Knight, John C; Strunk, Elisabeth A
.... In a system with a survivability architecture, under adverse conditions such as system damage or software failures, some desirable function will be eliminated but critical services will be retained...
... Pachard Company, Business Critical Systems, Mission Critical Business Software Division, Openvms Operating... Colorado, Marlborough, Massachuetts; Hewlett Pachard Company, Business Critical Systems, Mission Critical... Company, Business Critical Systems, Mission Critical Business Software Division, OpenVMS Operating System...
Kamel, Khaled; Brown, Barbara
This research was undertaken to provide NASA with a survey of state-of-the-art techniques using in industrial and academia to provide safe, reliable, and maintainable software to drive large systems. Such systems must match the complexity and strict safety requirements of NASA's shuttle system. In particular, the Launch Processing System (LPS) is being considered for replacement. The LPS is responsible for monitoring and commanding the shuttle during test, repair, and launch phases. NASA built this system in the 1970's using mostly hardware techniques to provide for increased reliability, but it did so often using custom-built equipment, which has not been able to keep up with current technologies. This report surveys the major techniques used in industry and academia to ensure reliability in large and critical computer systems.
Hill, Janice L.
How can traceability of software safety requirements be created for legacy safety critical systems? Requirements in safety standards are imposed most times during contract negotiations. On the other hand, there are instances where safety standards are levied on legacy safety critical systems, some of which may be considered for reuse for new applications. Safety standards often specify that software development documentation include process-oriented and technical safety requirements, and also require that system and software safety analyses are performed supporting technical safety requirements implementation. So what can be done if the requisite documents for establishing and maintaining safety requirements traceability are not available?
Lutz, Robyn R.
This paper analyzes the root causes of safety-related software errors in safety-critical, embedded systems. The results show that software errors identified as potentially hazardous to the system tend to be produced by different error mechanisms than non- safety-related software errors. Safety-related software errors are shown to arise most commonly from (1) discrepancies between the documented requirements specifications and the requirements needed for correct functioning of the system and (2) misunderstandings of the software's interface with the rest of the system. The paper uses these results to identify methods by which requirements errors can be prevented. The goal is to reduce safety-related software errors and to enhance the safety of complex, embedded systems.
... Packard Company Business Critical Systems, Mission Critical Business Software Division, OpenVMS Operating... Colorado, Marlborough, MA; Hewlett Packard Company Business Critical Systems, Mission Critical Business... Assistance on August 27, 2009, applicable to workers of Hewlett Packard Company, Business Critical Systems...
Chung, Dae Won; Kwon, Soon Man
An essential issue in the replacement of the old analogue I and C to computer-based digital systems in nuclear power plants is the quantitative software reliability assessment. Software reliability models have been successfully applied to many industrial applications, but have the unfortunate drawback of requiring data from which one can formulate a model. Software which is developed for safety critical applications is frequently unable to produce such data for at least two reasons. First, the software is frequently one-of-a-kind, and second, it rarely fails. Safety critical software is normally expected to pass every unit test producing precious little failure data. The basic premise of the rare events approach is that well-tested software does not fail under normal routine and input signals, which means that failures must be triggered by unusual input data and computer states. The failure data found under the reasonable testing cases and testing time for these conditions should be considered for the quantitative reliability assessment. We will present the quantitative reliability assessment methodology of safety critical software for rare failure cases in this paper
Andrade, J.; Ares, J.; Garcia, R.; Pazos, J.; Rodriguez, S.; Rodriguez-Paton, A.; Silva, A.
Failure can be a major driver for the advance of any engineering discipline and Software Engineering is no exception. But failures are useful only if lessons are learned from them. In this article we aim to make a strong defence of, and set the requirements for, lessons learned systems for safety-critical software. We also present a prototype lessons learned system that includes many of the features discussed here. We emphasize that, apart from individual organizations, lessons learned systems should target industrial sectors and even the Software Engineering community. We would like to encourage the Software Engineering community to use this kind of systems as another tool in the toolbox, which complements or enhances other approaches like, for example, standards and checklists
Andrade, J. [University of A Coruna. Campus de Elvina, s/n. 15071, A Coruna (Spain)]. E-mail: firstname.lastname@example.org; Ares, J. [University of A Coruna. Campus de Elvina, s/n. 15071, A Coruna (Spain)]. E-mail: email@example.com; Garcia, R. [University of A Coruna. Campus de Elvina, s/n. 15071, A Coruna (Spain)]. E-mail: firstname.lastname@example.org; Pazos, J. [Technical University of Madrid. Campus de Montegancedo, s/n. 28660, Boadilla del Monte, Madrid (Spain)]. E-mail: email@example.com; Rodriguez, S. [University of A Coruna. Campus de Elvina, s/n. 15071, A Coruna (Spain)]. E-mail: firstname.lastname@example.org; Rodriguez-Paton, A. [Technical University of Madrid. Campus de Montegancedo, s/n. 28660, Boadilla del Monte, Madrid (Spain)]. E-mail: email@example.com; Silva, A. [Technical University of Madrid. Campus de Montegancedo, s/n. 28660, Boadilla del Monte, Madrid (Spain)]. E-mail: firstname.lastname@example.org
Failure can be a major driver for the advance of any engineering discipline and Software Engineering is no exception. But failures are useful only if lessons are learned from them. In this article we aim to make a strong defence of, and set the requirements for, lessons learned systems for safety-critical software. We also present a prototype lessons learned system that includes many of the features discussed here. We emphasize that, apart from individual organizations, lessons learned systems should target industrial sectors and even the Software Engineering community. We would like to encourage the Software Engineering community to use this kind of systems as another tool in the toolbox, which complements or enhances other approaches like, for example, standards and checklists.
Korhonen, J.; Pulkkinen, U.; Haapanen, P.
System vendors nowadays propose software-based systems even for the most critical safety functions in nuclear power plants. Due to the nature and mechanisms of influence of software faults new methods are needed for the safety and reliability evaluation of these systems. In the research project 'Programmable automation systems in nuclear power plants (OHA)' various safety assessment methods and tools for software based systems are developed and evaluated. This report first discusses the (common cause) failure mechanisms in software-based systems, then defines fault-tolerant system architectures to avoid common cause failures, then studies the various alternatives to apply diversity and their influence on system reliability. Finally, a method for the assessment of diversity is described. Other recently published reports in OHA-report series handles the statistical reliability assessment of software based (STUK-YTO-TR 119), usage models in reliability assessment of software-based systems (STUK-YTO-TR 128) and handling of programmable automation in plant PSA-studies (STUK-YTO-TR 129)
Hill, Janice L.; Baggs, Rhoda
Safety Standards contain technical and process-oriented safety requirements. Technical requirements are those such as "must work" and "must not work" functions in the system. Process-Oriented requirements are software engineering and safety management process requirements. Address the system perspective and some cover just software in the system > NASA-STD-8719.13B Software Safety Standard is the current standard of interest. NASA programs/projects will have their own set of safety requirements derived from the standard. Safety Cases: a) Documented demonstration that a system complies with the specified safety requirements. b) Evidence is gathered on the integrity of the system and put forward as an argued case. [Gardener (ed.)] c) Problems occur when trying to meet safety standards, and thus make retrospective safety cases, in legacy safety-critical computer systems.
Dulo, D. A.
Safety critical software systems permeate spacecraft, and in a long term venture like a starship would be pervasive in every system of the spacecraft. Yet software failure today continues to plague both the systems and the organizations that develop them resulting in the loss of life, time, money, and valuable system platforms. A starship cannot afford this type of software failure in long journeys away from home. A single software failure could have catastrophic results for the spaceship and the crew onboard. This paper will offer a new approach to developing safe reliable software systems through focusing not on the traditional safety/reliability engineering paradigms but rather by focusing on a new paradigm: Resilience and Failure Obviation Engineering. The foremost objective of this approach is the obviation of failure, coupled with the ability of a software system to prevent or adapt to complex changing conditions in real time as a safety valve should failure occur to ensure safe system continuity. Through this approach, safety is ensured through foresight to anticipate failure and to adapt to risk in real time before failure occurs. In a starship, this type of software engineering is vital. Through software developed in a resilient manner, a starship would have reduced or eliminated software failure, and would have the ability to rapidly adapt should a software system become unstable or unsafe. As a result, long term software safety, reliability, and resilience would be present for a successful long term starship mission.
Lutz, Robyn R.
This paper analyzes the root causes of safty-related software faults identified as potentially hazardous to the system are distributed somewhat differently over the set of possible error causes than non-safety-related software faults.
Chang, H. S.; Shin, H. K.; Chang, Y. W.; Jung, J. C.; Kim, J. H.; Han, H. H.; Son, H. S.
The core factors and requirements for the safety-critical software traced and the methodology adopted in each stage of software life cycle are presented. In concept phase, Failure Modes and Effects Analysis (FMEA) for the system has been performed. The feasibility evaluation of selected safety parameter was performed and Preliminary Hazards Analysis list was prepared using HAZOP(Hazard and Operability) technique. And the check list for management control has been produced via walk-through technique. Based on the evaluation of the check list, activities to be performed in requirement phase have been determined. In the design phase, hazard analysis has been performed to check the safety capability of the system with regard to safety software algorithm using Fault Tree Analysis (FTA). In the test phase, the test items based on FMEA have been checked for fitness guided by an accident scenario. The pressurizer low pressure trip algorithm has been selected to apply FTA method to software safety analysis as a sample. By applying CASE tool, the requirements traceability of safety critical system has been enhanced during all of software life cycle phases
Haapanen, P. [VTT Automation, Espoo (Finland); Korhonen, J. [VTT Electronics, Espoo (Finland); Pulkkinen, U. [VTT Automation, Espoo (Finland)
System vendors nowadays propose software-based technology even for the most critical safety functions in nuclear power plants. Due to the nature of software faults and the way they cause system failures new methods are needed for the safety and reliability evaluation of these systems. In the research project 'Programmable automation systems in nuclear power plants (OHA)', financed together by the Radiation and Nuclear Safety Authority (STUK), the Ministry of Trade and Industry (KTM) and the Technical Research Centre of Finland (VTT), various safety assessment methods and tools for software based systems are developed and evaluated. As a part of the OHA-work a reference model for the licensing process for software-based safety automation systems is defined. The licensing process is defined as the set of interrelated activities whose purpose is to produce and assess evidence concerning the safety and reliability of the system/application to be licensed and to make the decision about the granting the construction and operation permissions based on this evidence. The parties of the licensing process are the authority, the licensee (the utility company), system vendors and their subcontractors and possible external independent assessors. The responsibility about the production of the evidence in first place lies at the licensee who in most cases rests heavily on the vendor expertise. The evaluation and gauging of the evidence is carried out by the authority (possibly using external experts), who also can acquire additional evidence by using their own (independent) methods and tools. Central issue in the licensing process is to combine the quality evidence about the system development process with the information acquired through tests, analyses and operational experience. The purpose of the licensing process described in this report is to act as a reference model both for the authority and the licensee when planning the licensing of individual applications
Haapanen, P.; Korhonen, J.; Pulkkinen, U.
System vendors nowadays propose software-based technology even for the most critical safety functions in nuclear power plants. Due to the nature of software faults and the way they cause system failures new methods are needed for the safety and reliability evaluation of these systems. In the research project 'Programmable automation systems in nuclear power plants (OHA)', financed together by the Radiation and Nuclear Safety Authority (STUK), the Ministry of Trade and Industry (KTM) and the Technical Research Centre of Finland (VTT), various safety assessment methods and tools for software based systems are developed and evaluated. As a part of the OHA-work a reference model for the licensing process for software-based safety automation systems is defined. The licensing process is defined as the set of interrelated activities whose purpose is to produce and assess evidence concerning the safety and reliability of the system/application to be licensed and to make the decision about the granting the construction and operation permissions based on this evidence. The parties of the licensing process are the authority, the licensee (the utility company), system vendors and their subcontractors and possible external independent assessors. The responsibility about the production of the evidence in first place lies at the licensee who in most cases rests heavily on the vendor expertise. The evaluation and gauging of the evidence is carried out by the authority (possibly using external experts), who also can acquire additional evidence by using their own (independent) methods and tools. Central issue in the licensing process is to combine the quality evidence about the system development process with the information acquired through tests, analyses and operational experience. The purpose of the licensing process described in this report is to act as a reference model both for the authority and the licensee when planning the licensing of individual applications. Many of the
Emmett, J.; Smith, B.
Many Nuclear Power Plants are now ageing and in need of various degrees of refurbishment. Installed instrumentation usually uses out of date 'analogue' technology and is often no longer available in the market place. New technology instrumentation is generally un-qualified for nuclear use and specifically the new 'smart' technology contains 'firmware', (effectively 'soup' (Software of Uncertain Pedigree)) which must be assessed in accordance with relevant safety standards before it may be used in a safety application. Particular standards are IEC 61508  and the British Energy (BE) PES (Programmable Electronic Systems) guidelines EPD/GEN/REP/0277/97.  This paper outlines a new instrument evaluation system, which has been developed in conjunction with the UK Nuclear Industry. The paper concludes with a discussion about on-line monitoring of Smart instrumentation in safety critical applications. (author)
P. V. Srinivas Acharyulu; P. Seetharamaiah
Software safety must deal with the principles of safety management, safety engineering and software engineering for developing safety-critical computer systems, with the target of making the system safe, risk-free and fail-safe in addition to provide a clarified differentaition for assessing and evaluating the risk, with the principles of software risk management. Problem statement: Prevailing software quality models, standards were not subsisting in adequately addressing the software safety ...
Kwon, Kee-Choon; Park, Gee-Yong; Kim, Jang-Yeol; Lee, Jang-Soo
This paper describes the software qualification activities for the safety-critical software of the digital reactor safety system in nuclear power plants. The main activities of the software qualification processes are the preparation of software planning documentations, verification and validation (V and V) of the software requirements specifications (SRS), software design specifications (SDS) and codes, and the testing of the integrated software and integrated system. Moreover, the software safety analysis and software configuration management are involved in the software qualification processes. The V and V procedure for SRS and SDS contains a technical evaluation, licensing suitability evaluation, inspection and traceability analysis, formal verification, software safety analysis, and an evaluation of the software configuration management. The V and V processes for the code are a traceability analysis, source code inspection, test case and test procedure generation. Testing is the major V and V activity of the software integration and system integration phases. The software safety analysis employs a hazard operability method and software fault tree analysis. The software configuration management in each software life cycle is performed by the use of a nuclear software configuration management tool. Through these activities, we can achieve the functionality, performance, reliability, and safety that are the major V and V objectives of the safety-critical software in nuclear power plants. (author)
Kim, Jang Yeol; Lee, Jang Soo; Eom, Heung Seop
This technical report is to present V and V guideline development methodology for safety-critical software in NPP safety system. Therefore it is to present V and V guideline of planning phase for the NPP safety system in addition to critical safety items, for example, independence philosophy, software safety analysis concept, commercial off the shelf (COTS) software evaluation criteria, inter-relationships between other safety assurance organizations, including the concepts of existing industrial standard, IEEE Std-1012, IEEE Std-1059. This technical report includes scope of V and V guideline, guideline framework as part of acceptance criteria, V and V activities and task entrance as part of V and V activity and exit criteria, review and audit, testing and QA records of V and V material and configuration management, software verification and validation plan production etc., and safety-critical software V and V methodology. (author). 11 refs.
Kim, Jang Yeol; Lee, Jang Soo; Eom, Heung Seop.
This technical report is to present V and V guideline development methodology for safety-critical software in NPP safety system. Therefore it is to present V and V guideline of planning phase for the NPP safety system in addition to critical safety items, for example, independence philosophy, software safety analysis concept, commercial off the shelf (COTS) software evaluation criteria, inter-relationships between other safety assurance organizations, including the concepts of existing industrial standard, IEEE Std-1012, IEEE Std-1059. This technical report includes scope of V and V guideline, guideline framework as part of acceptance criteria, V and V activities and task entrance as part of V and V activity and exit criteria, review and audit, testing and QA records of V and V material and configuration management, software verification and validation plan production etc., and safety-critical software V and V methodology. (author). 11 refs
Singh, Neeraj Kumar
Defining a new development life-cycle methodology, together with a set of associated techniques and tools to develop highly critical systems using formal techniques, this book adopts a rigorous safety assessment approach explored via several layers (from requirements analysis to automatic source code generation). This is assessed and evaluated via a standard case study: the cardiac pacemaker. Additionally a formalisation of an Electrocardiogram (ECG) is used to identify anomalies in order to improve existing medical protocols. This allows the key issue - that formal methods are not currently i
Lee, Jang Soo; Cheon, Se Woo; Kim, Chang Hoi; Sim, Yun Sub
This report has described the software safety analysis techniques and the engineering guidelines for developing safety critical software to identify the state of the art in this field and to give the software safety engineer a trail map between the code and standards layer and the design methodology and documents layer. We have surveyed the management aspects of software safety activities during the software lifecycle in order to improve the safety. After identifying the conventional safety analysis techniques for systems, we have surveyed in details the software safety analysis techniques, software FMEA(Failure Mode and Effects Analysis), software HAZOP(Hazard and Operability Analysis), and software FTA(Fault Tree Analysis). We have also surveyed the state of the art in the software reliability assessment techniques. The most important results from the reliability techniques are not the specific probability numbers generated, but the insights into the risk importance of software features. To defend against potential common-mode failures, high quality, defense-in-depth, and diversity are considered to be key elements in digital I and C system design. To minimize the possibility of CMFs and thus increase the plant reliability, we have provided D-in-D and D analysis guidelines.
Lee, Jang Soo; Cheon, Se Woo; Kim, Chang Hoi; Sim, Yun Sub
This report has described the software safety analysis techniques and the engineering guidelines for developing safety critical software to identify the state of the art in this field and to give the software safety engineer a trail map between the code and standards layer and the design methodology and documents layer. We have surveyed the management aspects of software safety activities during the software lifecycle in order to improve the safety. After identifying the conventional safety analysis techniques for systems, we have surveyed in details the software safety analysis techniques, software FMEA(Failure Mode and Effects Analysis), software HAZOP(Hazard and Operability Analysis), and software FTA(Fault Tree Analysis). We have also surveyed the state of the art in the software reliability assessment techniques. The most important results from the reliability techniques are not the specific probability numbers generated, but the insights into the risk importance of software features. To defend against potential common-mode failures, high quality, defense-in-depth, and diversity are considered to be key elements in digital I and C system design. To minimize the possibility of CMFs and thus increase the plant reliability, we have provided D-in-D and D analysis guidelines
National Aeronautics and Space Administration — Flight-critical systems rely on an ever increasing amount of softwarethe Boe- ing 777 contains over 2 million lines of code. Most of this code is written in the C...
Hill, Janice; Victor, Daniel
When software safety requirements are imposed on legacy safety-critical systems, retrospective safety cases need to be formulated as part of recertifying the systems for further use and risks must be documented and managed to give confidence for reusing the systems. The SEJ Software Development Risk Taxonomy  focuses on general software development issues. It does not, however, cover all the safety risks. The Software Safety Risk Taxonomy  was developed which provides a construct for eliciting and categorizing software safety risks in a straightforward manner. In this paper, we present extended work on the taxonomy for safety that incorporates the additional issues inherent in the development and maintenance of safety-critical systems with software. An instrument called a Software Safety Risk Taxonomy Based Questionnaire (TBQ) is generated containing questions addressing each safety attribute in the Software Safety Risk Taxonomy. Software safety risks are surfaced using the new TBQ and then analyzed. In this paper we give the definitions for the specialized Product Engineering Class within the Software Safety Risk Taxonomy. At the end of the paper, we present the tool known as the 'Legacy Systems Risk Database Tool' that is used to collect and analyze the data required to show traceability to a particular safety standard
Koo, S. R.; Cho, C. H.; Seong, P. H.
As a software verification and validation should be performed for the development of PLC based safety-critical systems, a software safety analysis is also considered in line with entire software life cycle. In this paper, we propose a technique of software safety analysis in the design phase. Among various software hazard analysis techniques, fault tree analysis is most widely used for the safety analysis of nuclear power plant systems. Fault tree analysis also has the most intuitive notation and makes both qualitative and quantitative analyses possible. To analyze the design phase more effectively, we propose a technique of fault tree synthesis, along with a universal fault tree template for the architecture modules of nuclear software. Consequently, we can analyze the safety of software on the basis of fault tree synthesis. (authors)
Huget, R.G.; Viola, M.; Froebel, P.A.
Ontario Hydro has had experience in designing and qualifying safety critical software used in the reactor shutdown systems of its nuclear generating stations. During software design, an analysis of system level hazards and potential hardware failure effects provide input to determining what safeguards will be needed. One form of safeguard, called software self checks, continually monitor the health of the computer on line. The design of self checks usually is a trade off between the amount of computing resources required, the software complexity, and the level of safeguarding provided. As part of the software verification activity, a software hazards analysis is performed, which identifiers any failure modes that could lead to the software causing an unsafe state, and which recommends changes to mitigate that potential. These recommendations may involve a re-structuring of the software to be more resistant to failure, or the introduction of other safeguarding measures. This paper discusses how Ontario Hydro has implemented these aspects of software design and verification into safety critical software used in reactor shutdown systems
Lee, Jang Soo; Kim, Jang Yeol; Eum, Heung Seop.
Recently, the safety planning for safety-critical software systems is being recognized as the most important phase in the software life cycle, and being developed new regulatory positions and standards by the regulatory and the standardization organization. The requirements for software important to safety of nuclear reactor are described in such positions and standards. Most of them are describing mandatory requirements, what shall be done, for the safety-critical software. The developers of such a software. However, there have been a lot of controversial factors on whether the work practices satisfy the regulatory requirements, and to justify the safety of such a system developed by the work practices, between the licenser and the licensee. We believe it is caused by the reason that there is a gap between the mandatory requirements (What) and the work practices (How). We have developed a guidance to fill such gap, which can be useful for both licenser and licensee to conduct a justification of the safety in the planning phase of developing the software for nuclear reactor protection systems. (author). 67 refs., 13 tabs., 2 figs
Lee, Jang Soo; Kim, Jang Yeol; Eum, Heung Seop
Recently, the safety planning for safety-critical software systems is being recognized as the most important phase in the software life cycle, and being developed new regulatory positions and standards by the regulatory and the standardization organization. The requirements for software important to safety of nuclear reactor are described in such positions and standards. Most of them are describing mandatory requirements, what shall be done, for the safety-critical software. The developers of such a software. However, there have been a lot of controversial factors on whether the work practices satisfy the regulatory requirements, and to justify the safety of such a system developed by the work practices, between the licenser and the licensee. We believe it is caused by the reason that there is a gap between the mandatory requirements (What) and the work practices (How). We have developed a guidance to fill such gap, which can be useful for both licenser and licensee to conduct a justification of the safety in the planning phase of developing the software for nuclear reactor protection systems. (author). 67 refs., 13 tabs., 2 figs.
The Mid Infrared Instrument (MIRI FSW presentation covers: (1) Optical System FSW only and Cooling System FSW is covered at its CDR (2) Requirements & Interfaces (3) Relationship with the ISIM FSW (4) FSW Design Drivers & Solutions.
Archinoff, G.H.; Brown, R.A.
Licensing difficulties with the shutdown system software at the Darlington Nuclear Generating Station contributed to delays in starting up the station. Even though the station has now been given approval by the Atomic Energy Control Board (AECB) to operate, the software issue has not disappeared - Ontario Hydro has been instructed by the AECB to redesign the software. This article attempts to explain why software based shutdown systems were chosen for Darlington, why there was so much difficulty licensing them, and what the implications are for other safety related software based applications
Krini, Ossmane; Börcsök, Josef
In order to use electronic systems comprising of software and hardware components in safety related and high safety related applications, it is necessary to meet the Marginal risk numbers required by standards and legislative provisions. Existing processes and mathematical models are used to verify the risk numbers. On the hardware side, various accepted mathematical models, processes, and methods exist to provide the required proof. To this day, however, there are no closed models or mathematical procedures known that allow for a dependable prediction of software reliability. This work presents a method that makes a prognosis on the residual critical error number in software. Conventional models lack this ability and right now, there are no methods that forecast critical errors. The new method will show that an estimate of the residual error number of critical errors in software systems is possible by using a combination of prediction models, a ratio of critical errors, and the total error number. Subsequently, the critical expected value-function at any point in time can be derived from the new solution method, provided the detection rate has been calculated using an appropriate estimation method. Also, the presented method makes it possible to make an estimate on the critical failure rate. The approach is modelled on a real process and therefore describes two essential processes - detection and correction process.
Kwon, K. C.; Park, G. Y.
This paper describes the Verification and Validation (V and V) activities for the safety-critical software in a Digital Reactor Protection System (DRPS) that is being developed through the Korea nuclear instrumentation and control system project. The main activities of the DRPS V and V process are a preparation of the software planning documentation, a verification of the software according to the software life cycle, a software safety analysis and a software configuration management. The verification works for the Software Requirement Specification (SRS) of the DRPS consist of a technical evaluation, a licensing suitability evaluation, a inspection and traceability analysis, a formal verification, and preparing a test plan and procedure. Especially, the SRS is specified by the formal specification method in the development phase, and the formal SRS is verified by a formal verification method. Through these activities, we believe we can achieve the functionality, performance, reliability, and safety that are the major V and V objectives of the nuclear safety-critical software in a DRPS. (authors)
Kropik, M.; Matejka, K.; Jurickova, M.; Chudy, R.
The contribution gives an overview of the project of the software development for safety critical applications. This project has been carried out since 1997. The principal goal of the project was to establish a research laboratory for the development of the software with the highest requirements for quality and reliability. This laboratory was established at the department, equipped with proper hardware and software to support software development. A research team of predominantly young researchers for software development was created. The activities of the research team started with studying and proposing the software development methodology. In addition, this methodology was applied to the real software development. The verification and validation process followed the software development. The validation system for the integrated hardware and software tests was brought into being and its control software was developed. The quality of the software tools was also observed, and the SOSAT tool was used during these activities. National and international contacts were established and maintained during the project solution.(author)
There are three areas of concern: when is software to be considered safe; what, exactly, is the role of the software engineer; and how do systems, or sometimes applications, engineers and software engineers interact with each other. The author presents his perspective on these questions which he feels differ from those of many in the field. He argues for a clear definition of safety in the software arena, so the engineer knows what he is engineering toward. Software must be viewed as part of the entire system, since it does not function on its own, or isolation. He argues for the establishment of clear specifications in this area
Kwon, Kee-Choon; Lee, Jang-Soo [Korea Atomic Energy Research Institute, Daejeon (Korea, Republic of); Jee, Eunkyoung [KAIST, Daejeon (Korea, Republic of)
Nuclear safety-critical software is under strict regulatory requirements and these regulatory requirements are essential for ensuring the safety of nuclear power plants. The verification & validation (V and V) and hazard analysis of the safety-critical software are required to follow regulatory requirements through the entire software life cycle. In order to obtain a license from the regulatory body through the development and validation of safety-critical software, it is essential to meet the standards which are required by the regulatory body throughout the software development process. Generally, large amounts of documents, which demonstrate safety justification including standard compliance, V and V, hazard analysis, and vulnerability assessment activities, are submitted to the regulatory body during the licensing process. It is not easy to accurately read and evaluate the whole documentation for the development activities, implementation technology, and validation activities. The safety case methodology has been kwon a promising approach to evaluate the level and depth of the development and validation results. A safety case is a structured argument, supported by a body of evidence that provides a compelling, comprehensible, and valid case that a system is safe for a given application in a given operating environment. It is suggested to evaluate the level and depth of the results of development and validation by applying safety case methodology to achieve software safety demonstration. A lot of documents provided as evidence are connected to claim that corresponds to the topic for safety demonstration. We demonstrated a case study in which more systematic safety demonstration for the target system software is performed via safety case construction than simply listing the documents.
Kwon, Kee-Choon; Lee, Jang-Soo; Jee, Eunkyoung
Nuclear safety-critical software is under strict regulatory requirements and these regulatory requirements are essential for ensuring the safety of nuclear power plants. The verification & validation (V and V) and hazard analysis of the safety-critical software are required to follow regulatory requirements through the entire software life cycle. In order to obtain a license from the regulatory body through the development and validation of safety-critical software, it is essential to meet the standards which are required by the regulatory body throughout the software development process. Generally, large amounts of documents, which demonstrate safety justification including standard compliance, V and V, hazard analysis, and vulnerability assessment activities, are submitted to the regulatory body during the licensing process. It is not easy to accurately read and evaluate the whole documentation for the development activities, implementation technology, and validation activities. The safety case methodology has been kwon a promising approach to evaluate the level and depth of the development and validation results. A safety case is a structured argument, supported by a body of evidence that provides a compelling, comprehensible, and valid case that a system is safe for a given application in a given operating environment. It is suggested to evaluate the level and depth of the results of development and validation by applying safety case methodology to achieve software safety demonstration. A lot of documents provided as evidence are connected to claim that corresponds to the topic for safety demonstration. We demonstrated a case study in which more systematic safety demonstration for the target system software is performed via safety case construction than simply listing the documents
Due to the nature of software faults and the way they cause system failures new methods are needed for the safety and reliability evaluation of software-based safety-critical automation systems in nuclear power plants. In the research project 'Programmable automation system safety integrity assessment (PASSI)', belonging to the Finnish Nuclear Safety Research Programme (FINNUS, 1999-2002), various safety assessment methods and tools for software based systems are developed and evaluated. The project is financed together by the Radiation and Nuclear Safety Authority (STUK), the Ministry of Trade and Industry (KTM) and the Technical Research Centre of Finland (VTT). In this report the applicability of Bayesian networks to the reliability estimation of software-based systems is studied. The applicability is evaluated by building Bayesian network models for the systems of interest and performing simulations for these models. In the simulations hypothetical evidence is used for defining the parameter relations and for determining the ability to compensate disparate evidence in the models. Based on the experiences from modelling and simulations we are able to conclude that Bayesian networks provide a good method for the reliability estimation of software-based systems. (orig.)
Son, Ki Chang; Chun, Chong Son; Lee, Byeong Joo; Lee, Soon Sung; Lee, Byung Chai
To assure quality of safety critical software, software should be developed in accordance with software development procedures and rigorous software verification and validation should be performed. Software verification is the formal act of reviewing, testing of checking, and documenting whether software components comply with the specified requirements for a particular stage of the development phase. New software verification methodology was developed and was applied to the Shutdown System No. 1 and 2 (SDS1,2) for Wolsung 2,3 and 4 nuclear power plants by Korea Atomic Energy Research Institute(KAERI) and Atomic Energy of Canada Limited(AECL) in order to satisfy new regulation requirements of Atomic Energy Control Boars(AECB). Software verification methodology applied to SDS1 for Wolsung 2,3 and 4 project will be described in this paper. Some errors were found by this methodology during the software development for SDS1 and were corrected by software designer. Outputs from Wolsung 2,3 and 4 project have demonstrated that the use of this methodology results in a high quality, cost-effective product. 15 refs., 6 figs. (author)
Koo, Seo Ryong; Seong, Poong Hyun; Yoo, Jun Beom; Cha, Sung Deok; Youn, Cheong; Han, Hyun Chul
As the use of digital systems becomes more prevalent, adequate techniques for software specification and analysis have become increasingly important in Nuclear Power Plant (NPP) safety-critical systems. Additionally, the importance of software Verification and Validation (V and V) based on adequate specification has received greater emphasis in view of improving software quality. For thorough V and V of safety-critical systems, V and V should be performed throughout the software lifecycle. However, systematic V and V is difficult as it involves many manual-oriented tasks. Tool support is needed in order to more conveniently perform software V and V. In response, we developed four kinds of Computer Aided Software Engineering (CASE) tools to support system specification for a formal-based analysis according to the software lifecycle. In this work, we achieved optimized integration of each tool. The toolset, NuSEE, is an integrated environment for software specification and V and V for PLC based safety-critical systems. In accordance with the software lifecycle, NuSEE consists of NuSISRT for the concept phase, NuSRS for the requirements phase, NuSDS for the design phase and NuSCM for configuration management. It is believed that after further development our integrated environment will be a unique and promising software specification and analysis toolset that will support the entire software lifecycle for the development of PLC based NPP safety-critical systems
The OECD Halden Reactor Project has for a number of years been involved in the development and application of a formal software specification and development method based on algebraic specification and the HRP Prover. In parallel to this activity the Project has been evaluating and comparing different methods and approaches to formal software development by their application on realistic case examples. Recent work has demonstrated that algebraic specification and the HRP Prover can be used both in the specification and design of a software system, even down to a concrete model which can be translated into the chosen implementation language. The HRP Prover is currently being used in a case study on the applicability of the methodology in the development of a power range monitoring system for a nuclear power plant. The presentation reviews some of the experiences drawn from the Project's research activities in this area, with special emphasis on questions relating to applicability and limitations, and the role of formal methods in the development of safety-critical software systems. (14 refs., 1 fig.)
Full Text Available A new Digital Reactor Protection System (DRPS based on VME bus Single Board Computer has been developed by KOPEC to prevent software Common Mode Failure(CMF inside digital system. The new DRPS has been proved to be an effective digital safety system to prevent CMF by Defense-in-Depth and Diversity (DID&D analysis. However, for practical use in Nuclear Power Plants, the performance test and the reliability test are essential for the digital system qualification. In this study, a single channel of DRPS prototype has been manufactured for the evaluation of DRPS capabilities. The integrated functional tests are performed and the system reliability is analyzed and tested. The results of reliability test show that the application software of DRPS has a very high reliability compared with the analog reactor protection systems.
Kang, Byung Heon; Kim, Hang Bae; Chang, Hoon Seon; Jeon, Jong Sun
Application of computer software to safety-critical systems in on the increase. To be successful, the software must be designed and constructed to meet the functional and performance requirements of the system. For safety reason, the software must be demonstrated not only to meet these requirements, but also to operate safely as a component within the system. For longer-term cost consideration, the software must be designed and structured to ease future maintenance and modifications. This paper presents a software engineering process for the production of safety-critical software for a nuclear power plant. The presentation is expository in nature of a viable high quality safety-critical software development. It is based on the ideas of a rational design process and on the experience of the adaptation of such process in the production of the safety-critical software for the shutdown system number two of Wolsung 2, 3 and 4 nuclear power generation plants. This process is significantly different from a conventional process in terms of rigorous software development phases and software design techniques, The process covers documentation, design, verification and testing using mathematically precise notations and highly reviewable tabular format to specify software requirements and software requirements and software requirements and code against software design using static analysis. The software engineering process described in this paper applies the principle of information-hiding decomposition in software design using a modular design technique so that when a change is required or an error is detected, the affected scope can be readily and confidently located. it also facilitates a sense of high degree of confidence in the 'correctness' of the software production, and provides a relatively simple and straightforward code implementation effort. 1 figs., 10 refs. (Author)
Koo, Seo Ryong; Seong, Poong Hyun; Yoo, Junbeom; Cha, Sung Deok; Yoo, Yeong Jae
A thorough requirements analysis is indispensable for developing and implementing safety-critical software systems such as nuclear power plant (NPP) software systems because a single error in the requirements can generate serious software faults. However, it is very difficult to completely analyze system requirements. In this paper, an effective technique for the software requirements analysis is suggested. For requirements verification and validation (V and V) tasks, our technique uses software inspection, requirement traceability, and formal specification with structural decomposition. Software inspection and requirements traceability analysis are widely considered the most effective software V and V methods. Although formal methods are also considered an effective V and V activity, they are difficult to use properly in the nuclear fields as well as in other fields because of their mathematical nature. In this work, we propose an integrated environment (IE) approach for requirements, which is an integrated approach that enables easy inspection by combining requirement traceability and effective use of a formal method. The paper also introduces computer-aided tools for supporting IE approach for requirements. Called the nuclear software inspection support and requirements traceability (NuSISRT), the tool incorporates software inspection, requirement traceability, and formal specification capabilities. We designed the NuSISRT to partially automate software inspection and analysis of requirement traceability. In addition, for the formal specification and analysis, we used the formal requirements specification and analysis tool for nuclear engineering (NuSRS)
Operating in mission-critical environments requires trusted solutions, and the preference for "tried and true" approaches presents a potential barrier to infusing innovation into mission-critical systems. This presentation explores opportunities to overcome this barrier in the software domain. It outlines specific areas of innovation in software development achieved by the Johnson Space Center (JSC) Engineering Directorate in support of NASA's major human spaceflight programs, including International Space Station, Multi-Purpose Crew Vehicle (Orion), and Commercial Crew Programs. Software engineering teams at JSC work with hardware developers, mission planners, and system operators to integrate flight vehicles, habitats, robotics, and other spacecraft elements for genuinely mission critical applications. The innovations described, including the use of NASA Core Flight Software and its associated software tool chain, can lead to software that is more affordable, more reliable, better modelled, more flexible, more easily maintained, better tested, and enabling of automation.
Koo, Seo Ryong
To develop and implement a safety-critical system, the requirements of the system must be analyzed thoroughly during the phases of a software development's life cycle because a single error in the requirements can generate serious software faults. We therefore propose an Integrated Environment (IE) approach for requirements which is an integrated approach that enables easy inspection by combining requirement traceability and effective use of a formal method. For the V and V tasks of requirements phase, our approach uses software inspection, requirement traceability, and formal specification with structural decomposition. Software inspection and the analysis of requirements traceability are the most effective methods of software V and V. Although formal methods are also considered an effective V and V activity, they are difficult to use properly in nuclear fields, as well as in other fields, because of their mathematical nature. We also propose another Integrated Environment (IE) for the design and implementation of safety-critical systems. In this study, a nuclear FED-style design specification and analysis (NuFDS) approach was proposed for PLC based safety-critical systems. The NuFDS approach is suggested in a straightforward manner for the effective and formal specification and analysis of software designs. Accordingly, the proposed NuFDS approach comprises one technique for specifying the software design and another for analyzing the software design. In addition, with the NuFDS approach, we can analyze the safety of software on the basis of fault tree synthesis. To analyze the design phase more effectively, we propose a technique of fault tree synthesis, along with a universal fault tree template for the architecture modules of nuclear software. Various tools have been needed to make software V and V more convenient. We therefore developed four kinds of computer-aided software engineering tools that could be used in accordance with the software's life cycle to
The effective implementation of many safety-critical systems involves microprocessors running software which needs to be of very high integrity. This article describes some of the problems of producing such software and the place of software within the total system. A development strategy is proposed based on three principles: the goal of defect-free development, the use of mathematical formalism, and the use of an independent team for testing. (author)
Jung, Jae Cheon; Chang, Hoon Seon; Chang, Young Woo; Kim, Jae Hack; Sohn, Se Do
The major issues of the safety critical software are formalism and V and V. Implementing these two characteristics in the safety critical software will greatly enhance the quality of software product. The structure based development requires lots of output documents from the requirements phase to the testing phase. The requirements analysis phase is open omitted. According to the Standish group report in 2001, 49% of software project is cancelled before completion or never implemented. In addition, 23% is completed and become operational, but over-budget, over the time estimation, and with fewer features and functions than initially specified. They identified ten success factors. Among them, firm basic requirements and formal methods are technically achievable factors while the remaining eight are management related. Misunderstanding of requirements due to lack of communication between the design engineer and verification engineer causes unexpected result such as functionality error of system. Safety critical software shall comply with such characteristics as; modularity, simplicity, minimizing the sub-routine, and excluding the interrupt routine. In addition, the crosslink fault and erroneous function shall be eliminated. The easiness of repairing work after the installation shall be achieved as well. In consideration of the above issues, we evaluate the model driven development (MDD) methods for nuclear I and C systems software. For qualitative analysis, the unified modeling language (UML), functional block language (FBL) and the safety critical application environment (SCADE) are tested for the above characteristics
Guarro, Sergio B.
This report validates and documents the detailed features and practical application of the framework for software intensive digital systems risk assessment and risk-informed safety assurance presented in the NASA PRA Procedures Guide for Managers and Practitioner. This framework, called herein the "Context-based Software Risk Model" (CSRM), enables the assessment of the contribution of software and software-intensive digital systems to overall system risk, in a manner which is entirely compatible and integrated with the format of a "standard" Probabilistic Risk Assessment (PRA), as currently documented and applied for NASA missions and applications. The CSRM also provides a risk-informed path and criteria for conducting organized and systematic digital system and software testing so that, within this risk-informed paradigm, the achievement of a quantitatively defined level of safety and mission success assurance may be targeted and demonstrated. The framework is based on the concept of context-dependent software risk scenarios and on the modeling of such scenarios via the use of traditional PRA techniques - i.e., event trees and fault trees - in combination with more advanced modeling devices such as the Dynamic Flowgraph Methodology (DFM) or other dynamic logic-modeling representations. The scenarios can be synthesized and quantified in a conditional logic and probabilistic formulation. The application of the CSRM method documented in this report refers to the MiniAERCam system designed and developed by the NASA Johnson Space Center.
Alho, Pekka; Mattila, Jouni
Highlights: •We analyze fault tolerance in mission-critical real-time systems. •Decoupled architectural model can be used to implement fault tolerance. •Prototype implementation for remote handling control system and service manager. •Recovery from transient faults by restarting services. -- Abstract: Remote handling (RH) systems are used to inspect, make changes to, and maintain components in the ITER machine and as such are an example of mission-critical system. Failure in a critical system may cause damage, significant financial losses and loss of experiment runtime, making dependability one of their most important properties. However, even if the software for RH control systems has been developed using best practices, the system might still fail due to undetected faults (bugs), hardware failures, etc. Critical systems therefore need capability to tolerate faults and resume operation after their occurrence. However, design of effective fault detection and recovery mechanisms poses a challenge due to timeliness requirements, growth in scale, and complex interactions. In this paper we evaluate effectiveness of service-oriented architectural approach to fault tolerance in mission-critical real-time systems. We use a prototype implementation for service management with an experimental RH control system and industrial manipulator. The fault tolerance is based on using the high level of decoupling between services to recover from transient faults by service restarts. In case the recovery process is not successful, the system can still be used if the fault was not in a critical software module
Alho, Pekka, E-mail: email@example.com; Mattila, Jouni
Highlights: •We analyze fault tolerance in mission-critical real-time systems. •Decoupled architectural model can be used to implement fault tolerance. •Prototype implementation for remote handling control system and service manager. •Recovery from transient faults by restarting services. -- Abstract: Remote handling (RH) systems are used to inspect, make changes to, and maintain components in the ITER machine and as such are an example of mission-critical system. Failure in a critical system may cause damage, significant financial losses and loss of experiment runtime, making dependability one of their most important properties. However, even if the software for RH control systems has been developed using best practices, the system might still fail due to undetected faults (bugs), hardware failures, etc. Critical systems therefore need capability to tolerate faults and resume operation after their occurrence. However, design of effective fault detection and recovery mechanisms poses a challenge due to timeliness requirements, growth in scale, and complex interactions. In this paper we evaluate effectiveness of service-oriented architectural approach to fault tolerance in mission-critical real-time systems. We use a prototype implementation for service management with an experimental RH control system and industrial manipulator. The fault tolerance is based on using the high level of decoupling between services to recover from transient faults by service restarts. In case the recovery process is not successful, the system can still be used if the fault was not in a critical software module.
