus increase the plant reliability, we have provided D-in-D and D analysis guidelines.

  20. Software safety analysis techniques for developing safety critical software in the digital protection system of the LMR

    International Nuclear Information System (INIS)

    Lee, Jang Soo; Cheon, Se Woo; Kim, Chang Hoi; Sim, Yun Sub

    2001-02-01

    This report has described the software safety analysis techniques and the engineering guidelines for developing safety critical software to identify the state of the art in this field and to give the software safety engineer a trail map between the code and standards layer and the design methodology and documents layer. We have surveyed the management aspects of software safety activities during the software lifecycle in order to improve the safety. After identifying the conventional safety analysis techniques for systems, we have surveyed in details the software safety analysis techniques, software FMEA(Failure Mode and Effects Analysis), software HAZOP(Hazard and Operability Analysis), and software FTA(Fault Tree Analysis). We have also surveyed the state of the art in the software reliability assessment techniques. The most important results from the reliability techniques are not the specific probability numbers generated, but the insights into the risk importance of software features. To defend against potential common-mode failures, high quality, defense-in-depth, and diversity are considered to be key elements in digital I and C system design. To minimize the possibility of CMFs and thus increase the plant reliability, we have provided D-in-D and D analysis guidelines

  1. Towards the Verification of Safety-critical Autonomous Systems in Dynamic Environments

    Directory of Open Access Journals (Sweden)

    Adina Aniculaesei

    2016-12-01

    Full Text Available There is an increasing necessity to deploy autonomous systems in highly heterogeneous, dynamic environments, e.g. service robots in hospitals or autonomous cars on highways. Due to the uncertainty in these environments, the verification results obtained with respect to the system and environment models at design-time might not be transferable to the system behavior at run time. For autonomous systems operating in dynamic environments, safety of motion and collision avoidance are critical requirements. With regard to these requirements, Macek et al. [6] define the passive safety property, which requires that no collision can occur while the autonomous system is moving. To verify this property, we adopt a two phase process which combines static verification methods, used at design time, with dynamic ones, used at run time. In the design phase, we exploit UPPAAL to formalize the autonomous system and its environment as timed automata and the safety property as TCTL formula and to verify the correctness of these models with respect to this property. For the runtime phase, we build a monitor to check whether the assumptions made at design time are also correct at run time. If the current system observations of the environment do not correspond to the initial system assumptions, the monitor sends feedback to the system and the system enters a passive safe state.

  2. Validation of Safety-Critical Systems for Aircraft Loss-of-Control Prevention and Recovery

    Science.gov (United States)

    Belcastro, Christine M.

    2012-01-01

    Validation of technologies developed for loss of control (LOC) prevention and recovery poses significant challenges. Aircraft LOC can result from a wide spectrum of hazards, often occurring in combination, which cannot be fully replicated during evaluation. Technologies developed for LOC prevention and recovery must therefore be effective under a wide variety of hazardous and uncertain conditions, and the validation framework must provide some measure of assurance that the new vehicle safety technologies do no harm (i.e., that they themselves do not introduce new safety risks). This paper summarizes a proposed validation framework for safety-critical systems, provides an overview of validation methods and tools developed by NASA to date within the Vehicle Systems Safety Project, and develops a preliminary set of test scenarios for the validation of technologies for LOC prevention and recovery

  3. Calculational study for criticality safety data of fissionable actinides

    International Nuclear Information System (INIS)

    Nojiri, Ichiro; Fukasaku, Yasuhiro.

    1997-01-01

    This study has been carried out to obtain basic criticality safety characteristics of minor actinides nuclides. Criticality safety data of minor actinides nuclides have been surveyed through public literatures. Critical mass of seven nuclides, Np-237, Am-241, Am-242m, Am-243, Cm-243, Cm-244 and Cm-245, have been calculated by using two code systems of criticality safety analysis, SCALE-4 and MCNP4A, under some material and reflector conditions. Some applicable cross-section libraries have been used for each code systems. Calculated data have been compared with each other and with published data. The results of this comparison shows that there is no discrepancy within the computational codes and the calculated data is strongly depend on the cross-section library. (author)

  4. Safety culture and subcontractor network governance in a complex safety critical project

    International Nuclear Information System (INIS)

    Oedewald, Pia; Gotcheva, Nadezhda

    2015-01-01

    In safety critical industries many activities are currently carried out by subcontractor networks. Nevertheless, there are few studies where the core dimensions of resilience would have been studied in safety critical network activities. This paper claims that engineering resilience into a system is largely about steering the development of culture of the system towards better ability to anticipate, monitor, respond and learn. Thus, safety culture literature has relevance in resilience engineering field. This paper analyzes practical and theoretical challenges in applying the concept of safety culture in a complex, dynamic network of subcontractors involved in the construction of a new nuclear power plant in Finland, Olkiluoto 3. The concept of safety culture is in focus since it is widely used in nuclear industry and bridges the scientific and practical interests. This paper approaches subcontractor networks as complex systems. However, the management model of the Olkiluoto 3 project is to a large degree a traditional top-down hierarchy, which creates a mismatch between the management approach and the characteristics of the system to be managed. New insights were drawn from network governance studies. - Highlights: • We studied a relevant topical subject safety culture in nuclear new build project. • We integrated safety science challenges and network governance studies. • We produced practicable insights in managing safety of subcontractor networks

  5. Determination of safety specifications as for criticality in pipelines systems with intersection

    International Nuclear Information System (INIS)

    Santos, R. dos; Vellozo, S.O.

    1982-01-01

    By the Monte Carlo method, criticality calculations were done for pipelines with several types of reflexion and configurations, filled with solution of plutonium nitrate, with 100 per cent of weight of Pu-239 isotope, in water. From the more simple pipeline intersection condition, type T, an intersection type cross and Double cross are studied. A second central column is aded. The intersections are studied in the minimal, nominal and maximal reflexion condition. Critical safety values are presented for some systems. (E.G.) [pt

  6. SCALE 5: Powerful new criticality safety analysis tools

    International Nuclear Information System (INIS)

    Bowman, Stephen M.; Hollenbach, Daniel F.; Dehart, Mark D.; Rearden, Bradley T.; Gauld, Ian C.; Goluoglu, Sedat

    2003-01-01

    Version 5 of the SCALE computer software system developed at Oak Ridge National Laboratory, scheduled for release in December 2003, contains several significant new modules and sequences for criticality safety analysis and marks the most important update to SCALE in more than a decade. This paper highlights the capabilities of these new modules and sequences, including continuous energy flux spectra for processing multigroup problem-dependent cross sections; one- and three-dimensional sensitivity and uncertainty analyses for criticality safety evaluations; two-dimensional flexible mesh discrete ordinates code; automated burnup-credit analysis sequence; and one-dimensional material distribution optimization for criticality safety. (author)

  7. SCALE Graphical Developments for Improved Criticality Safety Analyses

    International Nuclear Information System (INIS)

    Barnett, D.L.; Bowman, S.M.; Horwedel, J.E.; Petrie, L.M.

    1999-01-01

    New computer graphic developments at Oak Ridge National Ridge National Laboratory (ORNL) are being used to provide visualization of criticality safety models and calculational results as well as tools for criticality safety analysis input preparation. The purpose of this paper is to present the status of current development efforts to continue to enhance the SCALE (Standardized Computer Analyses for Licensing Evaluations) computer software system. Applications for criticality safety analysis in the areas of 3-D model visualization, input preparation and execution via a graphical user interface (GUI), and two-dimensional (2-D) plotting of results are discussed

  8. Formal verification and validation of the safety-critical software in a digital reactor protection system

    International Nuclear Information System (INIS)

    Kwon, K. C.; Park, G. Y.

    2006-01-01

    This paper describes the Verification and Validation (V and V) activities for the safety-critical software in a Digital Reactor Protection System (DRPS) that is being developed through the Korea nuclear instrumentation and control system project. The main activities of the DRPS V and V process are a preparation of the software planning documentation, a verification of the software according to the software life cycle, a software safety analysis and a software configuration management. The verification works for the Software Requirement Specification (SRS) of the DRPS consist of a technical evaluation, a licensing suitability evaluation, a inspection and traceability analysis, a formal verification, and preparing a test plan and procedure. Especially, the SRS is specified by the formal specification method in the development phase, and the formal SRS is verified by a formal verification method. Through these activities, we believe we can achieve the functionality, performance, reliability, and safety that are the major V and V objectives of the nuclear safety-critical software in a DRPS. (authors)

  9. KAERI software verification and validation guideline for developing safety-critical software in digital I and C system of NPP

    Energy Technology Data Exchange (ETDEWEB)

    Kim, Jang Yeol; Lee, Jang Soo; Eom, Heung Seop

    1997-07-01

    This technical report is to present V and V guideline development methodology for safety-critical software in NPP safety system. Therefore it is to present V and V guideline of planning phase for the NPP safety system in addition to critical safety items, for example, independence philosophy, software safety analysis concept, commercial off the shelf (COTS) software evaluation criteria, inter-relationships between other safety assurance organizations, including the concepts of existing industrial standard, IEEE Std-1012, IEEE Std-1059. This technical report includes scope of V and V guideline, guideline framework as part of acceptance criteria, V and V activities and task entrance as part of V and V activity and exit criteria, review and audit, testing and QA records of V and V material and configuration management, software verification and validation plan production etc., and safety-critical software V and V methodology. (author). 11 refs.

  10. KAERI software verification and validation guideline for developing safety-critical software in digital I and C system of NPP

    International Nuclear Information System (INIS)

    Kim, Jang Yeol; Lee, Jang Soo; Eom, Heung Seop.

    1997-07-01

    This technical report is to present V and V guideline development methodology for safety-critical software in NPP safety system. Therefore it is to present V and V guideline of planning phase for the NPP safety system in addition to critical safety items, for example, independence philosophy, software safety analysis concept, commercial off the shelf (COTS) software evaluation criteria, inter-relationships between other safety assurance organizations, including the concepts of existing industrial standard, IEEE Std-1012, IEEE Std-1059. This technical report includes scope of V and V guideline, guideline framework as part of acceptance criteria, V and V activities and task entrance as part of V and V activity and exit criteria, review and audit, testing and QA records of V and V material and configuration management, software verification and validation plan production etc., and safety-critical software V and V methodology. (author). 11 refs

  11. Safety Verification for Probabilistic Hybrid Systems

    Czech Academy of Sciences Publication Activity Database

    Zhang, J.; She, Z.; Ratschan, Stefan; Hermanns, H.; Hahn, E.M.

    2012-01-01

    Roč. 18, č. 6 (2012), s. 572-587 ISSN 0947-3580 R&D Projects: GA MŠk OC10048; GA ČR GC201/08/J020 Institutional research plan: CEZ:AV0Z10300504 Keywords : model checking * hybrid system s * formal verification Subject RIV: IN - Informatics, Computer Science Impact factor: 1.250, year: 2012

  12. NCIS: a nuclear criticality information system

    International Nuclear Information System (INIS)

    Koponen, B.L.; Hampel, V.E.

    1984-01-01

    The NCIS is one of the developments carried out to meet the requirements in the field of criticality safety information. Its primary goal is to enhance nuclear criticality safety by dissemination of data, standards, and training material. This paper presents the ''NCIS'' progess since 1950: computer-searching, database management, nuclear critical experiments bibliography. American Nuclear Society transactions criticality safety publications compilation, edition of a personnel directory representing over 140 organizations located in 16 countries and showing a wide range of specialists involved in the field of nuclear criticality safety. The NCIS uses the information management and communication resources of TIS (Technology Information System): automated access procedures; creation of program-dependent information systems; communications. The NCIS is still in a growing, formative stage; it has concentrated first on collecting and organizing the nuclear criticality literature; nuclear critical data, calculational tools, standards, and training materials will follow. Finally the planned and contemplated resources are dealt with: expansion of bibliographic compilations; news database; fundamental criticality safety reference; criticality benchmarck database; user community; training resources; related resources; criticality accident database; dynamic databook; dynamic textbook; expert knowledge system; and, extraction of intelligence

  13. Hybrid system concepts

    International Nuclear Information System (INIS)

    Landeyro, P.A.

    1995-01-01

    Hybrid systems studied for fissile material production, were reconsidered for minor actinide and long-lived fission product destruction as alternative to the traditional final disposal of nuclear waste. Now there are attempts to extend the use of the concepts developed for minor actinide incineration to plutonium burning. The most promising hybrid system concept considers fuel and target both as liquids. From the results obtained, the possibility to adopt composite targets seems the most promising solution, but still there remains the problem of Pu production, not acceptable in a burning system. This kind of targets can be mainly used for fissile material production, while for accelerator driven burners it is most convenient to use a liquid lead target. The most suitable solvent is heavy water for minor actinide annihilation in the blanket of a hybrid system. Due to the criticality conditions and the necessity of electric energy production, the blanket using plutonium dissolved in molten salts is the most convenient one. (author)

  14. Test process for the safety-critical embedded software

    International Nuclear Information System (INIS)

    Sung, Ahyoung; Choi, Byoungju; Lee, Jangsoo

    2004-01-01

    Digitalization of nuclear Instrumentation and Control (I and C) system requires high reliability of not only hardware but also software. Verification and Validation (V and V) process is recommended for software reliability. But a more quantitative method is necessary such as software testing. Most of software in the nuclear I and C system is safety-critical embedded software. Safety-critical embedded software is specified, verified and developed according to V and V process. Hence two types of software testing techniques are necessary for the developed code. First, code-based software testing is required to examine the developed code. Second, after code-based software testing, software testing affected by hardware is required to reveal the interaction fault that may cause unexpected results. We call the testing of hardware's influence on software, an interaction testing. In case of safety-critical embedded software, it is also important to consider the interaction between hardware and software. Even if no faults are detected when testing either hardware or software alone, combining these components may lead to unexpected results due to the interaction. In this paper, we propose a software test process that embraces test levels, test techniques, required test tasks and documents for safety-critical embedded software. We apply the proposed test process to safety-critical embedded software as a case study, and show the effectiveness of it. (author)

  15. Criticality safety (prospect of study in NUCEF)

    International Nuclear Information System (INIS)

    Itagaki, Masafumi

    1996-01-01

    Experimental studies of criticality safety are under way using STACY and TRACY in NUCEF. Collection of fundamental data on criticality in a solution system is undergoing with STACY to confirm that the likelihood of criticality safety in the system constructed on the assumption of apparatuses in a reprocessing plant is enough large. Whereas some experiments simulating criticality accidents in a reprocessing plant using TRACY were designed to investigate the behaviors of fuel solution and radioactive matters in order to clarify whether it is possible to safely shut them in the facility even if a critical accident occurs. Both STACY and TRACY reached the criticality in 1995. Up to now a series of criticality experiments have been done using STACY with a core tank φ60 cm and the first periodical examination is now under way. On the other hand, we have a plan using TRACY to investigate the behaviors of nuclear heat solution at a criticality accident, and the releasing, transfer and deposition of radioactive materials. After reaching the criticality for the first, the performance verification test has been conducted. The full-scale study using TRACY is planned to begin in the second half of 1996. (M.N.)

  16. PWR hybrid computer model for assessing the safety implications of control systems

    International Nuclear Information System (INIS)

    Smith, O.L.; Renier, J.P.; Difilippo, F.C.; Clapp, N.E.; Sozer, A.; Booth, R.S.; Craddick, W.G.; Morris, D.G.

    1986-03-01

    The ORNL study of safety-related aspects of nuclear power plant control systems consists of two interrelated tasks: (1) failure mode and effects analysis (FMEA) that identified single and multiple component failures that might lead to significant plant upsets and (2) computer models that used these failures as initial conditions and traced the dynamic impact on the control system and remainder of the plant. This report describes the simulation of Oconee Unit 1, the first plant analyzed. A first-principles, best-estimate model was developed and implemented on a hybrid computer consisting of AD-4 analog and PDP-10 digital machines. Controls were placed primarily on the analog to use its interactive capability to simulate operator action. 48 refs., 138 figs., 15 tabs

  17. Applicability of object-oriented design methods and C++ to safety-critical systems

    International Nuclear Information System (INIS)

    Cuthill, B.B.

    1994-01-01

    This paper reports on a study identifying risks and benefits of using a software development methodology containing object-oriented design (OOD) techniques and using C++ as a programming language relative to selected features of safety-critical systems development. These features are modularity, functional diversity, removing ambiguous code, traceability, and real-time performance

  18. Criticality Safety in the Handling of Fissile Material. Specific Safety Guide

    Energy Technology Data Exchange (ETDEWEB)

    NONE

    2014-05-15

    This Safety Guide provides guidance and recommendations on how to meet the relevant requirements for ensuring subcriticality when dealing with fissile material and for planning the response to criticality accidents. The guidance and recommendations are applicable to both regulatory bodies and operating organizations. The objectives of criticality safety are to prevent a self-sustained nuclear chain reaction and to minimize the consequences of this if it were to occur. The Safety Guide makes recommendations on how to ensure subcriticality in systems involving fissile materials during normal operation, anticipated operational occurrences, and, in the case of accident conditions, within design basis accidents, from initial design through commissioning, operation, and decommissioning and disposal.

  19. Criticality safety evaluations - a open-quotes stalking horseclose quotes for integrated safety assessment

    International Nuclear Information System (INIS)

    Williams, R.A.

    1995-01-01

    The Columbia Fuel Fabrication Facility of the Westinghouse Commercial Nuclear Fuel Division manufactures low-enriched uranium fuel and associated components for use in commercial pressurized water power reactors. To support development of a comprehensive integrated safety assessment (ISA) for the facility, as well as to address increasing U.S. Nuclear Regulatory Commission (NRC) expectations regarding such a facility's criticality safety assessments, a project is under way to complete criticality safety evaluations (CSEs) of all plant systems used in processing nuclear materials. Each CSE is made up of seven sections, prepared by a multidisciplinary team of process engineers, systems engineers, safety engineers, maintenance representatives, and operators. This paper provides a cursory outline of the type of information presented in a CSE

  20. Nuclear criticality safety guide

    International Nuclear Information System (INIS)

    Ro, Seong Ki; Shin, Hee Seong; Park, Seong Won; Shin, Young Joon.

    1997-06-01

    Nuclear criticality safety guide was described for handling, transportation and storage of nuclear fissile materials in this report. The major part of the report was excerpted frp, TID-7016(revision 2) and nuclear criticality safety written by Knief. (author). 16 tabs., 44 figs., 5 refs

  1. French safety and criticality testing programmes

    International Nuclear Information System (INIS)

    Barbry, F.; Leclerc, J.; Manaranche, J.C.; Maubert, L.

    1982-01-01

    This article underlines the need to include experimental safety-criticality programmes in the French nuclear effort. The means and methods used at the Section of Experimental Nuclear Safety and Criticality Research, attached to the CEA Valduc Centre, are described. Three experimental programmes are presented: safety-criticality of the PWR fuel cycle, neutron poisoning of plutonium solutions by gadolinium and safety-criticality of slightly enriched and slightly moderated uranium oxide. Criticality accidents studies in solution are then described [fr

  2. Explicit Precedence Constraints in Safety-Critical Java

    DEFF Research Database (Denmark)

    Puffitsch, Wolfgang; Noulard, Eric; Pagetti, Claire

    2013-01-01

    Safety-critical Java (SCJ) aims at making the amenities of Java available for the development of safety-critical applications. The multi-rate synchronous language Prelude facilitates the specification of the communication and timing requirements of complex real-time systems. This paper combines...... to provide explicit support for precedence constraints. We present the considerations behind the design of this extension and discuss our experiences with a first prototype implementation based on the SCJ implementation of the Java Optimized Processor....

  3. ALARP considerations in criticality safety assessments

    International Nuclear Information System (INIS)

    Bowden, Russell L.; Barnes, Andrew; Thorne, Peter R.; Venner, Jack

    2003-01-01

    Demonstrating that the risk to the public and workers is As Low As Reasonably Practicable (ALARP) is a fundamental requirement of safety cases for nuclear facilities in the United Kingdom. This is embodied in the Safety Assessment Principles (SAPs) published by the Regulator, the essence of which is incorporated within the safety assessment processes of the various nuclear site licensees. The concept of ALARP within criticality safety assessments has taken some time to establish in the United Kingdom. In principle, the licensee is obliged to search for a deterministic criticality safety solution, such as safe geometry vessels and passive control features, rather than placing reliance on active measurement devices and plant administrative controls. This paper presents a consideration of some ALARP issues in relation to the development of criticality safety cases. The paper utilises some idealised examples covering a range of issues facing the criticality safety assessor, including new plant design, operational plant and decommissioning activities. These examples are used to outline the elements of the criticality safety cases and present a discussion of ALARP in the context of criticality safety assessments. (author)

  4. Software Reliability Issues Concerning Large and Safety Critical Software Systems

    Science.gov (United States)

    Kamel, Khaled; Brown, Barbara

    1996-01-01

    This research was undertaken to provide NASA with a survey of state-of-the-art techniques using in industrial and academia to provide safe, reliable, and maintainable software to drive large systems. Such systems must match the complexity and strict safety requirements of NASA's shuttle system. In particular, the Launch Processing System (LPS) is being considered for replacement. The LPS is responsible for monitoring and commanding the shuttle during test, repair, and launch phases. NASA built this system in the 1970's using mostly hardware techniques to provide for increased reliability, but it did so often using custom-built equipment, which has not been able to keep up with current technologies. This report surveys the major techniques used in industry and academia to ensure reliability in large and critical computer systems.

  5. Research on neutron source multiplication method in nuclear critical safety

    International Nuclear Information System (INIS)

    Zhu Qingfu; Shi Yongqian; Hu Dingsheng

    2005-01-01

    The paper concerns in the neutron source multiplication method research in nuclear critical safety. Based on the neutron diffusion equation with external neutron source the effective sub-critical multiplication factor k s is deduced, and k s is different to the effective neutron multiplication factor k eff in the case of sub-critical system with external neutron source. The verification experiment on the sub-critical system indicates that the parameter measured with neutron source multiplication method is k s , and k s is related to the external neutron source position in sub-critical system and external neutron source spectrum. The relation between k s and k eff and the effect of them on nuclear critical safety is discussed. (author)

  6. NuSEE: an integrated environment of software specification and V and V for PLC based safety-critical systems

    International Nuclear Information System (INIS)

    Koo, Seo Ryong; Seong, Poong Hyun; Yoo, Jun Beom; Cha, Sung Deok; Youn, Cheong; Han, Hyun Chul

    2006-01-01

    As the use of digital systems becomes more prevalent, adequate techniques for software specification and analysis have become increasingly important in Nuclear Power Plant (NPP) safety-critical systems. Additionally, the importance of software Verification and Validation (V and V) based on adequate specification has received greater emphasis in view of improving software quality. For thorough V and V of safety-critical systems, V and V should be performed throughout the software lifecycle. However, systematic V and V is difficult as it involves many manual-oriented tasks. Tool support is needed in order to more conveniently perform software V and V. In response, we developed four kinds of Computer Aided Software Engineering (CASE) tools to support system specification for a formal-based analysis according to the software lifecycle. In this work, we achieved optimized integration of each tool. The toolset, NuSEE, is an integrated environment for software specification and V and V for PLC based safety-critical systems. In accordance with the software lifecycle, NuSEE consists of NuSISRT for the concept phase, NuSRS for the requirements phase, NuSDS for the design phase and NuSCM for configuration management. It is believed that after further development our integrated environment will be a unique and promising software specification and analysis toolset that will support the entire software lifecycle for the development of PLC based NPP safety-critical systems

  7. A framework for the system-of-systems analysis of the risk for a safety-critical plant exposed to external events

    International Nuclear Information System (INIS)

    Zio, E.; Ferrario, E.

    2013-01-01

    We consider a critical plant exposed to risk from external events. We propose an original framework of analysis, which extends the boundaries of the study to the interdependent infrastructures which support the plant. For the purpose of clearly illustrating the conceptual framework of system-of-systems analysis, we work out a case study of seismic risk for a nuclear power plant embedded in the connected power and water distribution, and transportation networks which support its operation. The technical details of the systems considered (including the nuclear power plant) are highly simplified, in order to preserve the purpose of illustrating the conceptual, methodological framework of analysis. Yet, as an example of the approaches that can be used to perform the analysis within the proposed framework, we consider the Muir Web as system analysis tool to build the system-of-systems model and Monte Carlo simulation for the quantitative evaluation of the model. The numerical exercise, albeit performed on a simplified case study, serves the purpose of showing the opportunity of accounting for the contribution of the interdependent infrastructure systems to the safety of a critical plant. This is relevant as it can lead to considerations with respect to the decision making related to safety critical-issues. -- Highlights: ► We consider a critical plant exposed to risk from external events. ► We consider also the interdependent infrastructures that support the plant. ► We use Muir Web as system analysis tool to build the system-of-systems model. ► We use Monte Carlo simulation for the quantitative evaluation of the model. ► We find that the interdependent infrastructures should be considered as they can be a support for the critical plant safety

  8. Supplement report to the Nuclear Criticality Safety Handbook of Japan

    International Nuclear Information System (INIS)

    Okuno, Hiroshi; Komuro, Yuichi; Nakajima, Ken

    1995-10-01

    Supplementing works to 'The Nuclear Criticality Safety Handbook' of Japan have been continued since 1988, the year the handbook edited by the Science and Technology Agency first appeared. This report publishes the fruits obtained in the supplementing works. Substantial improvements are made in the chapters of 'Modelling the evaluation object' and 'Methodology for analytical safety assessment', and newly added are chapters of 'Criticality safety of chemical processes', 'Criticality accidents and their evaluation methods' and 'Basic principles on design and installation of criticality alarm system'. (author)

  9. ASIC-based design of NMR system health monitor for mission/safety-critical applications.

    Science.gov (United States)

    Balasubramanian, P

    2016-01-01

    N-modular redundancy (NMR) is a generic fault tolerance scheme that is widely used in safety-critical circuit/system designs to guarantee the correct operation with enhanced reliability. In passive NMR, at least a majority (N + 1)/2 out of N function modules is expected to operate correctly at any time, where N is odd. Apart from a conventional realization of the NMR system, it would be useful to provide a concurrent indication of the system's health so that an appropriate remedial action may be initiated depending upon an application's safety criticality. In this context, this article presents the novel design of a generic NMR system health monitor which features: (i) early fault warning logic, that is activated upon the production of a conflicting result by even one output of any arbitrary function module, and (ii) error signalling logic, which signals an error when the number of faulty function modules unfortunately attains a majority and the system outputs may no more be reliable. Two sample implementations of NMR systems viz. triple modular redundancy and quintuple modular redundancy with the proposed system health monitoring are presented in this work, with a 4-bit ALU used for the function modules. The simulations are performed using a 32/28 nm CMOS process technology.

  10. Providing Nuclear Criticality Safety Analysis Education through Benchmark Experiment Evaluation

    International Nuclear Information System (INIS)

    Bess, John D.; Briggs, J. Blair; Nigg, David W.

    2009-01-01

    One of the challenges that today's new workforce of nuclear criticality safety engineers face is the opportunity to provide assessment of nuclear systems and establish safety guidelines without having received significant experience or hands-on training prior to graduation. Participation in the International Criticality Safety Benchmark Evaluation Project (ICSBEP) and/or the International Reactor Physics Experiment Evaluation Project (IRPhEP) provides students and young professionals the opportunity to gain experience and enhance critical engineering skills.

  11. Recommendations relating to safety-critical real-time software in nuclear power plants

    International Nuclear Information System (INIS)

    1992-01-01

    The Advisory Committee on Nuclear Safety (ACNS) has reviewed safety issues associated with the software for the digital computers in the safety shutdown systems for the Darlington NGS. From this review the ACNS has developed four recommendations for safety-critical real-time software in nuclear power plants. These recommendations cover: the completion of the present efforts to develop an overall standard and sub-tier standards for safety-critical real-time software; the preparation of schedules and lists of responsibilities for this development; the concentration of AECB efforts on ensuring the scrutability of safety-critical real-time software; and, the collection of data on reliability and causes of failure (error) of safety-critical real-time software systems and on the probability and causes of common-mode failures (errors). (9 refs.)

  12. Nuclear criticality safety: 2-day training course

    International Nuclear Information System (INIS)

    Schlesser, J.A.

    1997-02-01

    This compilation of notes is presented as a source reference for the criticality safety course. At the completion of this training course, the attendee will: be able to define terms commonly used in nuclear criticality safety; be able to appreciate the fundamentals of nuclear criticality safety; be able to identify factors which affect nuclear criticality safety; be able to identify examples of criticality controls as used as Los Alamos; be able to identify examples of circumstances present during criticality accidents; have participated in conducting two critical experiments; be asked to complete a critique of the nuclear criticality safety training course

  13. Nuclear criticality safety: 2-day training course

    Energy Technology Data Exchange (ETDEWEB)

    Schlesser, J.A. [ed.] [comp.

    1997-02-01

    This compilation of notes is presented as a source reference for the criticality safety course. At the completion of this training course, the attendee will: be able to define terms commonly used in nuclear criticality safety; be able to appreciate the fundamentals of nuclear criticality safety; be able to identify factors which affect nuclear criticality safety; be able to identify examples of criticality controls as used as Los Alamos; be able to identify examples of circumstances present during criticality accidents; have participated in conducting two critical experiments; be asked to complete a critique of the nuclear criticality safety training course.

  14. Criticality safety and facility design considerations

    International Nuclear Information System (INIS)

    Waltz, W.R.

    1991-06-01

    Operations with fissile material introduce the risk of a criticality accident that may be lethal to nearby personnel. In addition, concerns over criticality safety can result in substantial delays and shutdown of facility operations. For these reasons, it is clear that the prevention of a nuclear criticality accident should play a major role in the design of a nuclear facility. The emphasis of this report will be placed on engineering design considerations in the prevention of criticality. The discussion will not include other important aspects, such as the physics of calculating limits nor criticality alarm systems

  15. Proceedings of KURRI symposium on criticality safety

    International Nuclear Information System (INIS)

    Nishina, Kojiro; Kanda, Keiji

    1984-01-01

    On August 8, 1984, at the Reactor Application Center of the Research Reactor Institute, Kyoto University, the symposium on criticality safety was held, and 81 participants from various fields of reactor physics, nuclear fuel cycle engineering, reactor chemistry, nuclear chemistry, health physics and so on discussed the problem. The gists of the presentation are collected in this report. The contents are the techniques of evaluating criticality safety in respective fuel facilities, the system of control and its concept, the course and plan of the research on criticality safety in Japan and foreign countries, the techniques of determining multiplication factor and so on, and the review of present status, the pointing-out of problems and the report of new techniques were made. The measures coping with criticality safety have been mostly to meet urgent demand, but its fundamental examination and long term research should be carried out. This symposium was planned as the preparation for such research project, and favorable comment was given by the participants. In the next symposium, it is considered better to limit the themes and to allot more time to respective lectures. (Kako, I.)

  16. Criticality safety evaluations - a {open_quotes}stalking horse{close_quotes} for integrated safety assessment

    Energy Technology Data Exchange (ETDEWEB)

    Williams, R.A. [Westinghouse Electric Corp., Columbia, SC (United States)

    1995-12-31

    The Columbia Fuel Fabrication Facility of the Westinghouse Commercial Nuclear Fuel Division manufactures low-enriched uranium fuel and associated components for use in commercial pressurized water power reactors. To support development of a comprehensive integrated safety assessment (ISA) for the facility, as well as to address increasing U.S. Nuclear Regulatory Commission (NRC) expectations regarding such a facility`s criticality safety assessments, a project is under way to complete criticality safety evaluations (CSEs) of all plant systems used in processing nuclear materials. Each CSE is made up of seven sections, prepared by a multidisciplinary team of process engineers, systems engineers, safety engineers, maintenance representatives, and operators. This paper provides a cursory outline of the type of information presented in a CSE.

  17. Battery Management Systems in Electric and Hybrid Vehicles

    Directory of Open Access Journals (Sweden)

    Michael Pecht

    2011-10-01

    Full Text Available The battery management system (BMS is a critical component of electric and hybrid electric vehicles. The purpose of the BMS is to guarantee safe and reliable battery operation. To maintain the safety and reliability of the battery, state monitoring and evaluation, charge control, and cell balancing are functionalities that have been implemented in BMS. As an electrochemical product, a battery acts differently under different operational and environmental conditions. The uncertainty of a battery’s performance poses a challenge to the implementation of these functions. This paper addresses concerns for current BMSs. State evaluation of a battery, including state of charge, state of health, and state of life, is a critical task for a BMS. Through reviewing the latest methodologies for the state evaluation of batteries, the future challenges for BMSs are presented and possible solutions are proposed as well.

  18. Preparation for the second edition of nuclear criticality safety handbook

    International Nuclear Information System (INIS)

    Okuno, Hiroshi; Nomura, Yasushi

    1997-01-01

    The making of the second edition of Nuclear Criticality Safety Handbook entered the final stage of investigation by the working group. In the second edition, the newest results of the researches in Japan were taken. In this report, among the subjects which were examined continuously from the first edition published in 1988, the size of fuel particles which can be regarded as homogeneous even in a heterogeneous system, the reactivity effect when fuel concentration distribution became not uniform in a homogeneous fuel system, the method of evaluating criticality safety in which submersion is not assumed, and the criticality data when fuel burning is considered are explained. Further, about the matters related to the criticality in chemical processes and the matters related to criticality accident, the outlines are introduced. Finally, the state of preparation for aiming at the third edition is mentioned. Criticality safety control is important for overall nuclear fuel cycle including the transportation and storage of fuel. The course of the publication of this Handbook is outlined. The matters which have been successively examined from the first edition, the results of criticality safety analysis for the dissolving tanks of fuel reprocessing, and the analysis code and the simplified evaluation method for criticality accident are reported. (K.I.)

  19. Thermal safety analysis for pebble bed blanket fusion-fission hybrid reactor

    International Nuclear Information System (INIS)

    Wei Renjie

    1998-01-01

    Pebble bed blanket hybrid reactor may have more advantages than slab element blanket hybrid reactor in nuclear fuel production and nuclear safety. The thermo-hydraulic calculations of the blanket in the Tokamak helium cooling pebble bed blanket fusion-fission hybrid reactor developed in China are carried out using the Code THERMIX and auxiliary code. In the calculations different fuel pebble material and steady state, depressurization and total loss of flow accident conditions are included. The results demonstrate that the conceptual design of the Tokamak helium cooling pebble bed blanket fusion-fission hybrid reactor with dump tank is feasible and safe enough only if the suitable fuel pebble material is selected and the suitable control system and protection system are established. Some recommendations for due conceptual design are also presented

  20. A hybrid simulation approach for integrating safety behavior into construction planning: An earthmoving case study.

    Science.gov (United States)

    Goh, Yang Miang; Askar Ali, Mohamed Jawad

    2016-08-01

    One of the key challenges in improving construction safety and health is the management of safety behavior. From a system point of view, workers work unsafely due to system level issues such as poor safety culture, excessive production pressure, inadequate allocation of resources and time and lack of training. These systemic issues should be eradicated or minimized during planning. However, there is a lack of detailed planning tools to help managers assess the impact of their upstream decisions on worker safety behavior. Even though simulation had been used in construction planning, the review conducted in this study showed that construction safety management research had not been exploiting the potential of simulation techniques. Thus, a hybrid simulation framework is proposed to facilitate integration of safety management considerations into construction activity simulation. The hybrid framework consists of discrete event simulation (DES) as the core, but heterogeneous, interactive and intelligent (able to make decisions) agents replace traditional entities and resources. In addition, some of the cognitive processes and physiological aspects of agents are captured using system dynamics (SD) approach. The combination of DES, agent-based simulation (ABS) and SD allows a more "natural" representation of the complex dynamics in construction activities. The proposed hybrid framework was demonstrated using a hypothetical case study. In addition, due to the lack of application of factorial experiment approach in safety management simulation, the case study demonstrated sensitivity analysis and factorial experiment to guide future research. Copyright © 2015 Elsevier Ltd. All rights reserved.

  1. Nuclear criticality safety: 2-day training course

    International Nuclear Information System (INIS)

    Schlesser, J.A.

    1992-11-01

    This compilation of notes is presented as a source reference for the criticality safety course. At the completion of this training course, the attendee will: (1) be able to define terms commonly used in nuclear criticality safety; (2) be able to appreciate the fundamentals of nuclear criticality safety; (3) be able to identify factors which affect nuclear criticality safety; (4) be able to identify examples of criticality controls as used at Los Alamos; (5) be able to identify examples of circumstances present during criticality accidents; (6) have participated in conducting two critical experiments

  2. The Qualification Experiences for Safety-critical Software of POSAFE-Q

    Energy Technology Data Exchange (ETDEWEB)

    Kim, Jang Yeol; Son, Kwang Seop; Cheon, Se Woo; Lee, Jang Soo; Kwon, Kee Choon [Korea Atomic Energy Research Institute, Daejeon (Korea, Republic of)

    2009-05-15

    Programmable Logic Controllers (PLC) have been applied to the Reactor Protection System (RPS) and the Engineered Safety Feature (ESF)-Component Control System (CCS) as the major safety system components of nuclear power plants. This paper describes experiences on the qualification of the safety-critical software including the pCOS kernel and system tasks related to a safety-grade PLC, i.e. the works done for the Software Verification and Validation, Software Safety Analysis, Software Quality Assurance, and Software Configuration Management etc.

  3. Possibilities and Limitations of Applying Software Reliability Growth Models to Safety- Critical Software

    International Nuclear Information System (INIS)

    Kim, Man Cheol; Jang, Seung Cheol; Ha, Jae Joo

    2006-01-01

    As digital systems are gradually introduced to nuclear power plants (NPPs), the need of quantitatively analyzing the reliability of the digital systems is also increasing. Kang and Sung identified (1) software reliability, (2) common-cause failures (CCFs), and (3) fault coverage as the three most critical factors in the reliability analysis of digital systems. For the estimation of the safety-critical software (the software that is used in safety-critical digital systems), the use of Bayesian Belief Networks (BBNs) seems to be most widely used. The use of BBNs in reliability estimation of safety-critical software is basically a process of indirectly assigning a reliability based on various observed information and experts' opinions. When software testing results or software failure histories are available, we can use a process of directly estimating the reliability of the software using various software reliability growth models such as Jelinski- Moranda model and Goel-Okumoto's nonhomogeneous Poisson process (NHPP) model. Even though it is generally known that software reliability growth models cannot be applied to safety-critical software due to small number of expected failure data from the testing of safety-critical software, we try to find possibilities and corresponding limitations of applying software reliability growth models to safety critical software

  4. Design of safety-critical systems using the complementarities of success and failure domains with a case study

    International Nuclear Information System (INIS)

    Ahmed, Rizwan; Koo, June Mo; Jeong, Yong Hoon; Heo, Gyunyoung

    2011-01-01

    A safety-critical system has to qualify the performance-related requirements and the safety-related requirements simultaneously. Conceptually, design processes should consider both of them simultaneously but the practices do not and/or cannot follow such a theoretical approach due to the limitation of design resources. From our experience, we found that safety-related functions must be simultaneously resolved with the development of performance-related functions, particularly, in case of safety-critical systems. Since, success and failure domain analyses are essential for the investigation of performance-related and safety-related requirements, respectively, we articulated our perception to Axiomatic Design (AD), Fault Tree Analysis (FTA), and TRIZ. A design evolution procedure considering feedbacks from AD to identify functional couplings, TRIZ methodology to explore uncoupling solutions and FTA to improve reliability in a systematic way is presented here. A case study regarding design of safety injection tank installed in a nuclear power plant is also included to illustrate the proposed framework. It is expected that several iterations between AD-TRIZ-FTA would result into an optimized design which could be tested against the desired performance and safety criteria.

  5. Design of safety-critical systems using the complementarities of success and failure domains with a case study

    Energy Technology Data Exchange (ETDEWEB)

    Ahmed, Rizwan; Koo, June Mo [Department of Nuclear Engineering, Kyung Hee University, Yongin-si, Gyeonggi-do 446-701 (Korea, Republic of); Jeong, Yong Hoon [Korea Advanced Institute of Science and Technology, 373-1 Guseong-dong, Yuseong-gu, Daejeon 305-701 (Korea, Republic of); Heo, Gyunyoung, E-mail: gheo@khu.ac.k [Department of Nuclear Engineering, Kyung Hee University, Yongin-si, Gyeonggi-do 446-701 (Korea, Republic of)

    2011-01-15

    A safety-critical system has to qualify the performance-related requirements and the safety-related requirements simultaneously. Conceptually, design processes should consider both of them simultaneously but the practices do not and/or cannot follow such a theoretical approach due to the limitation of design resources. From our experience, we found that safety-related functions must be simultaneously resolved with the development of performance-related functions, particularly, in case of safety-critical systems. Since, success and failure domain analyses are essential for the investigation of performance-related and safety-related requirements, respectively, we articulated our perception to Axiomatic Design (AD), Fault Tree Analysis (FTA), and TRIZ. A design evolution procedure considering feedbacks from AD to identify functional couplings, TRIZ methodology to explore uncoupling solutions and FTA to improve reliability in a systematic way is presented here. A case study regarding design of safety injection tank installed in a nuclear power plant is also included to illustrate the proposed framework. It is expected that several iterations between AD-TRIZ-FTA would result into an optimized design which could be tested against the desired performance and safety criteria.

  6. Expressing best practices in (risk) analysis and testing of safety-critical systems using patterns

    DEFF Research Database (Denmark)

    Herzner, Wolfgang; Sieverding, Sven; Kacimi, Omar

    2014-01-01

    The continuing pervasion of our society with safety-critical cyber-physical systems not only demands for adequate (risk) analysis, testing and verification techniques, it also generates growing experience on their use, which can be considered as important as the tools themselves for their efficient...

  7. Safety critical FPGA-based NPP instrumentation and control systems: assessment, development and implementation

    International Nuclear Information System (INIS)

    Bakhmach, E. S.; Siora, A. A.; Tokarev, V. I.; Kharchenko, V. S.; Sklyar, V. V.; Andrashov, A. A.

    2010-10-01

    The stages of development, production, verification, licensing and implementation methods and technologies of safety critical instrumentation and control systems for nuclear power plants (NPP) based on FPGA (Field Programmable Gates Arrays) technologies are described. A life cycle model and multi-version technologies of dependability and safety assurance of FPGA-based instrumentation and control systems are discussed. An analysis of NPP instrumentation and control systems construction principles developed by Research and Production Corporation Radiy using FPGA-technologies and results of these systems implementation and operation at Ukrainian and Bulgarian NPP are presented. The RADIY TM platform has been designed and developed by Research and Production Corporation Radiy, Ukraine. The main peculiarity of the RADIY TM platform is the use of FPGA as programmable components for logic control operation. The FPGA-based RADIY TM platform used for NPP instrumentation and control systems development ensures sca lability of system functions types, volume and peculiarities (by changing quantity and quality of sensors, actuators, input/output signals and control algorithms); sca lability of dependability (safety integrity) (by changing a number of redundant channel, tiers, diagnostic and reconfiguration procedures); sca lability of diversity (by changing types, depth and method of diversity selection). (Author)

  8. ASIC-based design of NMR system health monitor for mission/safety?critical applications

    OpenAIRE

    Balasubramanian, P.

    2016-01-01

    N-modular redundancy (NMR) is a generic fault tolerance scheme that is widely used in safety?critical circuit/system designs to guarantee the correct operation with enhanced reliability. In passive NMR, at least a majority (N?+?1)/2 out of N function modules is expected to operate correctly at any time, where N is odd. Apart from a conventional realization of the NMR system, it would be useful to provide a concurrent indication of the system?s health so that an appropriate remedial action may...

  9. Reliability assessment for safety critical systems by statistical random testing

    International Nuclear Information System (INIS)

    Mills, S.E.

    1995-11-01

    In this report we present an overview of reliability assessment for software and focus on some basic aspects of assessing reliability for safety critical systems by statistical random testing. We also discuss possible deviations from some essential assumptions on which the general methodology is based. These deviations appear quite likely in practical applications. We present and discuss possible remedies and adjustments and then undertake applying this methodology to a portion of the SDS1 software. We also indicate shortcomings of the methodology and possible avenues to address to follow to address these problems. (author). 128 refs., 11 tabs., 31 figs

  10. Reliability assessment for safety critical systems by statistical random testing

    Energy Technology Data Exchange (ETDEWEB)

    Mills, S E [Carleton Univ., Ottawa, ON (Canada). Statistical Consulting Centre

    1995-11-01

    In this report we present an overview of reliability assessment for software and focus on some basic aspects of assessing reliability for safety critical systems by statistical random testing. We also discuss possible deviations from some essential assumptions on which the general methodology is based. These deviations appear quite likely in practical applications. We present and discuss possible remedies and adjustments and then undertake applying this methodology to a portion of the SDS1 software. We also indicate shortcomings of the methodology and possible avenues to address to follow to address these problems. (author). 128 refs., 11 tabs., 31 figs.

  11. An integrated environment of software development and V and V for PLC based safety-critical systems

    International Nuclear Information System (INIS)

    Koo, Seo Ryong

    2005-02-01

    To develop and implement a safety-critical system, the requirements of the system must be analyzed thoroughly during the phases of a software development's life cycle because a single error in the requirements can generate serious software faults. We therefore propose an Integrated Environment (IE) approach for requirements which is an integrated approach that enables easy inspection by combining requirement traceability and effective use of a formal method. For the V and V tasks of requirements phase, our approach uses software inspection, requirement traceability, and formal specification with structural decomposition. Software inspection and the analysis of requirements traceability are the most effective methods of software V and V. Although formal methods are also considered an effective V and V activity, they are difficult to use properly in nuclear fields, as well as in other fields, because of their mathematical nature. We also propose another Integrated Environment (IE) for the design and implementation of safety-critical systems. In this study, a nuclear FED-style design specification and analysis (NuFDS) approach was proposed for PLC based safety-critical systems. The NuFDS approach is suggested in a straightforward manner for the effective and formal specification and analysis of software designs. Accordingly, the proposed NuFDS approach comprises one technique for specifying the software design and another for analyzing the software design. In addition, with the NuFDS approach, we can analyze the safety of software on the basis of fault tree synthesis. To analyze the design phase more effectively, we propose a technique of fault tree synthesis, along with a universal fault tree template for the architecture modules of nuclear software. Various tools have been needed to make software V and V more convenient. We therefore developed four kinds of computer-aided software engineering tools that could be used in accordance with the software's life cycle to

  12. Identification of protective actions to reduce the vulnerability of safety-critical systems to malevolent acts: A sensitivity-based decision-making approach

    International Nuclear Information System (INIS)

    Wang, Tai-Ran; Pedroni, Nicola; Zio, Enrico

    2016-01-01

    A classification model based on the Majority Rule Sorting method has been previously proposed by the authors to evaluate the vulnerability of safety-critical systems (e.g., nuclear power plants) with respect to malevolent intentional acts. In this paper, we consider a classification model previously proposed by the authors based on the Majority Rule Sorting method to evaluate the vulnerability of safety-critical systems (e.g., nuclear power plants) with respect to malevolent intentional acts. The model is here used as the basis for solving an inverse classification problem aimed at determining a set of protective actions to reduce the level of vulnerability of the safety-critical system under consideration. To guide the choice of the set of protective actions, sensitivity indicators are originally introduced as measures of the variation in the vulnerability class that a safety-critical system is expected to undergo after the application of a given set of protective actions. These indicators form the basis of an algorithm to rank different combinations of actions according to their effectiveness in reducing the safety-critical systems vulnerability. Results obtained using these indicators are presented with regard to the application of: (i) one identified action at a time, (ii) all identified actions at the same time or (iii) a random combination of identified actions. The results are presented with reference to a fictitious example considering nuclear power plants as the safety-critical systems object of the analysis. - Highlights: • We use a hierarchical framework to represent the vulnerability. • We use an empirical classification model to evaluate vulnerability. • Sensitivity indicators are introduced to rank protective actions. • Constraints (e.g., budget limitations) are accounted for. • Method is applied to fictitious Nuclear Power Plants.

