WorldWideScience

Sample records for safety critical software

  1. Software reliability for safety-critical applications

    International Nuclear Information System (INIS)

    Everett, B.; Musa, J.

    1994-01-01

    In this talk, the authors address the question open-quotes Can Software Reliability Engineering measurement and modeling techniques be applied to safety-critical applications?close quotes Quantitative techniques have long been applied in engineering hardware components of safety-critical applications. The authors have seen a growing acceptance and use of quantitative techniques in engineering software systems but a continuing reluctance in using such techniques in safety-critical applications. The general case posed against using quantitative techniques for software components runs along the following lines: safety-critical applications should be engineered such that catastrophic failures occur less frequently than one in a billion hours of operation; current software measurement/modeling techniques rely on using failure history data collected during testing; one would have to accumulate over a billion operational hours to verify failure rate objectives of about one per billion hours

  2. A study of software safety analysis system for safety-critical software

    International Nuclear Information System (INIS)

    Chang, H. S.; Shin, H. K.; Chang, Y. W.; Jung, J. C.; Kim, J. H.; Han, H. H.; Son, H. S.

    2004-01-01

    The core factors and requirements for the safety-critical software traced and the methodology adopted in each stage of software life cycle are presented. In concept phase, Failure Modes and Effects Analysis (FMEA) for the system has been performed. The feasibility evaluation of selected safety parameter was performed and Preliminary Hazards Analysis list was prepared using HAZOP(Hazard and Operability) technique. And the check list for management control has been produced via walk-through technique. Based on the evaluation of the check list, activities to be performed in requirement phase have been determined. In the design phase, hazard analysis has been performed to check the safety capability of the system with regard to safety software algorithm using Fault Tree Analysis (FTA). In the test phase, the test items based on FMEA have been checked for fitness guided by an accident scenario. The pressurizer low pressure trip algorithm has been selected to apply FTA method to software safety analysis as a sample. By applying CASE tool, the requirements traceability of safety critical system has been enhanced during all of software life cycle phases

  3. A software engineering process for safety-critical software application

    International Nuclear Information System (INIS)

    Kang, Byung Heon; Kim, Hang Bae; Chang, Hoon Seon; Jeon, Jong Sun

    1995-01-01

    Application of computer software to safety-critical systems in on the increase. To be successful, the software must be designed and constructed to meet the functional and performance requirements of the system. For safety reason, the software must be demonstrated not only to meet these requirements, but also to operate safely as a component within the system. For longer-term cost consideration, the software must be designed and structured to ease future maintenance and modifications. This paper presents a software engineering process for the production of safety-critical software for a nuclear power plant. The presentation is expository in nature of a viable high quality safety-critical software development. It is based on the ideas of a rational design process and on the experience of the adaptation of such process in the production of the safety-critical software for the shutdown system number two of Wolsung 2, 3 and 4 nuclear power generation plants. This process is significantly different from a conventional process in terms of rigorous software development phases and software design techniques, The process covers documentation, design, verification and testing using mathematically precise notations and highly reviewable tabular format to specify software requirements and software requirements and software requirements and code against software design using static analysis. The software engineering process described in this paper applies the principle of information-hiding decomposition in software design using a modular design technique so that when a change is required or an error is detected, the affected scope can be readily and confidently located. it also facilitates a sense of high degree of confidence in the 'correctness' of the software production, and provides a relatively simple and straightforward code implementation effort. 1 figs., 10 refs. (Author)

  4. Traceability of Software Safety Requirements in Legacy Safety Critical Systems

    Science.gov (United States)

    Hill, Janice L.

    2007-01-01

    How can traceability of software safety requirements be created for legacy safety critical systems? Requirements in safety standards are imposed most times during contract negotiations. On the other hand, there are instances where safety standards are levied on legacy safety critical systems, some of which may be considered for reuse for new applications. Safety standards often specify that software development documentation include process-oriented and technical safety requirements, and also require that system and software safety analyses are performed supporting technical safety requirements implementation. So what can be done if the requisite documents for establishing and maintaining safety requirements traceability are not available?