An estimated 85% of the installed base of software is a custom application with a production quantity of one. In practice, almost 100% of military software systems are custom software. Paradoxically, the marginal costs of producing additional units are near zero. So why hasn`t the software market, a market with high design costs and low productions costs evolved like other similar custom widget industries, such as automobiles and hardware chips? The military software industry seems immune to market pressures that have motivated a multilevel supply chain structure in other widget industries: design cost recovery, improve quality through specialization, and enable rapid assembly from purchased components. The primary goal of the ComponentWare Consortium (CWC) technology plan was to overcome barriers to building and deploying mission-critical information systems by using verified, reusable software components (Component Ware). The adoption of the ComponentWare infrastructure is predicated upon a critical mass of the leading platform vendors` inevitable adoption of adopting emerging, object-based, distributed computing frameworks--initially CORBA and COM/OLE. The long-range goal of this work is to build and deploy military systems from verified reusable architectures. The promise of component-based applications is to enable developers to snap together new applications by mixing and matching prefabricated software components. A key result of this effort is the concept of reusable software architectures. A second important contribution is the notion that a software architecture is something that can be captured in a formal language and reused across multiple applications. The formalization and reuse of software architectures provide major cost and schedule improvements. The Unified Modeling Language (UML) is fast becoming the industry standard for object-oriented analysis and design notation for object-based systems. However, the lack of a standard real-time distributed
Application software is defined as safety-critical if a fault in the software could prevent the system components from performing their nuclear-safety functions. Therefore, for nuclear-safety systems, the AREVA TELEPERM R XS (TXS) system is classified 1E, as defined in the Inst. of Electrical and Electronics Engineers (IEEE) Std 603-1998. The application software is classified as Software Integrity Level (SIL)-4, as defined in IEEE Std 7-4.3.2-2003. The AREVA NP Inc. Software Program Manual (SPM) describes the measures taken to ensure that the TELEPERM XS application software attains a level of quality commensurate with its importance to safety. The manual also describes how TELEPERM XS correctly performs the required safety functions and conforms to established technical and documentation requirements, conventions, rules, and standards. The program manual covers the requirements definition, detailed design, integration, and test phases for the TELEPERM XS application software, and supporting software created by AREVA NP Inc. The SPM is required for all safety-related TELEPERM XS system applications. The program comprises several basic plans and practices: 1. A Software Quality-Assurance Plan (SQAP) that describes the processes necessary to ensure that the software attains a level of quality commensurate with its importance to safety function. 2. A Software Safety Plan (SSP) that identifies the process to reasonably ensure that safety-critical software performs as intended during all abnormal conditions and events, and does not introduce any new hazards that could jeopardize the health and safety of the public. 3. A Software Verification and Validation (V and V) Plan that describes the method of ensuring the software is in accordance with the requirements. 4. A Software Configuration Management Plan (SCMP) that describes the method of maintaining the software in an identifiable state at all times. 5. A Software Operations and Maintenance Plan (SO and MP) that
Everett, B.; Musa, J.
In this talk, the authors address the question open-quotes Can Software Reliability Engineering measurement and modeling techniques be applied to safety-critical applications?close quotes Quantitative techniques have long been applied in engineering hardware components of safety-critical applications. The authors have seen a growing acceptance and use of quantitative techniques in engineering software systems but a continuing reluctance in using such techniques in safety-critical applications. The general case posed against using quantitative techniques for software components runs along the following lines: safety-critical applications should be engineered such that catastrophic failures occur less frequently than one in a billion hours of operation; current software measurement/modeling techniques rely on using failure history data collected during testing; one would have to accumulate over a billion operational hours to verify failure rate objectives of about one per billion hours
Marron, J. E.
With the increasing use of digital systems in control applications, customers must acquire appropriate expectations for software development and quality assurance procedures. Purchasers and users of digital systems need to understand the benefits to the supplier of effective quality systems. These systems consist not only of procedures but tools that enable automation. Without the use of automation, quality can not be assured. A software and systems quality program starts with the documents you are very familiar with. But these documents must define more than the final system. They must address specific development environment characteristics and testing capabilities. Starting with the RFP, some of the items that should be introduced are Software Configuration Management, regression testing and defect tracking. The digital system customer is in the best position to enforce the use of software and systems quality programs by including them in project requirements as early as the Purchase Order. The customer's understanding of the full scope and implementation of a software quality program is essential to achieving the quality necessary in nuclear projects, and, incidentally, completing those projects on schedule. (authors)
Smidts, Carol; Huang, Fuqun; Li, Boyuan; Li, Xiang
With the current transition from analog to digital instrumentation and control systems in nuclear power plants, the number and variety of software-based systems have significantly increased. The sophisticated nature and increasing complexity of software raises trust in these systems as a significant challenge. The trust placed in a software system is typically termed software dependability. Software dependability analysis faces uncommon challenges since software systems' characteristics differ from those of hardware systems. The lack of systematic science-based methods for quantifying the dependability attributes in software-based instrumentation as well as control systems in safety critical applications has proved itself to be a significant inhibitor to the expanded use of modern digital technology in the nuclear industry. Dependability refers to the ability of a system to deliver a service that can be trusted. Dependability is commonly considered as a general concept that encompasses different attributes, e.g., reliability, safety, security, availability and maintainability. Dependability research has progressed significantly over the last few decades. For example, various assessment models and/or design approaches have been proposed for software reliability, software availability and software maintainability. Advances have also been made to integrate multiple dependability attributes, e.g., integrating security with other dependability attributes, measuring availability and maintainability, modeling reliability and availability, quantifying reliability and security, exploring the dependencies between security and safety and developing integrated analysis models. However, there is still a lack of understanding of the dependencies between various dependability attributes as a whole and of how such dependencies are formed. To address the need for quantification and give a more objective basis to the review process -- therefore reducing regulatory uncertainty
Driven by both the need to meet regulatory requirements and a genuine desire to drive improved quality, quality management systems encompassing standard operating procedure, corrective and preventative actions and related processes have existed for many years, both in paper and electronic form. The impact of quality management systems on 'actual' quality, however, is often reported as far less than desired. A quality management software system that moves beyond formal forms-driven processes to include a true closed loop design, manage disparate processes across the enterprise, provide support for collaborative processes and deliver insight into the overall state of control has the potential to close the gap between simply accomplishing regulatory compliance and delivering measurable improvements in quality and efficiency.
Smidts, Carol [The Ohio State Univ., Columbus, OH (United States); Huang, Funqun [The Ohio State Univ., Columbus, OH (United States); Li, Boyuan [The Ohio State Univ., Columbus, OH (United States); Li, Xiang [The Ohio State Univ., Columbus, OH (United States)
With the current transition from analog to digital instrumentation and control systems in nuclear power plants, the number and variety of software-based systems have significantly increased. The sophisticated nature and increasing complexity of software raises trust in these systems as a significant challenge. The trust placed in a software system is typically termed software dependability. Software dependability analysis faces uncommon challenges since software systems’ characteristics differ from those of hardware systems. The lack of systematic science-based methods for quantifying the dependability attributes in software-based instrumentation as well as control systems in safety critical applications has proved itself to be a significant inhibitor to the expanded use of modern digital technology in the nuclear industry. Dependability refers to the ability of a system to deliver a service that can be trusted. Dependability is commonly considered as a general concept that encompasses different attributes, e.g., reliability, safety, security, availability and maintainability. Dependability research has progressed significantly over the last few decades. For example, various assessment models and/or design approaches have been proposed for software reliability, software availability and software maintainability. Advances have also been made to integrate multiple dependability attributes, e.g., integrating security with other dependability attributes, measuring availability and maintainability, modeling reliability and availability, quantifying reliability and security, exploring the dependencies between security and safety and developing integrated analysis models. However, there is still a lack of understanding of the dependencies between various dependability attributes as a whole and of how such dependencies are formed. To address the need for quantification and give a more objective basis to the review process -- therefore reducing regulatory uncertainty
Koh, Jung Soo
This paper describes a formal safety analysis technique which is demonstrated by performing empirical formal safety analysis with the case study of beamline hutch door Interlock system that is developed by using PLC (Programmable Logic Controller) systems at the Pohang Accelerator Laboratory. In order to perform formal safety analysis, we have built the Z formal specifications representation from user requirement written in ambiguous natural language and target PLC ladder logic, respectively. We have also studied the effective method to express typical PLC timer component by using specific Z formal notation which is supported by temporal history. We present a formal proof technique specifying and verifying that the hazardous states are not introduced into ladder logic in the PLC-based safety critical system. And also, we have found that some errors or mismatches in user requirement and final implemented PLC ladder logic while analyzing the process of the consistency and completeness of Z translated formal specifications. In the case of relatively small systems like Beamline hutch door interlock system, a formal safety analysis including explicit proof is highly recommended so that the safety of PLC-based critical system may be enhanced and guaranteed. It also provides a helpful benefits enough to comprehend user requirement expressed by ambiguous natural language
Kim, Hang Bae; Han, Jae Bok
A software engineering process has been developed for the design of safety critical software for Wolsung 2/3/4 project to satisfy the requirements of the regulatory body. Among the process, this paper described the detail process of validation testing performed to ensure that the software with its hardware, developed by the design group, satisfies the requirements of the functional specification prepared by the independent functional group. To perform the tests, test facility and test software were developed and actual safety system computer was connected. Three kinds of test cases, i.e., functional test, performance test and self-check test, were programmed and run to verify each functional specifications. Test failures were feedback to the design group to revise the software and test results were analyzed and documented in the report to submit to the regulatory body. The test methodology and procedure were very efficient and satisfactory to perform the systematic and automatic test. The test results were also acceptable and successful to verify the software acts as specified in the program functional specification. This methodology can be applied to the validation of other safety-critical software. 2 figs., 2 tabs., 14 refs. (Author)
Koh, Jung Soo; Seong, Poong Hyun
This paper describes a formal safety analysis technique which is demonstrated by performing empirical formal safety analysis with the case study of beamline hutch door Interlock system that is developed by using PLC (Programmable Logic Controller) systems at the Pohang Accelerator Laboratory. In order to perform formed safety analysis, we have built the Z formal specifications representation from user requirement written in ambiguous natural language and target PLC ladder logic, respectively. We have also studied the effective method to express typical PLC timer component by using specific Z formal notation which is supported by temporal history. We present a formal proof technique specifying and verifying that the hazardous states are not introduced into ladder logic in the PLC-based safety critical system
Uber, James G.
Software itself is not hazardous, but since software and hardware share common interfaces there is an opportunity for software to create hazards. Further, these software systems are complex, and proven methods for the design, analysis, and measurement of software safety are not yet available. Some past software failures, future NASA software trends, software engineering methods, and tools and techniques for various software safety analyses are reviewed. Recommendations to NASA are made based on this review.
Bishop, Peter; Bloomfield, Robin; Clement, Tim; Guerra, Sofia
This paper describes the Software Criticality Analysis (SCA) approach that was developed to support the justification of using commercial off-the-shelf software (COTS) in a safety-related system. The primary objective of SCA is to assess the importance to safety of the software components within the COTS and to show there is segregation between software components with different safety importance. The approach taken was a combination of Hazops based on design documents and on a detailed analysis of the actual code (100 kloc). Considerable effort was spent on validation and ensuring the conservative nature of the results. The results from reverse engineering from the code showed that results based only on architecture and design documents would have been misleading
Bishop, Peter; Bloomfield, Robin; Clement, Tim; Guerra, Sofia
This paper describes the Software Criticality Analysis (SCA) approach that was developed to support the justification of using commercial off-the-shelf software (COTS) in a safety-related system. The primary objective of SCA is to assess the importance to safety of the software components within the COTS and to show there is segregation between software components with different safety importance. The approach taken was a combination of Hazops based on design documents and on a detailed analysis of the actual code (100 kloc). Considerable effort was spent on validation and ensuring the conservative nature of the results. The results from reverse engineering from the code showed that results based only on architecture and design documents would have been misleading.
Sung, Ahyoung; Choi, Byoungju; Lee, Jangsoo
Digitalization of nuclear Instrumentation and Control (I and C) system requires high reliability of not only hardware but also software. Verification and Validation (V and V) process is recommended for software reliability. But a more quantitative method is necessary such as software testing. Most of software in the nuclear I and C system is safety-critical embedded software. Safety-critical embedded software is specified, verified and developed according to V and V process. Hence two types of software testing techniques are necessary for the developed code. First, code-based software testing is required to examine the developed code. Second, after code-based software testing, software testing affected by hardware is required to reveal the interaction fault that may cause unexpected results. We call the testing of hardware's influence on software, an interaction testing. In case of safety-critical embedded software, it is also important to consider the interaction between hardware and software. Even if no faults are detected when testing either hardware or software alone, combining these components may lead to unexpected results due to the interaction. In this paper, we propose a software test process that embraces test levels, test techniques, required test tasks and documents for safety-critical embedded software. We apply the proposed test process to safety-critical embedded software as a case study, and show the effectiveness of it. (author)
Kim, Man Cheol; Jang, Seung Cheol; Ha, Jae Joo
As digital systems are gradually introduced to nuclear power plants (NPPs), the need of quantitatively analyzing the reliability of the digital systems is also increasing. Kang and Sung identified (1) software reliability, (2) common-cause failures (CCFs), and (3) fault coverage as the three most critical factors in the reliability analysis of digital systems. For the estimation of the safety-critical software (the software that is used in safety-critical digital systems), the use of Bayesian Belief Networks (BBNs) seems to be most widely used. The use of BBNs in reliability estimation of safety-critical software is basically a process of indirectly assigning a reliability based on various observed information and experts' opinions. When software testing results or software failure histories are available, we can use a process of directly estimating the reliability of the software using various software reliability growth models such as Jelinski- Moranda model and Goel-Okumoto's nonhomogeneous Poisson process (NHPP) model. Even though it is generally known that software reliability growth models cannot be applied to safety-critical software due to small number of expected failure data from the testing of safety-critical software, we try to find possibilities and corresponding limitations of applying software reliability growth models to safety critical software
acoustic processing as well as 2D and 3D graphics rendering. Kernel Tracing The instrumented QNX microkernel is equipped with an event-gathering module...and runs at 98% of the speed of the regular microkernel . When tracing, system activity is intercepted by generating time-stamped and CPU stamped...increase the performance of the system, microkernels run most of their services in user space, aiming to improve maintainability and modularity of the
Weber, Doug; Jamsek, Damir
The goal of this task was to investigate how formal methods could be incorporated into a software engineering process for flight-control systems under DO-178B and to demonstrate that process by developing a formal specification for NASA's Guidance and Controls Software (GCS) Experiment. GCS is software to control the descent of a spacecraft onto a planet's surface. The GCS example is simplified from a real example spacecraft, but exhibits the characteristics of realistic spacecraft control software. The formal specification is written in Larch.
Robey, Robert W. [Los Alamos National Lab. (LANL), Los Alamos, NM (United States)
This presentation deals with the hierarchy of software build and delivery systems. One of the goals is to maximize the success rate of new users and developers when first trying your software. First impressions are important. Early successes are important. This also reduces critical documentation costs. This is a presentation focused on computer science and goes into detail about code documentation.
Joo, Sungmoon; Suh, Yong-Suk; Park, Cheol [Korea Atomic Energy Research Institute, Daejeon (Korea, Republic of)
This study was motivated by a research reactor project where the owner of the project and the equipment vendors are from two different standards frameworks. This paper reviews two major standards frameworks - NRC-IEEE and IAEA-IEC - and the software classification schemes as a background, then discuss the V and V issue. The purpose of this paper is by no means to solve the cross-standards-framework qualification issue, but, rather, is to remind the stakeholders of research reactor projects. V and V are also essential for the approval from regulatory bodies. As standards define or recommend consolidated engineering practices, methods, or criteria, V and V activities for software qualification are not exceptional. Within a standards framework, usually, the processes for the qualification of safety-critical software are well-established such that the safety is maximized while minimizing the compromises in software quality, safety, and reliability. When, however, multiple standards frameworks are involved in a research reactor project, it is difficult for equipment vendors to implement appropriate V and V activities as there is no unified view on this cross-standards-framework qualification issue yet. There are two major standards frameworks for safety-critical software development in nuclear industry. Unfortunately different safety classifications for software and thus different requirements for qualification are in place. What makes things worse is that (i) there are ambiguities in the standards and rooms for each stakeholders’ interpretation, and (ii) there is no one-to-one mapping between the associated V and V methods and activities. These may put the stakeholders of research reactor projects in trouble.
Joo, Sungmoon; Suh, Yong-Suk; Park, Cheol
This study was motivated by a research reactor project where the owner of the project and the equipment vendors are from two different standards frameworks. This paper reviews two major standards frameworks - NRC-IEEE and IAEA-IEC - and the software classification schemes as a background, then discuss the V and V issue. The purpose of this paper is by no means to solve the cross-standards-framework qualification issue, but, rather, is to remind the stakeholders of research reactor projects. V and V are also essential for the approval from regulatory bodies. As standards define or recommend consolidated engineering practices, methods, or criteria, V and V activities for software qualification are not exceptional. Within a standards framework, usually, the processes for the qualification of safety-critical software are well-established such that the safety is maximized while minimizing the compromises in software quality, safety, and reliability. When, however, multiple standards frameworks are involved in a research reactor project, it is difficult for equipment vendors to implement appropriate V and V activities as there is no unified view on this cross-standards-framework qualification issue yet. There are two major standards frameworks for safety-critical software development in nuclear industry. Unfortunately different safety classifications for software and thus different requirements for qualification are in place. What makes things worse is that (i) there are ambiguities in the standards and rooms for each stakeholders’ interpretation, and (ii) there is no one-to-one mapping between the associated V and V methods and activities. These may put the stakeholders of research reactor projects in trouble
Trevino, Luis C.; Crumbley, Tim
The slide presentation examines the Marshall Space Flight Center Flight Software Branch, including software development projects, mission critical space flight software development, software technical insight, advanced software development technologies, and continuous improvement in the software development processes and methods.
Koo, Seo-Ryong; Kim, Chang-Hwoi
The purpose of safety analysis, which is a method of identifying portions of a system that have the potential for unacceptable hazards, is firstly to encourage design changes that will reduce or eliminate hazards and, secondly, to conduct special analyses and tests that can provide increased confidence in especially vulnerable portions of the system. For the design and implementation phase of the PLC based systems, we proposed a technique for software design specification and analysis, and this technique enables us to generate software design specifications (SDSs) in nuclear fields. For the safety analysis in the design phase, we used architecture design blocks of NuFDS to represent the architecture of the software. On the basis of the architecture design specification, we can directly generate the fault tree and then use the fault tree for qualitative analysis. Therefore, we proposed a technique of fault tree synthesis, along with a universal fault tree template for the architecture modules of nuclear software. Through our proposed fault tree synthesis in this work, users can use the architecture specification of the NuFDS approach to intuitively compose fault trees that help analyze the safety design features of software.
Horvitz, E; Katz, D. J; Rumpf, R. L; Shrobe, H; Smith, T. B; Webber, G. E; Williamson, W. E; Winston, P. H; Wolbarsht, James L
.... Additionally, recommend that DoN invest in software engineering, particularly as it complements commercial industry developments and promotes the application of systems engineering methodology...
Nicodemos, F. G.; Lahoz, C. H. N.; Abdala, M. A. D.; Saotome, O.
This work addresses the combined Software Fault Tree Analysis (SFTA) and Software Failure Modes, Effects and Criticality Analysis (SFMECA) techniques applied to space critical software of satellite launch vehicles. The combined approach is under research as part of the Verification and Validation (V&V) efforts to increase software dependability and as future application in other projects under development at Instituto de Aeronáutica e Espaço (IAE). The applicability of such approach was conducted on system software specification and applied to a case study based on the Brazilian Satellite Launcher (VLS). The main goal is to identify possible failure causes and obtain compensating provisions that lead to inclusion of new functional and non-functional system software requirements.
Kim, Koheun; Kim, Yong geul; Choi, Woong seok; Sohn, Se do [KEPCO Engineering and Construction, Daejeon (Korea, Republic of)
In APR1400, the computer software hazard analysis is performed by hazard and operability analysis (HAZOP) method. Meanwhile, HAZOP has its limitation and cannot be considered better than fault tree analysis (FTA) or failure mode and effect (FMEA) analysis. HAZOP assumes that the system has been carefully studied, and all possible hazards, their effects or consequences and remedies are incorporated in the system. But incorporating every possible event in the design is impossible. In this light, this paper attempts to use FMEA method for evaluating the risk for safety-critical instrumentation and control (I and C) system software for NPP which is more practically than HAZOP. It is possible because the software failures are due to systematic faults that causing simultaneous failure in multiple division when the triggering event happens. This analysis is applied to safety-critical system of Shin-Hanul units 1 and 2 NPP, i.e., APR1400. Through SFMEA, the critical software failure modes and tasks that could result in CCF are identified and also evaluated to determine the associated risk level (e.g. high or intermediate or low) based on the failure effect. Biggest benefit from this analysis comparing with HAZOP is it can reveal the possible weak points and provide the guidance to the V and V team by helping to generate the test cases.
Butler, Ricky W.; Johnson, Sally C.
The use of computer software in life-critical applications, such as for civil air transports, demands the use of rigorous formal mathematical verification procedures. This paper demonstrates how to apply formal methods to the development and verification of software by leading the reader step-by-step through requirements analysis, design, implementation, and verification of an electronic phone book application. The current maturity and limitations of formal methods tools and techniques are then discussed, and a number of examples of the successful use of formal methods by industry are cited.
To implement the capabilities conceptualized in the National Military Strategy complex secure networks of weapon systems intelligence platforms and command-and-control mechanisms must be seamlessly...
Jacky, J.; Kalet, I.
The authors recommend quality assurance procedures for radiation therapy software. Software quality assurance deals with preventing, detecting and repairing programming errors. Error detection difficulties are most severe in computer-based control systems, for example therapy machine control systems, because it may be impossible for users to confirm correct operation while treatments are in progress, or to intervene if things go wrong. Software quality assurance techniques observed in other industries in which public safety is at risk are reviewed. In some of these industries software must be approved or certified before it can be used. Approval is subject to technical reviews and audits by experts other than the program authors. The main obstacles to adoption of these techniques in the radiation therapy field are costs, lack of familiarity and doubts regarding efficacy. 18 refs
C Language Integration Production System (CLIPS), a NASA-developed expert systems program, has enabled a security systems manufacturer to design a new generation of hardware. C.CURESystem 1 Plus, manufactured by Software House, is a software based system that is used with a variety of access control hardware at installations around the world. Users can manage large amounts of information, solve unique security problems and control entry and time scheduling. CLIPS acts as an information management tool when accessed by C.CURESystem 1 Plus. It asks questions about the hardware and when given the answer, recommends possible quick solutions by non-expert persons.
Aufdenkampe, A. K.; Mayorga, E.; Horsburgh, J. S.; Lehnert, K. A.; Zaslavsky, I.; Valentine, D. W., Jr.; Richard, S. M.; Cheetham, R.; Meyer, F.; Henry, C.; Berg-Cross, G.; Packman, A. I.; Aronson, E. L.
Here we present the prototypes of a new scientific software system designed around the new Observations Data Model version 2.0 (ODM2, https://github.com/UCHIC/ODM2) to substantially enhance integration of biological and Geological (BiG) data for Critical Zone (CZ) science. The CZ science community takes as its charge the effort to integrate theory, models and data from the multitude of disciplines collectively studying processes on the Earth's surface. The central scientific challenge of the CZ science community is to develop a "grand unifying theory" of the critical zone through a theory-model-data fusion approach, for which the key missing need is a cyberinfrastructure for seamless 4D visual exploration of the integrated knowledge (data, model outputs and interpolations) from all the bio and geoscience disciplines relevant to critical zone structure and function, similar to today's ability to easily explore historical satellite imagery and photographs of the earth's surface using Google Earth. This project takes the first "BiG" steps toward answering that need. The overall goal of this project is to co-develop with the CZ science and broader community, including natural resource managers and stakeholders, a web-based integration and visualization environment for joint analysis of cross-scale bio and geoscience processes in the critical zone (BiG CZ), spanning experimental and observational designs. We will: (1) Engage the CZ and broader community to co-develop and deploy the BiG CZ software stack; (2) Develop the BiG CZ Portal web application for intuitive, high-performance map-based discovery, visualization, access and publication of data by scientists, resource managers, educators and the general public; (3) Develop the BiG CZ Toolbox to enable cyber-savvy CZ scientists to access BiG CZ Application Programming Interfaces (APIs); and (4) Develop the BiG CZ Central software stack to bridge data systems developed for multiple critical zone domains into a single
With the development of control and information technology at NPPs, software reliability is important because software failure is usually considered as one form of common cause failures in Digital I and C Systems (DCS). The reliability analysis of DCS, particularly qualitative and quantitative evaluation on the nuclear safety-critical software reliability belongs to a great challenge. To solve this problem, not only comprehensive evaluation model and stage evaluation models are built in this paper, but also prediction and sensibility analysis are given to the models. It can make besement for evaluating the reliability and safety of DCS. (author)
Mckay, Charles W.
The High Technologies Laboratory (HTL) was established in the fall of 1982 at the University of Houston Clear Lake. Research conducted at the High Tech Lab is focused upon computer systems and software engineering. There is a strong emphasis on the interrelationship of these areas of technology and the United States' space program. In Jan. of 1987, NASA Headquarters announced the formation of its first research center dedicated to software engineering. Operated by the High Tech Lab, the Software Engineering Research Center (SERC) was formed at the University of Houston Clear Lake. The High Tech Lab/Software Engineering Research Center promotes cooperative research among government, industry, and academia to advance the edge-of-knowledge and the state-of-the-practice in key topics of computer systems and software engineering which are critical to NASA. The center also recommends appropriate actions, guidelines, standards, and policies to NASA in matters pertinent to the center's research. Results of the research conducted at the High Tech Lab/Software Engineering Research Center have given direction to many decisions made by NASA concerning the Space Station Program.
Gassino, J.; Henry, J.Y.
The CEA and IPSN (Institute of Nuclear Protection and Safety) needs concerning the testing of critical softwares, have led to the development of the CLAIRE tool which is able to test the softwares without modification. This tool allows to graphically model the system and its environment and to include components into the model which observe and do not modify the behaviour of the system to be tested. The executable codes are integrated in the model. The tool uses target machine simulators (microprocessors). The technique used (the event simulation) allows to associate actions with events such as the execution of an instruction, the access to a variable etc.. The simulation results are exploited using graphic, states research and test cover measurement tools. In particular, this tool can give help to the evaluation of critical softwares with pre-existing components. (J.S.)
Purves, L. R.; Gordon, S.; Peltzman, A.; Dube, M.
Collection of computer programs performs diverse functions in prototype engineering. NEXUS, NASA Engineering Extendible Unified Software system, is research set of computer programs designed to support full sequence of activities encountered in NASA engineering projects. Sequence spans preliminary design, design analysis, detailed design, manufacturing, assembly, and testing. Primarily addresses process of prototype engineering, task of getting single or small number of copies of product to work. Written in FORTRAN 77 and PROLOG.
Curtis, Steven A.
The Evolvable Neural Software System (ENSS) is composed of sets of Neural Basis Functions (NBFs), which can be totally autonomously created and removed according to the changing needs and requirements of the software system. The resulting structure is both hierarchical and self-similar in that a given set of NBFs may have a ruler NBF, which in turn communicates with other sets of NBFs. These sets of NBFs may function as nodes to a ruler node, which are also NBF constructs. In this manner, the synthetic neural system can exhibit the complexity, three-dimensional connectivity, and adaptability of biological neural systems. An added advantage of ENSS over a natural neural system is its ability to modify its core genetic code in response to environmental changes as reflected in needs and requirements. The neural system is fully adaptive and evolvable and is trainable before release. It continues to rewire itself while on the job. The NBF is a unique, bilevel intelligence neural system composed of a higher-level heuristic neural system (HNS) and a lower-level, autonomic neural system (ANS). Taken together, the HNS and the ANS give each NBF the complete capabilities of a biological neural system to match sensory inputs to actions. Another feature of the NBF is the Evolvable Neural Interface (ENI), which links the HNS and ANS. The ENI solves the interface problem between these two systems by actively adapting and evolving from a primitive initial state (a Neural Thread) to a complicated, operational ENI and successfully adapting to a training sequence of sensory input. This simulates the adaptation of a biological neural system in a developmental phase. Within the greater multi-NBF and multi-node ENSS, self-similar ENI s provide the basis for inter-NBF and inter-node connectivity.
Kim, Man Cheol; Jang, Seung Cheol; Ha, Jae Joo
It is generally known that software reliability growth models such as the Jelinski-Moranda model and the Goel-Okumoto's Non-Homogeneous Poisson Process (NHPP) model cannot be applied to safety-critical software due to a lack of software failure data. In this paper, by applying two of the most widely known software reliability growth models to sample software failure data, we demonstrate the possibility of using the software reliability growth models to prove the high reliability of safety-critical software. The high sensitivity of a piece of software's reliability to software failure data, as well as a lack of sufficient software failure data, is also identified as a possible limitation when applying the software reliability growth models to safety-critical software
Khalaquzzaman, M.; Cho, Jaehyun; Lee, Seung Jun; Jung, Wondea
The method, conservatively assumes that the failure probability of a software for the untested inputs is 1, and the failure probability turns in 0 for successful testing of all test cases. However, in reality the chance of failure exists due to the test uncertainty. Some studies have been carried out to identify the test attributes that affect the test quality. Cao discussed the testing effort, testing coverage, and testing environment. Management of the test uncertainties was discussed in. In this study, the test uncertainty has been considered to estimate the software failure probability because the software testing process is considered to be inherently uncertain. A reliability estimation of software is very important for a probabilistic safety analysis of a digital safety critical system of NPPs. This study focused on the estimation of the probability of a software failure that considers the uncertainty in software testing. In our study, BBN has been employed as an example model for software test uncertainty quantification. Although it can be argued that the direct expert elicitation of test uncertainty is much simpler than BBN estimation, however the BBN approach provides more insights and a basis for uncertainty estimation
Sparkman, D R; Lagdon, R
The US Department of Energy has undertaken an initiative to improve the quality of software used to design and operate their nuclear facilities across the United States. One aspect of this initiative is to revise or create new directives and guides associated with quality practices for the safety software in its nuclear facilities. Safety software includes the safety structures, systems, and components software and firmware, support software and design and analysis software used to ensure the safety of the facility. DOE nuclear facilities are unique when compared to commercial nuclear or other industrial activities in terms of the types and quantities of hazards that must be controlled to protect workers, public and the environment. Because of these differences, DOE must develop an approach to software quality assurance that ensures appropriate risk mitigation by developing a framework of requirements that accomplishes the following goals: (sm b ullet) Ensures the software processes developed to address nuclear safety in design, operation, construction and maintenance of its facilities are safe (sm b ullet) Considers the larger system that uses the software and its impacts (sm b ullet) Ensures that the software failures do not create unsafe conditions Software designers for nuclear systems and processes must reduce risks in software applications by incorporating processes that recognize, detect, and mitigate software failure in safety related systems. It must also ensure that fail safe modes and component testing are incorporated into software design. For nuclear facilities, the consideration of risk is not necessarily sufficient to ensure safety. Systematic evaluation, independent verification and system safety analysis must be considered for software design, implementation, and operation. The software industry primarily uses risk analysis to determine the appropriate level of rigor applied to software practices. This risk-based approach distinguishes safety-critical
Moreira, F.; Maia, R.; Costa, D.; Duro, N.; Rodríguez-Dapena, P.; Hjortnaes, K.
Space technology is no longer used only for much specialised research activities or for sophisticated manned space missions. Modern society relies more and more on space technology and applications for every day activities. Worldwide telecommunications, Earth observation, navigation and remote sensing are only a few examples of space applications on which we rely daily. The European driven global navigation system Galileo and its associated applications, e.g. air traffic management, vessel and car navigation, will significantly expand the already stringent safety requirements for space based applications Apart from their usefulness and practical applications, every single piece of onboard software deployed into the space represents an enormous investment. With a long lifetime operation and being extremely difficult to maintain and upgrade, at least when comparing with "mainstream" software development, the importance of ensuring their correctness before deployment is immense. Verification &Validation techniques and technologies have a key role in ensuring that the onboard software is correct and error free, or at least free from errors that can potentially lead to catastrophic failures. Many RAMS techniques including both static criticality analysis and dynamic verification techniques have been used as a means to verify and validate critical software and to ensure its correctness. But, traditionally, these have been isolated applied. One of the main reasons is the immaturity of this field in what concerns to its application to the increasing software product(s) within space systems. This paper presents an innovative way of combining both static and dynamic techniques exploiting their synergy and complementarity for software fault removal. The methodology proposed is based on the combination of Software FMEA and FTA with Fault-injection techniques. The case study herein described is implemented with support from two tools: The SoftCare tool for the SFMEA and SFTA
Pham, H.; Pham, M.
This report presents the results of the first phase of the ongoing EG&G Idaho, Inc. Software Reliability Research Program. The program is studying the existing software reliability models and proposes a state-of-the-art software reliability model that is relevant to the nuclear reactor control environment. This report consists of three parts: (1) summaries of the literature review of existing software reliability and fault tolerant software reliability models and their related issues, (2) proposed technique for software reliability enhancement, and (3) general discussion and future research. The development of this proposed state-of-the-art software reliability model will be performed in the second place. 407 refs., 4 figs., 2 tabs.
Pham, H.; Pham, M.
This report presents the results of the first phase of the ongoing EG G Idaho, Inc. Software Reliability Research Program. The program is studying the existing software reliability models and proposes a state-of-the-art software reliability model that is relevant to the nuclear reactor control environment. This report consists of three parts: (1) summaries of the literature review of existing software reliability and fault tolerant software reliability models and their related issues, (2) proposed technique for software reliability enhancement, and (3) general discussion and future research. The development of this proposed state-of-the-art software reliability model will be performed in the second place. 407 refs., 4 figs., 2 tabs.
Modern Large Scale Integration (LSI) microcircuits are meant to be programed in order to control the function that they perform. The basics of microprograming and new microcircuits have already been discussed. In this course, the methods of developing software for these microcircuits are explored. This generally requires a package of support software in order to assemble the microprogram, and also some amount of support software to test the microprograms and to test the microprogramed circuit itself. 15 figures, 2 tables
Moon, Kwon-Ki; Kim, Do-Yeon; Chang, Hoon-Seon; Chang, Young-Woo; Yun, Jae-Hee; Park, Jee-Duck; Kim, Jae-Hack
The safety critical software in the I and C systems of nuclear power plants requires high functional integrity and reliability. To achieve those requirement goals, the safety critical software should be verified and tested according to related codes and standards through verification and validation (V and V) activities. The safety critical software testing is performed at various stages during the development of the software, and is generally classified as three major activities: module testing, system integration testing, and system validation testing. Module testing involves the evaluation of module level functions of hardware and software. System integration testing investigates the characteristics of a collection of modules and aims at establishing their correct interactions. System validation testing demonstrates that the complete system satisfies its functional requirements. In order to generate reliable software and reduce high maintenance cost, it is important that software testing is carried out at module level. Module testing for the nuclear safety critical software has rarely been performed by formal and proven testing tools because of its various constraints. LDRA testing tool is a widely used and proven tool set that provides powerful source code testing and analysis facilities for the V and V of general purpose software and safety critical software. Use of the tool set is indispensable where software is required to be reliable and as error-free as possible, and its use brings in substantial time and cost savings, and efficiency
Modern Large Scale Integration (LSI) microcircuits are meant to be programmed in order to control the function that they perform. In the previous paper the author has already discussed the basics of microprogramming and have studied in some detail two types of new microcircuits. In this paper, methods of developing software for these microcircuits are explored. This generally requires a package of support software in order to assemble the microprogram, and also some amount of support software to test the microprograms and to test the microprogrammed circuit itself. (Auth.)
Robillard, Martin P; Walker, Robert J; Zimmermann, Thomas
With the growth of public and private data stores and the emergence of off-the-shelf data-mining technology, recommendation systems have emerged that specifically address the unique challenges of navigating and interpreting software engineering data.This book collects, structures and formalizes knowledge on recommendation systems in software engineering. It adopts a pragmatic approach with an explicit focus on system design, implementation, and evaluation. The book is divided into three parts: "Part I - Techniques" introduces basics for building recommenders in software engineering, including techniques for collecting and processing software engineering data, but also for presenting recommendations to users as part of their workflow.?"Part II - Evaluation" summarizes methods and experimental designs for evaluating recommendations in software engineering.?"Part III - Applications" describes needs, issues and solution concepts involved in entire recommendation systems for specific software engineering tasks, fo...
... 14 Aeronautics and Space 4 2010-01-01 2010-01-01 false Computing systems and software. 417.123... systems and software. (a) A launch operator must document a system safety process that identifies the... systems and software. (b) A launch operator must identify all safety-critical functions associated with...
Kim, Jang-Yeol; Lee, Jang-Soo; Kwon, Kee-Choon
Safety-critical software is software used in systems in which a failure could affect personal or equipment safety or result in large financial or social loss. Examples of systems using safety-critical software are systems such as plant protection systems in nuclear power plants (NPPs), process control systems in chemical plants, and medical instruments such as the Therac-25 medical accelerator. This paper presents verification and validation (V ampersand V) methodology for safety-critical software in NPP safety systems. In addition, it addresses issues related to NPP safety systems, such as independence parameters, software safety analysis (SSA) concepts, commercial off-the-shelf (COTS) software evaluation criteria, and interrelationships among software and system assurance organizations. It includes the concepts of existing industrial standards on software V ampersand V, Institute of Electrical and Electronics Engineers (IEEE) Standards 1012 and 1059. This safety-critical software V ampersand V methodology covers V ampersand V scope, a regulatory framework as part of its acceptance criteria, V ampersand V activities and task entrance and exit criteria, reviews and audits, testing and quality assurance records of V ampersand V material, configuration management activities related to V ampersand V, and software V ampersand V (SVV) plan (SVVP) production
Claborn, G.W.; Mann, L.W.; Nielson, C.W.
The software at the Tritium Systems Test Assembly (TSTA) is logically broken into two parts, the system support software and the subsystem software. The purpose of the system support software is to isolate the subsystem software from the physical hardware. In this sense the system support software forms the kernel of the software at TSTA. The kernel software performs several functions. It gathers data from CAMAC modules and makes that data available for subsystem processes. It services requests to send commands to CAMAC modules. It provides a system of logging functions and provides for a system-wide global program state that allows highly structured interaction between subsystem processes. The kernel's most visible function is to provide the Man-Machine Interface (MMI). The MMI allows the operators a window into the physical hardware and subsystem process state. Finally the kernel provides a data archiving and compression function that allows archival data to be accessed and plotted. Such kernel software as developed and implemented at TSTA is described
Kim, Jang Yeol; Son, Kwang Seop; Cheon, Se Woo; Lee, Jang Soo; Kwon, Kee Choon [Korea Atomic Energy Research Institute, Daejeon (Korea, Republic of)
Programmable Logic Controllers (PLC) have been applied to the Reactor Protection System (RPS) and the Engineered Safety Feature (ESF)-Component Control System (CCS) as the major safety system components of nuclear power plants. This paper describes experiences on the qualification of the safety-critical software including the pCOS kernel and system tasks related to a safety-grade PLC, i.e. the works done for the Software Verification and Validation, Software Safety Analysis, Software Quality Assurance, and Software Configuration Management etc.
Zygielbaum, Arthur I.
An external review of the Integrated Technology Plan for the Civil Space Program is presented. This review is specifically concerned with the Software Engineering Program. The goals of the Software Engineering Program are as follows: (1) improve NASA's ability to manage development, operation, and maintenance of complex software systems; (2) decrease NASA's cost and risk in engineering complex software systems; and (3) provide technology to assure safety and reliability of software in mission critical applications.
System 7 is a single-user graphical user interface-based operating system for Macintosh computers and was part of the classic Mac OS line of operating systems. It was introduced on May 13, 1991, by Apple Computer. It succeeded System 6, and was the main Macintosh operating system until it was succeeded by Mac OS 8 in 1997. Features added with the System 7 release included virtual memory, personal file sharing, QuickTime, QuickDraw 3D, and an improved user interface. This is the first real major evolution of the Macintosh system, bringing a significant improvement in the user interface, improved stability and many new features such as the ability to use multiple applications at the same time. "System 7" is the last operating system name of the Macintosh that contains the word "system". Macintosh operating systems were later called "Mac OS" (for Macintosh Operating System).
The Advisory Committee on Nuclear Safety (ACNS) has reviewed safety issues associated with the software for the digital computers in the safety shutdown systems for the Darlington NGS. From this review the ACNS has developed four recommendations for safety-critical real-time software in nuclear power plants. These recommendations cover: the completion of the present efforts to develop an overall standard and sub-tier standards for safety-critical real-time software; the preparation of schedules and lists of responsibilities for this development; the concentration of AECB efforts on ensuring the scrutability of safety-critical real-time software; and, the collection of data on reliability and causes of failure (error) of safety-critical real-time software systems and on the probability and causes of common-mode failures (errors). (9 refs.)
Setliff, Dorothy E.
This paper presents research into providing highly reusable and maintainable components by using automatic software synthesis techniques. This proposal uses domain knowledge combined with automatic software synthesis techniques to engineer large-scale mission-critical real-time software. The hypothesis centers on a software synthesis architecture that specifically incorporates application-specific (in this case real-time) knowledge. This architecture synthesizes complex system software to meet a behavioral specification and external interaction design constraints. Some examples of these external constraints are communication protocols, precisions, timing, and space limitations. The incorporation of application-specific knowledge facilitates the generation of mathematical software metrics which are used to narrow the design space, thereby making software synthesis tractable. Success has the potential to dramatically reduce mission-critical system life-cycle costs not only by reducing development time, but more importantly facilitating maintenance, modifications, and extensions of complex mission-critical software systems, which are currently dominating life cycle costs.
Kidd, M.E. [Sandia National Labs., Albuquerque, NM (United States)
This report contains viewgraphs on a method called SEER, which provides a high level of confidence that critical software driven event execution sequences faithfully exceute in the face of transient computer architecture failures in both normal and abnormal operating environments.
The Transportable Criticality Alarm System was developed at the Hanford Site in 1982 to comply with the requirements of US Department of Energy Order DOE 5480.1, 12/18/80, and ANSI/ANS-8.3- 1979. The portable unit that it replaced failed to comply with the new requirements in that it did not provide the necessary warning of malfunctions, nor did it provide the Hanford Site standard criticality alarm signal. Modern technology allowed the Transportable Criticality Alarm System to comply with the criticality requirements cited and to incorporate other features that make it more usable, maintainable, and reliable. The Transportable Criticality Alarm System (TCAS) provides temporary criticality coverage in manned areas where the facility criticality alarm system is not operable. This gamma radiation-sensitive system has been in use for the past 6 yr at the Hanford Site. 2 refs., 4 figs., 1 tab
Lee, Seung Jun; Jung, Wondea Jung
Some researchers recognized Bayesian belief network (BBN) method to be a promising method of quantifying software reliability. Brookhaven National Laboratory (BNL) comprehensively reviewed various quantitative software reliability methods to identify the most promising methods for use in probabilistic safety assessments (PSAs) of digital systems of NPPs against a set of the most desirable characteristics developed therein. BBNs are recognized as a promising way of quantifying software reliability and are useful for integrating many aspects of software engineering and quality assurance. The method explicitly incorporates important factors relevant to reliability, such as the quality of the developer, the development process, problem complexity, testing effort, and the operation environment. In this work, a BBN model was developed to estimate the number of remained defects in a safety-critical software based on the quality evaluation of software development life cycle (SDLC). Even though a number of software reliability evaluation methods exist, none of them can be applicable to the safety-critical software in an NPP because software quality in terms of PDF is required for the PSA
44 Figure 28: The Triples Report PHP Source .................................................................................. 46 iii...relational database management system (RDBMS). The RDBMS chosen for the S3 prototype is MySQL  due to its particular suitability for fronting database...backed websites. However, any RDBMS compliant with the Drupal content management system is suitable. S3 is developed primarily in the PHP
The regulatory (DSIN), the utilities (EDF, CEA..) and the CEA-Institute for Protection and Nuclear Safety (IPSN) work together at the French nuclear safety. This paper presents a tool, called CLAIRE, for simulation and tests of different nuclear safety system. (TEC)
This paper continues the detailed description of the Primary Protection System for Sizewell-B by providing an overview of design and implementation of the software, including the features of the design process which ensure that quality is delivered by the contractor. The Nuclear Electric software assessment activities are also described. The argument for the excellence of the software is made on the basis of a quality product delivered by the equipment supplier's design process, and the confirmation of this provided by the Nuclear Electric assessment process, which is as searching and complete an examination as is reasonably practicable to achieve. (author)
and tools, called model-integrated computing ( MIC )  relies on the use of domain-specific modeling languages for creating models of the system to be...hence giving reflective capabilities to it. We have followed the MIC method here: we designed a domain- specific modeling language for modeling...are produced one-off and not for the mass market , the scope for price reduction based on the market demands is non-existent. Processes to create
Matlin, O.S.; Lusk, E.; McCune, W.