  13. Elements of a nuclear criticality safety program

    International Nuclear Information System (INIS)

    Hopper, C.M.

    1995-01-01

    Nuclear criticality safety programs throughout the United States are quite successful, as compared with other safety disciplines, at protecting life and property, especially when regarded as a developing safety function with no historical perspective for the cause and effect of process nuclear criticality accidents before 1943. The programs evolved through self-imposed and regulatory-imposed incentives. They are the products of conscientious individuals, supportive corporations, obliged regulators, and intervenors (political, public, and private). The maturing of nuclear criticality safety programs throughout the United States has been spasmodic, with stability provided by the volunteer standards efforts within the American Nuclear Society. This presentation provides the status, relative to current needs, for nuclear criticality safety program elements that address organization of and assignments for nuclear criticality safety program responsibilities; personnel qualifications; and analytical capabilities for the technical definition of critical, subcritical, safety and operating limits, and program quality assurance

  14. A critical evaluation of deterministic methods in size optimisation of reliable and cost effective standalone hybrid renewable energy systems

    International Nuclear Information System (INIS)

    Maheri, Alireza

    2014-01-01

    Reliability of a hybrid renewable energy system (HRES) strongly depends on various uncertainties affecting the amount of power produced by the system. In the design of systems subject to uncertainties, both deterministic and nondeterministic design approaches can be adopted. In a deterministic design approach, the designer considers the presence of uncertainties and incorporates them indirectly into the design by applying safety factors. It is assumed that, by employing suitable safety factors and considering worst-case-scenarios, reliable systems can be designed. In fact, the multi-objective optimisation problem with two objectives of reliability and cost is reduced to a single-objective optimisation problem with the objective of cost only. In this paper the competence of deterministic design methods in size optimisation of reliable standalone wind–PV–battery, wind–PV–diesel and wind–PV–battery–diesel configurations is examined. For each configuration, first, using different values of safety factors, the optimal size of the system components which minimises the system cost is found deterministically. Then, for each case, using a Monte Carlo simulation, the effect of safety factors on the reliability and the cost are investigated. In performing reliability analysis, several reliability measures, namely, unmet load, blackout durations (total, maximum and average) and mean time between failures are considered. It is shown that the traditional methods of considering the effect of uncertainties in deterministic designs such as design for an autonomy period and employing safety factors have either little or unpredictable impact on the actual reliability of the designed wind–PV–battery configuration. In the case of wind–PV–diesel and wind–PV–battery–diesel configurations it is shown that, while using a high-enough margin of safety in sizing diesel generator leads to reliable systems, the optimum value for this margin of safety leading to a

  15. Conceptual Design of Hybrid Safety Features for NPP by Utilizing Solar Updraft Tower

    Energy Technology Data Exchange (ETDEWEB)

    Song, Sub Lee [Handong Global University, Pohang (Korea, Republic of); Choi, Young Jae; Kim, Yong Jin [KAIST, Daejeon (Korea, Republic of); Park, Hyo Chan; Park, Youn Won [BEES, Daejeon (Korea, Republic of)

    2016-05-15

    In this study, hybrid safety features for NPP with solar updraft tower (SUT) is conceptually suggested to cope with loss of ultimate heat sink accident. The hybrid safety features utilizing SUT target NPPs in seashore of Arabian Gulf. Usually NPPs are constructed near seashore to utilize sea water as an ultimate heat sink. Residual heat or decay heat of nuclear reactor will diffuse into the ocean through the condenser. NPPs in Middle East are expected to be placed in seashore of Arabian Gulf. The NPP site of Barakah is an actual example. For NPPs in seashore of Arabian Gulf, an additional safety concern should be considered. Arabian Gulf is the largest oil transporting route in the world. The oil spill risk in Arabian Gulf will be the largest simultaneously. Unfortunately, not like other oceans, Arabian Gulf is a kind of closed ocean which does not have strong ocean currents connected to out of the gulf. If once oil spill is occurred, its influence can be propagated more than our expectation. The spilled oil also can affect to NPPs in seashore by covering surfaces of condenser. It will directly cause loss of ultimate heat sink. The hybrid safety features of SUT system are expected to aid normal operation of safety system and mitigate consequence of severe accident. Detail analysis and technology development is ongoing now.

  16. Conceptual Design of Hybrid Safety Features for NPP by Utilizing Solar Updraft Tower

    International Nuclear Information System (INIS)

    Song, Sub Lee; Choi, Young Jae; Kim, Yong Jin; Park, Hyo Chan; Park, Youn Won

    2016-01-01

    In this study, hybrid safety features for NPP with solar updraft tower (SUT) is conceptually suggested to cope with loss of ultimate heat sink accident. The hybrid safety features utilizing SUT target NPPs in seashore of Arabian Gulf. Usually NPPs are constructed near seashore to utilize sea water as an ultimate heat sink. Residual heat or decay heat of nuclear reactor will diffuse into the ocean through the condenser. NPPs in Middle East are expected to be placed in seashore of Arabian Gulf. The NPP site of Barakah is an actual example. For NPPs in seashore of Arabian Gulf, an additional safety concern should be considered. Arabian Gulf is the largest oil transporting route in the world. The oil spill risk in Arabian Gulf will be the largest simultaneously. Unfortunately, not like other oceans, Arabian Gulf is a kind of closed ocean which does not have strong ocean currents connected to out of the gulf. If once oil spill is occurred, its influence can be propagated more than our expectation. The spilled oil also can affect to NPPs in seashore by covering surfaces of condenser. It will directly cause loss of ultimate heat sink. The hybrid safety features of SUT system are expected to aid normal operation of safety system and mitigate consequence of severe accident. Detail analysis and technology development is ongoing now

  17. Handbook on criticality. Vol. 1. Criticality and nuclear safety; Handbuch zur Kritikalitaet. Bd. 1. Kritikalitaet und nukleare Sicherheit

    Energy Technology Data Exchange (ETDEWEB)

    NONE

    2015-04-15

    This handbook was prepared primarily with the aim to provide information to experts in industry, authorities or research facilities engaged in criticality-safety-related problems that will allow an adequate and rapid assessment of criticality safety issues already in the planning and preparation of nuclear facilities. However, it is not the intention of the authors of the handbook to offer ready solutions to complex problems of nuclear safety. Such questions have to remain subject to an in-depth analysis and assessment to be carried out by dedicated criticality safety experts. Compared with the previous edition dated December 1998, this handbook has been further revised and supplemented. The proven basic structure of the handbook remains unchanged. The handbook follows in some ways similar criticality handbooks or instructions published in the USA, UK, France, Japan and the former Soviet Union. The expedient use of the information given in this handbook requires a fundamental understanding of criticality and the terminology of nuclear safety. In Vol. 1, ''Criticality and Nuclear Safety'', therefore, first the most important terms and fundamentals are introduced and explained. Subsequently, experimental techniques and calculation methods for evaluating criticality problems are presented. The following chapters of Vol. 1 deal i. a. with the effect of neutron reflectors and absorbers, neutron interaction, measuring methods for criticality, and organisational safety measures and provide an overview of criticality-relevant operational experience and of criticality accidents and their potential hazardous impact. Vol. 2 parts 1 and 2 finally compile criticality parameters in graphical and tabular form. The individual graph sheets are provided with an initially explained set of identifiers, to allow the quick finding of the information of current interest. Part 1 includes criticality parameters for systems with {sup 235}U as fissile material, while part

  18. Validation and Verification of Future Integrated Safety-Critical Systems Operating under Off-Nominal Conditions

    Science.gov (United States)

    Belcastro, Christine M.

    2010-01-01

    Loss of control remains one of the largest contributors to aircraft fatal accidents worldwide. Aircraft loss-of-control accidents are highly complex in that they can result from numerous causal and contributing factors acting alone or (more often) in combination. Hence, there is no single intervention strategy to prevent these accidents and reducing them will require a holistic integrated intervention capability. Future onboard integrated system technologies developed for preventing loss of vehicle control accidents must be able to assure safe operation under the associated off-nominal conditions. The transition of these technologies into the commercial fleet will require their extensive validation and verification (V and V) and ultimate certification. The V and V of complex integrated systems poses major nontrivial technical challenges particularly for safety-critical operation under highly off-nominal conditions associated with aircraft loss-of-control events. This paper summarizes the V and V problem and presents a proposed process that could be applied to complex integrated safety-critical systems developed for preventing aircraft loss-of-control accidents. A summary of recent research accomplishments in this effort is also provided.

  19. Criticality safety evaluation in Tokai Reprocessing Plant

    International Nuclear Information System (INIS)

    Shirai, Nobutoshi; Nakajima, Masayoshi; Takaya, Akikazu; Ohnuma, Hideyuki; Shirouzu, Hidetomo; Hayashi, Shinichiro; Yoshikawa, Koji; Suto, Toshiyuki

    2000-04-01

    Criticality limits for equipments in Tokai Reprocessing Plant which handle fissile material solution and are under shape and dimension control were reevaluated based on the guideline No.10 'Criticality safety of single unit' in the regulatory guide for reprocessing plant safety. This report presents criticality safety evaluation of each equipment as single unit. Criticality safety of multiple units in a cell or a room was also evaluated. The evaluated equipments were ones in dissolution, separation, purification, denitration, Pu product storage, and Pu conversion processes. As a result, it was reconfirmed that the equipments were safe enough from a view point of criticality safety of single unit and multiple units. (author)

  20. Engineering design guidelines for nuclear criticality safety

    International Nuclear Information System (INIS)

    Waltz, W.R.

    1988-08-01

    This document provides general engineering design guidelines specific to nuclear criticality safety for a facility where the potential for a criticality accident exists. The guide is applicable to the design of new SRP/SRL facilities and to major modifications Of existing facilities. The document is intended an: A guide for persons actively engaged in the design process. A resource document for persons charged with design review for adequacy relative to criticality safety. A resource document for facility operating personnel. The guide defines six basic criticality safety design objectives and provides information to assist in accomplishing each objective. The guide in intended to supplement the design requirements relating to criticality safety contained in applicable Department of Energy (DOE) documents. The scope of the guide is limited to engineering design guidelines associated with criticality safety and does not include other areas of the design process, such as: criticality safety analytical methods and modeling, nor requirements for control of the design process

  1. An abnormal situation modeling method to assist operators in safety-critical systems

    International Nuclear Information System (INIS)

    Naderpour, Mohsen; Lu, Jie; Zhang, Guangquan

    2015-01-01

    One of the main causes of accidents in safety-critical systems is human error. In order to reduce human errors in the process of handling abnormal situations that are highly complex and mentally taxing activities, operators need to be supported, from a cognitive perspective, in order to reduce their workload, stress, and the consequent error rate. Of the various cognitive activities, a correct understanding of the situation, i.e. situation awareness (SA), is a crucial factor in improving performance and reducing errors. Despite the importance of SA in decision-making in time- and safety-critical situations, the difficulty of SA modeling and assessment means that very few methods have as yet been developed. This study confronts this challenge, and develops an innovative abnormal situation modeling (ASM) method that exploits the capabilities of risk indicators, Bayesian networks and fuzzy logic systems. The risk indicators are used to identify abnormal situations, Bayesian networks are utilized to model them and a fuzzy logic system is developed to assess them. The ASM method can be used in the development of situation assessment decision support systems that underlie the achievement of SA. The performance of the ASM method is tested through a real case study at a chemical plant. - Highlights: • Bayesian networks are applied to represent operators’ mental models when confront with abnormal situations. • A fuzzy logic system is used to resemble operators’ generating assessment results for every abnormal situation. • A virtual plant user interface and a prototype based on proposed method are developed to simulate a real case

  2. Criticality safety basics, a study guide

    Energy Technology Data Exchange (ETDEWEB)

    V. L. Putman

    1999-09-01

    This document is a self-study and classroom guide, for criticality safety of activities with fissile materials outside nuclear reactors. This guide provides a basic overview of criticality safety and criticality accident prevention methods divided into three parts: theory, application, and history. Except for topic emphasis, theory and history information is general, while application information is specific to the Idaho National Engineering and Environmental Laboratory (INEEL). Information presented here should be useful to personnel who must know criticality safety basics to perform their assignments safely or to design critically safe equipment or operations. However, the guide's primary target audience is fissile material handler candidates.

  3. Criticality safety basics, a study guide

    International Nuclear Information System (INIS)

    Putman, V.L.

    1999-01-01

    This document is a self-study and classroom guide, for criticality safety of activities with fissile materials outside nuclear reactors. This guide provides a basic overview of criticality safety and criticality accident prevention methods divided into three parts: theory, application, and history. Except for topic emphasis, theory and history information is general, while application information is specific to the Idaho National Engineering and Environmental Laboratory (INEEL). Information presented here should be useful to personnel who must know criticality safety basics to perform their assignments safely or to design critically safe equipment or operations. However, the guide's primary target audience is fissile material handler candidates

  4. ACRR fuel storage racks criticality safety analysis

    International Nuclear Information System (INIS)

    Bodette, D.E.; Naegeli, R.E.

    1997-10-01

    This document presents the criticality safety analysis for a new fuel storage rack to support modification of the Annular Core Research Reactor for production of molybdenum-99 at Sandia National Laboratories, Technical Area V facilities. Criticality calculations with the MCNP code investigated various contingencies for the criticality control parameters. Important contingencies included mix of fuel element types stored, water density due to air bubbles or water level for the over-moderated racks, interaction with existing fuel storage racks and fuel storage holsters in the fuel storage pool, neutron absorption of planned rack design and materials, and criticality changes due to manufacturing tolerances or damage. Some limitations or restrictions on use of the new fuel storage rack for storage operations were developed through the criticality analysis and are required to meet the double contingency requirements of criticality safety. As shown in the analysis, this system will remain subcritical under all credible upset conditions. Administrative controls are necessary for loading, moving, and handling the storage rack as well as for control of operations around it. 21 refs., 16 figs., 4 tabs

  5. Formal model-based development for safety-critical embedded software

    International Nuclear Information System (INIS)

    Kim, Jin Hyun; Choi, Jin Young

    2005-01-01

    Safety-critical embedded software for nuclear I and C system is developed under the safety and reliability regulation. Programmable logic controller(PLC) is a computer system for instrumentation and control (I and C) system of nuclear power plants. PLC consists of various I and C logics in software, including real-time operating system (RTOS). Hence, errors related with RTOS should be detected and eliminated in development processes. Practically, the verification and validation for errors in RTOS is performed in test procedure, in which a lot of tasks for testing are embedded in RTOS and are running under a test environments. But the test process can not be enough to guarantee the safety and reliability of RTOS. Therefore, in this paper, we introduce to applying formal methods with the development of software for the PLC. We particularity apply formal methods to a development of RTOS for PLC, which is a safety critical level. In this development, we use the state charts of I-Logix to specify and verification and model checking to verify the specification

  6. Formal model-based development for safety-critical embedded software

    Energy Technology Data Exchange (ETDEWEB)

    Kim, Jin Hyun; Choi, Jin Young [Korea University, seoul (Korea, Republic of)

    2005-11-15

    Safety-critical embedded software for nuclear I and C system is developed under the safety and reliability regulation. Programmable logic controller(PLC) is a computer system for instrumentation and control (I and C) system of nuclear power plants. PLC consists of various I and C logics in software, including real-time operating system (RTOS). Hence, errors related with RTOS should be detected and eliminated in development processes. Practically, the verification and validation for errors in RTOS is performed in test procedure, in which a lot of tasks for testing are embedded in RTOS and are running under a test environments. But the test process can not be enough to guarantee the safety and reliability of RTOS. Therefore, in this paper, we introduce to applying formal methods with the development of software for the PLC. We particularity apply formal methods to a development of RTOS for PLC, which is a safety critical level. In this development, we use the state charts of I-Logix to specify and verification and model checking to verify the specification.

  7. Safety critical FPGA-based NPP instrumentation and control systems: assessment, development and implementation

    Energy Technology Data Exchange (ETDEWEB)

    Bakhmach, E. S.; Siora, A. A.; Tokarev, V. I. [Research and Production Corporation Radiy, 29 Geroev Stalingrada Str., Kirovograd 25006 (Ukraine); Kharchenko, V. S.; Sklyar, V. V.; Andrashov, A. A., E-mail: marketing@radiy.co [Center for Safety Infrastructure-Oriented Research and Analysis, 37 Astronomicheskaya Str., Kharkiv 61085 (Ukraine)

    2010-10-15

    The stages of development, production, verification, licensing and implementation methods and technologies of safety critical instrumentation and control systems for nuclear power plants (NPP) based on FPGA (Field Programmable Gates Arrays) technologies are described. A life cycle model and multi-version technologies of dependability and safety assurance of FPGA-based instrumentation and control systems are discussed. An analysis of NPP instrumentation and control systems construction principles developed by Research and Production Corporation Radiy using FPGA-technologies and results of these systems implementation and operation at Ukrainian and Bulgarian NPP are presented. The RADIY{sup TM} platform has been designed and developed by Research and Production Corporation Radiy, Ukraine. The main peculiarity of the RADIY{sup TM} platform is the use of FPGA as programmable components for logic control operation. The FPGA-based RADIY{sup TM} platform used for NPP instrumentation and control systems development ensures sca lability of system functions types, volume and peculiarities (by changing quantity and quality of sensors, actuators, input/output signals and control algorithms); sca lability of dependability (safety integrity) (by changing a number of redundant channel, tiers, diagnostic and reconfiguration procedures); sca lability of diversity (by changing types, depth and method of diversity selection). (Author)

  8. Nuclear data for criticality safety

    International Nuclear Information System (INIS)

    Westfall, R.M.

    1994-01-01

    A brief overview is presented on emerging requirements for new criticality safety analyses arising from applications involving nuclear waste management, facility remediation, and the storage of nuclear weapons components. A derivation of criticality analyses from the specifications of national consensus standards is given. These analyses, both static and dynamic, define the needs for nuclear data. Integral data, used primarily for analytical validation, and differential data, used in performing the analyses, are listed, along with desirable margins of uncertainty. Examples are given of needs for additional data to address systems having intermediate neutron energy spectra and/or containing nuclides of intermediate mass number

  9. Critical experiments facility and criticality safety programs at JAERI

    International Nuclear Information System (INIS)

    Kobayashi, Iwao; Tachimori, Shoichi; Takeshita, Isao; Suzaki, Takenori; Miyoshi, Yoshinori; Nomura, Yasushi

    1985-10-01

    The nuclear criticality safety is becoming a key point in Japan in the safety considerations for nuclear installations outside reactors such as spent fuel reprocessing facilities, plutonium fuel fabrication facilities, large scale hot alboratories, and so on. Especially a large scale spent fuel reprocessing facility is being designed and would be constructed in near future, therefore extensive experimental studies are needed for compilation of our own technical standards and also for verification of safety in a potential criticality accident to obtain public acceptance. Japan Atomic Energy Research Institute is proceeding a construction program of a new criticality safety experimental facility where criticality data can be obtained for such solution fuels as mainly handled in a reprocessing facility and also chemical process experiments can be performed to investigate abnormal phenomena, e.g. plutonium behavior in solvent extraction process by using pulsed colums. In FY 1985 detail design of the facility will be completed and licensing review by the government would start in FY 1986. Experiments would start in FY 1990. Research subjects and main specifications of the facility are described. (author)

  10. Module Testing Techniques for Nuclear Safety Critical Software Using LDRA Testing Tool

    International Nuclear Information System (INIS)

    Moon, Kwon-Ki; Kim, Do-Yeon; Chang, Hoon-Seon; Chang, Young-Woo; Yun, Jae-Hee; Park, Jee-Duck; Kim, Jae-Hack

    2006-01-01

    The safety critical software in the I and C systems of nuclear power plants requires high functional integrity and reliability. To achieve those requirement goals, the safety critical software should be verified and tested according to related codes and standards through verification and validation (V and V) activities. The safety critical software testing is performed at various stages during the development of the software, and is generally classified as three major activities: module testing, system integration testing, and system validation testing. Module testing involves the evaluation of module level functions of hardware and software. System integration testing investigates the characteristics of a collection of modules and aims at establishing their correct interactions. System validation testing demonstrates that the complete system satisfies its functional requirements. In order to generate reliable software and reduce high maintenance cost, it is important that software testing is carried out at module level. Module testing for the nuclear safety critical software has rarely been performed by formal and proven testing tools because of its various constraints. LDRA testing tool is a widely used and proven tool set that provides powerful source code testing and analysis facilities for the V and V of general purpose software and safety critical software. Use of the tool set is indispensable where software is required to be reliable and as error-free as possible, and its use brings in substantial time and cost savings, and efficiency

  11. A software engineering process for safety-critical software application

    International Nuclear Information System (INIS)

    Kang, Byung Heon; Kim, Hang Bae; Chang, Hoon Seon; Jeon, Jong Sun

    1995-01-01

    Application of computer software to safety-critical systems in on the increase. To be successful, the software must be designed and constructed to meet the functional and performance requirements of the system. For safety reason, the software must be demonstrated not only to meet these requirements, but also to operate safely as a component within the system. For longer-term cost consideration, the software must be designed and structured to ease future maintenance and modifications. This paper presents a software engineering process for the production of safety-critical software for a nuclear power plant. The presentation is expository in nature of a viable high quality safety-critical software development. It is based on the ideas of a rational design process and on the experience of the adaptation of such process in the production of the safety-critical software for the shutdown system number two of Wolsung 2, 3 and 4 nuclear power generation plants. This process is significantly different from a conventional process in terms of rigorous software development phases and software design techniques, The process covers documentation, design, verification and testing using mathematically precise notations and highly reviewable tabular format to specify software requirements and software requirements and software requirements and code against software design using static analysis. The software engineering process described in this paper applies the principle of information-hiding decomposition in software design using a modular design technique so that when a change is required or an error is detected, the affected scope can be readily and confidently located. it also facilitates a sense of high degree of confidence in the 'correctness' of the software production, and provides a relatively simple and straightforward code implementation effort. 1 figs., 10 refs. (Author)

  12. Performance Testing Methodology for Safety-Critical Programmable Logic Controller

    International Nuclear Information System (INIS)

    Kim, Chang Ho; Oh, Do Young; Kim, Ji Hyeon; Kim, Sung Ho; Sohn, Se Do

    2009-01-01

    The Programmable Logic Controller (PLC) for use in Nuclear Power Plant safety-related applications is being developed and tested first time in Korea. This safety-related PLC is being developed with requirements of regulatory guideline and industry standards for safety system. To test that the quality of the developed PLC is sufficient to be used in safety critical system, document review and various product testings were performed over the development documents for S/W, H/W, and V/V. This paper provides the performance testing methodology and its effectiveness for PLC platform conducted by KOPEC

  13. HyLTL: a temporal logic for model checking hybrid systems

    Directory of Open Access Journals (Sweden)

    Davide Bresolin

    2013-08-01

    Full Text Available The model-checking problem for hybrid systems is a well known challenge in the scientific community. Most of the existing approaches and tools are limited to safety properties only, or operates by transforming the hybrid system to be verified into a discrete one, thus loosing information on the continuous dynamics of the system. In this paper we present a logic for specifying complex properties of hybrid systems called HyLTL, and we show how it is possible to solve the model checking problem by translating the formula into an equivalent hybrid automaton. In this way the problem is reduced to a reachability problem on hybrid automata that can be solved by using existing tools.

  14. A study on quantitative V and V of safety-critical software

    International Nuclear Information System (INIS)

    Eom, H. S.; Kang, H. G.; Chang, S. C.; Ha, J. J.; Son, H. S.

    2004-03-01

    Recently practical needs have required quantitative features for the software reliability for Probabilistic Safety Assessment which is one of the important methods being used in assessing the overall safety of nuclear power plant. But the conventional assessment methods of software reliability could not provide enough information for PSA of NPP, therefore current assessments of a digital system which includes safety-critical software usually exclude the software part or use arbitrary values. This paper describes a Bayesian Belief Networks based method that models the rule-based qualitative software assessment method for a practical use and can produce quantitative results for PSA. The framework was constructed by utilizing BBN that can combine the qualitative and quantitative evidence relevant to the reliability of safety-critical software and can infer a conclusion in a formal and a quantitative way. The case study was performed by applying the method for assessing the quality of software requirement specification of safety-critical software that will be embedded in reactor protection system

  15. Tank farms criticality safety manual

    International Nuclear Information System (INIS)

    FORT, L.A.

    2003-01-01

    This document defines the Tank Farms Contractor (TFC) criticality safety program, as required by Title 10 Code of Federal Regulations (CFR-), Subpart 830.204(b)(6), ''Documented Safety Analysis'' (10 CFR- 830.204 (b)(6)), and US Department of Energy (DOE) 0 420.1A, Facility Safety, Section 4.3, ''Criticality Safety.'' In addition, this document contains certain best management practices, adopted by TFC management based on successful Hanford Site facility practices. Requirements in this manual are based on the contractor requirements document (CRD) found in Attachment 2 of DOE 0 420.1A, Section 4.3, ''Nuclear Criticality Safety,'' and the cited revisions of applicable standards published jointly by the American National Standards Institute (ANSI) and the American Nuclear Society (ANS) as listed in Appendix A. As an informational device, requirements directly imposed by the CRD or ANSI/ANS Standards are shown in boldface. Requirements developed as best management practices through experience and maintained consistent with Hanford Site practice are shown in italics. Recommendations and explanatory material are provided in plain type

  16. Safety prediction for basic components of safety-critical software based on static testing

    International Nuclear Information System (INIS)

    Son, H.S.; Seong, P.H.

    2000-01-01

    The purpose of this work is to develop a safety prediction method, with which we can predict the risk of software components based on static testing results at the early development stage. The predictive model combines the major factor with the quality factor for the components, which are calculated based on the measures proposed in this work. The application to a safety-critical software system demonstrates the feasibility of the safety prediction method. (authors)

  17. Developing software for safety-critical applications

    International Nuclear Information System (INIS)

    Chudleigh, M.

    1989-01-01

    The effective implementation of many safety-critical systems involves microprocessors running software which needs to be of very high integrity. This article describes some of the problems of producing such software and the place of software within the total system. A development strategy is proposed based on three principles: the goal of defect-free development, the use of mathematical formalism, and the use of an independent team for testing. (author)

  18. Definition and Means of Maintaining the Criticality Prevention Design Features Portion of the PFP Safety Envelope

    International Nuclear Information System (INIS)

    RAMBLE, A.L.

    2000-01-01

    The purpose of this document is to record the technical evaluation of the Operational Safety Requirements described in the Plutonium Finishing Plant Final (PFP) Operational Safety Requirements, WHC-SD-CP-OSR-010. Rev. 0-N , Section 3.1.1, ''Criticality Prevention System.'' This document, with its appendices, provides the following: (1) The results of a review of Criticality Safety Analysis Reports (CSAR), later called Criticality Safety Evaluation Reports (CSER), and Criticality Prevention Specifications (CPS) to determine which equipment or components analyzed in the CSER or CPS are considered as one of the two unlikely, independent, and concurrent changes before a criticality accident is possible. (2) Evaluations of equipment or components to determine the safety boundary for the system (Section 4). (3) A list of essential drawings that show the safety system or component (Appendix A). (4) A list of the safety envelope (SE) equipment (Appendix B). (5) Functional requirements for the individual safety envelope equipment (Sections 3 and 4). (6) A list of the operational and surveillance procedures necessary to maintain the system equipment within the safety envelope (Section 5)

  19. Enhanced FAA-hybrid III numerical dummy model in Madymo for aircraft occupant safety assessment

    NARCIS (Netherlands)

    Boucher, H.; Waagmeester, C.D.

    2003-01-01

    To improve survivability and to minimize the risk of injury to occupants in helicopter crash events, a complete Cabin Safety System concept including safety features and an enhanced FAA-Hybrid III dummy were developed within the HeliSafe project. A numerical tool was also created and validated to

  20. Reusable libraries for safety-critical Java

    DEFF Research Database (Denmark)

    Rios Rivas, Juan Ricardo; Schoeberl, Martin

    2014-01-01

    The large collection of Java class libraries is a main factor of the success of Java. However, these libraries assume that a garbage-collected heap is used. Safety-critical Java uses scope-based memory areas instead of a garbage-collected heap. Therefore, the Java class libraries are problematic...... to use in safety-critical Java. We have identified common programming patterns in the Java class libraries that make them unsuitable for safety-critical Java. We propose ways to improve the libraries to avoid the impact of the identified problematic patterns. We illustrate these changes by implementing...

  1. Critical Incident Stress Management (CISM) in complex systems: cultural adaptation and safety impacts in healthcare.

    Science.gov (United States)

    Müller-Leonhardt, Alice; Mitchell, Shannon G; Vogt, Joachim; Schürmann, Tim

    2014-07-01

    In complex systems, such as hospitals or air traffic control operations, critical incidents (CIs) are unavoidable. These incidents can not only become critical for victims but also for professionals working at the "sharp end" who may have to deal with critical incident stress (CIS) reactions that may be severe and impede emotional, physical, cognitive and social functioning. These CIS reactions may occur not only under exceptional conditions but also during every-day work and become an important safety issue. In contrast to air traffic management (ATM) operations in Europe, which have readily adopted critical incident stress management (CISM), most hospitals have not yet implemented comprehensive peer support programs. This survey was conducted in 2010 at the only European general hospital setting which implemented CISM program since 2004. The aim of the article is to describe possible contribution of CISM in hospital settings framed from the perspective of organizational safety and individual health for healthcare professionals. Findings affirm that daily work related incidents also can become critical for healthcare professionals. Program efficiency appears to be influenced by the professional culture, as well as organizational structure and policies. Overall, findings demonstrate that the adaptation of the CISM program in general hospitals takes time but, once established, it may serve as a mechanism for changing professional culture, thereby permitting the framing of even small incidents or near misses as an opportunity to provide valuable feedback to the system. Copyright © 2014 Elsevier Ltd. All rights reserved.

  2. Plutonium Finishing Plant (PFP) Criticality Alarm System Commercial Grade Item (CGI) Critical Characteristics

    International Nuclear Information System (INIS)

    WHITE, W.F.

    1999-01-01

    This document specifies the critical characteristics for Commercial Grade Items (CGI) procured for PFP's criticality alarm system as required by HNF-PRO-268 and HNF-PRO-1819. These are the minimum specifications that the equipment must meet in order to properly perform its safety function. There may be several manufacturers or models that meet the critical characteristics for any one item. PFP's Criticality Alarm System includes the nine criticality alarm system panels and their associated hardware. This includes all parts up to the first breaker in the electrical distribution system. Specific system boundaries and justifications are contained in HNF-SD-CP-SDD-003, ''Definition and Means of Maintaining the Criticality Detectors and Alarms Portion of the PFP Safety Envelope.'' The procurement requirements associated with the system necessitates procurement of some system equipment as Commercial Grade Items in accordance with HNF-PRO-268, ''Control of Purchased Items and Services.''

  3. Safety prediction for basic components of safety critical software based on static testing

    International Nuclear Information System (INIS)

    Son, H.S.; Seong, P.H.

    2001-01-01

    The purpose of this work is to develop a safety prediction method, with which we can predict the risk of software components based on static testing results at the early development stage. The predictive model combines the major factor with the quality factor for the components, both of which are calculated based on the measures proposed in this work. The application to a safety-critical software system demonstrates the feasibility of the safety prediction method. (authors)

  4. Overview of DOE/ONS criticality safety projects

    International Nuclear Information System (INIS)

    Barber, R.W.; Brown, B.P.; Hopper, C.M.

    1985-01-01

    The evolution of Federal involvement with nuclear criticality safety has traversed through the 1940's and early 1950's with the Manhattan Engineering District, the 1950's and 1960's with the Atomic Energy Commission, the early 1970's with the Energy Research and Development Administration, and the late 1970's to date with the US Department of Energy. The importance of nuclear criticality safety has been maintained throughout these periods; however, criticality safety has received shifting emphases in research/applications, promulgations of regulations/standards, origins of fiscal support and organization. In June 1981 the Office of Nuclear Safety was established in response to a Department of Energy study of the impact of the March 1979 Three Mile Island accident. The organizational structure of the ONS, its program for establishing and maintaining a progressive nuclear criticality safety program, and associated projects, and current history of ONS's fiscal support of program projects is presented. With the establishment of the ONS came concomitant missions to develop and maintain nuclear safety policy and requirements, to provide independent assurance that nuclear operations are performed safely, to provide resources and management for DOE responses to nuclear accidents, and to provide technical support. In the past four years, ONS has developed and initiated a continuing Department Nuclear Criticality Safety Program in such areas as communications and information, physics of criticality, knowledge of factors affecting criticality, and computational capability

  5. A Profile for Safety Critical Java

    DEFF Research Database (Denmark)

    Schoeberl, Martin; Søndergaard, Hans; Thomsen, Bent

    2007-01-01

    We propose a new, minimal specification for real-time Java for safety critical applications. The intention is to provide a profile that supports programming of applications that can be validated against safety critical standards such as DO-178B [15]. The proposed profile is in line with the Java...... specification request JSR-302: Safety Critical Java Technology, which is still under discussion. In contrast to the current direction of the expert group for the JSR-302 we do not subset the rather complex Real-Time Specification for Java (RTSJ). Nevertheless, our profile can be implemented on top of an RTSJ...

  6. Nuclear criticality safety practices in digestion systems of the large scale production facility of the Department of Energy at Fernald

    International Nuclear Information System (INIS)

    Dolan, L.C.

    1982-01-01

    Nuclear criticality safety practices used at the Feed Materials Production Center at Fernald, Ohio in conjunction with its metal dissolving and nonmetal, e.g., ash and ore concentrates, digesting operations are reviewed. Operating procedures with several different types of dissolver or digestor systems, i.e., metal dissolver, continuous, drum and safe geometry, are discussed. Calculations performed to verify the criticality safety of the operations are described

  7. Evaluation of Model Driven Development of Safety Critical Software in the Nuclear Power Plant I and C system

    International Nuclear Information System (INIS)

    Jung, Jae Cheon; Chang, Hoon Seon; Chang, Young Woo; Kim, Jae Hack; Sohn, Se Do

    2005-01-01

    The major issues of the safety critical software are formalism and V and V. Implementing these two characteristics in the safety critical software will greatly enhance the quality of software product. The structure based development requires lots of output documents from the requirements phase to the testing phase. The requirements analysis phase is open omitted. According to the Standish group report in 2001, 49% of software project is cancelled before completion or never implemented. In addition, 23% is completed and become operational, but over-budget, over the time estimation, and with fewer features and functions than initially specified. They identified ten success factors. Among them, firm basic requirements and formal methods are technically achievable factors while the remaining eight are management related. Misunderstanding of requirements due to lack of communication between the design engineer and verification engineer causes unexpected result such as functionality error of system. Safety critical software shall comply with such characteristics as; modularity, simplicity, minimizing the sub-routine, and excluding the interrupt routine. In addition, the crosslink fault and erroneous function shall be eliminated. The easiness of repairing work after the installation shall be achieved as well. In consideration of the above issues, we evaluate the model driven development (MDD) methods for nuclear I and C systems software. For qualitative analysis, the unified modeling language (UML), functional block language (FBL) and the safety critical application environment (SCADE) are tested for the above characteristics

  8. Optimal Braking Patterns and Forces in Autonomous Safety-Critical Maneuvers

    OpenAIRE

    Fors, Victor

    2018-01-01

    The trend of more advanced driver-assistance features and the development toward autonomous vehicles enable new possibilities in the area of active safety. With more information available in the vehicle about the surrounding traffic and the road ahead, there is the possibility of improved active-safety systems that make use of this information for stability control in safety-critical maneuvers. Such a system could adaptively make a trade-off between controlling the longitudinal, lateral, and ...

  9. Nuclear criticality safety in Canada

    International Nuclear Information System (INIS)

    Shultz, K.R.

    1980-04-01

    The approach taken to nuclear criticality safety in Canada has been influenced by the historical development of participants. The roles played by governmental agencies and private industry since the Atomic Energy Control Act was passed into Canadian Law in 1946 are outlined to set the scene for the current situation and directions that may be taken in the future. Nuclear criticality safety puts emphasis on the control of materials called special fissionable material in Canada. A brief account is given of the historical development and philosophy underlying the existing regulations governing special fissionable material. Subsequent events have led to a change in emphasis in the regulatory process that has not yet been fully integrated into Canadian legislation and regulations. Current efforts towards further development of regulations governing the practice of nuclear criticality safety are described. (auth)

  10. Critical function monitoring system algorithm development

    International Nuclear Information System (INIS)

    Harmon, D.L.

    1984-01-01

    Accurate critical function status information is a key to operator decision-making during events threatening nuclear power plant safety. The Critical Function Monitoring System provides continuous critical function status monitoring by use of algorithms which mathematically represent the processes by which an operating staff would determine critical function status. This paper discusses in detail the systematic design methodology employed to develop adequate Critical Function Monitoring System algorithms

  11. NMC and A and nuclear criticality safety systems integration: A prospective way for enhancement of the nuclear industry facilities safety

    International Nuclear Information System (INIS)

    Ryazanov, Boris G.; Sviridov, Victor I.; Frolov, Vladimir V.; Shvedov, Maxim O.; Mclaughlin, Thomas P.; Pruvost, Norman L.

    2003-01-01

    A considerable body of data has now been acquired about the principles, parameters and consequences of nuclear (criticality) accidents at facilities of the atomic industry in Russia, the United States, Great Britain and Japan. The total number of such accidents stands at 22. Russian and US specialists have prepared a rather extensive survey and analysis of these accidents. The final and important section of this survey is the lessons implied by the results of analysis of these 22 accidents. Among these lessons is the necessity of unconditional enforcement of control over the movement and transformations of special nuclear materials (SNM), and in particular fissile materials, (those SNMs with criticality accident concerns) during production and processing. Inadequacies in such control have been among the causes of most of the accidents that have occurred. Nuclear materials control and accounting (MC and A) for the purpose of ensuring storage reliability and nonproliferation safeguards is a major task of nuclear facilities in any nation. MC and A systems use the latest techniques and hardware for periodic control of SNM in specifically organized material balance areas. Immediate checking, periodic inventory of SNM, and measurements of the parameters of SNM at key points are the main sources of data for these systems. Data about the presence and sites of location of SNM in material balance areas that are acquired in inventories can be used for objective assessment of the status of nuclear safety. On the other hand, the inventory itself involves performance of operations that are unlike routine process engineering, and require special consideration of nuclear safety. Use of the techniques and hardware of MC and A systems not only for purposes of storage reliability, but also to ensure nuclear safety, will reduce the risk of nuclear accidents. This paper gives a concise overview of nuclear accidents that have occurred due to inadequacies in MC and A, and demonstrates

  12. Cyber Security Threats to Safety-Critical, Space-Based Infrastructures

    Science.gov (United States)

    Johnson, C. W.; Atencia Yepez, A.

    2012-01-01

    Space-based systems play an important role within national critical infrastructures. They are being integrated into advanced air-traffic management applications, rail signalling systems, energy distribution software etc. Unfortunately, the end users of communications, location sensing and timing applications often fail to understand that these infrastructures are vulnerable to a wide range of security threats. The following pages focus on concerns associated with potential cyber-attacks. These are important because future attacks may invalidate many of the safety assumptions that support the provision of critical space-based services. These safety assumptions are based on standard forms of hazard analysis that ignore cyber-security considerations This is a significant limitation when, for instance, security attacks can simultaneously exploit multiple vulnerabilities in a manner that would never occur without a deliberate enemy seeking to damage space based systems and ground infrastructures. We address this concern through the development of a combined safety and security risk assessment methodology. The aim is to identify attack scenarios that justify the allocation of additional design resources so that safety barriers can be strengthened to increase our resilience against security threats.

  13. Nuclear Criticality Safety Organization training implementation. Revision 4

    International Nuclear Information System (INIS)

    Carroll, K.J.; Taylor, R.G.; Worley, C.A.

    1997-01-01

    The Nuclear Criticality Safety Organization (NCSO) is committed to developing and maintaining a staff of qualified personnel to meet the current and anticipated needs in Nuclear Criticality Safety (NCS) at the Oak Ridge Y-12 Plant. This document provides a listing of the roles and responsibilities of NCSO personnel with respect to training and details of the Training Management System (TMS) programs, Mentoring Checklists and Checksheets, as well as other documentation utilized to implement the program. This Training Implementation document is applicable to all technical and managerial NCSO personnel, including temporary personnel, sub-contractors and/or LMES employees on loan to the NCSO, who are in a qualification program

  14. Nuclear Criticality Safety Organization training implementation. Revision 4

    Energy Technology Data Exchange (ETDEWEB)

    Carroll, K.J.; Taylor, R.G.; Worley, C.A.

    1997-05-19

    The Nuclear Criticality Safety Organization (NCSO) is committed to developing and maintaining a staff of qualified personnel to meet the current and anticipated needs in Nuclear Criticality Safety (NCS) at the Oak Ridge Y-12 Plant. This document provides a listing of the roles and responsibilities of NCSO personnel with respect to training and details of the Training Management System (TMS) programs, Mentoring Checklists and Checksheets, as well as other documentation utilized to implement the program. This Training Implementation document is applicable to all technical and managerial NCSO personnel, including temporary personnel, sub-contractors and/or LMES employees on loan to the NCSO, who are in a qualification program.

  15. Critical incidents related to cardiac arrests reported to the Danish Patient Safety Database

    DEFF Research Database (Denmark)

    Andersen, Peter Oluf; Maaløe, Rikke; Andersen, Henning Boje

    2010-01-01

    Background Critical incident reports can identify areas for improvement in resuscitation practice. The Danish Patient Safety Database is a mandatory reporting system and receives critical incident reports submitted by hospital personnel. The aim of this study is to identify, analyse and categorize...... critical incidents related to cardiac arrests reported to the Danish Patient Safety Database. Methods The search terms “cardiac arrest” and “resuscitation” were used to identify reports in the Danish Patient Safety Database. Identified critical incidents were then classified into categories. Results One...

  16. Criticality safety enhancements for SCALE 6.2 and beyond

    International Nuclear Information System (INIS)

    Rearden, Bradley T.; Bekar, Kursat B.; Celik, Cihangir; Clarno, Kevin T.; Dunn, Michael E.; Hart, Shane W.; Ibrahim, Ahmad M.; Johnson, Seth R.; Langley, Brandon R.; Lefebvre, Jordan P.; Lefebvre, Robert A.; Marshall, William J.; Mertyurek, Ugur; Mueller, Don; Peplow, Douglas E.; Perfetti, Christopher M.; Petrie Jr, Lester M.; Thompson, Adam B.; Wiarda, Dorothea; Wieselquist, William A.; Williams, Mark L.

    2015-01-01

    SCALE is a widely used suite of tools for nuclear systems modeling and simulation that provides comprehensive, verified and validated, user-friendly capabilities for criticality safety, reactor physics, radiation shielding, and sensitivity and uncertainty analysis. Since 1980, regulators, industry, and research institutions around the world have relied on SCALE for nuclear safety analysis and design. SCALE 6.2 provides several new capabilities and significant improvements in many existing features for criticality safety analysis. Enhancements are realized for nuclear data; multigroup resonance self-shielding; continuous-energy Monte Carlo analysis for sensitivity/uncertainty analysis, radiation shielding, and depletion; and graphical user interfaces. An overview of these capabilities is provided in this paper, and additional details are provided in several companion papers.

  17. Evaluation of the safety and efficacy of Glycyrrhiza uralensis root extracts produced using artificial hydroponic and artificial hydroponic-field hybrid cultivation systems.

    Science.gov (United States)

    Akiyama, H; Nose, M; Ohtsuki, N; Hisaka, S; Takiguchi, H; Tada, A; Sugimoto, N; Fuchino, H; Inui, T; Kawano, N; Hayashi, S; Hishida, A; Kudo, T; Sugiyama, K; Abe, Y; Mutsuga, M; Kawahara, N; Yoshimatsu, K

    2017-01-01

    Glycyrrhiza uralensis roots used in this study were produced using novel cultivation systems, including artificial hydroponics and artificial hydroponic-field hybrid cultivation. The equivalency between G. uralensis root extracts produced by hydroponics and/or hybrid cultivation and a commercial Glycyrrhiza crude drug were evaluated for both safety and efficacy, and there were no significant differences in terms of mutagenicity on the Ames tests. The levels of cadmium and mercury in both hydroponic roots and crude drugs were less than the limit of quantitation. Arsenic levels were lower in all hydroponic roots than in the crude drug, whereas mean lead levels in the crude drug were not significantly different from those in the hydroponically cultivated G. uralensis roots. Both hydroponic and hybrid-cultivated root extracts showed antiallergic activities against contact hypersensitivity that were similar to those of the crude drug extracts. These study results suggest that hydroponic and hybrid-cultivated roots are equivalent in safety and efficacy to those of commercial crude drugs. Further studies are necessary before the roots are applicable as replacements for the currently available commercial crude drugs produced from wild plant resources.

  18. Nuclear criticality safety: 3-day training course

    International Nuclear Information System (INIS)

    Schlesser, J.A.

    1993-06-01

    The open-quotes 3-Day Training Courseclose quotes is an intensive course in criticality safety consisting of lectures and laboratory sessions, including active student participation in actual critical experiments, a visit to a plutonium processing facility, and in-depth discussions on safety philosophy. The program is directed toward personnel who currently have criticality safety responsibilities in the capacity of supervisory staff and/or line management. This compilation of notes is presented as a source reference for the criticality safety course. It represents the contributions of many people, particularly Tom McLaughlin, the course's primary instructor. It should be noted that when chapters were extracted, an attempt was made to maintain footnotes and references as originally written. Photographs and illustrations are numbered sequentially

  19. Validation testing of safety-critical software

    International Nuclear Information System (INIS)

    Kim, Hang Bae; Han, Jae Bok

    1995-01-01

    A software engineering process has been developed for the design of safety critical software for Wolsung 2/3/4 project to satisfy the requirements of the regulatory body. Among the process, this paper described the detail process of validation testing performed to ensure that the software with its hardware, developed by the design group, satisfies the requirements of the functional specification prepared by the independent functional group. To perform the tests, test facility and test software were developed and actual safety system computer was connected. Three kinds of test cases, i.e., functional test, performance test and self-check test, were programmed and run to verify each functional specifications. Test failures were feedback to the design group to revise the software and test results were analyzed and documented in the report to submit to the regulatory body. The test methodology and procedure were very efficient and satisfactory to perform the systematic and automatic test. The test results were also acceptable and successful to verify the software acts as specified in the program functional specification. This methodology can be applied to the validation of other safety-critical software. 2 figs., 2 tabs., 14 refs. (Author)

  20. Assessments of the kinetic and dynamic transient behavior of sub-critical systems (ADS) in comparison to critical reactor systems

    International Nuclear Information System (INIS)

    Schikorr, W.M.