  5. Test process for the safety-critical embedded software

    International Nuclear Information System (INIS)

    Sung, Ahyoung; Choi, Byoungju; Lee, Jangsoo

    2004-01-01

    Digitalization of nuclear Instrumentation and Control (I and C) system requires high reliability of not only hardware but also software. Verification and Validation (V and V) process is recommended for software reliability. But a more quantitative method is necessary such as software testing. Most of software in the nuclear I and C system is safety-critical embedded software. Safety-critical embedded software is specified, verified and developed according to V and V process. Hence two types of software testing techniques are necessary for the developed code. First, code-based software testing is required to examine the developed code. Second, after code-based software testing, software testing affected by hardware is required to reveal the interaction fault that may cause unexpected results. We call the testing of hardware's influence on software, an interaction testing. In case of safety-critical embedded software, it is also important to consider the interaction between hardware and software. Even if no faults are detected when testing either hardware or software alone, combining these components may lead to unexpected results due to the interaction. In this paper, we propose a software test process that embraces test levels, test techniques, required test tasks and documents for safety-critical embedded software. We apply the proposed test process to safety-critical embedded software as a case study, and show the effectiveness of it. (author)

  6. Possibilities and Limitations of Applying Software Reliability Growth Models to Safety- Critical Software

    International Nuclear Information System (INIS)

    Kim, Man Cheol; Jang, Seung Cheol; Ha, Jae Joo

    2006-01-01

    As digital systems are gradually introduced to nuclear power plants (NPPs), the need of quantitatively analyzing the reliability of the digital systems is also increasing. Kang and Sung identified (1) software reliability, (2) common-cause failures (CCFs), and (3) fault coverage as the three most critical factors in the reliability analysis of digital systems. For the estimation of the safety-critical software (the software that is used in safety-critical digital systems), the use of Bayesian Belief Networks (BBNs) seems to be most widely used. The use of BBNs in reliability estimation of safety-critical software is basically a process of indirectly assigning a reliability based on various observed information and experts' opinions. When software testing results or software failure histories are available, we can use a process of directly estimating the reliability of the software using various software reliability growth models such as Jelinski- Moranda model and Goel-Okumoto's nonhomogeneous Poisson process (NHPP) model. Even though it is generally known that software reliability growth models cannot be applied to safety-critical software due to small number of expected failure data from the testing of safety-critical software, we try to find possibilities and corresponding limitations of applying software reliability growth models to safety critical software

  7. Software quality assurance plans for safety-critical software

    International Nuclear Information System (INIS)

    Liddle, P.

    2006-01-01

    Application software is defined as safety-critical if a fault in the software could prevent the system components from performing their nuclear-safety functions. Therefore, for nuclear-safety systems, the AREVA TELEPERM R XS (TXS) system is classified 1E, as defined in the Inst. of Electrical and Electronics Engineers (IEEE) Std 603-1998. The application software is classified as Software Integrity Level (SIL)-4, as defined in IEEE Std 7-4.3.2-2003. The AREVA NP Inc. Software Program Manual (SPM) describes the measures taken to ensure that the TELEPERM XS application software attains a level of quality commensurate with its importance to safety. The manual also describes how TELEPERM XS correctly performs the required safety functions and conforms to established technical and documentation requirements, conventions, rules, and standards. The program manual covers the requirements definition, detailed design, integration, and test phases for the TELEPERM XS application software, and supporting software created by AREVA NP Inc. The SPM is required for all safety-related TELEPERM XS system applications. The program comprises several basic plans and practices: 1. A Software Quality-Assurance Plan (SQAP) that describes the processes necessary to ensure that the software attains a level of quality commensurate with its importance to safety function. 2. A Software Safety Plan (SSP) that identifies the process to reasonably ensure that safety-critical software performs as intended during all abnormal conditions and events, and does not introduce any new hazards that could jeopardize the health and safety of the public. 3. A Software Verification and Validation (V and V) Plan that describes the method of ensuring the software is in accordance with the requirements. 4. A Software Configuration Management Plan (SCMP) that describes the method of maintaining the software in an identifiable state at all times. 5. A Software Operations and Maintenance Plan (SO and MP) that

  8. A Methodological Framework for Software Safety in Safety Critical Computer Systems

    OpenAIRE

    P. V. Srinivas Acharyulu; P. Seetharamaiah

    2012-01-01

    Software safety must deal with the principles of safety management, safety engineering and software engineering for developing safety-critical computer systems, with the target of making the system safe, risk-free and fail-safe in addition to provide a clarified differentaition for assessing and evaluating the risk, with the principles of software risk management. Problem statement: Prevailing software quality models, standards were not subsisting in adequately addressing the software safety ...