We describe our experiences in using Spin to verify parts of the Multi Purpose Daemon (MPD) parallel process management system. MPD is a distributed collection of processes connected by Unix network sockets. MPD is dynamic processes and connections among them are created and destroyed as MPD is initialized, runs user processes, recovers from faults, and terminates. This dynamic nature is easily expressible in the Spin/Promela framework but poses performance and scalability challenges. We present here the results of expressing some of the parallel algorithms of MPD and executing both simulation and verification runs with Spin
Kim, Heeeun; Kang, Hyungook; Son, Hanseong
This paper proposes a new testing methodology for effective and realistic quantification of RPS software failure probability. Software failure probability quantification is important factor in digital system safety assessment. In this study, the method for software test case generation is briefly described. The test cases generated by this method reflect the characteristics of safety-critical software and past inputs. Furthermore, the number of test cases can be reduced, but it is possible to perform exhaustive test. Aspect of software also can be reflected as failure data, so the final failure data can include the failure of software itself and external influences. Software reliability is generally accepted as the key factor in software quality since it quantifies software failures which can make a powerful system inoperative. In the KNITS (Korea Nuclear Instrumentation and Control Systems) project, the software for the fully digitalized reactor protection system (RPS) was developed under a strict procedure including unit testing and coverage measurement. Black box testing is one type of Verification and validation (V and V), in which given input values are entered and the resulting output values are compared against the expected output values. Programmable logic controllers (PLCs) were used in implementing critical systems and function block diagram (FBD) is a commonly used implementation language for PLC
Cohn, I A; Kovalenko, A G; Vystavkin, A N
A software system, intended for automation of a small scale research, has been developed. The software allows one to control equipment, acquire and process data by means of simple scripts. The main purpose of that development is to increase experiment automation easiness, thus significantly reducing experimental setup automation efforts. In particular, minimal programming skills are required and supervisors have no reviewing troubles. Interactions between scripts and equipment are managed automatically, thus allowing to run multiple scripts simultaneously. Unlike well-known data acquisition commercial software systems, the control is performed by an imperative scripting language. This approach eases complex control and data acquisition algorithms implementation. A modular interface library performs interaction with external interfaces. While most widely used interfaces are already implemented, a simple framework is developed for fast implementations of new software and hardware interfaces. While the software is in continuous development with new features being implemented, it is already used in our laboratory for automation of a helium-3 cryostat control and data acquisition. The software is open source and distributed under Gnu Public License.
Cohn, I. A.; Kovalenko, A. G.; Vystavkin, A. N.
A software system, intended for automation of a small scale research, has been developed. The software allows one to control equipment, acquire and process data by means of simple scripts. The main purpose of that development is to increase experiment automation easiness, thus significantly reducing experimental setup automation efforts. In particular, minimal programming skills are required and supervisors have no reviewing troubles. Interactions between scripts and equipment are managed automatically, thus allowing to run multiple scripts simultaneously. Unlike well-known data acquisition commercial software systems, the control is performed by an imperative scripting language. This approach eases complex control and data acquisition algorithms implementation. A modular interface library performs interaction with external interfaces. While most widely used interfaces are already implemented, a simple framework is developed for fast implementations of new software and hardware interfaces. While the software is in continuous development with new features being implemented, it is already used in our laboratory for automation of a helium-3 cryostat control and data acquisition. The software is open source and distributed under Gnu Public License.
Eom, Heung Seop; Park, Gee Yong; Jang, Seung Cheol; Kang, Hyun Gook
Quantitative software reliability measurement approaches have severe limitations in demonstrating the proper level of reliability for safety-critical software. These limitations can be overcome by using some other means of assessment. One of the promising candidates is based on the quality of the software development. Particularly in the nuclear industry, regulatory bodies in most countries do not accept the concept of quantitative goals as a sole means of meeting their regulations for the reliability of digital computers in NPPs, and use deterministic criteria for both hardware and software. The point of deterministic criteria is to assess the whole development process and its related activities during the software development life cycle for the acceptance of safety-critical software, and software V and V plays an important role in this process. In this light, we studied a V and V based fault estimation method using Bayesian Nets (BNs) to assess the reliability of safety-critical software, especially reactor protection system software in a NPP. The BNs in the study were made for an estimation of software faults and were based on the V and V frame, which governs the development of safety-critical software in the nuclear field. A case study was carried out for a reactor protection system that was developed as a part of the Korea Nuclear Instrumentation and Control System. The insight from the case study is that some important factors affecting the fault number of the target software include the residual faults in the system specification, maximum number of faults introduced in the development phase, ratio between process/function characteristic, uncertainty sizing, and fault elimination rate by inspection activities
Vu, L.; Kim, H.; Benson, E.; Amonette, W. E.; Barrera, J.; Perera, J.; Rajulu, S.; Hanson, A.
The purpose of this study was to develop and evaluate a virtual exercise training software system (VETSS) capable of providing real-time instruction and exercise feedback during exploration missions. A resistive exercise instructional system was developed using a Microsoft Kinect depth-camera device, which provides markerless 3-D whole-body motion capture at a small form factor and minimal setup effort. It was hypothesized that subjects using the newly developed instructional software tool would perform the deadlift exercise with more optimal kinematics and consistent technique than those without the instructional software. Following a comprehensive evaluation in the laboratory, the system was deployed for testing and refinement in the NASA Extreme Environment Mission Operations (NEEMO) analog.
Mjeda , Anila; Hinchey , Mike
International audience; We propose a method tailored to the requirements of safety-critical embedded automotive software, named CTMCONTROL. CTMCONTROL has a par-ticular focus on the specification-based control logic of the system under test and offers improvements in testing coverage metrics over a classic method which is routinely used in industry. The proposed method targets the Modified Condition/ Decision Coverage (MC/DC) objective for automotive safety-critical software. CTMCONTROL is va...
Rone, Kyle Y.; Olson, Kitty M.; Davis, Nathan E.
This paper describes measurement systems required to forecast, measure, and control activities for large, complex software development and support programs. Initial software cost and quality analysis provides the foundation for meaningful management decisions as a project evolves. In modeling the cost and quality of software systems, the relationship between the functionality, quality, cost, and schedule of the product must be considered. This explicit relationship is dictated by the criticality of the software being developed. This balance between cost and quality is a viable software engineering trade-off throughout the life cycle. Therefore, the ability to accurately estimate the cost and quality of software systems is essential to providing reliable software on time and within budget. Software cost models relate the product error rate to the percent of the project labor that is required for independent verification and validation. The criticality of the software determines which cost model is used to estimate the labor required to develop the software. Software quality models yield an expected error discovery rate based on the software size, criticality, software development environment, and the level of competence of the project and developers with respect to the processes being employed.
Iyer, Ravishankar K.; Lee, Inhwan
This chapter provides data and analysis of the dependability and fault tolerance for three operating systems: the Tandem/GUARDIAN fault-tolerant system, the VAX/VMS distributed system, and the IBM/MVS system. Based on measurements from these systems, basic software error characteristics are investigated. Fault tolerance in operating systems resulting from the use of process pairs and recovery routines is evaluated. Two levels of models are developed to analyze error and recovery processes inside an operating system and interactions among multiple instances of an operating system running in a distributed environment. The measurements show that the use of process pairs in Tandem systems, which was originally intended for tolerating hardware faults, allows the system to tolerate about 70% of defects in system software that result in processor failures. The loose coupling between processors which results in the backup execution (the processor state and the sequence of events occurring) being different from the original execution is a major reason for the measured software fault tolerance. The IBM/MVS system fault tolerance almost doubles when recovery routines are provided, in comparison to the case in which no recovery routines are available. However, even when recovery routines are provided, there is almost a 50% chance of system failure when critical system jobs are involved.
Zagar, K.; Kobal, M.; Saje, N.; Zagar, A.; Sabjan, R.; Di Maio, F.; Stepanov, D.
Control system software consists of several parts - the core of the control system, drivers for integration of devices, configuration for user interfaces, alarm system, etc. Once the software is developed and configured, it must be installed to computers where it runs. Usually, it is installed on an operating system whose services it needs, and also in some cases dynamically links with the libraries it provides. Operating system can be quite complex itself - for example, a typical Linux distribution consists of several thousand packages. To manage this complexity, we have decided to rely on Red Hat Package Management system (RPM) to package control system software, and also ensure it is properly installed (i.e., that dependencies are also installed, and that scripts are run after installation if any additional actions need to be performed). As dozens of RPM packages need to be prepared, we are reducing the amount of effort and improving consistency between packages through a Maven-based infrastructure that assists in packaging (e.g., automated generation of RPM SPEC files, including automated identification of dependencies). So far, we have used it to package EPICS, Control System Studio (CSS) and several device drivers. We perform extensive testing on Red Hat Enterprise Linux 5.5, but we have also verified that packaging works on CentOS and Scientific Linux. In this article, we describe in greater detail the systematic system of packaging we are using, and its particular application for the ITER CODAC Core System. (authors)
Kwon, Kee-Choon; Lee, Dong-Young; Choi, Jong-Gyun
In order to achieve technical self-reliance in the area of nuclear instrumentation and control, the Korea Nuclear Instrumentation and Control System (KNICS) project had been running for seven years from 2001. The safety-grade Programmable Logic Controller (PLC) and the digital safety system were developed by KNICS project. All the software of the PLC and digital safety system were developed and verified following the software development life cycle Verification and Validation (V and V) procedure. The main activities of the V and V process are preparation of software planning documentations, verification of the Software Requirement Specification (SRS), Software Design Specification (SDS) and codes, and a testing of the software components, the integrated software, and the integrated system. In addition, a software safety analysis and a software configuration management are included in the activities. For the software safety analysis at the SRS and SDS phases, the software Hazard Operability (HAZOP) was performed and then the software fault tree analysis was applied. The software fault tree analysis was applied to a part of software module with some critical defects identified by the software HAZOP in SDS phase. The software configuration management was performed using the in-house tool developed in the KNICS project. (author)
In this paper some aspects of graphic display systems are discussed. The design of a display subroutine library is described, with an example, and graphic dialogue software is considered primarily from the point of view of the programmer who uses a high-level language. (Auth.)
Post, J. V.
Software quality metrics was extended to cover distributed computer systems. Emphasis is placed on studying embedded computer systems and on viewing them within a system life cycle. The hierarchy of quality factors, criteria, and metrics was maintained. New software quality factors were added, including survivability, expandability, and evolvability.
Lovitsky, Vladimir A.; Pearce, Patricia D.
'DESTA' is the acronym for the Dialogue Evolutionary Synthesizer of Turnkey Algorithms by means of a natural language (Russian or English) functional specification of algorithms or software being developed. DESTA represents the computer-aided and/or automatic artificial intelligence 'forgiving' system which provides users with software tools support for algorithm and/or structured program development. The DESTA system is intended to provide support for the higher levels and earlier stages of engineering design of software in contrast to conventional Computer Aided Design (CAD) systems which provide low level tools for use at a stage when the major planning and structuring decisions have already been taken. DESTA is a knowledge-intensive system. The main features of the knowledge are procedures, functions, modules, operating system commands, batch files, their natural language specifications, and their interlinks. The specific domain for the DESTA system is a high level programming language like Turbo Pascal 6.0. The DESTA system is operational and runs on an IBM PC computer.
The Economics of Information Systems and Software focuses on the economic aspects of information systems and software, including advertising, evaluation of information systems, and software maintenance. The book first elaborates on value and values, software business, and scientific information as an economic category. Discussions focus on information products and information services, special economic properties of information, culture and convergence, hardware and software products, materiality and consumption, technological progress, and software flexibility. The text then takes a look at a
Waclo, J.; Cook, B.; Adomaitis, D.
The activities involved in the successful application of digital systems to Nuclear Protection functions is not achieved through happenstance. At Westinghouse there has been a longstanding program to utilize digital state of the art technology for protection system advancement. Thereby gaining the advantages of increased system reliability, performance, ease of operation and reduced maintenance costs. This paper describes the Westinghouse background and experience in the safety system software development process, including Verification and Validation, and its application to protection system qualification and the successful use for licensing the Eagle 21 Digital Process Protection System Upgrade. In addition, the lessons learned from this experience are discussed from the perspective of improving the development process through applying feedback of the measurements made on the process and the software product quality. The goal of this process optimization is to produce the highest possible software quality while recognizing the real world constraints of available resources, project schedule and the regulatory policies that are customary in the nuclear industry
Dam, H. van; Leege, P.F.A. de
An analysis is presented of thermal systems with minimum critical mass, based on the use of materials with optimum neutron moderating and reflecting properties. The optimum fissile material distributions in the systems are obtained by calculations with standard computer codes, extended with a routine for flat fuel importance search. It is shown that in the minimum critical mass configuration a considerable part of the fuel is positioned in the reflector region. For 239 Pu a minimum critical mass of 87 g is found, which is the lowest value reported hitherto. (author)
Full Text Available Using agile methods during the implementation of the system that meets mission critical requirements can be a real challenge. The change in the system built of dozens or even hundreds of specialized devices with embedded software requires the cooperation of a large group of engineers. This article presents a solution that supports parallel work of groups of system analysts and software developers. Deployment of formal rules to the requirements written in natural language enables using formal analysis of artifacts being a bridge between software and system requirements. Formalism and textual form of requirements allowed the automatic generation of message ﬂow graph for the (sub system, called the “big-picture-model”. Flow diagram analysis helped to avoid a large number of defects whose repair cost in extreme cases could undermine the legitimacy of agile methods in projects of this scale. Retrospectively, a reduction of technical debt was observed. Continuous analysis of the “big picture model” improves the control of the quality parameters of the software architecture. The article also tries to explain why the commercial platform based on UML modeling language may not be suﬃcient in projects of this complexity.
Eom, H. S.; Kang, H. G.; Chang, S. C.; Ha, J. J.; Son, H. S.
Recently practical needs have required quantitative features for the software reliability for Probabilistic Safety Assessment which is one of the important methods being used in assessing the overall safety of nuclear power plant. But the conventional assessment methods of software reliability could not provide enough information for PSA of NPP, therefore current assessments of a digital system which includes safety-critical software usually exclude the software part or use arbitrary values. This paper describes a Bayesian Belief Networks based method that models the rule-based qualitative software assessment method for a practical use and can produce quantitative results for PSA. The framework was constructed by utilizing BBN that can combine the qualitative and quantitative evidence relevant to the reliability of safety-critical software and can infer a conclusion in a formal and a quantitative way. The case study was performed by applying the method for assessing the quality of software requirement specification of safety-critical software that will be embedded in reactor protection system
Full Text Available The software is related to almost every aspect of daily life: manufacturing, banking, travel, communications, defense, medicine, research, government, education, entertainment, law ... Is an essential part of military systems and is used in all civilian sectors, including safety and mission critical. Moreover, the complexity of many of these systems has increased exponentially in recent decades and the software has become an essential component for all of them. Unfortunately, the "systems of higher education", in almost all countries have not kept pace with these changes. The current science and engineering programs, both undergraduate and graduate, they need to incorporate more training in Software Engineering. It is especially true in areas such as aerospace engineering, because these systems are highly dependent on computer, information, communications and software. This article presents an analysis of the current situation of the United States in what has to do with software engineering training that receive and require the aerospace engineers.
Kim, Hung-Jun; Han, Jai-Bok; Chun, Chong-Son; Kim, Sung; Kim, Kern-Joong.
Careful thought must be given to software design in the development of digital based systems that play a critical role in the successful operation of nuclear power plants. To evaluate the software verification and validation methods as well as to verify its system performance capabilities for the upgrade instrumentation and control system in the Korean future nuclear power plants, the prototype Digital Plant, Protection System (DPPS) based on the Programmable Logic Controller (PLC) has been constructed. The system design description and features are briefly presented, and the software design and software verification and validation methods are focused. 6 refs., 2 figs
Sarkar, Vivek; Harrod, William; Snavely, Allan E
Computer systems anticipated in the 2015 - 2020 timeframe are referred to as Extreme Scale because they will be built using massive multi-core processors with 100's of cores per chip. The largest capability Extreme Scale system is expected to deliver Exascale performance of the order of 10 18 operations per second. These systems pose new critical challenges for software in the areas of concurrency, energy efficiency and resiliency. In this paper, we discuss the implications of the concurrency and energy efficiency challenges on future software for Extreme Scale Systems. From an application viewpoint, the concurrency and energy challenges boil down to the ability to express and manage parallelism and locality by exploring a range of strong scaling and new-era weak scaling techniques. For expressing parallelism and locality, the key challenges are the ability to expose all of the intrinsic parallelism and locality in a programming model, while ensuring that this expression of parallelism and locality is portable across a range of systems. For managing parallelism and locality, the OS-related challenges include parallel scalability, spatial partitioning of OS and application functionality, direct hardware access for inter-processor communication, and asynchronous rather than interrupt-driven events, which are accompanied by runtime system challenges for scheduling, synchronization, memory management, communication, performance monitoring, and power management. We conclude by discussing the importance of software-hardware co-design in addressing the fundamental challenges for application enablement on Extreme Scale systems.
Graydon, Patrick J.; Holloway, C. Michael
We need well-founded means of determining whether software is t for use in safety-critical applications. While software in industries such as aviation has an excellent safety record, the fact that software aws have contributed to deaths illustrates the need for justi ably high con dence in software. It is often argued that software is t for safety-critical use because it conforms to a standard for software in safety-critical systems. But little is known about whether such standards `work.' Reliance upon a standard without knowing whether it works is an experiment; without collecting data to assess the standard, this experiment is unplanned. This paper reports on a workshop intended to explore how standards could practicably be assessed. Planning the Unplanned Experiment: Assessing the Ecacy of Standards for Safety Critical Software (AESSCS) was held on 13 May 2014 in conjunction with the European Dependable Computing Conference (EDCC). We summarize and elaborate on the workshop's discussion of the topic, including both the presented positions and the dialogue that ensued.
Koponen, B.L.; Hampel, V.E.
The nuclear criticality safety program at LLNL began in the 1950's with a critical measurements program which produced benchmark data until the late 1960's. This same time period saw the rapid development of computer technology useful for both computer modeling of fissile systems and for computer-aided management and display of the computational benchmark data. Database management grew in importance as the amount of information increased and as experimental programs were terminated. Within the criticality safety program at LLNL we began at that time to develop a computer library of benchmark data for validation of computer codes and cross sections. As part of this effort, we prepared a computer-based bibliography of criticality measurements on relatively simple systems. However, it is only now that some of these computer-based resources can be made available to the nuclear criticality safety community at large. This technology transfer is being accomplished by the DOE Technology Information System (TIS), a dedicated, advanced information system. The NCIS database is described
De Agostino, E.; Massari, V.
The paper deals with the development of micro-computer software for Nuclear Safety System. More specifically, it describes an experimental work in the field of software development methodologies to be used for the implementation of micro-computer based safety systems. An investigation of technological improvements that are provided by state-of-the-art integrated packages for micro-based systems development has been carried out. The work has aimed to assess a suitable automated tools environment for the whole software life-cycle. The main safety functions, as DNBR, KW/FT, of a nuclear power reactor have been implemented in a host-target approach. A prototype test-bed microsystem has been implemented to run the safety functions in order to derive a concrete evaluation on the feasibility of critical software according to new technological trends of ''Software Factories''. (author)
Kaiserslautern Kaiserslautern, Germany Sandeep Shukla FERMAT Lab Electrical and Computer Engineering Department Virginia Tech 900 North Glebe Road...Software Engineering , Software Producibility, Component-based software design, behavioral types, behavioral type inference, Polychronous model of...near future, many embedded applications including safety critical ones as used in avionics, automotive , mission control systems will run on
Son, H.S.; Seong, P.H.
The purpose of this work is to develop a safety prediction method, with which we can predict the risk of software components based on static testing results at the early development stage. The predictive model combines the major factor with the quality factor for the components, both of which are calculated based on the measures proposed in this work. The application to a safety-critical software system demonstrates the feasibility of the safety prediction method. (authors)
Son, H.S.; Seong, P.H.
The purpose of this work is to develop a safety prediction method, with which we can predict the risk of software components based on static testing results at the early development stage. The predictive model combines the major factor with the quality factor for the components, which are calculated based on the measures proposed in this work. The application to a safety-critical software system demonstrates the feasibility of the safety prediction method. (authors)
Huang, S.; Lappa, D.; Chiao, T.; Parrish, C.; Carlson, R.; Lewis, J.; Shikany, D.; Woo, H.
This paper addresses the use of real-time software to assist handlers of fissionable nuclear material. We focus specifically on the issue of workstation mass limits, and the need for handlers to be aware of, and check against, those mass limits during material transfers. Here ''mass limits'' generally refer to criticality safety mass limits; however, in some instances, workstation mass limits for some materials may be governed by considerations other than criticality, e.g., fire or release consequence limitation. As a case study, we provide a simplified reliability comparison of the use of a manual two handler system with a software-assisted two handler system. We identify the interface points between software and handlers that are relevant to criticality safety
Networking and Information Technology Research and Development, Executive Office of the President — This White Paper presents a survey of high confidence software and systems research needs. It has been prepared by the High Confidence Software and Systems...
Chang, Hoon Seon; Jung, Jae Cheon; Kim, Jae Hack; Nam, Sang Ku; Kim, Hang Bae
The safety critical software shall be implemented under the strict regulation and standards along with hardware qualification. In general, the safety critical software has been implemented using functional block language (FBL) and structured language like C in the real project. Software design shall comply with such characteristics as; modularity, simplicity, minimizing the use of sub-routine, and excluding the interrupt logic. To meet these prerequisites, we used the computer-aided software engineering (CASE) tool to substantiate the requirements traceability matrix that were manually developed using Word processors or Spreadsheets. And the coding standard and manual have been developed to confirm the quality of software development process, such as; readability, consistency, and maintainability in compliance with NUREG/CR-6463. System level preliminary hazard analysis (PHA) is performed by analyzing preliminary safety analysis report (PSAR) and FMEA document. The modularity concept is effectively implemented for the overall module configurations and functions using RTP software development tool. The response time imposed on the basis of the deterministic structure of the safety-critical software was measured
Kim, Young Mi; Jeong, Choong Heui
With the rapid development of digital computer and information processing technologies, nuclear I and C (Instrument and Control) system which needs safety critical function has adopted digital technologies. Software used in safety-critical system must have high dependability. Highly dependable software needs strict software testing and V and V activities. These days, regulatory demands for nuclear power plants are more and more increasing. But, human resources and time for regulation are limited. So, early software risky module prediction is very useful for software testing and regulation activities. Early estimation can be built from a collection of internal metrics during early development phase. Internal metrics are measures of a product derived from assessment of the product itself, and external metrics are measures of a product derived from assessment of the behavior of the systems. Internal metrics can be collected more easily and early than external metrics. In addition, internal metrics can be useful for estimating fault-prone software modules using machine learning. In this paper, we introduce current research status and techniques related to estimating risky software module using machine learning techniques. Section 2 describes the overview of the estimation model using machine learning and section 3 describes processes of the estimation model. Section 4 describes several estimation models using machine leanings. Section 5 concludes the paper
Korhonen, J.; Pulkkinen, U.; Haapanen, P.
Plant vendors nowadays propose software-based systems even for the most critical safety functions. The reliability estimation of safety critical software-based systems is difficult since the conventional modeling techniques do not necessarily apply to the analysis of these systems, and the quantification seems to be impossible. Due to lack of operational experience and due to the nature of software faults, the conventional reliability estimation methods can not be applied. New methods are therefore needed for the safety assessment of software-based systems. In the research project Programmable automation systems in nuclear power plants (OHA), financed together by the Finnish Centre for Radiation and Nuclear Safety (STUK), the Ministry of Trade and Industry and the Technical Research Centre of Finland (VTT), various safety assessment methods and tools for software based systems are developed and evaluated. This volume in the OHA-report series deals with the statistical reliability assessment of software based systems on the basis of dynamic test results and qualitative evidence from the system design process. Other reports to be published later on in OHA-report series will handle the diversity requirements in safety critical software-based systems, generation of test data from operational profiles and handling of programmable automation in plant PSA-studies. (orig.) (25 refs.)
Sohn, Se Do; Seong Poong Hyun
The requirement of ultra high reliability of the safety critical software can not be demonstrated by testing alone. The specification based on formal method is recommended for safety system software. But there exist various kinds of formal methods, and this variety of formal method is recognized as an obstacle to the wide use of formal method. In this paper six different formal method have been applied to the same part of the functional requirements that is calculation algorithm intensive. The specification results were compared against the criteria that is derived from the characteristics that good software requirements specifications should have and regulatory body recommends to have. The application experience shows that the critical characteristics should be defined first, then appropriate method has to e selected. In our case, the Software Cost Reduction method was recommended for internal condition or calculation algorithm checking, and state chart method is recommended for the external behavioral description. (author)
Munson, J.; Krings, A.; Hiromoto, R.
We develop the notion of a measurement-based methodology for embedded software systems to ensure properties of reliability, survivability and security, not only under benign faults but under malicious and hazardous conditions as well. The driving force is the need to develop a dynamic run-time monitoring system for use in these embedded mission critical systems. These systems must run reliably, must be secure and they must fail gracefully. That is, they must continue operating in the face of the departures from their nominal operating scenarios, the failure of one or more system components due to normal hardware and software faults, as well as malicious acts. To insure the integrity of embedded software systems, the activity of these systems must be monitored as they operate. For each of these systems, it is possible to establish a very succinct representation of nominal system activity. Furthermore, it is possible to detect departures from the nominal operating scenario in a timely fashion. Such departure may be due to various circumstances, e.g., an assault from an outside agent, thus forcing the system to operate in an off-nominal environment for which it was neither tested nor certified, or a hardware/software component that has ceased to operate in a nominal fashion. A well-designed system will have the property of graceful degradation. It must continue to run even though some of the functionality may have been lost. This involves the intelligent re-mapping of system functions. Those functions that are impacted by the failure of a system component must be identified and isolated. Thus, a system must be designed so that its basic operations may be re-mapped onto system components still operational. That is, the mission objectives of the software must be reassessed in terms of the current operational capabilities of the software system. By integrating the mechanisms to support observation and detection directly into the design methodology, we propose to shift
Sousa, Inês Pais de
Projecto de Mestrado em Gestão Empresarial A tese de mestrado, que se apresenta, consiste num caso de estudo sobre a Critical Software, na vertente da sua Estratégia Empresarial, e tem como objectivo percepcionar quais os aspectos determinantes de uma estratégia capazes de conduzir ao sucesso de uma empresa. Com a resolução do presente caso é ainda possível percepcionar a importância da conquista de uma vantagem competitiva e da definição de um claro posicionamento no mercado. Com ba...
Kim, Man Cheol
For the purpose of developing a consensus method for the reliability assessment of safety-critical digital instrumentation and control systems in nuclear power plants, several high level issues in reliability assessment of the safety-critical software based on Bayesian belief network modeling and statistical testing are discussed. Related to the Bayesian belief network modeling, the relation between the assessment approach and the sources of evidence, the relation between qualitative evidence and quantitative evidence, how to consider qualitative evidence, and the cause-consequence relation are discussed. Related to the statistical testing, the need of the consideration of context-specific software failure probabilities and the inability to perform a huge number of tests in the real world are discussed. The discussions in this paper are expected to provide a common basis for future discussions on the reliability assessment of safety-critical software. (author)
RSKM 2004 COSO Enterprise RSKM Framework 2006 ISO/IEC 16085 Risk Management Process 2008 ISO/IEC 12207 Software Lifecycle Processes 2009 ISO/IEC...1 Software And Systems Engineering Risk Management John Walz VP Technical and Conferences Activities, IEEE Computer Society Vice-Chair Planning...Software & Systems Engineering Standards Committee, IEEE Computer Society US TAG to ISO TMB Risk Management Working Group Systems and Software
The method used to determine how the waste Isolation Pilot Plant (WIPP) facilities/systems were classified as critical or non-critical to the receipt of CH waste is described within this report. All WIPP critical facilities/systems are listed in the Operational Readiness Review Dictionary. Using the Final Safety Analysis Report (FSAR) as a guide to define the boundaries of the facilities/systems, a direct correlation of the ORR Dictionary to the FSAR can be obtained. The critical facilities/systems are those which are directly related to or have a critical support role in the receipt of CH waste. The facility/systems must meet one of the following requirements to be considered critical: (a) confinement or measure of the release of radioactive materials; (b) continued receipt and/or storage of transuranic waste (TRU) without an interruption greater than one month according to the shipping plan schedule; (c) the environmental and occupational safety of personnel meets the established site programs; and (d) the physical security of the WIPP facilities
Hitt, E. F.; Webb, J. J.
Techniques developed for producing fault-tolerant software are described. Tolerance is required because of the impossibility of defining fault-free software. Faults are caused by humans and can appear anywhere in the software life cycle. Tolerance is effected through error detection, damage assessment, recovery, and fault treatment, followed by return of the system to service. Multiversion software comprises two or more versions of the software yielding solutions which are examined by a decision algorithm. Errors can also be detected by extrapolation from previous results or by the acceptability of results. Violations of timing specifications can reveal errors, or the system can roll back to an error-free state when a defect is detected. The software, when used in flight control systems, must not impinge on time-critical responses. Efforts are still needed to reduce the costs of developing the fault-tolerant systems.
The American National Standard ANSI/ANS-8.3-1986, Criticality Accident Alarm System provides guidance for the establishment and maintenance of an alarm system to initiate personnel evacuation in the event of inadvertent criticality. In addition to identifying the physical features of the components of the system, the characteristics of accidents of concern are carefully delineated. Unfortunately, this ANSI Standard has led to considerable confusion in interpretation, and there is evidence that the ''minimum accident of concern'' may not be appropriate. Furthermore, although intended as a guide, the provisions of the standard are being rigorously applied, sometimes with interpretations that are not consistent. Although the standard is clear in the use of absorbed dose in free air of 20 rad, at least one installation has interpreted the requirement to apply to dose in soft tissue. The standard is also clear in specifying the response to both neutrons and gamma rays. An assembly of uranyl fluoride enriched to 5% 235 U was operated to simulate a potential accident. The dose, delivered in a free run excursion 2 m from the surface of the vessel, was greater than 500 rad, without ever exceeding a rate of 20 rad/min, which is the set point for activating an alarm that meets the standard. The presence of an alarm system would not have prevented any of the five major accidents in chemical operations nor is it absolutely certain that the alarms were solely responsible for reducing personnel exposures following the accident. Nevertheless, criticality alarm systems are now the subject of great effort and expense. 13 refs
The situation for experimenters and system designers needing software for instrumentation is described. It is stated that software for a data acquisition system can be divided into programmes described as the foundation software, the applications programme, and the analysis programme. Special attention is given to CAMAC. Two examples from Risoe describing data transportation and archiving are given. Finally the supply of software and the problems of documentation are described. (author)
Horvath, Greg; Chung, Seung H.; Cilloniz-Bicchi, Ferner
The flight software on virtually every mission currently managed by JPL has several major flaws that make it vulnerable to potentially fatal software defects. Many of these problems can be addressed by recently developed partitioned operating systems (OS). JPL has avoided adopting a partitioned operating system on its flight missions, primarily because doing so would require significant changes in flight software design, and the risks associated with changes of that magnitude cannot be accepted by an active flight project. The choice of a partitioned OS can have a dramatic effect on the overall system and software architecture, allowing for realization of benefits far beyond the concerns typically associated with the choice of OS. Specifically, we believe that a partitioned operating system, when coupled with an appropriate architecture, can provide a strong infrastructure for developing systems for which reusability, modifiability, testability, and reliability are essential qualities. By adopting a partitioned OS, projects can gain benefits throughout the entire development lifecycle, from requirements and design, all the way to implementation, testing, and operations.
Al-Tunisi, N.; Ghazzawi, A.; Gruyaert, F.; Clarke, D. [Saudi Aramco, Dhahran (Saudi Arabia). Process and Control Systems Dept.
In November 1993, Saudi Aramco management endorsed a proposal to coordinate the development of the Management Information Systems (MISs) of four concurrent projects for its facilities Controls Modernization Program. The affected projects were the Ras Tanura Refinery Upgrade Project, the Abqaiq Plant Controls Modernization and the Shedgum and Uthmaniyah Gas plants Control Upgrade Projects. All of these projects had a significant requirement of MISs in their scope. Under the leadership of the Process and Control Systems Department, and MIS Coordination Team was formed with representatives of several departments. An MIS Applications Evaluation procedure was developed based on the Kepner Tregoe Decisions Analysis Process and general questionnaires were sent to over a hundred potential Vendors. The applications were divided into several categories, such as: Data Capture and Historization, Human User Interface, Trending, Reporting, Graphic Displays, Data Reconciliation, Statistical Analysis, Expert Systems, Maintenance Applications, Document Management and Operations Planning and Scheduling. For each of the MIS Application areas, detailed follow-up questionnaires were used to short list the candidate products. In May and June 1994, selected Vendors were invited to Saudi Arabia for an Exhibition which was open to all Saudi Aramco employees. In conjunction with this, the Vendors were subjected to a rigorous product testing exercise by independent teams of testers. The paper will describe the methods used and the lessons learned in this extensive software evaluation phase, which was a first for Saudi Aramco.
Al-Tunisi, N.; Ghazzawi, A.; Gruyaert, F.; Clarke, D.
In November 1993, Saudi Aramco management endorsed a proposal to coordinate the development of the Management Information Systems (MISs) of four concurrent projects for its facilities Controls Modernization Program. The affected projects were the Ras Tanura Refinery Upgrade Project, the Abqaiq Plant Controls Modernization and the Shedgum and Uthmaniyah Gas plants Control Upgrade Projects. All of these projects had a significant requirement of MISs in their scope. Under the leadership of the Process and Control Systems Department, and MIS Coordination Team was formed with representatives of several departments. An MIS Applications Evaluation procedure was developed based on the Kepner Tregoe Decisions Analysis Process and general questionnaires were sent to over a hundred potential Vendors. The applications were divided into several categories, such as: Data Capture and Historization, Human User Interface, Trending, Reporting, Graphic Displays, Data Reconciliation, Statistical Analysis, Expert Systems, Maintenance Applications, Document Management and Operations Planning and Scheduling. For each of the MIS Application areas, detailed follow-up questionnaires were used to short list the candidate products. In May and June 1994, selected Vendors were invited to Saudi Arabia for an Exhibition which was open to all Saudi Aramco employees. In conjunction with this, the Vendors were subjected to a rigorous product testing exercise by independent teams of testers. The paper will describe the methods used and the lessons learned in this extensive software evaluation phase, which was a first for Saudi Aramco
Zhang Hongyu; Sheng Huayi; Zhu Haitao; Ji Xiaolu; Zhao Dongxu
This paper presents the design of Test System Software for BESIII MDC Electronics. Two kinds of test systems, SBS VP7 based and PowerPC based systems, and their corresponding test software are introduced. The software is developed in LabVIEW 7.1 and Microsoft Visual C++ 6.0, some test functions of the software, as well as their user interfaces, are described in detail. The software has been applied in hardware debugging, performance test and long term stability test. (authors)
Lee, Inhwan; Iyer, Ravishankar K.
Based on extensive field failure data for Tandem's GUARDIAN operating system this paper discusses evaluation of the dependability of operational software. Software faults considered are major defects that result in processor failures and invoke backup processes to take over. The paper categorizes the underlying causes of software failures and evaluates the effectiveness of the process pair technique in tolerating software faults. A model to describe the impact of software faults on the reliability of an overall system is proposed. The model is used to evaluate the significance of key factors that determine software dependability and to identify areas for improvement. An analysis of the data shows that about 77% of processor failures that are initially considered due to software are confirmed as software problems. The analysis shows that the use of process pairs to provide checkpointing and restart (originally intended for tolerating hardware faults) allows the system to tolerate about 75% of reported software faults that result in processor failures. The loose coupling between processors, which results in the backup execution (the processor state and the sequence of events) being different from the original execution, is a major reason for the measured software fault tolerance. Over two-thirds (72%) of measured software failures are recurrences of previously reported faults. Modeling, based on the data, shows that, in addition to reducing the number of software faults, software dependability can be enhanced by reducing the recurrence rate.
Dougherty, H.; Rodoni, C.; Rossini, R.; Tompetrini, K.; Nakashima, A.; Bradley, A.
The Space Telescope Pointing Control System software is in the advanced development stage, having been tested on both the airbearing and the static simulator. The overall structure of the software is discussed, along with timing and sizing evaluations. The interaction between the controls analysts and software designer is described.
The purpose of this Computer Software Document (CSWD) is to provide configuration control of the Honeywell Modular Automation System (MAS) in use at the Plutonium Finishing Plant (PFP). This CSWD describes hardware and PFP developed software for control of stabilization furnaces. The Honeywell software can generate configuration reports for the developed control software. These reports are described in the following section and are attached as addendum's. This plan applies to PFP Engineering Manager, Thermal Stabilization Cognizant Engineers, and the Shift Technical Advisors responsible for the Honeywell MAS software/hardware and administration of the Honeywell System
Leucht, Kurt W.; Semmel, Glenn S.
The numerous benefits of automatic application code generation are widely accepted within the software engineering community. A few of these benefits include raising the abstraction level of application programming, shorter product development time, lower maintenance costs, and increased code quality and consistency. Surprisingly, code generation concepts have not yet found wide acceptance and use in the field of programmable logic controller (PLC) software development. Software engineers at the NASA Kennedy Space Center (KSC) recognized the need for PLC code generation while developing their new ground checkout and launch processing system. They developed a process and a prototype software tool that automatically translates a high-level representation or specification of safety critical application software into ladder logic that executes on a PLC. This process and tool are expected to increase the reliability of the PLC code over that which is written manually, and may even lower life-cycle costs and shorten the development schedule of the new control system at KSC. This paper examines the problem domain and discusses the process and software tool that were prototyped by the KSC software engineers.
Heiligman, G. M.; Brock, D. R.; Culp, S. D.; Decker, P. H.; Estrada, J. C.; Graybeal, J. B.; Nichols, D. M.; Paluzzi, P. R.; Sharer, P. J.; Pampell, R. J.; Papke, B. L.; Salovich, R. D.; Schlappe, S. B.; Spriestersbach, K. K.; Webb, G. L.
The Stratospheric Observatory for Infrared Astronomy (SOFIA) will be delivered with a computerized mission control system (MCS). The MCS communicates with the aircraft's flight management system and coordinates the operations of the telescope assembly, mission-specific subsystems, and the science instruments. The software for the MCS must be reliable and flexible. It must be easily usable by many teams of observers with widely differing needs, and it must support non-intrusive access for education and public outreach. The technology must be appropriate for SOFIA's 20-year lifetime. The MCS software development process is an object-oriented, use case driven approach. The process is iterative: delivery will be phased over four "builds"; each build will be the result of many iterations; and each iteration will include analysis, design, implementation, and test activities. The team is geographically distributed, coordinating its work via Web pages, teleconferences, T.120 remote collaboration, and CVS (for Internet-enabled configuration management). The MCS software architectural design is derived in part from other observatories' experience. Some important features of the MCS are: * distributed computing over several UNIX and VxWorks computers * fast throughput of time-critical data * use of third-party components, such as the Adaptive Communications Environment (ACE) and the Common Object Request Broker Architecture (CORBA) * extensive configurability via stored, editable configuration files * use of several computer languages so developers have "the right tool for the job". C++, Java, scripting languages, Interactive Data Language (from Research Systems, Int'l.), XML, and HTML will all be used in the final deliverables. This paper reports on work in progress, with the final product scheduled for delivery in 2001. This work was performed for Universities Space Research Association for NASA under contract NAS2-97001.
Koo, Seo Ryong; Seong, Poong Hyun; Jung, Jin Yong; Choi, Seong Soo
This paper introduces the software design specification and analysis technique for the safety-critical system based on Programmable Logic Controller (PLC). During software development phases, the design phase should perform an important role to connect between requirements phase and implementation phase as a process of translating problem requirements into software structures. In this work, the Nuclear FBD-style Design Specification and analysis (NuFDS) approach was proposed. The NuFDS approach for nuclear Instrumentation and Control (I and C) software are suggested in a straight forward manner. It consists of four major specifications as follows; Database, Software Architecture, System Behavior, and PLC Hardware Configuration. Additionally, correctness, completeness, consistency, and traceability check techniques are also suggested for the formal design analysis in NuFDS approach. In addition, for the tool supporting, we are developing NuSDS tool based on the NuFDS approach which is a tool, especially for the software design specification in nuclear fields
This software is a new target for the Spacecraft Health Inference Engine (SHINE) knowledge base that compiles a knowledge base to a language called Tiny C - an interpreted version of C that can be embedded on flight processors. This new target allows portions of a running SHINE knowledge base to be updated on a "live" system without needing to halt and restart the containing SHINE application. This enhancement will directly provide this capability without the risk of software validation problems and can also enable complete integration of BEAM and SHINE into a single application. This innovation enables SHINE deployment in domains where autonomy is used during flight-critical applications that require updates. This capability eliminates the need for halting the application and performing potentially serious total system uploads before resuming the application with the loss of system integrity. This software enables additional applications at JPL (microsensors, embedded mission hardware) and increases the marketability of these applications outside of JPL.
Shin, Sung Min; Kim, Hee Eun; Kang, Hyun Gook; Lee, Seung Jun
Software inside of digitalized system have very important role because it may cause irreversible consequence and affect the whole system as common cause failure. However, test-based reliability quantification method for some safety critical software has limitations caused by difficulties in developing input sets as a form of trajectory which is series of successive values of variables. To address these limitations, this study proposed another method which conduct the test using combination of single values of variables. To substitute the trajectory form of input using combination of variables, the possible range of each variable should be identified. For this purpose, assigned range of each variable, logical relations between variables, plant dynamics under certain situation, and characteristics of obtaining information of digital device are considered. A feasibility of the proposed method was confirmed through an application to the Reactor Protection System (RPS) software trip logic
Software has become increasingly determinative for development of mechatronic systems, which underscores the importance of demands for shortened time-to-market, increased productivity, higher quality, and improved dependability. As the complexity of systems is dramatically increasing, these demands...... present a challenge to the practitioners who adopt conventional software development approach. An effective approach towards industrial production of software for mechatronic systems is needed. This approach requires a disciplined engineering process that encompasses model-driven engineering and component......-based software engineering, whereby we enable incremental software development using component models to address the essential design issues of real-time embedded systems. To this end, this dissertation presents a software development platform that provides an incremental model-driven development process based...
H. Asilian Mahabady
Full Text Available A Microsoft Windows based ventilation software package is developed to reduce time-consuming and boring procedure of exhaust ventilation system design. This program Assure accurate and reliable air pollution control related calculations. Herein, package is tentatively named Exhaust Ventilation Design Software which is developed in VB6 programming environment. Most important features of Exhaust Ventilation Design Software that are ignored in formerly developed packages are Collector design and fan dimension data calculations. Automatic system balance is another feature of this package. Exhaust Ventilation Design Software algorithm for design is based on two methods: Balance by design (Static pressure balance and design by Blast gate. The most important section of software is a spreadsheet that is designed based on American Conference of Governmental Industrial Hygienists calculation sheets. Exhaust Ventilation Design Software is developed so that engineers familiar with American Conference of Governmental Industrial Hygienists datasheet can easily employ it for ventilation systems design. Other sections include Collector design section (settling chamber, cyclone, and packed tower, fan geometry and dimension data section, a unit converter section (that helps engineers to deal with units, a hood design section and a Persian HTML help. Psychometric correction is also considered in Exhaust Ventilation Design Software. In Exhaust Ventilation Design Software design process, efforts are focused on improving GUI (graphical user interface and use of programming standards in software design. Reliability of software has been evaluated and results show acceptable accuracy.