    2001-01-01

    The neutron kinetic and the reactor dynamic behavior of Accelerator Driven Systems (ADS) is significantly different from those of conventional power reactor systems currently in use for the production of power. It is the objective of this study to examine and to demonstrate the intrinsic differences of the kinetic and dynamic behavior of accelerator driven systems to typical plant transient initiators in comparison to the known, kinetic and dynamic behavior of critical thermal and fast reactor systems. It will be shown that in sub-critical assemblies, changes in reactivity or in the external neutron source strength lead to an asymptotic power level essentially described by the instantaneous power change (i.e. prompt jump). Shutdown of ADS operating at high levels of sub-criticality, (i.e. k eff ∼0.99), without the support of reactivity control systems (such as control or safety rods), may be problematic in case the ability of cooling of the core should be impaired (i.e. loss of coolant flow). In addition, the dynamic behavior of sub-critical systems to typical plant transients such as protected or unprotected loss of flow (LOF) or heat sink (LOH) transients are not necessarily substantially different from the plant dynamic behavior of critical systems if the reactivity feedback coefficients of the ADS design are unfavorable. As expected, the state of sub-criticality and the temperature feedback coefficients, such as Doppler and coolant temperature coefficient, play dominant roles in determining the course and direction of plant transients. Should the combination of these safety coefficients be very unfavorable, not much additional margin in safety may be gained by making a critical system only sub-critical (i.e. k eff ∼0.95). A careful optimization procedure between the selected operating level of sub-criticality, the safety reactivity coefficients and the possible need for additional reactivity control systems seems, therefore, advisable during the early

  1. Microbiological performance of Hazard Analysis Critical Control Point (HACCP)-based food safety management systems: A case of Nile perch processing company

    NARCIS (Netherlands)

    Kussaga, J.B.; Luning, P.A.; Tiisekwa, B.P.M.; Jacxsens, L.

    2017-01-01

    This study aimed at giving insight into microbiological safety output of a Hazard Analysis Critical Control Point (HACCP)-based Food Safety Management System (FSMS) of a Nile perch exporting company by using a combined assessment, This study aimed at giving insight into microbiological safety output

  2. Status of criticality safety research at NUCEF

    Energy Technology Data Exchange (ETDEWEB)

    Nakajima, Ken [Japan Atomic Energy Research Inst., Tokai, Ibaraki (Japan). Tokai Research Establishment

    1998-03-01

    Two critical facilities, named STACY (Static Experiment Critical Facility) and TRACY (Transient Experiment Critical Facility), at the Nuclear Fuel Cycle Safety Engineering Research Facility (NUCEF) started their hot operations in 1995. Since then, basic experimental data for criticality safety research have been accumulated using STACY, and supercritical experiments for the study of criticality accident in a reprocessing plant have been performed using TRACY. In this paper, the outline of those critical facilities and the main results of TRACY experiments are presented. (author)

  3. Dynamic modeling of the tradeoff between productivity and safety in critical engineering systems

    International Nuclear Information System (INIS)

    Cowing, Michelle M.; Elisabeth Pate-Cornell, M.; Glynn, Peter W.

    2004-01-01

    Short-term tradeoffs between productivity and safety often exist in the operation of critical facilities such as nuclear power plants, offshore oil platforms, or simply individual cars. For example, interruption of operations for maintenance on demand can decrease short-term productivity but may be needed to ensure safety. Operations are interrupted for several reasons: scheduled maintenance, maintenance on demand, response to warnings, subsystem failure, or a catastrophic accident. The choice of operational procedures (e.g. timing and extent of scheduled maintenance) generally affects the probabilities of both production interruptions and catastrophic failures. In this paper, we present and illustrate a dynamic probabilistic model designed to describe the long-term evolution of such a system through the different phases of operation, shutdown, and possibly accident. The model's parameters represent explicitly the effects of different components' performance on the system's safety and reliability through an engineering probabilistic risk assessment (PRA). In addition to PRA, a Markov model is used to track the evolution of the system and its components through different performance phases. The model parameters are then linked to different operations strategies, to allow computation of the effects of each management strategy on the system's long-term productivity and safety. Decision analysis is then used to support the management of the short-term trade-offs between productivity and safety in order to maximize long-term performance. The value function is that of plant managers, within the constraints set by local utility commissions and national (e.g. energy) agencies. This model is illustrated by the case of outages (planned and unplanned) in nuclear power plants to show how it can be used to guide policy decisions regarding outage frequency and plant lifetime, and more specifically, the choice of a reactor tripping policy as a function of the state of the

  4. Proceedings of the Nuclear Criticality Technology Safety Workshop

    Energy Technology Data Exchange (ETDEWEB)

    Rene G. Sanchez

    1998-04-01

    This document contains summaries of most of the papers presented at the 1995 Nuclear Criticality Technology Safety Project (NCTSP) meeting, which was held May 16 and 17 at San Diego, Ca. The meeting was broken up into seven sessions, which covered the following topics: (1) Criticality Safety of Project Sapphire; (2) Relevant Experiments For Criticality Safety; (3) Interactions with the Former Soviet Union; (4) Misapplications and Limitations of Monte Carlo Methods Directed Toward Criticality Safety Analyses; (5) Monte Carlo Vulnerabilities of Execution and Interpretation; (6) Monte Carlo Vulnerabilities of Representation; and (7) Benchmark Comparisons.

  5. Program of nuclear criticality safety experiment at JAERI

    International Nuclear Information System (INIS)

    Kobayashi, Iwao; Tachimori, Shoichi; Takeshita, Isao; Suzaki, Takenori; Ohnishi, Nobuaki

    1983-11-01

    JAERI is promoting the nuclear criticality safety research program, in which a new facility for criticality safety experiments (Criticality Safety Experimental Facility : CSEF) is to be built for the experiments with solution fuel. One of the experimental researches is to measure, collect and evaluate the experimental data needed for evaluation of criticality safety of the nuclear fuel cycle facilities. Another research area is a study of the phenomena themselves which are incidental to postulated critical accidents. Investigation of the scale and characteristics of the influences caused by the accident is also included in this research. The result of the conceptual design of CSEF is summarized in this report. (author)

  6. Towards the certification of non-deterministic control systems for safety-critical applications: analysing aviation analogies for possible certification strategies

    CSIR Research Space (South Africa)

    Burger, CR

    2011-11-01

    Full Text Available Current certification criteria for safety-critical systems exclude non-deterministic control systems. This paper investigates the feasibility of using human-like monitoring strategies to achieve safe non-deterministic control using multiple...

  7. Classification for Safety-Critical Car-Cyclist Scenarios Using Machine Learning

    NARCIS (Netherlands)

    Cara, I.; Gelder, E.D.

    2015-01-01

    The number of fatal car-cyclist accidents is increasing. Advanced Driver Assistance Systems (ADAS) can improve the safety of cyclists, but they need to be tested with realistic safety-critical car-cyclist scenarios. In order to store only relevant scenarios, an online classification algorithm is

  8. Electric energy storage systems for future hybrid vehicles

    Energy Technology Data Exchange (ETDEWEB)

    Kemper, Hans; Huelshorst, Thomas [FEV Motorentechnik GmbH, Aachen (Germany); Sauer, Dirk Uwe [Elektrochemische Energiewandlung und Speichersystemtechnik, ISEA, RWTH Aachen Univ. (Germany)

    2008-07-01

    Electric energy storage systems play a key role in today's and even more in future hybrid and electric vehicles. They enable new additional functionalities like Start/Stop, regenerative braking or electric boost and pure electric drive. This article discusses properties and requirements of battery systems like power provision, energy capacity, life time as a function of the hybrid concepts and the real operating conditions of the today's and future hybrid drivetrains. Battery cell technology, component sizing, system design, operating strategy safety measures and diagnosis, modularity and vehicle integration are important battery development topics. A final assessment will draw the conclusion that future drivetrain concepts with higher degree of electrician will be significantly dependent on the progress of battery technology. (orig.)

  9. Ontario Hydro experience in the identification and mitigation of potential failures in safety critical software systems

    International Nuclear Information System (INIS)

    Huget, R.G.; Viola, M.; Froebel, P.A.

    1995-01-01

    Ontario Hydro has had experience in designing and qualifying safety critical software used in the reactor shutdown systems of its nuclear generating stations. During software design, an analysis of system level hazards and potential hardware failure effects provide input to determining what safeguards will be needed. One form of safeguard, called software self checks, continually monitor the health of the computer on line. The design of self checks usually is a trade off between the amount of computing resources required, the software complexity, and the level of safeguarding provided. As part of the software verification activity, a software hazards analysis is performed, which identifiers any failure modes that could lead to the software causing an unsafe state, and which recommends changes to mitigate that potential. These recommendations may involve a re-structuring of the software to be more resistant to failure, or the introduction of other safeguarding measures. This paper discusses how Ontario Hydro has implemented these aspects of software design and verification into safety critical software used in reactor shutdown systems

  10. The International Criticality Safety Benchmark Evaluation Project

    International Nuclear Information System (INIS)

    Briggs, B. J.; Dean, V. F.; Pesic, M. P.

    2001-01-01

    In order to properly manage the risk of a nuclear criticality accident, it is important to establish the conditions for which such an accident becomes possible for any activity involving fissile material. Only when this information is known is it possible to establish the likelihood of actually achieving such conditions. It is therefore important that criticality safety analysts have confidence in the accuracy of their calculations. Confidence in analytical results can only be gained through comparison of those results with experimental data. The Criticality Safety Benchmark Evaluation Project (CSBEP) was initiated in October of 1992 by the US Department of Energy. The project was managed through the Idaho National Engineering and Environmental Laboratory (INEEL), but involved nationally known criticality safety experts from Los Alamos National Laboratory, Lawrence Livermore National Laboratory, Savannah River Technology Center, Oak Ridge National Laboratory and the Y-12 Plant, Hanford, Argonne National Laboratory, and the Rocky Flats Plant. An International Criticality Safety Data Exchange component was added to the project during 1994 and the project became what is currently known as the International Criticality Safety Benchmark Evaluation Project (ICSBEP). Representatives from the United Kingdom, France, Japan, the Russian Federation, Hungary, Kazakhstan, Korea, Slovenia, Yugoslavia, Spain, and Israel are now participating on the project In December of 1994, the ICSBEP became an official activity of the Organization for Economic Cooperation and Development - Nuclear Energy Agency's (OECD-NEA) Nuclear Science Committee. The United States currently remains the lead country, providing most of the administrative support. The purpose of the ICSBEP is to: (1) identify and evaluate a comprehensive set of critical benchmark data; (2) verify the data, to the extent possible, by reviewing original and subsequently revised documentation, and by talking with the

  11. Measurability and Safety Verification for Stochastic Hybrid Systems

    DEFF Research Database (Denmark)

    Fränzle, Martin; Hahn, Ernst Moritz; Hermanns, Holger

    2011-01-01

    method that establishes safe upper bounds on reachability probabilities. To arrive there requires us to solve semantic intricacies as well as practical problems. In particular, we show that measurability of a complete system follows from the measurability of its constituent parts. On the practical side......-time behaviour is given by differential equations, as for usual hybrid systems, but the targets of discrete jumps are chosen by probability distributions. These distributions may be general measures on state sets. Also non-determinism is supported, and the latter is exploited in an abstraction and evaluation...

  12. Critical roles of orthopaedic surgeon leadership in healthcare systems to improve orthopaedic surgical patient safety.

    Science.gov (United States)

    Kuo, Calvin C; Robb, William J

    2013-06-01

    The prevention of medical and surgical harm remains an important public health problem despite increased awareness and implementation of safety programs. Successful introduction and maintenance of surgical safety programs require both surgeon leadership and collaborative surgeon-hospital alignment. Documentation of success of such surgical safety programs in orthopaedic practice is limited. We describe the scope of orthopaedic surgical patient safety issues, define critical elements of orthopaedic surgical safety, and outline leadership roles for orthopaedic surgeons needed to establish and sustain a culture of safety in contemporary healthcare systems. We identified the most common causes of preventable surgical harm based on adverse and sentinel surgical events reported to The Joint Commission. A comprehensive literature review through a MEDLINE(®) database search (January 1982 through April 2012) to identify pertinent orthopaedic surgical safety articles found 14 articles. Where gaps in orthopaedic literature were identified, the review was supplemented by 22 nonorthopaedic surgical references. Our final review included 36 articles. Six important surgical safety program elements needed to eliminate preventable surgical harm were identified: (1) effective surgical team communication, (2) proper informed consent, (3) implementation and regular use of surgical checklists, (4) proper surgical site/procedure identification, (5) reduction of surgical team distractions, and (6) routine surgical data collection and analysis to improve the safety and quality of surgical patient care. Successful surgical safety programs require a culture of safety supported by all six key surgical safety program elements, active surgeon champions, and collaborative hospital and/or administrative support designed to enhance surgical safety and improve surgical patient outcomes. Further research measuring improvements from such surgical safety systems in orthopaedic care is needed.

  13. Resilience Engineering in Critical Long Term Aerospace Software Systems: A New Approach to Spacecraft Software Safety

    Science.gov (United States)

    Dulo, D. A.

    Safety critical software systems permeate spacecraft, and in a long term venture like a starship would be pervasive in every system of the spacecraft. Yet software failure today continues to plague both the systems and the organizations that develop them resulting in the loss of life, time, money, and valuable system platforms. A starship cannot afford this type of software failure in long journeys away from home. A single software failure could have catastrophic results for the spaceship and the crew onboard. This paper will offer a new approach to developing safe reliable software systems through focusing not on the traditional safety/reliability engineering paradigms but rather by focusing on a new paradigm: Resilience and Failure Obviation Engineering. The foremost objective of this approach is the obviation of failure, coupled with the ability of a software system to prevent or adapt to complex changing conditions in real time as a safety valve should failure occur to ensure safe system continuity. Through this approach, safety is ensured through foresight to anticipate failure and to adapt to risk in real time before failure occurs. In a starship, this type of software engineering is vital. Through software developed in a resilient manner, a starship would have reduced or eliminated software failure, and would have the ability to rapidly adapt should a software system become unstable or unsafe. As a result, long term software safety, reliability, and resilience would be present for a successful long term starship mission.

  14. Criticality safety validation of MCNP5 using continuous energy libraries

    International Nuclear Information System (INIS)

    Salome, Jean A.D.; Pereira, Claubia; Assuncao, Jonathan B.A.; Veloso, Maria Auxiliadora F.; Costa, Antonella L.; Silva, Clarysson A.M. da

    2013-01-01

    The study of subcritical systems is very important in the design, installation and operation of various devices, mainly nuclear reactors and power plants. The information generated by these systems guide the decisions to be taken in the executive project, the economic viability and the safety measures to be employed in a nuclear facility. Simulating some experiments from the International Handbook of Evaluated Criticality Safety Benchmark Experiments, the code MCNP5 was validated to nuclear criticality analysis. Its continuous libraries were used. The average values and standard deviation (SD) were evaluated. The results obtained with the code are very similar to the values obtained by the benchmark experiments. (author)

  15. Realism in nuclear criticality safety

    International Nuclear Information System (INIS)

    McLaughlin, T. P.

    2009-01-01

    Commercial nuclear power plant operation and regulation have made remarkable progress since the Three Mile Island Accident. This is attributed largely to a heavy dose of introspection and self-regulation by the industry and to a significant infusion of risk-informed and performance-based regulation by the Nuclear Regulatory Commission. This truly represents reality in action both by the plant operators and the regulators. On the other hand, the implementation of nuclear criticality safety in ex-reactor operations involving significant quantities of fissile material has not progressed, but, tragically, it has regressed. Not only is the practice of the discipline in excess of a factor of ten more expensive than decades ago; the trend continues. This unfortunate reality is attributed to a lack of coordination within the industry (as contrasted to what occurred in the reactor operations sector), and to a lack of implementation of risk-informed and performance-based regulation by the NRC While the criticality safety discipline is orders of magnitude smaller than the reactor safety discipline, both operators and regulators must learn from the progress made in reactor safety and apply it to the former to reduce the waste, inefficiency and potentially increased accident risks associated with current practices. Only when these changes are made will there be progress made toward putting realism back into nuclear criticality safety. (authors)

  16. Introduction to 'International Handbook of Criticality Safety Benchmark Experiments'

    International Nuclear Information System (INIS)

    Komuro, Yuichi

    1998-01-01

    The Criticality Safety Benchmark Evaluation Project (CSBEP) was initiated in 1992 by the United States Department of Energy. The project quickly became an international effort as scientists from other interested countries became involved. The International Criticality Safety Benchmark Evaluation Project (ICSBEP) is now an official activity of the Organization for Economic Cooperation and Development-Nuclear Energy Agency (OECD-NEA). 'International Handbook of Criticality Safety Benchmark Experiments' was prepared and is updated year by year by the working group of the project. This handbook contains criticality safety benchmark specifications that have been derived from experiments that were performed at various nuclear critical facilities around the world. The benchmark specifications are intended for use by criticality safety engineers to validate calculation techniques used. The author briefly introduces the informative handbook and would like to encourage Japanese engineers who are in charge of nuclear criticality safety to use the handbook. (author)

  17. Systems Engineering of Electric and Hybrid Vehicles

    Science.gov (United States)

    Kurtz, D. W.; Levin, R. R.

    1986-01-01

    Technical paper notes systems engineering principles applied to development of electric and hybrid vehicles such that system performance requirements support overall program goal of reduced petroleum consumption. Paper discusses iterative design approach dictated by systems analyses. In addition to obvious peformance parameters of range, acceleration rate, and energy consumption, systems engineering also considers such major factors as cost, safety, reliability, comfort, necessary supporting infrastructure, and availability of materials.

  18. Minimum qualifications for nuclear criticality safety professionals

    International Nuclear Information System (INIS)

    Ketzlach, N.

    1990-01-01

    A Nuclear Criticality Technology and Safety Training Committee has been established within the U.S. Department of Energy (DOE) Nuclear Criticality Safety and Technology Project to review and, if necessary, develop standards for the training of personnel involved in nuclear criticality safety (NCS). The committee is exploring the need for developing a standard or other mechanism for establishing minimum qualifications for NCS professionals. The development of standards and regulatory guides for nuclear power plant personnel may serve as a guide in developing the minimum qualifications for NCS professionals

  19. ICSBEP-2007, International Criticality Safety Benchmark Experiment Handbook

    International Nuclear Information System (INIS)

    Blair Briggs, J.

    2007-01-01

    1 - Description: The Critically Safety Benchmark Evaluation Project (CSBEP) was initiated in October of 1992 by the United Sates Department of Energy. The project quickly became an international effort as scientist from other interested countries became involved. The International Criticality Safety Benchmark Evaluation Project (ICSBEP) is now an official activity of the Organization of Economic Cooperation and Development - Nuclear Energy Agency (OECD-NEA). This handbook contains criticality safety benchmark specifications that have been derived from experiments that were performed at various nuclear critical facilities around the world. The benchmark specifications are intended for use by criticality safety engineers to validate calculational techniques used to establish minimum subcritical margins for operations with fissile material. The example calculations presented do not constitute a validation of the codes or cross section data. The work of the ICSBEP is documented as an International Handbook of Evaluated Criticality Safety Benchmark Experiments. Currently, the handbook spans over 42,000 pages and contains 464 evaluations representing 4,092 critical, near-critical, or subcritical configurations and 21 criticality alarm placement/shielding configurations with multiple dose points for each and 46 configurations that have been categorized as fundamental physics measurements that are relevant to criticality safety applications. The handbook is intended for use by criticality safety analysts to perform necessary validations of their calculational techniques and is expected to be a valuable tool for decades to come. The ICSBEP Handbook is available on DVD. You may request a DVD by completing the DVD Request Form on the internet. Access to the Handbook on the Internet requires a password. You may request a password by completing the Password Request Form. The Web address is: http://icsbep.inel.gov/handbook.shtml 2 - Method of solution: Experiments that are found

  20. SRTC criticality safety technical review: Nuclear Criticality Safety Evaluation 93-04 enriched uranium receipt

    International Nuclear Information System (INIS)

    Rathbun, R.

    1993-01-01

    Review of NMP-NCS-930087, open-quotes Nuclear Criticality Safety Evaluation 93-04 Enriched Uranium Receipt (U), July 30, 1993, close quotes was requested of SRTC (Savannah River Technology Center) Applied Physics Group. The NCSE is a criticality assessment to determine the mass limit for Engineered Low Level Trench (ELLT) waste uranium burial. The intent is to bury uranium in pits that would be separated by a specified amount of undisturbed soil. The scope of the technical review, documented in this report, consisted of (1) an independent check of the methods and models employed, (2) independent HRXN/KENO-V.a calculations of alternate configurations, (3) application of ANSI/ANS 8.1, and (4) verification of WSRC Nuclear Criticality Safety Manual procedures. The NCSE under review concludes that a 500 gram limit per burial position is acceptable to ensure the burial site remains in a critically safe configuration for all normal and single credible abnormal conditions. This reviewer agrees with that conclusion

  1. International handbook of evaluated criticality safety benchmark experiments

    International Nuclear Information System (INIS)

    2010-01-01

    The Criticality Safety Benchmark Evaluation Project (CSBEP) was initiated in October of 1992 by the United States Department of Energy. The project quickly became an international effort as scientists from other interested countries became involved. The International Criticality Safety Benchmark Evaluation Project (ICSBEP) became an official activity of the Organization for Economic Cooperation and Development - Nuclear Energy Agency (OECD-NEA) in 1995. This handbook contains criticality safety benchmark specifications that have been derived from experiments performed at various nuclear critical facilities around the world. The benchmark specifications are intended for use by criticality safety engineers to validate calculational techniques used to establish minimum subcritical margins for operations with fissile material and to determine criticality alarm requirement and placement. Many of the specifications are also useful for nuclear data testing. Example calculations are presented; however, these calculations do not constitute a validation of the codes or cross section data. The evaluated criticality safety benchmark data are given in nine volumes. These volumes span over 55,000 pages and contain 516 evaluations with benchmark specifications for 4,405 critical, near critical, or subcritical configurations, 24 criticality alarm placement / shielding configurations with multiple dose points for each, and 200 configurations that have been categorized as fundamental physics measurements that are relevant to criticality safety applications. Experiments that are found unacceptable for use as criticality safety benchmark experiments are discussed in these evaluations; however, benchmark specifications are not derived for such experiments (in some cases models are provided in an appendix). Approximately 770 experimental configurations are categorized as unacceptable for use as criticality safety benchmark experiments. Additional evaluations are in progress and will be

  2. Nuclear Criticality Safety Data Book

    Energy Technology Data Exchange (ETDEWEB)

    Hollenbach, D. F. [Y-12 National Security Complex, Oak Ridge, TN (United States)

    2016-11-14

    The objective of this document is to support the revision of criticality safety process studies (CSPSs) for the Uranium Processing Facility (UPF) at the Y-12 National Security Complex (Y-12). This design analysis and calculation (DAC) document contains development and justification for generic inputs typically used in Nuclear Criticality Safety (NCS) DACs to model both normal and abnormal conditions of processes at UPF to support CSPSs. This will provide consistency between NCS DACs and efficiency in preparation and review of DACs, as frequently used data are provided in one reference source.

  3. Nuclear Criticality Safety Data Book

    International Nuclear Information System (INIS)

    Hollenbach, D. F.

    2016-01-01

    The objective of this document is to support the revision of criticality safety process studies (CSPSs) for the Uranium Processing Facility (UPF) at the Y-12 National Security Complex (Y-12). This design analysis and calculation (DAC) document contains development and justification for generic inputs typically used in Nuclear Criticality Safety (NCS) DACs to model both normal and abnormal conditions of processes at UPF to support CSPSs. This will provide consistency between NCS DACs and efficiency in preparation and review of DACs, as frequently used data are provided in one reference source.

  4. Critical cladding radius for hybrid cladding modes

    Science.gov (United States)

    Guyard, Romain; Leduc, Dominique; Lupi, Cyril; Lecieux, Yann

    2018-05-01

    In this article we explore some properties of the cladding modes guided by a step-index optical fiber. We show that the hybrid modes can be grouped by pairs and that it exists a critical cladding radius for which the modes of a pair share the same electromagnetic structure. We propose a robust method to determine the critical cladding radius and use it to perform a statistical study on the influence of the characteristics of the fiber on the critical cladding radius. Finally we show the importance of the critical cladding radius with respect to the coupling coefficient between the core mode and the cladding modes inside a long period grating.

  5. Researches on nuclear criticality safety evaluation

    Energy Technology Data Exchange (ETDEWEB)

    Okuno, Hiroshi; Suyama, Kenya; Nomura, Yasushi [Japan Atomic Energy Research Inst., Tokai, Ibaraki (Japan). Tokai Research Establishment

    2003-10-01

    For criticality safety evaluation of burnup fuel, the general-purpose burnup calculation code, SWAT, was revised, and its precision was confirmed through comparison with other results from OECD/NEA's burnup credit benchmarks. Effect by replacing the evaluated nuclear data from JENDL-3.2 to ENDF/B-VI and JEF-2.2 was also studied. Correction factors were derived for conservative evaluation of nuclide concentrations obtained with the simplified burnup code ORIGEN2.1. The critical masses of curium were calculated and evaluated for nuclear criticality safety management of minor actinides. (author)

  6. Researches on nuclear criticality safety evaluation

    International Nuclear Information System (INIS)

    Okuno, Hiroshi; Suyama, Kenya; Nomura, Yasushi

    2003-01-01

    For criticality safety evaluation of burnup fuel, the general-purpose burnup calculation code, SWAT, was revised, and its precision was confirmed through comparison with other results from OECD/NEA's burnup credit benchmarks. Effect by replacing the evaluated nuclear data from JENDL-3.2 to ENDF/B-VI and JEF-2.2 was also studied. Correction factors were derived for conservative evaluation of nuclide concentrations obtained with the simplified burnup code ORIGEN2.1. The critical masses of curium were calculated and evaluated for nuclear criticality safety management of minor actinides. (author)

  7. High level issues in reliability quantification of safety-critical software

    International Nuclear Information System (INIS)

    Kim, Man Cheol

    2012-01-01

    For the purpose of developing a consensus method for the reliability assessment of safety-critical digital instrumentation and control systems in nuclear power plants, several high level issues in reliability assessment of the safety-critical software based on Bayesian belief network modeling and statistical testing are discussed. Related to the Bayesian belief network modeling, the relation between the assessment approach and the sources of evidence, the relation between qualitative evidence and quantitative evidence, how to consider qualitative evidence, and the cause-consequence relation are discussed. Related to the statistical testing, the need of the consideration of context-specific software failure probabilities and the inability to perform a huge number of tests in the real world are discussed. The discussions in this paper are expected to provide a common basis for future discussions on the reliability assessment of safety-critical software. (author)

  8. Introduction of the system of hazard analysis critical control point to ensure the safety of irradiated food

    International Nuclear Information System (INIS)

    Sajet, A.S.

    2014-01-01

    Hazard Analysis Critical Control Point (HACCP) is a preventive system for food safety. It identifies safety risks faced by food. Identified points are controlled ensuring product safety. Because of presence of many of the pathogenic microorganisms and parasites in food which caused cases of food poisoning and many diseases transmitted through food, the current methods of food production could not prevent food contamination or prevent the growth of these pathogens completely because of being a part of the normal flora in the environment. Irradiation technology helped to control diseases transmitted through food, caused by pathological microorganisms and parasites present in food. The application of a system based on risk analysis as a means of risk management in food chain, demonstrated the importance of food irradiation. (author)

  9. CTMCONTROL: Addressing the MC/DC Objective for Safety-Critical Automotive Software

    OpenAIRE

    Mjeda , Anila; Hinchey , Mike

    2013-01-01

    International audience; We propose a method tailored to the requirements of safety-critical embedded automotive software, named CTMCONTROL. CTMCONTROL has a par-ticular focus on the specification-based control logic of the system under test and offers improvements in testing coverage metrics over a classic method which is routinely used in industry. The proposed method targets the Modified Condition/ Decision Coverage (MC/DC) objective for automotive safety-critical software. CTMCONTROL is va...

  10. Criticality Safety Evaluation of Hanford Tank Farms Facility

    Energy Technology Data Exchange (ETDEWEB)

    WEISS, E.V.

    2000-12-15

    Data and calculations from previous criticality safety evaluations and analyses were used to evaluate criticality safety for the entire Tank Farms facility to support the continued waste storage mission. This criticality safety evaluation concludes that a criticality accident at the Tank Farms facility is an incredible event due to the existing form (chemistry) and distribution (neutron absorbers) of tank waste. Limits and controls for receipt of waste from other facilities and maintenance of tank waste condition are set forth to maintain the margin subcriticality in tank waste.

  11. Criticality Safety Evaluation of Hanford Tank Farms Facility

    International Nuclear Information System (INIS)

    WEISS, E.V.

    2000-01-01

    Data and calculations from previous criticality safety evaluations and analyses were used to evaluate criticality safety for the entire Tank Farms facility to support the continued waste storage mission. This criticality safety evaluation concludes that a criticality accident at the Tank Farms facility is an incredible event due to the existing form (chemistry) and distribution (neutron absorbers) of tank waste. Limits and controls for receipt of waste from other facilities and maintenance of tank waste condition are set forth to maintain the margin subcriticality in tank waste

  12. DRY TRANSFER FACILITY CRITICALITY SAFETY CALCULATIONS

    International Nuclear Information System (INIS)

    C.E. Sanders

    2005-01-01

    This design calculation updates the previous criticality evaluation for the fuel handling, transfer, and staging operations to be performed in the Dry Transfer Facility (DTF) including the remediation area. The purpose of the calculation is to demonstrate that operations performed in the DTF and RF meet the nuclear criticality safety design criteria specified in the ''Project Design Criteria (PDC) Document'' (BSC 2004 [DIRS 171599], Section 4.9.2.2), the nuclear facility safety requirement in ''Project Requirements Document'' (Canori and Leitner 2003 [DIRS 166275], p. 4-206), the functional/operational nuclear safety requirement in the ''Project Functional and Operational Requirements'' document (Curry 2004 [DIRS 170557], p. 75), and the functional nuclear criticality safety requirements described in the ''Dry Transfer Facility Description Document'' (BSC 2005 [DIRS 173737], p. 3-8). A description of the changes is as follows: (1) Update the supporting calculations for the various Category 1 and 2 event sequences as identified in the ''Categorization of Event Sequences for License Application'' (BSC 2005 [DIRS 171429], Section 7). (2) Update the criticality safety calculations for the DTF staging racks and the remediation pool to reflect the current design. This design calculation focuses on commercial spent nuclear fuel (SNF) assemblies, i.e., pressurized water reactor (PWR) and boiling water reactor (BWR) SNF. U.S. Department of Energy (DOE) Environmental Management (EM) owned SNF is evaluated in depth in the ''Canister Handling Facility Criticality Safety Calculations'' (BSC 2005 [DIRS 173284]) and is also applicable to DTF operations. Further, the design and safety analyses of the naval SNF canisters are the responsibility of the U.S. Department of the Navy (Naval Nuclear Propulsion Program) and will not be included in this document. Also, note that the results for the Monitored Geologic Repository (MGR) Site specific Cask (MSC) calculations are limited to the

  13. Critical safety issues in the design of fusion machines

    International Nuclear Information System (INIS)

    Kramer, W.

    1991-01-01

    In the course of developing fusion machines both general safety considerations and safety assessments for the various components and systems of actual machines increase in number and become more and more coherent. This is particularly true for the NET/ITER projects where safety analysis plays an increasing role for the design of the machine. Since in a D/T tokamak the radiological hazards will be dominant basic radiological safety objectives are discussed. Critical safety issues as identified in particular by the NET/ITER community are reviewed. Subsequently, issues of major concern are considered both for normal operation and for conceivable accidents. The following accidents are considered to be crucial: Loss of cooling in plasma facing components, loss of vacuum, tritium system failure, and magnet system failure. To mitigate accident consequences a confinement concept based on passive features and multiple barriers including detritiation and filtering has to be applied. The reactor building as final barrier needs special attention to cope with both internal and external hazards. (orig.)

  14. Real-time software use in nuclear materials handling criticality safety control

    International Nuclear Information System (INIS)

    Huang, S.; Lappa, D.; Chiao, T.; Parrish, C.; Carlson, R.; Lewis, J.; Shikany, D.; Woo, H.

    1997-01-01

    This paper addresses the use of real-time software to assist handlers of fissionable nuclear material. We focus specifically on the issue of workstation mass limits, and the need for handlers to be aware of, and check against, those mass limits during material transfers. Here ''mass limits'' generally refer to criticality safety mass limits; however, in some instances, workstation mass limits for some materials may be governed by considerations other than criticality, e.g., fire or release consequence limitation. As a case study, we provide a simplified reliability comparison of the use of a manual two handler system with a software-assisted two handler system. We identify the interface points between software and handlers that are relevant to criticality safety

  15. A Comparison of Bus Architectures for Safety-Critical Embedded Systems

    Science.gov (United States)

    Rushby, John; Miner, Paul S. (Technical Monitor)

    2003-01-01

    We describe and compare the architectures of four fault-tolerant, safety-critical buses with a view to deducing principles common to all of them, the main differences in their design choices, and the tradeoffs made. Two of the buses come from an avionics heritage, and two from automobiles, though all four strive for similar levels of reliability and assurance. The avionics buses considered are the Honeywell SAFEbus (the backplane data bus used in the Boeing 777 Airplane Information Management System) and the NASA SPIDER (an architecture being developed as a demonstrator for certification under the new DO-254 guidelines); the automobile buses considered are the TTTech Time-Triggered Architecture (TTA), recently adopted by Audi for automobile applications, and by Honeywell for avionics and aircraft control functions, and FlexRay, which is being developed by a consortium of BMW, DaimlerChrysler, Motorola, and Philips.

  16. Spent fuel storage criticality safety

    Energy Technology Data Exchange (ETDEWEB)

    Amin, E M; Elmessiry, A M [National center of nuclear safety and radiation control atomic energy authority, (Egypt)

    1995-10-01

    The safety aspects of the spent fuel storage pool of the Egyptian test and research reactor one (ET-R R-1) has to be assessed as part of a general overall safety evaluation to be included in a safety analysis report (SAR) for this reactor. The present work treats the criticality safety of the spent fuel storage pool. Conservative calculations based on using fresh fuel has been performed, as well as less conservative using burned fuel. The calculations include cross library generation for burned and fresh fuel for the ET-R R-1 fuel type. The WIMS-D 4 code has been used in library generation and burn up calculation the critically calculations are performed using the one dimensional transport code (ANISN) and the two dimensional diffusion code (DIXY2). The possibility of increasing the storage efficiency either by insertion of absorber sheets of soluble boron salts or by reduction of fuel rod separation has been studied. 8 figs., 2 tabs.

  17. Spent fuel storage criticality safety

    International Nuclear Information System (INIS)

    Amin, E.M.; Elmessiry, A.M.

    1995-01-01

    The safety aspects of the spent fuel storage pool of the Egyptian test and research reactor one (ET-R R-1) has to be assessed as part of a general overall safety evaluation to be included in a safety analysis report (SAR) for this reactor. The present work treats the criticality safety of the spent fuel storage pool. Conservative calculations based on using fresh fuel has been performed, as well as less conservative using burned fuel. The calculations include cross library generation for burned and fresh fuel for the ET-R R-1 fuel type. The WIMS-D 4 code has been used in library generation and burn up calculation the critically calculations are performed using the one dimensional transport code (ANISN) and the two dimensional diffusion code (DIXY2). The possibility of increasing the storage efficiency either by insertion of absorber sheets of soluble boron salts or by reduction of fuel rod separation has been studied. 8 figs., 2 tabs

  18. A Web-Based Nuclear Criticality Safety Bibliographic Database

    International Nuclear Information System (INIS)

    Koponen, B L; Huang, S

    2007-01-01

    A bibliographic criticality safety database of over 13,000 records is available on the Internet as part of the U.S. Department of Energy's (DOE) Nuclear Criticality Safety Program (NCSP) website. This database is easy to access via the Internet and gets substantial daily usage. This database and other criticality safety resources are available at ncsp.llnl.gov. The web database has evolved from more than thirty years of effort at Lawrence Livermore National Laboratory (LLNL), beginning with compilations of critical experiment reports and American Nuclear Society Transactions

  19. PWR hybrid computer model for assessing the safety implications of control systems

    International Nuclear Information System (INIS)

    Smith, O.L.; Booth, R.S.; Clapp, N.E.; DiFilippo, F.C.; Renier, J.P.; Sozer, A.

    1985-01-01

    The ORNL study of safety-related aspects of control systems consists of two interrelated tasks, (1) a failure mode and effects analysis that, in part, identifies single and multiple component failures that may lead to significant plant upsets, and (2) a hybrid computer model that uses these failures as initial conditions and traces the dynamic impact on the control system and remainder of the plant. The second task is reported here. The initial step in model development was to define a suitable interface between the FMEA and computer simulation tasks. This involved identifying primary plant components that must be simulated in dynamic detail and secondary components that can be treated adequately by the FMEA alone. The FMEA in general explores broader spectra of initiating events that may collapse into a reduced number of computer runs. A portion of the FMEA includes consideration of power supply failures. Consequences of the transients may feedback on the initiating causes, and there may be an interactive relationship between the FMEA and the computer simulation. Since the thrust of this program is to investigate control system behavior, the controls are modeled in detail to accurately reproduce characteristic response under normal and off-normal transients. The balance of the model, including neutronics, thermohydraulics and component submodels, is developed in sufficient detail to provide a suitable support for the control system

  20. Ending on a positive: Examining the role of safety leadership decisions, behaviours and actions in a safety critical situation.

    Science.gov (United States)

    Donovan, Sarah-Louise; Salmon, Paul M; Horberry, Timothy; Lenné, Michael G

    2018-01-01

    Safety leadership is an important factor in supporting safe performance in the workplace. The present case study examined the role of safety leadership during the Bingham Canyon Mine high-wall failure, a significant mining incident in which no fatalities or injuries were incurred. The Critical Decision Method (CDM) was used in conjunction with a self-reporting approach to examine safety leadership in terms of decisions, behaviours and actions that contributed to the incidents' safe outcome. Mapping the analysis onto Rasmussen's Risk Management Framework (Rasmussen, 1997), the findings demonstrate clear links between safety leadership decisions, and emergent behaviours and actions across the work system. Communication and engagement based decisions featured most prominently, and were linked to different leadership practices across the work system. Further, a core sub-set of CDM decision elements were linked to the open flow and exchange of information across the work system, which was critical to supporting the safe outcome. The findings provide practical implications for the development of safety leadership capability to support safety within the mining industry. Copyright © 2017 Elsevier Ltd. All rights reserved.

  1. Sensitivity and uncertainty analyses applied to criticality safety validation. Volume 2

    International Nuclear Information System (INIS)

    Broadhead, B.L.; Hopper, C.M.; Parks, C.V.

    1999-01-01

    This report presents the application of sensitivity and uncertainty (S/U) analysis methodologies developed in Volume 1 to the code/data validation tasks of a criticality safety computational study. Sensitivity and uncertainty analysis methods were first developed for application to fast reactor studies in the 1970s. This work has revitalized and updated the existing S/U computational capabilities such that they can be used as prototypic modules of the SCALE code system, which contains criticality analysis tools currently in use by criticality safety practitioners. After complete development, simplified tools are expected to be released for general use. The methods for application of S/U and generalized linear-least-square methodology (GLLSM) tools to the criticality safety validation procedures were described in Volume 1 of this report. Volume 2 of this report presents the application of these procedures to the validation of criticality safety analyses supporting uranium operations where enrichments are greater than 5 wt %. Specifically, the traditional k eff trending analyses are compared with newly developed k eff trending procedures, utilizing the D and c k coefficients described in Volume 1. These newly developed procedures are applied to a family of postulated systems involving U(11)O 2 fuel, with H/X values ranging from 0--1,000. These analyses produced a series of guidance and recommendations for the general usage of these various techniques. Recommendations for future work are also detailed

  2. Development of a safety parameter supervision system for Angra-1

    International Nuclear Information System (INIS)

    Silva, R.A. da; Thome Filho, Z.D.; Schirru, R.; Martinez, A.S.; Oliveira, L.F.S. de

    1986-01-01

    The Safety Parameter Supervision System (SSPS) which is a computerized system for monitoring essential parameters in real time, determining the safety status and emergency procedures for returning normal reactor operation, in case of an anomaly occurrence, is presented. The SSPS consists of three sub-systems: Integrated parameter monitoring system which gives to operators an integrated vision of values of a parameter set, able to detect any deviation of normal reactor operation; safety critical function system which evaluates safety status in terms of a safety critical function set appointed in advance, and in case of violation of any critical function, it initiates the adequate emergency procedure to return normal operation; and safety parameter computer system which carries out the arquirement of analogic and digital control signals of nuclear power plant. (M.C.K.) [pt

  3. NCIS - a Nuclear Criticality Information System (overview)

    International Nuclear Information System (INIS)

    Koponen, B.L.; Hampel, V.E.

    1983-07-01

    A Nuclear Criticality Information System (NCIS) is being established at the Lawrence Livermore National Laboratory (LLNL) in order to serve personnel responsible for safe storage, transport, and handling of fissile materials and those concerned with the evaluation and analysis of nuclear, critical experiments. Public concern for nuclear safety provides the incentive for improved access to nuclear safety information

  4. Proceedings of the nuclear criticality technology safety project

    Energy Technology Data Exchange (ETDEWEB)

    Sanchez, R.G. [comp.

    1997-06-01

    This document contains summaries of the most of the papers presented at the 1994 Nuclear Criticality Technology Safety Project (NCTSP) meeting, which was held May 10 and 11 at Williamsburg, Va. The meeting was broken up into seven sessions, which covered the following topics: (1) Validation and Application of Calculations; (2) Relevant Experiments for Criticality Safety; (3) Experimental Facilities and Capabilities; (4) Rad-Waste and Weapons Disassembly; (5) Criticality Safety Software and Development; (6) Criticality Safety Studies at Universities; and (7) Training. The minutes and list of participants of the Critical Experiment Needs Identification Workgroup meeting, which was held on May 9 at the same venue, has been included as an appendix. A second appendix contains the names and addresses of all NCTSP meeting participants. Separate abstracts have been indexed to the database for contributions to this proceedings.

  5. Proceedings of the nuclear criticality technology safety project

    International Nuclear Information System (INIS)

    Sanchez, R.G.

    1997-06-01

    This document contains summaries of the most of the papers presented at the 1994 Nuclear Criticality Technology Safety Project (NCTSP) meeting, which was held May 10 and 11 at Williamsburg, Va. The meeting was broken up into seven sessions, which covered the following topics: (1) Validation and Application of Calculations; (2) Relevant Experiments for Criticality Safety; (3) Experimental Facilities and Capabilities; (4) Rad-Waste and Weapons Disassembly; (5) Criticality Safety Software and Development; (6) Criticality Safety Studies at Universities; and (7) Training. The minutes and list of participants of the Critical Experiment Needs Identification Workgroup meeting, which was held on May 9 at the same venue, has been included as an appendix. A second appendix contains the names and addresses of all NCTSP meeting participants. Separate abstracts have been indexed to the database for contributions to this proceedings

  6. HSE's safety assessment principles for criticality safety

    International Nuclear Information System (INIS)

    Simister, D N; Finnerty, M D; Warburton, S J; Thomas, E A; Macphail, M R

    2008-01-01

    The Health and Safety Executive (HSE) published its revised Safety Assessment Principles for Nuclear Facilities (SAPs) in December 2006. The SAPs are primarily intended for use by HSE's inspectors when judging the adequacy of safety cases for nuclear facilities. The revised SAPs relate to all aspects of safety in nuclear facilities including the technical discipline of criticality safety. The purpose of this paper is to set out for the benefit of a wider audience some of the thinking behind the final published words and to provide an insight into the development of UK regulatory guidance. The paper notes that it is HSE's intention that the Safety Assessment Principles should be viewed as a reflection of good practice in the context of interpreting primary legislation such as the requirements under site licence conditions for arrangements for producing an adequate safety case and for producing a suitable and sufficient risk assessment under the Ionising Radiations Regulations 1999 (SI1999/3232 www.opsi.gov.uk/si/si1999/uksi_19993232_en.pdf). (memorandum)

  7. Mission-Critical Systems Design Framework

    Directory of Open Access Journals (Sweden)

    Kyriakos Houliotis

    2018-03-01

    Full Text Available Safety-critical systems are well documented and standardized (e.g. IEC 61508, RTCA DO-178B within system design cycles. However in Defence and Security, systems that are critical to the success of a Mission are not defined within the literature nor are there any guidelines in defining criticality in their design or operational capabilities. When it comes to Vetronics (Vehicle Electronics, a mission-critical system, is a system with much complexity and mixed criticality levels that is a part of the overall platform (military vehicle offering integrated system capabilities. In this paper, a framework is presented, providing guidelines in designing efficiently and effectively mission-critical systems considering principles of Interoperable Open Architectures (IOA, mission-critical integrity levels and following new standardization activities such as NATO Generic Vehicle Architecture (NGVA. A Defensive Aid Suite (DAS system is used as a case study to illustrate how this framework can be exploited. The indention of this extension is to provide an approach to precisely estimate threats in order to de-risk missions in the very early stages.