  9. Validation testing of safety-critical software

    International Nuclear Information System (INIS)

    Kim, Hang Bae; Han, Jae Bok

    1995-01-01

    A software engineering process has been developed for the design of safety critical software for Wolsung 2/3/4 project to satisfy the requirements of the regulatory body. Among the process, this paper described the detail process of validation testing performed to ensure that the software with its hardware, developed by the design group, satisfies the requirements of the functional specification prepared by the independent functional group. To perform the tests, test facility and test software were developed and actual safety system computer was connected. Three kinds of test cases, i.e., functional test, performance test and self-check test, were programmed and run to verify each functional specifications. Test failures were feedback to the design group to revise the software and test results were analyzed and documented in the report to submit to the regulatory body. The test methodology and procedure were very efficient and satisfactory to perform the systematic and automatic test. The test results were also acceptable and successful to verify the software acts as specified in the program functional specification. This methodology can be applied to the validation of other safety-critical software. 2 figs., 2 tabs., 14 refs. (Author)

  10. Possibilities and limitations of applying software reliability growth models to safety-critical software

    International Nuclear Information System (INIS)

    Kim, Man Cheol; Jang, Seung Cheol; Ha, Jae Joo

    2007-01-01

    It is generally known that software reliability growth models such as the Jelinski-Moranda model and the Goel-Okumoto's Non-Homogeneous Poisson Process (NHPP) model cannot be applied to safety-critical software due to a lack of software failure data. In this paper, by applying two of the most widely known software reliability growth models to sample software failure data, we demonstrate the possibility of using the software reliability growth models to prove the high reliability of safety-critical software. The high sensitivity of a piece of software's reliability to software failure data, as well as a lack of sufficient software failure data, is also identified as a possible limitation when applying the software reliability growth models to safety-critical software

  11. Software Safety Risk in Legacy Safety-Critical Computer Systems

    Science.gov (United States)

    Hill, Janice L.; Baggs, Rhoda

    2007-01-01

    Safety Standards contain technical and process-oriented safety requirements. Technical requirements are those such as "must work" and "must not work" functions in the system. Process-Oriented requirements are software engineering and safety management process requirements. Address the system perspective and some cover just software in the system > NASA-STD-8719.13B Software Safety Standard is the current standard of interest. NASA programs/projects will have their own set of safety requirements derived from the standard. Safety Cases: a) Documented demonstration that a system complies with the specified safety requirements. b) Evidence is gathered on the integrity of the system and put forward as an argued case. [Gardener (ed.)] c) Problems occur when trying to meet safety standards, and thus make retrospective safety cases, in legacy safety-critical computer systems.

  12. Quantitative reliability assessment for safety critical system software

    International Nuclear Information System (INIS)

    Chung, Dae Won; Kwon, Soon Man

    2005-01-01

    An essential issue in the replacement of the old analogue I and C to computer-based digital systems in nuclear power plants is the quantitative software reliability assessment. Software reliability models have been successfully applied to many industrial applications, but have the unfortunate drawback of requiring data from which one can formulate a model. Software which is developed for safety critical applications is frequently unable to produce such data for at least two reasons. First, the software is frequently one-of-a-kind, and second, it rarely fails. Safety critical software is normally expected to pass every unit test producing precious little failure data. The basic premise of the rare events approach is that well-tested software does not fail under normal routine and input signals, which means that failures must be triggered by unusual input data and computer states. The failure data found under the reasonable testing cases and testing time for these conditions should be considered for the quantitative reliability assessment. We will present the quantitative reliability assessment methodology of safety critical software for rare failure cases in this paper

  13. Safety Justification and Safety Case for Safety-critical Software in Digital Reactor Protection System

    International Nuclear Information System (INIS)

    Kwon, Kee-Choon; Lee, Jang-Soo; Jee, Eunkyoung

    2016-01-01

    Nuclear safety-critical software is under strict regulatory requirements and these regulatory requirements are essential for ensuring the safety of nuclear power plants. The verification & validation (V and V) and hazard analysis of the safety-critical software are required to follow regulatory requirements through the entire software life cycle. In order to obtain a license from the regulatory body through the development and validation of safety-critical software, it is essential to meet the standards which are required by the regulatory body throughout the software development process. Generally, large amounts of documents, which demonstrate safety justification including standard compliance, V and V, hazard analysis, and vulnerability assessment activities, are submitted to the regulatory body during the licensing process. It is not easy to accurately read and evaluate the whole documentation for the development activities, implementation technology, and validation activities. The safety case methodology has been kwon a promising approach to evaluate the level and depth of the development and validation results. A safety case is a structured argument, supported by a body of evidence that provides a compelling, comprehensible, and valid case that a system is safe for a given application in a given operating environment. It is suggested to evaluate the level and depth of the results of development and validation by applying safety case methodology to achieve software safety demonstration. A lot of documents provided as evidence are connected to claim that corresponds to the topic for safety demonstration. We demonstrated a case study in which more systematic safety demonstration for the target system software is performed via safety case construction than simply listing the documents