Broenink, Johannes F.; Hilderink, G.H.; Jovanovic, D.S.
The research of our team deals with the realization of control schemes on digital computers. As such the emphasis is on embedded control software implementation. Applications are in the field of mechatronic devices, using a mechatronic design approach (the integrated and optimal design of a
Ball, A.; Dale, C.J.; Butterfield, M.H.
In order to establish confidence in the safe operation of a reactor protection system, there is a need to establish, as far as it is possible, that: (i) the algorithms used are correct; (ii) the system is a correct implementation of the algorithms; and (iii) the hardware is sufficiently reliable. This paper concentrates principally on the second of these, as it applies to the software aspect of the more accurate and complex trip functions to be performed by modern reactor protection systems. In order to engineer safety into software, there is a need to use a development strategy which will stand a high chance of achieving a correct implementation of the trip algorithms. This paper describes three broad methodologies by which it is possible to enhance the integrity of software: fault avoidance, fault tolerance and fault removal. Fault avoidance is concerned with making the software as fault free as possible by appropriate choice of specification, design and implementation methods. A fault tolerant strategy may be advisable in many safety critical applications, in order to guard against residual faults present in the software of the installed system. Fault detection and removal techniques are used to remove as many faults as possible of those introduced during software development. The paper also discusses safety and reliability assessment as it applies to software, outlining the various approaches available. Finally, there is an outline of a research project underway in the UKAEA which is intended to assess methods for developing and testing safety and protection systems involving software. (author)
A workshop was held to assess the state of tools for embedded systems software and to determine directions for tool development. A synopsis of the talk and the key figures of each workshop presentation, together with chairmen summaries, are presented. The presentations covered four major areas: (1) tools and the software environment (development and testing); (2) tools and software requirements, design, and specification; (3) tools and language processors; and (4) tools and verification and validation (analysis and testing). The utility and contribution of existing tools and research results for the development and testing of embedded computing systems software are described and assessed.
Rogers, Mark N.
The broad objective of this expert system software based application was to demonstrate the enhancements and cost savings that can be achieved through expert system software utilization in a spacecraft ground control center. Spacelab provided a valuable proving ground for this advanced software technology; a technology that will be exploited and expanded for future ISS operations. Our specific focus was on demonstrating payload cadre command and control efficiency improvements through the use of "smart" software which monitors flight telemetry, provides enhanced schematic-based data visualization, and performs advanced engineering data analysis.
El-Bordany Ayman; Yun, Won Young
It reads inputs, computes new states, and updates output for each scan cycle. Korea Nuclear Instrumentation and Control System (KNICS) has recently developed a fully digitalized Reactor Protection System (RPS) based on PLD. As a digital system, this RPS is equipped with a dedicated software. The Reliability of this software is crucial to NPPs safety where its malfunction may cause irreversible consequences and affect the whole system as a Common Cause Failure (CCF). To guarantee the reliability of the whole system, the reliability of this software needs to be quantified. There are three representative methods for software reliability quantification, namely the Verification and Validation (V and V) quality-based method, the Software Reliability Growth Model (SRGM), and the test-based method. An important concept of the guidance is that the test sets represent 'trajectories' (a series of successive values for the input variables of a program that occur during the operation of the software over time) in the space of inputs to the software.. Actually, the inputs to the software depends on the state of plant at that time, and these inputs form a new internal state of the software by changing values of some variables. In other words, internal state of the software at specific timing depends on the history of past inputs. Here the internal state of the software which can be changed by past inputs is named as Context of Software (CoS). In a certain CoS, a software failure occurs when a fault is triggered by some inputs. To cover the failure occurrence mechanism of a software, preceding researches insist that the inputs should be a trajectory form. However, in this approach, there are two critical problems. One is the length of the trajectory input. Input trajectory should long enough to cover failure mechanism, but the enough length is not clear. What is worse, to cover some accident scenario, one set of input should represent dozen hours of successive values
Kim, Jang Yeol; Eom, Heung Seop; Choi, You Rark
We defined the Korean unique safety-critical software development methodology by modifying Dr. Harel`s statechart-based on formal methods in order to digitalized the reactor protection system. It is suggested software requirement specification guideline to specify design specification which is basis for requirement specification and automatic programming by the caused by shutdown parameter logic of the steam generator water level for Wolsung 2/3/4 unit SDS no.1 and simulated it by binding the Graphic User Interface (GUI). We generated the K and R C code automatically by utilizing the Statemate MAGNUM Sharpshooter/C code generator. Auto-generated K and R C code is machine independent code and has high productivity, quality and provability. The following are the summaries of major research and development. - Set up the Korean unique safety-critical software development methodology - Developed software requirement specification guidelines - Developed software design specification guidelines - Reactor trip modeling for steam generator waster level Wolsung 2/3/4 SDS no. 1 shutdown parameter logic - Graphic panel binding with GUI. (author). 20 refs., 12 tabs., 15 figs
Kim, Jang Yeol; Eom, Heung Seop; Choi, You Rark
We defined the Korean unique safety-critical software development methodology by modifying Dr. Harel's statechart-based on formal methods in order to digitalized the reactor protection system. It is suggested software requirement specification guideline to specify design specification which is basis for requirement specification and automatic programming by the caused by shutdown parameter logic of the steam generator water level for Wolsung 2/3/4 unit SDS no.1 and simulated it by binding the Graphic User Interface (GUI). We generated the K and R C code automatically by utilizing the Statemate MAGNUM Sharpshooter/C code generator. Auto-generated K and R C code is machine independent code and has high productivity, quality and provability. The following are the summaries of major research and development. - Set up the Korean unique safety-critical software development methodology - Developed software requirement specification guidelines - Developed software design specification guidelines - Reactor trip modeling for steam generator waster level Wolsung 2/3/4 SDS no. 1 shutdown parameter logic - Graphic panel binding with GUI. (author). 20 refs., 12 tabs., 15 figs
Full Text Available Nowadays, the fact that Networked Critical Infrastructures (NCI, e.g., power plants, water plants, oil and gas distribution infrastructures, and electricity grids, are targeted by significant cyber threats is well known. Nevertheless, recent research has shown that specific characteristics of NCI can be exploited in the enabling of more efficient mitigation techniques, while novel techniques from the field of IP networks can bring significant advantages. In this paper we explore the interconnection of NCI communication infrastructures with Software Defined Networking (SDN-enabled network topologies. SDN provides the means to create virtual networking services and to implement global networking decisions. It relies on OpenFlow to enable communication with remote devices and has been recently categorized as the “Next Big Technology”, which will revolutionize the way decisions are implemented in switches and routers. Therefore, the paper documents the first steps towards enabling an SDN-NCI and presents the impact of a Denial of Service experiment over traffic resulting from an XBee sensor network which is routed across an emulated SDN network.
Dragoni, Nicola; Dustdar, Schahram; Larsen, Stephan T.; Mazzara, Manuel
The microservices paradigm aims at changing the way in which software is perceived, conceived and designed. One of the foundational characteristics of this new promising paradigm, compared for instance to monolithic architectures, is scalability. In this paper, we present a real world case study in order to demonstrate how scalability is positively affected by re-implementing a monolithic architecture into microservices. The case study is based on the FX Core system, a mission critical system...
The Space Station contains safety critical computer software components in systems that can affect life and vital property. These components require a multilevel secure system that provides dynamic access control of the data and processes involved. A study is under way to define requirements for a security model providing access control through level B3 of the Orange Book. The model will be prototyped at NASA-Johnson Space Center.
This document provides a Computer Software Documentation for a new Honeywell Modular Automation System (MAS) being installed in the Plutonium Finishing Plant (PFP). This system will be used to control new thermal stabilization furnaces in HA-21I
This document details the Software Acceptance Testing of gas characterization systems. The gas characterization systems will be used to monitor the vapor spaces of waste tanks known to contain measurable concentrations of flammable gases
This document details the results of software acceptance testing of gas characterization systems. The gas characterization systems will be used to monitor the vapor spaces of waste tanks known to contain measurable concentrations of flammable gases
S. K. Schaffner; K. S White
This paper will discuss software engineering practices used to improve Control System reliability. The authors begin with a brief discussion of the Software Engineering Institute's Capability Maturity Model (CMM) which is a framework for evaluating and improving key practices used to enhance software development and maintenance capabilities. The software engineering processes developed and used by the Controls Group at the Thomas Jefferson National Accelerator Facility (Jefferson Lab), using the Experimental Physics and Industrial Control System (EPICS) for accelerator control, are described. Examples are given of how their procedures have been used to minimized control system downtime and improve reliability. While their examples are primarily drawn from their experience with EPICS, these practices are equally applicable to any control system. Specific issues addressed include resource allocation, developing reliable software lifecycle processes and risk management
Laplante, Phillip A
Solid requirements engineering has increasingly been recognized as the key to improved, on-time and on-budget delivery of software and systems projects. This book provides practical teaching for graduate and professional systems and software engineers. It uses extensive case studies and exercises to help students grasp concepts and techniques. With a focus on software-intensive systems, this text provides a probing and comprehensive review of recent developments in intelligent systems, soft computing techniques, and their diverse applications in manufacturing. The second edition contains 100% revised content and approximately 30% new material
Choi, B. I.; Lee, H. J.; Han, S. W.; Kim, J. Y.; Hwang, K. H.; Kang, J. Y.
A general purpose fatigue analysis software to predict fatigue lives of mechanical components and structures was developed. This software has some characteristic features including functions of searching weak regions on the free surface in order to reduce computing time significantly, a database of fatigue properties for various materials, and an expert system which can assist any users to get more proper results. This software can be used in the environment consists of commercial finite element packages. Using the software developed fatigue analyses for a SAE keyhole specimen and an automobile knuckle were carried out. It was observed that the results were agree well with those from commercial packages
Mistrik, I.; Soley, R.; Ali, N.; Grundy, J.; Tekinerdogan, B.
Software Quality Assurance in Large Scale and Complex Software-intensive Systems presents novel and high-quality research related approaches that relate the quality of software architecture to system requirements, system architecture and enterprise-architecture, or software testing. Modern software
Jung, Se Jin; Lee, Dong Ah; Kim, Eui Sub; Yoo, Jun Beom; Lee, Jang Su
Properties of programming languages, such as reliability, traceability, etc., play important roles in software development to improve safety. Several researches are proposed guidelines about programming to increase the dependability of software which is developed for safety critical systems. Misra-c is a widely accepted programming guidelines for the C language especially in the sector of vehicle industry. NUREG/CR-6463 helps engineers in nuclear industry develop software in nuclear power plant systems more dependably. FBD (Function Block Diagram), which is one of programming languages defined in IEC 61131-3 standard, is often used for software development of PLC (programmable logic controllers) in nuclear power plants. Software development for critical systems using FBD needs strict guidelines, because FBD is a general language and has easily mistakable elements. There are researches about guidelines for IEC 61131-3 programming languages. They, however, do not specify details about how to use languages. This paper proposes new guidelines for the FBD based on NUREG/CR-6463. The paper introduces a CASE (Computer-Aided Software Engineering) tool to check FBD programs with the new guidelines and shows availability with a case study using a FBD program in a reactor protection system. The paper is organized as follows
Jung, Se Jin; Lee, Dong Ah; Kim, Eui Sub; Yoo, Jun Beom [Division of Computer Science and Engineering College of Information and Communication, Konkuk University, Seoul (Korea, Republic of); Lee, Jang Su [Man-Machine Interface System team Korea Atomic Energy Research Institute, Daejeon (Korea, Republic of)
Properties of programming languages, such as reliability, traceability, etc., play important roles in software development to improve safety. Several researches are proposed guidelines about programming to increase the dependability of software which is developed for safety critical systems. Misra-c is a widely accepted programming guidelines for the C language especially in the sector of vehicle industry. NUREG/CR-6463 helps engineers in nuclear industry develop software in nuclear power plant systems more dependably. FBD (Function Block Diagram), which is one of programming languages defined in IEC 61131-3 standard, is often used for software development of PLC (programmable logic controllers) in nuclear power plants. Software development for critical systems using FBD needs strict guidelines, because FBD is a general language and has easily mistakable elements. There are researches about guidelines for IEC 61131-3 programming languages. They, however, do not specify details about how to use languages. This paper proposes new guidelines for the FBD based on NUREG/CR-6463. The paper introduces a CASE (Computer-Aided Software Engineering) tool to check FBD programs with the new guidelines and shows availability with a case study using a FBD program in a reactor protection system. The paper is organized as follows.
Bowie, L.J.; Robinson, R.C.; Cain, V.R.
The Nuclear Criticality Safety Department (NCSD), Oak Ridge Y-12 Plant has undergone the transition of executing the Martin Marietta Energy Systems Nuclear Criticality Safety Software (NCSS) on IBM mainframes to a Hewlett-Packard (HP) 9000/730 workstation (NCSSHP). NCSSHP contains the following configuration controlled modules and cross-section libraries: BONAMI, CSAS, GEOMCHY, ICE, KENO IV, KENO Va, MODIIFY, NITAWL SCALE, SLTBLIB, XSDRN, UNIXLIB, albedos library, weights library, 16-Group HANSEN-ROACH master library, 27-Group ENDF/B-IV master library, and standard composition library. This paper will discuss the method used to choose the workstation, the hardware setup of the chosen workstation, an overview of Y-12 software quality assurance and configuration control methodology, code validation, difficulties encountered in migrating the codes, and advantages to migrating to a workstation environment
Bjorlo, T.J.; Berg, O.; Pehrsen, M.; Dahll, G.; Sivertsen, T.
The OECD Halden Reactor Project has developed a number of software systems within the research programmes. These programmes have comprised a wide range of topics, like studies of software for safety-critical applications, development of different operator support systems, and software systems for building and implementing graphical user interfaces. The systems have ranged from simple prototypes to installations in process plants. In the development of these software systems, Halden has gained much experience in quality assurance of different types of software. This paper summarises the accumulated experience at the Halden Project in quality assurance of software systems. The different software systems being developed at the Halden Project may be grouped into three categories. These are plant-specific software systems (one-of-a-kind deliveries), generic software products, and safety-critical software systems. This classification has been found convenient as the categories have different requirements to the quality assurance process. In addition, the experience from use of software development tools and proprietary software systems at Halden, is addressed. The paper also focuses on the experience gained from the complete software life cycle, starting with the software planning phase and ending with software operation and maintenance
Eom, H. S.; Jang, S. C.; Ha, J. J.
Despite the efforts to avoid undesirable risks, or at least to bring them under control in the world, new risks that are highly difficult to manage continue to emerge from the use of new technologies, such as the use of digital instrumentation and control (I and C) components in nuclear power plant. Whenever new risk issues came out by now, we have endeavored to find the most effective ways to reduce risks, or to allocate limited resources to do this. One of the major challenges is the reliability analysis of safety-critical software associated with digital safety systems. Though many activities such as testing, verification and validation (V and V) techniques have been carried out in the design stage of software, however, the process of quantitatively evaluating the reliability of safety-critical software has not yet been developed because of the irrelevance of the conventional software reliability techniques to apply for the digital safety systems. This paper focuses on the applicability of Bayesian Belief Net (BBN) techniques to quantitatively estimate the reliability of safety-critical software adopted in digital safety system. In this paper, a typical BBN model was constructed using the dedication process of the Commercial-Off-The-Shelf (COTS) installed by KAERI. In conclusion, the adoption of BBN technique can facilitate the process of evaluating the safety-critical software reliability in nuclear power plant, as well as provide very useful information (e.g., 'what if' analysis) associated with software reliability in the viewpoint of practicality
Brown, J. S.
A prototype bus communications systems, which is being used to support the Trend Monitoring System (TMS) and to evaluate the bus concept is considered. A set of FORTRAN-callable graphics subroutines for the host MODCOMP comuter, and an approach to splitting graphics work between the host and the system's intelligent graphics terminals are described. The graphics software in the MODCOMP and the operating software package written for the graphics terminals are included.
Howell, J A; Fuyat, C [Los Alamos National Lab., NM (United States); Elvy, M [Marble Associates, Boston, MA (United States)
With the increasing use of computer systems and networks to process safeguards information in nuclear facilities, the issue of system and data integrity is receiving worldwide attention. Among the many considerations are validation that the software performs as intended and that the information is adequately protected. Such validations are often requested of the Safeguards Systems Group of the Los Alamos National Laboratory. This paper describes our methodology for performing these software evaluations.
This book addresses the question of how system software should be designed to account for faults, and which fault tolerance features it should provide for highest reliability. The authors first show how the system software interacts with the hardware to tolerate faults. They analyze and further develop the theory of fault tolerance to understand the different ways to increase the reliability of a system, with special attention on the role of system software in this process. They further develop the general algorithm of fault tolerance (GAFT) with its three main processes: hardware checking, preparation for recovery, and the recovery procedure. For each of the three processes, they analyze the requirements and properties theoretically and give possible implementation scenarios and system software support required. Based on the theoretical results, the authors derive an Oberon-based programming language with direct support of the three processes of GAFT. In the last part of this book, they introduce a simulator...
Kim, Jin Hyun; Choi, Jin Young
Safety-critical embedded software for nuclear I and C system is developed under the safety and reliability regulation. Programmable logic controller(PLC) is a computer system for instrumentation and control (I and C) system of nuclear power plants. PLC consists of various I and C logics in software, including real-time operating system (RTOS). Hence, errors related with RTOS should be detected and eliminated in development processes. Practically, the verification and validation for errors in RTOS is performed in test procedure, in which a lot of tasks for testing are embedded in RTOS and are running under a test environments. But the test process can not be enough to guarantee the safety and reliability of RTOS. Therefore, in this paper, we introduce to applying formal methods with the development of software for the PLC. We particularity apply formal methods to a development of RTOS for PLC, which is a safety critical level. In this development, we use the state charts of I-Logix to specify and verification and model checking to verify the specification
Kim, Jin Hyun; Choi, Jin Young [Korea University, seoul (Korea, Republic of)
Safety-critical embedded software for nuclear I and C system is developed under the safety and reliability regulation. Programmable logic controller(PLC) is a computer system for instrumentation and control (I and C) system of nuclear power plants. PLC consists of various I and C logics in software, including real-time operating system (RTOS). Hence, errors related with RTOS should be detected and eliminated in development processes. Practically, the verification and validation for errors in RTOS is performed in test procedure, in which a lot of tasks for testing are embedded in RTOS and are running under a test environments. But the test process can not be enough to guarantee the safety and reliability of RTOS. Therefore, in this paper, we introduce to applying formal methods with the development of software for the PLC. We particularity apply formal methods to a development of RTOS for PLC, which is a safety critical level. In this development, we use the state charts of I-Logix to specify and verification and model checking to verify the specification.
Bosse, T.; Hoogendoorn, M.; Treur, J.
This document presents the results of a collaboration between the Vrije Universiteit Amsterdam, Department of Artificial Intelligence and Force Vision to investigate coordination approaches for complex software systems. The project was funded by Force Vision.
Health Manager can detect Bad Health prior to a failure occurring by periodically monitoring the application software by looking for code corruption errors, and sanity-checking each critical data value prior to use. A processor s memory can fail and corrupt the software, or the software can accidentally write to the wrong address and overwrite the executing software. This innovation will continuously calculate a checksum of the software load to detect corrupted code. This will allow a system to detect a failure before it happens. This innovation monitors each software task (thread) so that if any task reports "bad health," or does not report to the Health Manager, the system is declared bad. The Health Manager reports overall system health to the outside world by outputting a square wave signal. If the square wave stops, this indicates that system health is bad or hung and cannot report. Either way, "bad health" can be detected, whether caused by an error, corrupted data, or a hung processor. A separate Health Monitor Task is started and run periodically in a loop that starts and stops pending on a semaphore. Each monitored task registers with the Health Manager, which maintains a count for the task. The registering task must indicate if it will run more or less often than the Health Manager. If the task runs more often than the Health Manager, the monitored task calls a health function that increments the count and verifies it did not go over max-count. When the periodic Health Manager runs, it verifies that the count did not go over the max-count and zeroes it. If the task runs less often than the Health Manager, the periodic Health Manager will increment the count. The monitored task zeroes the count, and both the Health Manager and monitored task verify that the count did not go over the max-count.
The increasing size and complexity of software systems makes it hard to prevent or remove all possible faults. Faults that remain in the system can eventually lead to a system failure. Fault tolerance techniques are introduced for enabling systems to recover and continue operation when they are
Lee, B.L. Jr.
The validation documented in this report is based on calculations that were executed during June through August 1992, and was completed in June 1993. The statistical analyses in Appendix C and Appendix D were completed in October 1993. This validation gives Portsmouth NCS personnel a basis for performing computerized KENO V.a calculations using the Martin Marietta Nuclear Criticality Safety Software. The first portion of the document outlines basic information in regard to validation of NCSS using ENDF/B-IV 27-group cross sections on the IBM 3090 at ORNL. A basic discussion of the NCSS system is provided, some discussion on the validation database and validation in general. Then follows a detailed description of the statistical analysis which was applied. The results of this validation indicate that the NCSS software may be used with confidence for criticality calculations at the Portsmouth Gaseous Diffusion Plant. When the validation results are treated as a single group, there is 95% confidence that 99.9% of future calculations of similar critical systems will have a calculated K eff > 0.9616. Based on this result the Portsmouth Nuclear Criticality Safety Department has adopted the calculational acceptance criteria that a k eff + 2σ ≤ 0.95 is safety subcritical. The validation of NCSS on the IBM 3090 at ORNL was extended to include NCSS on the IBM 3090 at K-25
Full Text Available In a period of continuous change in global business environment, organizations, large and small, are finding it increasingly difficult to deal with, and adjust to the demands for such change. Simulation is a powerful tool for allowing designers imagines new systems and enabling them to both quantify and observe behavior. Currently the market offers a variety of simulation software packages. Some are less expensive than others. Some are generic and can be used in a wide variety of application areas while others are more specific. Some have powerful features for modeling while others provide only basic features. Modeling approaches and strategies are different for different packages. Companies are seeking advice about the desirable features of software for manufacturing simulation, depending on the purpose of its use. Because of this, the importance of an adequate approach to simulation software evaluation and comparison is apparent. This paper presents a critical evaluation of four widely used manufacturing simulators: NX-IDEAS, Star-CD, Micro Saint Sharp and ProModel. Following a review of research into simulation software evaluation, an evaluation and comparison of the above simulators is performed. This paper illustrates and assesses the role the Analytic Hierarchy Process (AHP played in simulation software evaluation and selection. The main purpose of this evaluation and comparison is to discover the suitability of certain types of simulators for particular purposes.
Miedl, H.; Kersken, M.
As the determination of ultrahigh reliability figures for safety critical software is hardly possible, national and international guidelines and standards give mainly requirements for the qualitative evaluation of software. An analysis whether all these requirements are fulfilled is time and effort consuming and prone to errors, if performed manually by analysts, and should instead be dedicated to tools as far as possible. There are many ''general-purpose'' software analysis tools, both static and dynamic, which help analyzing the source code. However, they are not designed to assess the adherence to specific requirements of guidelines and standards in the nuclear field. Against the background of the development of I and C systems in the nuclear field which are based on digital techniques and implemented in high level language, it is essential that the assessor or licenser has a tool with which he can automatically and uniformly qualify as many aspects as possible of the high level language software. For this purpose the software analysis tool REVEAL has been developed at ISTec and the Halden Reactor Project. (author)
in performance. Specific examples of well-structured systems include the microkernel architecture of the Mach 3.0 operating system and the modular... microkernels as a first step towards building a completely modular operating system from a set of composable services. However, just as the idea of a...microprotocol in the x-kernel is a design principle, rather than a formally realized construct, the modularity of microkernels is largely a matter of
An Adaptive Intrusion Data System (AIDS) was developed to collect information from intrusion alarm sensors as part of an evaluation system to improve sensor performance. AIDS is a unique digital data-compression, storage, and formatting system; it also incorporates a capability for video selection and recording for assessment of the sensors monitored by the system. The system is software reprogrammable to numerous configurations that may be used for the collection of environmental, bilevel, analog, and video data. This report describes the software routines that control the different AIDS data-collection modes, the diagnostic programs to test the operating hardware, and the data format. Sample data printouts are also included
Shimizu, Koji; Kasai, Akira; Okamura, Shoichi
Magnetic resonance imaging continues to elicit new application software through the recent technological advances of MR equipment. This paper describes several applications of our newly developed clinical software. The fast SE sequence (RISE) has proved to reduce routine examination time and to improve image quality, and ultra-fast FE sequence (SMASH) was found to extend the diagnostic capabilities in the field of cardiac study. Diffusion/perfusion imaging achieved in our MR system showed significant promise for providing novel information regarding tissue characterization. Furthermore, Image quality and practicalities of MR angiography have been improved by advanced imaging sequences and sophisticated post-processing software. (author)
Saulys, A.C.; Etkin, A.; Foley, K.J.
A description of the software for a FASTBUS based data acquisition system in use at the Brookhaven National Laboratory Multiparticle Spectrometer is presented. Data reading and formatting is done by the SLAC Scanner Processors (SSP's) resident in the FASTBUS system. A multiprocess software system on VAX computers is used to communicate with the SSP's, record the data, and monitor on-line the progress of high energy and heavy ion experiments. The structure and the performance of this system are discussed. 4 refs., 1 fig
Daly, Philip N.; Buchholz, Nick C.; Moore, Peter C.
MONSOON is the next generation OUV-IR controller project being developed at NOAO. The design is flexible, emphasizing code re-use, maintainability and scalability as key factors. The software needs to support widely divergent detector systems ranging from multi-chip mosaics (for LSST, QUOTA, ODI and NEWFIRM) down to large single or multi-detector laboratory development systems. In order for this flexibility to be effective and safe, the software must be able to configure itself to the requirements of the attached detector system at startup. The basic building block of all MONSOON systems is the PAN-DHE pair which make up a single data acquisition node. In this paper we discuss the software solutions used in the automatic PAN configuration system.
Britchcliffe, Michael J.; Conroy, Bruce L.; Anderson, Paul E.; Wilson, Ahmad
This software is used in an automated cryogenic control system developed to monitor and control the operation of small-scale cryocoolers. The system was designed to automate the cryogenically cooled low-noise amplifier system described in "Automated Cryocooler Monitor and Control System" (NPO-47246), NASA Tech Briefs, Vol. 35, No. 5 (May 2011), page 7a. The software contains algorithms necessary to convert non-linear output voltages from the cryogenic diode-type thermometers and vacuum pressure and helium pressure sensors, to temperature and pressure units. The control function algorithms use the monitor data to control the cooler power, vacuum solenoid, vacuum pump, and electrical warm-up heaters. The control algorithms are based on a rule-based system that activates the required device based on the operating mode. The external interface is Web-based. It acts as a Web server, providing pages for monitor, control, and configuration. No client software from the external user is required.
Bai, Tao; Chen, Wei-Hua; Liu, Zhen; Gao, Feng
Highlights: •A dynamic hazard analysis method is proposed for the safety-critical software. •The mechanism relies on Colored Petri Net. •Complex interactions between software and hardware are captured properly. •Common failure mode in software are identified effectively. -- Abstract: The software safety of a nuclear digital protection system is critical for the safety of nuclear power plants as any software defect may result in severe damage. In order to ensure the safety and reliability of safety-critical digital system products and their applications, software hazard analysis is required to be performed during the lifecycle of software development. The dynamic software hazard modeling and analysis method based on Colored Petri Net is proposed and applied to the safety-critical control software of the nuclear digital protection system in this paper. The analysis results show that the proposed method can explain the complex interactions between software and hardware and identify the potential common cause failure in software properly and effectively. Moreover, the method can find the dominant software induced hazard to safety control actions, which aids in increasing software quality.
Macedo, R.; Budd, G.; Ross, E.; Wells, P.
addition to a description of the software application, the name of software providers were listed along with the new features available in each product. The survey included products developed by ADP Inc.; Energy Navigator Inc.; Enersight Canada; Entero Corporation; Envirosoft Corporation; Geologic Systems Ltd.; IHS; Jedex Equipment Ltd.; MJ Systems; OpenSpirit; Petro Management Group Ltd.; P2 Energy Solutions; Risk Advisory, A division of SAS; Seisware International Inc.; Sustainet Software International Inc.; and 3ESI.
Svejda, Jaromir; Zak, Roman; Jasek, Roman
Brain Computer Interface (BCI) technology is intended to control external system by brain activity. One of main part of such system is software interface, which carries about clear communication between brain and either computer or additional devices connected to computer. This paper is organized as follows. Firstly, current knowledge about human brain is briefly summarized to points out its complexity. Secondly, there is described a concept of BCI system, which is then used to build an architecture of proposed software interface. Finally, there are mentioned disadvantages of sensing technology discovered during sensing part of our research.
Munro, J.K. Jr.; Kisner, R.A.; Bhadtt, S.C.
The following guidelines are proposed for verification and validation (V ampersand V) of nuclear power plant control system software: (a) use risk management to decide what and how much V ampersand V is needed; (b) classify each software application using a scheme that reflects what type and how much V ampersand V is needed; (c) maintain a set of reference documents with current information about each application; (d) use Program Inspection as the initial basic verification method; and (e) establish a deficiencies log for each software application. The following additional practices are strongly recommended: (a) use a computer-based configuration management system to track all aspects of development and maintenance; (b) establish reference baselines of the software, associated reference documents, and development tools at regular intervals during development; (c) use object-oriented design and programming to promote greater software reliability and reuse; (d) provide a copy of the software development environment as part of the package of deliverables; and (e) initiate an effort to use formal methods for preparation of Technical Specifications. The paper provides background information and reasons for the guidelines and recommendations. 3 figs., 3 tabs
This document provides a Computer Software Documentation for a new Honeywell Modular Automation System (MAS) being installed in the Plutonium Finishing Plant (PFP). This system will be used to control new thermal stabilization furnaces in HA-211 and vertical denitration calciner in HC-230C-2
Deiss, S.R.; Gustavson, D.B.
The FASTBUS System Manager software that was designed and implemented on an LSI-11 system using PASCAL is described. Particular attention is given to the file structures, file access mechanisms, and basic routing algorithms. Portability to other machines and languages is described
Eom, Heung Seop; Son, Han Seong; Kang, Hyun Gook; Chang, Seung Cheol
Verification and Validation (V and V) plays important role in assessing the safety-critical software embedded in the digital systems for a Nuclear Power Plant. A conventional V and V usually adopts a checklist method and its answers are mostly qualitative. There are some limitations to this conventional V and V method. First, the difficulties in using the checklist method are: Even for an acceptable software, some checklist questions will have negative answers. The checklist itself does not help to explain the reasons for drawing an overall positive conclusion in the presence of a few negative answers. The checklist does not help decide when enough issues have been examined to achieve a reasonable confidence in the software. The checklist method does not support a consideration of different kinds of information, such as software engineering measures. Second, a difficulty comes from the qualitative form of the answers in the checklist method, which is: It is usually hard to know when sufficient evidence has been collected. Finally a difficulty comes from a human expert's way of combining a great number of diverse evidence and inferring the conclusion, which is: Some of this evidence is qualitative and others are quantitative. Both are necessary to evaluate the quality of the software correctly. But, in general, the experts' way of combining the diverse evidence and performing an inference is usually informal and qualitative, which is hard to discuss and will eventually lead to a debate about the conclusion. Our overall goal is to develop a systematic method that can obtain quantitative information of the software quality from the works of V and V. To achieve this goal and to solve the above-mentioned problems in the current V and V method, we studied a method that can combine qualitative and quantitative evidence, and can infer a conclusion in a formal and a quantitative way by using the benefits of BBN
Chapman, Barbara [Univ. of Houston, TX (United States); Gabriel, Edgar [Univ. of Houston, TX (United States)
Exascale systems, with a thousand times the compute capacity of today’s leading edge petascale computers, are expected to emerge during the next decade. Their software systems will need to facilitate the exploitation of exceptional amounts of concurrency in applications, and ensure that jobs continue to run despite the occurrence of system failures and other kinds of hard and soft errors. Adapting computations at runtime to cope with changes in the execution environment, as well as to improve power and performance characteristics, is likely to become the norm. As a result, considerable innovation is required to develop system support to meet the needs of future computing platforms. The XPRESS project aims to develop and prototype a revolutionary software system for extreme-scale computing for both exascale and strongscaled problems. The XPRESS collaborative research project will advance the state-of-the-art in high performance computing and enable exascale computing for current and future DOE mission-critical applications and supporting systems. The goals of the XPRESS research project are to: A. enable exascale performance capability for DOE applications, both current and future, B. develop and deliver a practical computing system software X-stack, OpenX, for future practical DOE exascale computing systems, and C. provide programming methods and environments for effective means of expressing application and system software for portable exascale system execution.
Brightwell, Ron [Louisiana State Univ., Baton Rouge, LA (United States); Sterling, Thomas [Louisiana State Univ., Baton Rouge, LA (United States); Koniges, Alice [Louisiana State Univ., Baton Rouge, LA (United States); Kaiser, Hartmut [Louisiana State Univ., Baton Rouge, LA (United States); Gabriel, Edgar [Louisiana State Univ., Baton Rouge, LA (United States); Porterfield, Allan [Louisiana State Univ., Baton Rouge, LA (United States); Malony, Allen [Louisiana State Univ., Baton Rouge, LA (United States)
The XPRESS Project is one of four major projects of the DOE Office of Science Advanced Scientific Computing Research X-stack Program initiated in September, 2012. The purpose of XPRESS is to devise an innovative system software stack to enable practical and useful exascale computing around the end of the decade with near-term contributions to efficient and scalable operation of trans-Petaflops performance systems in the next two to three years; both for DOE mission-critical applications. To this end, XPRESS directly addresses critical challenges in computing of efficiency, scalability, and programmability through introspective methods of dynamic adaptive resource management and task scheduling.
of labor counted in or across each activity. The activity data in the SRDR is reported following the [ ISO 12207 ] processes for software development...Release Table 19 ISO /IEC 12207 Development Activities System requirements analysis System architectural design A ct iv iti es in S RD R da ta... 12207 ] ISO /IEC 12207 , International Standard on Information Technology Software Lifecycle Processes, International Organization for Standardization
In his study, Mahdi Derakhshanmanesh builds on the state of the art in modeling by proposing to integrate models into running software on the component-level without translating them to code. Such so-called model-integrating software exploits all advantages of models: models implicitly support a good separation of concerns, they are self-documenting and thus improve understandability and maintainability and in contrast to model-driven approaches there is no synchronization problem anymore between the models and the code generated from them. Using model-integrating components, software will be
This package is created in order to help engineers, researchers, students and all who work on linear control systems. The software includes all time and frequency domain analysises, spectral analysises and networks, active filters and regulators design aids. The programmes are written on Hewlett Packard computer in Basic 4.0
Trevino, Luis C.
The slide presentation is a briefing in four areas: overview of health management paradigms; overview of the ARC-Houston Software Engineering Technology Workshop held on April 20-22, 2004; identified technologies relevant to technical themes of intelligent system health management; and the author's thoughts on these topics.
Pepin, T. J.
A software system for reducing PAM-II data was constructed. The data reduction process concatenates data tapes; determines ephemeris; and inverts full sun extinction data. Tests of this data reduction process show that PAM-II data can be compared with data from other, similar satellites.
This bachelor's thesis deals with the usage of computer systems in the hotel industry. First part is focused on history, development and integration of technology into this field. Second part is dedicated to concrete products of the company Micros-Fidelio, which is the leader of hotel software market in the Czech Republic.
Regnier, P.; Henry, J.Y.
A significant feature of EDF's latest 1400MWe ''N4'' generation of pressurized water reactor (PWR) is the extensive use of computerized instrumentation and control, including a fully digital system for the reactor protection function. For the safety assessment of the software driving the operation of this digital reactor protection called SPIN, IPSN has developed and implemented a set of methods and tools. Using the lessons learned from this experience, IPSN has worked at improving those methods and tools, mainly trying to make them more automatic to use, and has participated in an international assessment exercise to test some other methods and tools, either new products on the market or self-developed products. As a result of these works, this paper presents an up to date overview of the IPSN methods and tools used for the assessment of safety critical software. This assessment, which consists of an analysis of all the documentation associated with the technical specifications and of a representative set of functions, is usually carried out in five steps: (1) critical examination of the documents, (2) evaluation of the quality of the code, (3) determination of the critical software components, (4) development of test cases and choice of testing strategy, (5) dynamic analysis (consistency and robustness). This paper also presents methods and tools developed or implemented by IPSN in order to: evaluate the completeness and consistency of specification and design documents written in natural language; build a model and simulate specification or design items; evaluate the quality of the source code; carry out FMEA analysis; run the binary code and perform tests (CLAIRE); perform random or mutational tests. (author)
... of a particular pedagogical approach or particular use of the MATLAB® and Simulink® software. CRC Press Taylor & Francis Group 6000 Broken Sound Parkway NW, Suite 300 Boca Raton, FL 33487-2742 © 2013 by Taylor & Francis Group, LLC CRC Press is an imprint of Taylor & Francis Group, an Informa business No claim to original U.S. Government works Versi...
Anderson, D; Dragu, M; Fuchsberger, K; Garnier, JC; Gorzawski, AA; Koza, M; Krol, K; Misiowiec, K; Stamos, K; Zerlauth, M
The Controls software for the Large Hadron Collider (LHC) at CERN, with more than 150 millions lines of code, resides amongst the largest known code bases in the world1. Industry has been applying Agile software engineering techniques for more than two decades now, and the advantages of these techniques can no longer be ignored to manage the code base for large projects within the accelerator community. Furthermore, CERN is a particular environment due to the high personnel turnover and manpower limitations, where applying Agile processes can improve both, the codebase management as well as its quality. This paper presents the successful application of the Agile software development process Scrum for machine protection systems at CERN, the quality standards and infrastructure introduced together with the Agile process as well as the challenges encountered to adapt it to the CERN environment.
Nielsen, Peter Axel; Tordrup Heeager, Lise
This short paper reports from a case study of the agile development of safety-critical software. It utilizes a framework of dynamic relationships between agile practices with the purpose of demonstrating the utility of the framework to understand a case in its context, and it shows significant...... dynamics. The study is concluded by pointing at which further research on the framework is required to use the framework in managing the agile development of safety-critical software....
Phillips, Dewanne Marie
Software intensive space systems can harbor defects and vulnerabilities that may enable external adversaries or malicious insiders to disrupt or disable system functions, risking mission compromise or loss. Mitigating this risk demands a sustained focus on the security and resiliency of the system architecture including software, hardware, and other components. Robust software engineering practices contribute to the foundation of a resilient system so that the system "can take a hit to a critical component and recover in a known, bounded, and generally acceptable period of time". Software resiliency must be a priority and addressed early in the life cycle development to contribute a secure and dependable space system. Those who develop, implement, and operate software intensive space systems must determine the factors and systems engineering practices to address when investing in software resiliency. This dissertation offers methodical approaches for improving space system resiliency through software architecture design, system engineering, increased software security, thereby reducing the risk of latent software defects and vulnerabilities. By providing greater attention to the early life cycle phases of development, we can alter the engineering process to help detect, eliminate, and avoid vulnerabilities before space systems are delivered. To achieve this objective, this dissertation will identify knowledge, techniques, and tools that engineers and managers can utilize to help them recognize how vulnerabilities are produced and discovered so that they can learn to circumvent them in future efforts. We conducted a systematic review of existing architectural practices, standards, security and coding practices, various threats, defects, and vulnerabilities that impact space systems from hundreds of relevant publications and interviews of subject matter experts. We expanded on the system-level body of knowledge for resiliency and identified a new software
Lahtinen, J.; Valkonen, J.; Björkman, K.; Frits, J.; Niemelä, I.; Heljanko, K.
Instrumentation and control (I and C) systems play a vital role in the operation of safety-critical processes. Digital programmable logic controllers (PLC) enable sophisticated control tasks which sets high requirements for system validation and verification methods. Testing and simulation have an important role in the overall verification of a system but are not suitable for comprehensive evaluation because only a limited number of system behaviors can be analyzed due to time limitations. Testing is also performed too late in the development lifecycle and thus the correction of design errors is expensive. This paper discusses the role of formal methods in software development in the area of nuclear engineering. It puts forward model checking, a computer-aided formal method for verifying the correctness of a system design model, as a promising approach to system verification. The main contribution of the paper is the development of systematic methodology for modeling safety critical systems in the nuclear domain. Two case studies are reviewed, in which we have found errors that were previously not detected. We also discuss the actions that should be taken in order to increase confidence in the model checking process.
Full Text Available We present a multi-level formation model for complex software systems. The previous works extract the software systems to software networks for further studies, but usually investigate the software networks at the class level. In contrast to these works, our treatment of software systems as multi-level networks is more realistic. In particular, the software networks are organized by three levels of granularity, which represents the modularity and hierarchy in the formation process of real-world software systems. More importantly, simulations based on this model have generated more realistic structural properties of software networks, such as power-law, clustering and modularization. On the basis of this model, how the structure of software systems effects software design principles is then explored, and it could be helpful for understanding software evolution and software engineering practices.
National Aeronautics and Space Administration — Coherent Logix, Incorporated proposes the Software Defined Common Processing System (SDCPS) program to facilitate the development of a Software Defined Radio...
Eom, H.S.; Sung, T.Y.; Jeong, H.S.; Park, J.H.; Kang, H.G.; Lee, K
As part of the Probabilistic Safety Assessment of safety grade digital systems used in Nuclear Power plants research, measures and methodologies applicable to quantitative reliability assessment of safety critical software were surveyed. Among the techniques proposed in the literature we selected those which are in use widely and investigated their limitations in quantitative software reliability assessment. One promising methodology from the survey is Bayesian Belief Nets (BBN) which has a formalism and can combine various disparate evidences relevant to reliability into final decision under uncertainty. Thus we analyzed BBN and its application cases in digital systems assessment area and finally studied the possibility of its application to the quantitative reliability assessment of safety critical software.
Eom, H. S.; Sung, T. Y.; Jeong, H. S.; Park, J. H.; Kang, H. G.; Lee, K.
As part of the Probabilistic Safety Assessment of safety grade digital systems used in Nuclear Power plants research, measures and methodologies applicable to quantitative reliability assessment of safety critical software were surveyed. Among the techniques proposed in the literature we selected those which are in use widely and investigated their limitations in quantitative software reliability assessment. One promising methodology from the survey is Bayesian Belief Nets (BBN) which has a formalism and can combine various disparate evidences relevant to reliability into final decision under uncertainty. Thus we analyzed BBN and its application cases in digital systems assessment area and finally studied the possibility of its application to the quantitative reliability assessment of safety critical software
Jerzy M. Nogiec et al.
Testing superconducting accelerator magnets is inherently coupled with the proper handling of quenches; i.e., protecting the magnet and characterizing the quench process. Therefore, software implementations must include elements of both data acquisition and real-time controls. The architecture of the quench management software developed at Fermilab's Magnet Test Facility is described. This system consists of quench detection, quench protection, and quench characterization components that execute concurrently in a distributed system. Collaboration between the elements of quench detection, quench characterization and current control are discussed, together with a schema of distributed saving of various quench-related data. Solutions to synchronization and reliability in such a distributed quench system are also presented
Thompson, K.; Phinney, N.