  8. Use of a Web Site to Enhance Criticality Safety Training

    International Nuclear Information System (INIS)

    Huang, S T; Morman, J

    2003-01-01

    Currently, a website dedicated to enhancing communication and dissemination of criticality safety information is sponsored by the U.S. Department of Energy (DOE) Nuclear Criticality Safety Program (NCSP). This website was developed as part of the DOE response to the Defense Nuclear Facilities Safety Board (DNFSB) Recommendation 97-2, which reflected the need to make criticality safety information available to a wide audience. The website is the focal point for DOE nuclear criticality safety (NCS) activities, resources and references, including hyperlinks to other sites actively involved in the collection and dissemination of criticality safety information. The website is maintained by the Lawrence Livermore National Laboratory (LLNL) under auspices of the NCSP management. One area of the website contains a series of Nuclear Criticality Safety Engineer Training (NCSET) modules. During the past few years, many users worldwide have accessed the NCSET section of the NCSP website and have downloaded the training modules as an aid for their training programs. This trend was remarkable in that it points out a continuing need of the criticality safety community across the globe. It has long been recognized that training of criticality safety professionals is a continuing process involving both knowledge-based training and experience-based operations floor training. As more of the experienced criticality safety professionals reach retirement age, the opportunities for mentoring programs are reduced. It is essential that some method be provided to assist the training of young criticality safety professionals to replenish this limited human expert resource to support on-going and future nuclear operations. The main objective of this paper is to present the features of the NCSP website, including its mission, contents, and most importantly its use for the dissemination of training modules to the criticality safety community. We will discuss lessons learned and several ideas

  9. Criticality Safety Basics for INL FMHs and CSOs

    Energy Technology Data Exchange (ETDEWEB)

    V. L. Putman

    2012-04-01

    Nuclear power is a valuable and efficient energy alternative in our energy-intensive society. However, material that can generate nuclear power has properties that require this material be handled with caution. If improperly handled, a criticality accident could result, which could severely harm workers. This document is a modular self-study guide about Criticality Safety Principles. This guide's purpose it to help you work safely in areas where fissionable nuclear materials may be present, avoiding the severe radiological and programmatic impacts of a criticality accident. It is designed to stress the fundamental physical concepts behind criticality controls and the importance of criticality safety when handling fissionable materials outside nuclear reactors. This study guide was developed for fissionable-material-handler and criticality-safety-officer candidates to use with related web-based course 00INL189, BEA Criticality Safety Principles, and to help prepare for the course exams. These individuals must understand basic information presented here. This guide may also be useful to other Idaho National Laboratory personnel who must know criticality safety basics to perform their assignments safely or to design critically safe equipment or operations. This guide also includes additional information that will not be included in 00INL189 tests. The additional information is in appendices and paragraphs with headings that begin with 'Did you know,' or with, 'Been there Done that'. Fissionable-material-handler and criticality-safety-officer candidates may review additional information at their own discretion. This guide is revised as needed to reflect program changes, user requests, and better information. Issued in 2006, Revision 0 established the basic text and integrated various programs from former contractors. Revision 1 incorporates operation and program changes implemented since 2006. It also incorporates suggestions, clarifications

  10. Nuclear criticality safety program at the Fuel Cycle Facility

    International Nuclear Information System (INIS)

    Lell, R.M.; Fujita, E.K.; Tracy, D.B.; Klann, R.T.; Imel, G.R.; Benedict, R.W.; Rigg, R.H.

    1994-01-01

    The Fuel Cycle Facility (FCF) is designed to demonstrate the feasibility of a novel commercial-scale remote pyrometallurgical process for metallic fuels from liquid metal-cooled reactors and to show closure of the Integral Fast Reactor (IFR) fuel cycle. Requirements for nuclear criticality safety impose the most restrictive of the various constraints on the operation of FCF. The upper limits on batch sizes and other important process parameters are determined principally by criticality safety considerations. To maintain an efficient operation within appropriate safety limits, it is necessary to formulate a nuclear criticality safety program that integrates equipment design, process development, process modeling, conduct of operations, a measurement program, adequate material control procedures, and nuclear criticality analysis. The nuclear criticality safety program for FCF reflects this integration, ensuring that the facility can be operated efficiently without compromising safety. The experience gained from the conduct of this program in the Fuel cycle Facility will be used to design and safely operate IFR facilities on a commercial scale. The key features of the nuclear criticality safety program are described. The relationship of these features to normal facility operation is also described

  11. Safety considerations of new critical assembly for the Research Reactor Institute, Kyoto University

    International Nuclear Information System (INIS)

    Umeda, Iwao; Matsuoka, Naomi; Harada, Yoshihiko; Miyamoto, Keiji; Kanazawa, Takashi

    1975-01-01

    The new critical assembly type of nuclear reactor having three cores for the first time in the world was completed successfully at the Research Reactor Institute of Kyoto University in autumn of 1974. It is called KUCA (Kyoto University Critical Assembly). Safety of the critical assembly was considered sufficiently in consequence of discussions between the researchers of the institute and the design group of our company, and then many bright ideas were created through the discussions. This paper is described the new safety design of main equipments - oil pressure type center core drive mechanism, removable water overflow mechanism, core division mechanism, control rod drive mechansim, protection instrumentation system and interlock key system - for the critical assembly. (author)

  12. ICNC2003: Proceedings of the seventh international conference on nuclear criticality safety. Challenges in the pursuit of global nuclear criticality safety

    International Nuclear Information System (INIS)

    2003-10-01

    This proceedings contain (technical, oral and poster papers) presented papers at the Seventh International Conference on Nuclear Criticality Safety ICNC2003 held on 20-24 October 2003, in Tokai, Ibaraki, Japan, following ICNC'99 in Versailles, France. The theme of this conference is 'Challenges in the Pursuit of Global Nuclear Criticality Safety'. This proceedings represent the current status of nuclear criticality safety research throughout the world. The 81 of the presented papers are indexed individually. (J.P.N.)

  13. ICNC2003: Proceedings of the seventh international conference on nuclear criticality safety. Challenges in the pursuit of global nuclear criticality safety

    International Nuclear Information System (INIS)

    2003-10-01

    This proceedings contain (technical, oral and poster papers) presented papers at the Seventh International Conference on Nuclear Criticality Safety ICNC2003 held on 20-24 October 2003, in Tokai, Ibaraki, Japan, following ICNC'99 in Versailles, France. The theme of this conference is 'Challenges in the Pursuit of Global Nuclear Criticality Safety'. This proceedings represent the current status of nuclear criticality safety research throughout the world. The 79 of the presented papers are indexed individually. (J.P.N.)

  14. Sensitivity and uncertainty analyses applied to criticality safety validation, methods development. Volume 1

    International Nuclear Information System (INIS)

    Broadhead, B.L.; Hopper, C.M.; Childs, R.L.; Parks, C.V.

    1999-01-01

    This report presents the application of sensitivity and uncertainty (S/U) analysis methodologies to the code/data validation tasks of a criticality safety computational study. Sensitivity and uncertainty analysis methods were first developed for application to fast reactor studies in the 1970s. This work has revitalized and updated the available S/U computational capabilities such that they can be used as prototypic modules of the SCALE code system, which contains criticality analysis tools currently used by criticality safety practitioners. After complete development, simplified tools are expected to be released for general use. The S/U methods that are presented in this volume are designed to provide a formal means of establishing the range (or area) of applicability for criticality safety data validation studies. The development of parameters that are analogous to the standard trending parameters forms the key to the technique. These parameters are the D parameters, which represent the differences by group of sensitivity profiles, and the ck parameters, which are the correlation coefficients for the calculational uncertainties between systems; each set of parameters gives information relative to the similarity between pairs of selected systems, e.g., a critical experiment and a specific real-world system (the application)

  15. Hybrid causal methodology and software platform for probabilistic risk assessment and safety monitoring of socio-technical systems

    Energy Technology Data Exchange (ETDEWEB)

    Groth, Katrina, E-mail: kgroth@umd.ed [Center for Risk and Reliability, 0151 Glenn L. Martin Hall, University of Maryland, College Park, MD 20742 (United States); Wang Chengdong; Mosleh, Ali [Center for Risk and Reliability, 0151 Glenn L. Martin Hall, University of Maryland, College Park, MD 20742 (United States)

    2010-12-15

    This paper introduces an integrated framework and software platform for probabilistic risk assessment (PRA) and safety monitoring of complex socio-technical systems. An overview of the three-layer hybrid causal logic (HCL) modeling approach and corresponding algorithms, implemented in the Trilith software platform, are provided. The HCL approach enhances typical PRA methods by quantitatively including the influence of soft causal factors introduced by human and organizational aspects of a system. The framework allows different modeling techniques to be used for different aspects of the socio-technical system. The HCL approach combines the power of traditional event sequence diagram (ESD)event tree (ET) and fault tree (FT) techniques for modeling deterministic causal paths, with the flexibility of Bayesian belief networks for modeling non-deterministic cause-effect relationships among system elements (suitable for modeling human and organizational influences). Trilith enables analysts to construct HCL models and perform quantitative risk assessment and management of complex systems. The risk management capabilities included are HCL-based risk importance measures, hazard identification and ranking, precursor analysis, safety indicator monitoring, and root cause analysis. This paper describes the capabilities of the Trilith platform and power of the HCL algorithm by use of example risk models for a type of aviation accident (aircraft taking off from the wrong runway).

  16. Hybrid causal methodology and software platform for probabilistic risk assessment and safety monitoring of socio-technical systems

    International Nuclear Information System (INIS)

    Groth, Katrina; Wang Chengdong; Mosleh, Ali

    2010-01-01

    This paper introduces an integrated framework and software platform for probabilistic risk assessment (PRA) and safety monitoring of complex socio-technical systems. An overview of the three-layer hybrid causal logic (HCL) modeling approach and corresponding algorithms, implemented in the Trilith software platform, are provided. The HCL approach enhances typical PRA methods by quantitatively including the influence of soft causal factors introduced by human and organizational aspects of a system. The framework allows different modeling techniques to be used for different aspects of the socio-technical system. The HCL approach combines the power of traditional event sequence diagram (ESD)event tree (ET) and fault tree (FT) techniques for modeling deterministic causal paths, with the flexibility of Bayesian belief networks for modeling non-deterministic cause-effect relationships among system elements (suitable for modeling human and organizational influences). Trilith enables analysts to construct HCL models and perform quantitative risk assessment and management of complex systems. The risk management capabilities included are HCL-based risk importance measures, hazard identification and ranking, precursor analysis, safety indicator monitoring, and root cause analysis. This paper describes the capabilities of the Trilith platform and power of the HCL algorithm by use of example risk models for a type of aviation accident (aircraft taking off from the wrong runway).

  17. An Innovative Hybrid Loop-Pool SFR Design and Safety Analysis Methods: Today and Tomorrow

    International Nuclear Information System (INIS)

    Hongbin Zhang; Haihua Zhao; Vincent Mousseau

    2008-01-01

    Investment in commercial sodium cooled fast reactor (SFR) power plants will become possible only if SFRs achieve economic competitiveness as compared to light water reactors and other Generation IV reactors. Toward that end, we have launched efforts to improve the economics and safety of SFRs from the thermal design and safety analyses perspectives at Idaho National Laboratory. From the thermal design perspective, an innovative hybrid loop-pool SFR design has been proposed. This design takes advantage of the inherent safety of a pool design and the compactness of a loop design to further improve economics and safety. From the safety analyses perspective, we have initiated an effort to develop a high fidelity reactor system safety code

  18. General principles of the nuclear criticality safety for handling, processing and transportation fissile materials in the USSR

    International Nuclear Information System (INIS)

    Vnukov, V.S.; Rjazanov, B.G.; Sviridov, V.I.; Frolov, V.V.; Zubkov, Y.N.

    1991-01-01

    The paper describes the general principles of nuclear criticality safety for handling, processing, transportation and fissile materials storing. Measures to limit the consequences of critical accidents are discussed for the fuel processing plants and fissile materials storage. The system of scientific and technical measures on nuclear criticality safety as well as the system of control and state supervision based on the rules, limits and requirements are described. The criticality safety aspects for various stages of handling nuclear materials are considered. The paper gives descriptions of the methods and approaches for critical risk assessments for the processing facilities, plants and storages. (Author)

  19. CRITICALITY SAFETY LIMIT EVALUATION PROGRAM (CSLEP's) AND QUICK SCREENS: ANSWERS TO EXPEDITED PROCESSING LEGACY CRITICALITY SAFETY LIMITS AND EVALUATIONS

    International Nuclear Information System (INIS)

    TOFFER, H.

    2006-01-01

    Since the end of the cold war, the need for operating weapons production facilities has faded. Criticality Safety Limits and controls supporting production modes in these facilities became outdated and furthermore lacked the procedure based rigor dictated by present day requirements. In the past, in many instances, the formalism of present day criticality safety evaluations was not applied. Some of the safety evaluations amounted to a paragraph in a notebook with no safety basis and questionable arguments with respect to double contingency criteria. When material stabilization, clean out, and deactivation activities commenced, large numbers of these older criticality safety evaluations were uncovered with limits and controls backed up by tenuous arguments. A dilemma developed: on the one hand, cleanup activities were placed on very aggressive schedules; on the other hand, a highly structured approach to limits development was required and applied to the cleanup operations. Some creative approaches were needed to cope with the limits development process

  20. Verification of criticality safety in on-site spent fuel storage systems

    International Nuclear Information System (INIS)

    Rasmussen, R.W.

    1989-01-01

    On February 15, 1984, Duke Power Company received approval for a two-region, burnup credit, spent fuel storage rack design at both Units 1 and 2 of the McGuire Nuclear Station. Duke also hopes to obtain approval by January of 1990 for a dry spent fuel storage system at the Oconee Nuclear Station, which will incorporate the use of burnup credit in the criticality analysis governing the design of the individual storage units. While experiences in burnup verification for criticality safety for their dry storage system at Oconee are in the future, the methods proposed for burnup verification will be similar to those currently used at the McGuire Nuclear Station in the two-region storage racks installed in both pools. In conclusion, the primary benefit of the McGuire rerack effort has obviously been the amount of storage expansion it provided. A total increase of about 2,000 storage cells was realized, 1,000 of which were the result of pursuing the two-region rather than the conventional poison rack design. Less impacting, but equally as important, however, has been the experience gained during the planning, installation, and operation of these storage racks. This experience should prove useful for future rerack efforts likely to occur at Duke's Catawba Nuclear Station as well as for the current dry storage effort underway for the Oconee Nuclear Station

  1. CSER 94-012: Criticality safety evaluation report for 340 Facility

    International Nuclear Information System (INIS)

    Altschuler, S.J.

    1995-01-01

    This Criticality Safety Evaluation Report (CSER) covers the 340 Facility which acts as a collecting point for liquid and solid waste from various facilities in the 300 Area. Criticality safety is achieved by controlling the amount and concentration of the fissionable material sent to the 340 Facility from the originating facilities in the 300 Area, a method similar to that used elsewhere at Hanford for the waste tank farms. Unlike those, however, the waste received at the 340 Facility will be far less radioactive. It is concluded that present operations meet the two contingency criterion. The facility will still be safely subcritical even after two independent and concurrent failures (either of equipment or administrative controls). The solid waste storage and liquid waste will be managed separately. The solid waste storage area is classified as exempt because it contains less than 15 grams of fissionable materials. The Radioactive Liquid Waste System is classified as isolated because it contains less than one third of a minimum critical mass. The criticality safety of the 340 Facility devoted to the Radioactive Liquid Waste System (RLWS) is assured by the form and concentration of the fissile material and could also be classified as a limited control facility. However, the 340 Facility has been operated as an isolated facility which results in a more conservative limit

  2. An empirical classification-based framework for the safety criticality assessment of energy production systems, in presence of inconsistent data

    International Nuclear Information System (INIS)

    Wang, Tai-Ran; Mousseau, Vincent; Pedroni, Nicola; Zio, Enrico

    2017-01-01

    The technical problem addressed in the present paper is the assessment of the safety criticality of energy production systems. An empirical classification model is developed, based on the Majority Rule Sorting method, to evaluate the class of criticallity of the plant/system of interest, with respect to safety. The model is built on the basis of a (limited-size) set of data representing the characteristics of a number of plants and their corresponding criticality classes, as assigned by experts. The construction of the classification model may raise two issues. First, the classification examples provided by the experts may contain contradictions: a validation of the consistency of the considered dataset is, thus, required. Second, uncertainty affects the process: a quantitative assessment of the performance of the classification model is, thus, in order, in terms of accuracy and confidence in the class assignments. In this paper, two approaches are proposed to tackle the first issue: the inconsistencies in the data examples are “resolved” by deleting or relaxing, respectively, some constraints in the model construction process. Three methods are proposed to address the second issue: (i) a model retrieval-based approach, (ii) the Bootstrap method and (iii) the cross-validation technique. Numerical analyses are presented with reference to an artificial case study regarding the classification of Nuclear Power Plants. - Highlights: • We use a hierarchical framework to represent safety criticality. • We use an empirical classification model to evaluate safety criticality. • Inconsistencies in data examples are “resolved” by deleting/relaxing constraints. • Accuracy and confidence in the class assignments are computed by three methods. • Method is applied to fictitious Nuclear Power Plants.

  3. Using hybrid expert system approaches for engineering applications

    Science.gov (United States)

    Allen, R. H.; Boarnet, M. G.; Culbert, C. J.; Savely, R. T.

    1987-01-01

    In this paper, the use of hybrid expert system shells and hybrid (i.e., algorithmic and heuristic) approaches for solving engineering problems is reported. Aspects of various engineering problem domains are reviewed for a number of examples with specific applications made to recently developed prototype expert systems. Based on this prototyping experience, critical evaluations of and comparisons between commercially available tools, and some research tools, in the United States and Australia, and their underlying problem-solving paradigms are made. Characteristics of the implementation tool and the engineering domain are compared and practical software engineering issues are discussed with respect to hybrid tools and approaches. Finally, guidelines are offered with the hope that expert system development will be less time consuming, more effective, and more cost-effective than it has been in the past.

  4. Software quality assurance plans for safety-critical software

    International Nuclear Information System (INIS)

    Liddle, P.

    2006-01-01

    Application software is defined as safety-critical if a fault in the software could prevent the system components from performing their nuclear-safety functions. Therefore, for nuclear-safety systems, the AREVA TELEPERM R XS (TXS) system is classified 1E, as defined in the Inst. of Electrical and Electronics Engineers (IEEE) Std 603-1998. The application software is classified as Software Integrity Level (SIL)-4, as defined in IEEE Std 7-4.3.2-2003. The AREVA NP Inc. Software Program Manual (SPM) describes the measures taken to ensure that the TELEPERM XS application software attains a level of quality commensurate with its importance to safety. The manual also describes how TELEPERM XS correctly performs the required safety functions and conforms to established technical and documentation requirements, conventions, rules, and standards. The program manual covers the requirements definition, detailed design, integration, and test phases for the TELEPERM XS application software, and supporting software created by AREVA NP Inc. The SPM is required for all safety-related TELEPERM XS system applications. The program comprises several basic plans and practices: 1. A Software Quality-Assurance Plan (SQAP) that describes the processes necessary to ensure that the software attains a level of quality commensurate with its importance to safety function. 2. A Software Safety Plan (SSP) that identifies the process to reasonably ensure that safety-critical software performs as intended during all abnormal conditions and events, and does not introduce any new hazards that could jeopardize the health and safety of the public. 3. A Software Verification and Validation (V and V) Plan that describes the method of ensuring the software is in accordance with the requirements. 4. A Software Configuration Management Plan (SCMP) that describes the method of maintaining the software in an identifiable state at all times. 5. A Software Operations and Maintenance Plan (SO and MP) that

  5. Prerequisites of ideal safety-critical organizations

    International Nuclear Information System (INIS)

    Takeuchi, Michiru; Hikono, Masaru; Matsui, Yuko; Goto, Manabu; Sakuda, Hiroshi

    2013-01-01

    This study explores the prerequisites of ideal safety-critical organizations, marshalling arguments of 4 areas of organizational research on safety, each of which has overlap: a safety culture, high reliability organizations (HROs), organizational resilience, and leadership especially in safety-critical organizations. The approach taken in this study was to retrieve questionnaire items or items on checklists of the 4 research areas and use them as materials of abduction (as referred to in the KJ method). The results showed that the prerequisites of ideal safety-oriented organizations consist of 9 factors as follows: (1) The organization provides resources and infrastructure to ensure safety. (2) The organization has a sharable vision. (3) Management attaches importance to safety. (4) Employees openly communicate issues and share wide-ranging information with each other. (5) Adjustments and improvements are made as the organization's situation changes. (6) Learning activities from mistakes and failures are performed. (7) Management creates a positive work environment and promotes good relations in the workplace. (8) Workers have good relations in the workplace. (9) Employees have all the necessary requirements to undertake their own functions, and act conservatively. (author)

  6. The Health and Safety Executive's regulatory framework for control of nuclear criticality safety

    International Nuclear Information System (INIS)

    Smith, K.; Simister, D.N.

    1991-01-01

    In the United Kingdom the Health and Safety at Work Act, 1974 is the main legal instrument under which risks to people from work activities are controlled. Certain sections of the Nuclear Installations Act, 1965 which deal with the licensing of nuclear sites and the regulatory control of risks arising from them, including the risk from accidental criticality, are relevant statutory provisions of the Health and Safety at Work Act. The responsibility for safety rests with the operator who has to make and implement arrangements to prevent accidental criticality. The adequacy of these arrangements must be demonstrated in a safety case to the regulatory authorities. Operators are encouraged to treat each plant on its own merits and develop the safety case accordingly. The Nuclear Installations Inspectorate (NII), for its part, assesses the adequacy of the operator's safety case against the industry's own standards and criteria, but more particularly against the NII's safety assessment principles and guides, and international standards. Risks should be made as low as reasonably practicable. Generally, the NII seeks improvements in safety using an enforcement policy which operates at a number of levels, ranging from persuasion through discussion to the ultimate deterrent of withdrawal of a site licence. This paper describes the role of the NII, which includes a specialist criticality expertise, within the Health and Safety Executive, in regulating the nuclear sites from the criticality safety viewpoint. (Author)

  7. Assessing nuclear power plant safety and recovery from earthquakes using a system-of-systems approach

    International Nuclear Information System (INIS)

    Ferrario, E.; Zio, E.

    2014-01-01

    We adopt a ‘system-of-systems’ framework of analysis, previously presented by the authors, to include the interdependent infrastructures which support a critical plant in the study of its safety with respect to the occurrence of an earthquake. We extend the framework to consider the recovery of the system of systems in which the plant is embedded. As a test system, we consider the impacts produced on a nuclear power plant (the critical plant) embedded in the connected power and water distribution, and transportation networks which support its operation. The Seismic Probabilistic Risk Assessment of such system of systems is carried out by Hierarchical modeling and Monte Carlo simulation. First, we perform a top-down analysis through a hierarchical model to identify the elements that at each level have most influence in restoring safety, adopting the criticality importance measure as a quantitative indicator. Then, we evaluate by Monte Carlo simulation the probability that the nuclear power plant enters in an unsafe state and the time needed to recover its safety. The results obtained allow the identification of those elements most critical for the safety and recovery of the nuclear power plant; this is relevant for determining improvements of their structural/functional responses and supporting the decision-making process on safety critical-issues. On the test system considered, under the given assumptions, the components of the external and internal water systems (i.e., pumps and pool) turn out to be the most critical for the safety and recovery of the plant. - Highlights: • We adopt a system-of-system framework to analyze the safety of a critical plant exposed to risk from external events, considering also the interdependent infrastructures that support the plant. • We develop a hierarchical modeling framework to represent the system of systems, accounting also for its recovery. • Monte Carlo simulation is used for the quantitative evaluation of the

  8. Life extension decision making of safety critical systems: An overview

    OpenAIRE

    Shafiee, Mahmood; Animah, I.

    2017-01-01

    In recent years, the concept of “asset life extension” has become increasingly important to safety critical industries including nuclear power, offshore oil and gas, petrochemical, renewable energy, rail transport, aviation, shipping, electricity distribution and transmission, etc. Extending the service life of industrial assets can offer a broad range of economic, technical, social and environmental benefits as compared to other end-of-life management strategies such as decommissioning and r...

  9. Design verification enhancement of field programmable gate array-based safety-critical I&C system of nuclear power plant

    Energy Technology Data Exchange (ETDEWEB)

    Ahmed, Ibrahim [Department of Nuclear Engineering, Kyung Hee University, 1732 Deogyeong-daero, Giheung-gu, Yongin-si, Gyeonggi-do 17104 (Korea, Republic of); Jung, Jaecheon, E-mail: jcjung@kings.ac.kr [Department of Nuclear Power Plant Engineering, KEPCO International Nuclear Graduate School, 658-91 Haemaji-ro, Seosang-myeon, Ulju-gun, Ulsan 45014 (Korea, Republic of); Heo, Gyunyoung [Department of Nuclear Engineering, Kyung Hee University, 1732 Deogyeong-daero, Giheung-gu, Yongin-si, Gyeonggi-do 17104 (Korea, Republic of)

    2017-06-15

    Highlights: • An enhanced, systematic and integrated design verification approach is proposed for V&V of FPGA-based I&C system of NPP. • RPS bistable fixed setpoint trip algorithm is designed, analyzed, verified and discussed using the proposed approaches. • The application of integrated verification approach simultaneously verified the entire design modules. • The applicability of the proposed V&V facilitated the design verification processes. - Abstract: Safety-critical instrumentation and control (I&C) system in nuclear power plant (NPP) implemented on programmable logic controllers (PLCs) plays a vital role in safe operation of the plant. The challenges such as fast obsolescence, the vulnerability to cyber-attack, and other related issues of software systems have currently led to the consideration of field programmable gate arrays (FPGAs) as an alternative to PLCs because of their advantages and hardware related benefits. However, safety analysis for FPGA-based I&C systems, and verification and validation (V&V) assessments still remain important issues to be resolved, which are now become a global research point of interests. In this work, we proposed a systematic design and verification strategies from start to ready-to-use in form of model-based approaches for FPGA-based reactor protection system (RPS) that can lead to the enhancement of the design verification and validation processes. The proposed methodology stages are requirement analysis, enhanced functional flow block diagram (EFFBD) models, finite state machine with data path (FSMD) models, hardware description language (HDL) code development, and design verifications. The design verification stage includes unit test – Very high speed integrated circuit Hardware Description Language (VHDL) test and modified condition decision coverage (MC/DC) test, module test – MATLAB/Simulink Co-simulation test, and integration test – FPGA hardware test beds. To prove the adequacy of the proposed

  10. Design verification enhancement of field programmable gate array-based safety-critical I&C system of nuclear power plant

    International Nuclear Information System (INIS)

    Ahmed, Ibrahim; Jung, Jaecheon; Heo, Gyunyoung

    2017-01-01

    Highlights: • An enhanced, systematic and integrated design verification approach is proposed for V&V of FPGA-based I&C system of NPP. • RPS bistable fixed setpoint trip algorithm is designed, analyzed, verified and discussed using the proposed approaches. • The application of integrated verification approach simultaneously verified the entire design modules. • The applicability of the proposed V&V facilitated the design verification processes. - Abstract: Safety-critical instrumentation and control (I&C) system in nuclear power plant (NPP) implemented on programmable logic controllers (PLCs) plays a vital role in safe operation of the plant. The challenges such as fast obsolescence, the vulnerability to cyber-attack, and other related issues of software systems have currently led to the consideration of field programmable gate arrays (FPGAs) as an alternative to PLCs because of their advantages and hardware related benefits. However, safety analysis for FPGA-based I&C systems, and verification and validation (V&V) assessments still remain important issues to be resolved, which are now become a global research point of interests. In this work, we proposed a systematic design and verification strategies from start to ready-to-use in form of model-based approaches for FPGA-based reactor protection system (RPS) that can lead to the enhancement of the design verification and validation processes. The proposed methodology stages are requirement analysis, enhanced functional flow block diagram (EFFBD) models, finite state machine with data path (FSMD) models, hardware description language (HDL) code development, and design verifications. The design verification stage includes unit test – Very high speed integrated circuit Hardware Description Language (VHDL) test and modified condition decision coverage (MC/DC) test, module test – MATLAB/Simulink Co-simulation test, and integration test – FPGA hardware test beds. To prove the adequacy of the proposed

  11. Regulatory considerations for computational requirements for nuclear criticality safety

    International Nuclear Information System (INIS)

    Bidinger, G.H.

    1995-01-01

    As part of its safety mission, the U.S. Nuclear Regulatory Commission (NRC) approves the use of computational methods as part of the demonstration of nuclear criticality safety. While each NRC office has different criteria for accepting computational methods for nuclear criticality safety results, the Office of Nuclear Materials Safety and Safeguards (NMSS) approves the use of specific computational methods and methodologies for nuclear criticality safety analyses by specific companies (licensees or consultants). By contrast, the Office of Nuclear Reactor Regulation approves codes for general use. Historically, computational methods progressed from empirical methods to one-dimensional diffusion and discrete ordinates transport calculations and then to three-dimensional Monte Carlo transport calculations. With the advent of faster computational ability, three-dimensional diffusion and discrete ordinates transport calculations are gaining favor. With the proper user controls, NMSS has accepted any and all of these methods for demonstrations of nuclear criticality safety

  12. New enhancements to SCALE for criticality safety analysis

    International Nuclear Information System (INIS)

    Hollenbach, D.F.; Bowman, S.M.; Petrie, L.M.; Parks, C.V.

    1995-01-01

    As the speed, available memory, and reliability of computer hardware increases and the cost decreases, the complexity and usability of computer software will increase, taking advantage of the new hardware capabilities. Computer programs today must be more flexible and user friendly than those of the past. Within available resources, the SCALE staff at Oak Ridge National Laboratory (ORNL) is committed to upgrading its computer codes to keep pace with the current level of technology. This paper examines recent additions and enhancements to the criticality safety analysis sections of the SCALE code package. These recent additions and enhancements made to SCALE can be divided into nine categories: (1) new analytical computer codes, (2) new cross-section libraries, (3) new criticality search sequences, (4) enhanced graphical capabilities, (5) additional KENO enhancements, (6) enhanced resonance processing capabilities, (7) enhanced material information processing capabilities, (8) portability of the SCALE code package, and (9) other minor enhancements, modifications, and corrections to SCALE. Each of these additions and enhancements to the criticality safety analysis capabilities of the SCALE code system are discussed below

  13. USNRC licensing process as related to nuclear criticality safety

    International Nuclear Information System (INIS)

    Ketzlach, N.

    1987-01-01

    The U.S. Code of Federal Regulations establishes procedures and criteria for the issuance of licenses to receive title to, own, acquire, deliver, receive, possess, use, and initially transfer special nuclear material; and establishes and provides for the terms and conditions upon which the Nuclear Regulatory Commission (NRC) will issue such licenses. Section 70.22 of the regulations, ''Contents of Applications'', requires that applications for licenses contain proposed procedures to avoid accidental conditions of criticality. These procedures are elements of a nuclear criticality safety program for operations with fissionable materials at fuels and materials facilities (i.e., fuel cycle facilities other than nuclear reactors) in which there exists a potential for criticality accidents. To assist the applicant in providing specific information needed for a nuclear criticality safety program in a license application, the NRC has issued regulatory guides. The NRC requirements for nuclear criticality safety include organizational, administrative, and technical requirements. For purely technical matters on nuclear criticality safety these guides endorse national standards. Others provide guidance on the standard format and content of license applications, guidance on evaluating radiological consequences of criticality accidents, or guidance for dealing with other radiation safety issues. (author)

  14. Treatment of critical lower limb ischemia using a hybrid technique

    Directory of Open Access Journals (Sweden)

    Ricardo Wagner da Costa Moreira

    2014-09-01

    Full Text Available Critical ischemia of a lower limb is a condition that threatens its viability and must be treated promptly to avoid major amputation. Revascularization is the most effective treatment method and is performed using surgical or endovascular techniques. For patients with thoracoabdominal aortic aneurysms, combining these two approaches into a "hybrid technique" makes it possible to treat patients who could not be adequately treated by either technique in isolation. We report on a case of lower limb critical ischemia treated using a combination of surgery and endovascular techniques, in an application of the hybrid technique in a different arterial bed.

  15. Safety Verification of Hybrid Systems by Constraint Propagation-based Abstraction Refinement

    Czech Academy of Sciences Publication Activity Database

    Ratschan, Stefan; She, Z.

    2007-01-01

    Roč. 6, č. 1 (2007), Article-8 ISSN 1539-9087 Institutional research plan: CEZ:AV0Z10300504 Keywords : hybrid system s * constraint propagation * intervals Subject RIV: IN - Informatics, Computer Science

  16. Analyzing Software Errors in Safety-Critical Embedded Systems

    Science.gov (United States)

    Lutz, Robyn R.

    1994-01-01

    This paper analyzes the root causes of safty-related software faults identified as potentially hazardous to the system are distributed somewhat differently over the set of possible error causes than non-safety-related software faults.

  17. Reliability analysis of diverse safety logic systems of fast breeder reactor

    International Nuclear Information System (INIS)

    Ravi Kumar, Bh.; Apte, P.R.; Srivani, L.; Ilango Sambasivan, S.; Swaminathan, P.

    2006-01-01

    Safety Logic for Fast Breeder Reactor (FBR) is designed to initiate safety action against Design Basis Events. Based on the outputs of various processing circuits, Safety logic system drives the control rods of the shutdown system. So, Safety Logic system is classified as safety critical system. Therefore, reliability analysis has to be performed. This paper discusses the Reliability analysis of Diverse Safety logic systems of FBRs. For this literature survey on safety critical systems, system reliability approach and standards to be followed like IEC-61508 are discussed in detail. For Programmable Logic device based systems, Hardware Description Languages (HDL) are used. So this paper also discusses the Verification and Validation for HDLs. Finally a case study for the Reliability analysis of Safety logic is discussed. (author)

  18. Does the concept of safety culture help or hinder systems thinking in safety?

    Science.gov (United States)

    Reiman, Teemu; Rollenhagen, Carl

    2014-07-01

    The concept of safety culture has become established in safety management applications in all major safety-critical domains. The idea that safety culture somehow represents a "systemic view" on safety is seldom explicitly spoken out, but nevertheless seem to linger behind many safety culture discourses. However, in this paper we argue that the "new" contribution to safety management from safety culture never really became integrated with classical engineering principles and concepts. This integration would have been necessary for the development of a more genuine systems-oriented view on safety; e.g. a conception of safety in which human, technological, organisational and cultural factors are understood as mutually interacting elements. Without of this integration, researchers and the users of the various tools and methods associated with safety culture have sometimes fostered a belief that "safety culture" in fact represents such a systemic view about safety. This belief is, however, not backed up by theoretical or empirical evidence. It is true that safety culture, at least in some sense, represents a holistic term-a totality of factors that include human, organisational and technological aspects. However, the departure for such safety culture models is still human and organisational factors rather than technology (or safety) itself. The aim of this paper is to critically review the various uses of the concept of safety culture as representing a systemic view on safety. The article will take a look at the concepts of culture and safety culture based on previous studies, and outlines in more detail the theoretical challenges in safety culture as a systems concept. The paper also presents recommendations on how to make safety culture more systemic. Copyright © 2013 Elsevier Ltd. All rights reserved.

  19. Incorporating organizational factors into Probabilistic Risk Assessment (PRA) of complex socio-technical systems: A hybrid technique formalization

    International Nuclear Information System (INIS)

    Mohaghegh, Zahra; Kazemi, Reza; Mosleh, Ali

    2009-01-01

    This paper is a result of a research with the primary purpose of extending Probabilistic Risk Assessment (PRA) modeling frameworks to include the effects of organizational factors as the deeper, more fundamental causes of accidents and incidents. There have been significant improvements in the sophistication of quantitative methods of safety and risk assessment, but the progress on techniques most suitable for organizational safety risk frameworks has been limited. The focus of this paper is on the choice of 'representational schemes' and 'techniques.' A methodology for selecting appropriate candidate techniques and their integration in the form of a 'hybrid' approach is proposed. Then an example is given through an integration of System Dynamics (SD), Bayesian Belief Network (BBN), Event Sequence Diagram (ESD), and Fault Tree (FT) in order to demonstrate the feasibility and value of hybrid techniques. The proposed hybrid approach integrates deterministic and probabilistic modeling perspectives, and provides a flexible risk management tool for complex socio-technical systems. An application of the hybrid technique is provided in the aviation safety domain, focusing on airline maintenance systems. The example demonstrates how the hybrid method can be used to analyze the dynamic effects of organizational factors on system risk

  20. Planning the Unplanned Experiment: Assessing the Efficacy of Standards for Safety Critical Software

    Science.gov (United States)

    Graydon, Patrick J.; Holloway, C. Michael

    2015-01-01

    We need well-founded means of determining whether software is t for use in safety-critical applications. While software in industries such as aviation has an excellent safety record, the fact that software aws have contributed to deaths illustrates the need for justi ably high con dence in software. It is often argued that software is t for safety-critical use because it conforms to a standard for software in safety-critical systems. But little is known about whether such standards `work.' Reliance upon a standard without knowing whether it works is an experiment; without collecting data to assess the standard, this experiment is unplanned. This paper reports on a workshop intended to explore how standards could practicably be assessed. Planning the Unplanned Experiment: Assessing the Ecacy of Standards for Safety Critical Software (AESSCS) was held on 13 May 2014 in conjunction with the European Dependable Computing Conference (EDCC). We summarize and elaborate on the workshop's discussion of the topic, including both the presented positions and the dialogue that ensued.

  1. Nuclear criticality safety evaluation of Spray Booth Operations in X-705, Portsmouth Gaseous Diffusion Plant

    International Nuclear Information System (INIS)

    Sheaffer, M.K.; Keeton, S.C.

    1993-01-01

    This report evaluates nuclear criticality safety for Spray Booth Operations in the Decontamination and Recovery Facility, X-705, at the Portsmouth Gaseous Diffusion Plant. A general description of current procedures and related hardware/equipment is presented. Control parameters relevant to nuclear criticality safety are explained, and a consolidated listing of administrative controls and safety systems is developed. Based on compliance with DOE Orders and MMES practices, the overall operation is evaluated, and recommendations for enhanced safety are suggested

  2. Model-based safety architecture framework for complex systems

    NARCIS (Netherlands)

    Schuitemaker, Katja; Rajabali Nejad, Mohammadreza; Braakhuis, J.G.; Podofillini, Luca; Sudret, Bruno; Stojadinovic, Bozidar; Zio, Enrico; Kröger, Wolfgang

    2015-01-01

    The shift to transparency and rising need of the general public for safety, together with the increasing complexity and interdisciplinarity of modern safety-critical Systems of Systems (SoS) have resulted in a Model-Based Safety Architecture Framework (MBSAF) for capturing and sharing architectural

  3. Industrial Personal Computer based Display for Nuclear Safety System

    International Nuclear Information System (INIS)

    Kim, Ji Hyeon; Kim, Aram; Jo, Jung Hee; Kim, Ki Beom; Cheon, Sung Hyun; Cho, Joo Hyun; Sohn, Se Do; Baek, Seung Min

    2014-01-01

    The safety display of nuclear system has been classified as important to safety (SIL:Safety Integrity Level 3). These days the regulatory agencies are imposing more strict safety requirements for digital safety display system. To satisfy these requirements, it is necessary to develop a safety-critical (SIL 4) grade safety display system. This paper proposes industrial personal computer based safety display system with safety grade operating system and safety grade display methods. The description consists of three parts, the background, the safety requirements and the proposed safety display system design. The hardware platform is designed using commercially available off-the-shelf processor board with back plane bus. The operating system is customized for nuclear safety display application. The display unit is designed adopting two improvement features, i.e., one is to provide two separate processors for main computer and display device using serial communication, and the other is to use Digital Visual Interface between main computer and display device. In this case the main computer uses minimized graphic functions for safety display. The display design is at the conceptual phase, and there are several open areas to be concreted for a solid system. The main purpose of this paper is to describe and suggest a methodology to develop a safety-critical display system and the descriptions are focused on the safety requirement point of view

  4. Industrial Personal Computer based Display for Nuclear Safety System

    Energy Technology Data Exchange (ETDEWEB)

    Kim, Ji Hyeon; Kim, Aram; Jo, Jung Hee; Kim, Ki Beom; Cheon, Sung Hyun; Cho, Joo Hyun; Sohn, Se Do; Baek, Seung Min [KEPCO, Youngin (Korea, Republic of)

    2014-08-15

    The safety display of nuclear system has been classified as important to safety (SIL:Safety Integrity Level 3). These days the regulatory agencies are imposing more strict safety requirements for digital safety display system. To satisfy these requirements, it is necessary to develop a safety-critical (SIL 4) grade safety display system. This paper proposes industrial personal computer based safety display system with safety grade operating system and safety grade display methods. The description consists of three parts, the background, the safety requirements and the proposed safety display system design. The hardware platform is designed using commercially available off-the-shelf processor board with back plane bus. The operating system is customized for nuclear safety display application. The display unit is designed adopting two improvement features, i.e., one is to provide two separate processors for main computer and display device using serial communication, and the other is to use Digital Visual Interface between main computer and display device. In this case the main computer uses minimized graphic functions for safety display. The display design is at the conceptual phase, and there are several open areas to be concreted for a solid system. The main purpose of this paper is to describe and suggest a methodology to develop a safety-critical display system and the descriptions are focused on the safety requirement point of view.

  5. Criticality safety analysis for mockup facility

    International Nuclear Information System (INIS)

    Shin, Young Joon; Shin, Hee Sung; Kim, Ik Soo; Oh, Seung Chul; Ro, Seung Gy; Bae, Kang Mok

    2000-03-01

    Benchmark calculations for SCALE4.4 CSAS6 module have been performed for 31 UO 2 fuel, 15MOX fuel and 10 metal material criticality experiments and then calculation biases of the SCALE 4.4 CSAS6 module have been revealed to be 0.00982, 0.00579 and 0.02347, respectively. When CSAS6 is applied to the criticality safety analysis for the mockup facility in which several kinds of nuclear material components are included, the calculation bias of CSAS6 is conservatively taken to be 0.02347. With the aid of this benchmarked code system, criticality safety analyses for the mockup facility at normal and hypothetical accidental conditions have been carried out. It appears that the maximum K eff is 0.28356 well below than the critical limit, K eff =0.95 at normal condition. In a hypothetical accidental condition, the maximum K eff is found to be 0.73527 much lower than the subcritical limit. For another hypothetical accidental condition the nuclear material leaks out of container and spread or lump in the floor, it was assumed that the nuclear material is shaped into a slab and water exists in the empty space of the nuclear material. K eff has been calculated as function of slab thickness and the volume ratio of water to nuclear material. The result shows that the K eff increases as the water volume ratio increases. It is also revealed that the K eff reaches to the maximum value when water if filled in the empty space of nuclear material. The maximum K eff value is 0.93960 lower than the subcritical limit

  6. Development of an FPGA-based controller for safety critical application

    International Nuclear Information System (INIS)

    Xing, A.; De Grosbois, J.; Sklyar, V.; Archer, P.; Awwal, A.

    2011-01-01

    In implementing safety functions, Field Programmable Gate Arrays (FPGA) technology offers a distinct combination of benefits and advantages over microprocessor-based systems. FPGAs can be designed such that the final product is purely hardware, without any overhead runtime software, bringing the design closer to a conventional hardware-based solution. On the other hand, FPGAs can implement more complex safety logic that would generally require microprocessor-based safety systems. There are now qualified FPGA-based platforms available on the market with a credible use history in safety applications in nuclear power plants. Atomic Energy of Canada (AECL), in collaboration with RPC Radiy, has initiated a development program to define a vigorous FPGA engineering process suitable for implementing safety critical functions at the application development level. This paper provides an update on the FPGA development program along with the proposed design model using function block diagrams for the development of safety controllers in CANDU applications. (author)

  7. Criticality Safety Information Resource Center Web portal: www.csirc.net

    International Nuclear Information System (INIS)

    Harmon, C.D. II; Jones, T.

    2000-01-01

    The Nuclear Criticality Safety Group (ESH-6) at Los Alamos National Laboratory (LANL) is in the process of collecting and archiving historical and technical information related to nuclear criticality safety from LANL and other facilities. In an ongoing effort, this information is being made available via the Criticality Safety Information Resource Center (CSIRC) web site, which is hosted and maintained by ESH-6 staff. Recently, the CSIRC Web site was recreated as a Web portal that provides the criticality safety community with much more than just archived data

  8. A cost and safety superiority of fusion-fission hybrid reactor in China nuclear energy development

    International Nuclear Information System (INIS)

    Pereslavtszev, P.E.; Luan Guishi; Xia Chengang

    1994-08-01

    Considering economy and safety, an optimization model of nuclear energy developing scenarios of China was set up. An objective function to optimize was determined. Three prospective developing scenarios of China nuclear energy system including hybrid reactor were calculated and discussed. In the system which has no fissile material exchange with other system, a smooth developing model has a smooth distribution of inventory of Pu, thus the potential danger of whole nuclear energy system will be decreased. This scheme will improve investment effectiveness. Result shows that the optimization is necessary and the significant profit in cost and safety can be obtained. (5 tabs., 8 figs., 12 refs.)

  9. Applications of PRA in nuclear criticality safety

    International Nuclear Information System (INIS)

    McLaughlin, T.P.

    1992-01-01

    Traditionally, criticality accident prevention at Los Alamos has been based on a thorough review and understanding of proposed operations of changes to operations, involving both process supervision and criticality safety staff. The outcome of this communication was usually an agreement, based on professional judgement, that certain accident sequences were credible and had to be reduced in likelihood either by administrative controls or by equipment design and others were not credible, and thus did not warrant expenditures to further reduce their likelihood. The extent of analysis and documentation was generally in proportion to the complexity of the operation but did not include quantified risk assessments. During the last three years nuclear criticality safety related Probabilistic Risk Assessments (PRAs) have been preformed on operations in two Los Alamos facilities. Both of these were conducted in order to better understand the cost/benefit aspects of PRA's as they apply to largely ''hands-on'' operations with fissile material for which human errors or equipment failures significant to criticality safety are both rare and unique. Based on these two applications and an appreciation of the historical criticality accident record (frequency and consequences) it is apparent that quantified risk assessments should be performed very selectively

  10. Exemption, exception and other criteria for transport criticality safety

    International Nuclear Information System (INIS)

    Mennerdahl, D.

    2004-01-01

    Many strange concepts, requirements and specifications related to criticality safety are present in the Regulations. Some earlier problems have been corrected but, going back to 1961 and the first edition of the Regulations, it seems as many changes have been to the worse. Fissile material was defined correctly as a material that could consist of or contain fissile nuclides. Materials consisting of pure fissile nuclides don't exist but are important in package designs. 238 Pu was included as a fissile nuclide only as an emergency, because there was no alternative, but this caused some people to think that all nuclides supporting criticality are fissile. Neutron interaction between different (non-identical) packages had to be evaluated, making the transport index or allowable number of packages a credible safety control. That is not true anymore. The 15 gram exception limit for fissile nuclides was combined with a transport mode limit, similar to but more restrictive than the current consignment limit. The confinement system was introduced to help with formulation of a single requirement for safety of the containment system but is becoming something very different. Controls before the first use of a packaging have become controls of the first use of a package, supporting multiple shipments of the same package. The lack of exemption limits for fissile material essentially makes all radioactive materials fissile (all radioactive material contains some fissile atoms). Radioactive material seems to be defined without consideration of the criticality hazard of the material. LSA materials are defined with consideration of criticality, but only relates to quantities in fissile exceptions when other properties can be equally or more important. In July 2004, a number of proposals to IAEA have been submitted by Sweden to improve and expand the criticality safety control of the Regulations. Essential is the introduction of the fissionable nuclide and material concepts in

  11. Exemption, exception and other criteria for transport criticality safety

    Energy Technology Data Exchange (ETDEWEB)

    Mennerdahl, D. [E Mennerdahl Systems, Taeby (Sweden)

    2004-07-01

    Many strange concepts, requirements and specifications related to criticality safety are present in the Regulations. Some earlier problems have been corrected but, going back to 1961 and the first edition of the Regulations, it seems as many changes have been to the worse. Fissile material was defined correctly as a material that could consist of or contain fissile nuclides. Materials consisting of pure fissile nuclides don't exist but are important in package designs. {sup 238}Pu was included as a fissile nuclide only as an emergency, because there was no alternative, but this caused some people to think that all nuclides supporting criticality are fissile. Neutron interaction between different (non-identical) packages had to be evaluated, making the transport index or allowable number of packages a credible safety control. That is not true anymore. The 15 gram exception limit for fissile nuclides was combined with a transport mode limit, similar to but more restrictive than the current consignment limit. The confinement system was introduced to help with formulation of a single requirement for safety of the containment system but is becoming something very different. Controls before the first use of a packaging have become controls of the first use of a package, supporting multiple shipments of the same package. The lack of exemption limits for fissile material essentially makes all radioactive materials fissile (all radioactive material contains some fissile atoms). Radioactive material seems to be defined without consideration of the criticality hazard of the material. LSA materials are defined with consideration of criticality, but only relates to quantities in fissile exceptions when other properties can be equally or more important. In July 2004, a number of proposals to IAEA have been submitted by Sweden to improve and expand the criticality safety control of the Regulations. Essential is the introduction of the fissionable nuclide and material

  12. Parametric systems analysis for tandem mirror hybrids

    International Nuclear Information System (INIS)

    Lee, J.D.; Chapin, D.L.; Chi, J.W.H.