  14. Safety Justification and Safety Case for Safety-critical Software in Digital Reactor Protection System

    Energy Technology Data Exchange (ETDEWEB)

    Kwon, Kee-Choon; Lee, Jang-Soo [Korea Atomic Energy Research Institute, Daejeon (Korea, Republic of); Jee, Eunkyoung [KAIST, Daejeon (Korea, Republic of)

    2016-10-15

    Nuclear safety-critical software is under strict regulatory requirements and these regulatory requirements are essential for ensuring the safety of nuclear power plants. The verification & validation (V and V) and hazard analysis of the safety-critical software are required to follow regulatory requirements through the entire software life cycle. In order to obtain a license from the regulatory body through the development and validation of safety-critical software, it is essential to meet the standards which are required by the regulatory body throughout the software development process. Generally, large amounts of documents, which demonstrate safety justification including standard compliance, V and V, hazard analysis, and vulnerability assessment activities, are submitted to the regulatory body during the licensing process. It is not easy to accurately read and evaluate the whole documentation for the development activities, implementation technology, and validation activities. The safety case methodology has been kwon a promising approach to evaluate the level and depth of the development and validation results. A safety case is a structured argument, supported by a body of evidence that provides a compelling, comprehensible, and valid case that a system is safe for a given application in a given operating environment. It is suggested to evaluate the level and depth of the results of development and validation by applying safety case methodology to achieve software safety demonstration. A lot of documents provided as evidence are connected to claim that corresponds to the topic for safety demonstration. We demonstrated a case study in which more systematic safety demonstration for the target system software is performed via safety case construction than simply listing the documents.

  15. Method of V ampersand V for safety-critical software in NPPs

    International Nuclear Information System (INIS)

    Kim, Jang-Yeol; Lee, Jang-Soo; Kwon, Kee-Choon

    1997-01-01

    Safety-critical software is software used in systems in which a failure could affect personal or equipment safety or result in large financial or social loss. Examples of systems using safety-critical software are systems such as plant protection systems in nuclear power plants (NPPs), process control systems in chemical plants, and medical instruments such as the Therac-25 medical accelerator. This paper presents verification and validation (V ampersand V) methodology for safety-critical software in NPP safety systems. In addition, it addresses issues related to NPP safety systems, such as independence parameters, software safety analysis (SSA) concepts, commercial off-the-shelf (COTS) software evaluation criteria, and interrelationships among software and system assurance organizations. It includes the concepts of existing industrial standards on software V ampersand V, Institute of Electrical and Electronics Engineers (IEEE) Standards 1012 and 1059. This safety-critical software V ampersand V methodology covers V ampersand V scope, a regulatory framework as part of its acceptance criteria, V ampersand V activities and task entrance and exit criteria, reviews and audits, testing and quality assurance records of V ampersand V material, configuration management activities related to V ampersand V, and software V ampersand V (SVV) plan (SVVP) production

  16. Developing software for safety-critical applications

    International Nuclear Information System (INIS)

    Chudleigh, M.

    1989-01-01

    The effective implementation of many safety-critical systems involves microprocessors running software which needs to be of very high integrity. This article describes some of the problems of producing such software and the place of software within the total system. A development strategy is proposed based on three principles: the goal of defect-free development, the use of mathematical formalism, and the use of an independent team for testing. (author)

  17. Analyzing Software Requirements Errors in Safety-Critical, Embedded Systems

    Science.gov (United States)

    Lutz, Robyn R.

    1993-01-01

    This paper analyzes the root causes of safety-related software errors in safety-critical, embedded systems. The results show that software errors identified as potentially hazardous to the system tend to be produced by different error mechanisms than non- safety-related software errors. Safety-related software errors are shown to arise most commonly from (1) discrepancies between the documented requirements specifications and the requirements needed for correct functioning of the system and (2) misunderstandings of the software's interface with the rest of the system. The paper uses these results to identify methods by which requirements errors can be prevented. The goal is to reduce safety-related software errors and to enhance the safety of complex, embedded systems.