A new timing system that allows precision (approx.1 to 2 ns) control of the trigger times of klystrons, beam position monitors, and other devices on a pulse-to-pulse basis at up to 360 Hz is in operation in the first third of the SLAC linear accelerator. The control software is divided between a central host VAX and local Intel 8086-based microprocessor clusters. Facilities exist to set up and adjust the timing of devices or groups of devices independently for beam pulses having different destinations and purposes, which are run in an interlaced fashion during normal machine operation. Upgrading of the system is currently underway, using a new version of the Programmable Delay Unit CAMAC module to allow pipelining of timing information for three machine pulses. An overview of the current state of the system is presented in this paper, with an emphasis on software control
Arun Babu, P.; Senthil Kumar, C.; Murali, N.
Highlights: ► A novel method to quantify software reliability using software verification and mutation testing in nuclear safety systems. ► Contributing factors that influence software reliability estimate. ► Approach to help regulators verify the reliability of safety critical software system during software licensing process. -- Abstract: Technological advancements have led to the use of computer based systems in safety critical applications. As computer based systems are being introduced in nuclear power plants, effective and efficient methods are needed to ensure dependability and compliance to high reliability requirements of systems important to safety. Even after several years of research, quantification of software reliability remains controversial and unresolved issue. Also, existing approaches have assumptions and limitations, which are not acceptable for safety applications. This paper proposes a theoretical approach combining software verification and mutation testing to quantify the software reliability in nuclear safety systems. The theoretical results obtained suggest that the software reliability depends on three factors: the test adequacy, the amount of software verification carried out and the reusability of verified code in the software. The proposed approach may help regulators in licensing computer based safety systems in nuclear reactors.
Davis, W.M.; Mastrovito, D.M.; Roney, P.G.; Sichta, P.
The MDSplus data acquisition and management system uses software events for communication among interdependent processes anywhere on the network. Actions can then be triggered, such as a data-acquisition routine, or analysis or display programs waiting for data. A small amount of data, such as a shot number, can be passed with these events. Since programs sometimes need more than one data set, we developed a system on NSTX to declare composite events using logical AND and OR operations. The system is written in the IDL language, so it can be run on Linux, Macintosh or Windows platforms. Like MDSplus, the Experimental Physics and Industrial Control System (EPICS) is a core component of the NSTX software environment. The Event Summation System provides an IDL-based interface to EPICS. This permits EPICS-aware processes to be synchronized with MDSplus-aware processes, to provide, for example, engineering operators information about physics data acquisition and analysis. Reliability was a more important design consideration than performance for this system; the system's architecture includes features to support this. The system has run for weeks at a time without requiring manual intervention. Hundreds of incoming events per second can be handled reliably. All incoming and declared events are logged with a timestamp. The system can be configured easily through a single, easy-to-read text file
Singh, R.P.; Chu, W.T.; Ludewigt, B.A.; Marks, K.M.; Nyman, M.A.; Renner, T.R.; Stradtner, R.
The Biomed Control System is a hardware/software system used for the delivery, measurement and monitoring of heavy-ion beams in the patient treatment and biology experiment rooms in the Bevalac at the Lawrence Berkeley Laboratory (LBL). This paper describes some aspects of this system including historical background philosophy, configuration management, hardware features that facilitate software testing, software testing procedures, the release of new software quality assurance, safety and operator monitoring. 3 refs
Sheinfeld, M.; Kadmon, Y.; Tirosh, D.; Elhanany, I.; Gabovitch, A.; Barak, D.
The Airborne Radiation Monitoring System monitors radioactive contamination in the air or on the ground. The contamination source can be a radioactive plume or an area contaminated with radionuclides. This system is composed of two major parts: Airborne Unit carried by a helicopter, and Ground Station carried by a truck. The Airborne software is intended to be the core of a computerized airborne station. The software is written in C++ under MS-Windows with object-oriented methodology. It has been designed to be user-friendly: function keys and other accelerators are used for vital operations, a help file and help subjects are available, the Human-Machine-Interface is plain and obvious. (authors)
Shin, Sung Min; Kim, Hee Eun; Kang, Hyun Gook; Lee, Sung Jiun
The V and V method has been utilized for this safety critical software, while SRGM has difficulties because of lack of failure occurrence data on developing phase. For the safety critical software, however, failure data cannot be gathered after installation in real plant when we consider the severe consequence. Therefore, to complement the V and V method, the test-based method need to be developed. Some studies on test-based reliability quantification method for safety critical software have been conducted in nuclear field. These studies provide useful guidance on generating test sets. An important concept of the guidance is that the test sets represent 'trajectories' (a series of successive values for the input variables of a program that occur during the operation of the software over time) in the space of inputs to the software.. Actually, the inputs to the software depends on the state of plant at that time, and these inputs form a new internal state of the software by changing values of some variables. In other words, internal state of the software at specific timing depends on the history of past inputs. Here the internal state of the software which can be changed by past inputs is named as Context of Software (CoS). In a certain CoS, a software failure occurs when a fault is triggered by some inputs. To cover the failure occurrence mechanism of a software, preceding researches insist that the inputs should be a trajectory form. However, in this approach, there are two critical problems. One is the length of the trajectory input. Input trajectory should long enough to cover failure mechanism, but the enough length is not clear. What is worse, to cover some accident scenario, one set of input should represent dozen hours of successive values. The other problem is number of tests needed. To satisfy a target reliability with reasonable confidence level, very large number of test sets are required. Development of this number of test sets is a herculean
Haapanen, P.; Pulkkinen, U. [VTT Automation, Espoo (Finland); Korhonen, J. [VTT Electronics, Espoo (Finland)
This volume in the OHA-project report series deals with the statistical reliability assessment of software based systems on the basis of dynamic test results and qualitative evidence from the system design process. Other reports to be published later on in the OHA-project report series will handle the diversity requirements in safety critical software-based systems, generation of test data from operational profiles and handling of programmable automation in plant PSA-studies. In this report the issues related to the statistical testing and especially automated test case generation are considered. The goal is to find an efficient method for building usage models for the generation of statistically significant set of test cases and to gather practical experiences from this method by applying it in a case study. The scope of the study also includes the tool support for the method, as the models may grow quite large and complex. (32 refs., 30 figs.).
Haapanen, P.; Pulkkinen, U.; Korhonen, J.
This volume in the OHA-project report series deals with the statistical reliability assessment of software based systems on the basis of dynamic test results and qualitative evidence from the system design process. Other reports to be published later on in the OHA-project report series will handle the diversity requirements in safety critical software-based systems, generation of test data from operational profiles and handling of programmable automation in plant PSA-studies. In this report the issues related to the statistical testing and especially automated test case generation are considered. The goal is to find an efficient method for building usage models for the generation of statistically significant set of test cases and to gather practical experiences from this method by applying it in a case study. The scope of the study also includes the tool support for the method, as the models may grow quite large and complex. (32 refs., 30 figs.)
This paper addresses the need for novel software system development (SSD) practices in finance. It proposes Empirical Modelling as a novel approach for SSD in finance. This approach aims at finding a suitable framework for studying both the traditional and the emerging computing culture to SSD in finance. First, the paper studies the change in the financial industry and identifies key issues of the application of computer-based technology in finance. These key issues are framed in a wider age...
A new 1980's style support package for future accelerator control systems is proposed. It provides a way to create accelerator applications software without traditional programming. Visual Interactive Applications (VIA) is designed to meet the needs of expanded accelerator complexes in a more cost effective way than past experience with procedural languages by using technology from the personal computer and artificial intelligence communities. 4 refs
High-Performance Computing | NREL MATLAB Software Versions and Licenses for the Peregrine System MATLAB Software Versions and Licenses for the Peregrine System Learn about the MATLAB software Peregrine is R2017b. Licenses MATLAB is proprietary software. As such, users have access to a limited number
Thai, N D; McDonald, A M [Atomic Energy of Canada Ltd., Mississauga, ON (Canada)
This paper describes a versatile test rig developed by AECL for functional testing of safety-critical software used in the process trip computers of the Wolsong CANDU stations. The description covers the hardware and software aspects of the test rig, the test language and its interpreter, and other major testing software utilities such as the test oracle, sampler and profiler. The paper also discusses the application of the rig in the final stages of testing of the process trip computer software, namely validation and reliability tests. It shows how random test cases are generated, test scripts prepared and automatically run on the test rig. The versatility of the rig is further demonstrated in other types of testing such as sub-system tests, verification of the test oracle, testing of newly-developed test script, self-test and calibration. (author). 5 tabs., 10 figs.
Thai, N.D.; McDonald, A.M.
This paper describes a versatile test rig developed by AECL for functional testing of safety-critical software used in the process trip computers of the Wolsong CANDU stations. The description covers the hardware and software aspects of the test rig, the test language and its interpreter, and other major testing software utilities such as the test oracle, sampler and profiler. The paper also discusses the application of the rig in the final stages of testing of the process trip computer software, namely validation and reliability tests. It shows how random test cases are generated, test scripts prepared and automatically run on the test rig. The versatility of the rig is further demonstrated in other types of testing such as sub-system tests, verification of the test oracle, testing of newly-developed test script, self-test and calibration. (author). 5 tabs., 10 figs
Burczyk, L.; Dalesio, R.; Dingler, R.; Hill, J.; Howell, J.A.; Kerstiens, D.; King, R.; Kozubal, A.; Little, C.; Martz, V.; Rothrock, R.; Sutton, J.
This paper reports on the GTA control system that provides an environment in which the automation of a state-of-the-art accelerator can be developed. It makes use of commercially available computers, workstations, computer networks, industrial 110 equipment, and software. This system has built-in supervisory control (like most accelerator control systems), tools to support continuous control (like the process control industry), and sequential control for automatic start-up and fault recovery (like few other accelerator control systems). Several software tools support these levels of control: a real-time operating system (VxWorks) with a real-time kernel (VRTX), a configuration database, a sequencer, and a graphics editor. VxWorks supports multitasking, fast context-switching, and preemptive scheduling. VxWorks/VRTX is a network-based development environment specifically designed to work in partnership with the UNIX operating system. A data base provides the interface to the accelerator components. It consists of a run time library and a database configuration and editing tool. A sequencer initiates and controls the operation of all sequence programs (expressed as state programs). A graphics editor gives the user the ability to create color graphic displays showing the state of the machine in either text or graphics form
Tang Shuming; Na Xiangyin; Chen Jiansong; Yu Yulan
New BEPC (Beijing electron Positron collider) interlock system has been built in order to improve the reliability of personnel safety and interlock functions. Moreover, the system updates BEPC operation message once every 6 seconds, which are displayed on TV screens at the major entrances. Since March of 1996, new BEPC interlock system has been operating reliably. The hardware of the system is based on Programmable Logic Controllers (PLC). A multimedia IBM/PC-586 as the host computer of the PLCs, monitors the PLC system via serial port COM2. The PC communicates with the central computer VAX-4500 of BEPC control system and gets operating massage of the accelerator through serial port COM3. The application software on the host computer has been developed. Visual C++ for MS-Windows 3.2 TM is selected as the work bench. It provides nice tools for building programs, such as APP STUDIO, CLASS WIZARD, APP WIZARD and debugger tool. The author describes the design idea and the structure of the application software. Error tolerance is taken into consideration. The author also presents a small database and its data structure for the application
Cui, Chenzhou; Zhao, Yong-Heng; Wang, Xiaoqian; Sang, Jian; Luo, Ze
Virtual Observatory (VO) is a collection of interoperating data archives and software tools. Taking advantages of the latest information technologies, it aims to provide a data-intensively online research environment for astronomers all around the world. A large number of high-qualified astronomical software packages and libraries are powerful and easy of use, and have been widely used by astronomers for many years. Integrating those toolkits into the VO system is a necessary and important task for the VO developers. VO architecture greatly depends on Grid and Web services, consequently the general VO integration route is "Java Ready - Grid Ready - VO Ready". In the paper, we discuss the importance of VO integration for existing toolkits and discuss the possible solutions. We introduce two efforts in the field from China-VO project, "gImageMagick" and "Galactic abundance gradients statistical research under grid environment". We also discuss what additional work should be done to convert Grid service to VO service.
The magnetical phase transitions of CsCoCl 3 .2H 2 O and CsCoCl 3 .2D 2 O are investigated by neutron diffraction techniques with special attention to the critical points in the phase diagrams. CsCoCl 3 .2H 2 O turned out to be a one-dimentional magnetic antiferromagnet with ferromagnetic and antiferromagnetic interactions. In the vicinity of the Neel point, the critical behavior in zero magnetic field could be described as a three-dimentional long range ordering, while the fluctuations in the system are one-dimensional. In the presence of a magnetic field, the behavior of the system in the critical region of the magnetic phase diagram between the Neel temperature at zero field (3.3degK) and 1.85degK, was in good agreement with the theory. Below 1.85degK, the phase transition in a magnetic field changes into a line of triple points whose end point could be identified as a tricritical point, i.e., an intersection of three critical lines. The parameters derived from observations in the neighborhood of this tricritical point obey the scaling laws but are not in numerical agreement with theoretical predictions
Hinchey, Michael G.; Sterritt, Roy; Pena, Joaquin; Rouff, Christopher A.
We discuss two software engineering aspects in the development of complex swarm-based systems. NASA researchers have been investigating various possible concept missions that would greatly advance future space exploration capabilities. The concept mission that we have focused on exploits the principles of autonomic computing as well as being based on the use of intelligent swarms, whereby a (potentially large) number of similar spacecraft collaborate to achieve mission goals. The intent is that such systems not only can be sent to explore remote and harsh environments but also are endowed with greater degrees of protection and longevity to achieve mission goals.
White, V.; Heinicke, P.; Berman, E.
The VAXONLINE software system, started in late 1984, is now in use at 12 experiments at Fermilab, with at least one VAX or MicroVax. Data acquisition features now provide for the collection and combination of data from one or more sources, via a list-driven Event Builder program. Supported sources include CAMAC, FASTBUS, Front-end PDP-11's, Disk, Tape, DECnet, and other processors running VAXONLINE. This paper describes the functionality provided by the VAXONLINE system, gives performance figures, and discusses the ongoing program of enhancements
Blackshire, James L.
A software package was developed to provide a Digital PIV (DPIV) capability for NASA LaRC. The system provides an automated image capture, test correlation, and autocorrelation analysis capability for the Kodak Megaplus 1.4 digital camera system for PIV measurements. The package includes three separate programs that, when used together with the PIV data validation algorithm, constitutes a complete DPIV analysis capability. The programs are run on an IBM PC/AT host computer running either Microsoft Windows 3.1 or Windows 95 using a 'quickwin' format that allows simple user interface and output capabilities to the windows environment.
The Darlington Nuclear Generating Station is a new station, consisting of four 935 Mw units, built by Ontario Hydro, on the north shore of Lake Ontario, approximately 50 miles east of Toronto. In May, 1987, the first of the four units of this station was approaching the point where Ontario Hydro would be requesting a license to load fuel, and then proceed to first criticality. At this point, however, the regulatory authority, the Atomic Energy Control Board (AECB) started to show increasing concerns related to the Trip Computer Software associated with Darlington's newly-designed computerized shutdown systems. The concerns centered around whether or not the safety reliability, reviewability, and maintainability of this software could be demonstrated by Ontario Hydro or the system designer, Atomic Energy of Canada Limited (AECL). In order to back up the validity of their concerns, they hired a well-known consultant, who reviewed the code, and made recommendations concerning its design, implementation, and documentation. Considerable effort was required by Ontario Hydro and AECL in order to comply with those recommendations. This paper describes those efforts, outlines the difficulties encountered, and assesses the lessons learned from them
Masse, A.; Abeguile, F.
The authors briefly present the CIRCEE software which has been developed to assess doses, dose rates and ambient dose equivalent rates induced by neutrons and gamma radiations produced by fission and secondary gamma radiations through 3D public works in a nuclear installation almost in real time. It is meant to be used in case of criticality accident. They present the methodology, the scope and domain of application, the software operating mode
Orr, James K.; Peltier, Daryl
Thsi slide presentation reviews the avionics software system on board the space shuttle, with particular emphasis on the quality and reliability. The Primary Avionics Software System (PASS) provides automatic and fly-by-wire control of critical shuttle systems which executes in redundant computers. Charts given show the number of space shuttle flights vs time, PASS's development history, and other charts that point to the reliability of the system's development. The reliability of the system is also compared to predicted reliability.
Bourgeois, N.A. Jr.
Sandia Laboratories has been assigned the task by the Base and Installation Security Systems (BISS) Program Office to develop various aspects of perimeter security systems. One part of this effort involves the development of advanced signal processing techniques to reduce the false and nuisance alarms from sensor systems while improving the probability of intrusion detection. The need existed for both data acquisition hardware and software. Also, the hardware is used to implement and test the signal processing algorithms in real time. The hardware developed for this signal processing task is the Data Acquisition and Test System (DATS). The programs developed for use on DATS are described. The descriptions are taken directly from the documentation included within the source programs themselves
Full Text Available Three decades of creating software to support design rationale showed the author how rationale processes can promote generation of novel ideas. Rationale can promote creative design by promoting critical conversations among designers and other project participants. Critical conversations intertwine ideation and evaluation, using feedback about consequences of decisions to challenge designers to devise new ideas. Such conversations take two forms. The first is discussion involving feedback from speculation about consequences of design decisions for implementation and use. The second is discussion involving feedback from actual experiences of implementation and use of the software being designed. The former is purely a process of reflective discourse, the latter a process of situated cognition involving both action and reflective discourse. Thus, the former is pure argumentation, the latter situated argumentation. Exploiting the full potential of critical conversations for creative design requires rethinking rationale methods and integrating them into software supporting implementation and use.
Tawanda B. Chiyangwa
Full Text Available Background: The continued in failure of agile and traditional software development projects have led to the consideration, attention and dispute to critical success factors that are the aspects which are most vital to make a software engineering methodology fruitful. Although there is an increasing variety of critical success factors and methodologies, the conceptual frameworks which have causal relationship are limited. Objective: The objective of this study was to identify and provide insights into the critical success factors that influence the success of software development projects using agile methodologies in South Africa. Method: Quantitative method of collecting data was used. Data were collected in South Africa through a Web-based survey using structured questionnaires. Results: These results show that organisational factors have a great influence on performance expectancy characteristics. Conclusion: The results of this study discovered a comprehensive model that could provide guidelines to the agile community and to the agile professionals.
This module describes the concepts and methods used in the software design of real time systems . It outlines the characteristics of real time systems , describes...the role of software design in real time system development, surveys and compares some software design methods for real - time systems , and
Graydon, Patrick J.; Holloway, C. M.
Safe use of software in safety-critical applications requires well-founded means of determining whether software is fit for such use. While software in industries such as aviation has a good safety record, little is known about whether standards for software in safety-critical applications 'work' (or even what that means). It is often (implicitly) argued that software is fit for safety-critical use because it conforms to an appropriate standard. Without knowing whether a standard works, such reliance is an experiment; without carefully collecting assessment data, that experiment is unplanned. To help plan the experiment, we organized a workshop to develop practical ideas for assessing software safety standards. In this paper, we relate and elaborate on the workshop discussion, which revealed subtle but important study design considerations and practical barriers to collecting appropriate historical data and recruiting appropriate experimental subjects. We discuss assessing standards as written and as applied, several candidate definitions for what it means for a standard to 'work,' and key assessment strategies and study techniques and the pros and cons of each. Finally, we conclude with thoughts about the kinds of research that will be required and how academia, industry, and regulators might collaborate to overcome the noted barriers.
... NUCLEAR REGULATORY COMMISSION [NRC-2012-0195] Software Requirement Specifications for Digital Computer Software Used in Safety Systems of Nuclear Power Plants AGENCY: Nuclear Regulatory Commission... issuing a revised regulatory guide (RG), revision 1 of RG 1.172, ``Software Requirement Specifications for...
Ichiyen, M.M.; Joannou, P.K.
Recently two methodologies were developed that comply with a high safety critical standard: the Rational Design Process, which can be characterized as a methodology based on state machines where the required behaviour of the software is defined using mathematical functions written in a notation which has a well defined syntax and semantics, and the Integrated Approach, which uses a graphical functional notation to specify the functional software requirements. The first implementations based on the two methodologies are discussed. Results from all phases of testing show a remarkably low number of errors, demonstrating that the new methodologies have indeed led to a higher demonstrable level of software reliability. (orig./HP) [de
Kelly, John C.; Sigal, Burton C.; Gindorf, Tom
The Software QA / V&V guide will be reviewed and updated based on feedback from NASA organizations and others with a vested interest in this area. Hardware, EEE Parts, Reliability, and Systems Safety are a sample of the future guides that will be developed. Cost Estimates, Lessons Learned, Probability of Failure and PACTS (Prevention, Avoidance, Control or Test) are needed to provide a more complete risk management strategy. This approach to risk management is designed to help balance the resources and program content for risk reduction for NASA's changing environment.
Whiting, M.; Wilkins, M.; Stiles, D.
The Automated Remedial Analysis Methodology (ARAM) software system has been developed by the Pacific Northwest Laboratory to assist the U.S. Department of Energy (DOE) in evaluating cleanup options for over 10,000 contaminated sites across the DOE complex. The automated methodology comprises modules for decision logic diagrams, technology applicability and effectiveness rules, mass balance equations, cost and labor estimating factors and equations, and contaminant stream routing. ARAM is used to select technologies for meeting cleanup targets; determine the effectiveness of the technologies in destroying, removing, or immobilizing contaminants; decide the nature and amount of secondary waste requiring further treatment; and estimate the cost and labor involved when applying technologies
Tausworthe, R. C.
The CRISP90 Software Design Analyzer System, an update of CRISP-80, is a set of programs forming a software design and documentation tool which supports top-down, hierarchic, modular, structured design and programming methodologies. The quality of a computer program can often be significantly influenced by the design medium in which the program is developed. The medium must foster the expression of the programmer's ideas easily and quickly, and it must permit flexible and facile alterations, additions, and deletions to these ideas as the design evolves. The CRISP90 software design analyzer system was developed to provide the PDL (Programmer Design Language) programmer with such a design medium. A program design using CRISP90 consists of short, English-like textual descriptions of data, interfaces, and procedures that are imbedded in a simple, structured, modular syntax. The display is formatted into two-dimensional, flowchart-like segments for a graphic presentation of the design. Together with a good interactive full-screen editor or word processor, the CRISP90 design analyzer becomes a powerful tool for the programmer. In addition to being a text formatter, the CRISP90 system prepares material that would be tedious and error prone to extract manually, such as a table of contents, module directory, structure (tier) chart, cross-references, and a statistics report on the characteristics of the design. Referenced modules are marked by schematic logic symbols to show conditional, iterative, and/or concurrent invocation in the program. A keyword usage profile can be generated automatically and glossary definitions inserted into the output documentation. Another feature is the capability to detect changes that were made between versions. Thus, "change-bars" can be placed in the output document along with a list of changed pages and a version history report. Also, items may be marked as "to be determined" and each will appear on a special table until the item is
This document establishers the Software Configuration Management Plan (SCMP) for the software associated with the control system of the Sodium Removal System (SRS) located in the Interim Examination and Maintenance (IEM Cell) Facility of the FFTF Flux Test
Frisch, Harold P.
All essential existing capabilities needed to create a man-machine interaction dynamics and performance (MMIDAP) capability are reviewed. The multibody system dynamics software program Order N DISCOS will be used for machine and musculo-skeletal dynamics modeling. The program JACK will be used for estimating and animating whole body human response to given loading situations and motion constraints. The basic elements of performance (BEP) task decomposition methodologies associated with the Human Performance Institute database will be used for performance assessment. Techniques for resolving the statically indeterminant muscular load sharing problem will be used for a detailed understanding of potential musculotendon or ligamentous fatigue, pain, discomfort, and trauma. The envisioned capacity is to be used for mechanical system design, human performance assessment, extrapolation of man/machine interaction test data, biomedical engineering, and soft prototyping within a concurrent engineering (CE) system.
Meshkov, N.K.; Camasta, S.F.; Gilbert, T.L.
A method for assessing management systems for low-level radioactive waste is being developed for US Department of Energy. The method is based on benefit-cost-risk analysis. Waste management is broken down into its component steps, which are generation, treatment, packaging, storage, transportation, and disposal. Several different alternatives available for each waste management step are described. A particular waste management system consists of a feasible combination of alternatives for each step. Selecting an optimal waste management system would generally proceed as follows: (1) qualitative considerations are used to narrow down the choice of waste management system alternatives to a manageable number; (2) the costs and risks for each of these system alternatives are evaluated; (3) the number of alternatives is further reduced by eliminating alternatives with similar risks but higher costs, or those with similar costs but higher risks; (4) a trade-off factor between cost and risk is chosen and used to compute the objective function (sum of the cost and risk); and (5) the selection of the optimal waste management system among the remaining alternatives is made by choosing the alternative with the smallest value for the objective function. The authors propose that the REGINALT software system, developed by EG and G Idaho, Inc., as an acid for managers of low-level commerical waste, be augmented for application to the managment of DOE-generated waste. Specific recommendations for modification of the REGINALT system are made. 51 refs., 3 figs., 2 tabs
After a short review of the hardware and/or software tools for the development of single-chip, fixed instruction set microprocessor-based sytems we focus on the software tools for designing systems based on microprogrammed bit-sliced microprocessors. Emphasis is placed on meta-microassemblers and simulation facilties at the register-transfer-level and architecture level. We review available meta-microassemblers giving their most important features, advantages and disadvantages. We also make extentions to higher-level microprogramming languages and associated systems specifically developed for bit-slices. In the area of simulation facilities we first discuss the simulation objectives and the criteria for chosing the right simulation language. We consertrate to simulation facilities already used in bit-slices projects and discuss the gained experience. We conclude by describing the way the Signetics meta-microassembler and the ISPS simulation tool have been employed in the design of a fast microprogrammed machine, called MICE, made out of ECL bit-slices. (orig.)
... 14 Aeronautics and Space 4 2010-01-01 2010-01-01 false Computing systems and software. 415.123... Launch Vehicle From a Non-Federal Launch Site § 415.123 Computing systems and software. (a) An applicant's safety review document must describe all computing systems and software that perform a safety...
Wheeler, G.M.; Bessey, E.G.; McGill, R.D.; Vischer, K.
The project goal was to develop a software tool, AIRMaster, and a methodology for performing compressed air system audits. AIRMaster and supporting manuals are designed for general auditors or plant personnel to evaluate compressed air system operation with simple instrumentation during a short-term audit. AIRMaster provides a systematic approach to compressed air system audits, analyzing collected data, and reporting results. AIRMaster focuses on inexpensive Operation and Maintenance (O and M) measures, such as fixing air leaks and improving controls that can significantly improve performance and reliability of the compressed air system, without significant risk to production. An experienced auditor can perform an audit, analyze collected data, and produce results in 2--3 days. AIRMaster reduces the cost of an audit, thus freeing funds to implement recommendations. The AIRMaster package includes an Audit Manual, Software and User's manual, Analysis Methodology Manual, and a Case Studies summary report. It also includes a Self-Guided Tour booklet to help users quickly screen a plant for efficiency improvement potentials, and an Industrial Compressed Air Systems Energy Efficiency Guidebook. AIRMaster proved to be a fast and effective audit tool. In sever audits AIRMaster identified energy savings of 4,056,000 kWh, or 49.2% of annual compressor energy use, for a cost savings of $152,000. Total implementation costs were $94,700 for a project payback period of 0.6 years. Available airflow increased between 11% and 51% of plant compressor capacity, leading to potential capital benefits from 40% to 230% of first year energy savings
Kim, Chang Ho; Oh, Do Young; Kim, Koh Eun; Choi, Woong Seock; Sohn, Se Do; Kim, Jae Hack; Kim, Hang Bae [KEPCO E and C, Daejeon (Korea, Republic of)
The Integrated SOftware Development Environment (ISODE) is developed to provide the major S/W life cycle processes that are composed of development process, V/V process, requirements traceability process, and automated document generation process and target importing process to Programmable Logic Controller (PLC) platform. This provides critical safety software developers with a certified, domain optimized, model-based development environment, and the associated services to reduce time and efforts to develop software such as debugging, simulation, code generation and document generation. This also provides critical safety software verifiers with integrated V/V features of each phase of the software life cycle using appropriate tools such as model test coverage, formal verification, and automated report generation. In addition to development and verification, the ISODE gives a complete traceability solution from the SW design phase to the testing phase. Using this information, the coverage and impact analysis can be done easily whenever software modification is necessary. The final source codes of ISODE are imported into the newly developed PLC environment, as a module based after automatically converted into the format required by PLC. Additional tests for module and unit level are performed on the target platform.
Kim, Chang Ho; Oh, Do Young; Kim, Koh Eun; Choi, Woong Seock; Sohn, Se Do; Kim, Jae Hack; Kim, Hang Bae
The Integrated SOftware Development Environment (ISODE) is developed to provide the major S/W life cycle processes that are composed of development process, V/V process, requirements traceability process, and automated document generation process and target importing process to Programmable Logic Controller (PLC) platform. This provides critical safety software developers with a certified, domain optimized, model-based development environment, and the associated services to reduce time and efforts to develop software such as debugging, simulation, code generation and document generation. This also provides critical safety software verifiers with integrated V/V features of each phase of the software life cycle using appropriate tools such as model test coverage, formal verification, and automated report generation. In addition to development and verification, the ISODE gives a complete traceability solution from the SW design phase to the testing phase. Using this information, the coverage and impact analysis can be done easily whenever software modification is necessary. The final source codes of ISODE are imported into the newly developed PLC environment, as a module based after automatically converted into the format required by PLC. Additional tests for module and unit level are performed on the target platform
Wright, J; Wagner, A
Abstract Background Research in the field of systems biology requires software for a variety of purposes. Software must be used to store, retrieve, analyze, and sometimes even to collect the data obtained from system-level (often high-throughput) experiments. Software must also be used to implement mathematical models and algorithms required for simulation and theoretical predictions on the system-level. Results We introduce a free, easy-to-use, open-source, integrated software platform calle...
Kim, Jang Yeol; Lee, Young Jun; Cha, Kyung Ho; Cheon, Se Woo; Lee, Jang Soo; Kwon, Kee Choon [Korea Atomic Energy Research Institute, Daejeon (Korea, Republic of); Kong, Seung Ju [Korea Hydro and Nuclear Power Co., Ltd, Daejeon (Korea, Republic of)
This paper addresses the Verification an Validation(V and V) process and the methodology for an embedded real time software of a safety-grade Programmable Logic Controller(PLC). This safety-grade PLC is being developed as one of the Korean Nuclear Instrumentation and Control System(KNICS) project KNICS projects are developing a Reactor Protection System(RPS) and an Engineered Safety Feature-Component Control System(ESF-CCS) as well as a safety-grade PLC. The safety-grade PLC will be a major component that encomposes the RPS systems and the ESF-CCS systems as nuclear instruments and control equipment. This paper describes the V and V guidelines an procedures, V and V environment, V and V process and methodology, and the V and V tools in the KNICS projects. Specifically, it describes the real-time operating system V and V experience which corresponds to the requirement analysis phase, design phase and the implementation and testing phase of the software development life cycle. Main activities of the V and V for the PLC system software are a technical evaluation, licensing suitability evaluation, inspection and traceability analysis, formal verification, software safety analysis, and a software configuration management. The proposed V and V methodology satisfies the Standard Review Plan(SRP)/Branch Technical Position(BTP)-14 criteria for the safety software in nuclear power plants. The proposed V and V methodology is going to be used to verify the upcoming software life cycle in the KNICS projects.
Kim, Jang Yeol; Lee, Young Jun; Cha, Kyung Ho; Cheon, Se Woo; Lee, Jang Soo; Kwon, Kee Choon; Kong, Seung Ju
This paper addresses the Verification an Validation(V and V) process and the methodology for an embedded real time software of a safety-grade Programmable Logic Controller(PLC). This safety-grade PLC is being developed as one of the Korean Nuclear Instrumentation and Control System(KNICS) project KNICS projects are developing a Reactor Protection System(RPS) and an Engineered Safety Feature-Component Control System(ESF-CCS) as well as a safety-grade PLC. The safety-grade PLC will be a major component that encomposes the RPS systems and the ESF-CCS systems as nuclear instruments and control equipment. This paper describes the V and V guidelines an procedures, V and V environment, V and V process and methodology, and the V and V tools in the KNICS projects. Specifically, it describes the real-time operating system V and V experience which corresponds to the requirement analysis phase, design phase and the implementation and testing phase of the software development life cycle. Main activities of the V and V for the PLC system software are a technical evaluation, licensing suitability evaluation, inspection and traceability analysis, formal verification, software safety analysis, and a software configuration management. The proposed V and V methodology satisfies the Standard Review Plan(SRP)/Branch Technical Position(BTP)-14 criteria for the safety software in nuclear power plants. The proposed V and V methodology is going to be used to verify the upcoming software life cycle in the KNICS projects
Kristianti, Y.; Prabawanto, S.; Suhendra, S.
This study aims to examine the ability of critical thinking and students who attain learning mathematics with learning model ASSURE assisted Autograph software. The design of this study was experimental group with pre-test and post-test control group. The experimental group obtained a mathematics learning with ASSURE-assisted model Autograph software and the control group acquired the mathematics learning with the conventional model. The data are obtained from the research results through critical thinking skills tests. This research was conducted at junior high school level with research population in one of junior high school student in Subang Regency of Lesson Year 2016/2017 and research sample of class VIII student in one of junior high school in Subang Regency for 2 classes. Analysis of research data is administered quantitatively. Quantitative data analysis was performed on the normalized gain level between the two sample groups using a one-way anova test. The results show that mathematics learning with ASSURE assisted model Autograph software can improve the critical thinking ability of junior high school students. Mathematical learning using ASSURE-assisted model Autograph software is significantly better in improving the critical thinking skills of junior high school students compared with conventional models.
Schumann, Johann; Gundy-Burlet, Karen; Pasareanu, Corina; Menzies, Tim; Barrett, Tony
The analysis of large and complex parameterized software systems, e.g., systems simulation in aerospace, is very complicated and time-consuming due to the large parameter space, and the complex, highly coupled nonlinear nature of the different system components. Thus, such systems are generally validated only in regions local to anticipated operating points rather than through characterization of the entire feasible operational envelope of the system. We have addressed the factors deterring such an analysis with a tool to support envelope assessment: we utilize a combination of advanced Monte Carlo generation with n-factor combinatorial parameter variations to limit the number of cases, but still explore important interactions in the parameter space in a systematic fashion. Additional test-cases, automatically generated from models (e.g., UML, Simulink, Stateflow) improve the coverage. The distributed test runs of the software system produce vast amounts of data, making manual analysis impossible. Our tool automatically analyzes the generated data through a combination of unsupervised Bayesian clustering techniques (AutoBayes) and supervised learning of critical parameter ranges using the treatment learner TAR3. The tool has been developed around the Trick simulation environment, which is widely used within NASA. We will present this tool with a GN&C (Guidance, Navigation and Control) simulation of a small satellite system.
Carpenter, B.E.; Cailliau, R.; Cuisinier, G.; Remmer, W.
The PS complex consists of 10 different interconnected accelerators or storage rings, mainly controlled by the same distributed system of NORD-10 and ND-100 minicomputers. After a brief outline of the hardware, this report gives a detailed description of the system software, which is based on the SINTRAN III operating system. It describes the general layout of the software, the network, CAMAC access, programming languages, program development, and microprocessor support. It concludes with reviews of performance, documentation, organization and methods, and future prospects. (orig.)
Allen, J.; Chang, C.; Estep, P.; Huang, J.; Liu, J.; Marquez, M.; Mestad, S.; Pan, J.; Traversat, B.
Large and costly detectors will be constructed during the next few years to study the interactions produced by the SSC. Efficient, cost-effective designs for these detectors will require careful thought and planning. Because it is not possible to test fully a proposed design in a scaled-down version, the adequacy of a proposed design will be determined by a detailed computer model of the detectors. Physics and detector simulations will be performed on the computer model using high-powered computing system at the Physics Detector Simulation Facility (PDSF). The SSCL has particular computing requirements for high-energy physics (HEP) Monte Carlo calculations for the simulation of SSCL physics and detectors. The numerical calculations to be performed in each simulation are lengthy and detailed; they could require many more months per run on a VAX 11/780 computer and may produce several gigabytes of data per run. Consequently, a distributed computing environment of several networked high-speed computing engines is envisioned to meet these needs. These networked computers will form the basis of a centralized facility for SSCL physics and detector simulation work. Our computer planning groups have determined that the most efficient, cost-effective way to provide these high-performance computing resources at this time is with RISC-based UNIX workstations. The modeling and simulation application software that will run on the computing system is usually written by physicists in FORTRAN language and may need thousands of hours of supercomputing time. The system software is the ''glue'' which integrates the distributed workstations and allows them to be managed as a single entity. This report will address the computing strategy for the SSC
on the Peregrine System Software on the Peregrine System NREL maintains a variety of applications environment modules for use on Peregrine. Applications View list of software applications by name and research area/discipline. Libraries View list of software libraries available for linking and loading
Esperon, Agustin I; Munoz, Jose P; Tanneau, Jean M
.... The companies involved were THALES and GMV. The MILOS project aimed to demonstrate benefits of Open Source Software in large software based military systems, by casting off constraints inherent to traditional proprietary COTS and by taking...
Wilcox, Russell E.
Describes the design and delivery of a college course for information system students utilizing a Computer-Aided Software Engineering program. Discusses class assignments, cooperative learning, student attitudes, and the advantages of using this software in the course. (CW)
Demirezen, Zekai; Tanik, Murat M.; Aksit, Mehmet; Skjellum, Anthony
We observed that before initiating software development the objectives are minimally organized and developers introduce comparatively higher organization throughout the design process. To be able to formally capture this observation, a new communication channel representation system for software is
Tordrup Heeager, Lise; Nielsen, Peter Axel
challenges of agile software development of safety-critical systems. The conceptual model consists of four problematic practice areas and five relationships, which we find to be even more important than the problematic areas. From this review, we suggest that there are important research gaps that need...... processes or agile processes that are purportedly faster and promise to lead to better products. Objective: To identify the issues and disputes in agile development of safety-critical software and the key qualities as found in the extant research literature. Method: We conducted a systematic literature...... review as an interpretive study following a research design to search, assess, extract, group, and understand the results of the found studies. Results: There are key issues and propositions that we elicit from the literature and combine into a conceptual model for understanding the foundational...
EDAptive Computing Inc.'s (ECI) EDAstar engineering software tool suite, created to capture and validate system design requirements, was significantly funded by NASA's Ames Research Center through five Small Business Innovation Research (SBIR) contracts. These programs specifically developed Syscape, used to capture executable specifications of multi-disciplinary systems, and VectorGen, used to automatically generate tests to ensure system implementations meet specifications. According to the company, the VectorGen tests considerably reduce the time and effort required to validate implementation of components, thereby ensuring their safe and reliable operation. EDASHIELD, an additional product offering from ECI, can be used to diagnose, predict, and correct errors after a system has been deployed using EDASTAR -created models. Initial commercialization for EDASTAR included application by a large prime contractor in a military setting, and customers include various branches within the U.S. Department of Defense, industry giants like the Lockheed Martin Corporation, Science Applications International Corporation, and Ball Aerospace and Technologies Corporation, as well as NASA's Langley and Glenn Research Centers
Full Text Available This paper describes the visual software system for memory interleaving simulation (VSMIS, implemented for the purpose of the course Computer Architecture and Organization 1, at the School of Electrical Engineering, University of Belgrade. The simulator enables students to expand their knowledge through practical work in the laboratory, as well as through independent work at home. VSMIS gives users the possibility to initialize parts of the system and to control simulation steps. The user has the ability to monitor simulation through graphical representation. It is possible to navigate through the entire hierarchy of the system using simple navigation. During the simulation the user can observe and set the values of the memory location. At any time, the user can reset the simulation of the system and observe it for different memory states; in addition, it is possible to save the current state of the simulation and continue with the execution of the simulation later. [Project of the Serbian Ministry of Education, Science and Technological Development, Grant no. III44009
Kennedy Space Center has been the heart of human space flight for decades. From the Apollo Program to the Space Shuttle Program, and now to the coming Space Launch System (SLS) and Orion, NASA will be a leader in deep space exploration for mankind. Before any rockets blast off, there is significant work to be done in preparation for launch. People working on all aspects of spaceflight must contribute by developing new technology that has yet to participate in a successful launch, and which can work with technology already proven in flight. These innovations, whether hardware or software, must be tried and true, and includes the projects to which interns contribute to. For this internship, the objective was to create a data recording system for the developers of a LCS section that records certain messages in the traffic of the system. Developers would then be able to use these recordings for analysis later on, either manually or by an automated test. The tool would be of convenience to a developer as it would be used if the system's main data recorder was not available for tests.
The benefits of automatic-application code generation are widely accepted within the software engineering community. These benefits include raised abstraction level of application programming, shorter product development time, lower maintenance costs, and increased code quality and consistency. Surprisingly, code generation concepts have not yet found wide acceptance and use in the field of programmable logic controller (PLC) software development. Software engineers at Kennedy Space Center recognized the need for PLC code generation while developing the new ground checkout and launch processing system, called the Launch Control System (LCS). Engineers developed a process and a prototype software tool that automatically translates a high-level representation or specification of application software into ladder logic that executes on a PLC. All the computer hardware in the LCS is planned to be commercial off the shelf (COTS), including industrial controllers or PLCs that are connected to the sensors and end items out in the field. Most of the software in LCS is also planned to be COTS, with only small adapter software modules that must be developed in order to interface between the various COTS software products. A domain-specific language (DSL) is a programming language designed to perform tasks and to solve problems in a particular domain, such as ground processing of launch vehicles. The LCS engineers created a DSL for developing test sequences of ground checkout and launch operations of future launch vehicle and spacecraft elements, and they are developing a tabular specification format that uses the DSL keywords and functions familiar to the ground and flight system users. The tabular specification format, or tabular spec, allows most ground and flight system users to document how the application software is intended to function and requires little or no software programming knowledge or experience. A small sample from a prototype tabular spec application is
Cox, Nora; Pilbauer, Jan
Payments Canada provides Canada's national payments systems and is responsible for the clearing and settlement infrastructure, processes and rules that underpin the exchange of billions of dollars each day through the Canadian economy. Strategic sourcing is a reality for this small organisation with a broad scope of national regulations and global standards to comply with. This paper outlines Payments Canada's approach to outsourcing its critical financial system operations, which centres on four key principles: strong relationship management; continuous learning, recording and reporting; evaluating the business landscape; and a commitment to evolving the organisation to greater resilience. This last point is covered in detail with an exploration of the organisation's resilience and security strategy as well as its risk appetite. As Payments Canada progresses to its future state, which includes modernising its core payment systems, underlying rules and standards, risk management for the industry as a whole will remain at the forefront of its collective mind. The expectation is that outsourcing will remain a fundamental element of its operating model in future, a strategy that will ensure the organisation can focus on its core business competencies and eliminate the need to develop and support in-house expertise in commodity areas.
Beerthuizen, P.G.; Kruidhof, W.
The European Robotic Arm (ERA) is a seven degrees of freedom relocatable anthropomorphic robotic manipulator system, to be used in manned space operation on the International Space Station, supporting the assembly and external servicing of the Russian segment. The safety design concept and implementation of the ERA is described, in particular with respect to the central computer's software design. A top-down analysis and specification process is used to down flow the safety aspects of the ERA system towards the subsystems, which are produced by a consortium of companies in many countries. The user requirements documents and the critical function list are the key documents in this process. Bottom-up analysis (FMECA) and test, on both subsystem and system level, are the basis for safety verification. A number of examples show the use of the approach and methods used
Accurate critical function status information is a key to operator decision-making during events threatening nuclear power plant safety. The Critical Function Monitoring System provides continuous critical function status monitoring by use of algorithms which mathematically represent the processes by which an operating staff would determine critical function status. This paper discusses in detail the systematic design methodology employed to develop adequate Critical Function Monitoring System algorithms
Yemelyanov, V. A.; Yemelyanova, N. Y.; Morozova, O. A.; Nedelkin, A. A.