    1980-09-01

    Fusion fission systems, consisting of fissile producing fusion hybrids combining a tandem mirror fusion driver with various blanket types and net fissile consuming LWR's, have been modeled and analyzed parametrically. Analysis to date indicates that hybrids can be competitive with mined uranium when U 3 O 8 cost is about 100 $/lb., adding less than 25% to present day cost of power from LWR's. Of the three blanket types considered, uranium fast fission (UFF), thorium fast fission (ThFF), and thorium fission supressed (ThFS), the ThFS blanket has a modest economic advantage under most conditions but has higher support ratios and potential safety advantages under all conditions

  13. Lecture notes for criticality safety

    International Nuclear Information System (INIS)

    Fullwood, R.

    1992-03-01

    These lecture notes for criticality safety are prepared for the training of Department of Energy supervisory, project management, and administrative staff. Technical training and basic mathematics are assumed. The notes are designed for a two-day course, taught by two lecturers. Video tapes may be used at the options of the instructors. The notes provide all the materials that are necessary but outside reading will assist in the fullest understanding. The course begins with a nuclear physics overview. The reader is led from the macroscopic world into the microscopic world of atoms and the elementary particles that constitute atoms. The particles, their masses and sizes and properties associated with radioactive decay and fission are introduced along with Einstein's mass-energy equivalence. Radioactive decay, nuclear reactions, radiation penetration, shielding and health-effects are discussed to understand protection in case of a criticality accident. Fission, the fission products, particles and energy released are presented to appreciate the dangers of criticality. Nuclear cross sections are introduced to understand the effectiveness of slow neutrons to produce fission. Chain reactors are presented as an economy; effective use of the neutrons from fission leads to more fission resulting in a power reactor or a criticality excursion. The six-factor formula is presented for managing the neutron budget. This leads to concepts of material and geometric buckling which are used in simple calculations to assure safety from criticality. Experimental measurements and computer code calculations of criticality are discussed. To emphasize the reality, historical criticality accidents are presented in a table with major ones discussed to provide lessons-learned. Finally, standards, NRC guides and regulations, and DOE orders relating to criticality protection are presented

  14. Nuclear criticality safety training: guidelines for DOE contractors

    International Nuclear Information System (INIS)

    Crowell, M.R.

    1983-09-01

    The DOE Order 5480.1A, Chapter V, Safety of Nuclear Facilities, establishes safety procedures and requirements for DOE nuclear facilities. This guide has been developed as an aid to implementing the Chapter V requirements pertaining to nuclear criticality safety training. The guide outlines relevant conceptual knowledge and demonstrated good practices in job performance. It addresses training program operations requirements in the areas of employee evaluations, employee training records, training program evaluations, and training program records. It also suggests appropriate feedback mechanisms for criticality safety training program improvement. The emphasis is on academic rather than hands-on training. This allows a decoupling of these guidelines from specific facilities. It would be unrealistic to dictate a universal program of training because of the wide variation of operations, levels of experience, and work environments among DOE contractors and facilities. Hence, these guidelines do not address the actual implementation of a nuclear criticality safety training program, but rather they outline the general characteristics that should be included

  15. International Criticality Safety Benchmark Evaluation Project (ICSBEP) - ICSBEP 2015 Handbook

    International Nuclear Information System (INIS)

    Bess, John D.

    2015-01-01

    The Criticality Safety Benchmark Evaluation Project (CSBEP) was initiated in October of 1992 by the United States Department of Energy (DOE). The project quickly became an international effort as scientists from other interested countries became involved. The International Criticality Safety Benchmark Evaluation Project (ICSBEP) became an official activity of the Nuclear Energy Agency (NEA) in 1995. This handbook contains criticality safety benchmark specifications that have been derived from experiments performed at various critical facilities around the world. The benchmark specifications are intended for use by criticality safety engineers to validate calculation techniques used to establish minimum subcritical margins for operations with fissile material and to determine criticality alarm requirements and placement. Many of the specifications are also useful for nuclear data testing. Example calculations are presented; however, these calculations do not constitute a validation of the codes or cross-section data. The evaluated criticality safety benchmark data are given in nine volumes. These volumes span approximately 69000 pages and contain 567 evaluations with benchmark specifications for 4874 critical, near-critical or subcritical configurations, 31 criticality alarm placement/shielding configurations with multiple dose points for each, and 207 configurations that have been categorised as fundamental physics measurements that are relevant to criticality safety applications. New to the handbook are benchmark specifications for neutron activation foil and thermoluminescent dosimeter measurements performed at the SILENE critical assembly in Valduc, France as part of a joint venture in 2010 between the US DOE and the French Alternative Energies and Atomic Energy Commission (CEA). A photograph of this experiment is shown on the front cover. Experiments that are found unacceptable for use as criticality safety benchmark experiments are discussed in these

  16. Hybrid Action Systems

    DEFF Research Database (Denmark)

    Ronkko, Mauno; Ravn, Anders P.

    1997-01-01

    a differential action, which allows differential equations as primitive actions. The extension allows us to model hybrid systems with both continuous and discrete behaviour. The main result of this paper is an extension of such a hybrid action system with parallel composition. The extension does not change...... the original meaning of the parallel composition, and therefore also the ordinary action systems can be composed in parallel with the hybrid action systems....

  17. Hybrid and dependent task scheduling algorithm for on-board system software

    Institute of Scientific and Technical Information of China (English)

    魏振华; 洪炳熔; 乔永强; 蔡则苏; 彭俊杰

    2003-01-01

    In order to solve the hybrid and dependent task scheduling and critical source allocation problems, atask scheduling algorithm has been developed by first presenting the tasks, and then describing the hybrid anddependent scheduling algorithm and deriving the predictable schedulability condition. The performance of thisagorithm was evaluated through simulation, and it is concluded from the evaluation results that the hybrid taskscheduling subalgorithm based on the comparison factor can be used to solve the problem of aperiodic task beingblocked by periodic task in the traditional operating system for a very long time, which results in poor schedu-ling predictability; and the resource allocation subalgorithm based on schedulability analysis can be used tosolve the problems of critical section conflict, ceiling blocking and priority inversion; and the scheduling algo-rithm is nearest optimal when the abortable critical section is 0.6.

  18. Long-term criticality safety concerns associated with surplus fissile material disposition

    International Nuclear Information System (INIS)

    Choi, J.S.

    1995-01-01

    A substantial inventory of surplus fissile material would result from ongoing and planned dismantlement of US and Russian nuclear weapons. This surplus fissile material could be dispositioned by irradiation in nuclear reactors, and the resulting spent MOx fuel would be similar in radiation characteristics to regular LWR spent UO2 fuel. The surplus fissile material could also be immobilized into high-level waste forms, such as borosilicate glass, synroc, or metal-alloy matrix. The MOx spent fuel, or the immobilized waste forms, could then be directly disposed of in a geologic repository. Long-term criticality safety concerns arise because the fissile contents (i.e., Pu-239 and its decay daughter U-235) in these waste forms are higher than in LWR spent UO2 fuel. MOx spent fuel could contain 3 to 4 wt% of reactor-grade plutonium, compared to only 0.9 wt% of plutonium in LWR spent UO2 fuel. At some future time (tens of thousand of years), when the waste forms had deteriorated due to intruding groundwater, the water could mix with the long-lived fissile materials to form into a critical system. If the critical system is self-sustaining, somewhat like the natural-occurring reactor in OKLO, fission products produced could readily be available for dissolution and release out to the accessible environment, adversely affecting public health and safety. This paper will address ongoing activities to evaluate long-term criticality safety concerns associated with disposition of fissile material in a geologic setting. Issues to be addressed include the identification of a worst-case water-intrusion scenario and waste-form geometries which present the most concern for long-term criticality safety; and suggests of technical solutions for such concerns

  19. An assessment of criticality safety at the Department of Energy Rocky Flats Plant, Golden, Colorado, July--September 1989

    Energy Technology Data Exchange (ETDEWEB)

    Mattson, Roger J.

    1989-09-01

    This is a report on the 1989 independent Criticality Safety Assessment of the Rocky Flats Plant, primarily in response to public concerns that nuclear criticality accidents involving plutonium may have occurred at this nuclear weapon component fabrication and processing plant. The report evaluates environmental issues, fissile material storage practices, ventilation system problem areas, and criticality safety practices. While no evidence of a criticality accident was found, several recommendations are made for criticality safety improvements. 9 tabs.

  20. Modelling safety of multistate systems with ageing components

    Energy Technology Data Exchange (ETDEWEB)

    Kołowrocki, Krzysztof; Soszyńska-Budny, Joanna [Gdynia Maritime University, Department of Mathematics ul. Morska 81-87, Gdynia 81-225 Poland (Poland)

    2016-06-08

    An innovative approach to safety analysis of multistate ageing systems is presented. Basic notions of the ageing multistate systems safety analysis are introduced. The system components and the system multistate safety functions are defined. The mean values and variances of the multistate systems lifetimes in the safety state subsets and the mean values of their lifetimes in the particular safety states are defined. The multi-state system risk function and the moment of exceeding by the system the critical safety state are introduced. Applications of the proposed multistate system safety models to the evaluation and prediction of the safty characteristics of the consecutive “m out of n: F” is presented as well.

  1. Modelling safety of multistate systems with ageing components

    International Nuclear Information System (INIS)

    Kołowrocki, Krzysztof; Soszyńska-Budny, Joanna

    2016-01-01

    An innovative approach to safety analysis of multistate ageing systems is presented. Basic notions of the ageing multistate systems safety analysis are introduced. The system components and the system multistate safety functions are defined. The mean values and variances of the multistate systems lifetimes in the safety state subsets and the mean values of their lifetimes in the particular safety states are defined. The multi-state system risk function and the moment of exceeding by the system the critical safety state are introduced. Applications of the proposed multistate system safety models to the evaluation and prediction of the safty characteristics of the consecutive “m out of n: F” is presented as well.

  2. SCALE criticality safety verification and validation package

    International Nuclear Information System (INIS)

    Bowman, S.M.; Emmett, M.B.; Jordan, W.C.

    1998-01-01

    Verification and validation (V and V) are essential elements of software quality assurance (QA) for computer codes that are used for performing scientific calculations. V and V provides a means to ensure the reliability and accuracy of such software. As part of the SCALE QA and V and V plans, a general V and V package for the SCALE criticality safety codes has been assembled, tested and documented. The SCALE criticality safety V and V package is being made available to SCALE users through the Radiation Safety Information Computational Center (RSICC) to assist them in performing adequate V and V for their SCALE applications

  3. Criticality safety of solvent extraction process

    International Nuclear Information System (INIS)

    Tachimori, Shoichi; Miyoshi, Yoshinori

    1987-01-01

    The article presents some comments on criticality safety of solvent extraction processes. When used as an extracting medium, tributyl phosphate extracts nitric acid and water, in addition to nitrates of U and Pu, into the organic phase. The amount of these chemical species extracted into the organic phase is dependent on and restricted by the concentrations of tributyl phosphate and other components. For criticality control, measures are taken to decrease the concentration of tributyl phosphate in the organic phase, in addition to control of the U and Pu concentrations in the feed water phase. It should be remembered that complexes of tributyl phosphate with nitrates of such metals as Pu(IV), Pu(VI), U(IV) and Th(IV) do not dissolve uniformly in the organic phase. In criticality calculation for solution-handling systems, U and Pu are generally assumed to have a valence of 6 and 4, respectively. In the reprocessing extraction process, however, U and Pu can have a valence of 4, and 3 and 6, respectively. The organic phase and aqueous phase contact in a counter-current flow. U and Pu will be accumulated if they are not brought out of the extraction system by this flow. (Nogami, K.)

  4. Braking energy regeneration control of a fuel cell hybrid electric bus

    International Nuclear Information System (INIS)

    Zhang, Junzhi; Lv, Chen; Qiu, Mingzhe; Li, Yutong; Sun, Dongsheng

    2013-01-01

    Highlights: • A braking energy regeneration system has been designed for a fuel cell bus. • Control strategy coordinating energy efficiency and brake safety is proposed. • The system and control strategy proposed are experimentally verified. • Based on test results, energy efficiency of the FCB is improved greatly. - Abstract: This paper presents the braking energy regeneration control of a fuel cell hybrid electric bus. The configuration of the regenerative braking system based on a pneumatic braking system was proposed. To recapture the braking energy and improve the fuel economy, a control strategy coordinating the regenerative brake and the pneumatic brake was designed and applied in the FCHB. Brake safety was also guaranteed by the control strategy when the bus encounters critical driving situations. Fuel economy tests were carried out under China city bus typical driving cycle. And hardware-in-the-loop tests of the brake safety of the FCHB under proposed control strategy were also accomplished. Test results indicate that the present approach provides an improvement in fuel economy of the fuel cell hybrid electric bus and guarantees the brake safety in the meantime

  5. Burnup credit calculations for criticality safety justification for RBMK-1000 spent fuel of transport and storage systems

    Directory of Open Access Journals (Sweden)

    V. V. Galchenko

    2010-12-01

    Full Text Available In present paper the burnup credit calculations for TK-8 transport container and SVJP-1 spent fuel storage fa-cility of pool type with RBMK-1000 spent fuel during 100-years of cooling time were performed for criticality safety analysis purpose using MCNP and SCALE codes. Only actinides were taken into account for these critical systems. Two approaches were analyzed with isotopes distribution calculations along fuel assembly height and without it. The results show that subcriticality margin is increased considerably using burnup credit and isotopes distribution along fuel assembly height made this value more reasonable.

  6. Optimal Control of Hybrid Systems in Air Traffic Applications

    Science.gov (United States)

    Kamgarpour, Maryam

    Growing concerns over the scalability of air traffic operations, air transportation fuel emissions and prices, as well as the advent of communication and sensing technologies motivate improvements to the air traffic management system. To address such improvements, in this thesis a hybrid dynamical model as an abstraction of the air traffic system is considered. Wind and hazardous weather impacts are included using a stochastic model. This thesis focuses on the design of algorithms for verification and control of hybrid and stochastic dynamical systems and the application of these algorithms to air traffic management problems. In the deterministic setting, a numerically efficient algorithm for optimal control of hybrid systems is proposed based on extensions of classical optimal control techniques. This algorithm is applied to optimize the trajectory of an Airbus 320 aircraft in the presence of wind and storms. In the stochastic setting, the verification problem of reaching a target set while avoiding obstacles (reach-avoid) is formulated as a two-player game to account for external agents' influence on system dynamics. The solution approach is applied to air traffic conflict prediction in the presence of stochastic wind. Due to the uncertainty in forecasts of the hazardous weather, and hence the unsafe regions of airspace for aircraft flight, the reach-avoid framework is extended to account for stochastic target and safe sets. This methodology is used to maximize the probability of the safety of aircraft paths through hazardous weather. Finally, the problem of modeling and optimization of arrival air traffic and runway configuration in dense airspace subject to stochastic weather data is addressed. This problem is formulated as a hybrid optimal control problem and is solved with a hierarchical approach that decouples safety and performance. As illustrated with this problem, the large scale of air traffic operations motivates future work on the efficient

  7. Experience with performance based training of nuclear criticality safety engineers

    International Nuclear Information System (INIS)

    Taylor, R.G.

    1993-01-01

    Historically, new entrants to the practice of nuclear criticality safety have learned their job primarily by on-the-job training (OJT) often by association with an experienced nuclear criticality safety engineer who probably also learned their job by OJT. Typically, the new entrant learned what he/she needed to know to solve a particular problem and accumulated experience as more problems were solved. It is likely that more formalism will be required in the future. Current US Department of Energy requirements for those positions which have to demonstrate qualification indicate that it should be achieved by using a systematic approach such as performance based training (PBT). Assuming that PBT would be an acceptable mechanism for nuclear criticality safety engineer training in a more formal environment, a site-specific analysis of the nuclear criticality safety engineer job was performed. Based on this analysis, classes are being developed and delivered to a target audience of newer nuclear criticality safety engineers. Because current interest is in developing training for selected aspects of the nuclear criticality safety engineer job, the analysis i's incompletely developed in some areas. Details of this analysis are provided in this report

  8. Experience with performance based training of nuclear criticality safety engineers

    International Nuclear Information System (INIS)

    Taylor, R.G.

    1993-01-01

    For non-reactor nuclear facilities, the U.S. Department of Energy (DOE) does not require that nuclear criticality safety engineers demonstrate qualification for their job. It is likely, however, that more formalism will be required in the future. Current DOE requirements for those positions which do have to demonstrate qualification indicate that qualification should be achieved by using a systematic approach such as performance based training (PBT). Assuming that PBT would be an acceptable mechanism for nuclear criticality safety engineer training in a more formal environment, a site-specific analysis of the nuclear criticality safety engineer job was performed. Based on this analysis, classes are being developed and delivered to a target audience of newer nuclear criticality safety engineers. Because current interest is in developing training for selected aspects of the nuclear criticality safety engineer job, the analysis is incompletely developed in some areas

  9. Incorporating organizational factors into Probabilistic Risk Assessment (PRA) of complex socio-technical systems: A hybrid technique formalization

    Energy Technology Data Exchange (ETDEWEB)

    Mohaghegh, Zahra [Center for Risk and Reliability, University of Maryland, College Park, MD 20742 (United States)], E-mail: mohagheg@umd.edu; Kazemi, Reza; Mosleh, Ali [Center for Risk and Reliability, University of Maryland, College Park, MD 20742 (United States)

    2009-05-15

    This paper is a result of a research with the primary purpose of extending Probabilistic Risk Assessment (PRA) modeling frameworks to include the effects of organizational factors as the deeper, more fundamental causes of accidents and incidents. There have been significant improvements in the sophistication of quantitative methods of safety and risk assessment, but the progress on techniques most suitable for organizational safety risk frameworks has been limited. The focus of this paper is on the choice of 'representational schemes' and 'techniques.' A methodology for selecting appropriate candidate techniques and their integration in the form of a 'hybrid' approach is proposed. Then an example is given through an integration of System Dynamics (SD), Bayesian Belief Network (BBN), Event Sequence Diagram (ESD), and Fault Tree (FT) in order to demonstrate the feasibility and value of hybrid techniques. The proposed hybrid approach integrates deterministic and probabilistic modeling perspectives, and provides a flexible risk management tool for complex socio-technical systems. An application of the hybrid technique is provided in the aviation safety domain, focusing on airline maintenance systems. The example demonstrates how the hybrid method can be used to analyze the dynamic effects of organizational factors on system risk.

  10. Development methodology for the software life cycle process of the safety software

    Energy Technology Data Exchange (ETDEWEB)

    Kim, D. H.; Lee, S. S. [BNF Technology, Taejon (Korea, Republic of); Cha, K. H.; Lee, C. S.; Kwon, K. C.; Han, H. B. [KAERI, Taejon (Korea, Republic of)

    2002-05-01

    A methodology for developing software life cycle processes (SLCP) is proposed to develop the digital safety-critical Engineered Safety Features - Component Control System (ESF-CCS) successfully. A software life cycle model is selected as the hybrid model mixed with waterfall, prototyping, and spiral models and is composed of two stages , development stages of prototype of ESF-CCS and ESF-CCS. To produce the software life cycle (SLC) for the Development of the Digital Reactor Safety System, the Activities referenced in IEEE Std. 1074-1997 are mapped onto the hybrid model. The SLCP is established after the available OPAs (Organizational Process Asset) are applied to the SLC Activities, and the known constraints are reconciled. The established SLCP describes well the software life cycle activities with which the Regulatory Authority provides.

  11. Development methodology for the software life cycle process of the safety software

    International Nuclear Information System (INIS)

    Kim, D. H.; Lee, S. S.; Cha, K. H.; Lee, C. S.; Kwon, K. C.; Han, H. B.

    2002-01-01

    A methodology for developing software life cycle processes (SLCP) is proposed to develop the digital safety-critical Engineered Safety Features - Component Control System (ESF-CCS) successfully. A software life cycle model is selected as the hybrid model mixed with waterfall, prototyping, and spiral models and is composed of two stages , development stages of prototype of ESF-CCS and ESF-CCS. To produce the software life cycle (SLC) for the Development of the Digital Reactor Safety System, the Activities referenced in IEEE Std. 1074-1997 are mapped onto the hybrid model. The SLCP is established after the available OPAs (Organizational Process Asset) are applied to the SLC Activities, and the known constraints are reconciled. The established SLCP describes well the software life cycle activities with which the Regulatory Authority provides

  12. Quantitative safety assessment of air traffic control systems through system control capacity

    Science.gov (United States)

    Guo, Jingjing

    Quantitative Safety Assessments (QSA) are essential to safety benefit verification and regulations of developmental changes in safety critical systems like the Air Traffic Control (ATC) systems. Effectiveness of the assessments is particularly desirable today in the safe implementations of revolutionary ATC overhauls like NextGen and SESAR. QSA of ATC systems are however challenged by system complexity and lack of accident data. Extending from the idea "safety is a control problem" in the literature, this research proposes to assess system safety from the control perspective, through quantifying a system's "control capacity". A system's safety performance correlates to this "control capacity" in the control of "safety critical processes". To examine this idea in QSA of the ATC systems, a Control-capacity Based Safety Assessment Framework (CBSAF) is developed which includes two control capacity metrics and a procedural method. The two metrics are Probabilistic System Control-capacity (PSC) and Temporal System Control-capacity (TSC); each addresses an aspect of a system's control capacity. And the procedural method consists three general stages: I) identification of safety critical processes, II) development of system control models and III) evaluation of system control capacity. The CBSAF was tested in two case studies. The first one assesses an en-route collision avoidance scenario and compares three hypothetical configurations. The CBSAF was able to capture the uncoordinated behavior between two means of control, as was observed in a historic midair collision accident. The second case study compares CBSAF with an existing risk based QSA method in assessing the safety benefits of introducing a runway incursion alert system. Similar conclusions are reached between the two methods, while the CBSAF has the advantage of simplicity and provides a new control-based perspective and interpretation to the assessments. The case studies are intended to investigate the

  13. Cognitive systems engineering analysis of the JCO criticality accident

    International Nuclear Information System (INIS)

    Tanabe, Fumiya; Yamaguchi, Yukichi

    2000-01-01

    The JCO Criticality Accident is analyzed with a framework based on cognitive systems engineering. With the framework, analysis is conducted integrally both from the system viewpoint and actors viewpoint. The occupational chemical risk was important as safety constraint for the actors as well as the nuclear risk, which is due to criticality accident, to the public and to actors. The inappropriate actor's mental model of the work system played a critical role and several factors (e.g. poor training and education, lack of information on criticality safety control in the procedures and instructions, and lack of warning signs at workplace) contributed to form and shape the mental model. Based on the analysis, several countermeasures, such as warning signs, information system for supporting actors and improved training and education, are derived to prevent such an accident. (author)

  14. Use of a web site to enhance criticality safety training

    International Nuclear Information System (INIS)

    Huang, Song T.; Morman, James A.

    2003-01-01

    Establishment of the NCSP (Nuclear Criticality Safety Program) website represents one attempt by the NCS (Nuclear Criticality Safety) community to meet the need to enhance communication and disseminate NCS information to a wider audience. With the aging work force in this important technical field, there is a common recognition of the need to capture the corporate knowledge of these people and provide an easily accessible, web-based training opportunity to those people just entering the field of criticality safety. A multimedia-based site can provide a wide range of possibilities for criticality safety training. Training modules could range from simple text-based material, similar to the NCSET (Nuclear Criticality Safety Engineer Training) modules, to interactive web-based training classes, to video lecture series. For example, the Los Alamos National Laboratory video series of interviews with pioneers of criticality safety could easily be incorporated into training modules. Obviously, the development of such a program depends largely upon the need and participation of experts who share the same vision and enthusiasm of training the next generation of criticality safety engineers. The NCSP website is just one example of the potential benefits that web-based training can offer. You are encouraged to browse the NCSP website at http://ncsp.llnl.gov. We solicit your ideas in the training of future NCS engineers and welcome your participation with us in developing future multimedia training modules. (author)

  15. From Safety Critical Java Programs to Timed Process Models

    DEFF Research Database (Denmark)

    Thomsen, Bent; Luckow, Kasper Søe; Thomsen, Lone Leth

    2015-01-01

    frameworks, we have in recent years pursued an agenda of translating hard-real-time embedded safety critical programs written in the Safety Critical Java Profile [33] into networks of timed automata [4] and subjecting those to automated analysis using the UPPAAL model checker [10]. Several tools have been...... built and the tools have been used to analyse a number of systems for properties such as worst case execution time, schedulability and energy optimization [12–14,19,34,36,38]. In this paper we will elaborate on the theoretical underpinning of the translation from Java programs to timed automata models...... and briefly summarize some of the results based on this translation. Furthermore, we discuss future work, especially relations to the work in [16,24] as Java recently has adopted first class higher order functions in the form of lambda abstractions....

  16. The Development, Content, Design, and Conduct of the 2011 Piloted US DOE Nuclear Criticality Safety Program Criticality Safety Engineering Training and Education Project

    International Nuclear Information System (INIS)

    Hopper, Calvin Mitchell

    2011-01-01

    In May 1973 the University of New Mexico conducted the first nationwide criticality safety training and education week-long short course for nuclear criticality safety engineers. Subsequent to that course, the Los Alamos Critical Experiments Facility (LACEF) developed very successful 'hands-on' subcritical and critical training programs for operators, supervisors, and engineering staff. Since the inception of the US Department of Energy (DOE) Nuclear Criticality Technology and Safety Project (NCT and SP) in 1983, the DOE has stimulated contractor facilities and laboratories to collaborate in the furthering of nuclear criticality as a discipline. That effort included the education and training of nuclear criticality safety engineers (NCSEs). In 1985 a textbook was written that established a path toward formalizing education and training for NCSEs. Though the NCT and SP went through a brief hiatus from 1990 to 1992, other DOE-supported programs were evolving to the benefit of NCSE training and education. In 1993 the DOE established a Nuclear Criticality Safety Program (NCSP) and undertook a comprehensive development effort to expand the extant LACEF 'hands-on' course specifically for the education and training of NCSEs. That successful education and training was interrupted in 2006 for the closing of the LACEF and the accompanying movement of materials and critical experiment machines to the Nevada Test Site. Prior to that closing, the Lawrence Livermore National Laboratory (LLNL) was commissioned by the US DOE NCSP to establish an independent hands-on NCSE subcritical education and training course. The course provided an interim transition for the establishment of a reinvigorated and expanded two-week NCSE education and training program in 2011. The 2011 piloted two-week course was coordinated by the Oak Ridge National Laboratory (ORNL) and jointly conducted by the Los Alamos National Laboratory (LANL) classroom education and facility training, the Sandia National

  17. Present status of Japanese Criticality Safety Handbook

    International Nuclear Information System (INIS)

    Okuno, Hiroshi

    1999-01-01

    A draft of the second edition of Nuclear Criticality Safety Handbook has been finalized, and it is under examination by reviewing committee for JAERI Report. Working Group designated for revising the Japanese Criticality Safety Handbook, which is chaired by Prof. Yamane, is now preparing for 'Guide on Burnup Credit for Storage and Transport of Spent Nuclear Fuel' and second edition of 'Data Collection' part of Handbook. Activities related to revising the Handbook might give a hint for a future experiment at STACY. (author)

  18. Utilization of the MCNP-3A code for criticality safety analysis

    International Nuclear Information System (INIS)

    Maragni, M.G.; Moreira, J.M.L.

    1996-01-01

    In the last decade, Brazil started to operate facilities for processing and storing uranium in different forms. The necessity of criticality safety analysis appeared in the design phase of the uranium pilot process plants and also in the licensing of transportation and storage of fissile materials. The 2-MW research reactor and the Angra I power plant also required criticality safety assessments because their spent-fuel storage was approaching full-capacity utilization. The criticality safety analysis in Brazil has been based on KENO IV code calculations, which present some difficulties for correct geometry representation. The MCNP-3A code is not reported to be used frequently for criticality safety analysis in Brazil, but its good geometry representation makes it a possible tool for treating problems of complex geometry. A set of benchmark tests was performed to verify its applicability for criticality safety analysis in Brazil. This paper presents several benchmark tests aimed at selecting a set of options available in the MCNP-3A code that would be adequate for criticality safety analysis. The MCNP-3A code is also compared with the KENO-IV code regarding its performance for criticality safety analysis

  19. The International Criticality Safety Benchmark Evaluation Project (ICSBEP)

    International Nuclear Information System (INIS)

    Briggs, J.B.

    2003-01-01

    The International Criticality Safety Benchmark Evaluation Project (ICSBEP) was initiated in 1992 by the United States Department of Energy. The ICSBEP became an official activity of the Organisation for Economic Cooperation and Development (OECD) - Nuclear Energy Agency (NEA) in 1995. Representatives from the United States, United Kingdom, France, Japan, the Russian Federation, Hungary, Republic of Korea, Slovenia, Yugoslavia, Kazakhstan, Israel, Spain, and Brazil are now participating. The purpose of the ICSBEP is to identify, evaluate, verify, and formally document a comprehensive and internationally peer-reviewed set of criticality safety benchmark data. The work of the ICSBEP is published as an OECD handbook entitled 'International Handbook of Evaluated Criticality Safety Benchmark Experiments.' The 2003 Edition of the Handbook contains benchmark model specifications for 3070 critical or subcritical configurations that are intended for validating computer codes that calculate effective neutron multiplication and for testing basic nuclear data. (author)

  20. V and V based Fault Estimation Method for Safety-Critical Software using BNs

    International Nuclear Information System (INIS)

    Eom, Heung Seop; Park, Gee Yong; Jang, Seung Cheol; Kang, Hyun Gook

    2011-01-01

    Quantitative software reliability measurement approaches have severe limitations in demonstrating the proper level of reliability for safety-critical software. These limitations can be overcome by using some other means of assessment. One of the promising candidates is based on the quality of the software development. Particularly in the nuclear industry, regulatory bodies in most countries do not accept the concept of quantitative goals as a sole means of meeting their regulations for the reliability of digital computers in NPPs, and use deterministic criteria for both hardware and software. The point of deterministic criteria is to assess the whole development process and its related activities during the software development life cycle for the acceptance of safety-critical software, and software V and V plays an important role in this process. In this light, we studied a V and V based fault estimation method using Bayesian Nets (BNs) to assess the reliability of safety-critical software, especially reactor protection system software in a NPP. The BNs in the study were made for an estimation of software faults and were based on the V and V frame, which governs the development of safety-critical software in the nuclear field. A case study was carried out for a reactor protection system that was developed as a part of the Korea Nuclear Instrumentation and Control System. The insight from the case study is that some important factors affecting the fault number of the target software include the residual faults in the system specification, maximum number of faults introduced in the development phase, ratio between process/function characteristic, uncertainty sizing, and fault elimination rate by inspection activities

  1. Fission, critical mass and safety-a historical review

    International Nuclear Information System (INIS)

    Meggitt, Geoff

    2006-01-01

    Since the discovery of fission, the notion of a chain reaction in a critical mass releasing massive amounts of energy has haunted physicists. The possibility of a bomb or a reactor prompted much of the early work on determining a critical mass, but the need to avoid an accidental critical excursion during processing or transport of fissile material drove much that took place subsequently. Because of the variety of possible situations that might arise, it took some time to develop adequate theoretical tools for criticality safety and the early assessments were based on direct experiment. Some extension of these experiments to closely similar situations proved possible, but it was not until the 1960s that theoretical methods (and computers to run them) developed enough for them to become reliable assessment tools. Validating such theoretical methods remained a concern, but by the end of the century they formed the backbone of criticality safety assessment. This paper traces the evolution of these methods, principally in the UK and USA, and summarises some related work concerned with the nature of criticality accidents and their radiological consequences. It also indicates how the results have been communicated and used in ensuring nuclear safety. (review)

  2. USAEC Controls for Nuclear Criticality Safety

    Energy Technology Data Exchange (ETDEWEB)

    McCluggage, W. C. [Division of Operational Safety, United States Atomic Energy Commission Washington, DC (United States)

    1966-05-15

    This is a paper written to provide a broad general view of the United States Atomic Energy Commission's controls for nuclear criticality safety within its own facilities. Included also is a brief' discussion of the USAEC's methods of obtaining assurance that the controls are being applied. The body of the document contains three sections. The first two describe the functions of the USAEC; the third deals with the contractors. The provisions of the Atomic Energy Act applicable to health and safety are discussed in relation to nuclear criticality safety. The use of United States Atomic Energy Commission manual chapters and Federal regulations is described. The functions of the USAEC Headquarters' offices and the operations offices are briefly outlined. Comments regarding the USAEC's inspection, auditing and appraisal programmes are included. Also briefly mentioned are the basic qualifications which must be met to become a contractor to possess and process or use fissionable materials. On the plant, factory or facility level the duties and responsibilities of industrial management are briefly outlined. The fundamental standards and their origin, together with the principal documents and guides are mentioned. The chief methods of control used by contractors operating large USAEC facilities and plants are described and compared. These include diagrams of how a typical nuclear criticality safety problem is handled from inception, design, construction and finally plant operation. Also included is a brief discussion of the contractors' methods of assuring strict employee compliance with the operating rules and limits. (author)

  3. Consensus standards utilized and implemented for nuclear criticality safety in Japan

    International Nuclear Information System (INIS)

    Nomura, Yasushi; Okuno, Hiroshi; Naito, Yoshitaka

    1996-01-01

    The fundamental framework for the criticality safety of nuclear fuel facilities regulations is, in many advanced countries, generally formulated so that technical standards or handbook data are utilized to support the licensing safety review and to implement its guidelines. In Japan also, adequacy of the safety design of nuclear fuel facilities is checked and reviewed on the basis of licensing safety review guides. These guides are, first, open-quotes The Basic Guides for Licensing Safety Review of Nuclear Fuel Facilities,close quotes and as its subsidiaries, open-quotes The Uranium Fuel Fabrication Facility Licensing Safety Review Guidesclose quotes and open-quotes The Reprocessing Facility Licensing Safety Review Guides.close quotes The open-quotes Nuclear Criticality Safety Handbook close-quote of Japan and the Technical Data Collection are published and utilized to supply related data and information for the licensing safety review, such as for the Rokkasho reprocessing plant. The well-established technical standards and data abroad such as those by the American Nuclear Society and the American National Standards Institute are also utilized to complement the standards in Japan. The basic principles of criticality safety control for nuclear fuel facilities in Japan are duly stipulated in the aforementioned basic guides as follows: 1. Guide 10: Criticality control for a single unit; 2. Guide 11: Criticality control for multiple units; 3. Guide 12: Consideration for a criticality accident

  4. Optimal task mapping in safety-critical real-time parallel systems

    International Nuclear Information System (INIS)

    Aussagues, Ch.

    1998-01-01

    This PhD thesis is dealing with the correct design of safety-critical real-time parallel systems. Such systems constitutes a fundamental part of high-performance systems for command and control that can be found in the nuclear domain or more generally in parallel embedded systems. The verification of their temporal correctness is the core of this thesis. our contribution is mainly in the following three points: the analysis and extension of a programming model for such real-time parallel systems; the proposal of an original method based on a new operator of synchronized product of state machines task-graphs; the validation of the approach by its implementation and evaluation. The work addresses particularly the main problem of optimal task mapping on a parallel architecture, such that the temporal constraints are globally guaranteed, i.e. the timeliness property is valid. The results incorporate also optimally criteria for the sizing and correct dimensioning of a parallel system, for instance in the number of processing elements. These criteria are connected with operational constraints of the application domain. Our approach is based on the off-line analysis of the feasibility of the deadline-driven dynamic scheduling that is used to schedule tasks inside one processor. This leads us to define the synchronized-product, a system of linear, constraints is automatically generated and then allows to calculate a maximum load of a group of tasks and then to verify their timeliness constraints. The communications, their timeliness verification and incorporation to the mapping problem is the second main contribution of this thesis. FInally, the global solving technique dealing with both task and communication aspects has been implemented and evaluated in the framework of the OASIS project in the LETI research center at the CEA/Saclay. (author)

  5. Nuclear criticality safety staff training and qualifications at Los Alamos National Laboratory

    International Nuclear Information System (INIS)

    Monahan, S.P.; McLaughlin, T.P.

    1997-01-01

    Operations involving significant quantities of fissile material have been conducted at Los Alamos National Laboratory continuously since 1943. Until the advent of the Laboratory's Nuclear Criticality Safety Committee (NCSC) in 1957, line management had sole responsibility for controlling criticality risks. From 1957 until 1961, the NCSC was the Laboratory body which promulgated policy guidance as well as some technical guidance for specific operations. In 1961 the Laboratory created the position of Nuclear Criticality Safety Office (in addition to the NCSC). In 1980, Laboratory management moved the Criticality Safety Officer (and one other LACEF staff member who, by that time, was also working nearly full-time on criticality safety issues) into the Health Division office. Later that same year the Criticality Safety Group, H-6 (at that time) was created within H-Division, and staffed by these two individuals. The training and education of these individuals in the art of criticality safety was almost entirely self-regulated, depending heavily on technical interactions between each other, as well as NCSC, LACEF, operations, other facility, and broader criticality safety community personnel. Although the Los Alamos criticality safety group has grown both in size and formality of operations since 1980, the basic philosophy that a criticality specialist must be developed through mentoring and self motivation remains the same. Formally, this philosophy has been captured in an internal policy, document ''Conduct of Business in the Nuclear Criticality Safety Group.'' There are no short cuts or substitutes in the development of a criticality safety specialist. A person must have a self-motivated personality, excellent communications skills, a thorough understanding of the principals of neutron physics, a safety-conscious and helpful attitude, a good perspective of real risk, as well as a detailed understanding of process operations and credible upsets

  6. Safety Review related to Commercial Grade Digital Equipment in Safety System

    International Nuclear Information System (INIS)

    Yu, Yeongjin; Park, Hyunshin; Yu, Yeongjin; Lee, Jaeheung

    2013-01-01

    The upgrades or replacement of I and C systems on safety system typically involve digital equipment developed in accordance with non-nuclear standards. However, the use of commercial grade digital equipment could include the vulnerability for software common-mode failure, electromagnetic interference and unanticipated problems. Although guidelines and standards for dedication methods of commercial grade digital equipment are provided, there are some difficulties to apply the methods to commercial grade digital equipment for safety system. This paper focuses on regulatory guidelines and relevant documents for commercial grade digital equipment and presents safety review experiences related to commercial grade digital equipment in safety system. This paper focuses on KINS regulatory guides and relevant documents for dedication of commercial grade digital equipment and presents safety review experiences related to commercial grade digital equipment in safety system. Dedication including critical characteristics is required to use the commercial grade digital equipment on safety system in accordance with KEPIC ENB 6370 and EPRI TR-106439. The dedication process should be controlled in a configuration management process. Appropriate methods, criteria and evaluation result should be provided to verify acceptability of the commercial digital equipment used for safety function

  7. Hybridized Kibble-Zurek scaling in the driven critical dynamics across an overlapping critical region

    Science.gov (United States)

    Zhai, Liang-Jun; Wang, Huai-Yu; Yin, Shuai

    2018-04-01

    The conventional Kibble-Zurek scaling describes the scaling behavior in the driven dynamics across a single critical region. In this paper, we study the driven dynamics across an overlapping critical region, in which a critical region (Region A) is overlaid by another critical region (Region B). We develop a hybridized Kibble-Zurek scaling (HKZS) to characterize the scaling behavior in the driven process. According to the HKZS, the driven dynamics in the overlapping region can be described by the critical theories for both Region A and Region B simultaneously. This results in a constraint on the scaling function in the overlapping critical region. We take the quantum Ising chain in an imaginary longitudinal field as an example. In this model, the critical region of the Yang-Lee edge singularity and the critical region of the ferromagnetic-paramagnetic phase transition overlap with each other. We numerically confirm the HKZS by simulating the driven dynamics in this overlapping critical region. The HKZSs in other models are also discussed.

  8. Safety implications of control systems

    International Nuclear Information System (INIS)

    Smith, O.L.

    1983-01-01

    The Safety Implications of Control Systems Program has three major activities in support of USI-A47. The first task is a failure mode and effects analysis of all plant systems which may potentially induce control system disturbance that have safety implications. This task has made a preliminary study of overfill events and recommended cases for further analysis on the hybrid simulator. Work continues on overcooling and undercooling. A detailed investigation of electric power network is in progress. LERs are providing guidance on important failure modes that will provide initial conditions for further simulator studies. The simulator taks is generating a detailed model of the control system supported by appropriate neutronics, hydraulics, and thermodynamics submodels of all other principal plant components. The simulator is in the last stages of development. Checkout calculations are in progress to establish model stability, robustness, and qualitative credibility. Verification against benchmark codes and plant data will follow

  9. Proceedings of the first annual Nuclear Criticality Safety Technology Project

    International Nuclear Information System (INIS)

    Rutherford, D.A.

    1994-09-01

    This document represents the published proceedings of the first annual Nuclear Criticality Safety Technology Project (NCSTP) Workshop, which took place May 12--14, 1992, in Gaithersburg, Md. The conference consisted of four sessions, each dealing with a specific aspect of nuclear criticality safety issues. The session titles were ''Criticality Code Development, Usage, and Validation,'' ''Experimental Needs, Facilities, and Measurements,'' ''Regulation, Compliance, and Their Effects on Nuclear Criticality Technology and Safety,'' and ''The Nuclear Criticality Community Response to the USDOE Regulations and Compliance Directives.'' The conference also sponsored a Working Group session, a report of the NCSTP Working Group is also presented. Individual papers have been cataloged separately

  10. Nuclear criticality safety aspects of gaseous uranium hexafluoride (UF6) in the diffusion cascade

    International Nuclear Information System (INIS)

    Huffer, J.E.

    1997-04-01

    This paper determines the nuclear safety of gaseous UF 6 in the current Gaseous Diffusion Cascade and auxiliary systems. The actual plant safety system settings for pressure trip points are used to determine the maximum amount of HF moderation in the process gas, as well as the corresponding atomic number densities. These inputs are used in KENO V.a criticality safety models which are sized to the actual plant equipment. The ENO V.a calculation results confirm nuclear safety of gaseous UF 6 in plant operations

  11. Failure Mode and Effect Analysis of the Application Software of the Safety-critical I and C System in APR1400

    Energy Technology Data Exchange (ETDEWEB)

    Kim, Koheun; Kim, Yong geul; Choi, Woong seok; Sohn, Se do [KEPCO Engineering and Construction, Daejeon (Korea, Republic of)

    2016-10-15

    In APR1400, the computer software hazard analysis is performed by hazard and operability analysis (HAZOP) method. Meanwhile, HAZOP has its limitation and cannot be considered better than fault tree analysis (FTA) or failure mode and effect (FMEA) analysis. HAZOP assumes that the system has been carefully studied, and all possible hazards, their effects or consequences and remedies are incorporated in the system. But incorporating every possible event in the design is impossible. In this light, this paper attempts to use FMEA method for evaluating the risk for safety-critical instrumentation and control (I and C) system software for NPP which is more practically than HAZOP. It is possible because the software failures are due to systematic faults that causing simultaneous failure in multiple division when the triggering event happens. This analysis is applied to safety-critical system of Shin-Hanul units 1 and 2 NPP, i.e., APR1400. Through SFMEA, the critical software failure modes and tasks that could result in CCF are identified and also evaluated to determine the associated risk level (e.g. high or intermediate or low) based on the failure effect. Biggest benefit from this analysis comparing with HAZOP is it can reveal the possible weak points and provide the guidance to the V and V team by helping to generate the test cases.

  12. Nuclear Criticality Safety Organization qualification program. Revision 4

    International Nuclear Information System (INIS)

    Carroll, K.J.; Taylor, R.G.; Worley, C.A.

    1997-01-01

    The Nuclear Criticality Safety Organization (NCSO) is committed to developing and maintaining a staff of highly qualified personnel to meet the current and anticipated needs in Nuclear Criticality Safety (NCS) at the Oak Ridge Y-12 Plant. This document defines the Qualification Program to address the NCSO technical and managerial qualification as required by the Y-12 Training Implementation Matrix (TIM). It is implemented through a combination of LMES plant-wide training courses and professional nuclear criticality safety training provided within the organization. This Qualification Program is applicable to technical and managerial NCSO personnel, including temporary personnel, sub-contractors and/or LMES employees on loan to the NCSO, who perform the NCS tasks or serve NCS-related positions as defined in sections 5 and 6 of this program

  13. Nuclear criticality safety specialist training and qualification programs

    International Nuclear Information System (INIS)

    Hopper, C.M.

    1993-01-01

    Since the beginning of the Nuclear Criticality Safety Division of the American Nuclear Society (ANS) in 1967, the nuclear criticality safety (NCS) community has sought to provide an exchange of information at a national level to facilitate the education and development of NCS specialists. In addition, individual criticality safety organizations within government contractor and licensed commercial nonreactor facilities have developed training and qualification programs for their NCS specialists. However, there has been substantial variability in the content and quality of these program requirements and personnel qualifications, at least as measured within the government contractor community. The purpose of this paper is to provide a brief, general history of staff training and to describe the current direction and focus of US DOE guidance for the content of training and qualification programs designed to develop NCS specialists

  14. Quantitative risk assessment of digitalized safety systems

    Energy Technology Data Exchange (ETDEWEB)

    Shin, Sung Min; Lee, Sang Hun; Kang, Hym Gook [KAIST, Daejeon (Korea, Republic of); Lee, Seung Jun [UNIST, Ulasn (Korea, Republic of)

    2016-05-15

    A report published by the U.S. National Research Council indicates that appropriate methods for assessing reliability are key to establishing the acceptability of digital instrumentation and control (I and C) systems in safety-critical plants such as NPPs. Since the release of this issue, the methodology for the probabilistic safety assessment (PSA) of digital I and C systems has been studied. However, there is still no widely accepted method. Kang and Sung found three critical factors for safety assessment of digital systems: detection coverage of fault-tolerant techniques, software reliability quantification, and network communication risk. In reality the various factors composing digitalized I and C systems are not independent of each other but rather closely connected. Thus, from a macro point of view, a method that can integrate risk factors with different characteristics needs to be considered together with the micro approaches to address the challenges facing each factor.