  18. Product Engineering Class in the Software Safety Risk Taxonomy for Building Safety-Critical Systems

    Science.gov (United States)

    Hill, Janice; Victor, Daniel

    2008-01-01

    When software safety requirements are imposed on legacy safety-critical systems, retrospective safety cases need to be formulated as part of recertifying the systems for further use and risks must be documented and managed to give confidence for reusing the systems. The SEJ Software Development Risk Taxonomy [4] focuses on general software development issues. It does not, however, cover all the safety risks. The Software Safety Risk Taxonomy [8] was developed which provides a construct for eliciting and categorizing software safety risks in a straightforward manner. In this paper, we present extended work on the taxonomy for safety that incorporates the additional issues inherent in the development and maintenance of safety-critical systems with software. An instrument called a Software Safety Risk Taxonomy Based Questionnaire (TBQ) is generated containing questions addressing each safety attribute in the Software Safety Risk Taxonomy. Software safety risks are surfaced using the new TBQ and then analyzed. In this paper we give the definitions for the specialized Product Engineering Class within the Software Safety Risk Taxonomy. At the end of the paper, we present the tool known as the 'Legacy Systems Risk Database Tool' that is used to collect and analyze the data required to show traceability to a particular safety standard

  19. Recommendations relating to safety-critical real-time software in nuclear power plants

    International Nuclear Information System (INIS)

    1992-01-01

    The Advisory Committee on Nuclear Safety (ACNS) has reviewed safety issues associated with the software for the digital computers in the safety shutdown systems for the Darlington NGS. From this review the ACNS has developed four recommendations for safety-critical real-time software in nuclear power plants. These recommendations cover: the completion of the present efforts to develop an overall standard and sub-tier standards for safety-critical real-time software; the preparation of schedules and lists of responsibilities for this development; the concentration of AECB efforts on ensuring the scrutability of safety-critical real-time software; and, the collection of data on reliability and causes of failure (error) of safety-critical real-time software systems and on the probability and causes of common-mode failures (errors). (9 refs.)

  20. Software for safety critical applications

    International Nuclear Information System (INIS)

    Kropik, M.; Matejka, K.; Jurickova, M.; Chudy, R.

    2001-01-01

    The contribution gives an overview of the project of the software development for safety critical applications. This project has been carried out since 1997. The principal goal of the project was to establish a research laboratory for the development of the software with the highest requirements for quality and reliability. This laboratory was established at the department, equipped with proper hardware and software to support software development. A research team of predominantly young researchers for software development was created. The activities of the research team started with studying and proposing the software development methodology. In addition, this methodology was applied to the real software development. The verification and validation process followed the software development. The validation system for the integrated hardware and software tests was brought into being and its control software was developed. The quality of the software tools was also observed, and the SOSAT tool was used during these activities. National and international contacts were established and maintained during the project solution.(author)

  1. A study on quantitative V and V of safety-critical software

    International Nuclear Information System (INIS)

    Eom, H. S.; Kang, H. G.; Chang, S. C.; Ha, J. J.; Son, H. S.

    2004-03-01

    Recently practical needs have required quantitative features for the software reliability for Probabilistic Safety Assessment which is one of the important methods being used in assessing the overall safety of nuclear power plant. But the conventional assessment methods of software reliability could not provide enough information for PSA of NPP, therefore current assessments of a digital system which includes safety-critical software usually exclude the software part or use arbitrary values. This paper describes a Bayesian Belief Networks based method that models the rule-based qualitative software assessment method for a practical use and can produce quantitative results for PSA. The framework was constructed by utilizing BBN that can combine the qualitative and quantitative evidence relevant to the reliability of safety-critical software and can infer a conclusion in a formal and a quantitative way. The case study was performed by applying the method for assessing the quality of software requirement specification of safety-critical software that will be embedded in reactor protection system

  2. The Qualification Experiences for Safety-critical Software of POSAFE-Q

    Energy Technology Data Exchange (ETDEWEB)

    Kim, Jang Yeol; Son, Kwang Seop; Cheon, Se Woo; Lee, Jang Soo; Kwon, Kee Choon [Korea Atomic Energy Research Institute, Daejeon (Korea, Republic of)

    2009-05-15

    Programmable Logic Controllers (PLC) have been applied to the Reactor Protection System (RPS) and the Engineered Safety Feature (ESF)-Component Control System (CCS) as the major safety system components of nuclear power plants. This paper describes experiences on the qualification of the safety-critical software including the pCOS kernel and system tasks related to a safety-grade PLC, i.e. the works done for the Software Verification and Validation, Software Safety Analysis, Software Quality Assurance, and Software Configuration Management etc.