The paper presents data on the problem of diagnosing the lining condition at the iron and steel works. The authors propose and describe the structure of the specialized computer system to diagnose critical lined equipment. The relative results of diagnosing lining condition by the basic system and the proposed specialized computer system are presented. To automate evaluation of lining condition and support in making decisions regarding the operation mode of the lined equipment, the specialized software has been developed.
Wieczorek, Martin; Bons, Heinz
Software and systems quality is playing an increasingly important role in the growth of almost all - profit and non-profit - organisations. Quality is vital to the success of enterprises in their markets. Most small trade and repair businesses use software systems in their administration and marketing processes. Every doctor's surgery is managing its patients using software. Banking is no longer conceivable without software. Aircraft, trucks and cars use more and more software to handle their increasingly complex technical systems. Innovation, competition and cost pressure are always present i
This Software Configuration Management Plan (SCMP) describes the methodology for control of computer software developed and supported by the Systems Development and Integration (SD and I) organization of Lockheed Martin Services, Inc. (LMSI) for the Tank Monitor and Control System (TMACS). This plan controls changes to the software and configuration files used by TMACS. The controlled software includes the Gensym software package, Gensym knowledge base files developed for TMACS, C-language programs used by TMACS, the operating system on the production machine, language compilers, and all Windows NT commands and functions which affect the operating environment. The configuration files controlled include the files downloaded to the Acromag and Westronic field instruments
Claborn, G.W.; Mann, L.W.; Nielson, C.W.
The fact that Tritium Systems Test Assembly (TSTA) is an experimental facility makes it impossible and undesirable to try to forecast the exact software requirements. Thus the software had to be written in a manner that would allow modifications without compromising the safety requirements imposed by the handling of tritium. This suggested a multi-level approach to the software. In this approach (much like the ISO network model) each level is isolated from the level below and above by cleanly defined interfaces. For example, the subsystem support level interfaces with the subsystem hardware through the software support level. Routines in the software support level provide operations like ''OPEN VALVE'' and CLOSE VALVE'' to the subsystem level. This isolates the subsystem level from the actual hardware. This is advantageous because changes can occur in any level without the need for propagating the change to any other level. The TSTA control system consists of the hardware level, the data conversion level, the operator interface level, and the subsystem process level. These levels are described
Grant H. Kruger
Full Text Available Information overload of the anesthesiologist through technological advances have threatened the safety of patients under anesthesia in the operating room (OR. Traditional monitoring and alarm systems provide independent, spatially distributed indices of patient physiological state. This creates the potential to distract caregivers from direct patient care tasks. To address this situation, a novel reactive agent decision support system with graphical human machine interface was developed. The system integrates the disparate data sources available in the operating room, passes the data though a decision matrix comprising a deterministic physiologic rule base established through medical research. Patient care is improved by effecting change to the care environment by displaying risk factors and alerts as an intuitive color coded animation. The system presents a unified, contextually appropriate snapshot of the patient state including current and potential risk factors, and alerts of critical patient events to the operating room team without requiring any user intervention. To validate the efficacy of the system, a retrospective analysis focusing on the hypotension rules were performed. Results show that even with vigilant and highly trained clinicians, deviations from ideal patient care exist and it is here that the proposed system may allow more standardized and improved patient care and potentially outcomes.
Rosenthal, L E
Software is the component in a computer system that permits the hardware to perform the various functions that a computer system is capable of doing. The history of software and its development can be traced to the early nineteenth century. All computer systems are designed to utilize the "stored program concept" as first developed by Charles Babbage in the 1850s. The concept was lost until the mid-1940s, when modern computers made their appearance. Today, because of the complex and myriad tasks that a computer system can perform, there has been a differentiation of types of software. There is software designed to perform specific business applications. There is software that controls the overall operation of a computer system. And there is software that is designed to carry out specialized tasks. Regardless of types, software is the most critical component of any computer system. Without it, all one has is a collection of circuits, transistors, and silicone chips.
Advanced instrumentation and control systems are usually implemented using computers that monitor the instrumentation and issue commands to control elements. The control commands are based on instrument readings and software control logic. The reliability of the total system will be affected by the software design. When comparing software designs, an evaluation of how each design can contribute to the reliability of the system is desirable. Unfortunately, the science of reliability assessment of combined hardware and software systems is in its infancy. Reliability assessment of combined hardware/software systems is often based on over-simplified assumptions about software behavior. A new method of reliability assessment of combined software/hardware systems is presented. The method is based on a procedure called fault tree analysis which determines how component failures can contribute to system failure. Fault tree analysis is a well developed method for reliability assessment of hardware systems and produces quantitative estimates of failure probability based on component failure rates. It is shown how software control logic can be mapped into a fault tree that depicts both software and hardware contributions to system failure. The new method is important because it provides a way for quantitatively evaluating the reliability contribution of software designs. In many applications, this can help guide designers in producing safer and more reliable systems. An application to the nuclear power research industry is discussed
Full Text Available The chaotic systems are already known in the theory of chaos. In our paper will be analyzed the following chaotic systems: Rossler, Chua and Chen systems. All of them are systems of ordinary differential equations. By mathematical software Mathematica and MatLab, their graphical representation as continuous dynamical systems is already known. By computer simulations, via examples, the systems will be analyzed using AnyLogic software. We would like to present the way how ordinary differential equations are modeling with AnyLogic software, as one of the simplest software for use.
Tmeline(3), SECOMO(3), SEER(3), GSFC Software Engineering Lab Model(l), SLIM(4), SEER-SEM(l), SPQR (2), PRICE-S(2), internally-developed models(3), APMSS(1...3 " Timeline - 3 " SASET (Software Architecture Sizing Estimating Tool) - 2 " MicroMan 11- 2 * LCM (Logistics Cost Model) - 2 * SPQR - 2 * PRICE-S - 2
Lachmann, S. G.; Mckinstry, R. G.
The avionics experimental configuration of the considered system is briefly reviewed, taking into account the concept of an advanced air traffic management system, flight critical and noncritical functions, and display system characteristics. Cockpit displays and the navigation computer are examined. Attention is given to the functions performed in the navigation computer, major programs in the navigation computer, and questions of software development.
Wang, Yi-Min; Huang, Yennun; Fuchs, W. K.
In this paper, we describe a method of execution retry for bypassing software errors based on checkpointing, rollback, message reordering and replaying. We demonstrate how rollback techniques, previously developed for transient hardware failure recovery, can also be used to recover from software faults by exploiting message reordering to bypass software errors. Our approach intentionally increases the degree of nondeterminism and the scope of rollback when a previous retry fails. Examples from our experience with telecommunications software systems illustrate the benefits of the scheme.
Bates, Lakesha; Hong, Liang
The Telemetry and Science Data Software System (TSDSS) was designed to validate the operational health of a spacecraft, ease test verification, assist in debugging system anomalies, and provide trending data and advanced science analysis. In doing so, the system parses, processes, and organizes raw data from the Aquarius instrument both on the ground and while in space. In addition, it provides a user-friendly telemetry viewer, and an instant pushbutton test report generator. Existing ground data systems can parse and provide simple data processing, but have limitations in advanced science analysis and instant report generation. The TSDSS functions as an offline data analysis system during I&T (integration and test) and mission operations phases. After raw data are downloaded from an instrument, TSDSS ingests the data files, parses, converts telemetry to engineering units, and applies advanced algorithms to produce science level 0, 1, and 2 data products. Meanwhile, it automatically schedules upload of the raw data to a remote server and archives all intermediate and final values in a MySQL database in time order. All data saved in the system can be straightforwardly retrieved, exported, and migrated. Using TSDSS s interactive data visualization tool, a user can conveniently choose any combination and mathematical computation of interesting telemetry points from a large range of time periods (life cycle of mission ground data and mission operations testing), and display a graphical and statistical view of the data. With this graphical user interface (GUI), the data queried graphs can be exported and saved in multiple formats. This GUI is especially useful in trending data analysis, debugging anomalies, and advanced data analysis. At the request of the user, mission-specific instrument performance assessment reports can be generated with a simple click of a button on the GUI. From instrument level to observatory level, the TSDSS has been operating supporting
Smith, D.E.; Seeman, S.E.
An on-line, automated reasoning software system for verifying the actions of other software or human control systems has been developed. It was demonstrated by verifying the actions of an automated procedure generation system. The verifier uses an interactive theorem prover as its inference engine with the rules included as logical axioms. Operation of the verifier is generally transparent except when the verifier disagrees with the actions of the monitored software. Testing with an automated procedure generation system demonstrates the successful application of automated reasoning software for verification of logical actions in a diverse, redundant manner. A higher degree of confidence may be placed in the verified actions of the combined system
Jung, Hoan Sung; Seong, Poong Hyun
It has been a critical issue to predict the safety critical software reliability in nuclear engineering area. For many years, many researches have focused on the quantification of software reliability and there have been many models developed to quantify software reliability. Most software reliability models estimate the reliability with the failure data collected during the test assuming that the test environments well represent the operation profile. User's interest is however on the operational reliability rather than on the test reliability. The experiences show that the operational reliability is higher than the test reliability. With the assumption that the difference in reliability results from the change of environment, from testing to operation, testing environment factors comprising the aging factor and the coverage factor are developed in this paper and used to predict the ultimate operational reliability with the failure data in testing phase. It is by incorporating test environments applied beyond the operational profile into testing environment factors. The application results show that the proposed method can estimate the operational reliability accurately. (Author). 14 refs., 1 tab., 1 fig
Tasneem Abd El Hameed; Mahmoud Abd EL Latif; Sherif Kholief
Selecting the right method, right personnel and right practices, and applying them adequately, determine the success of software development. In this paper, a qualitative study is carried out among the critical factors of success from previous studies. The factors of success match with their relative principles to illustrate the most valuable factor for agile approach success, this paper also prove that the twelve principles poorly identified for few factors resulting from qualitative and qua...
Kuhrmann, Marco; O'Connor, Rory V.; Perry, Dewayne E.
The International Conference on Software and Systems Process (ICSSP), continuing the success of Software Process Workshop (SPW), the Software Process Modeling and Simulation Workshop (ProSim) and the International Conference on Software Process (ICSP) conference series, has become the established...... premier event in the field of software and systems engineering processes. It provides a leading forum for the exchange of research outcomes and industrial best-practices in process development from software and systems disciplines. ICSSP 2016 was held in Austin, Texas, from 14-15 May 2016, co......-located with the 38th International Conference on Software Engineering (ICSE). The theme of mICSSP 2016 was studying "Process(es) in Action" by recognizing that the AS-Planned and AS-Practiced processes can be quite different in many ways including their ows, their complexity and the evolving needs of stakeholders...
Lee, B.L. Jr.; D'Aquila, D.M.
The original validation report, POEF-T-3636, was documented in August 1994. The document was based on calculations that were executed during June through August 1992. The statistical analyses in Appendix C and Appendix D were completed in October 1993. This revision is written to clarify the margin of safety being used at Portsmouth for nuclear criticality safety calculations. This validation gives Portsmouth NCS personnel a basis for performing computerized KENO V.a calculations using the Lockheed Martin Nuclear Criticality Safety Software. The first portion of the document outlines basic information in regard to validation of NCSS using ENDF/B-IV 27-group cross sections on the IBM3090 at ORNL. A basic discussion of the NCSS system is provided, some discussion on the validation database and validation in general. Then follows a detailed description of the statistical analysis which was applied. The results of this validation indicate that the NCSS software may be used with confidence for criticality calculations at the Portsmouth Gaseous Diffusion Plant. For calculations of Portsmouth systems using the specified codes and systems covered by this validation, a maximum k eff including 2σ of 0.9605 or lower shall be considered as subcritical to ensure a calculational margin of safety of 0.02. The validation of NCSS on the IBM 3090 at ORNL was extended to include NCSS on the IBM 3090 at K-25
Ha, J. H.; Kim, M. K.; Chung, B. S.; Oh, H. C.; Seo, M. R.
Analog I and C systems have been replaced by digital I and C systems because the digital systems have many potential benefits to nuclear power plants in terms of operational and safety performance. For example, digital systems are essentially free of drifts, have higher data handling and storage capabilities, and provide improved performance by accuracy and computational capabilities. In addition, analog replacement parts become more difficult to obtain since they are obsolete and discontinued. There are, however, challenges to the introduction of digital technology into the nuclear power plants because digital systems are more complex than analog systems and their operation and failure modes are different. Especially, software, which can be the core of functionality in the digital systems, does not wear out physically like hardware and its failure modes are not yet defined clearly. Thus, some researches to develop the methodology for software reliability assessment are still proceeding in the safety-critical areas such as nuclear system, aerospace and medical devices. Among them, software metric-based methodology has been considered for the digital I and C systems of Korean nuclear power plants. Advantages and limitations of that methodology are identified and requirements for its application to the digital I and C systems are considered in this study
Reporting software programs provide formatted listings and summary reports of the Software Engineering Laboratory (SEL) data base contents. The operating procedures and system information for 18 different reporting software programs are described. Sample output reports from each program are provided.
Peterson, Eric M.
This report documents applications of ARP4754A to the development of modern computer-based (i.e., digital electronics, software and network-based) aircraft systems. This study is to offer insight and provide educational value relative to the guidelines in ARP4754A and provide an assessment of the current state-of-the- practice within industry and regulatory bodies relative to development assurance for complex and safety-critical computer-based aircraft systems.
Liu Zhaohui; Yang Xiaohua; Liao Longtao; Wu Zhiqiang
The digitalized Instrumentation and Control (I and C) system of Nuclear power plants can provide many advantages. However, digital control systems induce new failure modes that differ from those of analog control systems. While the cost effectiveness and flexibility of software is widely recognized, it is very difficult to achieve and prove high levels of dependability and safety assurance for the functions performed by process control software, due to the very flexibility and potential complexity of the software itself. Software safety analysis (SSA) was one way to improve the software safety by identify the system hazards caused by software failure. This paper describes the application of a software fault tree analysis (SFTA) at the software design phase. At first, we evaluate all the software modules of the reactor power regulating system in nuclear power plant and identify various hazards. The SFTA was applied to some critical modules selected from the previous step. At last, we get some new hazards that had not been identified in the prior processes of the document evaluation which were helpful for our design. (author)
Femec, D.A.; Killian, E.W.
To assist in the characterization of the radiological contents of contract-handled waste containers at the Stored Waste Examination Pilot Plant (SWEPP), the SWEPP Gamma-Ray Spectrometer (SGRS) System has been developed by the Radiation Measurements and Development Unit of the Idaho National Engineering Laboratory. The SGRS system software controls turntable and detector system activities. In addition to determining the concentrations of gamma-ray-emitting radionuclides, this software also calculates attenuation-corrected isotopic mass ratios of-specific interest. This document describes the software design for the data acquisition and analysis software associated with the SGRS system
Femec, D.A.; Killian, E.W.
To assist in the characterization of the radiological contents of contract-handled waste containers at the Stored Waste Examination Pilot Plant (SWEPP), the SWEPP Gamma-Ray Spectrometer (SGRS) System has been developed by the Radiation Measurements and Development Unit of the Idaho National Engineering Laboratory. The SGRS system software controls turntable and detector system activities. In addition to determining the concentrations of gamma-ray-emitting radionuclides, this software also calculates attenuation-corrected isotopic mass ratios of-specific interest. This document describes the software design for the data acquisition and analysis software associated with the SGRS system.
National Aeronautics and Space Administration — Coherent Logix, Incorporated (CLX) proposes the development of a Software Defined Common Processing System (SDCPS) that leverages the inherent advantages of an...
Deets, Dwain A.; Lock, Wilton P.; Megna, Vincent A.
A new fault-tolerant system software concept employing the primary digital computers as host for the backup software portion has been implemented and flight tested in the F-8 digital fly-by-wire airplane. The system was implemented in such a way that essentially no transients occurred in transferring from primary to backup software. This was accomplished without a significant increase in the complexity of the backup software. The primary digital system was frame synchronized, which provided several advantages in implementing the resident backup software system. Since the time of the flight tests, two other flight vehicle programs have made a commitment to incorporate resident backup software similar in nature to the system described here.
This report documents the idiosyncrasies of the Tektronix PLOT 10 Terminal Control System level 3.3 software as it currently exists on the ORNL Fusion Energy Division DECsystem-10 computer. It is intended to serve as a reference for future Terminal Control System updates in order that continuity between releases of Terminal Control System PLOT 10 software may be maintained
... operating systems. 1194.21 Section 1194.21 Parks, Forests, and Public Property ARCHITECTURAL AND... Standards § 1194.21 Software applications and operating systems. (a) When software is designed to run on a... shall not disrupt or disable activated features of any operating system that are identified as...
This report documents the idiosyncrasies of the Tektronix PLOT 10 Terminal Control System level 3.3 software as it currently exists on the ORNL Fusion Energy Division DECsystem-10 computer. It is intended to serve as a reference for future Terminal Control System updates in order that continuity between releases of Terminal Control System PLOT 10 software may be maintained.
Sherwood, R.J.; Portnoff, M.R.; Journeay, C.H.; Twogood, R.E.
A versatile array processor-based system for general-purpose image processing was developed. At the heart of this system is an extensive, flexible software package that incorporates the array processor for effective interactive image processing. The software system is described in detail, and its application to a diverse set of applications at LLNL is briefly discussed. 4 figures, 1 table
Johnson, C. W.; Holloway, C. M.
Many software failures stem from inadequate requirements engineering. This view has been supported both by detailed accident investigations and by a number of empirical studies; however, such investigations can be misleading. It is often difficult to distinguish between failures in requirements engineering and problems elsewhere in the software development lifecycle. Further pitfalls arise from the assumption that inadequate requirements engineering is a cause of all software related accidents for which the system fails to meet its requirements. This paper identifies some of the problems that have arisen from an undue focus on the role of requirements engineering in the causes of major accidents. The intention is to provoke further debate within the emerging field of forensic software engineering.
Tordrup Heeager, Lise; Nielsen, Peter Axel
Safety-critical information systems are being used increasingly as we see applications in new areas such as personal medical devices, traffic control and detection of pathogens. A current research debate is whether safety-critical systems must be developed with traditional waterfall processes...
Kim, Bok Ryul; Oh, S. H.; Zhu, O. P.; Jeong, C. H.; Hwang, H. S.; Goo, C. S.; Chung, Y. H.
The project has provided the draft regulatory policies and guides regarding the quality assurance of software used to I and C systems important to safety in nuclear power plants, differentiated V and V activities by safety classes which are important elements in ensuring software quality assurance, and suggested V and V techniques to be applied, regulatory guides and checklists for reviewing software important to safety. The project introduced the classification concepts on software quality assurance. The I and C systems important to safety are classified into IC-1, IC-2, IC-3, and Non-IC as based on safety classifications. And the software used to these I and C systems are classified into 3 categories, say, safety-critical software, safety-related software, and non-safety software, in the light of safety importance of functions to be performed. Based upon these safety classifications, the extent of software V and V activities by each class has been differentiated each other. On the other hand, the project has divided software important to safety into newly-developed software and previously-developed software in terms of design and implementation, and provided the draft regulatory guides on each type of software, for instance, newly-developed software, previously-developed software, and software tools
Thirugnana Murthy, D.; Murali, N.; Sridevi, T.; Satya Murty, S.A.V.; Velusamy, K.
The demand for complex software systems has increased more rapidly than the ability to design, implement, test, and maintain them, and the reliability of software systems has become a major concern for our, modern society.Software failures have impaired several high visibility programs in space, telecommunications, defense and health industries. Besides the costs involved, it setback the projects. The ways of quantifying it and using it for improvement and control of the software development and maintenance process. This paper discusses need for systematic approaches for measuring and assuring software reliability which is a major share of project development resources. It covers the reliability models with the concern on 'Reliability Growth'. It includes data collection on reliability, statistical estimation and prediction, metrics and attributes of product architecture, design, software development, and the operational environment. Besides its use for operational decisions like deployment, it includes guiding software architecture, development, testing and verification and validation. (author)
Archer, Charles J; Blocksome, Michael A; Ratterman, Joseph D; Smith, Brian E
Compiling software for a hierarchical distributed processing system including providing to one or more compiling nodes software to be compiled, wherein at least a portion of the software to be compiled is to be executed by one or more nodes; compiling, by the compiling node, the software; maintaining, by the compiling node, any compiled software to be executed on the compiling node; selecting, by the compiling node, one or more nodes in a next tier of the hierarchy of the distributed processing system in dependence upon whether any compiled software is for the selected node or the selected node's descendents; sending to the selected node only the compiled software to be executed by the selected node or selected node's descendent.
Lee, Young-Jun; Cheon, Se-Woo; Cha, Kyung-Ho; Park, Gee-Yong; Kwon, Kee-Choon
The safety of a software is not guaranteed through a simple testing of the software. The testing reviews only the static functions of a software. The behavior, dynamic state of a software is not reviewed by a software testing. The Ariane5 rocket accident and the failure of the Virtual Case File Project are determined by a software fault. Although this software was tested thoroughly, the potential errors existed internally. There are a lot of methods to solve these problems. One of the methods is a formal methodology. It describes the software requirements as a formal specification during a software life cycle and verifies a specified design. This paper suggests the methods which verify the design to be described as a formal specification. We adapt these methods to the software of a ESF-CCS (Engineered Safety Features-Component Control System) and use the SCADE (Safety Critical Application Development Environment) tool for adopting the suggested verification methods
Bernardi, Simona; Petriu, Dorina C
In this book, the authors present cutting-edge model-driven techniques for modeling and analysis of software dependability. Most of them are based on the use of UML as software specification language. From the software system specification point of view, such techniques exploit the standard extension mechanisms of UML (i.e., UML profiling). UML profiles enable software engineers to add non-functional properties to the software model, in addition to the functional ones. The authors detail the state of the art on UML profile proposals for dependability specification and rigorously describe the t
A commercially available system for criticality monitoring combines the well established technology of digital radiation monitoring with state-of-the art detector systems capable of detecting criticality excursions of varying length and intensity with a high degree of confidence. The field microcomputer servicing the detector clusters contains hardware and software to acquire detector information in both the digital count rate and bit sensing modes supported by the criticality detectors. In both cases special criticality logic in the field microcomputer is used to determine the validity of the criticality event. The solid-state neutron detector consists of a 6 LiF wafer coupled to a diffused-junction charged particle detector. Alpha particles resulting from (n,α) interactions within the lithium wafer produce a pulsed signal corresponding to neutron intensity. Special detector circuitry causes the setting of a criticality bit recognizable by the microcomputer should neutron field intensities either exceed a hardware selectable frequency or saturate the detector resulting in a high current condition. These two modes of criticality sensing, in combination with the standard method of comparing an operator selectable alarm setpoint with the detector count rate, results in a criticality system capable of effective operation under the most demanding criticality monitoring conditions
Full Text Available The most popular configuration of the controlled laboratory test-rigs is the personalcomputer (PC equipped with the I/O board. The dedicated software components allowsto conduct a wide range of user-defined tasks. The typical configuration functionality canbe customized by PC hardware components and their programmable reconfiguration. Thenext step in the automatic control system design is the embedded solution. Usually, thedesign process of the embedded control system is supported by the high-level software. Thededicated programming tools support multitasking property of the microcontroller by selectionof different sampling frequencies of algorithm blocks. In this case the multi-layer andmultitasking control strategy can be realized on the chip. The proposed solutions implementrapid prototyping approach. The available toolkits and device drivers integrate system-leveldesign environment and the real-time application software, transferring the functionality ofMATLAB/Simulink programs to PCs or microcontrolers application environment.
Hogan, Carole B.
Today's high-end storage user is one that requires rapid access to a reliable terabyte-capacity storage system running in a distributed environment. This paper discusses conventional storage system software and concludes that this software, designed for other purposes, cannot meet high-end storage requirements. The paper also reviews the philosophy and design of evolving storage system software. It concludes that this new software, designed with high-end requirements in mind, provides the potential for solving not only the storage needs of today but those of the foreseeable future as well.
Parker, Steve; Mayner, Lidia; Michael Gillham, David
Background: Undergraduate nursing students are often confused by multiple understandings of critical thinking. In response to this situation, the Critiique for critical thinking (CCT) project was implemented to provide consistent structured guidance about critical thinking. Objectives: This paper introduces Critiique software, describes initial validation of the content of this critical thinking tool and explores wider applications of the Critiique software. Materials and Methods: Critiique is flexible, authorable software that guides students step-by-step through critical appraisal of research papers. The spelling of Critiique was deliberate, so as to acquire a unique web domain name and associated logo. The CCT project involved implementation of a modified nominal focus group process with academic staff working together to establish common understandings of critical thinking. Previous work established a consensus about critical thinking in nursing and provided a starting point for the focus groups. The study was conducted at an Australian university campus with the focus group guided by open ended questions. Results: Focus group data established categories of content that academic staff identified as important for teaching critical thinking. This emerging focus group data was then used to inform modification of Critiique software so that students had access to consistent and structured guidance in relation to critical thinking and critical appraisal. Conclusions: The project succeeded in using focus group data from academics to inform software development while at the same time retaining the benefits of broader philosophical dimensions of critical thinking. PMID:26835469
Parker, Steve; Mayner, Lidia; Michael Gillham, David
Undergraduate nursing students are often confused by multiple understandings of critical thinking. In response to this situation, the Critiique for critical thinking (CCT) project was implemented to provide consistent structured guidance about critical thinking. This paper introduces Critiique software, describes initial validation of the content of this critical thinking tool and explores wider applications of the Critiique software. Critiique is flexible, authorable software that guides students step-by-step through critical appraisal of research papers. The spelling of Critiique was deliberate, so as to acquire a unique web domain name and associated logo. The CCT project involved implementation of a modified nominal focus group process with academic staff working together to establish common understandings of critical thinking. Previous work established a consensus about critical thinking in nursing and provided a starting point for the focus groups. The study was conducted at an Australian university campus with the focus group guided by open ended questions. Focus group data established categories of content that academic staff identified as important for teaching critical thinking. This emerging focus group data was then used to inform modification of Critiique software so that students had access to consistent and structured guidance in relation to critical thinking and critical appraisal. The project succeeded in using focus group data from academics to inform software development while at the same time retaining the benefits of broader philosophical dimensions of critical thinking.
Cillan, T.F.; Hodgson, M.A.
This is the software user`s guide for the Training Requirements and Information Management System. This guide defines and describes the software operating procedures as they apply to the end user of the software program. This guide is intended as a reference tool for the user who already has an indepth knowledge of the Training Requirements and Information Management System functions and data reporting requirement.
Nagle, Gail; Alger, Linda; Kemp, Alexander
The purpose of this document is to provide the software requirements and specifications for the Input/Output Network Management Services for the Advanced Information Processing System. This introduction and overview section is provided to briefly outline the overall architecture and software requirements of the AIPS system before discussing the details of the design requirements and specifications of the AIPS I/O Network Management software. A brief overview of the AIPS architecture followed by a more detailed description of the network architecture.
Mohd Fitri Abdul Rahman; Jaafar Abdullah; Susan Maria Sipaun
Tank Floor Scanning System (TAFLOSS) is a portable nucleonic device based on the scattering and moderation phenomena of neutrons. TAFLOSS, which was developed by MINT, can precisely and non-destructively measure the gap and hydrogen content in the foundation of a gigantic industrial tank in a practical and cost-effective manner. In recording and analysing measured data, three different computer software were used. In analysing the initial data, a Disk Operating System (DOS) based software called MesTank 3.0 have been developed. The system also used commercial software such as Table Curve 2D and SURFER for graphics purposes. Table Curve 2D was used to plot and evaluate curve fitting, whereas SURFER software used to draw contours. It is not user friendly and time consuming to switch from a software to another software for different tasks of this system. Therefore, the main objective of the project is to develop new user-friendly software that combined the old and commercial software into a single package. The computer programming language that was used to develop the software is Microsoft Visual C++ ver. 6.0. The process of developing this software involved complex mathematical calculation, curve fitting and contour plot. This paper describes the initial development of a computer programme for analysing the initial data and plotting exponential curve fitting. (Author)
In this report we present an overview of reliability assessment for software and focus on some basic aspects of assessing reliability for safety critical systems by statistical random testing. We also discuss possible deviations from some essential assumptions on which the general methodology is based. These deviations appear quite likely in practical applications. We present and discuss possible remedies and adjustments and then undertake applying this methodology to a portion of the SDS1 software. We also indicate shortcomings of the methodology and possible avenues to address to follow to address these problems. (author). 128 refs., 11 tabs., 31 figs
Mills, S E [Carleton Univ., Ottawa, ON (Canada). Statistical Consulting Centre
In this report we present an overview of reliability assessment for software and focus on some basic aspects of assessing reliability for safety critical systems by statistical random testing. We also discuss possible deviations from some essential assumptions on which the general methodology is based. These deviations appear quite likely in practical applications. We present and discuss possible remedies and adjustments and then undertake applying this methodology to a portion of the SDS1 software. We also indicate shortcomings of the methodology and possible avenues to address to follow to address these problems. (author). 128 refs., 11 tabs., 31 figs.
Naito, Yoshitaka; Koyama, Takashi; Komuro, Yuichi
Critical enrichment and critical density of homogenous infinite systems, such as U-H 2 O, UO 2 -H 2 O, UO 2 F 2 aqueous solution, UO 2 (NO 3 ) 2 aqueous solution, Pu-H 2 O, PuO 2 -H 2 O, Pu(NO 3 ) 4 aqueous solution and PuO 2 ·UO 2 -H 2 O, were calculated with the criticality safety evaluation computer code system JACS for nuclear criticality safety evaluation on fuel facilities. The computed results were compared with the data described in European and American criticality handbooks and showed good agreement with each other. (author)
Schumann, Johann; Mengshoel, Ole J.; Darwiche, Adnan
This presentation presents status and results of research on Software Health Management done within the NRA "ISWHM: Tools and Techniques for Software and System Health Management." Topics include: Ingredients of a Guidance, Navigation, and Control System (GN and C); Selected GN and C Testbed example; Health Management of major ingredients; ISWHM testbed architecture; and Conclusions and next Steps.
Nakatao, Shirou; Iino, Mitsutoshi; Fukuda, Kazuhiko
VISTA-E50 has the advantages of high-quality imaging, fast scanning, high patient throughput and easy operation featured by AI (artificial intelligence) technologies, as well as merits of compact, light-weight, space- and energy-saving system. This paper presents system software and clinical application software of VISTA-E50, especially for each function and advantage. (author)
Vargas, Daniel Eduardo
ECS hardware: (1) Provides controlled purge to SLS Rocket and Orion spacecraft. (2) Provide mission-focused engineering products and services. ECS software: (1) NASA requires Compact Unique Identifiers (CUIs); fixed-length identifier used to identify information items. (2) CUI structure; composed of nine semantic fields that aid the user in recognizing its purpose.
On VAX/VMS, ADA compiler is integrated in a workshop of ACS software engineering which allows a coherent development by control of source and executable programs, by separation of applications in various levels of visibility and by management of existing links between different modules of a same application. (A.B.)
Demasie, M. P.; Muratore, J. F.
The authors discuss the introduction of advanced information systems technologies such as artificial intelligence, expert systems, and advanced human-computer interfaces directly into Space Shuttle software engineering. The reconfiguration automation project (RAP) was initiated to coordinate this move towards 1990s software technology. The idea behind RAP is to automate several phases of the flight software testing procedure and to introduce AI and ES into space shuttle flight software testing. In the first phase of RAP, conventional tools to automate regression testing have already been developed or acquired. There are currently three tools in use.
Full Text Available Agent-oriented techniques represent an exciting new means of analyzing, designing and building complex software systems. They have the potential to significantly improve current practice in software engineering and to extend the range of applications that can feasibly be tackled. Yet, to date, there have been few serious attempts to cast agent systems as a software engineering paradigm. This paper seeks to rectify this omission. Specifically, points to be argued include:firstly, the conceptual apparatus of agent-oriented systems is well-suited to building software solutions for complex systems and secondly, agent-oriented approaches represent a genuine advance over the current state of the art for engineering complex systems. Following on from this view, the major issues raised by adopting an agentoriented approach to software engineering are highlighted and discussed in this paper.
Embedded Aerospace Systems have to perform safety and mission critical operations in a real-time environment where timing and functional correctness are extremely important. Guidance, Navigation, and Control (GN&C) systems substantially rely on complex software interfacing with hardware in real-time; any faults in software or hardware, or their interaction could result in fatal consequences. Integrated Software Health Management (ISWHM) provides an approach for detection and diagnosis of software failures while the software is in operation. The ISWHM approach is based on probabilistic modeling of software and hardware sensors using a Bayesian network. To meet memory and timing constraints of real-time embedded execution, the Bayesian network is compiled into an Arithmetic Circuit, which is used for on-line monitoring. This type of system monitoring, using an ISWHM, provides automated reasoning capabilities that compute diagnoses in a timely manner when failures occur. This reasoning capability enables time-critical mitigating decisions and relieves the human agent from the time-consuming and arduous task of foraging through a multitude of isolated---and often contradictory---diagnosis data. For the purpose of demonstrating the relevance of ISWHM, modeling and reasoning is performed on a simple simulated aerospace system running on a real-time operating system emulator, the OSEK/Trampoline platform. Models for a small satellite and an F-16 fighter jet GN&C (Guidance, Navigation, and Control) system have been implemented. Analysis of the ISWHM is then performed by injecting faults and analyzing the ISWHM's diagnoses.
This book describes the challenges that critical infrastructure systems face, and presents state of the art solutions to address them. How can we design intelligent systems or intelligent agents that can make appropriate real-time decisions in the management of such large-scale, complex systems? What are the primary challenges for critical infrastructure systems? The book also provides readers with the relevant information to recognize how important infrastructures are, and their role in connection with a society’s economy, security and prosperity. It goes on to describe state-of-the-art solutions to address these points, including new methodologies and instrumentation tools (e.g. embedded software and intelligent algorithms) for transforming and optimizing target infrastructures. The book is the most comprehensive resource to date for professionals in both the private and public sectors, while also offering an essential guide for students and researchers in the areas of modeling and analysis of critical in...
Clinedinst, Winston C.; Debure, Kelly R.; Dickson, Richard W.; Heaphy, William J.; Parks, Mark A.; Slominski, Christopher J.; Wolverton, David A.
The Flight Management/Flight Controls (FM/FC) software for the Norden 2 (PDP-11/70M) computer installed on the NASA 737 aircraft is described. The software computes the navigation position estimates, guidance commands, those commands to be issued to the control surfaces to direct the aircraft in flight based on the modes selected on the Advanced Guidance Control System (AGSC) mode panel, and the flight path selected via the Navigation Control/Display Unit (NCDU).
Full Text Available Computer games became an inseparable part of everyday life in modern society and the time people spend playing them every day is increasing. This trend caused a noticeable research activity focused on utilizing the time spent playing in a meaningful way, for example to help solving scientific problems or tasks related to computer systems development. In this paper we present one contribution to this activity, a software system consisting of a modified version of the Open Rails train simulator and an application called TS2JavaConn, which allows to use separately developed software controllers with the simulator. The system is intended for validation of controllers developed by formal methods. The paper describes the overall architecture of the system and operation of its components. It also compares the system with other approaches to purposeful utilization of computer games, specifies suitable formal methods and illustrates its intended use on an example.
Song Chenxin; Deng Changming; Cheng Chang; Ren Yi; Meng Dan; Liu Yun
This paper main introduction the system structure, software architecture, design ideas of the area γ radiation monitoring system. Detailed introduction some programming technology about the computer communication with the local display unit. (authors)
Song Chenxin; Deng Changming; Cheng Chang; Ren Yi; Meng Dan; Liu Yun
This paper main introduction the system structure, software architecture, design ideas of the area γ radiation monitoring system. Detailed introduction some programming technology about the computer communication with the local display unit. (authors)
Du Li; Ke Yun
Designing and developing a set of food nutrition component statistical analysis software can realize the automation of nutrition calculation, improve the nutrition processional professional’s working efficiency and achieve the informatization of the nutrition propaganda and education. In the software development process, the software engineering method and database technology are used to calculate the human daily nutritional intake and the intelligent system is used to evaluate the user’s hea...
recommended. Ten averages may be sufficient for some wave studies . 22.214.171.124 (U) The TYPE OF WEIGHTING WINDOW is selected according to the characteristics...and FIFF1T), the AP s ource code assembler (APAL), the AP Simulator ( APSIM ), and the AP software Debug program (IIWDBUG). UNCLASSIFiED...PROCESSING. Thia is a moderately complex pro gram uhich utilizes the AP-120B array processor. For detailed descrip- "tion of the process, study of the
Sohn, Se Do; Hyun Seong, Poong
Using predeveloped software, a digital safety system is designed that meets the quality standards of a safety system. To demonstrate the quality, the design process and operating history of the product are reviewed along with configuration management practices. The application software of the safety system is developed in accordance with the planned life cycle. Testing, which is a major phase that takes a significant time in the overall life cycle, can be optimized if the testability of the software can be evaluated. The proposed testability measure of the software is based on the entropy of the importance of basic statements and the failure probability from a software fault tree. To calculate testability, a fault tree is used in the analysis of a source code. With a quantitative measure of testability, testing can be optimized. The proposed testability can also be used to demonstrate whether the test cases based on uniform partitions, such as branch coverage criteria, result in homogeneous partitions that is known to be more effective than random testing. In this paper, the testability measure is calculated for the modules of a nuclear power plant's safety software. The module testing with branch coverage criteria required fewer test cases if the module has higher testability. The result shows that the testability measure can be used to evaluate whether partitions have homogeneous characteristics
Burgess, D.C.; Mahjouri, F.S.
The largest percentage of technical effort in the software development process is accounted for debugging and testing. It is not unusual for a software development organization to spend over 50% of the total project effort on testing. In the extreme, testing of human-rated software (e.g., nuclear reactor monitoring, training simulator) can cost three to five times as much as all other software engineering steps combined. The Simulation Software Support (S 3 ) System, developed by the Link-Miles Simulation Corporation is ideally suited for real-time simulation applications which involve a large database with models programmed in FORTRAN. This paper will focus on testing elements of the S 3 system. In this paper system support software utilities are provided which enable the loading and execution of modules in the development environment. These elements include the Linking/Loader (LLD) for dynamically linking program modules and loading them into memory and the interactive executive (IEXEC) for controlling the execution of the modules. Features of the Interactive Symbolic Debugger (SD) and the Real Time Executive (RTEXEC) to support the unit and integrated testing will be explored
Planning the development, use and regulation of computer systems in nuclear reactor protection systems in such a way as to enhance reliability and safety is a complex issue. This report is one of a series of reports from the Computer Safety and Reliability Group, Lawrence Livermore that investigates different aspects of computer software in reactor National Laboratory, that investigates different aspects of computer software in reactor protection systems. There are two central themes in the report, First, software considerations cannot be fully understood in isolation from computer hardware and application considerations. Second, the process of engineering reliability and safety into a computer system requires activities to be carried out throughout the software life cycle. The report discusses the many activities that can be carried out during the software life cycle to improve the safety and reliability of the resulting product. The viewpoint is primarily that of the assessor, or auditor
Lawrence, J.D. [Lawrence Livermore National Lab., CA (United States)
Planning the development, use and regulation of computer systems in nuclear reactor protection systems in such a way as to enhance reliability and safety is a complex issue. This report is one of a series of reports from the Computer Safety and Reliability Group, Lawrence Livermore that investigates different aspects of computer software in reactor National Laboratory, that investigates different aspects of computer software in reactor protection systems. There are two central themes in the report, First, software considerations cannot be fully understood in isolation from computer hardware and application considerations. Second, the process of engineering reliability and safety into a computer system requires activities to be carried out throughout the software life cycle. The report discusses the many activities that can be carried out during the software life cycle to improve the safety and reliability of the resulting product. The viewpoint is primarily that of the assessor, or auditor.
Booth, A. (Superconducting Super Collider Lab., Dallas, TX (United States)); Black, D.; Walsh, D. (Fermi National Accelerator Lab., Batavia, IL (United States))
We report on the software aspects of the development of a switch-based data acquisition system at Fermilab. This paper describes how, with the goal of providing an integrated systems engineering'' environment, several powerful software tools were put in place to facilitate extensive exploration of all aspects of the design. These tools include a simulation package, graphics package and an Expert System shell which have been integrated to provide an environment which encourages the close interaction of hardware and software engineers. This paper includes a description of the simulation, user interface, embedded software, remote procedure calls, and diagnostic software which together have enabled us to provide real-time control and monitoring of a working prototype switch-based data acquisition (DAQ) system.
Garrett, C. J.; Guarro, S. B.; Apostolakis, G. E.
A Dynamic Flowgraph Methodology (DFM) based on an integrated approach to modeling and analyzing the behavior of software-driven embedded systems for assessing and verifying reliability and safety is discussed. DFM is based on an extension of the Logic Flowgraph Methodology to incorporate state transition models. System models which express the logic of the system in terms of causal relationships between physical variables and temporal characteristics of software modules are analyzed to determine how a certain state can be reached. This is done by developing timed fault trees which take the form of logical combinations of static trees relating the system parameters at different point in time. The resulting information concerning the hardware and software states can be used to eliminate unsafe execution paths and identify testing criteria for safety critical software functions.
The technological advances of the last twenty years together with the dramatic increase in computational power have injected new life into systems-level thinking in Medicine. This review emphasizes the close relationship of Systems Pathology to Systems Biology and delineates the differences between Systems Pathology and Clinical Systems Pathology. It also suggests an algorithm to support the application of systems-level thinking to clinical research, proposes applying systems-level thinking to the health care systems and forecasts an acceleration of preventive medicine as a result of the coupling of personal genomics with systems pathology. Copyright © 2011 Federation of European Biochemical Societies. Published by Elsevier B.V. All rights reserved.
Kittell, R.S.; Helland, J.A.
A modular software system used to control extensive hardware is described. The development, operation, and experience with this software are discussed. Included are the methods employed to implement this system while taking advantage of the Real-Time features of RSX-11D. Comparisons are made between this system and an earlier nonmodular system. The controlled hardware includes magnet power supplies, stepping motors, DVM's, and multiplexors, and is interfaced through CAMAC. 4 figures
Full Text Available The objective of this paper is to present a software system architecture developed to render the printed documents in a vocal form. On the other hand, in the paper are described the software solutions that exist as software components and are necessary for documents processing as well as for multimedia device controlling used by the system. The usefulness of this system is for people with visual disabilities that can access the contents of documents without that they be printed in Braille system or to exist in an audio form.
KELLY,SUZANNE M.; MYRE,JOHN W.; PRICE,MARK H.; RUSSELL,ERIC D.; SCOTT,DAN W.
The Transportation Surety Center, 6300, has been conducting continuing research into and development of information systems for the Configurable Transportation Security and Information Management System (CTSS) project, an Object-Oriented Framework approach that uses Component-Based Software Development to facilitate rapid deployment of new systems while improving software cost containment, development reliability, compatibility, and extensibility. The direction has been to develop a Fleet Management System (FMS) framework using object-oriented technology. The goal for the current development is to provide a software and hardware environment that will demonstrate and support object-oriented development commonly in the FMS Central Command Center and Vehicle domains.
Intelligent Transportation Systems (ITS) standards are industry-consensus standards that provide the details about how different systems interconnect and communicate information to deliver the ITS user services described in the National ITS Architect...