  15. Hybrid robotic systems for upper limb rehabilitation after stroke: A review.

    Science.gov (United States)

    Resquín, Francisco; Cuesta Gómez, Alicia; Gonzalez-Vargas, Jose; Brunetti, Fernando; Torricelli, Diego; Molina Rueda, Francisco; Cano de la Cuerda, Roberto; Miangolarra, Juan Carlos; Pons, José Luis

    2016-11-01

    In recent years the combined use of functional electrical stimulation (FES) and robotic devices, called hybrid robotic rehabilitation systems, has emerged as a promising approach for rehabilitation of lower and upper limb motor functions. This paper presents a review of the state of the art of current hybrid robotic solutions for upper limb rehabilitation after stroke. For this aim, studies have been selected through a search using web databases: IEEE-Xplore, Scopus and PubMed. A total of 10 different hybrid robotic systems were identified, and they are presented in this paper. Selected systems are critically compared considering their technological components and aspects that form part of the hybrid robotic solution, the proposed control strategies that have been implemented, as well as the current technological challenges in this topic. Additionally, we will present and discuss the corresponding evidences on the effectiveness of these hybrid robotic therapies. The review also discusses the future trends in this field. Copyright © 2016 IPEM. Published by Elsevier Ltd. All rights reserved.

  16. Evaluation for nuclear safety-critical software reliability of DCS

    International Nuclear Information System (INIS)

    Liu Ying

    2015-01-01

    With the development of control and information technology at NPPs, software reliability is important because software failure is usually considered as one form of common cause failures in Digital I and C Systems (DCS). The reliability analysis of DCS, particularly qualitative and quantitative evaluation on the nuclear safety-critical software reliability belongs to a great challenge. To solve this problem, not only comprehensive evaluation model and stage evaluation models are built in this paper, but also prediction and sensibility analysis are given to the models. It can make besement for evaluating the reliability and safety of DCS. (author)

  17. HYBRID VEHICLE CONTROL SYSTEM

    Directory of Open Access Journals (Sweden)

    V. Dvadnenko

    2016-06-01

    Full Text Available The hybrid vehicle control system includes a start–stop system for an internal combustion engine. The system works in a hybrid mode and normal vehicle operation. To simplify the start–stop system, there were user new possibilities of a hybrid car, which appeared after the conversion. Results of the circuit design of the proposed system of basic blocks are analyzed.

  18. Model checking of safety-critical software in the nuclear engineering domain

    International Nuclear Information System (INIS)

    Lahtinen, J.; Valkonen, J.; Björkman, K.; Frits, J.; Niemelä, I.; Heljanko, K.

    2012-01-01

    Instrumentation and control (I and C) systems play a vital role in the operation of safety-critical processes. Digital programmable logic controllers (PLC) enable sophisticated control tasks which sets high requirements for system validation and verification methods. Testing and simulation have an important role in the overall verification of a system but are not suitable for comprehensive evaluation because only a limited number of system behaviors can be analyzed due to time limitations. Testing is also performed too late in the development lifecycle and thus the correction of design errors is expensive. This paper discusses the role of formal methods in software development in the area of nuclear engineering. It puts forward model checking, a computer-aided formal method for verifying the correctness of a system design model, as a promising approach to system verification. The main contribution of the paper is the development of systematic methodology for modeling safety critical systems in the nuclear domain. Two case studies are reviewed, in which we have found errors that were previously not detected. We also discuss the actions that should be taken in order to increase confidence in the model checking process.

  19. Status, plans, and capabilities of the Nuclear Criticality Information System

    International Nuclear Information System (INIS)

    Koponen, B.L.

    1984-01-01

    The Nuclear Criticality Information System (NCIS), in preparation since 1981, has substantially evolved and now contains a growing number of resources pertinent to nuclear criticality safety. These resources include bibliographic compilations, experimental data, communications media, and the International Directory of Nuclear Criticality Safety Personnel. These resources are part of the LLNL Technology Information System (TIS) which provides the host computer for NCIS. The TIS provides nationwide access to authorized members of the nuclear criticality community via interactive dial-up from computer terminals that utilize communication facilities such as commercial and federal telephone networks, toll-free WATS lines, TYMNET, and the ARPANET/MILNET computer network

  20. Administrative practices for nuclear criticality safety, ANSI/ANS-8.19-1996

    International Nuclear Information System (INIS)

    Smith, D.R.

    1996-01-01

    American National Standard, open-quotes Administrative Practices for Nuclear Criticality Safety,close quotes American National Standards Institute/American Nuclear Society (ANSI/ANS)-8.19-1996, addresses the responsibilities of management, supervision, and the criticality safety staff in the administration of an effective criticality safety program. Characteristics of operating procedures, process evaluations, material control procedures, and emergency plans are discussed

  1. Nuclear criticality safety. Chapter 0530 of AEC manual

    International Nuclear Information System (INIS)

    2006-01-01

    The programme objectives of this chapter of the U.S. Atomic Energy Commission manual on nuclear criticality safety are to protect the health and safety of the public and of the government and contractor personnel working in plants that handle fissionable material and to protect public and private property from the consequences of a criticality accident occurring in AEC-owned plants and other AEC-contracted activities involving fissionable materials

  2. Nuclear critical safety analysis for UX-30 transport of freight package

    International Nuclear Information System (INIS)

    Quan Yanhui; Zhou Qi; Yin Shenggui

    2014-01-01

    The nuclear critical safety analysis and evaluation for UX-30 transport freight package in the natural condition and accident condition were carried out with MONK-9A code and MCNP code. Firstly, the critical benchmark experiment data of public in international were selected, and the deflection and subcritical limiting value with MONK-9A code and MCNP code in calculating same material form were validated and confirmed. Secondly, the neutron efficiency multiplication factors in the natural condition and accident condition were calculated and analyzed, and the safety in transport process was evaluated by taking conservative suppose of nuclear critical safety. The calculation results show that the max value of k eff for UX-30 transport freight package is less than the subcritical limiting value, and the UX-30 transport freight package is in the state of subcritical safety. Moreover, the critical safety index (CSI) for UX-30 package can define zero based on the definition of critical safety index. (authors)

  3. Criticality safety engineer training at WSRC

    International Nuclear Information System (INIS)

    Williamson, T.G.; Mincey, J.F.

    1993-01-01

    Two programs designed to prepare engineers for certification as criticality safety engineers are offered at Westinghouse Savannah River Company (WSRC). One program, Student On Loan Criticality Engineer Training (SOLCET), is an intensive 2-yr course involving lectures, rigorous problem assignments, and mentoring. The other program, In-Field Criticality Engineer Training (IN-FIELD), is a less intensive series of lectures and problem assignments. Both courses are conducted by members of the Applied Physics Group (APG) of the Savannah River Technical Center, the organization at WSRC responsible for the operation and maintenance of criticality codes and for training of code users

  4. Impact of Fuel Failure on Criticality Safety of Used Nuclear Fuel

    International Nuclear Information System (INIS)

    Marshall, William J.; Wagner, John C.

    2012-01-01

    Commercial used nuclear fuel (UNF) in the United States is expected to remain in storage for considerably longer periods than originally intended (e.g., 45 GWd/t) may increase the potential for fuel failure during normal and accident conditions involving storage and transportation. Fuel failure, depending on the severity, can result in changes to the geometric configuration of the fuel, which has safety and regulatory implications. The likelihood and extent of fuel reconfiguration and its impact on the safety of the UNF is not well understood. The objective of this work is to assess and quantify the impact of fuel reconfiguration due to fuel failure on criticality safety of UNF in storage and transportation casks. This effort is primarily motivated by concerns related to the potential for fuel degradation during ES periods and transportation following ES. The criticality analyses consider representative UNF designs and cask systems and a range of fuel enrichments, burnups, and cooling times. The various failed-fuel configurations considered are designed to bound the anticipated effects of individual rod and general cladding failure, fuel rod deformation, loss of neutron absorber materials, degradation of canister internals, and gross assembly failure. The results quantify the potential impact on criticality safety associated with fuel reconfiguration and may be used to guide future research, design, and regulatory activities. Although it can be concluded that the criticality safety impacts of fuel reconfiguration during transportation subsequent to ES are manageable, the results indicate that certain configurations can result in a large increase in the effective neutron multiplication factor, k eff . Future work to inform decision making relative to which configurations are credible, and therefore need to be considered in a safety evaluation, is recommended.

  5. X-real-time executive (X-RTE) an ultra-high reliable real-time executive for safety critical systems

    International Nuclear Information System (INIS)

    Suresh Babu, R.M.

    1995-01-01

    With growing number of application of computers in safety critical systems of nuclear plants there has been a need to assure high quality and reliability of the software used in these systems. One way to assure software quality is to use qualified software components. Since the safety systems and control systems are real-time systems there is a need for a real-time supervisory software to guarantee temporal response of the system. This report describes one such software package, called X-Real-Time Executive (or X-RTE), which was developed in Reactor Control Division, BARC. The report describes all the capabilities and unique features of X-RTE and compares it with a commercially available operating system. The features of X-RTE include pre-emptive scheduling, process synchronization, inter-process communication, multi-processor support, temporal support, debug facility, high portability, high reliability, high quality, and extensive documentation. Examples have been used very liberally to illustrate the underlying concepts. Besides, the report provides a brief description about the methods used, during the software development, to assure high quality and reliability of X-RTE. (author). refs., 11 figs., tabs

  6. The LOFA analysis of fusion-fission hybrid reactor

    International Nuclear Information System (INIS)

    Yu, Z.-C.; Xie, H.

    2014-01-01

    The fusion-fission hybrid energy reactor can produce energy, breed nuclear fuel, and handle the nuclear waste, etc, with the fusion neutron source striking the subcritical blanket. The passive safety system, consisting of passive residual heat removal system, passive safety injection system and automatic depressurization system, was adopted into the fusion-fission hybrid energy reactor in this paper. Modeling and nodalization of primary loop, passive core cooling system and partial secondary loop of the fusion-fission hybrid energy reactor using RELAP5 were conducted and LOFA (Loss of Flow Accident) was analyzed. The results of key transient parameters indicated that the PRHRs could mitigate the accidental consequence of LOFA effectively. It is also concluded that it is feasible to apply the passive safety system concept to fusion-fission hybrid energy reactor. (author)

  7. CANISTER HANDLING FACILITY CRITICALITY SAFETY CALCULATIONS

    International Nuclear Information System (INIS)

    C.E. Sanders

    2005-01-01

    This design calculation revises and updates the previous criticality evaluation for the canister handling, transfer and staging operations to be performed in the Canister Handling Facility (CHF) documented in BSC [Bechtel SAIC Company] 2004 [DIRS 167614]. The purpose of the calculation is to demonstrate that the handling operations of canisters performed in the CHF meet the nuclear criticality safety design criteria specified in the ''Project Design Criteria (PDC) Document'' (BSC 2004 [DIRS 171599], Section 4.9.2.2), the nuclear facility safety requirement in ''Project Requirements Document'' (Canori and Leitner 2003 [DIRS 166275], p. 4-206), the functional/operational nuclear safety requirement in the ''Project Functional and Operational Requirements'' document (Curry 2004 [DIRS 170557], p. 75), and the functional nuclear criticality safety requirements described in the ''Canister Handling Facility Description Document'' (BSC 2004 [DIRS 168992], Sections 3.1.1.3.4.13 and 3.2.3). Specific scope of work contained in this activity consists of updating the Category 1 and 2 event sequence evaluations as identified in the ''Categorization of Event Sequences for License Application'' (BSC 2004 [DIRS 167268], Section 7). The CHF is limited in throughput capacity to handling sealed U.S. Department of Energy (DOE) spent nuclear fuel (SNF) and high-level radioactive waste (HLW) canisters, defense high-level radioactive waste (DHLW), naval canisters, multicanister overpacks (MCOs), vertical dual-purpose canisters (DPCs), and multipurpose canisters (MPCs) (if and when they become available) (BSC 2004 [DIRS 168992], p. 1-1). It should be noted that the design and safety analyses of the naval canisters are the responsibility of the U.S. Department of the Navy (Naval Nuclear Propulsion Program) and will not be included in this document. In addition, this calculation is valid for the current design of the CHF and may not reflect the ongoing design evolution of the facility

  8. Criticality Safety Basics for INL Emergency Responders

    Energy Technology Data Exchange (ETDEWEB)

    Valerie L. Putman

    2012-08-01

    This document is a modular self-study guide about criticality safety principles for Idaho National Laboratory emergency responders. This guide provides basic criticality safety information for people who, in response to an emergency, might enter an area that contains much fissionable (or fissile) material. The information should help responders understand unique factors that might be important in responding to a criticality accident or in preventing a criticality accident while responding to a different emergency.

    This study guide specifically supplements web-based training for firefighters (0INL1226) and includes information for other Idaho National Laboratory first responders. However, the guide audience also includes other first responders such as radiological control personnel.

    For interested readers, this guide includes clearly marked additional information that will not be included on tests. The additional information includes historical examples (Been there. Done that.), as well as facts and more in-depth information (Did you know …).

    INL criticality safety personnel revise this guide as needed to reflect program changes, user requests, and better information. Revision 0, issued May 2007, established the basic text. Revision 1 incorporates operation, program, and training changes implemented since 2007. Revision 1 increases focus on first responders because later responders are more likely to have more assistance and guidance from facility personnel and subject matter experts. Revision 1 also completely reorganized the training to better emphasize physical concepts behind the criticality controls that help keep emergency responders safe. The changes are based on and consistent with changes made to course 0INL1226.

  9. Criticality safety analysis for plutonium dissolver using silver mediated electrolytic oxidation method

    International Nuclear Information System (INIS)

    Umeda, Miki; Sugikawa, Susumu; Nakamura, Kazuhito; Egashira, Tetsurou

    1998-08-01

    Design and construction of a plutonium dissolver using silver mediated electrolytic oxidation method are promoted in NUCEF. Criticality safety analysis for the plutonium dissolver is described in this report. The electrolytic plutonium dissolver consists of connection pipes and three pots for MOX powder supply, circulation and electrolysis. The criticality control for the dissolver is made by geometrically safe shape with mass limitation. Monte Carlo code KENO-IV using MGCL-137 library based on ENDF/B-IV was used for the criticality safety analysis for the plutonium dissolver. Considering the required size for construction and criticality safety, diameter of pot and distance between two pots were determined. On this condition, the criticality safety analysis for the plutonium dissolver with connection pipes was carried out. As the result of the criticality safety analysis, an effective neutron multiplication factor keff of 0.91 was obtained and the criticality safety of the plutonium dissolver was confirmed on the basis of criteria of ≤0.95. (author)

  10. Nuclear Criticality Technology and Safety Project parameter study database

    International Nuclear Information System (INIS)

    Toffer, H.; Erickson, D.G.; Samuel, T.J.; Pearson, J.S.

    1993-03-01

    A computerized, knowledge-screened, comprehensive database of the nuclear criticality safety documentation has been assembled as part of the Nuclear Criticality Technology and Safety (NCTS) Project. The database is focused on nuclear criticality parameter studies. The database has been computerized using dBASE III Plus and can be used on a personal computer or a workstation. More than 1300 documents have been reviewed by nuclear criticality specialists over the last 5 years to produce over 800 database entries. Nuclear criticality specialists will be able to access the database and retrieve information about topical parameter studies, authors, and chronology. The database places the accumulated knowledge in the nuclear criticality area over the last 50 years at the fingertips of a criticality analyst

  11. Failure Modes Effects and Criticality Analysis, an Underutilized Safety, Reliability, Project Management and Systems Engineering Tool

    Science.gov (United States)

    Mullin, Daniel Richard

    2013-09-01

    The majority of space programs whether manned or unmanned for science or exploration require that a Failure Modes Effects and Criticality Analysis (FMECA) be performed as part of their safety and reliability activities. This comes as no surprise given that FMECAs have been an integral part of the reliability engineer's toolkit since the 1950s. The reasons for performing a FMECA are well known including fleshing out system single point failures, system hazards and critical components and functions. However, in the author's ten years' experience as a space systems safety and reliability engineer, findings demonstrate that the FMECA is often performed as an afterthought, simply to meet contract deliverable requirements and is often started long after the system requirements allocation and preliminary design have been completed. There are also important qualitative and quantitative components often missing which can provide useful data to all of project stakeholders. These include; probability of occurrence, probability of detection, time to effect and time to detect and, finally, the Risk Priority Number. This is unfortunate as the FMECA is a powerful system design tool that when used effectively, can help optimize system function while minimizing the risk of failure. When performed as early as possible in conjunction with writing the top level system requirements, the FMECA can provide instant feedback on the viability of the requirements while providing a valuable sanity check early in the design process. It can indicate which areas of the system will require redundancy and which areas are inherently the most risky from the onset. Based on historical and practical examples, it is this author's contention that FMECAs are an immense source of important information for all involved stakeholders in a given project and can provide several benefits including, efficient project management with respect to cost and schedule, system engineering and requirements management

  12. Hybrid2 - The hybrid power system simulation model

    Energy Technology Data Exchange (ETDEWEB)

    Baring-Gould, E.I.; Green, H.J.; Dijk, V.A.P. van [National Renewable Energy Lab., Golden, CO (United States); Manwell, J.F. [Univ. of Massachusetts, Amherst, MA (United States)

    1996-12-31

    There is a large-scale need and desire for energy in remote communities, especially in the developing world; however the lack of a user friendly, flexible performance prediction model for hybrid power systems incorporating renewables hindered the analysis of hybrids as options to conventional solutions. A user friendly model was needed with the versatility to simulate the many system locations, widely varying hardware configurations, and differing control options for potential hybrid power systems. To meet these ends, researchers from the National Renewable Energy Laboratory (NREL) and the University of Massachusetts (UMass) developed the Hybrid2 software. This paper provides an overview of the capabilities, features, and functionality of the Hybrid2 code, discusses its validation and future plans. Model availability and technical support provided to Hybrid2 users are also discussed. 12 refs., 3 figs., 4 tabs.

  13. Safety analysis on tokamak helium cooling slab fuel fusion-fission hybrid reactor

    International Nuclear Information System (INIS)

    Wei Renjie; Jian Hongbing

    1992-01-01

    The thermal analyses for steady state, depressurization and total loss of flow in the tokamak helium cooling slab fuel element fusion-fission hybrid reactor are presented. The design parameters, computed results of HYBRID program and safety evaluation for conception design are given. After all, it gives some recommendations for developing the design

  14. System Design and the Safety Basis

    International Nuclear Information System (INIS)

    Ellingson, Darrel

    2008-01-01

    The objective of this paper is to present the Bechtel Jacobs Company, LLC (BJC) Lessons Learned for system design as it relates to safety basis documentation. BJC has had to reconcile incomplete or outdated system description information with current facility safety basis for a number of situations in recent months. This paper has relevance in multiple topical areas including documented safety analysis, decontamination and decommissioning (D and D), safety basis (SB) implementation, safety and design integration, potential inadequacy of the safety analysis (PISA), technical safety requirements (TSR), and unreviewed safety questions. BJC learned that nuclear safety compliance relies on adequate and well documented system design information. A number of PIS As and TSR violations occurred due to inadequate or erroneous system design information. As a corrective action, BJC assessed the occurrences caused by systems design-safety basis interface problems. Safety systems reviewed included the Molten Salt Reactor Experiment (MSRE) Fluorination System, K-1065 fire alarm system, and the K-25 Radiation Criticality Accident Alarm System. The conclusion was that an inadequate knowledge of system design could result in continuous non-compliance issues relating to nuclear safety. This was especially true with older facilities that lacked current as-built drawings coupled with the loss of 'historical knowledge' as personnel retired or moved on in their careers. Walkdown of systems and the updating of drawings are imperative for nuclear safety compliance. System design integration with safety basis has relevance in the Department of Energy (DOE) complex. This paper presents the BJC Lessons Learned in this area. It will be of benefit to DOE contractors that manage and operate an aging population of nuclear facilities

  15. A study on the quantitative evaluation of the reliability for safety critical software using Bayesian belief nets

    International Nuclear Information System (INIS)

    Eom, H. S.; Jang, S. C.; Ha, J. J.

    2003-01-01

    Despite the efforts to avoid undesirable risks, or at least to bring them under control in the world, new risks that are highly difficult to manage continue to emerge from the use of new technologies, such as the use of digital instrumentation and control (I and C) components in nuclear power plant. Whenever new risk issues came out by now, we have endeavored to find the most effective ways to reduce risks, or to allocate limited resources to do this. One of the major challenges is the reliability analysis of safety-critical software associated with digital safety systems. Though many activities such as testing, verification and validation (V and V) techniques have been carried out in the design stage of software, however, the process of quantitatively evaluating the reliability of safety-critical software has not yet been developed because of the irrelevance of the conventional software reliability techniques to apply for the digital safety systems. This paper focuses on the applicability of Bayesian Belief Net (BBN) techniques to quantitatively estimate the reliability of safety-critical software adopted in digital safety system. In this paper, a typical BBN model was constructed using the dedication process of the Commercial-Off-The-Shelf (COTS) installed by KAERI. In conclusion, the adoption of BBN technique can facilitate the process of evaluating the safety-critical software reliability in nuclear power plant, as well as provide very useful information (e.g., 'what if' analysis) associated with software reliability in the viewpoint of practicality

  16. New hybrid systems

    International Nuclear Information System (INIS)

    Bernardin, B.

    2001-01-01

    New hybrid systems are made up of a subcritical core, a spallation target and a proton accelerator. The neutrons that are produced in the target by the flux of protons are necessary to maintain the chain reaction of fission. Some parameters that are important for a classical nuclear reactor like doppler coefficient or delayed neutron fraction do not matter in a hybrid system. In a PWR-type reactor or in a fast reactor the concentration of actinides has a bad impact on these 2 parameters, so it is justified to study hybrid systems as actinide transmuters. The hybrid system, because of its external source of neutrons can put aside an important reactivity margin. This reactivity margin can be used to design safer nuclear reactors (particularly in some situations of reactivity accidents) or to irradiate fuel elements containing high concentrations of minor actinides that could not be allowed in a classical reactor. This article reviews various ways of integrating hybrid systems in a population of already existing nuclear reactors in order to manage quantities of plutonium, of minor actinides or of long-life fission products. (A.C.)

  17. Selecting an Architecture for a Safety-Critical Distributed Computer System with Power, Weight and Cost Considerations

    Science.gov (United States)

    Torres-Pomales, Wilfredo

    2014-01-01

    This report presents an example of the application of multi-criteria decision analysis to the selection of an architecture for a safety-critical distributed computer system. The design problem includes constraints on minimum system availability and integrity, and the decision is based on the optimal balance of power, weight and cost. The analysis process includes the generation of alternative architectures, evaluation of individual decision criteria, and the selection of an alternative based on overall value. In this example presented here, iterative application of the quantitative evaluation process made it possible to deliberately generate an alternative architecture that is superior to all others regardless of the relative importance of cost.

  18. Review of criticality safety and shielding analysis issues for transportation packages

    International Nuclear Information System (INIS)

    Parks, C.V.; Broadhead, B.L.

    1995-01-01

    The staff of the Nuclear Engineering Applications Section (NEAS) at Oak Ridge National Laboratory (ORNL) have been involved for over 25 years with the development and application of computational tools for use in analyzing the criticality safety and shielding features of transportation packages carrying radioactive material (RAM). The majority of the computational tools developed by ORNL/NEAS have been included within the SCALE modular code system (SCALE 1995). This code system has been used throughout the world for the evaluation of nuclear facility and package designs. With this development and application experience as a basis, this paper highlights a number of criticality safety and shielding analysis issues that confront the designer and reviewer of a new RAM package. Changes in the types and quantities of material that need to be shipped will keep these issues before the technical community and provide challenges to future package design and certification

  19. Verification and testing of the RTOS for safety-critical embedded systems

    Energy Technology Data Exchange (ETDEWEB)

    Lee, Na Young [Seoul National University, Seoul (Korea, Republic of); Kim, Jin Hyun; Choi, Jin Young [Korea University, Seoul (Korea, Republic of); Sung, Ah Young; Choi, Byung Ju [Ewha Womans University, Seoul (Korea, Republic of); Lee, Jang Soo [KAERI, Taejon (Korea, Republic of)

    2003-07-01

    Development in Instrumentation and Control (I and C) technology provides more convenience and better performance, thus, adopted in many fields. To adopt newly developed technology, nuclear industry requires rigorous V and V procedure and tests to assure reliable operation. Adoption of digital system requires verification and testing of the OS for licensing. Commercial real-time operating system (RTOS) is targeted to apply to various, unpredictable needs, which makes it difficult to verify. For this reason, simple, application-oriented realtime OS is developed for the nuclear application. In this work, we show how to verify the developed RTOS at each development lifecycle. Commercial formal tool is used in specification and verification of the system. Based on the developed model, software in C language is automatically generated. Tests are performed for two purposes; one is to identify consistency between the verified model and the generated code, the other is to find errors in the generated code. The former assumes that the verified model is correct, and the latter incorrect. Test data are generated separately to satisfy each purpose. After we test the RTOS software, we implement the test board embedded with the developed RTOS and the application software, which simulates the safety critical plant protection function. Testing to identify whether the reliability criteria is satisfied or not is also designed in this work. It results in that the developed RTOS software works well when it is embedded in the system.

  20. Verification and testing of the RTOS for safety-critical embedded systems

    International Nuclear Information System (INIS)

    Lee, Na Young; Kim, Jin Hyun; Choi, Jin Young; Sung, Ah Young; Choi, Byung Ju; Lee, Jang Soo

    2003-01-01

    Development in Instrumentation and Control (I and C) technology provides more convenience and better performance, thus, adopted in many fields. To adopt newly developed technology, nuclear industry requires rigorous V and V procedure and tests to assure reliable operation. Adoption of digital system requires verification and testing of the OS for licensing. Commercial real-time operating system (RTOS) is targeted to apply to various, unpredictable needs, which makes it difficult to verify. For this reason, simple, application-oriented realtime OS is developed for the nuclear application. In this work, we show how to verify the developed RTOS at each development lifecycle. Commercial formal tool is used in specification and verification of the system. Based on the developed model, software in C language is automatically generated. Tests are performed for two purposes; one is to identify consistency between the verified model and the generated code, the other is to find errors in the generated code. The former assumes that the verified model is correct, and the latter incorrect. Test data are generated separately to satisfy each purpose. After we test the RTOS software, we implement the test board embedded with the developed RTOS and the application software, which simulates the safety critical plant protection function. Testing to identify whether the reliability criteria is satisfied or not is also designed in this work. It results in that the developed RTOS software works well when it is embedded in the system

  1. Formal methods and their applicability in the development of safety critical software systems

    International Nuclear Information System (INIS)

    Sievertsen, T.

    1995-01-01

    The OECD Halden Reactor Project has for a number of years been involved in the development and application of a formal software specification and development method based on algebraic specification and the HRP Prover. In parallel to this activity the Project has been evaluating and comparing different methods and approaches to formal software development by their application on realistic case examples. Recent work has demonstrated that algebraic specification and the HRP Prover can be used both in the specification and design of a software system, even down to a concrete model which can be translated into the chosen implementation language. The HRP Prover is currently being used in a case study on the applicability of the methodology in the development of a power range monitoring system for a nuclear power plant. The presentation reviews some of the experiences drawn from the Project's research activities in this area, with special emphasis on questions relating to applicability and limitations, and the role of formal methods in the development of safety-critical software systems. (14 refs., 1 fig.)

  2. The evaluation of set of criticality parameters using scale system

    International Nuclear Information System (INIS)

    Abe, Alfredo; Sanchez, Andrea; Yamaguchi, Mistuo

    2009-01-01

    In evaluating the criticality safety of the nuclear fuel facility, it is important to apply a consistent methodology, which consider every aspects concerning various types of criticality parameters. Usually, the critical parameters are compiled and arranged into handbooks, and these handbooks are based on experience with nuclear facilities, experimental data from criticality safety research facilities, and theoretical studies performed using numerical simulations. Most of criticality safety evaluation can be addressed using the criticality parameters data directly from handbook, but some critical parameters for a specific chemical mixtures and/or enrichment are not be available. Consequently, not available parameters has to be evaluated. This work present the methodology to evaluate a set of critical parameters using SCALE system for various types of mixtures present at nuclear fuel cycle facilities for two different level of enrichment, the results are verified in the independent calculation using MCNP Monte Carlo Code. (author)

  3. Computational methods for nuclear criticality safety analysis

    International Nuclear Information System (INIS)

    Maragni, M.G.

    1992-01-01

    Nuclear criticality safety analyses require the utilization of methods which have been tested and verified against benchmarks results. In this work, criticality calculations based on the KENO-IV and MCNP codes are studied aiming the qualification of these methods at the IPEN-CNEN/SP and COPESP. The utilization of variance reduction techniques is important to reduce the computer execution time, and several of them are analysed. As practical example of the above methods, a criticality safety analysis for the storage tubes for irradiated fuel elements from the IEA-R1 research has been carried out. This analysis showed that the MCNP code is more adequate for problems with complex geometries, and the KENO-IV code shows conservative results when it is not used the generalized geometry option. (author)

  4. Uranium systems to enhance benchmarks for use in the verification of criticality safety computer models. Final report, February 16, 1990--December 31, 1994

    International Nuclear Information System (INIS)

    Busch, R.D.

    1995-01-01

    Dr. Robert Busch of the Department of Chemical and Nuclear Engineering was the principal investigator on this project with technical direction provided by the staff in the Nuclear Criticality Safety Group at Los Alamos. During the period of the contract, he had a number of graduate and undergraduate students working on subtasks. The objective of this work was to develop information on uranium systems to enhance benchmarks for use in the verification of criticality safety computer models. During the first year of this project, most of the work was focused on setting up the SUN SPARC-1 Workstation and acquiring the literature which described the critical experiments. By august 1990, the Workstation was operational with the current version of TWODANT loaded on the system. MCNP, version 4 tape was made available from Los Alamos late in 1990. Various documents were acquired which provide the initial descriptions of the critical experiments under consideration as benchmarks. The next four years were spent working on various benchmark projects. A number of publications and presentations were made on this material. These are briefly discussed in this report

  5. Multiprocessor Priority Ceiling Emulation for Safety-Critical Java

    DEFF Research Database (Denmark)

    Strøm, Torur Biskopstø; Schoeberl, Martin

    2015-01-01

    Priority ceiling emulation has preferable properties on uniprocessor systems, such as avoiding priority inversion and being deadlock free. This has made it a popular locking protocol. According to the safety-critical Java specication, priority ceiling emulation is a requirement for implementations....... However, implementing the protocol for multiprocessor systemsis more complex so implementations might perform worse than non-preemptive implementations. In this paper we compare two multiprocessor lock implementations with hardware support for the Java optimized processor: non-preemptive locking...

  6. A hybrid energy efficient building ventilation system

    International Nuclear Information System (INIS)

    Calay, Rajnish Kaur; Wang, Wen Chung

    2013-01-01

    The present paper presents a high performance cooling/heating ventilation system using a rotary heat exchanger (RHE), together with a reverse-cycle heat pump (RCHP) that can be integrated with various heat sources. Energy consumption in the building sector is largely dominated by the energy consumed in maintaining comfortable conditions indoors. For example in many developed countries the building heating, ventilation and air conditioning (HVAC) systems consume up to 50% of the total energy consumed in buildings. Therefore energy efficient HVAC solutions in buildings are critical for realising CO 2 targets at local and global level. There are many heating/cooling concepts that rely upon renewable energy sources and/or use natural low temperature heat sources in the winter and heat sinks in the summer. In the proposed system, waste energy from the exhaust air stream is used to precondition the outdoor air before it is supplied into the building. The hybrid system provides heating in the winter and cooling in the summer without any need for additional heating or cooling devices as required in conventional systems. Its performance is better than a typical reheat or air conditioning system in providing the same indoor air quality (IAQ) levels. It is shown that an energy saving up to 60% (heat energy) is achieved by using the proposed hybrid system in building ventilation applications. -- Highlights: • Hybrid ventilation system: the hybrid ventilation system uses a rotating regenerator and a reversible heat pump. • Heat recovery: heat recovery from exhaust air stream by rotary wheel type heat exchanger. • Reversible cycle heat pump (RCHP): additional heating or cooling of the supply air is provided by the RCHP. • Energy efficiency: energy savings of up to 60% using the proposed system are achievable

  7. Safety-critical Java with cyclic executives on chip-multiprocessors

    DEFF Research Database (Denmark)

    Ravn, Anders P.; Schoeberl, Martin

    2012-01-01

    Chip-multiprocessors offer increased processing power at a low cost. However, in order to use them for real-time systems, tasks have to be scheduled efficiently and predictably. It is well known that finding optimal schedules is a computationally hard problem. In this paper we present a solution ...... for multiprocessors, we have implemented it in the context of safety-critical Java on a Java processor....

  8. Concepts and techniques: Active electronics and computers in safety-critical accelerator operation

    International Nuclear Information System (INIS)

    Frankel, R.S.

    1995-01-01

    The Relativistic Heavy Ion Collider (RHIC) under construction at Brookhaven National Laboratory, requires an extensive Access Control System to protect personnel from Radiation, Oxygen Deficiency and Electrical hazards. In addition, the complicated nature of operation of the Collider as part of a complex of other Accelerators necessitates the use of active electronic measurement circuitry to ensure compliance with established Operational Safety Limits. Solutions were devised which permit the use of modern computer and interconnections technology for Safety-Critical applications, while preserving and enhancing, tried and proven protection methods. In addition a set of Guidelines, regarding required performance for Accelerator Safety Systems and a Handbook of design criteria and rules were developed to assist future system designers and to provide a framework for internal review and regulation

  9. Concepts and techniques: Active electronics and computers in safety-critical accelerator operation

    Energy Technology Data Exchange (ETDEWEB)

    Frankel, R.S.

    1995-12-31

    The Relativistic Heavy Ion Collider (RHIC) under construction at Brookhaven National Laboratory, requires an extensive Access Control System to protect personnel from Radiation, Oxygen Deficiency and Electrical hazards. In addition, the complicated nature of operation of the Collider as part of a complex of other Accelerators necessitates the use of active electronic measurement circuitry to ensure compliance with established Operational Safety Limits. Solutions were devised which permit the use of modern computer and interconnections technology for Safety-Critical applications, while preserving and enhancing, tried and proven protection methods. In addition a set of Guidelines, regarding required performance for Accelerator Safety Systems and a Handbook of design criteria and rules were developed to assist future system designers and to provide a framework for internal review and regulation.

  10. Vibration control of bridges and buildings hybrid system. Kyoryoter dot tatemono no shindo seigyo hybrid hoshiki

    Energy Technology Data Exchange (ETDEWEB)

    Tanida, K. (Ishikawajima-Harima Heavy Industries Co. Ltd., Tokyo (Japan))

    1991-11-15

    Multistory buildings, suspension bridges, and cable stayed bridges tend to become huge, and technology of controlling their vibration caused by strong winds and earthquakes is becoming an important subject for study. A description is made on a hybrid system which is a combination of the conventional passive system and active system, having merits of both of the systems. Verification test made using a model and an example of application to an actual bridge are introduced. This hybrid control system has been applied to the main tower of the cable stayed bridge on Route 12 of the Tokyo expressway. It is installed and in operation on the top of the tower to improve the workability, and can decrease the vibration of the tower caused by vortical excitation produced during the construction of the main tower. With the hybrid system, the actuator capacity can be reduced to about 1/5 for the similar damping performance to that of the active system with the same mass ratio. In addition, the weight of the equipment can be nearly halved in comparison with the passive system. Moreover, it has such a high safety characteristic as being used as a passive system when power supply is cut off because the controlling force of the system is smaller as compared with the active system. 2 refs., 11 figs.

  11. Criticality safety benchmark evaluation project: Recovering the past

    Energy Technology Data Exchange (ETDEWEB)

    Trumble, E.F.

    1997-06-01

    A very brief summary of the Criticality Safety Benchmark Evaluation Project of the Westinghouse Savannah River Company is provided in this paper. The purpose of the project is to provide a source of evaluated criticality safety experiments in an easily usable format. Another project goal is to search for any experiments that may have been lost or contain discrepancies, and to determine if they can be used. Results of evaluated experiments are being published as US DOE handbooks.

  12. Requirement analysis of the safety-critical software implementation for the nuclear power plant

    International Nuclear Information System (INIS)

    Chang, Hoon Seon; Jung, Jae Cheon; Kim, Jae Hack; Nam, Sang Ku; Kim, Hang Bae

    2005-01-01

    The safety critical software shall be implemented under the strict regulation and standards along with hardware qualification. In general, the safety critical software has been implemented using functional block language (FBL) and structured language like C in the real project. Software design shall comply with such characteristics as; modularity, simplicity, minimizing the use of sub-routine, and excluding the interrupt logic. To meet these prerequisites, we used the computer-aided software engineering (CASE) tool to substantiate the requirements traceability matrix that were manually developed using Word processors or Spreadsheets. And the coding standard and manual have been developed to confirm the quality of software development process, such as; readability, consistency, and maintainability in compliance with NUREG/CR-6463. System level preliminary hazard analysis (PHA) is performed by analyzing preliminary safety analysis report (PSAR) and FMEA document. The modularity concept is effectively implemented for the overall module configurations and functions using RTP software development tool. The response time imposed on the basis of the deterministic structure of the safety-critical software was measured

  13. The Criticality Safety Information Resource Center (CSIRC) at Los Alamos National Laboratory

    International Nuclear Information System (INIS)

    Henderson, B.D.; Meade, R.A.; Pruvost, N.L.

    1999-01-01

    The Criticality Safety Information Resource Center (CSIRC) at Los Alamos National Laboratory (LANL) is a program jointly funded by the U.S. Department of Energy (DOE) and the U.S. Nuclear Regulatory Commission (NRC) in conjunction with the Defense Nuclear Facilities Safety Board (DNFSB) Recommendation 97-2. The goal of CSIRC is to preserve primary criticality safety documentation from U.S. critical experimental sites and to make this information available for the benefit of the technical community. Progress in archiving criticality safety primary documents at the LANL archives as well as efforts to make this information available to researchers are discussed. The CSIRC project has a natural linkage to the International Criticality Safety Benchmark Evaluation Project (ICSBEP). This paper raises the possibility that the CSIRC project will evolve in a fashion similar to the ICSBEP. Exploring the implications of linking the CSIRC to the international criticality safety community is the motivation for this paper

  14. Consequences of Fuel Failure on Criticality Safety of Used Nuclear Fuel

    International Nuclear Information System (INIS)

    Marshall, William J.; Wagner, John C.

    2012-09-01

    This report documents work performed for the Department of Energy's Office of Nuclear Energy (DOENE) Fuel Cycle Technologies Used Fuel Disposition Campaign to assess the impact of fuel reconfiguration due to fuel failure on the criticality safety of used nuclear fuel (UNF) in storage and transportation casks. This work was motivated by concerns related to the potential for fuel degradation during extended storage (ES) periods and transportation following ES, but has relevance to other potential causes of fuel reconfiguration. Commercial UNF in the United States is expected to remain in storage for longer periods than originally intended. Extended storage time and irradiation of nuclear fuel to high-burnup values (>45 GWd/t) may increase the potential for fuel failure during normal and accident conditions involving storage and transportation. Fuel failure, depending on the severity, can result in changes to the geometric configuration of the fuel, which has safety and regulatory implications for virtually all aspects of a UNF storage and transport system's performance. The potential impact of fuel reconfiguration on the safety of UNF in storage and transportation is dependent on the likelihood and extent of the fuel reconfiguration, which is not well understood and is currently an active area of research. The objective of this work is to assess and quantify the impact of postulated failed fuel configurations on the criticality safety of UNF in storage and transportation casks. Although this work is motivated by the potential for fuel degradation during ES periods and transportation following ES, it has relevance to fuel reconfiguration due to the effects of high burnup. Regardless of the ultimate disposition path, UNF will need to be transported at some point in the future. To investigate and quantify the impact of fuel reconfiguration on criticality safety limits, which are given in terms of the effective neutron multiplication factor, a set of failed fuel

  15. Definition and means of maintaining the criticality detectors and alarms portion of the PFP safety envelope

    Energy Technology Data Exchange (ETDEWEB)

    White, W.F.

    1997-05-13

    The purpose of this document is to provide the definition and means of maintaining the Safety Envelope (SE) related to the Criticality Alarm System (CAS). This document provides amplification of the Limiting Condition for Operation (LCO) described in the Plutonium Finishing Plant (PFP) Operational Safety Requirements (OSR), WHC-SD-CP-OSR-010, Rev. 0, 1994, Section 3.1.2, Criticality Detectors and Alarms. This document, with its appendices, provides the following: (1) System functional requirements for determining system operability (Section 3); (2) A list of annotated system block diagrams which indicate the safety envelope boundaries (Appendix C); (3) A list of the Safety Class 1 and 2 Safety Envelope (SC-1/2 SE) equipment for input into the Master Component Index (Appendix B); (4) Functional requirements for individual SC-1/2 SE components, including appropriate setpoints and process parameters (Section 6 and Appendix A); (5) A list of the operational, maintenance and surveillance procedures necessary to operate and maintain the SC-1/2 SE components as required by the LCO (Section 6 and Appendix A).

  16. Definition and means of maintaining the criticality detectors and alarms portion of the PFP safety envelope

    International Nuclear Information System (INIS)

    White, W.F.

    1997-01-01

    The purpose of this document is to provide the definition and means of maintaining the Safety Envelope (SE) related to the Criticality Alarm System (CAS). This document provides amplification of the Limiting Condition for Operation (LCO) described in the Plutonium Finishing Plant (PFP) Operational Safety Requirements (OSR), WHC-SD-CP-OSR-010, Rev. 0, 1994, Section 3.1.2, Criticality Detectors and Alarms. This document, with its appendices, provides the following: (1) System functional requirements for determining system operability (Section 3); (2) A list of annotated system block diagrams which indicate the safety envelope boundaries (Appendix C); (3) A list of the Safety Class 1 and 2 Safety Envelope (SC-1/2 SE) equipment for input into the Master Component Index (Appendix B); (4) Functional requirements for individual SC-1/2 SE components, including appropriate setpoints and process parameters (Section 6 and Appendix A); (5) A list of the operational, maintenance and surveillance procedures necessary to operate and maintain the SC-1/2 SE components as required by the LCO (Section 6 and Appendix A)

  17. Risk assessment of safety data link and network communication in digital safety feature control system of nuclear power plant

    International Nuclear Information System (INIS)

    Lee, Sang Hun; Son, Kwang Seop; Jung, Wondea; Kang, Hyun Gook

    2017-01-01

    Highlights: • Safety data communication risk assessment framework and quantitative scheme were proposed. • Fault-tree model of ESFAS unavailability due to safety data communication failure was developed. • Safety data link and network risk were assessed based on various ESF-CCS design specifications. • The effect of fault-tolerant algorithm reliability of safety data network on ESFAS unavailability was assessed. - Abstract: As one of the safety-critical systems in nuclear power plants (NPPs), the Engineered Safety Feature-Component Control System (ESF-CCS) employs safety data link and network communication for the transmission of safety component actuation signals from the group controllers to loop controllers to effectively accommodate various safety-critical field controllers. Since data communication failure risk in the ESF-CCS has yet to be fully quantified, the ESF-CCS employing data communication systems have not been applied in NPPs. This study therefore developed a fault tree model to assess the data link and data network failure-induced unavailability of a system function used to generate an automated control signal for accident mitigation equipment. The current aim is to provide risk information regarding data communication failure in a digital safety feature control system in consideration of interconnection between controllers and the fault-tolerant algorithm implemented in the target system. Based on the developed fault tree model, case studies were performed to quantitatively assess the unavailability of ESF-CCS signal generation due to data link and network failure and its risk effect on safety signal generation failure. This study is expected to provide insight into the risk assessment of safety-critical data communication in a digitalized NPP instrumentation and control system.

  18. Critical Incident Reporting Systems: Perceived Competing Social ...

    African Journals Online (AJOL)

    The safe operation of complex socio-technical systems is dependent upon the reporting of safety critical incidents by operators within a system. Through the action of reporting, systems develop the capability as a learning organisation to improve human and organisational performance. The aim of the study is therefore to ...

  19. Declarative Rule-based Safety for Robotic Perception Systems

    DEFF Research Database (Denmark)

    Mogensen, Johann Thor Ingibergsson; Kraft, Dirk; Schultz, Ulrik Pagh

    2017-01-01

    Mobile robots are used across many domains from personal care to agriculture. Working in dynamic open-ended environments puts high constraints on the robot perception system, which is critical for the safety of the system as a whole. To achieve the required safety levels the perception system needs...... to be certified, but no specific standards exist for computer vision systems, and the concept of safe vision systems remains largely unexplored. In this paper we present a novel domain-specific language that allows the programmer to express image quality detection rules for enforcing safety constraints...

  20. An experimental study on the thermal-hydraulic phenomena in the Hybrid Safety Injection Tank using a separate effect test facility

    International Nuclear Information System (INIS)

    Ryu, Sung Uk; Ryu, Hyobong; Park, Hyun-Sik; Yi, Sung-Jae

    2016-01-01

    Highlights: • The experimental study on the pressure balancing between the Hybrid SIT and PZR. • The effects of different variables affecting the pressure balancing are investigated. • A sensitivity analysis on the pressure variations of the Hybrid SIT. - Abstract: This paper reports an experimental research for investigating thermal hydraulic phenomena of Hybrid Safety Injection Tank (Hybrid SIT) using a separate effect test facility in Korea Atomic Energy Research Institute (KAERI). The Hybrid SIT is a passive safety injection system that enables the safety injection water to be injected into the reactor pressure vessel throughout all operating pressures by connecting the top of the SIT and the pressurizer (PZR). The separate effect test (SET) facility of Hybrid SIT, which is designed based on the APR+ power plant, comprises a PZR, Hybrid SIT, pressure balancing line (PBL), injection line (IL), nitrogen gas line, and refueling water tank (RWT). Furthermore, the pressure loss range of the SET facility was analyzed and compared with that of the reference nuclear power plant. In this research, a condition for balancing the pressure between the Hybrid SIT and PZR is examined and the effects of different variables affecting the pressure balancing, which are flow rate, injection velocity of steam and initial water level, are also investigated. The condition for balancing the pressure between the Hybrid SIT and PZR was derived theoretically from a pressure network for the Hybrid SIT, pressurizer, and reactor pressure vessel. Additionally, a sensitivity analysis as a theoretical approach was conducted on the pressure variations in relation to the rate of steam condensation inside the Hybrid SIT. The results showed that pressure of the Hybrid SIT was predominantly determined by the rate of steam condensation. The results showed that if the rate of condensation increased or decreased by 10%, the Hybrid SIT pressure at the pressure balancing point decreased or

  1. CANISTER HANDLING FACILITY CRITICALITY SAFETY CALCULATIONS

    Energy Technology Data Exchange (ETDEWEB)

    C.E. Sanders

    2005-04-07

    This design calculation revises and updates the previous criticality evaluation for the canister handling, transfer and staging operations to be performed in the Canister Handling Facility (CHF) documented in BSC [Bechtel SAIC Company] 2004 [DIRS 167614]. The purpose of the calculation is to demonstrate that the handling operations of canisters performed in the CHF meet the nuclear criticality safety design criteria specified in the ''Project Design Criteria (PDC) Document'' (BSC 2004 [DIRS 171599], Section 4.9.2.2), the nuclear facility safety requirement in ''Project Requirements Document'' (Canori and Leitner 2003 [DIRS 166275], p. 4-206), the functional/operational nuclear safety requirement in the ''Project Functional and Operational Requirements'' document (Curry 2004 [DIRS 170557], p. 75), and the functional nuclear criticality safety requirements described in the ''Canister Handling Facility Description Document'' (BSC 2004 [DIRS 168992], Sections 3.1.1.3.4.13 and 3.2.3). Specific scope of work contained in this activity consists of updating the Category 1 and 2 event sequence evaluations as identified in the ''Categorization of Event Sequences for License Application'' (BSC 2004 [DIRS 167268], Section 7). The CHF is limited in throughput capacity to handling sealed U.S. Department of Energy (DOE) spent nuclear fuel (SNF) and high-level radioactive waste (HLW) canisters, defense high-level radioactive waste (DHLW), naval canisters, multicanister overpacks (MCOs), vertical dual-purpose canisters (DPCs), and multipurpose canisters (MPCs) (if and when they become available) (BSC 2004 [DIRS 168992], p. 1-1). It should be noted that the design and safety analyses of the naval canisters are the responsibility of the U.S. Department of the Navy (Naval Nuclear Propulsion Program) and will not be included in this document. In addition, this calculation is valid for

  2. Interaction between systems and software engineering in safety-critical systems

    International Nuclear Information System (INIS)

    Knight, J.