  3. Qualification of safety-critical software for digital reactor safety system in nuclear power plants

    International Nuclear Information System (INIS)

    Kwon, Kee-Choon; Park, Gee-Yong; Kim, Jang-Yeol; Lee, Jang-Soo

    2013-01-01

    This paper describes the software qualification activities for the safety-critical software of the digital reactor safety system in nuclear power plants. The main activities of the software qualification processes are the preparation of software planning documentations, verification and validation (V and V) of the software requirements specifications (SRS), software design specifications (SDS) and codes, and the testing of the integrated software and integrated system. Moreover, the software safety analysis and software configuration management are involved in the software qualification processes. The V and V procedure for SRS and SDS contains a technical evaluation, licensing suitability evaluation, inspection and traceability analysis, formal verification, software safety analysis, and an evaluation of the software configuration management. The V and V processes for the code are a traceability analysis, source code inspection, test case and test procedure generation. Testing is the major V and V activity of the software integration and system integration phases. The software safety analysis employs a hazard operability method and software fault tree analysis. The software configuration management in each software life cycle is performed by the use of a nuclear software configuration management tool. Through these activities, we can achieve the functionality, performance, reliability, and safety that are the major V and V objectives of the safety-critical software in nuclear power plants. (author)

  4. Verification of safety critical software

    International Nuclear Information System (INIS)

    Son, Ki Chang; Chun, Chong Son; Lee, Byeong Joo; Lee, Soon Sung; Lee, Byung Chai

    1996-01-01

    To assure quality of safety critical software, software should be developed in accordance with software development procedures and rigorous software verification and validation should be performed. Software verification is the formal act of reviewing, testing of checking, and documenting whether software components comply with the specified requirements for a particular stage of the development phase[1]. New software verification methodology was developed and was applied to the Shutdown System No. 1 and 2 (SDS1,2) for Wolsung 2,3 and 4 nuclear power plants by Korea Atomic Energy Research Institute(KAERI) and Atomic Energy of Canada Limited(AECL) in order to satisfy new regulation requirements of Atomic Energy Control Boars(AECB). Software verification methodology applied to SDS1 for Wolsung 2,3 and 4 project will be described in this paper. Some errors were found by this methodology during the software development for SDS1 and were corrected by software designer. Outputs from Wolsung 2,3 and 4 project have demonstrated that the use of this methodology results in a high quality, cost-effective product. 15 refs., 6 figs. (author)

  5. Software safety analysis techniques for developing safety critical software in the digital protection system of the LMR

    Energy Technology Data Exchange (ETDEWEB)

    Lee, Jang Soo; Cheon, Se Woo; Kim, Chang Hoi; Sim, Yun Sub

    2001-02-01

    This report has described the software safety analysis techniques and the engineering guidelines for developing safety critical software to identify the state of the art in this field and to give the software safety engineer a trail map between the code and standards layer and the design methodology and documents layer. We have surveyed the management aspects of software safety activities during the software lifecycle in order to improve the safety. After identifying the conventional safety analysis techniques for systems, we have surveyed in details the software safety analysis techniques, software FMEA(Failure Mode and Effects Analysis), software HAZOP(Hazard and Operability Analysis), and software FTA(Fault Tree Analysis). We have also surveyed the state of the art in the software reliability assessment techniques. The most important results from the reliability techniques are not the specific probability numbers generated, but the insights into the risk importance of software features. To defend against potential common-mode failures, high quality, defense-in-depth, and diversity are considered to be key elements in digital I and C system design. To minimize the possibility of CMFs and thus increase the plant reliability, we have provided D-in-D and D analysis guidelines.