Hospital information systems (HISs) are becoming more important and covering more parts in daily hospital operations as order-entry systems become popular and electronic charts are introduced. Thus, HISs today need to be able to provide necessary services for hospital operations for a 24-h day, 365 days a year. The provision of services discussed here does not simply mean the availability of computers, in which all that matters is that the computer is functioning. It means the provision of necessary information for hospital operations by the computer software, and we will call it the availability of software services. HISs these days are mostly client-server systems. To increase availability of software services in these systems, it is not enough to just use system structures that are highly reliable in existing host-centred systems. Four main components which support availability of software services are network systems, client computers, server computers, and application software. In this paper, we suggest how to structure these four components to provide the minimum requested software services even if a part of the system stops to function. The network system should be double-protected in stratus using Asynchronous Transfer Mode (ATM) as its base network. Client computers should be fat clients with as much application logic as possible, and reference information which do not require frequent updates (master files, for example) should be replicated in clients. It would be best if all server computers could be double-protected. However, if that is physically impossible, one database file should be made accessible by several server computers. Still, at least the basic patients' information and the latest clinical records should be double-protected physically. Application software should be tested carefully before introduction. Different versions of the application software should always be kept and managed in case the new version has problems. If a hospital
Bush, Marilyn W.
The findings are reported of the Jet Propulsion Laboratory (JPL)/Software Product Assurance (SPA) Metrics Study, conducted as part of a larger JPL effort to improve software quality and productivity. Until recently, no comprehensive data had been assembled on how JPL manages and develops software-intensive systems. The first objective was to collect data on software development from as many projects and for as many years as possible. Results from five projects are discussed. These results reflect 15 years of JPL software development, representing over 100 data points (systems and subsystems), over a third of a billion dollars, over four million lines of code and 28,000 person months. Analysis of this data provides a benchmark for gauging the effectiveness of past, present and future software development work. In addition, the study is meant to encourage projects to record existing metrics data and to gather future data. The SPA long term goal is to integrate the collection of historical data and ongoing project data with future project estimations.
Capilla, Rafael; Kang, Kyo-Chul
The success of product line engineering techniques in the last 15 years has popularized the use of software variability as a key modeling approach for describing the commonality and variability of systems at all stages of the software lifecycle. Software product lines enable a family of products to share a common core platform, while allowing for product specific functionality being built on top of the platform. Many companies have exploited the concept of software product lines to increase the resources that focus on highly differentiating functionality and thus improve their competitiveness
Akerbaek, T.; Louka, M.
This document describes the Software Bus System, developed for object-oriented task to task communication in a TCP/IP based network. The Software Bus is a set of library functions, developed to be used for the Picasso-3 UIMS, and as a general purpose tool for dynamically interfacing programs at run-time. The Software Bus offers a high level object-oriented data exchange mechanism that relieves the application programmer of the low level TCP/IP-programming and communication protocol handling. The Software Bus is currently available under several UNIX platforms and a version for Windows NT is planned for late 1996. (author)
The Philadelphia Electric Company has contracted with Energy Data Systems to develop a Critical Equipment Monitoring System for its Peach Bottom Nuclear Plant. This computerized system is designed to acquire and maintain accurate and timely status information on plant equipment. It will provide auditable record of plant and equipment transactions. Positive equipment identification and location will be provided. Errors in complex logical checking will be minimized. This system should reduce operator loading and improve operator communicatin with the plant personnel. Phase I of this system was installed at Peach Bottom Nuclear Station May 1982. It provides the necessary hardware and software to do check-off lists on critical plant systems. This paper describes some of the start-up and operational problems encountered
Ryan, J. P.; Hodges, B. C.
Within the field of computer software, simulation and verification are complementary processes. Simulation methods can be used to verify software by performing variable range analysis. More general verification procedures, such as those described in this paper, can be implicitly, viewed as attempts at modeling the end-product software. From software requirement methodology, each component of the verification system has some element of simulation to it. Conversely, general verification procedures can be used to analyze simulation software. A dynamic analyzer is described which can be used to obtain properly scaled variables for an analog simulation, which is first digitally simulated. In a similar way, it is thought that the other system components and indeed the whole system itself have the potential of being effectively used in a simulation environment.
Alminde, Lars; Bendtsen, Jan Dimon; Laursen, Karl Kaas
This paper concerns the software architecture called Sophy, which is an abbreviation for Simulation, Observation, and Planning in HYbrid systems. We present a framework that allows execution of hybrid dynamical systems in an on-line distributed computing environment, which includes interaction...... with both hardware and on-board software. Some of the key issues addressed by the framework are automatic translation of mathematical specifications of hybrid systems into executable software entities, management of execution of coupled models in a parallel distributed environment, as well as interaction...... with external components, hardware and/or software, through generic interfaces. Sophy is primarily intended as a tool for development of model based reusable software for the control and autonomous functions of satellites and/or satellite clusters....
Al-Jaroodi, Jameela; Mohamed, Nader; Jawhar, Imad
step; however, designing and implementing the right software to integrate and use them effectively is essential. The software facilitates better interfaces, more control and adds smart services, high flexibility and many other added values and features to the CPS. However, software development for CPS......Cyber-Physical Systems (CPS) provide many smart features for enhancing physical processes. These systems are designed with a set of distributed hardware, software, and network components that are embedded in physical systems and environments or attached to humans. Together they function seamlessly...... to offer specific functionalities or features that help enhance human lives, operations or environments. While different CPS components play important roles in a successful CPS development, the software plays the most important role among them. Acquiring and using high quality CPS components is the first...
Seong, Ah Young; Choi, Bong Joo; Lee, Na Young; Hwang, Il Soon
It is necessary to assure the reliability of software in order to digitalize RPS(Reactor Protection System). Since RPS causes fatal damage on accidental cases, it is classified as Safety 1E class. Therefore we propose the effective testing methodology to assure the reliability of embedded software in the DPPS(Digital Plant Protection System). To test the embedded software effectively in DPPS, our methodology consists of two steps. The first is the re-engineering step that extracts classes from structural source program, and the second is the level of testing step which is composed of unit testing, Integration Testing and System Testing. On each testing step we test the embedded software with selected test cases after the test item identification step. If we use this testing methodology, we can test the embedded software effectively by reducing the cost and the time
... NUCLEAR REGULATORY COMMISSION [NRC-2012-0195] Software Unit Testing for Digital Computer Software... revised regulatory guide (RG), revision 1 of RG 1.171, ``Software Unit Testing for Digital Computer Software Used in Safety Systems of Nuclear Power Plants.'' This RG endorses American National Standards...
... NUCLEAR REGULATORY COMMISSION [NRC-2012-0195] Software Unit Testing for Digital Computer Software...) is issuing for public comment draft regulatory guide (DG), DG-1208, ``Software Unit Testing for Digital Computer Software used in Safety Systems of Nuclear Power Plants.'' The DG-1208 is proposed...
Pau, L.; Negret, J. M.
A description is given of a knowledge-based system called SOFTM, serving the following purposes: (1) assisting a software programmer or analyst in his application code maintenance tasks, (2) generating and updating automatically software correction documentation, (3) helping the end user register......, and on interfacing capabilities of Prolog II to a variety of other languages...
Tanaka, T; Nagao, T; Takahashi, K [Central Research Inst. of Electric Power Industry, Tokyo (Japan)
This paper presents Central Research Inst.of Electric Power Industry - CRIEPI`s - own developed three softwares for bulk power network analysis and the user support system which arranges tremendous data necessary for these softwares with easy and high reliability. (author) 3 refs., 7 figs., 2 tabs.
Lipinski, P.; Isajenko, K.
The article describes the software for the management of early warning system based on ASS-500 station. The software can communicate with the central computer using TCP/IP protocol. This allows remote control of the station through modem or local area network connection. The article describes Windows based user interface of the program
Broenink, Johannes F.; Hilderink, G.H.; Bakkers, André; Bradshaw, Alan; Counsell, John
The method and software tool presented here, aims at supporting the development of control software for mechatronic systems. Heterogeneous distributed embedded processors are considered as target hardware. Principles of the method are that the implementation process is a stepwise refinement from
Weidert, R.S., Westinghouse Hanford
The Automated Transportation Management System (ATMS) Software Project Management plan (SPMP) is the lead planning document governing the life cycle of the ATMS and its integration into the Transportation Information Network (TIN). This SPMP defines the project tasks, deliverables, and high level schedules involved in developing the client/server ATMS software.
Sholander, Peter E.; Darby, John L.; Phelan, James M.; Smith, Bryan; Wyss, Gregory Dane; Walter, Andrew; Varnado, G. Bruce; Depoy, Jennifer Mae
Assessing the risk of malevolent attacks against large-scale critical infrastructures requires modifications to existing methodologies that separately consider physical security and cyber security. This research has developed a risk assessment methodology that explicitly accounts for both physical and cyber security, while preserving the traditional security paradigm of detect, delay, and respond. This methodology also accounts for the condition that a facility may be able to recover from or mitigate the impact of a successful attack before serious consequences occur. The methodology uses evidence-based techniques (which are a generalization of probability theory) to evaluate the security posture of the cyber protection systems. Cyber threats are compared against cyber security posture using a category-based approach nested within a path-based analysis to determine the most vulnerable cyber attack path. The methodology summarizes the impact of a blended cyber/physical adversary attack in a conditional risk estimate where the consequence term is scaled by a ''willingness to pay'' avoidance approach.
Schoeberl, Martin; Dalsgaard, Andreas Engelbredt; Hansen, René Rydhof
This paper presents the motivation for and outcomes of an engineering research project on certifiable Javafor embedded systems. The project supports the upcoming standard for safety-critical Java, which defines asubset of Java and libraries aiming for development of high criticality systems....... The outcome of this projectinclude prototype safety-critical Java implementations, a time-predictable Java processor, analysis tools formemory safety, and example applications to explore the usability of safety-critical Java for this applicationarea. The text summarizes developments and key contributions...
Eom, Heung-seop; Park, Gee-yong; Jang, Seung-cheol; Son, Han Seong; Kang, Hyun Gook
Highlights: ► A software fault estimation model based on Bayesian Nets and V and V. ► Use of quantified data derived from qualitative V and V results. ► Faults insertion and elimination process was modeled in the context of probability. ► Systematically estimates the expected number of remaining faults. -- Abstract: Quantitative software reliability measurement approaches have some limitations in demonstrating the proper level of reliability in cases of safety–critical software. One of the more promising alternatives is the use of software development quality information. Particularly in the nuclear industry, regulatory bodies in most countries use both probabilistic and deterministic measures for ensuring the reliability of safety-grade digital computers in NPPs. The point of deterministic criteria is to assess the whole development process and its related activities during the software development life cycle for the acceptance of safety–critical software. In addition software Verification and Validation (V and V) play an important role in this process. In this light, we propose a V and V-based fault estimation method using Bayesian Nets to estimate the remaining faults for safety–critical software after the software development life cycle is completed. By modeling the fault insertion and elimination processes during the whole development phases, the proposed method systematically estimates the expected number of remaining faults.
Koponen, B.L.; Hampel, V.E.
The NCIS is one of the developments carried out to meet the requirements in the field of criticality safety information. Its primary goal is to enhance nuclear criticality safety by dissemination of data, standards, and training material. This paper presents the ''NCIS'' progess since 1950: computer-searching, database management, nuclear critical experiments bibliography. American Nuclear Society transactions criticality safety publications compilation, edition of a personnel directory representing over 140 organizations located in 16 countries and showing a wide range of specialists involved in the field of nuclear criticality safety. The NCIS uses the information management and communication resources of TIS (Technology Information System): automated access procedures; creation of program-dependent information systems; communications. The NCIS is still in a growing, formative stage; it has concentrated first on collecting and organizing the nuclear criticality literature; nuclear critical data, calculational tools, standards, and training materials will follow. Finally the planned and contemplated resources are dealt with: expansion of bibliographic compilations; news database; fundamental criticality safety reference; criticality benchmarck database; user community; training resources; related resources; criticality accident database; dynamic databook; dynamic textbook; expert knowledge system; and, extraction of intelligence
General characteristics of distributed control system software tools are examined from the perspective of ion source control system requirements. Emphasis is placed on strategies for building extensible, distributed systems in which the ion source element is one component of a larger system. Vsystem, a commercial software tool kit from Vista Control Systems was utilized extensively in the control system upgrade of the Holifield Radioactive Ion Beam Facility. Part of the control system is described and the characteristics of Vsystem are examined and compared with those of EPICS, the Experimental Physics and Industrial Control System
Jørgensen, A.; Izadi-Zamanabadi, Roozbeh; Kristensen, M.
In this paper we present a prototype software tool that is developed to analyse the structural model of automated systems in order to identify redundant information that is hence utilized for Fault detection and Isolation (FDI) purposes. The dedicated algorithms in this software tool use a tri......-partite graph that represents the structural model of the system. A component-based approach has been used to address issues such as system complexity and recon¯gurability possibilities....
Jørgensen, A.; Izadi-Zamanabadi, Roozbeh; Kristensen, M.
In this paper we present a prototype software tool that is developed to analyse the structural model of automated systems in order to identify redundant information that is hence utilized for Fault detection and Isolation (FDI) purposes. The dedicated algorithms in this software tool use a tri......-partite graph that represents the structural model of the system. A component-based approach has been used to address issues such as system complexity and reconfigurability possibilities....
El-Hadary, Hassan; El-Kassas, Sherif
Security is often an afterthought during software development. Realizing security early, especially in the requirement phase, is important so that security problems can be tackled early enough before going further in the process and avoid rework. A more effective approach for security requirement engineering is needed to provide a more systematic way for eliciting adequate security requirements. This paper proposes a methodology for security requirement elicitation based on problem frames. The methodology aims at early integration of security with software development. The main goal of the methodology is to assist developers elicit adequate security requirements in a more systematic way during the requirement engineering process. A security catalog, based on the problem frames, is constructed in order to help identifying security requirements with the aid of previous security knowledge. Abuse frames are used to model threats while security problem frames are used to model security requirements. We have made use of evaluation criteria to evaluate the resulting security requirements concentrating on conflicts identification among requirements. We have shown that more complete security requirements can be elicited by such methodology in addition to the assistance offered to developers to elicit security requirements in a more systematic way.
Full Text Available Security is often an afterthought during software development. Realizing security early, especially in the requirement phase, is important so that security problems can be tackled early enough before going further in the process and avoid rework. A more effective approach for security requirement engineering is needed to provide a more systematic way for eliciting adequate security requirements. This paper proposes a methodology for security requirement elicitation based on problem frames. The methodology aims at early integration of security with software development. The main goal of the methodology is to assist developers elicit adequate security requirements in a more systematic way during the requirement engineering process. A security catalog, based on the problem frames, is constructed in order to help identifying security requirements with the aid of previous security knowledge. Abuse frames are used to model threats while security problem frames are used to model security requirements. We have made use of evaluation criteria to evaluate the resulting security requirements concentrating on conflicts identification among requirements. We have shown that more complete security requirements can be elicited by such methodology in addition to the assistance offered to developers to elicit security requirements in a more systematic way.
Mahlin, Jonathan Nicholas
There is an immense challenge in organizing personnel across a large agency such as NASA, or even over a subset of that, like a center's Engineering directorate. Workforce inefficiencies and challenges are bound to grow over time without oversight and management. It is also not always possible to hire new employees to fill workforce gaps, therefore available resources must be utilized more efficiently. The goal of this internship was to develop software that improves organizational efficiency by aiding managers, making employee information viewable and editable in an intuitive manner. This semester I created an application for managers that aids in optimizing allocation of employee resources for a single division with the possibility of scaling upwards. My duties this semester consisted of developing frontend and backend software to complete this task. The application provides user-friendly information displays and documentation of the workforce to allow NASA to track diligently track the status and skills of its workforce. This tool should be able to prove that current employees are being effectively utilized and if new hires are necessary to fulfill skill gaps.
El-Hadary, Hassan; El-Kassas, Sherif
Security is often an afterthought during software development. Realizing security early, especially in the requirement phase, is important so that security problems can be tackled early enough before going further in the process and avoid rework. A more effective approach for security requirement engineering is needed to provide a more systematic way for eliciting adequate security requirements. This paper proposes a methodology for security requirement elicitation based on problem frames. The methodology aims at early integration of security with software development. The main goal of the methodology is to assist developers elicit adequate security requirements in a more systematic way during the requirement engineering process. A security catalog, based on the problem frames, is constructed in order to help identifying security requirements with the aid of previous security knowledge. Abuse frames are used to model threats while security problem frames are used to model security requirements. We have made use of evaluation criteria to evaluate the resulting security requirements concentrating on conflicts identification among requirements. We have shown that more complete security requirements can be elicited by such methodology in addition to the assistance offered to developers to elicit security requirements in a more systematic way. PMID:25685514
Christensen, Henrik Bærbak
In this paper, we outline an on-going project of designing distributed embedded systems for closed-loop process control. The project is a joint effort between software architecture researchers and developers from two companies that produce commercial embedded process control systems. The project...... has a strong emphasis on software architectural issues and terminology in order to envision, design and analyze design alternatives. We present two results. First, we outline how focusing on software architecture, architectural issues and qualities are beneficial in designing distributed, embedded......, systems. Second, we present two different architectures for closed-loop process control and discuss benefits and reliabilities....
Kulas, M.; Barl, L.; Borelli, J. L.; Gässler, W.; Rabien, S.
The ARGOS project (Advanced Rayleigh guided Ground layer adaptive Optics System) will upgrade the Large Binocular Telescope (LBT) with an AO System consisting of six Rayleigh laser guide stars. This adaptive optics system integrates several control loops and many different components like lasers, calibration swing arms and slope computers that are dispersed throughout the telescope. The purpose of the instrument control software (ICS) is running this AO system and providing convenient client interfaces to the instruments and the control loops. The challenges for the ARGOS ICS are the development of a distributed and safety-critical software system with no defects in a short time, the creation of huge and complex software programs with a maintainable code base, the delivery of software components with the desired functionality and the support of geographically distributed project partners. To tackle these difficult tasks, the ARGOS software engineers reuse existing software like the novel middleware from LINC-NIRVANA, an instrument for the LBT, provide many tests at different functional levels like unit tests and regression tests, agree about code and architecture style and deliver software incrementally while closely collaborating with the project partners. Many ARGOS ICS components are already successfully in use in the laboratories for testing ARGOS control loops.
Full Text Available Safety-critical systems are well documented and standardized (e.g. IEC 61508, RTCA DO-178B within system design cycles. However in Defence and Security, systems that are critical to the success of a Mission are not defined within the literature nor are there any guidelines in defining criticality in their design or operational capabilities. When it comes to Vetronics (Vehicle Electronics, a mission-critical system, is a system with much complexity and mixed criticality levels that is a part of the overall platform (military vehicle offering integrated system capabilities. In this paper, a framework is presented, providing guidelines in designing efficiently and effectively mission-critical systems considering principles of Interoperable Open Architectures (IOA, mission-critical integrity levels and following new standardization activities such as NATO Generic Vehicle Architecture (NGVA. A Defensive Aid Suite (DAS system is used as a case study to illustrate how this framework can be exploited. The indention of this extension is to provide an approach to precisely estimate threats in order to de-risk missions in the very early stages.
This Computer Software Design Description (CSDD) document provides the overview of the software design for all the software that is part of the integrated control and data acquisition system of the Light Duty Utility Arm System (LDUA). It describes the major software components and how they interface. It also references the documents that contain the detailed design description of the components
Full Text Available Abstract Background Research in the field of systems biology requires software for a variety of purposes. Software must be used to store, retrieve, analyze, and sometimes even to collect the data obtained from system-level (often high-throughput experiments. Software must also be used to implement mathematical models and algorithms required for simulation and theoretical predictions on the system-level. Results We introduce a free, easy-to-use, open-source, integrated software platform called the Systems Biology Research Tool (SBRT to facilitate the computational aspects of systems biology. The SBRT currently performs 35 methods for analyzing stoichiometric networks and 16 methods from fields such as graph theory, geometry, algebra, and combinatorics. New computational techniques can be added to the SBRT via process plug-ins, providing a high degree of evolvability and a unifying framework for software development in systems biology. Conclusion The Systems Biology Research Tool represents a technological advance for systems biology. This software can be used to make sophisticated computational techniques accessible to everyone (including those with no programming ability, to facilitate cooperation among researchers, and to expedite progress in the field of systems biology.
This book introduces Software Thermal Management (STM) as a means of reducing power consumption in a computing system, in order to manage heat, improve component reliability, and increase system safety. Readers will benefit from this pragmatic guide to the field of STM for embedded systems and its catalog of software power management techniques. Since thermal management is a key bottleneck in embedded systems design, this book focuses on power as the root cause of heat. Since software has an enormous impact on power consumption in an embedded system, this book guides readers to manage heat effectively by understanding, categorizing, and developing new ways to reduce dynamic power. Whereas most books on thermal management describe mechanisms to remove heat, this book focuses on ways to avoid generating heat in the first place. • Explains fundamentals of software thermal management, application techniques and advanced optimization strategies; • Describes a novel method for managing dynamic power, e...
Smith, D.E.; Seeman, S.E.
An on-line, automated reasoning software system for verifying the actions of other software or human control systems has been developed. It was demonstrated by verifying the actions of an automated procedure generation system. The verifier uses an interactive theorem prover as its inference engine with the rules included as logic axioms. Operation of the verifier is generally transparent except when the verifier disagrees with the actions of the monitored software. Testing with an automated procedure generation system demonstrates the successful application of automated reasoning software for verification of logical actions in a diverse, redundant manner. A higher degree of confidence may be placed in the verified actions gathered by the combined system
Elmont, T.H.; Langner, Diana C.; MacArthur, D.W.; Mayo, D.R.; Smith, M.K.; Modenov, A.
This report describes the software development for the plutonium attribute verification system - AVNG. A brief synopsis of the technical solution for the measurement system is presented. The main tasks for the software development that is underway are formulated. The development tasks are shown in software structural flowcharts, measurement system state diagram and a description of the software. The current status of the AVNG software development is elucidated.
Mejuev, I; Kadokura, E
Tailoring is further evolution of an application after deployment in order to adapt it to requirements that were not accounted for in the original design. End-user customization has been extensively researched in applied computer science from HCI and software engineering perspectives. Customization allows coping with flexibility requirements, decreasing maintenance and development costs of software products. In general, dynamic or diverse software requirements constitute the need for implementing end-user customization in computer systems. In accelerator physics research the factor of dynamic requirements is especially important, due to frequent software and hardware modifications resulting in correspondingly high upgrade and maintenance costs. We introduce the results of feasibility study on implementing end-user tailorability in the software for accelerator control system, considering the design and implementation of a distributed monitoring application for the 12 GeV KEK Proton Synchrotron as an example. T...
This conference deals with computer systems which control systems whose failure to operate correctly could produce the loss of life and or property, mission and safety critical systems. Topics covered are: the work of standards groups, computer systems design and architecture, software reliability, process control systems, knowledge based expert systems, and computer and telecommunication protocols.
Edward A. Shanken
Full Text Available In the mid-1960s, Marshall McLuhan prophesied that electronic media were creating an increasingly interconnected global village. Such pronouncements popularized the idea that the era of machine-age technology was drawing to a close, ushering in a new era of information technology. This shift finds parallels in a wave of major art performances and exhibitions between 1966-1970, including nine evenings: theatre and engineering at the New York Armory, spearheaded by Robert Rauschenberg, Billy Klüver, and Robert Whitman in 1966; The Machine: As Seen at the End of the Mechanical Age, curated by Pontus Hultén at the Museum of Modern Art in New York (MOMA in 1968; Cybernetic Serendipity, curated by Jasia Reichardt at the Institute of Contemporary Art in London in 1968; and Software, Information Technology: Its New Meaning for Art, curated by Jack Burnham at the Jewish Museum in New York.
Drager, K.H.; Brokke, I.
MEMbrain is the name of the EUREKA project EU904. MEM is an abbreviation for Major Emergency Management and brain refers to computer technology. MEMbrain is a strategic European project - the consortium includes partners from six countries, covering the European continent from North to South (Finland, Norway, Denmark, France, Portugal and Greece). The strategy for the project has been to develop a dynamic decision support tool based on: information, prediction, communication, on-line training. The project's results has resulted in a set of knowledge-based software tools supporting MEM activities e.g.; public protection management, man to man communication management, environment information management, resource management, as well as an implementation of an architecture to integrate such tools. (R.P.)
Petersen, K. L.; Flores, C., Jr.
A comprehensive software control and system configuration management process for flight-crucial digital control systems of advanced aircraft has been developed and refined to insure efficient flight system development and safe flight operations. Because of the highly complex interactions among the hardware, software, and system elements of state-of-the-art digital flight control system designs, a systems-wide approach to configuration control and management has been used. Specific procedures are implemented to govern discrepancy reporting and reconciliation, software and hardware change control, systems verification and validation testing, and formal documentation requirements. An active and knowledgeable configuration control board reviews and approves all flight system configuration modifications and revalidation tests. This flexible process has proved effective during the development and flight testing of several research aircraft and remotely piloted research vehicles with digital flight control systems that ranged from relatively simple to highly complex, integrated mechanizations.
Refael, G; Moore, J E
We review studies of entanglement entropy in systems with quenched randomness, concentrating on universal behavior at strongly random quantum critical points. The disorder-averaged entanglement entropy provides insight into the quantum criticality of these systems and an understanding of their relationship to non-random ('pure') quantum criticality. The entanglement near many such critical points in one dimension shows a logarithmic divergence in subsystem size, similar to that in the pure case but with a different universal coefficient. Such universal coefficients are examples of universal critical amplitudes in a random system. Possible measurements are reviewed along with the one-particle entanglement scaling at certain Anderson localization transitions. We also comment briefly on higher dimensions and challenges for the future.
Duke, Eugene L.
Report discusses approach to verification and validation of knowledge-based systems. Also known as "expert systems". Concerned mainly with development of methodologies for verification of knowledge-based systems critical to flight-research systems; e.g., fault-tolerant control systems for advanced aircraft. Subject matter also has relevance to knowledge-based systems controlling medical life-support equipment or commuter railroad systems.
Even if todays nuclear power plants have a very good safety record, there is a continuous search for still improving safety. One direction of this effort address operational safety, trying to improve the handling of disturbances and accidents partly by further automation, partly by creating a better control room environment, providing the operator with intelligent support systems to help in the decision making process. Introduction of intelligent computerised operator support systems has proved to be an efficient way of improving the operators performance. A number of systems have been developed worldwide, assisting in tasks like process fault detection and diagnosis, selection and implementation of proper remedial actions. Unfortunately, the use of Knowledge Based Systems (KBSs), introduces a new dimension to the problem of the licensing process. KBSs, despite the different technology employed, are still nothing more than a computer program. Unfortunately, quite a few people building knowledge based systems seem to ignore the many good programming practices that have evolved over the years for producing traditional computer programs. In this paper the author will try to point out similarities and differences between conventional software based systems, and knowledge based systems, introducing also the concept of model based reasoning. (orig.) (25 refs., 2 figs.)
The long-term objectives of the Carnegie Mellon Fox Project are to improve the design and construction of systems software and to further the development of advanced programming language technology...
The long-term objectives of the Carnegie Mellon Fox Project are to improve the design and construction of systems software and to further the development of advanced programming language technology...
Esperon, Agustin I; Munoz, Jose P; Tanneau, Jean M
The MILOS (Military Systems based on Open-source Software) project was a European research program in the Eurofinder framework, attached to the CEPA 6 and co-financed by the Ministry of Defence of France and Spain...
Koponen, B.L.; Hampel, V.E.
A Nuclear Criticality Information System (NCIS) is being established at the Lawrence Livermore National Laboratory (LLNL) in order to serve personnel responsible for safe storage, transport, and handling of fissile materials and those concerned with the evaluation and analysis of nuclear, critical experiments. Public concern for nuclear safety provides the incentive for improved access to nuclear safety information
Ramanathan, P.; Kandlur, Dilip D.; Shin, Kang G.
A clock synchronization scheme that strikes a balance between hardware and software solutions is proposed. The proposed is a software algorithm that uses minimal additional hardware to achieve reasonably tight synchronization. Unlike other software solutions, the guaranteed worst-case skews can be made insensitive to the maximum variation of message transit delay in the system. The scheme is particularly suitable for large partially connected distributed systems with topologies that support simple point-to-point broadcast algorithms. Examples of such topologies include the hypercube and the mesh interconnection structures.
Wu Yican; Hu Liqin; Long Pengcheng; Luo Yuetong; Li Yazhou; Zeng Qin; Lu Lei; Zhang Junjun; Zou Jun; Xu Dezheng; Bai Yunqing; Zhou Tao; Chen Hongli; Peng Lei; Song Yong; Huang Qunying
A series of professional codes, which are necessary software tools and data libraries for advanced nuclear system design and analysis, were developed by the FDS Team, including the codes of automatic modeling, physics and engineering calculation, virtual simulation and visualization, system engineering and safety analysis and the related database management etc. The development of these software series was proposed as an exercise of development of nuclear informatics. This paper introduced the main functions and key techniques of the software series, as well as some tests and practical applications. (authors)
Basu, A.; Singh, S.; Nagraju, S.B.V.; Gupta, S.; Singh, P.
Qt based control system software for Low Energy Accelerating Facility (LEAF) is operational at Bhabha Atomic Research Centre (BARC), Trombay, Mumbai. LEAF is a 50 keV negative ion electrostatic accelerator based on SNICS ion source. Control system uses Nokia Trolltech's QT 4.x API for control system software. Ni 6008 USB based multifunction cards has been used for control and read back field equipments such as power supplies, pumps, valves etc. Control system architecture is designed to be client server. Qt is chosen for its excellent GUI capability and platform independent nature. Control system follows client server architecture. The paper will describe the control system. (author)
This plan describes the activities to be performed and the controls to be applied to the process of specifying, developing, and qualifying the data acquisition software for the Radioisotope Thermoelectric Generator (RTG) Transportation System Subsystem 143 Instrumentation and Data Acquisition System (IDAS). This plan will serve as a software quality assurance plan, a verification and validation (V and V) plan, and a configuration management plan
He, Lulu; Shull, Forrest
Software Quality Assurance (SQA) is an important component of the software development process. SQA processes provide assurance that the software products and processes in the project life cycle conform to their specified requirements by planning, enacting, and performing a set of activities to provide adequate confidence that quality is being built into the software. Typical techniques include: (1) Testing (2) Simulation (3) Model checking (4) Symbolic execution (5) Management reviews (6) Technical reviews (7) Inspections (8) Walk-throughs (9) Audits (10) Analysis (complexity analysis, control flow analysis, algorithmic analysis) (11) Formal method Our work over the last few years has resulted in substantial knowledge about SQA techniques, especially the areas of technical reviews and inspections. But can we apply the same QA techniques to the system development process? If yes, what kind of tailoring do we need before applying them in the system engineering context? If not, what types of QA techniques are actually used at system level? And, is there any room for improvement.) After a brief examination of the system engineering literature (especially focused on NASA and DoD guidance) we found that: (1) System and software development process interact with each other at different phases through development life cycle (2) Reviews are emphasized in both system and software development. (Figl.3). For some reviews (e.g. SRR, PDR, CDR), there are both system versions and software versions. (3) Analysis techniques are emphasized (e.g. Fault Tree Analysis, Preliminary Hazard Analysis) and some details are given about how to apply them. (4) Reviews are expected to use the outputs of the analysis techniques. In other words, these particular analyses are usually conducted in preparation for (before) reviews. The goal of our work is to explore the interaction between the Quality Assurance (QA) techniques at the system level and the software level.
Clinedinst, Winston C.; Slominski, Christopher J.; Dickson, Richard W.; Wolverton, David A.
The individual software processes used in the flight computers on-board the Advanced Transport Operating System (ATOPS) aircraft have many common functional elements. A library of commonly used software modules was created for general uses among the processes. The library includes modules for mathematical computations, data formatting, system database interfacing, and condition handling. The modules available in the library and their associated calling requirements are described.
Trevino, Luis C.
This viewgraph presentation describes the characteristics and advantages of autonomy and artificial intelligence in systems health monitoring. The presentation lists technologies relevant to Intelligent System Health Management (ISHM), and some potential applications.
Petrus M.A. Sloot
Full Text Available The paper describes a problem of computer simulation of critical phenomena in complex social systems on a petascale computing systems in frames of complex networks approach. The three-layer system of nested models of complex networks is proposed including aggregated analytical model to identify critical phenomena, detailed model of individualized network dynamics and model to adjust a topological structure of a complex network. The scalable parallel algorithm covering all layers of complex networks simulation is proposed. Performance of the algorithm is studied on different supercomputing systems. The issues of software and information infrastructure of complex networks simulation are discussed including organization of distributed calculations, crawling the data in social networks and results visualization. The applications of developed methods and technologies are considered including simulation of criminal networks disruption, fast rumors spreading in social networks, evolution of financial networks and epidemics spreading.
The history of the Earth system is a story of change. Some changesare gradual and benign, but others, especially those associated withcatastrophic mass extinction, are relatively abrupt and destructive.What sets one group apart from the other? Here I hypothesize thatperturbations of Earth's carbon cycle lead to mass extinction if theyexceed either a critical rate at long time scales or a critical sizeat short time scales. By analyzing 31 carbon-isotopic events duringthe last 542 million years, I identify the critical rate with a limitimposed by mass conservation. Further analysis identifies thecrossover timescale separating fast from slow events with thetimescale of the ocean's homeostatic response to a change in pH. Theproduct of the critical rate and the crossover timescale then yieldsthe critical size. The modern critical size for the marine carboncycle is roughly similar to the mass of carbon that human activitieswill likely have added to the oceans by the year 2100.
Quality achievement for the National Ignition Facility (NIF) and the National Ignition Campaign (NIC) is the responsibility of the NIF Projects line organization as described in the NIF and Photon Science Directorate Quality Assurance Plan (NIF QA Plan). This Software Quality Assurance Plan (SQAP) is subordinate to the NIF QA Plan and establishes quality assurance (QA) activities for the software subsystems within Controls and Information Systems (CIS). This SQAP implements an activity level software quality assurance plan for NIF Projects as required by the LLNL Institutional Software Quality Assurance Program (ISQAP). Planned QA activities help achieve, assess, and maintain appropriate quality of software developed and/or acquired for control systems, shot data systems, laser performance modeling systems, business applications, industrial control and safety systems, and information technology systems. The objective of this SQAP is to ensure that appropriate controls are developed and implemented for management planning, work execution, and quality assessment of the CIS organization's software activities. The CIS line organization places special QA emphasis on rigorous configuration control, change management, testing, and issue tracking to help achieve its quality goals.
Quality achievement for the National Ignition Facility (NIF) and the National Ignition Campaign (NIC) is the responsibility of the NIF Projects line organization as described in the NIF and Photon Science Directorate Quality Assurance Plan (NIF QA Plan). This Software Quality Assurance Plan (SQAP) is subordinate to the NIF QA Plan and establishes quality assurance (QA) activities for the software subsystems within Controls and Information Systems (CIS). This SQAP implements an activity level software quality assurance plan for NIF Projects as required by the LLNL Institutional Software Quality Assurance Program (ISQAP). Planned QA activities help achieve, assess, and maintain appropriate quality of software developed and/or acquired for control systems, shot data systems, laser performance modeling systems, business applications, industrial control and safety systems, and information technology systems. The objective of this SQAP is to ensure that appropriate controls are developed and implemented for management planning, work execution, and quality assessment of the CIS organization's software activities. The CIS line organization places special QA emphasis on rigorous configuration control, change management, testing, and issue tracking to help achieve its quality goals.
Operator assistance is more and more provided by computers. Computers contain programs, whose quality should be above a certain level, before they are allowed to be used in reactor control rooms. Several possibilities for gaining software reliability figures are discussed in this paper. By supervising the testing procedure of a program, one can estimate the number of remaining programming errors. Such an estimation, however, is not very accurate. With mathematical proving procedures one can gain some knowledge on program properties. Such proving procedures are important for the verification of general WHILE-loops, which tend to be error prone. The program analysis decomposes a program into its parts. First the program structure is made visible, which includes the data movements and the control flow. From this analysis test cases can be derived that lead to a complete test. Program analysis can be done by hand or automatically. A statistical program test normally requires a large number of test runs. This number is diminished if details concerning both the program to be tested or its use are known in advance. (orig.)
CERN is considering outsourcing as a solution to the reduction of staff. To need to re-engineer the SPS Software Interlock System provided an opportunity to explore the applicability of outsourcing to our specific controls environment and the ESA PSS-05 standards were selected for the requirements specification, the development, the control and monitoring and the project management. The software produced by the contractor is now fully operational. After outlining the scope and the complexity of the project, a discussion on the ESA PSS-05 will be presented: the choice, the way these standards improve the outsourcing process, the quality induced but also the need to adapt them and their limitation in the definition of the customer-supplier relationship. The success factors and the difficulties of development under contract will also be discussed. The maintenance aspect and the impact on in-house developments will finally be addressed.
Wang, Shihao; Duan, Zhigang; Liu, Mingye
Embedded system design often employs co-simulation to verify system's function; one efficient verification tool of software is Instruction Set Simulator (ISS). As a full functional model of target CPU, ISS interprets instruction of embedded software step by step, which usually is time-consuming since it simulates at low-level. Hence ISS often becomes the bottleneck of co-simulation in a complicated system. In this paper, a new software verification tools, the RTOS software simulator (RSS) was presented. The mechanism of its operation was described in a full details. In RSS method, RTOS API is extended and hardware simulator driver is adopted to deal with data-exchange and synchronism between the two simulators.
Full Text Available Designers increasingly rely on reusing intellectual property (IP and on raising the level of abstraction to respect system-on-chip (SoC market characteristics. However, most hardware and embedded software codes are recoded manually from system level. This recoding step often results in new coding errors that must be identified and debugged. Thus, shorter time-to-market requires automation of the system synthesis from high-level specifications. In this paper, we propose a design flow intended to reduce the SoC design cost. This design flow unifies hardware and software using a single high-level language. It integrates hardware/software (HW/SW generation tools and an automatic interface synthesis through a custom library of adapters. We have validated our interface synthesis approach on a hardware producer/consumer case study and on the design of a given software radiocommunication application.
Full Text Available Designers increasingly rely on reusing intellectual property (IP and on raising the level of abstraction to respect system-on-chip (SoC market characteristics. However, most hardware and embedded software codes are recoded manually from system level. This recoding step often results in new coding errors that must be identified and debugged. Thus, shorter time-to-market requires automation of the system synthesis from high-level specifications. In this paper, we propose a design flow intended to reduce the SoC design cost. This design flow unifies hardware and software using a single high-level language. It integrates hardware/software (HW/SW generation tools and an automatic interface synthesis through a custom library of adapters. We have validated our interface synthesis approach on a hardware producer/consumer case study and on the design of a given software radiocommunication application.
MacArthur, Duncan W.; Bracken, David S.; Carrillo, Louis A.; Elmont, Timothy H.; Frame, Katherine C.; Hirsch, Karen L.
A major issue in international safeguards of nuclear materials is the ability to verify that processes and materials in nuclear facilities are consistent with declaration without revealing sensitive information. An attribute measurement system (AMS) is a non-destructive assay (NDA) system that utilizes an information barrier to protect potentially sensitive information about the measurement item. A key component is the software utilized for operator interface, data collection, analysis, and attribute determination, as well as the operating system under which they are implemented. Historically, custom software has been used almost exclusively in transparency applications, and it is unavoidable that some amount of custom software is needed. The focus of this paper is to explore the extent to which commercially available software may be used and the relative merits.
The ever-increasing complexity of software systems makes them hard to comprehend, predict and tune due to emergent properties and non-deterministic behaviour. Complexity arises from the size of software systems and the wide variety of possible operating environments: the increasing choice of platforms and communication policies leads to ever more complex performance characteristics. In addition, software systems exhibit different behaviour under different workloads. Many software systems are designed to be configurable so that policies can be chosen to meet the needs of various stakeholders. For complex software systems it can be difficult to accurately predict the effects of a change and to know which configuration is most appropriate. This thesis demonstrates that it is useful to run automated experiments that measure a selection of system configurations. Experiments can find configurations that meet the stakeholders' needs, find interesting behavioural characteristics, and help produce predictive models of the system's behaviour. The design and use of ACT (Automated Configuration Tool) for running such experiments is described, in combination a number of search strategies for deciding on the configurations to measure. Design Of Experiments (DOE) is discussed, with emphasis on Taguchi Methods. These statistical methods have been used extensively in manufacturing, but have not previously been used for configuring software systems. The novel contribution here is an industrial case study, applying the combination of ACT and Taguchi Methods to DC-Directory, a product from Data Connection Ltd (DCL). The case study investigated the applicability of Taguchi Methods for configuring complex software systems. Taguchi Methods were found to be useful for modelling and configuring DC- Directory, making them a valuable addition to the techniques available to system administrators and developers.
Jiang, Yiping; Chen, C. L. Philip; Duan, Junwei
Cyber-physical system (CPS) is an emerging area, which cannot work efficiently without proper software handling of the data and business logic. Software and middleware is the soul of the CPS. The software development of CPS is a critical issue because of its complicity in a large scale realistic system. Furthermore, object-oriented approach (OOA) is often used to develop CPS software, which needs some improvements according to the characteristics of CPS. To develop software in a CPS environment, a new systematic approach is proposed in this paper. It comes from practice, and has been evolved from software companies. It consists of (A) Requirement analysis in event-oriented way, (B) architecture design in data-oriented way, (C) detailed design and coding in object-oriented way and (D) testing in event-oriented way. It is a new approach based on OOA; the difference when compared with OOA is that the proposed approach has different emphases and measures in every stage. It is more accord with the characteristics of event-driven CPS. In CPS software development, one should focus on the events more than the functions or objects. A case study of a smart home system is designed to reveal the effectiveness of the approach. It shows that the approach is also easy to be operated in the practice owing to some simplifications. The running result illustrates the validity of this approach.
Millen, Ernest W.; Person, Lee H., Jr.
Runway-navigation-monitor (RNM) and critical-distances-process electronic equipment designed to provide pilot with timely and reliable predictive navigation information relating to takeoff, landing and runway-turnoff operations. Enables pilot to make critical decisions about runway maneuvers with high confidence during emergencies. Utilizes ground-referenced position data only to drive purely navigational monitor system independent of statuses of systems in aircraft.
An instructional manual was created to guide criticality safety engineers through the technical aspects of designing a criticality alarm system (CAS) for Dept. of Energy (DOE) hazard class 1 and 2 facilities. The manual was structured such that it can be used by engineers designing completely new systems and by those who are working with existing facilities. Major design tasks are thoroughly analyzed to provide concise direction for how to complete the analysis. Regulatory and technical performance requirements were both addressed. (authors)
Biringer, Betty; Warren, Drake
Security protections for critical infrastructure nodes are intended to minimize the risks resulting from an initiating event, whether it is an intentional malevolent act or a natural hazard. With an emphasis on protecting an infrastructure's ability to perform its mission or function, Critical Infrastructure System Security and Resiliency presents a practical methodology for developing an effective protection system that can either prevent undesired events or mitigate the consequences of such events.Developed at Sandia National Labs, the authors' analytical approach and
Koo, Seo Ryong; Son Han Seong; Seong, Poong Hyun
Nuclear Power Plant (NPP) is the safety critical system. Since, nuclear instrumentation and control (I and C) systems including the plant protection system play the brain part of human, nuclear I and C systems have an influence on safety and operation of NPP. Essentially, software V and V should be performed for the safety critical systems based on software. It is very important in the technical aspect because of the problems concerning license acquisitions. In this work, an intelligent and integrated V and V environment supporting the automation of V and V was designed. The intelligent and integrated V and V environment consists of the intelligent controller part, components part, interface part, and GUI part. These parts were integrated systematically, while taking their own independent functions
The increased complexity of embedded systems coupled with quick design cycles to accommodate faster time-to-market requires increased system design productivity that involves both model-based design and tool-supported methodologies. Formal methods are mathematically-based techniques and provide a clean framework in which to express requirements and models of the systems, taking into account discrete, stochastic and continuous (timed or hybrid) parameters with increasingly efficient tools. This book deals with these formal methods applied to communicating embedded systems by presenting the
To avoid iterative development of core modules in water resource normal regulation and emergency regulation and improve the capability of maintenance and optimization upgrading of regulation models and business logics, a general water resources regulation software framework was developed based on the collection and analysis of common demands for water resources regulation and emergency management. It can provide a customizable, secondary developed and extensible software framework for the three-level platform "MWR-Basin-Province". Meanwhile, this general software system can realize business collaboration and information sharing of water resources regulation schemes among the three-level platforms, so as to improve the decision-making ability of national water resources regulation. There are four main modules involved in the general software system: 1) A complete set of general water resources regulation modules allows secondary developer to custom-develop water resources regulation decision-making systems; 2) A complete set of model base and model computing software released in the form of Cloud services; 3) A complete set of tools to build the concept map and model system of basin water resources regulation, as well as a model management system to calibrate and configure model parameters; 4) A database which satisfies business functions and functional requirements of general water resources regulation software can finally provide technical support for building basin or regional water resources regulation models.