    1994-01-01

    There are three areas of concern: when is software to be considered safe; what, exactly, is the role of the software engineer; and how do systems, or sometimes applications, engineers and software engineers interact with each other. The author presents his perspective on these questions which he feels differ from those of many in the field. He argues for a clear definition of safety in the software arena, so the engineer knows what he is engineering toward. Software must be viewed as part of the entire system, since it does not function on its own, or isolation. He argues for the establishment of clear specifications in this area

  3. An Actuator Control Unit for Safety-Critical Mechatronic Applications with Embedded Energy Storage Backup

    Directory of Open Access Journals (Sweden)

    Sergio Saponara

    2016-03-01

    Full Text Available This paper presents an actuator control unit (ACU with a 450-J embedded energy storage backup to face safety critical mechatronic applications. The idea is to ensure full operation of electric actuators, even in the case of battery failure, by using supercapacitors as a local energy tank. Thanks to integrated switching converter circuitry, the supercapacitors provide the required voltage and current levels for the required time to guarantee actuator operation until the system enters into safety mode. Experimental results are presented for a target application related to the control of servomotors for a robotized prosthetic arm. Mechatronic devices for rehabilitation or assisted living of injured and/or elderly people are available today. In most cases, they are battery powered with lithium-based cells, providing high energy density and low weight, but at the expense of a reduced robustness compared to lead-acid- or nickel-based battery cells. The ACU of this work ensures full operation of the wearable robotized arm, controlled through acceleration and electromyography (EMG sensor signals, even in the case of battery failure, thanks to the embedded energy backup unit. To prove the configurability and scalability of the proposed solution, experimental results related to the electric actuation of the car door latch and of a robotized gearbox in vehicles are also shown. The reliability of the energy backup device has been assessed in a wide temperature range, from −40 to 130 °C, and in a durability test campaign of more than 10,000 cycles. Achieved results prove the suitability of the proposed approach for ACUs requiring a burst of power of hundreds of watts for only a few seconds in safety-critical applications. Alternatively, the aging and temperature characterizations of energy backup units is limited to supercapacitors of thousands of farads for high power applications (e.g., electric/hybrid propulsion and with a temperature range limited to

  4. The SCALE Web site: Resources for the worldwide nuclear criticality safety community

    International Nuclear Information System (INIS)

    Bowman, S.M.

    2000-01-01

    The Standardized Computer Analyses for Licensing Evaluations (SCALE) computer software system developed at Oak Ridge National Laboratory (ORNL) is widely used and accepted around the world for criticality safety analyses. SCALE includes the well-known KENO V.a and KENO VI three-dimensional Monte Carlo criticality computer codes. For several years, the SCALE staff at ORNL has maintained a Web site to provide information and support to sponsors and users in the worldwide criticality safety community. The SCALE WEB site is located at www.cped.ornl.gov/scale and provides information in the following areas: 1. important notices to users; 2. SCALE Users Electronic Notebook; 3. current and past issues of the SCALE Newsletter; 4. verification and validation (V and V) and benchmark reports; 5. download updates, utilities, and V and V input files; 6. SCALE training course information; 7. SCALE Manual on-line; 8. overview of SCALE system; 9. how to install and run SCALE; 10. SCALE quality assurance documents; and 11. nuclear resources on the Internet

  5. Magnetic Criticality Enhanced Hybrid Nanodiamond Thermometer under Ambient Conditions

    Science.gov (United States)

    Wang, Ning; Liu, Gang-Qin; Leong, Weng-Hang; Zeng, Hualing; Feng, Xi; Li, Si-Hong; Dolde, Florian; Fedder, Helmut; Wrachtrup, Jörg; Cui, Xiao-Dong; Yang, Sen; Li, Quan; Liu, Ren-Bao

    2018-01-01

    Nitrogen-vacancy (NV) centers in diamond are attractive as quantum sensors owing to their superb coherence under ambient conditions. However, the NV center spin resonances are relatively insensitive to some important parameters such as temperature and pressure. Here we design and experimentally demonstrate a hybrid nanothermometer composed of NV centers and a magnetic nanoparticle (MNP), in which the temperature sensitivity is enhanced by the critical magnetization of the MNP near the ferromagnetic-paramagnetic transition temperature. The temperature susceptibility of the NV center spin resonance reaches 14 MHz /K , nearly 200 times larger than that of bare NV centers. The sensitivity of a hybrid nanothermometer composed of a Cu1 -xNix MNP and a nanodiamond is measured to be 11 mK /√{Hz } under ambient conditions. The working range of the hybrid thermometer can be designed from cryogenic temperature to about 600 K by tuning the chemical composition of the Cu1 -xNix MNP. We demonstrate in situ detection of the magnetic phase transition of a single magnetic nanoparticle using the hybrid nanothermometer. This hybrid nanothermometer provides a novel approach to studying a broad range of thermal processes at nanoscales such as nanoplasmonics, heat-stimulated subcellular processes, and thermodynamics of nanosystems.

  6. Magnetic Criticality Enhanced Hybrid Nanodiamond Thermometer under Ambient Conditions

    Directory of Open Access Journals (Sweden)

    Ning Wang

    2018-03-01

    Full Text Available Nitrogen-vacancy (NV centers in diamond are attractive as quantum sensors owing to their superb coherence under ambient conditions. However, the NV center spin resonances are relatively insensitive to some important parameters such as temperature and pressure. Here we design and experimentally demonstrate a hybrid nanothermometer composed of NV centers and a magnetic nanoparticle (MNP, in which the temperature sensitivity is enhanced by the critical magnetization of the MNP near the ferromagnetic-paramagnetic transition temperature. The temperature susceptibility of the NV center spin resonance reaches 14  MHz/K, nearly 200 times larger than that of bare NV centers. The sensitivity of a hybrid nanothermometer composed of a Cu_{1-x}Ni_{x} MNP and a nanodiamond is measured to be 11  mK/sqrt[Hz] under ambient conditions. The working range of the hybrid thermometer can be designed from cryogenic temperature to about 600 K by tuning the chemical composition of the Cu_{1-x}Ni_{x} MNP. We demonstrate in situ detection of the magnetic phase transition of a single magnetic nanoparticle using the hybrid nanothermometer. This hybrid nanothermometer provides a novel approach to studying a broad range of thermal processes at nanoscales such as nanoplasmonics, heat-stimulated subcellular processes, and thermodynamics of nanosystems.

  7. Process management - critical safety issues with focus on risk management

    International Nuclear Information System (INIS)

    Sanne, Johan M.

    2005-12-01

    Organizational changes focused on process orientation are taking place among Swedish nuclear power plants, aiming at improving the operation. The Swedish Nuclear Power Inspectorate has identified a need for increased knowledge within the area for its regulatory activities. In order to analyze what process orientation imply for nuclear power plant safety a number of questions must be asked: 1. How is safety in nuclear power production created currently? What significance does the functional organization play? 2. How can organizational forms be analysed? What consequences does quality management have for work and for the enterprise? 3. Why should nuclear power plants be process oriented? Who are the customers and what are their customer values? Which customers are expected to contribute from process orientation? 4. What can one learn from process orientation in other safety critical systems? What is the effect on those features that currently create safety? 5. Could customer values increase for one customer without decreasing for other customers? What is the relationship between economic and safety interests from an increased process orientation? The deregulation of the electricity market have caused an interest in increased economic efficiency, which is the motivation for the interest in process orientation. among other means. It is the nuclear power plants' owners and the distributors (often the same corporations) that have the strongest interest in process orientation. If the functional organization and associated practices are decomposed, the prerequisites of the risk management regime changes, perhaps deteriorating its functionality. When nuclear power operators consider the introduction of process orientation, the Nuclear Power Inspectorate should require that 1. The operators perform a risk analysis beforehand concerning the potential consequences that process orientation might convey: the analysis should contain a model specifying how safety is currently

  8. Nuclear criticality safety aspects of gaseous uranium hexafluoride (UF{sub 6}) in the diffusion cascade

    Energy Technology Data Exchange (ETDEWEB)

    Huffer, J.E. [Parallax, Inc., Atlanta, GA (United States)

    1997-04-01

    This paper determines the nuclear safety of gaseous UF{sub 6} in the current Gaseous Diffusion Cascade and auxiliary systems. The actual plant safety system settings for pressure trip points are used to determine the maximum amount of HF moderation in the process gas, as well as the corresponding atomic number densities. These inputs are used in KENO V.a criticality safety models which are sized to the actual plant equipment. The ENO V.a calculation results confirm nuclear safety of gaseous UF{sub 6} in plant operations..

  9. Influence of safeguards and fire protection on criticality safety

    International Nuclear Information System (INIS)

    Six, D.E.

    1980-01-01

    There are several positive influences of safeguards and fire protection on criticality safety. Experts in each discipline must be aware of regulations and requirements of the others and work together to ensure a fault-tree design. EG and G Idaho, Inc., routinely uses an Occupancy-Use Readiness Manual to consider all aspects of criticality safety, fire protection, and safeguards. The use of the analytical tree is described

  10. International Handbook of Evaluated Criticality Safety Benchmark Experiments - ICSBEP (DVD), Version 2013

    International Nuclear Information System (INIS)

    2013-01-01

    The Criticality Safety Benchmark Evaluation Project (CSBEP) was initiated in October of 1992 by the United States Department of Energy. The project quickly became an international effort as scientists from other interested countries became involved. The International Criticality Safety Benchmark Evaluation Project (ICSBEP) became an official activity of the Organisation for Economic Co-operation and Development (OECD) Nuclear Energy Agency (NEA) in 1995. This handbook contains criticality safety benchmark specifications that have been derived from experiments performed at various nuclear critical experiment facilities around the world. The benchmark specifications are intended for use by criticality safety engineers to validate calculational techniques used to establish minimum subcritical margins for operations with fissile material and to determine criticality alarm requirement and placement. Many of the specifications are also useful for nuclear data testing. Example calculations are presented; however, these calculations do not constitute a validation of the codes or cross section data. The evaluated criticality safety benchmark data are given in nine volumes. These volumes span nearly 66,000 pages and contain 558 evaluations with benchmark specifications for 4,798 critical, near critical or subcritical configurations, 24 criticality alarm placement/shielding configurations with multiple dose points for each and 200 configurations that have been categorised as fundamental physics measurements that are relevant to criticality safety applications. New to the Handbook are benchmark specifications for Critical, Bare, HEU(93.2)- Metal Sphere experiments referred to as ORSphere that were performed by a team of experimenters at Oak Ridge National Laboratory in the early 1970's. A photograph of this assembly is shown on the front cover

  11. The adaptive safety analysis and monitoring system

    Science.gov (United States)

    Tu, Haiying; Allanach, Jeffrey; Singh, Satnam; Pattipati, Krishna R.; Willett, Peter

    2004-09-01

    The Adaptive Safety Analysis and Monitoring (ASAM) system is a hybrid model-based software tool for assisting intelligence analysts to identify terrorist threats, to predict possible evolution of the terrorist activities, and to suggest strategies for countering terrorism. The ASAM system provides a distributed processing structure for gathering, sharing, understanding, and using information to assess and predict terrorist network states. In combination with counter-terrorist network models, it can also suggest feasible actions to inhibit potential terrorist threats. In this paper, we will introduce the architecture of the ASAM system, and discuss the hybrid modeling approach embedded in it, viz., Hidden Markov Models (HMMs) to detect and provide soft evidence on the states of terrorist network nodes based on partial and imperfect observations, and Bayesian networks (BNs) to integrate soft evidence from multiple HMMs. The functionality of the ASAM system is illustrated by way of application to the Indian Airlines Hijacking, as modeled from open sources.

  12. Applications of PRA in nuclear criticality safety

    International Nuclear Information System (INIS)

    McLaughlin, T.P.

    1992-01-01

    Traditionally, criticality accident prevention at Los Alamos National Laboratory (LANL) has been based on a thorough review and understanding of proposed operations or changes to operations involving both process supervision and criticality safety staff. The outcome of this communication was usually an agreement, based on professional judgment, that certain accident sequences were credible and had to be precluded by design; others were incredible and thus did not warrant expenditures to further reduce their likelihood. The extent of documentation was generally in proportion to the complexity of the operation but never as detailed as that associated with quantified risk assessments. During the last 3 yr, nuclear criticality safety-related probabilistic risk assessments (PRAs) have been performed on operations in two LANL facilities. Both of these were conducted in order to better understand the cost/benefit aspects of PRAs as they apply to largely hands-on operations with fissile material

  13. Technical guide to criticality alarm system design

    International Nuclear Information System (INIS)

    Greenfield, B.

    2009-01-01

    An instructional manual was created to guide criticality safety engineers through the technical aspects of designing a criticality alarm system (CAS) for Dept. of Energy (DOE) hazard class 1 and 2 facilities. The manual was structured such that it can be used by engineers designing completely new systems and by those who are working with existing facilities. Major design tasks are thoroughly analyzed to provide concise direction for how to complete the analysis. Regulatory and technical performance requirements were both addressed. (authors)

  14. Instructional games and activities for criticality safety training

    International Nuclear Information System (INIS)

    Bullard, B.; McBride, J.

    1993-01-01

    During the past several years, the Training and Management Systems Division (TMSD) staff of Oak Ridge Institute for Science and Education (ORISE) has designed and developed nuclear criticality safety (NCS) training programs that focus on high trainee involvement through the use of instructional games and activities. This paper discusses the instructional game, initial considerations for developing games, advantages and limitations of games, and how games may be used in developing and implementing NCS training. It also provides examples of the various instructional games and activities used in separate courses designed for Martin Marietta Energy Systems (MMES's) supervisors and U.S. Nuclear Regulatory Commission (NRC) fuel facility inspectors

  15. A new technology perspective and engineering tools approach for large, complex and distributed mission and safety critical systems components

    Science.gov (United States)

    Carrio, Miguel A., Jr.

    1988-01-01

    Rapidly emerging technology and methodologies have out-paced the systems development processes' ability to use them effectively, if at all. At the same time, the tools used to build systems are becoming obsolescent themselves as a consequence of the same technology lag that plagues systems development. The net result is that systems development activities have not been able to take advantage of available technology and have become equally dependent on aging and ineffective computer-aided engineering tools. New methods and tools approaches are essential if the demands of non-stop and Mission and Safety Critical (MASC) components are to be met.

  16. Nuclear criticality safety evaluation of large cylinder cleaning operations in X-705, Portsmouth Gaseous diffusion Plant

    International Nuclear Information System (INIS)

    Sheaffer, M.K.; Keeton, S.C.; Lutz, H.F.

    1995-06-01

    This report evaluates nuclear criticality safety for large cylinder cleaning operations in the Decontamination and Recovery Facility, X-705, at the Portsmouth Gaseous Diffusion Plant. A general description of current cleaning procedures and required hardware/equipment is presented, and documentation for large cylinder cleaning operations is identified and described. Control parameters, design features, administrative controls, and safety systems relevant to nuclear criticality are discussed individually, followed by an overall assessment based on the Double Contingency Principle. Recommendations for enhanced safety are suggested, and issues for increased efficiency are presented

  17. Operation, Safety and Human: Critical Factors for the Success of Railway Transportation

    NARCIS (Netherlands)

    Rajabali Nejad, Mohammadreza; Martinetti, Alberto; van Dongen, Leonardus Adriana Maria

    2016-01-01

    This paper focuses on three categories of performance indicators for railway transportation: the excellence of operation, system safety and human factors. These are among the most critical indicators for delivering high quality services. This paper discusses the main issues, challenges and future

  18. Editorial: Hybrid Systems

    DEFF Research Database (Denmark)

    Olderog, Ernst-Rüdiger; Ravn, Anders Peter

    2007-01-01

    An introduction to three papers in a special issue on Hybrid Systems. These paper were first presented at an IFIP WG 2.2 meeting in Skagen 2005.......An introduction to three papers in a special issue on Hybrid Systems. These paper were first presented at an IFIP WG 2.2 meeting in Skagen 2005....

  19. A Method to Select Test Input Cases for Safety-critical Software

    International Nuclear Information System (INIS)

    Kim, Heeeun; Kang, Hyungook; Son, Hanseong

    2013-01-01

    This paper proposes a new testing methodology for effective and realistic quantification of RPS software failure probability. Software failure probability quantification is important factor in digital system safety assessment. In this study, the method for software test case generation is briefly described. The test cases generated by this method reflect the characteristics of safety-critical software and past inputs. Furthermore, the number of test cases can be reduced, but it is possible to perform exhaustive test. Aspect of software also can be reflected as failure data, so the final failure data can include the failure of software itself and external influences. Software reliability is generally accepted as the key factor in software quality since it quantifies software failures which can make a powerful system inoperative. In the KNITS (Korea Nuclear Instrumentation and Control Systems) project, the software for the fully digitalized reactor protection system (RPS) was developed under a strict procedure including unit testing and coverage measurement. Black box testing is one type of Verification and validation (V and V), in which given input values are entered and the resulting output values are compared against the expected output values. Programmable logic controllers (PLCs) were used in implementing critical systems and function block diagram (FBD) is a commonly used implementation language for PLC

  20. Criticality safety analysis of Hanford Waste Tank 241-101-SY

    International Nuclear Information System (INIS)

    Perry, R.T.; Sapir, J.L.; Krohn, B.J.

    1993-01-01

    As part of a safety assessment for proposed pump mixing operations to mitigate episodic gas releases in Tank 241-101-SY at the Hanford Site, Richland, Washington, a criticality safety analysis was made using the Sn transport code ONEDANT. The tank contains approximately one million gallons of waste and an estimated 910 G of plutonium. the criticality analysis considers reconfiguration and underestimation of plutonium content. The results indicate that Tank SY-101 does not present a criticality hazard. These methods are also used in criticality analyses of other Hanford tanks

  1. Review of WHC criticality safety audit findings for 1970-1981

    International Nuclear Information System (INIS)

    Rogers, C.A.; Paglieri, J.N.

    1984-01-01

    At Westinghouse Hanford Company (WHC) all fissionable material handling must meet DOE requirements for safety. This necessitates a program of regular audits by the Safety group to verify compliance with criticality safety limits and controls and to alert facility management to observed discrepancies and potential problems. Audits of fissionable material facilities by Safety are required at least once every 6 months, but in practice are conducted more frequently. This paper summarizes findings from over 400 criticality safety audits conducted by Safety between July 1970 and July 1981 in seven fissionable material facilities to show their types and frequencies of occurrence. All limit violations occurring during this period are summarized, including those found by the operating group. 1 ref., 1 tab

  2. Modeling for safety in a synthesis-centric systems engineering framework

    NARCIS (Netherlands)

    Markovski, J.; Mortel - Fronczak, van de J.M.; Ortmeier, F.; Daniel, P.

    2012-01-01

    The ever-increasing complexity of safety-critical systems puts high demands on safety assurance and certification. We focus on the development of control software, where safety) requirements engineering plays a crucial and delicate role. Nowadays, most of the safety features are ensured by the

  3. Developing guidance in the nuclear criticality safety assessment for fuel cycle facilities

    International Nuclear Information System (INIS)

    Galet, C.; Evo, S.

    2012-01-01

    In this poster IRSN (Institute for radiation protection and nuclear safety) presents its safety guides whose purpose is to transmit the safety assessment know-how to any 'junior' staff or even to give a view of the safety approach on the overall risks to any staff member. IRSN has written a first version of such a safety guide for fuel cycle facilities and laboratories. It is organized into several chapters: some refer to types of assessments, others concern the types of risks. Currently, this guide contains 13 chapters and each chapter consists of three parts. In parallel to the development of criticality chapter of this guide, the IRSN criticality department has developed a nuclear criticality safety guide. It follows the structure of the three parts fore-mentioned, but it presents a more detailed first part and integrates, in the third part, the experience feedback collected on nuclear facilities. The nuclear criticality safety guide is online on the IRSN's web site

  4. 78 FR 2797 - Federal Motor Vehicle Safety Standards; Minimum Sound Requirements for Hybrid and Electric Vehicles

    Science.gov (United States)

    2013-01-14

    ... Sound Requirements for Hybrid and Electric Vehicles; Draft Environmental Assessment for Rulemaking To Establish Minimum Sound Requirements for Hybrid and Electric Vehicles; Proposed Rules #0;#0;Federal Register...-0148] RIN 2127-AK93 Federal Motor Vehicle Safety Standards; Minimum Sound Requirements for Hybrid and...

  5. Hybrid systems with constraints

    CERN Document Server

    Daafouz, Jamal; Sigalotti, Mario

    2013-01-01

    Control theory is the main subject of this title, in particular analysis and control design for hybrid dynamic systems.The notion of hybrid systems offers a strong theoretical and unified framework to cope with the modeling, analysis and control design of systems where both continuous and discrete dynamics interact. The theory of hybrid systems has been the subject of intensive research over the last decade and a large number of diverse and challenging problems have been investigated. Nevertheless, many important mathematical problems remain open.This book is dedicated mainly to

  6. Modeling the critical safety functions status tree of a NPP using FPGA

    International Nuclear Information System (INIS)

    Farias, Marcos Santana; Oliveira, Mauro Vitor de; Jaime, Guilherme Dutra Gonzaga; Almeida, Jose Carlos Soares de; Augusto, Silas Cordeiro

    2013-01-01

    Field Programmable Gate Arrays (FPGAs) based systems and equipment are beginning to appear in new plants I and C applications, as well as in retrofits for operating plants, in particular for safety applications due to their capability to face the systems obsolescence since they are circuit independent. The circuits implemented can be portable to different FPGAs architectures. Moreover, they reduce complexity for regulatory approval as compared to conventional microprocessor-based systems. Critical safety function (CSF) is the most significant design concept for prioritize operator actions for NPP based on the potential threat to the three barriers (fuel cladding, primary coolant system boundary, and containment) and allows the operator to respond to these threats prior to event diagnosis. CSF has a hierarchical information structure that organizes the system variables affecting the plant safety in terms of goal-means relations. This paper describes the application of FPGA in the implementation of the CSFs status tree logic for a Westinghouse 3-loops NPP simulator. (author)

  7. Criticality safety training at the Hot Fuel Examination Facility

    International Nuclear Information System (INIS)

    Garcia, A.S.; Courtney, J.C.; Thelen, V.N.

    1983-01-01

    HFEF comprises four hot cells and out-of-cell support facilities for the US breeder program. The HFEF criticality safety program includes training in the basic theory of criticality and in specific criticality hazard control rules that apply to HFEF. A professional staff-member oversees the implementation of the criticality prevention program

  8. Operation safety of complex industrial systems

    International Nuclear Information System (INIS)

    Zwingelstein, G.

    1999-01-01

    Zero fault or zero risk is an unreachable goal in industrial activities like nuclear activities. However, methods and techniques exist to reduce the risks to the lowest possible and acceptable level. The operation safety consists in the recognition, evaluation, prediction, measurement and mastery of technological and human faults. This paper analyses each of these points successively: 1 - evolution of operation safety; 2 - definitions and basic concepts: failure, missions and functions of a system and of its components, basic concepts and operation safety; 3 - forecasting analysis of operation safety: reliability data, data-banks, precautions for the use of experience feedback data; realization of an operation safety study: management of operation safety, quality assurance, critical review and audit of operation safety studies; 6 - conclusions. (J.S.)

  9. A diagnostic expert system for the nuclear power plant b ased on the hybrid knowledge approach

    International Nuclear Information System (INIS)

    Yang, J.O.; Chang, S.H.

    1989-01-01

    A diagnostic expert system, the hybrid knowledge based plant operation supporting system (HYPOSS), which has been developed to support operators' decisionmaking during the transients of the nuclear power plant, is described. HYPOSS adopts the hybrid knowledge approach, which combines both shallow and deep knowledge to take advantage of the merits of both approaches. In HYPOSS, four types of knowledge are used according to the steps of diagnosis procedure. They are structural, functional, behavioral, and heuristic knowledge. The structural and functional knowledge is represented by three fundamental primitives and five types of functions, respectively. The behavioral knowledge is represented using constraints. The inference procedure is based on the human problem-solving behavior modeled in HYPOSS. The event-based operational guidelines are provided to the operator according to the diagnosed results. If the exact anomalies cannot be identified while some of the critical safety functions are challenged, the function-based operational guidelines are provided to the operator. For the validation of HYPOSS, several tests have been performed based on the data produced by a plant simulator. The results of validation studies show good applicability of HYPOSS to the anomaly diagnosis of nuclear power plant

  10. Survey of bayesian belif nets for quantitative reliability assessment of safety critical software used in nuclear power plants

    Energy Technology Data Exchange (ETDEWEB)

    Eom, H.S.; Sung, T.Y.; Jeong, H.S.; Park, J.H.; Kang, H.G.; Lee, K

    2001-03-01

    As part of the Probabilistic Safety Assessment of safety grade digital systems used in Nuclear Power plants research, measures and methodologies applicable to quantitative reliability assessment of safety critical software were surveyed. Among the techniques proposed in the literature we selected those which are in use widely and investigated their limitations in quantitative software reliability assessment. One promising methodology from the survey is Bayesian Belief Nets (BBN) which has a formalism and can combine various disparate evidences relevant to reliability into final decision under uncertainty. Thus we analyzed BBN and its application cases in digital systems assessment area and finally studied the possibility of its application to the quantitative reliability assessment of safety critical software.

  11. Survey of bayesian belif nets for quantitative reliability assessment of safety critical software used in nuclear power plants

    International Nuclear Information System (INIS)

    Eom, H. S.; Sung, T. Y.; Jeong, H. S.; Park, J. H.; Kang, H. G.; Lee, K.

    2001-03-01

    As part of the Probabilistic Safety Assessment of safety grade digital systems used in Nuclear Power plants research, measures and methodologies applicable to quantitative reliability assessment of safety critical software were surveyed. Among the techniques proposed in the literature we selected those which are in use widely and investigated their limitations in quantitative software reliability assessment. One promising methodology from the survey is Bayesian Belief Nets (BBN) which has a formalism and can combine various disparate evidences relevant to reliability into final decision under uncertainty. Thus we analyzed BBN and its application cases in digital systems assessment area and finally studied the possibility of its application to the quantitative reliability assessment of safety critical software

  12. Critical power for lower hybrid current drive

    International Nuclear Information System (INIS)

    Assis, A.S. de; Sakanaka, P.H.; Azevedo, C.A. de; Busnardo-Neto, J.

    1995-11-01

    We have solved numerically the quasilinear Fokker-Planck equation which models the critical power for lower hybrid wave current drive. An exact value for the critical power necessary for current saturation, for tokamak current drive experiments, has been obtained. The nonlinear treatment presented here leads to a final profile for the parallel distribution function which is a plateau only in a part of the resonance region. This form of the distribution function is intermediate between two well known results: a plateau throughout the resonance region for the linear strong-source regime, D wave >> D coll and no plateau at all in the resonance region the linear weak-source regimen, D wave coll . The strength of the external power source and the value of the dc electric field are treated as given parameters in the integration scheme. (author). 24 refs, 6 figs

  13. Fusion-fission hybrids: environmental aspects and their role in hybrid rationale

    International Nuclear Information System (INIS)

    Holdren, J.P.

    1981-01-01

    The rationale for developing hybrids depends on real or perceived liabilities of relying on pure fission to do the same job. Quite possibly the main constraint on expanded use of fission will be neither lack of fuel nor high costs, but perceived environmental liabilities - radioactive wastes, reactor safety, and links to nuclear weaponry. The environmental characteristics of hybrid systems and pure-fisson systems are compared here in detail. The findings are that significant environmental advantages for hybrids cannot now be demonstrated and may not exist. Therefore, if environmental drawbacks constrain the application of pure fission, hybrids probably also will be thus constrained

  14. Applications of probabilistic risk analysis in nuclear criticality safety design

    International Nuclear Information System (INIS)

    Chang, J.K.

    1992-01-01

    Many documents have been prepared that try to define the scope of the criticality analysis and that suggest adding probabilistic risk analysis (PRA) to the deterministic safety analysis. The report of the US Department of Energy (DOE) AL 5481.1B suggested that an accident is credible if the occurrence probability is >1 x 10 -6 /yr. The draft DOE 5480 safety analysis report suggested that safety analyses should include the application of methods such as deterministic safety analysis, risk assessment, reliability engineering, common-cause failure analysis, human reliability analysis, and human factor safety analysis techniques. The US Nuclear Regulatory Commission (NRC) report NRC SG830.110 suggested that major safety analysis methods should include but not be limited to risk assessment, reliability engineering, and human factor safety analysis. All of these suggestions have recommended including PRA in the traditional criticality analysis

  15. Validation and Verification (V&V) of Safety-Critical Systems Operating Under Off-Nominal Conditions

    Science.gov (United States)

    Belcastro, Christine M.

    2012-01-01

    Loss of control (LOC) remains one of the largest contributors to aircraft fatal accidents worldwide. Aircraft LOC accidents are highly complex in that they can result from numerous causal and contributing factors acting alone or more often in combination. Hence, there is no single intervention strategy to prevent these accidents. Research is underway at the National Aeronautics and Space Administration (NASA) in the development of advanced onboard system technologies for preventing or recovering from loss of vehicle control and for assuring safe operation under off-nominal conditions associated with aircraft LOC accidents. The transition of these technologies into the commercial fleet will require their extensive validation and verification (V&V) and ultimate certification. The V&V of complex integrated systems poses highly significant technical challenges and is the subject of a parallel research effort at NASA. This chapter summarizes the V&V problem and presents a proposed process that could be applied to complex integrated safety-critical systems developed for preventing aircraft LOC accidents. A summary of recent research accomplishments in this effort is referenced.

  16. Role of criticality models in ANSI standards for nuclear criticality safety

    International Nuclear Information System (INIS)

    Thomas, J.T.

    1976-01-01

    Two methods used in nuclear criticality safety evaluations in the area of neutron interaction among subcritical components of fissile materials are the solid angle and surface density techniques. The accuracy and use of these models are briefly discussed

  17. Hybrid intelligent engineering systems

    CERN Document Server

    Jain, L C; Adelaide, Australia University of

    1997-01-01

    This book on hybrid intelligent engineering systems is unique, in the sense that it presents the integration of expert systems, neural networks, fuzzy systems, genetic algorithms, and chaos engineering. It shows that these new techniques enhance the capabilities of one another. A number of hybrid systems for solving engineering problems are presented.

  18. Workshop on development and view on digital safety system of KNICS

    Energy Technology Data Exchange (ETDEWEB)

    NONE

    2006-05-15

    The contents of this workshop are vision of KNICS, introduction of development of safety system of KNICS, development situation of safety class of PLC, view of software for safety-critical system in PLC, RTOS development by shaping, quality assurance and attestation of PLC, development situation of nuclear reactor system and development situation of ESF-CCS.

  19. Workshop on development and view on digital safety system of KNICS

    International Nuclear Information System (INIS)

    2006-05-01

    The contents of this workshop are vision of KNICS, introduction of development of safety system of KNICS, development situation of safety class of PLC, view of software for safety-critical system in PLC, RTOS development by shaping, quality assurance and attestation of PLC, development situation of nuclear reactor system and development situation of ESF-CCS

  20. The Nuclear Criticality Information System: An update

    International Nuclear Information System (INIS)

    Koponen, B.L.

    1991-07-01

    The US Department of Energy's Nuclear Criticality Information System (NCIS) has served the criticality community for the past ten years with publications and with an online information system. NCIS provides a mean for widely distributed nuclear criticality specialists to communicate and work together instantly. Users of the system may receive assistance from all members of the NCIS community, which provides a much broader base of support than is available at any single site. When unified by NCIS, these diverse specialists provide a resource that has proven to be very useful in the safe handling of fissile material. NCIS also is a source of current nuclear criticality safety information; the rapid access of such up-to-date information on the handling of fissile materials outside of nuclear reactors is international in scope, extending beyond political and geographical boundaries

  1. Criticality safety for deactivation of the Rover dry headend process

    International Nuclear Information System (INIS)

    Henrikson, D.J.

    1995-01-01

    The Rover dry headend process combusted Rover graphite fuels in preparation for dissolution and solvent extraction for the recovery of 235 U. At the end of the Rover processing campaign, significant quantities of 235 U were left in the dry system. The Rover Dry Headend Process Deactivation Project goal is to remove the remaining uranium bearing material (UBM) from the dry system and then decontaminate the cells. Criticality safety issues associated with the Rover Deactivation Project have been influenced by project design refinement and schedule acceleration initiatives. The uranium ash composition used for calculations must envelope a wide range of material compositions, and yet result in cost effective final packaging and storage. Innovative thinking must be used to provide a timely safety authorization basis while the project design continues to be refined

  2. Safety Metrics for Human-Computer Controlled Systems

    Science.gov (United States)

    Leveson, Nancy G; Hatanaka, Iwao

    2000-01-01

    The rapid growth of computer technology and innovation has played a significant role in the rise of computer automation of human tasks in modem production systems across all industries. Although the rationale for automation has been to eliminate "human error" or to relieve humans from manual repetitive tasks, various computer-related hazards and accidents have emerged as a direct result of increased system complexity attributed to computer automation. The risk assessment techniques utilized for electromechanical systems are not suitable for today's software-intensive systems or complex human-computer controlled systems.This thesis will propose a new systemic model-based framework for analyzing risk in safety-critical systems where both computers and humans are controlling safety-critical functions. A new systems accident model will be developed based upon modem systems theory and human cognitive processes to better characterize system accidents, the role of human operators, and the influence of software in its direct control of significant system functions Better risk assessments will then be achievable through the application of this new framework to complex human-computer controlled systems.

  3. University of New Mexico short course in nuclear criticality safety: Training for new NCS [nuclear criticality safety] specialists

    International Nuclear Information System (INIS)

    Busch, R.D.

    1990-01-01

    Since 1973, the University of New Mexico (UNM) has given ten short courses in nuclear criticality safety (NCS). Generally, thee have been given every other year, although in 1989 it was decided to offer the course on an annual basis. This decision was primarily based on the large demand for NCS specialists and a large turnover rate in the industry. The purpose of the course is to provide a 1-week overview of NCS. The typical student has been involved in NCS for <1 yr, although it many cases they have been associated with the nuclear industry in other capacities for many years. The short course is conducted at several levels. Carefully prepared lectures provide the information framework for selected topics. The following topics are covered in the course: basic reactor theory, criticality accidents and consequences, hand calculations, administration of a criticality safety program, regulators and their processes, computer methods and applications, experimental methods and correlations, overview of some process operations, and transportation and storage issues in NCS

  4. Proceedings of the Digital Systems Reliability and Nuclear Safety Workshop

    Energy Technology Data Exchange (ETDEWEB)

    Wallace, D. R.; Cuthill, B. B.; Ippolito, L. M. [National Inst. of Standards and Technology, Gaithersburg, MD (United States); Beltracchi, L. [Nuclear Regulatory Commission, Washington, DC (United States) ed.

    1994-03-01

    The United States Nuclear Regulatory Commission (NRC), in cooperation with the National Institute of Standards and Technology conducted the.Digital Systems Reliability and Nuclear Safety Workshop on September 13--14, 1993, in Rockville, Maryland. The workshop provided a forum for the exchange of information among experts within the nuclear industry, experts from other industries, regulators and academia. The information presented at this workshop provided in-depth exposure of the NRC staff and the nuclear industry to digital systems design safety issues and also provided feedback to the NRC from outside experts regarding identified safety issues, proposed regulatory positions, and intended research associated with the use of digital systems in nuclear power plants. Technical presentations provided insights on areas where current software engineering practices may be inadequate for safety-critical systems, on potential solutions for development issues, and on methods for reducing risk in safety-critical systems. This report contains an analysis of results of the workshop, the papers presented panel presentations, and summaries of, discussions at this workshop. The individual papers have been cataloged separately.

  5. Study on development of active-passive rehabilitation system for upper limbs: Hybrid-PLEMO

    International Nuclear Information System (INIS)

    Kikuchi, T; Jin, Y; Fukushima, K; Akai, H; Furusho, J

    2009-01-01

    In recent years, many researchers have studied the potential of using robotics technology to assist and quantify the motor functions for neuron-rehabilitation. Some kinds of haptic devices have been developed and evaluated its efficiency with clinical tests, for example, upper limb training for patients with spasticity after stroke. Active-type (motor-driven) haptic devices can realize a lot of varieties of haptics. But they basically require high-cost safety system. On the other hand, passive-type (brake-based) haptic devices have inherent safety. However, the passive robot system has strong limitation on varieties of haptics. There are not sufficient evidences to clarify how the passive/active haptics effect to the rehabilitation of motor skills. In this paper, we developed an active-passive-switchable rehabilitation system with ER clutch/brake device named 'Hybrid-PLEMO' in order to address these problems. In this paper, basic structures and haptic control methods of the Hybrid-PLEMO are described.

  6. Study on development of active-passive rehabilitation system for upper limbs: Hybrid-PLEMO

    Energy Technology Data Exchange (ETDEWEB)

    Kikuchi, T; Jin, Y; Fukushima, K; Akai, H; Furusho, J [Department of Mechanical Engineering, Graduate School of Engineering, Osaka University, Osaka (Japan)], E-mail: kikuchi@mech.eng.osaka-u.ac.jp

    2009-02-01

    In recent years, many researchers have studied the potential of using robotics technology to assist and quantify the motor functions for neuron-rehabilitation. Some kinds of haptic devices have been developed and evaluated its efficiency with clinical tests, for example, upper limb training for patients with spasticity after stroke. Active-type (motor-driven) haptic devices can realize a lot of varieties of haptics. But they basically require high-cost safety system. On the other hand, passive-type (brake-based) haptic devices have inherent safety. However, the passive robot system has strong limitation on varieties of haptics. There are not sufficient evidences to clarify how the passive/active haptics effect to the rehabilitation of motor skills. In this paper, we developed an active-passive-switchable rehabilitation system with ER clutch/brake device named 'Hybrid-PLEMO' in order to address these problems. In this paper, basic structures and haptic control methods of the Hybrid-PLEMO are described.

  7. A Test Suite for Safety-Critical Java using JML

    DEFF Research Database (Denmark)

    Ravn, Anders Peter; Søndergaard, Hans

    2013-01-01

    Development techniques are presented for a test suite for the draft specification of the Java profile for Safety-Critical Systems. Distinguishing features are: specification of conformance constraints in the Java Modeling Language, encoding of infrastructure concepts without implementation bias......, and corresponding specifications of implicitly stated behavioral and real-time properties. The test programs are auto-generated from the specification, while concrete values for test parameters are selected manually. The suite is open source and publicly accessible....

  8. Nuclear Data Activities in Support of the DOE Nuclear Criticality Safety Program

    International Nuclear Information System (INIS)

    Westfall, R.M.; McKnight, R.D.

    2005-01-01

    The DOE Nuclear Criticality Safety Program (NCSP) provides the technical infrastructure maintenance for those technologies applied in the evaluation and performance of safe fissionable-material operations in the DOE complex. These technologies include an Analytical Methods element for neutron transport as well as the development of sensitivity/uncertainty methods, the performance of Critical Experiments, evaluation and qualification of experiments as Benchmarks, and a comprehensive Nuclear Data program coordinated by the NCSP Nuclear Data Advisory Group (NDAG).The NDAG gathers and evaluates differential and integral nuclear data, identifies deficiencies, and recommends priorities on meeting DOE criticality safety needs to the NCSP Criticality Safety Support Group (CSSG). Then the NDAG identifies the required resources and unique capabilities for meeting these needs, not only for performing measurements but also for data evaluation with nuclear model codes as well as for data processing for criticality safety applications. The NDAG coordinates effort with the leadership of the National Nuclear Data Center, the Cross Section Evaluation Working Group (CSEWG), and the Working Party on International Evaluation Cooperation (WPEC) of the OECD/NEA Nuclear Science Committee. The overall objective is to expedite the issuance of new data and methods to the DOE criticality safety user. This paper describes these activities in detail, with examples based upon special studies being performed in support of criticality safety for a variety of DOE operations

  9. Criticality safety study of shutdown diffusion cascade coolers

    International Nuclear Information System (INIS)

    Paschal, L.S.; Basoglu, B.; Bentley, C.L.; Dunn, M.E.

    1996-01-01

    Gaseous diffusion plants use cascade coolers in the production of highly enriched uranium (HEU) to remove heat from the enriched stream of UF 6 . The cascade coolers operate like shell and tube heat exchangers with the UF 6 on the shell side and Freon on the tube side. Recirculating cooling water (RCW) in condensers is used to cool the Freon. A criticality safety analysis was previously performed for cascade coolers during normal operation. The purpose of this paper is to evaluate several different hypothetical accidents regarding RCW ingress into the cooler to determine whether criticality safety concerns exist

  10. Neutronic behavior of thorium fuel cycles in a very high temperature hybrid system

    International Nuclear Information System (INIS)

    Rodriguez Garcia, Lorena; Milian Perez, Daniel; Garcia Hernandez, Carlos; Milian Lorenzo, Daniel; Velasco, Abanades

    2013-01-01

    Nuclear energy needs to guarantee four important issues to be successful as a sustainable energy source: nuclear safety, economic competitiveness, proliferation resistance and a minimal production of radioactive waste. Pebble bed reactors (PBR), which are very high temperature systems together with fuel cycles based in Thorium, they could offer the opportunity to meet the sustainability demands. Thorium is a potentially valuable energy source since it is about three to four times as abundant as Uranium. It is also a widely distributed natural resource readily accessible in many countries. This paper shows the main advantages of the use of a hybrid system formed by a Pebble Bed critical nuclear reactor and two Pebble Bed Accelerator Driven Systems (ADSs) using a variety of fuel cycles with Thorium (Th+U 233 , Th+Pu 239 and Th+U). The parameters related to the neutronic behavior like deep burn, nuclear fuel breeding, Minor Actinide stockpile, power density profiles and other are used to compare the fuel cycles using the well-known MCNPX computational code. (author)

  11. Neutronic behavior of thorium fuel cycles in a very high temperature hybrid system

    Energy Technology Data Exchange (ETDEWEB)

    Rodriguez Garcia, Lorena; Milian Perez, Daniel; Garcia Hernandez, Carlos; Milian Lorenzo, Daniel, E-mail: dperez@instec.cu, E-mail: cgh@instec.cu, E-mail: dmilian@instec.cu [Higher Institute of Technologies and Applied Sciences, Havana (Cuba); Velasco, Abanades, E-mail: abanades@etsii.upm.es [Department of Simulation of Thermo Energy Systems, Polytechnic University of Madrid (Spain)

    2013-07-01

    Nuclear energy needs to guarantee four important issues to be successful as a sustainable energy source: nuclear safety, economic competitiveness, proliferation resistance and a minimal production of radioactive waste. Pebble bed reactors (PBR), which are very high temperature systems together with fuel cycles based in Thorium, they could offer the opportunity to meet the sustainability demands. Thorium is a potentially valuable energy source since it is about three to four times as abundant as Uranium. It is also a widely distributed natural resource readily accessible in many countries. This paper shows the main advantages of the use of a hybrid system formed by a Pebble Bed critical nuclear reactor and two Pebble Bed Accelerator Driven Systems (ADSs) using a variety of fuel cycles with Thorium (Th+U{sup 233}, Th+Pu{sup 239} and Th+U). The parameters related to the neutronic behavior like deep burn, nuclear fuel breeding, Minor Actinide stockpile, power density profiles and other are used to compare the fuel cycles using the well-known MCNPX computational code. (author)

  12. Fault tree construction of hybrid system requirements using qualitative formal method

    International Nuclear Information System (INIS)

    Lee, Jang-Soo; Cha, Sung-Deok

    2005-01-01

    When specifying requirements for software controlling hybrid systems and conducting safety analysis, engineers experience that requirements are often known only in qualitative terms and that existing fault tree analysis techniques provide little guidance on formulating and evaluating potential failure modes. In this paper, we propose Causal Requirements Safety Analysis (CRSA) as a technique to qualitatively evaluate causal relationship between software faults and physical hazards. This technique, extending qualitative formal method process and utilizing information captured in the state trajectory, provides specific guidelines on how to identify failure modes and relationship among them. Using a simplified electrical power system as an example, we describe step-by-step procedures of conducting CRSA. Our experience of applying CRSA to perform fault tree analysis on requirements for the Wolsong nuclear power plant shutdown system indicates that CRSA is an effective technique in assisting safety engineers

  13. Compositional Modelling of Stochastic Hybrid Systems

    NARCIS (Netherlands)

    Strubbe, S.N.

    2005-01-01

    In this thesis we present a modelling framework for compositional modelling of stochastic hybrid systems. Hybrid systems consist of a combination of continuous and discrete dynamics. The state space of a hybrid system is hybrid in the sense that it consists of a continuous component and a discrete

  14. Lecture Notes on Criticality Safety Validation Using MCNP & Whisper

    Energy Technology Data Exchange (ETDEWEB)

    Brown, Forrest B. [Los Alamos National Lab. (LANL), Los Alamos, NM (United States); Rising, Michael Evan [Los Alamos National Lab. (LANL), Los Alamos, NM (United States); Alwin, Jennifer Louise [Los Alamos National Lab. (LANL), Los Alamos, NM (United States)

    2016-03-11

    Training classes for nuclear criticality safety, MCNP documentation. The need for, and problems surrounding, validation of computer codes and data area considered first. Then some background for MCNP & Whisper is given--best practices for Monte Carlo criticality calculations, neutron spectra, S(α,β) thermal neutron scattering data, nuclear data sensitivities, covariance data, and correlation coefficients. Whisper is computational software designed to assist the nuclear criticality safety analyst with validation studies with the Monte Carlo radiation transport package MCNP. Whisper's methodology (benchmark selection – Ck's, weights; extreme value theory – bias, bias uncertainty; MOS for nuclear data uncertainty – GLLS) and usage are discussed.