  6. Software safety analysis techniques for developing safety critical software in the digital protection system of the LMR

    International Nuclear Information System (INIS)

    Lee, Jang Soo; Cheon, Se Woo; Kim, Chang Hoi; Sim, Yun Sub

    2001-02-01

    This report has described the software safety analysis techniques and the engineering guidelines for developing safety critical software to identify the state of the art in this field and to give the software safety engineer a trail map between the code and standards layer and the design methodology and documents layer. We have surveyed the management aspects of software safety activities during the software lifecycle in order to improve the safety. After identifying the conventional safety analysis techniques for systems, we have surveyed in details the software safety analysis techniques, software FMEA(Failure Mode and Effects Analysis), software HAZOP(Hazard and Operability Analysis), and software FTA(Fault Tree Analysis). We have also surveyed the state of the art in the software reliability assessment techniques. The most important results from the reliability techniques are not the specific probability numbers generated, but the insights into the risk importance of software features. To defend against potential common-mode failures, high quality, defense-in-depth, and diversity are considered to be key elements in digital I and C system design. To minimize the possibility of CMFs and thus increase the plant reliability, we have provided D-in-D and D analysis guidelines

  7. KAERI software safety guideline for developing safety-critical software in digital instrumentation and control system of nuclear power plant

    International Nuclear Information System (INIS)

    Lee, Jang Soo; Kim, Jang Yeol; Eum, Heung Seop.

    1997-07-01

    Recently, the safety planning for safety-critical software systems is being recognized as the most important phase in the software life cycle, and being developed new regulatory positions and standards by the regulatory and the standardization organization. The requirements for software important to safety of nuclear reactor are described in such positions and standards. Most of them are describing mandatory requirements, what shall be done, for the safety-critical software. The developers of such a software. However, there have been a lot of controversial factors on whether the work practices satisfy the regulatory requirements, and to justify the safety of such a system developed by the work practices, between the licenser and the licensee. We believe it is caused by the reason that there is a gap between the mandatory requirements (What) and the work practices (How). We have developed a guidance to fill such gap, which can be useful for both licenser and licensee to conduct a justification of the safety in the planning phase of developing the software for nuclear reactor protection systems. (author). 67 refs., 13 tabs., 2 figs

  8. KAERI software safety guideline for developing safety-critical software in digital instrumentation and control system of nuclear power plant

    Energy Technology Data Exchange (ETDEWEB)

    Lee, Jang Soo; Kim, Jang Yeol; Eum, Heung Seop

    1997-07-01

    Recently, the safety planning for safety-critical software systems is being recognized as the most important phase in the software life cycle, and being developed new regulatory positions and standards by the regulatory and the standardization organization. The requirements for software important to safety of nuclear reactor are described in such positions and standards. Most of them are describing mandatory requirements, what shall be done, for the safety-critical software. The developers of such a software. However, there have been a lot of controversial factors on whether the work practices satisfy the regulatory requirements, and to justify the safety of such a system developed by the work practices, between the licenser and the licensee. We believe it is caused by the reason that there is a gap between the mandatory requirements (What) and the work practices (How). We have developed a guidance to fill such gap, which can be useful for both licenser and licensee to conduct a justification of the safety in the planning phase of developing the software for nuclear reactor protection systems. (author). 67 refs., 13 tabs., 2 figs.

  9. Module Testing Techniques for Nuclear Safety Critical Software Using LDRA Testing Tool

    International Nuclear Information System (INIS)

    Moon, Kwon-Ki; Kim, Do-Yeon; Chang, Hoon-Seon; Chang, Young-Woo; Yun, Jae-Hee; Park, Jee-Duck; Kim, Jae-Hack

    2006-01-01

    The safety critical software in the I and C systems of nuclear power plants requires high functional integrity and reliability. To achieve those requirement goals, the safety critical software should be verified and tested according to related codes and standards through verification and validation (V and V) activities. The safety critical software testing is performed at various stages during the development of the software, and is generally classified as three major activities: module testing, system integration testing, and system validation testing. Module testing involves the evaluation of module level functions of hardware and software. System integration testing investigates the characteristics of a collection of modules and aims at establishing their correct interactions. System validation testing demonstrates that the complete system satisfies its functional requirements. In order to generate reliable software and reduce high maintenance cost, it is important that software testing is carried out at module level. Module testing for the nuclear safety critical software has rarely been performed by formal and proven testing tools because of its various constraints. LDRA testing tool is a widely used and proven tool set that provides powerful source code testing and analysis facilities for the V and V of general purpose software and safety critical software. Use of the tool set is indispensable where software is required to be reliable and as error-free as possible, and its use brings in substantial time and cost savings, and efficiency

  10. High level issues in reliability quantification of safety-critical software

    International Nuclear Information System (INIS)