Full Text Available Purpose – This article presents the results of distance learning system analysis, i.e. the critical elements of the distance learning system. The critical points of distance learning are a part of distance education online environment interactivity/community process model. The most important is the fact that the critical point is associated with distance learning participants. Design/methodology/approach – Comparative review of articles and analysis of distance learning module. Findings – A modern man is a lifelong learner and distance learning is a way to be a modern person. The focus on a learner and feedback is the most important thing of learning distance system. Also, attention should be paid to the lecture-appropriate knowledge and ability to convey information. Distance system adaptation is the way to improve the learner’s learning outcomes. Research limitations/implications – Different learning disciplines and learning methods may have different critical points. Practical implications – The information of analysis could be important for both lecturers and students, who studies distance education systems. There are familiar critical points which may deteriorate the quality of learning. Originality/value – The study sought to develop remote systems for applications in order to improve the quality of knowledge. Keywords: distance learning, process model, critical points. Research type: review of literature and general overview.
Graves, Sharon S.; Jacobsen, Robert A.
On March 31, 2009 a Request for Information (RFI) was issued by NASA s Aviation Safety Program to gather input on the subject of Verification and Validation (V & V) of Flight-Critical Systems. The responses were provided to NASA on or before April 24, 2009. The RFI asked for comments in three topic areas: Modeling and Validation of New Concepts for Vehicles and Operations; Verification of Complex Integrated and Distributed Systems; and Software Safety Assurance. There were a total of 34 responses to the RFI, representing a cross-section of academic (26%), small & large industry (47%) and government agency (27%).
Sczyrba, Alexander; Hofmann, Peter; Belmann, Peter; Koslicki, David; Janssen, Stefan; Dröge, Johannes; Gregor, Ivan; Majda, Stephan; Fiedler, Jessika; Dahms, Eik; Bremges, Andreas; Fritz, Adrian; Garrido-Oter, Ruben; Jørgensen, Tue Sparholt; Shapiro, Nicole; Blood, Philip D; Gurevich, Alexey; Bai, Yang; Turaev, Dmitrij; DeMaere, Matthew Z; Chikhi, Rayan; Nagarajan, Niranjan; Quince, Christopher; Meyer, Fernando; Balvočiūtė, Monika; Hansen, Lars Hestbjerg; Sørensen, Søren J; Chia, Burton K H; Denis, Bertrand; Froula, Jeff L; Wang, Zhong; Egan, Robert; Don Kang, Dongwan; Cook, Jeffrey J; Deltel, Charles; Beckstette, Michael; Lemaitre, Claire; Peterlongo, Pierre; Rizk, Guillaume; Lavenier, Dominique; Wu, Yu-Wei; Singer, Steven W; Jain, Chirag; Strous, Marc; Klingenberg, Heiner; Meinicke, Peter; Barton, Michael D; Lingner, Thomas; Lin, Hsin-Hung; Liao, Yu-Chieh; Silva, Genivaldo Gueiros Z; Cuevas, Daniel A; Edwards, Robert A; Saha, Surya; Piro, Vitor C; Renard, Bernhard Y; Pop, Mihai; Klenk, Hans-Peter; Göker, Markus; Kyrpides, Nikos C; Woyke, Tanja; Vorholt, Julia A; Schulze-Lefert, Paul; Rubin, Edward M; Darling, Aaron E; Rattei, Thomas; McHardy, Alice C
Methods for assembly, taxonomic profiling and binning are key to interpreting metagenome data, but a lack of consensus about benchmarking complicates performance assessment. The Critical Assessment of Metagenome Interpretation (CAMI) challenge has engaged the global developer community to benchmark their programs on highly complex and realistic data sets, generated from ∼700 newly sequenced microorganisms and ∼600 novel viruses and plasmids and representing common experimental setups. Assembly and genome binning programs performed well for species represented by individual genomes but were substantially affected by the presence of related strains. Taxonomic profiling and binning programs were proficient at high taxonomic ranks, with a notable performance decrease below family level. Parameter settings markedly affected performance, underscoring their importance for program reproducibility. The CAMI results highlight current challenges but also provide a roadmap for software selection to answer specific research questions.
The safe operation of complex socio-technical systems is dependent upon the reporting of safety critical incidents by operators within a system. Through the action of reporting, systems develop the capability as a learning organisation to improve human and organisational performance. The aim of the study is therefore to ...
Like most other types of instrumentation systems, flight test instrumentation is not produced in series; its development is a one-time achievement by a test department. With the introduction of powerful digital computers, instrumentation systems have included data analysis tasks that were previously
Yoshikawa, Hidekazu; Nakagawa, Takashi
A new risk monitor system is under development which can be applied not only to prevent severe accident in daily operation but also to serve as to mitigate the radiological hazard just after severe accident happens and long term management of post-severe accident consequences. The fundamental method for the new risk monitor system is first given on how to configure the Plant Defense in-Depth (DiD) Risk Monitor by object-oriented software system based on functional modeling approach. In this paper, software system for the plant DiD risk monitor is newly developed by object oriented method utilizing Unified Modeling Language (UML). Usage of the developed DiD risk monitor is also introduced by showing examples for LOCA case of AP1000. (author)
Carlos Mario Zapata Jaramillo
Full Text Available Information systems are sets of interacting elements aimed at supporting entrepreneurial or business activities; they cannot thus coexist in an isolated way but require their data to be shared so as to increase their productivity. Such systems’ interoperability is normally accomplished through mark-up standards, query languages and web services. The literature contains work related to software system interoperability; however, it presents some difficulties, such as the need for using the same platforms and different programming languages, the use of read only languages and the deficiencies in the formalism used for achieving it. This paper presents a critical review of the advances made regarding heterogeneous software systems’ interoperability.
The US Department of Energy's Nuclear Criticality Information System (NCIS) has served the criticality community for the past ten years with publications and with an online information system. NCIS provides a mean for widely distributed nuclear criticality specialists to communicate and work together instantly. Users of the system may receive assistance from all members of the NCIS community, which provides a much broader base of support than is available at any single site. When unified by NCIS, these diverse specialists provide a resource that has proven to be very useful in the safe handling of fissile material. NCIS also is a source of current nuclear criticality safety information; the rapid access of such up-to-date information on the handling of fissile materials outside of nuclear reactors is international in scope, extending beyond political and geographical boundaries
A software tool was developed for predicting the size of a future computer program at an early stage in its development. The system is intended to enable a user who is not expert in Software Engineering to estimate software size in lines of source code with an accuracy similar to that of an expert, based on the program's functional specifications. The project was planned as a knowledge based system with a field prototype as the goal of Phase 2 and a commercial system planned for Phase 3. The researchers used techniques from Artificial Intelligence and knowledge from human experts and existing software from NASA's COSMIC database. They devised a classification scheme for the software specifications, and a small set of generic software components that represent complexity and apply to large classes of programs. The specifications are converted to generic components by a set of rules and the generic components are input to a nonlinear sizing function which makes the final prediction. The system developed for this project predicted code sizes from the database with a bias factor of 1.06 and a fluctuation factor of 1.77, an accuracy similar to that of human experts but without their significant optimistic bias.
This report describes the current concepts for software to control the operation of the Automatic Data Acquisition System (ADAS) proposed for the Deaf Smith County, Texas, Exploratory Shaft Facility (ESF). The purpose of this report is to provide conceptual details of how the ADAS software will execute the data acquisition function, and how the software will make collected information available to the test personnel, the Data Management Group (DMG), and other authorized users. It is not intended that this report describe all of the ADAS functions in exact detail, but the concepts included herein will form the basis for the formal ADAS functional requirements definition document. 5 refs., 14 figs
Gharakhani Siraki, Arbi; Pillay, Pragasen
A large number of software packages are available for solar resource evaluation and PV system design. However, few of them are suitable for urban applications. In this paper a comparison has been made between two specifically designed solar tools known as the Ecotect 2010 and the PVsyst 5.05. Conclusions have been made for proper use of these packages based on their specifications and privileges. Moreover, the calculations have been repeated with HOMER software package (which is a generic tool) for the same location. The results suggest that a generic solar software tool should not be used for an urban application.
Monitoring and targeting software systems have proved to be valuable tools for energy control, permitting to save five to ten percent of energy. The article reviews the systems that are presently available in England and illustrates how these systems are successfully used in practice in small (British Telecom) and middle large (Charles Wells Brewery) industrial applications. (A.S.)
Yakhnis, A.; Yakhnis, V. [Pioneer Technologies & Rockwell Science Center, Albuquerque, NM (United States)
This report contains viewgraphs on the automated construction of dependable computer architecture systems. The outline of this report is: examples of software/hardware systems; dependable systems; partial delivery of dependability; proposed approach; removing obstacles; advantages of the approach; criteria for success; current progress of the approach; and references.
Jones, S.; And Others
Discusses software design issues for Okapi, an information retrieval system that incorporates both search engine and user interface and supports weighted searching, relevance feedback, and query expansion. The basic search system, adjacency searching, and moving toward a distributed system are discussed. (Author/LRW)
The application of distributed digital processing techniques to the protection systems of nuclear power plants provides a means to significantly improve the functional capability of the protection system with respect to the operability and availability of the power plant. A major factor in the realization of this improvement is the development and maintenance of essentially error-free software. A joint program for the development of principles for the design, testing and documentation of software to achieve this goal is presented. Results from two separate experiences in the application of these principles in terms of detected software errors are summarized. The low number of errors detected during the verification testing phase demonstrates the effectiveness of the design and documentation principles in the realization of highly reliable software. (author)
Biel, J.; Areti, H.; Atac, R.
Software has been developed for use with the Fermilab Advanced Computer Program (ACP) multiprocessor system. The software was designed to make a system of a hundred independent node processors as easy to use as a single, powerful CPU. Subroutines have been developed by which a user's host program can send data to and get results from the program running in each of his ACP node processors. Utility programs make it easy to compile and link host and node programs, to debug a node program on an ACP development system, and to submit a debugged program to an ACP production system
The Spaceport Command and Control System (SCCS) is the National Aeronautics and Space Administration's (NASA) launch control system for the Orion capsule and Space Launch System, the next generation manned rocket currently in development. This system requires high quality testing that will measure and test the capabilities of the system. For the past two years, the Exploration and Operations Division at Kennedy Space Center (KSC) has assigned a group including interns and full-time engineers to develop automated tests to save the project time and money. The team worked on automating the testing process for the SCCS GUI that would use streamed simulated data from the testing servers to produce data, plots, statuses, etc. to the GUI. The software used to develop automated tests included an automated testing framework and an automation library. The automated testing framework has a tabular-style syntax, which means the functionality of a line of code must have the appropriate number of tabs for the line to function as intended. The header section contains either paths to custom resources or the names of libraries being used. The automation library contains functionality to automate anything that appears on a desired screen with the use of image recognition software to detect and control GUI components. The data section contains any data values strictly created for the current testing file. The body section holds the tests that are being run. The function section can include any number of functions that may be used by the current testing file or any other file that resources it. The resources and body section are required for all test files; the data and function sections can be left empty if the data values and functions being used are from a resourced library or another file. To help equip the automation team with better tools, the Project Lead of the Automated Testing Team, Jason Kapusta, assigned the task to install and train an optical character recognition (OCR
Nierstrasz Oscar; Lungu Mircea
Informed decision making is a critical activity in software development but it is poorly supported by common development environments which focus mainly on low level programming tasks. We posit the need for agile software assessment which aims to support decision making by enabling rapid and effective construction of software models and custom analyses. Agile software assessment entails gathering and exploiting the broader context of software information related to the system at hand as well ...
Abrahão, Silvia; Baldassarre, Maria Teresa; Caivano, Danilo
Software Engineering and Human-Computer Interaction look at the development process from different perspectives. They apparently use very different approaches, are inspired by different principles and address different needs. But, they definitively have the same goal: develop high quality software...... in the most effective way. The second edition of the workshop puts particular attention on efforts of the two communities in enhancing system quality. The research question discussed is: who, what, where, when, why, and how should we evaluate?...
Exoskeletons , Robots and System Software: Tools for the Warfighter? Paul Flanagan, Tuesday, April 24, 2012 11:15 am– 12:00 pm 1 “The views...Emerging technologies such as exoskeletons , robots , drones, and the underlying software are and will change the face of the battlefield. Warfighters will...global hub for educating, informing, and connecting Information Age leaders.” What is an exoskeleton ? An exoskeleton is a wearable robot suit that
Avery, Paul; White, Andrew
UFMulti is a multiprocessing software package designed for general purpose high energy physics applications, including physics and detector simulation, data reduction and DST physics analysis. The system is particularly well suited for installations where several workstation or computers are connected through a local area network (LAN). The initial configuration of the software is currently running on VAX/VMS machines with a planned extension to ULTRIX, using the new RISC CPUs from Digital, in the near future.
Avery, P.; White, A.
UFMulti is a multiprocessing software package designed for general purpose high energy physics applications, including physics and detector simulation, data reduction and DST physics analysis. The system is particularly well suited for installations where several workstations or computers are connected through a local area network (LAN). The initial configuration of the software is currently running on VAX/VMS machines with a planned extension to ULTRIX, using the new RISC CPUs from Digital, in the near future. (orig.)
Goseva-Popstojanova, Katerina; Tyo, Jacob
While some prior research work exists on characteristics of software faults (i.e., bugs) and failures, very little work has been published on analysis of software applications vulnerabilities. This paper aims to contribute towards filling that gap by presenting an empirical investigation of application vulnerabilities. The results are based on data extracted from issue tracking systems of two NASA missions. These data were organized in three datasets: Ground mission IVV issues, Flight mission IVV issues, and Flight mission Developers issues. In each dataset, we identified security related software bugs and classified them in specific vulnerability classes. Then, we created the security vulnerability profiles, i.e., determined where and when the security vulnerabilities were introduced and what were the dominating vulnerabilities classes. Our main findings include: (1) In IVV issues datasets the majority of vulnerabilities were code related and were introduced in the Implementation phase. (2) For all datasets, around 90 of the vulnerabilities were located in two to four subsystems. (3) Out of 21 primary classes, five dominated: Exception Management, Memory Access, Other, Risky Values, and Unused Entities. Together, they contributed from 80 to 90 of vulnerabilities in each dataset.
Nanda Nagara; Didi Gayani
It has been created a Gamma Radiation Counting System using interface card, which paired with Personal Computer (PC) and operated by the Visual Basic program. The program was set through varied menu selections such as ”Multi Counting” , ”Counting and Record” and ”View Data”. An interface card for data acquisition was formed by using AMD9513 components as a counter and timer which can be programmed. This counting system was tested and used in waste facility in PTNBR and the result is quite good. (author)
Eom, Heung Seop; Park, Gee Yong; Jang, Seung Cheol
The purpose of this paper is to provide a preliminary guideline for the estimation of software faults in a safety-critical software, for example, reactor protection system's software. As the fault estimation method is based on Bayesian Net which intensively uses subjective probability and informal data, it is necessary to define formal procedure of the method to minimize the variability of the results. The guideline describes assumptions, limitations and uncertainties, and the product of the fault estimation method. The procedure for conducting a software fault-estimation method is then outlined, highlighting the major tasks involved. The contents of the guideline are based on our own experience and a review of research guidelines developed for a PSA
... Communications System Server Software, Wireless Handheld Devices and Battery Packs; Notice of Investigation... within the United States after importation of certain wireless communications system server software... certain wireless communications system server software, wireless handheld devices or battery packs that...
Castello, R.; Mili, R.; Tollis, I.G.; Winter, V.
In this paper we present an approach that facilitates the validation of high consequence system requirements. This approach consists of automatically generating a graphical representation from an informal document. Our choice of a graphical notation is statecharts. We proceed in two steps: we first extract a hierarchical decomposition tree from a textual description, then we draw a graph that models the statechart in a hierarchical fashion. The resulting drawing is an effective requirements assessment tool that allows the end user to easily pinpoint inconsistencies and incompleteness
Trinier, Ruth; Liske, Lori; Nenadovic, Vera
Variability in parameters such as heart rate, respiratory rate and blood pressure defines healthy physiology and the ability of the person to adequately respond to stressors. Critically ill patients have lost this variability and require highly specialized nursing care to support life and monitor changes in condition. The critical care environment is a dynamic system through which information flows. The critical care unit is typically designed as a tree structure with generally one attending physician and multiple nurses and allied health care professionals. Information flow through the system allows for identification of deteriorating patient status and timely interventionfor rescue from further deleterious effects. Nurses provide the majority of direct patient care in the critical care setting in 2:1, 1:1 or 1:2 nurse-to-patient ratios. The bedside nurse-critically ill patient relationship represents the primary, real-time feedback loop of information exchange, monitoring and treatment. Variables that enhance information flow through this loop and support timely nursing intervention can improve patient outcomes, while barriers can lead to errors and adverse events. Examining patient information flow in the critical care environment from a dynamic systems perspective provides insights into how nurses deliver effective patient care and prevent adverse events.
... review of applications for permits and licenses. The DG entitled ``Developing Software Life Cycle... NUCLEAR REGULATORY COMMISSION [NRC-2012-0195] Developing Software Life Cycle Processes for Digital Computer Software Used in Safety Systems of Nuclear Power Plants AGENCY: Nuclear Regulatory Commission...
Dahll, Gustav; Liwang, Bo; Wainwright, Norman
The introduction of new software based technology in the safety systems in nuclear power plants also makes it necessary to develop new strategies for regulatory review and assessment of these new systems that is more focused on reviewing the processes at the different phases in design phases during the system life cycle. It is a general requirement that the licensee shall perform different kinds of reviews. From a regulatory point of view it is more cost effective to assess that the design activities at the suppliers and the review activities within the development project are performed with good quality. But the change from more technical reviews over to the development process oriented approach also cause problems. When reviewing development and quality aspects there are no 'hard facts' that can be judged against some specified criteria, the issues are more 'soft' and are more to build up structure of arguments and evidences that the requirements are met. The regulatory review strategy must therefore change to follow the development process over the whole life cycle from concept phase until installation and operation. Even if we know what factors that is of interest we need some guidance on how to interpret and judge the information.For that purpose SKl started research activities in this area at the end of the 1990s. In the first phase, in co-operation with Gustav Dahll at the Halden project, a life cycle model was selected. For the different phases a qualitative influence net was constructed of the type that is used in Bayesian Believe Network together with a discussion on different issues involved. In the second phase of the research work, in co-operation with Norman Wainwright, a former NII inspector, information from a selection of the most important sources as guidelines, IAEA and EC reports etc, was mapped into the influence net structure (the total list on used sources are in the report). The result is presented in the form of questions (Q) and a
Dahll, Gustav (OECD Halden Project, Halden (NO)); Liwaang, Bo (Swedish Nuclear Power Inspectorate, Stockholm (Sweden)); Wainwright, Norman (Wainwright Safety Advice (GB))
The introduction of new software based technology in the safety systems in nuclear power plants also makes it necessary to develop new strategies for regulatory review and assessment of these new systems that is more focused on reviewing the processes at the different phases in design phases during the system life cycle. It is a general requirement that the licensee shall perform different kinds of reviews. From a regulatory point of view it is more cost effective to assess that the design activities at the suppliers and the review activities within the development project are performed with good quality. But the change from more technical reviews over to the development process oriented approach also cause problems. When reviewing development and quality aspects there are no 'hard facts' that can be judged against some specified criteria, the issues are more 'soft' and are more to build up structure of arguments and evidences that the requirements are met. The regulatory review strategy must therefore change to follow the development process over the whole life cycle from concept phase until installation and operation. Even if we know what factors that is of interest we need some guidance on how to interpret and judge the information.For that purpose SKl started research activities in this area at the end of the 1990s. In the first phase, in co-operation with Gustav Dahll at the Halden project, a life cycle model was selected. For the different phases a qualitative influence net was constructed of the type that is used in Bayesian Believe Network together with a discussion on different issues involved. In the second phase of the research work, in co-operation with Norman Wainwright, a former NII inspector, information from a selection of the most important sources as guidelines, IAEA and EC reports etc, was mapped into the influence net structure (the total list on used sources are in the report). The result is presented in the form of
K. S. Kushal
Full Text Available The dependency of complex embedded Safety-Critical Systems across Avionics and Aerospace domains on their underlying software and hardware components has gradually increased with progression in time. Such application domain systems are developed based on a complex integrated architecture, which is modular in nature. Engineering practices assured with system safety standards to manage the failure, faulty, and unsafe operational conditions are very much necessary. System safety analyses involve the analysis of complex software architecture of the system, a major aspect in leading to fatal consequences in the behaviour of Safety-Critical Systems, and provide high reliability and dependability factors during their development. In this paper, we propose an architecture fault modeling and the safety analyses approach that will aid in identifying and eliminating the design flaws. The formal foundations of SAE Architecture Analysis & Design Language (AADL augmented with the Error Model Annex (EMV are discussed. The fault propagation, failure behaviour, and the composite behaviour of the design flaws/failures are considered for architecture safety analysis. The illustration of the proposed approach is validated by implementing the Speed Control Unit of Power-Boat Autopilot (PBA system. The Error Model Annex (EMV is guided with the pattern of consideration and inclusion of probable failure scenarios and propagation of fault conditions in the Speed Control Unit of Power-Boat Autopilot (PBA. This helps in validating the system architecture with the detection of the error event in the model and its impact in the operational environment. This also provides an insight of the certification impact that these exceptional conditions pose at various criticality levels and design assurance levels and its implications in verifying and validating the designs.
Each of the four reactor units at the Ontario Hydro Bruce A Nuclear Generating Station is controlled by the Reactor Regulating System (RRS) software running on digital computers. This research report presents an assessment of the quality and reliability of the RRS software based on a review of the RRS design documentation, an analysis of certain significant Event Reports (SERs), and an examination of selected software changes. We found that the RRS software requirements (i.e., what the software should do) were never clearly documented, and that design documents, which should describe how the requirements are implemented, are incomplete and inaccurate. Some RRS-related SERs (i.e., reports on unexpected incidents relating to the reactor control) implied that there were faults in the RRS, or that RRS changes should be made to help prevent certain unexpected events. The follow-up investigations were generally poorly documented, and so it could not usually be determined that problems were properly resolved. The Bruce A software change control procedures require improvement. For the software changes examined, there was insufficient evidence provided by Ontario Hydro that the required procedures regarding change approval, independent review, documentation updates, and testing were followed. Ontario Hydro relies on the expertise of their technical staff to modify the RRS software correctly; they have confidence in the software code itself, even if the documentation is not up-to-date. Ontario Hydro did not produce the documentation required for an independent formal assessment of the reliability of the RRS. (author). 37 refs., 3 figs
Each of the four reactor units at the Ontario Hydro Bruce A Nuclear Generating Station is controlled by the Reactor Regulating System (RRS) software running on digital computers. This research report presents an assessment of the quality and reliability of the RRS software based on a review of the RRS design documentation, an analysis of certain significant Event Reports (SERs), and an examination of selected software changes. We found that the RRS software requirements (i.e., what the software should do) were never clearly documented, and that design documents, which should describe how the requirements are implemented, are incomplete and inaccurate. Some RRS-related SERs (i.e., reports on unexpected incidents relating to the reactor control) implied that there were faults in the RRS, or that RRS changes should be made to help prevent certain unexpected events. The follow-up investigations were generally poorly documented, and so it could not usually be determined that problems were properly resolved. The Bruce A software change control procedures require improvement. For the software changes examined, there was insufficient evidence provided by Ontario Hydro that the required procedures regarding change approval, independent review, documentation updates, and testing were followed. Ontario Hydro relies on the expertise of their technical staff to modify the RRS software correctly; they have confidence in the software code itself, even if the documentation is not up-to-date. Ontario Hydro did not produce the documentation required for an independent formal assessment of the reliability of the RRS. (author). 37 refs., 3 figs.
Mann, L.W.; Claborn, G.W.; Nielson, C.W.
The Subsystem Control Software at the Tritium System Test Assembly (TSTA) must control sophisticated chemical processes through the physical operation of valves, motor controllers, gas sampling devices, thermocouples, pressure transducers, and similar devices. Such control software has to be capable of passing stringent quality assurance (QA) criteria to provide for the safe handling of significant amounts of tritium on a routine basis. Since many of the chemical processes and physical components are experimental, the control software has to be flexible enough to allow for trial/error learning curve, but still protect the environment and personnel from exposure to unsafe levels of radiation. The software at TSTA is implemented in several levels as described in a preceding paper in these proceedings. This paper depends on information given in the preceding paper for understanding. The top level is the Subsystem Control level
Ritter, George; Guillebeau, Pat; McNair, Ann R. (Technical Monitor)
The Marshall Space Flight Center's (MSFC) Payload Operations Center (POC) ground system has evolved over a period of about 10 years. During this time the software processes have migrated from more traditional to more contemporary development processes in an effort to minimize unnecessary overhead while maximizing process benefits. The Software processes that have evolved still emphasize requirements capture, software configuration management, design documenting, and making sure the products that have been developed are accountable to initial requirements. This paper will give an overview of how the Software Processes have evolved, highlighting the positives as well as the negatives. In addition, we will mention the COTS tools that have been integrated into the processes and how the COTS have provided value to the project.
King, T. A.
A great deal of effort is made to preserve scientific data. Not only because data is knowledge, but it is often costly to acquire and is sometimes collected under unique circumstances. Another part of the science enterprise is the development of software to process and analyze the data. Developed software is also a large investment and worthy of preservation. However, the long term preservation of software presents some challenges. Software often requires a specific technology stack to operate. This can include software, operating systems and hardware dependencies. One past approach to preserve computational capabilities is to maintain ancient hardware long past its typical viability. On an archive horizon of 100 years, this is not feasible. Another approach to preserve computational capabilities is to archive source code. While this can preserve details of the implementation and algorithms, it may not be possible to reproduce the technology stack needed to compile and run the resulting applications. This future forward dilemma has a solution. Technology used to create clouds and process big data can also be used to archive and preserve computational capabilities. We explore how basic hardware, virtual machines, containers and appropriate metadata can be used to preserve computational capabilities and to archive functional software systems. In conjunction with data archives, this provides scientist with both the data and capability to reproduce the processing and analysis used to generate past scientific results.
Mejuev, Igor; Kumagai, Akira; Kadokura, Eiichi
Tailoring is further evolution of an application after deployment in order to adapt it to requirements that were not accounted for in the original design. End-user tailorability has been extensively researched in applied computer science from HCl and software engineering perspectives. Tailorability allows coping with flexibility requirements, decreasing maintenance and development costs of software products. In general, dynamic or diverse software requirements constitute the need for implementing end-user tailorability in computer systems. In accelerator physics research the factor of dynamic requirements is especially important, due to frequent software and hardware modifications resulting in correspondingly high upgrade and maintenance costs. In this work we introduce the results of feasibility study on implementing end-user tailorability in the software for accelerator control system, considering the design and implementation of distributed monitoring application for 12 GeV KEK Proton Synchrotron as an example. The software prototypes used in this work are based on a generic tailoring platform (VEDICI), which allows decoupling of tailoring interfaces and runtime components. While representing a reusable application-independent framework, VEDICI can be potentially applied for tailoring of arbitrary compositional Web-based applications
This paper intends to present the design and the production of a software for the Occupational Health and Safety Integrated Management System with the view to a rapid drawing up of the system documents in the field of occupational health and safety
Vătăsescu, Mihaela [University Politehnica Timisoara, Department of Engineering and Management, 5 Revolutiei street, 331128 Hunedoara (Romania)
This paper intends to present the design and the production of a software for the Occupational Health and Safety Integrated Management System with the view to a rapid drawing up of the system documents in the field of occupational health and safety.
Computer Aided Engineering System (CAESY) software developed to provide means to evaluate methods for dealing with users' needs in computer-aided design of control systems. Interpreter program for performing engineering calculations. Incorporates features of both Ada and MATLAB. Designed to be flexible and powerful. Includes internally defined functions, procedures and provides for definition of functions and procedures by user. Written in C language.
Fischer, Carol M.; Hoffman, Michael S.; Casey, Nancy C.; Cox, Maureen P.
Colleagues from information technology and three academic departments collaborated on an instructional technology initiative to employ student response systems in classes in mathematics, accounting and education. The instructors assessed the viability of using software-based systems to enable students to use their own devices (cell phones,…
Tran, T. L.
This paper describes the use of Quality Function Deployment (QFD), adapted to requirements engineering for a software-intensive system development project, and sysnthesizes the lessons learned from the application of QFD to the Network Control System (NCS) pre-project of the Deep Space Network.
Kang, Hyun Gook; Lim, Ho Gon; Lee, Ho Jung; Kim, Man Cheol; Jang, Seung Cheol
The approaches for software failure probability estimation are mainly based on the results of testing. Test cases represent the inputs, which are encountered in an actual use. The test inputs for the safety-critical application such as a reactor protection system (RPS) of a nuclear power plant are the inputs which cause the activation of protective action such as a reactor trip. A digital system treats inputs from instrumentation sensors as discrete digital values by using an analog-to-digital converter. Input profile must be determined in consideration of these characteristics for effective software failure probability quantification. Another important characteristic of software testing is that we do not have to repeat the test for the same input value since the software response is deterministic for each specific digital input. With these considerations, we propose an effective software testing method for quantifying the failure probability. As an example application, the input profile of the digital RPS is developed based on the typical plant data. The proposed method in this study is expected to provide a simple but realistic mean to quantify the software failure probability based on input profile and system dynamics.
Ferron, J.R.; Penaflor, B.; Walker, M.L.; Moller, J.; Butner, D.
The software structure of the plasma control system in use on the DIII-D tokamak experiment is described. This system implements control functions through software executing in real time on one or more digital computers. The software is organized into a hierarchy that allows new control functions needed to support the DIII-D experimental program to be added easily without affecting previously implemented functions. This also allows the software to be portable in order to create control systems for other applications. The tokamak operator uses an X-windows based interface to specify the time evolution of a tokamak discharge. The interface provides a high level view for the operator that reduces the need for detailed knowledge of the control system operation. There is provision for an asynchronous change to an alternate discharge time evolution in response to an event that is detected in real time. Quality control is enhanced through off-line testing that can make use of software-based tokamak simulators
Lawrence, J.D.; Persons, W.L.; Preckshot, G.G.; Gallagher, J.
In 1991, LLNL was asked by the NRC to provide technical assistance in various aspects of computer technology that apply to computer-based reactor protection systems. This has involved the review of safety aspects of new reactor designs and the provision of technical advice on the use of computer technology in systems important to reactor safety. The latter includes determining and documenting state-of-the-art subjects that require regulatory involvement by the NRC because of their importance in the development and implementation of digital computer safety systems. These subjects include data communications, formal methods, testing, software hazards analysis, verification and validation, computer security, performance, software complexity and others. One topic software reliability and safety is the subject of this paper
Full Text Available The loading automatic test system for measurement of power line filters are in urgent demand. So the software sub-system of the whole test system was proposed. Methods: structured the test system based on the virtual instrument framework, which consisted of lower and up computer and adopted the top down approach of design to perform the system and its modules, according to the measurement principle of the test system. Results: The software sub-system including human machine interface, data analysis and process software, expert system, communication software, control software in lower computer, etc. had been designed. Furthermore, it had been integrated into the entire test system. Conclusion: This sub-system provided a fiendly software platform for the whole test system, and had many advantages such as strong functions, high performances, low prices. It not only raises the test efficiency of EMI filters, but also renders some creativities.
The design aspect of a data acquisition system software for experimental nuclear physics applications is discussed. The features of a good data acquisition system and the techniques which are used to meet the requirements are also discussed. The suitability of different programming languages for different applications have been outlined. The operating system requirements and the difficulties encountered by the programmer for non-ideal operating system environment is also highlighted. (author)
Software quality assurance (SQA) for robotic systems used in nuclear waste applications is vital to ensure that the systems operate safely and reliably and pose a minimum risk to humans and the environment. This paper describes the SQA approach for the control and data acquisition system for a robotic system being developed for remote surveillance and inspection of underground storage tanks (UST) at the Hanford Site
I. V. Khomyackov
Full Text Available A stochastic model of critically important object security system element has been developed. The model includes mathematical description of the security system element properties and external influences. The state evolution of the security system element is described by the semi-Markov process with finite states number, the semi-Markov matrix and the initial semi-Markov process states probabilities distribution. External influences are set with the intensity of the Poisson thread.
Chung, Victoria I.; Hutchinson, Brian K.
"Simulation-to-Flight" is a research development concept to reduce costs and increase testing efficiency of future major aeronautical research efforts at NASA. The simulation-to-flight concept is achieved by using common software and hardware, procedures, and processes for both piloted-simulation and flight testing. This concept was applied to the design and development of two full-size transport simulators, a research system installed on a NASA B-757 airplane, and two supporting laboratories. This paper describes the software system that supports the simulation-to-flight facilities. Examples of various simulation-to-flight experimental applications were also provided.
The SWEPP Gamma-Ray Spectrometer (SGRS) System has been developed by the Radiation Measurement and Development Unit of the Idaho National Engineering Laboratory to assist in the characterization of the radiological contents of contact-handled waste containers at the Stored Waste Examination Pilot Plant (SWEPP). In addition to determining the concentrations of gamma-ray-emitting radionuclides, the software also calculates attenuation-corrected isotopic mass ratios of specific interest, and provides controls for SGRS hardware as required. This document serves as a user's guide for the data acquisition and analysis software associated with the SGRS system
Slominski, Christopher J.; Parks, Mark A.; Debure, Kelly R.; Heaphy, William J.
The software created for the Control Display Units (CDUs), used for the Advanced Transport Operating Systems (ATOPS) project, on the Transport Systems Research Vehicle (TSRV) is described. Module descriptions are presented in a standardized format which contains module purpose, calling sequence, a detailed description, and global references. The global reference section includes subroutines, functions, and common variables referenced by a particular module. The CDUs, one for the pilot and one for the copilot, are used for flight management purposes. Operations performed with the CDU affects the aircraft's guidance, navigation, and display software.
Schallom, Lynn; Thimmesch, Amanda R; Pierce, Janet D
Systems biology applies advances in technology and new fields of study including genomics, transcriptomics, proteomics, and metabolomics to the development of new treatments and approaches of care for the critically ill and injured patient. An understanding of systems biology enhances a nurse's ability to implement evidence-based practice and to educate patients and families on novel testing and therapies. Systems biology is an integrated and holistic view of humans in relationship with the environment. Biomarkers are used to measure the presence and severity of disease and are rapidly expanding in systems biology endeavors. A systems biology approach using predictive, preventive, and participatory involvement is being utilized in a plethora of conditions of critical illness and injury including sepsis, cancer, pulmonary disease, and traumatic injuries.
Madzimbamuto, F D; Chiware, R
To audit the recently established Critical Incident Reporting System in the Department of Anaesthesia and Critical Care Medicine, University of Zimbabwe Medical School. The system was set up with the purpose of improving the quality of care delivered by the department. Cross sectional study. A critical incident was defined as 'any adverse and reversible event in theatre, during or immediately after surgery that if it persisted without correction would cause harm to the patient'. The anaesthetic or recovery room staff filled a critical incident form anonymously. Data was collected from critical incident reporting forms for analysis. The anaesthetic service in the two teaching hospitals of Harare Central and Parirenyatwa General Hospitals. Between May and October 2000, 62 completed critical incident forms were collected. The nature of the incident and the monitoring used were recorded, the cause was classified as human, equipment or monitoring failure and the outcome for each patient reported. There was no formal system for reminding staff to fill in their critical incident forms. A total of 14,165 operations were performed over the reporting period: 62 critical incident forms were collected, reporting 130 incidents, giving a rate of 0.92% (130/14,165). Of these, 42 patients were emergencies and 20 elective. The incidents were hypotension, hypoxia, bradycardia, ECG changes, aspiration, laryngospasm, high spinal, and cardiac arrest. Monitoring present on patients who had critical incidents was: capnography 57%, oxymetry 90% and ECG 100%. Other monitors are not reported. Human error contributed in 32/62 of patients and equipment failure in 31/62 of patients. Patient outcome showed 15% died, 23% were unplanned admissions to HDU while 62% were discharged to the ward with little or no adverse outcome. Despite some under reporting, the critical incident rate was within the range reported in the literature. Supervision of juniors is not adequate, especially on call. The
Hinchey, Michael G. (Inventor); Rash, James L. (Inventor); Pena, Joaquin (Inventor)
Systems, methods and apparatus are provided through which an evolutionary system is managed and viewed as a software product line. In some embodiments, the core architecture is a relatively unchanging part of the system, and each version of the system is viewed as a product from the product line. Each software product is generated from the core architecture with some agent-based additions. The result may be a multi-agent system software product line.
Yanet Brito R.
Full Text Available The evaluation of software products will reach full maturity when executed by the scheme and provides third party certification. For the validity of the certification, the independent laboratory must be accredited for that function, using internationally recognized standards. This brings with it a challenge for the Industrial Laboratory Testing Software (LIPS, responsible for testing the products developed in Cuban Software Industry, define strategies that will permit it to offer services with a high level of quality. Therefore it is necessary to establish a system of quality management according to NC-ISO/IEC 17025: 2006 to continuously improve the operational capacity and technical competence of the laboratory, with a view to future accreditation of tests performed. This article discusses the process defined in the LIPS for the implementation of a Management System of Quality, from the current standards and trends, as a necessary step to opt for the accreditation of the tests performed.
Full Text Available One of the basis of a series of standards JUS ISO 9000 is quality system documentation. An architecture of the quality system documentation depends on the complexity of business system. An establishment of an efficient management documentation of system of quality is of a great importance for the business system, as well as in the phase of introducing the quality system and in further stages of its improvement. The study describes the architecture and capability of software solutions to support and manage the quality system documentation in accordance with the requirements of standards ISO 9001:2001, ISO 14001:2005 HACCP etc.
Sczyrba, Alexander; Hofmann, Peter; Belmann, Peter; Koslicki, David; Janssen, Stefan; Dröge, Johannes; Gregor, Ivan; Majda, Stephan; Fiedler, Jessika; Dahms, Eik; Bremges, Andreas; Fritz, Adrian; Garrido-Oter, Ruben; Jørgensen, Tue Sparholt; Shapiro, Nicole; Blood, Philip D.; Gurevich, Alexey; Bai, Yang; Turaev, Dmitrij; DeMaere, Matthew Z.; Chikhi, Rayan; Nagarajan, Niranjan; Quince, Christopher; Meyer, Fernando; Balvočiūtė, Monika; Hansen, Lars Hestbjerg; Sørensen, Søren J.; Chia, Burton K. H.; Denis, Bertrand; Froula, Jeff L.; Wang, Zhong; Egan, Robert; Kang, Dongwan Don; Cook, Jeffrey J.; Deltel, Charles; Beckstette, Michael; Lemaitre, Claire; Peterlongo, Pierre; Rizk, Guillaume; Lavenier, Dominique; Wu, Yu-Wei; Singer, Steven W.; Jain, Chirag; Strous, Marc; Klingenberg, Heiner; Meinicke, Peter; Barton, Michael; Lingner, Thomas; Lin, Hsin-Hung; Liao, Yu-Chieh; Silva, Genivaldo Gueiros Z.; Cuevas, Daniel A.; Edwards, Robert A.; Saha, Surya; Piro, Vitor C.; Renard, Bernhard Y.; Pop, Mihai; Klenk, Hans-Peter; Göker, Markus; Kyrpides, Nikos C.; Woyke, Tanja; Vorholt, Julia A.; Schulze-Lefert, Paul; Rubin, Edward M.; Darling, Aaron E.; Rattei, Thomas; McHardy, Alice C.
In metagenome analysis, computational methods for assembly, taxonomic profiling and binning are key components facilitating downstream biological data interpretation. However, a lack of consensus about benchmarking datasets and evaluation metrics complicates proper performance assessment. The Critical Assessment of Metagenome Interpretation (CAMI) challenge has engaged the global developer community to benchmark their programs on datasets of unprecedented complexity and realism. Benchmark metagenomes were generated from ~700 newly sequenced microorganisms and ~600 novel viruses and plasmids, including genomes with varying degrees of relatedness to each other and to publicly available ones and representing common experimental setups. Across all datasets, assembly and genome binning programs performed well for species represented by individual genomes, while performance was substantially affected by the presence of related strains. Taxonomic profiling and binning programs were proficient at high taxonomic ranks, with a notable performance decrease below the family level. Parameter settings substantially impacted performances, underscoring the importance of program reproducibility. While highlighting current challenges in computational metagenomics, the CAMI results provide a roadmap for software selection to answer specific research questions. PMID:28967888
Haapanen, P.; Helminen, A.
Failure mode and effects analysis (FMEA) is one of the well-known analysis methods having an established position in the traditional reliability analysis. The purpose of FMEA is to identify possible failure modes of the system components, evaluate their influences on system behaviour and propose proper countermeasures to suppress these effects. The generic nature of FMEA has enabled its wide use in various branches of industry reaching from business management to the design of spaceships. The popularity and diverse use of the analysis method has led to multiple interpretations, practices and standards presenting the same analysis method. FMEA is well understood at the systems and hardware levels, where the potential failure modes usually are known and the task is to analyse their effects on system behaviour. Nowadays, more and more system functions are realised on software level, which has aroused the urge to apply the FMEA methodology also on software based systems. Software failure modes generally are unknown - 'software modules do not fail, they only display incorrect behaviour' - and depend on dynamic behaviour of the application. These facts set special requirements on the FMEA of software based systems and make it difficult to realise. In this report the failure mode and effects analysis is studied for the use of reliability analysis of software-based systems. More precisely, the target system of FMEA is defined to be a safety-critical software-based automation application in a nuclear power plant, implemented on an industrial automation system platform. Through a literature study the report tries to clarify the intriguing questions related to the practical use of software failure mode and effects analysis. The study is a part of the research project 'Programmable Automation System Safety Integrity assessment (PASSI)', belonging to the Finnish Nuclear Safety Research Programme (FINNUS, 1999-2002). In the project various safety assessment methods and tools for
Zhao Shujun; Li Suxiao; Wang Jing
The software system of γ-camera adopts visualizing and interactive human-computer interface, collecting and displaying the data of patients in real time. Through a series of dealing with the collected data then it put out the medical record in Chinese. This system also can retrieve and backup the data of patients. Besides, it can assist the doctor to diagnose the illness by applying the clinical quantitative analysis function of the system. (authors)
The National Spherical Torus Experiment (NSTX) currently uses a collection of analog signal processing solutions for coil protection. Part of the NSTX Upgrade (NSTX-U) entails replacing these analog systems with a software solution running on a conventional computing platform. The new Digital Coil Protection System (DCPS) will replace the old systems entirely, while also providing an extensible framework that allows adding new functionality as desired.
The Control system of the Saclay Linear Accelerator is based upon modern technology hardware. In the graphic software, pictures are created in exactly the same manner for all the graphic devices supported by the system. The informations used to draw a picture are stored in an array called a graphic segment. Three output primitives are used to add graphic material in a segment. Three coordinate systems are defined