  15. Nuclear criticality safety experiments, calculations, and analyses: 1958 to 1982. Volume 1. Lookup tables

    International Nuclear Information System (INIS)

    Koponen, B.L.; Hampel, V.E.

    1982-01-01

    This compilation contains 688 complete summaries of papers on nuclear criticality safety as presented at meetings of the American Nuclear Society (ANS). The selected papers contain criticality parameters for fissile materials derived from experiments and calculations, as well as criticality safety analyses for fissile material processing, transport, and storage. The compilation was developed as a component of the Nuclear Criticality Information System (NCIS) now under development at the Lawrence Livermore National Laboratory. The compilation is presented in two volumes: Volume 1 contains a directory to the ANS Transaction volume and page number where each summary was originally published, the author concordance, and the subject concordance derived from the keyphrases in titles. Volume 2 contains - in chronological order - the full-text summaries, reproduced here by permission of the American Nuclear Society from their Transactions, volumes 1-41

  16. SRTC criticality safety technical review: Nuclear criticality safety evaluation 94-02, uranium solidification facility pencil tank module spacing

    International Nuclear Information System (INIS)

    Rathbun, R.

    1994-01-01

    Review of NMP-NCS-94-0087, ''Nuclear Criticality Safety Evaluation 94-02: Uranium Solidification Facility Pencil Tank Module Spacing (U), April 18, 1994,'' was requested of the SRTC Applied Physics Group. The NCSE is a criticality assessment to show that the USF process module spacing, as given in Non-Conformance Report SHM-0045, remains safe for operation. The NCSE under review concludes that the module spacing as given in Non-Conformance Report SHM-0045 remains in a critically safe configuration for all normal and single credible abnormal conditions. After a thorough review of the NCSE, this reviewer agrees with that conclusion

  17. Criticality Safety Evaluation of Hanford Site High Level Waste Storage Tanks

    Energy Technology Data Exchange (ETDEWEB)

    ROGERS, C.A.

    2000-02-17

    This criticality safety evaluation covers operations for waste in underground storage tanks at the high-level waste tank farms on the Hanford site. This evaluation provides the bases for criticality safety limits and controls to govern receipt, transfer, and long-term storage of tank waste. Justification is provided that a nuclear criticality accident cannot occur for tank farms operations, based on current fissile material and operating conditions.

  18. Criticality Safety Evaluation of Hanford Site High-Level Waste Storage Tanks

    International Nuclear Information System (INIS)

    ROGERS, C.A.

    2000-01-01

    This criticality safety evaluation covers operations for waste in underground storage tanks at the high-level waste tank farms on the Hanford site. This evaluation provides the bases for criticality safety limits and controls to govern receipt, transfer, and long-term storage of tank waste. Justification is provided that a nuclear criticality accident cannot occur for tank farms operations, based on current fissile material and operating conditions

  19. Selection and verification of safety parameters in safety parameter display system for nuclear power plants

    International Nuclear Information System (INIS)

    Zhang Yuangfang

    1992-02-01

    The method and results for safety parameter selection and its verification in safety parameter display system of nuclear power plants are introduced. According to safety analysis, the overall safety is divided into six critical safety functions, and a certain amount of safety parameters which can represent the integrity degree of each function and the causes of change are strictly selected. The verification of safety parameter selection is carried out from the view of applying the plant emergency procedures and in the accident man oeuvres on a full scale nuclear power plant simulator

  20. Computational Methods for Sensitivity and Uncertainty Analysis in Criticality Safety

    International Nuclear Information System (INIS)

    Broadhead, B.L.; Childs, R.L.; Rearden, B.T.

    1999-01-01

    Interest in the sensitivity methods that were developed and widely used in the 1970s (the FORSS methodology at ORNL among others) has increased recently as a result of potential use in the area of criticality safety data validation procedures to define computational bias, uncertainties and area(s) of applicability. Functional forms of the resulting sensitivity coefficients can be used as formal parameters in the determination of applicability of benchmark experiments to their corresponding industrial application areas. In order for these techniques to be generally useful to the criticality safety practitioner, the procedures governing their use had to be updated and simplified. This paper will describe the resulting sensitivity analysis tools that have been generated for potential use by the criticality safety community

  1. A new concept of safety parameter display system

    International Nuclear Information System (INIS)

    Martinez, A.S.; Oliveira, L.F.S. de; Schirru, R.; Thome Filho, Z.D.; Silva, R.A. da.

    1986-07-01

    A general description of Angra-1 Parameter Display System (SSPA), a real time and on-line computerized monitoring system for the parameters related to the power plant safety is presented. This system has the main purpose of diminish the load on the Angra-1 power plant operators at an emergency event by supplying them with the additional tools serving as the basis for a prompt identification of the accident. The SSPA is a kind of safety parameter display system whose concept was introduced after Three Mile Island accident in USA. The SSPA comprises two nuclear applications independently considered. They are included into the Parameters Monitoring Integrated System (SIMP) and the safety critical function system (SFCS). (Author) [pt

  2. Overview of the Safety Issues Associated with the Compressed Natural Gas Fuel System and Electric Drive System in a Heavy Hybrid Electric Vehicle

    Energy Technology Data Exchange (ETDEWEB)

    Nelson, S.C.

    2002-11-14

    This report evaluates the hazards that are unique to a compressed-natural-gas (CNG)-fueled heavy hybrid electric vehicle (HEV) design compared with a conventional heavy vehicle. The unique design features of the heavy HEV are the CNG fuel system for the internal-combustion engine (ICE) and the electric drive system. This report addresses safety issues with the CNG fuel system and the electric drive system. Vehicles on U. S. highways have been propelled by ICEs for several decades. Heavy-duty vehicles have typically been fueled by diesel fuel, and light-duty vehicles have been fueled by gasoline. The hazards and risks posed by ICE vehicles are well understood and have been generally accepted by the public. The economy, durability, and safety of ICE vehicles have established a standard for other types of vehicles. Heavy-duty (i.e., heavy) HEVs have recently been introduced to U. S. roadways, and the hazards posed by these heavy HEVs can be compared with the hazards posed by ICE vehicles. The benefits of heavy HEV technology are based on their potential for reduced fuel consumption and lower exhaust emissions, while the disadvantages are the higher acquisition cost and the expected higher maintenance costs (i.e., battery packs). The heavy HEV is more suited for an urban drive cycle with stop-and-go driving conditions than for steady expressway speeds. With increasing highway congestion and the resulting increased idle time, the fuel consumption advantage for heavy HEVs (compared with conventional heavy vehicles) is enhanced by the HEVs' ability to shut down. Any increase in fuel cost obviously improves the economics of a heavy HEV. The propulsion system for a heavy HEV is more complex than the propulsion system for a conventional heavy vehicle. The heavy HEV evaluated in this study has in effect two propulsion systems: an ICE fueled by CNG and an electric drive system with additional complexity and failure modes. This additional equipment will result in a less

  3. Insight from a Critical Review on the Safety Analysis of Nuclear Fuel Cycle Facility for Domestic Regulatory System

    International Nuclear Information System (INIS)

    Hong, Soon Joon; Chung, Young Wook; Jeong, Seung Young

    2010-01-01

    Korea has 20 nuclear power plants in operation, and 10,761 ton of spent fuel deposited in plant sites. The capacity of reservoir for spent fuel in plant sites is to begin to be full in 2016. The light water reactors of 16 units generate around 320 ton/year and the heavy water reactors of 4 units around 380 ton/year in Korea. And the electricity generated by nuclear power plants is planned to increase up to 59% share by 2030. Spent fuel classified as high level radioactive waste in law is characterized by high level radiation, high heat generation, and high radiological toxicity. In the contrary, it is also a very useful domestic energy source. Thus, the safe management of spent fuel is very important confronting job in nuclear industry. Advanced fuel cycle (AFC) using pyro-process is an innovative technology, by which environmental load is drastically relieved because the extracted long-lived fission products are burn in fast breeder reactors. Domestic nuclear industry also has a perspective road map for the construction of AFC facilities. However, there is not a sufficiently detailed licensing regulatory system yet. Moreover, there is no systematic frame for the safety evaluation. This paper reviews the safety analysis system of foreign fuel cycle facilities. Critical review leads to the insight for setting-up safety analysis system of domestic AFC facilities

  4. Sensitivity analysis of parameters important to nuclear criticality safety of Castor X/28F spent nuclear fuel cask

    Energy Technology Data Exchange (ETDEWEB)

    Leotlela, Mosebetsi J. [Witwatersrand Univ., Johannesburg (South Africa). School of Physics; Koeberg Operating Unit, Johannesburg (South Africa). Regulations and Licensing; Malgas, Isaac [Koeberg Nuclear Power Station, Duinefontein (South Africa). Nuclear Engineering Analysis; Taviv, Eugene [ASARA consultants (PTY) LTD, Johannesburg (South Africa)

    2015-11-15

    In nuclear criticality safety analysis it is essential to ascertain how various components of the nuclear system will perform under certain conditions they may be subjected to, particularly if the components of the system are likely to be affected by environmental factors such as temperature, radiation or material composition. It is therefore prudent that a sensitivity analysis is performed to determine and quantify the response of the output to variation in any of the input parameters. In a fissile system, the output parameter of importance is the k{sub eff}. Therefore, in attempting to prevent reactivity-induced accidents, it is important for the criticality safety analyst to have a quantified degree of response for the neutron multiplication factor to perturbation in a given input parameter. This article will present the results of the perturbation of the parameters that are important to nuclear criticality safety analysis and their respective correlation equations for deriving the sensitivity coefficients.

  5. Safety Critical Java for Robotics Programming

    DEFF Research Database (Denmark)

    Thomsen, Bent; Luckow, Kasper Søe; Bøgholm, Thomas

    2015-01-01

    This paper introduces Safety Critical Java (SCJ) and argues its readiness for robotics programming. We give an overview of the work done at Aalborg University and elsewhere on SCJl, some of its implementations in the form of the JOP, FijiVM and HVM and some of the tools, especially WCA, Teta...

  6. Hybrid systems, optimal control and hybrid vehicles theory, methods and applications

    CERN Document Server

    Böhme, Thomas J

    2017-01-01

    This book assembles new methods showing the automotive engineer for the first time how hybrid vehicle configurations can be modeled as systems with discrete and continuous controls. These hybrid systems describe naturally and compactly the networks of embedded systems which use elements such as integrators, hysteresis, state-machines and logical rules to describe the evolution of continuous and discrete dynamics and arise inevitably when modeling hybrid electric vehicles. They can throw light on systems which may otherwise be too complex or recondite. Hybrid Systems, Optimal Control and Hybrid Vehicles shows the reader how to formulate and solve control problems which satisfy multiple objectives which may be arbitrary and complex with contradictory influences on fuel consumption, emissions and drivability. The text introduces industrial engineers, postgraduates and researchers to the theory of hybrid optimal control problems. A series of novel algorithmic developments provides tools for solving engineering pr...

  7. Software for safety critical applications

    International Nuclear Information System (INIS)

    Kropik, M.; Matejka, K.; Jurickova, M.; Chudy, R.

    2001-01-01

    The contribution gives an overview of the project of the software development for safety critical applications. This project has been carried out since 1997. The principal goal of the project was to establish a research laboratory for the development of the software with the highest requirements for quality and reliability. This laboratory was established at the department, equipped with proper hardware and software to support software development. A research team of predominantly young researchers for software development was created. The activities of the research team started with studying and proposing the software development methodology. In addition, this methodology was applied to the real software development. The verification and validation process followed the software development. The validation system for the integrated hardware and software tests was brought into being and its control software was developed. The quality of the software tools was also observed, and the SOSAT tool was used during these activities. National and international contacts were established and maintained during the project solution.(author)

  8. Progress in the development of methodology for fusion safety systems studies

    International Nuclear Information System (INIS)

    Ho, S.K.; Cambi, G.; Ciattaglia, S.; Fujii-e, Y.; Seki, Y.

    1994-01-01

    The development of fusion safety systems-study methodology, including the aspects of schematic classification of overall fusion safety system, qualitative assessment of fusion system for identification of critical accident scenarios, quantitative analysis of accident consequences and risk for safety design evaluation, and system-level analysis of accident consequences and risk for design optimization, by a consortium of international efforts is presented. The potential application of this methodology into reactor design studies will facilitate the systematic assessment of safety performance of reactor designs and enhance the impacts of safety considerations on the selection of design configurations

  9. Hybrid spacecraft attitude control system

    Directory of Open Access Journals (Sweden)

    Renuganth Varatharajoo

    2016-02-01

    Full Text Available The hybrid subsystem design could be an attractive approach for futurespacecraft to cope with their demands. The idea of combining theconventional Attitude Control System and the Electrical Power System ispresented in this article. The Combined Energy and Attitude ControlSystem (CEACS consisting of a double counter rotating flywheel assemblyis investigated for small satellites in this article. Another hybrid systemincorporating the conventional Attitude Control System into the ThermalControl System forming the Combined Attitude and Thermal ControlSystem (CATCS consisting of a "fluid wheel" and permanent magnets isalso investigated for small satellites herein. The governing equationsdescribing both these novel hybrid subsystems are presented and theironboard architectures are numerically tested. Both the investigated novelhybrid spacecraft subsystems comply with the reference missionrequirements.The hybrid subsystem design could be an attractive approach for futurespacecraft to cope with their demands. The idea of combining theconventional Attitude Control System and the Electrical Power System ispresented in this article. The Combined Energy and Attitude ControlSystem (CEACS consisting of a double counter rotating flywheel assemblyis investigated for small satellites in this article. Another hybrid systemincorporating the conventional Attitude Control System into the ThermalControl System forming the Combined Attitude and Thermal ControlSystem (CATCS consisting of a "fluid wheel" and permanent magnets isalso investigated for small satellites herein. The governing equationsdescribing both these novel hybrid subsystems are presented and theironboard architectures are numerically tested. Both the investigated novelhybrid spacecraft subsystems comply with the reference missionrequirements.

  10. Hybrid Propulsion Systems for Remotely Piloted Aircraft Systems

    Directory of Open Access Journals (Sweden)

    Mithun Abdul Sathar Eqbal

    2018-03-01

    Full Text Available The development of more efficient propulsion systems for aerospace vehicles is essential to achieve key objectives. These objectives are to increase efficiency while reducing the amount of carbon-based emissions. Hybrid electric propulsion (HEP is an ideal means to maintain the energy density of hydrocarbon-based fuels and utilize energy-efficient electric machines. A system that integrates different propulsion systems into a single system, with one being electric, is termed an HEP system. HEP systems have been studied previously and introduced into Land, Water, and Aerial Vehicles. This work presents research into the use of HEP systems in Remotely Piloted Aircraft Systems (RPAS. The systems discussed in this paper are Internal Combustion Engine (ICE–Electric Hybrid systems, ICE–Photovoltaic (PV Hybrid systems, and Fuel-Cell Hybrid systems. The improved performance characteristics in terms of fuel consumption and endurance are discussed.

  11. Breaking Dense Structures: Proving Stability of Densely Structured Hybrid Systems

    Directory of Open Access Journals (Sweden)

    Eike Möhlmann

    2015-06-01

    Full Text Available Abstraction and refinement is widely used in software development. Such techniques are valuable since they allow to handle even more complex systems. One key point is the ability to decompose a large system into subsystems, analyze those subsystems and deduce properties of the larger system. As cyber-physical systems tend to become more and more complex, such techniques become more appealing. In 2009, Oehlerking and Theel presented a (de-composition technique for hybrid systems. This technique is graph-based and constructs a Lyapunov function for hybrid systems having a complex discrete state space. The technique consists of (1 decomposing the underlying graph of the hybrid system into subgraphs, (2 computing multiple local Lyapunov functions for the subgraphs, and finally (3 composing the local Lyapunov functions into a piecewise Lyapunov function. A Lyapunov function can serve multiple purposes, e.g., it certifies stability or termination of a system or allows to construct invariant sets, which in turn may be used to certify safety and security. In this paper, we propose an improvement to the decomposing technique, which relaxes the graph structure before applying the decomposition technique. Our relaxation significantly reduces the connectivity of the graph by exploiting super-dense switching. The relaxation makes the decomposition technique more efficient on one hand and on the other allows to decompose a wider range of graph structures.

  12. Design of Mixed-Criticality Applications on Distributed Real-Time Systems

    DEFF Research Database (Denmark)

    Tamas-Selicean, Domitian

    the concept of virtual links, and temporal separation, enforced through schedule tables for TT messages and bandwidth allocation for RC messages. The objective of this thesis is to develop methods and tools for distributed mixed-criticality real-time systems. At the processor level, we are interested......A mixed-criticality system implements applications of different safety-criticality levels onto the same platform. In such cases, the certification standards require that applications of different criticality levels are protected so they cannot influence each other. Otherwise, all tasks have...

  13. Insight and Evidence Motivating the Simplification of Dual-Analysis Hybrid Systems into Single-Analysis Hybrid Systems

    Science.gov (United States)

    Todling, Ricardo; Diniz, F. L. R.; Takacs, L. L.; Suarez, M. J.

    2018-01-01

    Many hybrid data assimilation systems currently used for NWP employ some form of dual-analysis system approach. Typically a hybrid variational analysis is responsible for creating initial conditions for high-resolution forecasts, and an ensemble analysis system is responsible for creating sample perturbations used to form the flow-dependent part of the background error covariance required in the hybrid analysis component. In many of these, the two analysis components employ different methodologies, e.g., variational and ensemble Kalman filter. In such cases, it is not uncommon to have observations treated rather differently between the two analyses components; recentering of the ensemble analysis around the hybrid analysis is used to compensated for such differences. Furthermore, in many cases, the hybrid variational high-resolution system implements some type of four-dimensional approach, whereas the underlying ensemble system relies on a three-dimensional approach, which again introduces discrepancies in the overall system. Connected to these is the expectation that one can reliably estimate observation impact on forecasts issued from hybrid analyses by using an ensemble approach based on the underlying ensemble strategy of dual-analysis systems. Just the realization that the ensemble analysis makes substantially different use of observations as compared to their hybrid counterpart should serve as enough evidence of the implausibility of such expectation. This presentation assembles numerous anecdotal evidence to illustrate the fact that hybrid dual-analysis systems must, at the very minimum, strive for consistent use of the observations in both analysis sub-components. Simpler than that, this work suggests that hybrid systems can reliably be constructed without the need to employ a dual-analysis approach. In practice, the idea of relying on a single analysis system is appealing from a cost-maintenance perspective. More generally, single-analysis systems avoid

  14. Data-Centric Knowledge Discovery Strategy for a Safety-Critical Sensor Application

    Directory of Open Access Journals (Sweden)

    Nilamadhab Mishra

    2014-01-01

    Full Text Available In an indoor safety-critical application, sensors and actuators are clustered together to accomplish critical actions within a limited time constraint. The cluster may be controlled by a dedicated programmed autonomous microcontroller device powered with electricity to perform in-network time critical functions, such as data collection, data processing, and knowledge production. In a data-centric sensor network, approximately 3–60% of the sensor data are faulty, and the data collected from the sensor environment are highly unstructured and ambiguous. Therefore, for safety-critical sensor applications, actuators must function intelligently within a hard time frame and have proper knowledge to perform their logical actions. This paper proposes a knowledge discovery strategy and an exploration algorithm for indoor safety-critical industrial applications. The application evidence and discussion validate that the proposed strategy and algorithm can be implemented for knowledge discovery within the operational framework.

  15. Validation of calculational methods for nuclear criticality safety - approved 1975

    International Nuclear Information System (INIS)

    Anon.

    1977-01-01

    The American National Standard for Nuclear Criticality Safety in Operations with Fissionable Materials Outside Reactors, N16.1-1975, states in 4.2.5: In the absence of directly applicable experimental measurements, the limits may be derived from calculations made by a method shown to be valid by comparison with experimental data, provided sufficient allowances are made for uncertainties in the data and in the calculations. There are many methods of calculation which vary widely in basis and form. Each has its place in the broad spectrum of problems encountered in the nuclear criticality safety field; however, the general procedure to be followed in establishing validity is common to all. The standard states the requirements for establishing the validity and area(s) of applicability of any calculational method used in assessing nuclear criticality safety

  16. The International Criticality Safety Benchmark Evaluation Project on the Internet

    International Nuclear Information System (INIS)

    Briggs, J.B.; Brennan, S.A.; Scott, L.

    2000-01-01

    The International Criticality Safety Benchmark Evaluation Project (ICSBEP) was initiated in October 1992 by the US Department of Energy's (DOE's) defense programs and is documented in the Transactions of numerous American Nuclear Society and International Criticality Safety Conferences. The work of the ICSBEP is documented as an Organization for Economic Cooperation and Development (OECD) handbook, International Handbook of Evaluated Criticality Safety Benchmark Experiments. The ICSBEP Internet site was established in 1996 and its address is http://icsbep.inel.gov/icsbep. A copy of the ICSBEP home page is shown in Fig. 1. The ICSBEP Internet site contains the five primary links. Internal sublinks to other relevant sites are also provided within the ICSBEP Internet site. A brief description of each of the five primary ICSBEP Internet site links is given

  17. Memory Management for Safety-Critical Java

    DEFF Research Database (Denmark)

    Schoeberl, Martin

    2011-01-01

    Safety-Critical Java (SCJ) is based on the Real-Time Specification for Java. To simplify the certification of Java programs, SCJ supports only a restricted scoped memory model. Individual threads share only immortal memory and the newly introduced mission memory. All other scoped memories...... implementation is evaluated on an embedded Java processor....

  18. Inherent Safety Feature of Hybrid Low Power Research Reactor during Reactivity Induced Accident

    Energy Technology Data Exchange (ETDEWEB)

    Kim, DongHyun; Yum, Soo Been; Hong, Sung Teak; Lim, In-Cheol [Korea Atomic Energy Research Institute, Daejeon (Korea, Republic of)

    2016-10-15

    Hybrid low power research reactor(H-LPRR) is the new design concept of low power research reactor for critical facility as well as education and training. In the case of typical low power research reactor, the purposes of utilization are the experiments for education of nuclear engineering students, Neutron Activation Analysis(NAA) and radio-isotope production for research purpose. H-LPRR is a light-water cooled and moderated research reactor that uses rod-type LEU UO{sub 2} fuels same as those for commercial power plants. The maximum core thermal power is 70kW and, the core is placed in the bottom of open pool. There are 1 control rod and 2 shutdown rods in the core. It is designed to cool the core by natural convection, retain negative feedback coefficient for entire fuel periods and operate for 20 years without refueling. Inherent safety in H-LPRR is achieved by passive design features such as negative temperature feedback coefficient and core cooling by natural convection during normal and emergency conditions. The purpose of this study is to find out that the inherent safety characteristics of H-LPRR is able to control the power and protect the reactor from the RIA(Reactivity induced accident). RIA analysis was performed to investigate the inherent safety feature of H-LPRR. As a result, it was found that the reactor controls its power without fuel damage in the event and that the reactor remains safe states inherently. Therefore, it is believed that high degree of safety inheres in H-LPRR.

  19. Bibliography for nuclear criticality accident experience, alarm systems, and emergency management

    International Nuclear Information System (INIS)

    Putman, V.L.

    1995-09-01

    The characteristics, detection, and emergency management of nuclear criticality accidents outside reactors has been an important component of criticality safety for as long as the need for this specialized safety discipline has been recognized. The general interest and importance of such topics receives special emphasis because of the potentially lethal, albeit highly localized, effects of criticality accidents and because of heightened public and regulatory concerns for any undesirable event in nuclear and radiological fields. This bibliography lists references which are potentially applicable to or interesting for criticality alarm, detection, and warning systems; criticality accident emergency management; and their associated programs. The lists are annotated to assist bibliography users in identifying applicable: industry and regulatory guidance and requirements, with historical development information and comments; criticality accident characteristics, consequences, experiences, and responses; hazard-, risk-, or safety-analysis criteria; CAS design and qualification criteria; CAS calibration, maintenance, repair, and testing criteria; experiences of CAS designers and maintainers; criticality accident emergency management (planning, preparedness, response, and recovery) requirements and guidance; criticality accident emergency management experience, plans, and techniques; methods and tools for analysis; and additional bibliographies

  20. Criticality safety of spent fuel casks considering water inleakage

    International Nuclear Information System (INIS)

    Osgood, N.L.; Withee, C.J.; Easton, E.P.

    2004-01-01

    A fundamental safety design parameter for all fissile material packages is that a single package must be critically safe even if water leaks into the containment system. In addition, criticality safety must be assured for arrays of packages under normal conditions of transport (undamaged packages) and under hypothetical accident conditions (damaged packages). The U.S. Nuclear Regulatory Commission staff has revised the review protocol for demonstrating criticality safety for spent fuel casks. Previous review guidance specified that water inleakage be considered under accident conditions. This practice was based on the fact that the leak tightness of spent fuel casks is typically demonstrated by use of structural analysis and not by physical testing. In addition, since a single package was shown to be safe with water inleakage, it was concluded that this analysis was also applicable to an array of damaged packages, since the heavy shield walls in spent fuel casks neutronically isolate each cask in the array. Inherent in this conclusion is that the fuel assembly geometry does not change significantly, even under drop test conditions. Requests for shipping fuel with burnup exceeding 40 GWd/MTU, including very high burnups exceeding 60 GWD/MTU, caused a reassessment of this assumption. Fuel cladding structural strength and ductility were not clearly predictable for these higher burnups. Therefore the single package analysis for an undamaged package may not be applicable for the damaged package. NRC staff developed a new practice for review of spent fuel casks under accident conditions. The practice presents two methods for approval that would allow an assessment of potential reconfiguration of the fuel assembly under accident conditions, or, alternatively, a demonstration of the water-exclusion boundary through physical testing

  1. Assessing Risk-Based Performance Indicators in Safety-Critical Systems for Nuclear Power Plants

    OpenAIRE

    TONT Gabriela

    2011-01-01

    The paper proposes framework for a multidisciplinary nuclear risk and safety assessment by modeling uncertainty and combining diverse evidence provided in such a way that it could be used to represent an entire argument about a system's dependability. The identified safety issues are being treated by means of probabilistic safety assessment (PSA). The behavior simulation of power plant in thepresence of risk factors is analyzed from the vulnerability, risk and functional safety viewpoints, hi...

  2. Robust optical sensors for safety critical automotive applications

    Science.gov (United States)

    De Locht, Cliff; De Knibber, Sven; Maddalena, Sam

    2008-02-01

    Optical sensors for the automotive industry need to be robust, high performing and low cost. This paper focuses on the impact of automotive requirements on optical sensor design and packaging. Main strategies to lower optical sensor entry barriers in the automotive market include: Perform sensor calibration and tuning by the sensor manufacturer, sensor test modes on chip to guarantee functional integrity at operation, and package technology is key. As a conclusion, optical sensor applications are growing in automotive. Optical sensor robustness matured to the level of safety critical applications like Electrical Power Assisted Steering (EPAS) and Drive-by-Wire by optical linear arrays based systems and Automated Cruise Control (ACC), Lane Change Assist and Driver Classification/Smart Airbag Deployment by camera imagers based systems.

  3. New Burnup Calculation System for Fusion-Fission Hybrid System

    International Nuclear Information System (INIS)

    Isao Murata; Shoichi Shido; Masayuki Matsunaka; Keitaro Kondo; Hiroyuki Miyamaru

    2006-01-01

    Investigation of nuclear waste incineration has positively been carried out worldwide from the standpoint of environmental issues. Some candidates such as ADS, FBR are under discussion for possible incineration technology. Fusion reactor is one of such technologies, because it supplies a neutron-rich and volumetric irradiation field, and in addition the energy is higher than nuclear reactor. However, it is still hard to realize fusion reactor right now, as well known. An idea of combination of fusion and fission concepts, so-called fusion-fission hybrid system, was thus proposed for the nuclear waste incineration. Even for a relatively lower plasma condition, neutrons can be well multiplied by fission in the nuclear fuel, tritium is thus bred so as to attain its self-sufficiency, enough energy multiplication is then expected and moreover nuclear waste incineration is possible. In the present study, to realize it as soon as possible with the presently proven technology, i.e., using ITER model with the achieved plasma condition of JT60 in JAEA, Japan, a new calculation system for fusion-fission hybrid reactor including transport by MCNP and burnup by ORIGEN has been developed for the precise prediction of the neutronics performance. The author's group already has such a calculation system developed by them. But it had a problem that the cross section libraries in ORIGEN did not have a cross section library, which is suitable specifically for fusion-fission hybrid reactors. So far, those for FBR were approximately used instead in the analysis. In the present study, exact derivation of the collapsed cross section for ORIGEN has been investigated, which means it is directly evaluated from calculated track length by MCNP and point-wise nuclear data in the evaluated nuclear data file like JENDL-3.3. The system realizes several-cycle calculation one time, each of which consists of MCNP criticality calculation, MCNP fixed source calculation with a 3-dimensional precise

  4. Integration profile and safety of an adenovirus hybrid-vector utilizing hyperactive sleeping beauty transposase for somatic integration.

    Directory of Open Access Journals (Sweden)

    Wenli Zhang

    Full Text Available We recently developed adenovirus/transposase hybrid-vectors utilizing the previously described hyperactive Sleeping Beauty (SB transposase HSB5 for somatic integration and we could show stabilized transgene expression in mice and a canine model for hemophilia B. However, the safety profile of these hybrid-vectors with respect to vector dose and genotoxicity remains to be investigated. Herein, we evaluated this hybrid-vector system in C57Bl/6 mice with escalating vector dose settings. We found that in all mice which received the hyperactive SB transposase, transgene expression levels were stabilized in a dose-dependent manner and that the highest vector dose was accompanied by fatalities in mice. To analyze potential genotoxic side-effects due to somatic integration into host chromosomes, we performed a genome-wide integration site analysis using linker-mediated PCR (LM-PCR and linear amplification-mediated PCR (LAM-PCR. Analysis of genomic DNA samples obtained from HSB5 treated female and male mice revealed a total of 1327 unique transposition events. Overall the chromosomal distribution pattern was close-to-random and we observed a random integration profile with respect to integration into gene and non-gene areas. Notably, when using the LM-PCR protocol, 27 extra-chromosomal integration events were identified, most likely caused by transposon excision and subsequent transposition into the delivered adenoviral vector genome. In total, this study provides a careful evaluation of the safety profile of adenovirus/Sleeping Beauty transposase hybrid-vectors. The obtained information will be useful when designing future preclinical studies utilizing hybrid-vectors in small and large animal models.

  5. A Technique of Software Safety Analysis in the Design Phase for PLC Based Safety-Critical Systems

    International Nuclear Information System (INIS)

    Koo, Seo-Ryong; Kim, Chang-Hwoi

    2017-01-01

    The purpose of safety analysis, which is a method of identifying portions of a system that have the potential for unacceptable hazards, is firstly to encourage design changes that will reduce or eliminate hazards and, secondly, to conduct special analyses and tests that can provide increased confidence in especially vulnerable portions of the system. For the design and implementation phase of the PLC based systems, we proposed a technique for software design specification and analysis, and this technique enables us to generate software design specifications (SDSs) in nuclear fields. For the safety analysis in the design phase, we used architecture design blocks of NuFDS to represent the architecture of the software. On the basis of the architecture design specification, we can directly generate the fault tree and then use the fault tree for qualitative analysis. Therefore, we proposed a technique of fault tree synthesis, along with a universal fault tree template for the architecture modules of nuclear software. Through our proposed fault tree synthesis in this work, users can use the architecture specification of the NuFDS approach to intuitively compose fault trees that help analyze the safety design features of software.

  6. An evaluation of safety-critical Java on a Java processor

    OpenAIRE

    Rios Rivas, Juan Ricardo; Schoeberl, Martin

    2014-01-01

    The safety-critical Java (SCJ) specification provides a restricted set of the Java language intended for applications that require certification. In order to test the specification, implementations are emerging and the need to evaluate those implementations in a systematic way is becoming important. In this paper we evaluate our SCJ implementation which is based on the Java Optimized Processor JOP and we measure different performance and timeliness criteria relevant to hard real-time systems....

  7. Criticality safety and shielding analysis of WWER-440 fuel configurations

    International Nuclear Information System (INIS)

    Christoskov, I.

    2008-01-01

    An overview is made of some studies performed on the criticality safety and radiation shielding analysis of irradiated WWER-440 fuel storage and handling configurations. The analytical tools are based on the SCALE 4.4a code system, in combination with the TORT discrete ordinates transport code and the BUGLE-96 cross-sections library. The accuracy of some important results is assessed through comparison with independent evaluations and with measurement data. (author)

  8. You Outsource the Service but Not the Risk: Supply Chain Risk Management for the Cyber Security of Safety Critical Systems

    OpenAIRE

    Johnson, Chris W.

    2016-01-01

    Companies increasingly form interdependent relationships between contractors and sub-contractors that extend\\ud across national borders and legal jurisdictions. In consequence, supply chain risk management (SCRM) is an\\ud increasing concern for the cyber security of safety-critical systems. The following pages argue that outsourcing\\ud undermines SCRM by eroding technical expertise, which companies need to select and audit their suppliers. They\\ud are still held accountable when the failure o...

  9. Criticality safety for TMI-2 canister storage at INEL

    International Nuclear Information System (INIS)

    Jones, R.R.; Briggs, J.B.; Ayers, A.L. Jr.

    1986-01-01

    Canisters containing Three Mile Island Unit 2 (TMI-2) core debris will be researched, stored, and prepared for final disposition at the Idaho National Engineering Laboratory (INEL). The canisters will be placed into storage modules and assembled into a storage rack, which will be located in the Test Area North (TAN) storage pool. Criticality safety calculations were made (a) to ensure that the storage rack is safe for both normal and accident conditions and (b) to determine the effects of degradation of construction materials (Boraflex and polyethylene) on criticality safety

  10. Criticality safety evaluation report for K Basin filter cartridges

    International Nuclear Information System (INIS)

    Schwinkendorf, K.N.

    1995-01-01

    A criticality safety evaluation of the K Basin filter cartridge assemblies has been completed to support operations without a criticality alarm system. The results show that for normal operation, the filter cartridge assembly is far below the safety limit of k eff = 0.95, which is applied to plutonium systems at the Hanford Site. During normal operating conditions, uranium, plutonium, and fission and corrosion products in solution are continually accumulating in the available void spaces inside the filter cartridge medium. Currently, filter cartridge assemblies are scheduled to be replaced at six month intervals in KE Basin, and at one year intervals in KW Basin. According to available plutonium concentration data for KE Basin and data for the U/Pu ratio, it will take many times the six-month replacement time for sufficient fissionable material accumulation to take place to exceed the safety limit of k eff = 0.95, especially given the conservative assumption that the presence of fission and corrosion products is ignored. Accumulation of sludge with a composition typical of that measured in the sand filter backwash pit will not lead to a k eff = 0.95 value. For off-normal scenarios, it would require at least two unlikely, independent, and concurrent events to take place before the k eff = 0.95 limit was exceeded. Contingencies considered include failure to replace the filter cartridge assemblies at the scheduled time resulting in additional buildup of fissionable material, the loss of geometry control from the filter cartridge assembly breaking apart and releasing the individual filter cartridges into an optimal configuration, and concentrations of plutonium at U/Pu ratios less than measured data for KE Basin, typically close to 400 according to extensive measurements in the sand filter backwash pit and plutonium production information

  11. Data Fusion Modeling for an RT3102 and Dewetron System Application in Hybrid Vehicle Stability Testing

    Directory of Open Access Journals (Sweden)

    Zhibin Miao

    2015-08-01

    Full Text Available More and more hybrid electric vehicles are driven since they offer such advantages as energy savings and better active safety performance. Hybrid vehicles have two or more power driving systems and frequently switch working condition, so controlling stability is very important. In this work, a two-stage Kalman algorithm method is used to fuse data in hybrid vehicle stability testing. First, the RT3102 navigation system and Dewetron system are introduced. Second, a modeling of data fusion is proposed based on the Kalman filter. Then, this modeling is simulated and tested on a sample vehicle, using Carsim and Simulink software to test the results. The results showed the merits of this modeling.

  12. Definition and means of maintaining the criticality detectors and alarms portion of the PFP safety envelope

    International Nuclear Information System (INIS)

    White, W.F.

    1997-01-01

    The Criticality Alarm System (CAS) provides continuous detection for high radiation (criticality) events and automatically initiates an evacuation signal to affected personnel. The Safety Envelope (SE) for PFP includes the necessary equipment and the required procedures to ensure the CAS is capable of performing its intended function. This document provides the definition and means of maintaining the SE for PFP related to the CAS. This document also identifies and provides a justification for those portions of the CAS excluded from the PFP Safety Envelope

  13. Assessment of criticality safety

    International Nuclear Information System (INIS)

    Lloyd, R.C.; Heaberlin, S.W.; Clayton, E.D.; Carter, R.D.

    1979-01-01

    A study was made of 100 violations of criticality safety specifications reported over a 10-y period in the operations of fuel reprocessing plants. The seriousness of each rule violation was evaluated by assigning it a severity index value. The underlying causes or reasons, for the violations were identified. A criticality event tree was constructed using the parameters, causes, and reasons found in the analysis of the infractions. The event tree provides a means for visualizing the paths to an accidental criticality. Some 65% of the violations were caused by misinterpretation on the part of the operator, being attributed to a lack of clarity in the specification and insufficient training; 33% were attributed to lack of care, whereas only 2% were caused by mechanical failure. A fault tree was constructed by assembling the events that could contribute to an accident. With suitable data on the probabilities of contributing events, the probability of the accident's occurrence can be forecast. Estimated probabilities for criticality were made, based on the limited data available, that in this case indicate a minimum time span of 244 y of plant operation per accident ranging up to approx. 3000 y subject to the various underlying assumptions made. Some general suggestions for improvement are formulated based on the cases studied. Although conclusions for other plants may differ in detail, the general method of analysis and the fault tree logic should prove applicable. 4 figures, 8 tables

  14. Cultural safety and the challenges of translating critically oriented knowledge in practice.

    Science.gov (United States)

    Browne, Annette J; Varcoe, Colleen; Smye, Victoria; Reimer-Kirkham, Sheryl; Lynam, M Judith; Wong, Sabrina

    2009-07-01

    Cultural safety is a relatively new concept that has emerged in the New Zealand nursing context and is being taken up in various ways in Canadian health care discourses. Our research team has been exploring the relevance of cultural safety in the Canadian context, most recently in relation to a knowledge-translation study conducted with nurses practising in a large tertiary hospital. We were drawn to using cultural safety because we conceptualized it as being compatible with critical theoretical perspectives that foster a focus on power imbalances and inequitable social relationships in health care; the interrelated problems of culturalism and racialization; and a commitment to social justice as central to the social mandate of nursing. Engaging in this knowledge-translation study has provided new perspectives on the complexities, ambiguities and tensions that need to be considered when using the concept of cultural safety to draw attention to racialization, culturalism, and health and health care inequities. The philosophic analysis discussed in this paper represents an epistemological grounding for the concept of cultural safety that links directly to particular moral ends with social justice implications. Although cultural safety is a concept that we have firmly positioned within the paradigm of critical inquiry, ambiguities associated with the notions of 'culture', 'safety', and 'cultural safety' need to be anticipated and addressed if they are to be effectively used to draw attention to critical social justice issues in practice settings. Using cultural safety in practice settings to draw attention to and prompt critical reflection on politicized knowledge, therefore, brings an added layer of complexity. To address these complexities, we propose that what may be required to effectively use cultural safety in the knowledge-translation process is a 'social justice curriculum for practice' that would foster a philosophical stance of critical inquiry at both the

  15. A Criticality Safety Study on Storing Unirradiated Cintichem-Type Targets at Sandia National Laboratories

    International Nuclear Information System (INIS)

    Romero, D.J.; Parma, E.J.; Busch, R.D.

    1999-01-01

    This criticality safety analysis is performed to determine the effective multiplication factor (k eff ) for a storage cabinet filled with unirradiated Cintichem-type targets. These targets will be used to produce 99 Mo at Sandia National Laboratories and will be stored on-site prior to irradiation in the Annular Core Research Reactor. The analysis consisted of using the Monte Carlo code MCNP (Version 4A) to model and predict the k eff for the proposed dry storage configuration under credible loss of geometry and moderator control. Effects of target pitch, non-uniform loading, and target internal/external flooding are evaluated. Further studies were done with deterministic methods to verify the results obtained from MCNP and to obtain a clearer understanding of the parameters affecting system criticality. The diffusion accelerated neutral particle transport code ONEDANT was used to model the target in a one-dimensional, infinite half-slab geometry and determine the critical slab thickness. Hand calculations were also completed to determine the critical slab thickness with modified one-group, and one-group, two region approximations. Results obtained from ONEDANT and the hand calculations were compared to applicable cases in a commonly used criticality safety analysis handbook. Overall, the critical slab thicknesses obtained in the deterministic analysis were much larger than the dimensions of the cabinet and further support the predictions by MCNP that a critical system cannot be attained for the base case or in conditions where loss of geometry and moderation control occur

  16. Validation of Nuclear Criticality Safety Software and 27 energy group ENDF/B-IV cross sections

    International Nuclear Information System (INIS)

    Lee, B.L. Jr.

    1994-08-01

    The validation documented in this report is based on calculations that were executed during June through August 1992, and was completed in June 1993. The statistical analyses in Appendix C and Appendix D were completed in October 1993. This validation gives Portsmouth NCS personnel a basis for performing computerized KENO V.a calculations using the Martin Marietta Nuclear Criticality Safety Software. The first portion of the document outlines basic information in regard to validation of NCSS using ENDF/B-IV 27-group cross sections on the IBM 3090 at ORNL. A basic discussion of the NCSS system is provided, some discussion on the validation database and validation in general. Then follows a detailed description of the statistical analysis which was applied. The results of this validation indicate that the NCSS software may be used with confidence for criticality calculations at the Portsmouth Gaseous Diffusion Plant. When the validation results are treated as a single group, there is 95% confidence that 99.9% of future calculations of similar critical systems will have a calculated K eff > 0.9616. Based on this result the Portsmouth Nuclear Criticality Safety Department has adopted the calculational acceptance criteria that a k eff + 2σ ≤ 0.95 is safety subcritical. The validation of NCSS on the IBM 3090 at ORNL was extended to include NCSS on the IBM 3090 at K-25

  17. The combined hybrid system: A symbiotic thermal reactor/fast reactor system for power generation and radioactive waste toxicity reduction

    International Nuclear Information System (INIS)

    Hollaway, W.R.

    1991-08-01

    If there is to be a next generation of nuclear power in the United States, then the four fundamental obstacles confronting nuclear power technology must be overcome: safety, cost, waste management, and proliferation resistance. The Combined Hybrid System (CHS) is proposed as a possible solution to the problems preventing a vigorous resurgence of nuclear power. The CHS combines Thermal Reactors (for operability, safety, and cost) and Integral Fast Reactors (for waste treatment and actinide burning) in a symbiotic large scale system. The CHS addresses the safety and cost issues through the use of advanced reactor designs, the waste management issue through the use of actinide burning, and the proliferation resistance issue through the use of an integral fuel cycle with co-located components. There are nine major components in the Combined Hybrid System linked by nineteen nuclear material mass flow streams. A computer code, CHASM, is used to analyze the mass flow rates CHS, and the reactor support ratio (the ratio of thermal/fast reactors), IFR of the system. The primary advantages of the CHS are its essentially actinide-free high-level radioactive waste, plus improved reactor safety, uranium utilization, and widening of the option base. The primary disadvantages of the CHS are the large capacity of IFRs required (approximately one MW e IFR capacity for every three MW e Thermal Reactor) and the novel radioactive waste streams produced by the CHS. The capability of the IFR to burn pure transuranic fuel, a primary assumption of this study, has yet to be proven. The Combined Hybrid System represents an attractive option for future nuclear power development; that disposal of the essentially actinide-free radioactive waste produced by the CHS provides an excellent alternative to the disposal of intact actinide-bearing Light Water Reactor spent fuel (reducing the toxicity based lifetime of the waste from roughly 360,000 years to about 510 years)

  18. Criticality safety considerations. Integral Monitored Retrievable Storage (MRS) Facility

    International Nuclear Information System (INIS)

    1986-09-01

    This report summarizes the criticality analysis performed to address criticality safety concerns and to support facility design during the conceptual design phase of the Monitored Retrievable Storage (MRS) Facility. The report addresses the criticality safety concerns, the design features of the facility relative to criticality, and the results of the analysis of both normal operating and hypothetical off-normal conditions. Key references are provided (Appendix C) if additional information is desired by the reader. The MRS Facility design was developed and the related analysis was performed in accordance with the MRS Facility Functional Design Criteria and the Basis for Design. The detailed description and calculations are documented in the Integral MRS Facility Conceptual Design Report. In addition to the summary portion of this report, explanatary notes for various terms, calculation methodology, and design parameters are presented in Appendix A. Appendix B provides a brief glossary of technical terms

  19. WSRC approach to validation of criticality safety computer codes

    International Nuclear Information System (INIS)

    Finch, D.R.; Mincey, J.F.

    1991-01-01

    Recent hardware and operating system changes at Westinghouse Savannah River Site (WSRC) have necessitated review of the validation for JOSHUA criticality safety computer codes. As part of the planning for this effort, a policy for validation of JOSHUA and other criticality safety codes has been developed. This policy will be illustrated with the steps being taken at WSRC. The objective in validating a specific computational method is to reliably correlate its calculated neutron multiplication factor (K eff ) with known values over a well-defined set of neutronic conditions. Said another way, such correlations should be: (1) repeatable; (2) demonstrated with defined confidence; and (3) identify the range of neutronic conditions (area of applicability) for which the correlations are valid. The general approach to validation of computational methods at WSRC must encompass a large number of diverse types of fissile material processes in different operations. Special problems are presented in validating computational methods when very few experiments are available (such as for enriched uranium systems with principal second isotope 236 U). To cover all process conditions at WSRC, a broad validation approach has been used. Broad validation is based upon calculation of many experiments to span all possible ranges of reflection, nuclide concentrations, moderation ratios, etc. Narrow validation, in comparison, relies on calculations of a few experiments very near anticipated worst-case process conditions. The methods and problems of broad validation are discussed

  20. Parametric Criticality Safety Calculations for Arrays of TRU Waste Containers

    Energy Technology Data Exchange (ETDEWEB)

    Gough, Sean T. [Los Alamos National Lab. (LANL), Los Alamos, NM (United States)

    2017-10-26

    The Nuclear Criticality Safety Division (NCSD) has performed criticality safety calculations for finite and infinite arrays of transuranic (TRU) waste containers. The results of these analyses may be applied in any technical area onsite (e.g., TA-54, TA-55, etc.), as long as the assumptions herein are met. These calculations are designed to update the existing reference calculations for waste arrays documented in Reference 1, in order to meet current guidance on calculational methodology.