    Kim, Man Cheol

    2012-01-01

    For the purpose of developing a consensus method for the reliability assessment of safety-critical digital instrumentation and control systems in nuclear power plants, several high level issues in reliability assessment of the safety-critical software based on Bayesian belief network modeling and statistical testing are discussed. Related to the Bayesian belief network modeling, the relation between the assessment approach and the sources of evidence, the relation between qualitative evidence and quantitative evidence, how to consider qualitative evidence, and the cause-consequence relation are discussed. Related to the statistical testing, the need of the consideration of context-specific software failure probabilities and the inability to perform a huge number of tests in the real world are discussed. The discussions in this paper are expected to provide a common basis for future discussions on the reliability assessment of safety-critical software. (author)

  11. Planning the Unplanned Experiment: Assessing the Efficacy of Standards for Safety Critical Software

    Science.gov (United States)

    Graydon, Patrick J.; Holloway, C. Michael

    2015-01-01

    We need well-founded means of determining whether software is t for use in safety-critical applications. While software in industries such as aviation has an excellent safety record, the fact that software aws have contributed to deaths illustrates the need for justi ably high con dence in software. It is often argued that software is t for safety-critical use because it conforms to a standard for software in safety-critical systems. But little is known about whether such standards `work.' Reliance upon a standard without knowing whether it works is an experiment; without collecting data to assess the standard, this experiment is unplanned. This paper reports on a workshop intended to explore how standards could practicably be assessed. Planning the Unplanned Experiment: Assessing the Ecacy of Standards for Safety Critical Software (AESSCS) was held on 13 May 2014 in conjunction with the European Dependable Computing Conference (EDCC). We summarize and elaborate on the workshop's discussion of the topic, including both the presented positions and the dialogue that ensued.

  12. The Dynamics of Agile Practices for Safety-Critical Software Development

    DEFF Research Database (Denmark)

    Nielsen, Peter Axel; Tordrup Heeager, Lise

    2017-01-01

    This short paper reports from a case study of the agile development of safety-critical software. It utilizes a framework of dynamic relationships between agile practices with the purpose of demonstrating the utility of the framework to understand a case in its context, and it shows significant...... dynamics. The study is concluded by pointing at which further research on the framework is required to use the framework in managing the agile development of safety-critical software....

  13. Formal model-based development for safety-critical embedded software

    International Nuclear Information System (INIS)

    Kim, Jin Hyun; Choi, Jin Young

    2005-01-01

    Safety-critical embedded software for nuclear I and C system is developed under the safety and reliability regulation. Programmable logic controller(PLC) is a computer system for instrumentation and control (I and C) system of nuclear power plants. PLC consists of various I and C logics in software, including real-time operating system (RTOS). Hence, errors related with RTOS should be detected and eliminated in development processes. Practically, the verification and validation for errors in RTOS is performed in test procedure, in which a lot of tasks for testing are embedded in RTOS and are running under a test environments. But the test process can not be enough to guarantee the safety and reliability of RTOS. Therefore, in this paper, we introduce to applying formal methods with the development of software for the PLC. We particularity apply formal methods to a development of RTOS for PLC, which is a safety critical level. In this development, we use the state charts of I-Logix to specify and verification and model checking to verify the specification

  14. Formal model-based development for safety-critical embedded software

    Energy Technology Data Exchange (ETDEWEB)

    Kim, Jin Hyun; Choi, Jin Young [Korea University, seoul (Korea, Republic of)

    2005-11-15

    Safety-critical embedded software for nuclear I and C system is developed under the safety and reliability regulation. Programmable logic controller(PLC) is a computer system for instrumentation and control (I and C) system of nuclear power plants. PLC consists of various I and C logics in software, including real-time operating system (RTOS). Hence, errors related with RTOS should be detected and eliminated in development processes. Practically, the verification and validation for errors in RTOS is performed in test procedure, in which a lot of tasks for testing are embedded in RTOS and are running under a test environments. But the test process can not be enough to guarantee the safety and reliability of RTOS. Therefore, in this paper, we introduce to applying formal methods with the development of software for the PLC. We particularity apply formal methods to a development of RTOS for PLC, which is a safety critical level. In this development, we use the state charts of I-Logix to specify and verification and model checking to verify the specification.

  15. Quantification of Safety-Critical Software Test Uncertainty

    International Nuclear Information System (INIS)

    Khalaquzzaman, M.; Cho, Jaehyun; Lee, Seung Jun; Jung, Wondea

    2015-01-01

    The method, conservatively assumes that the failure probability of a software for the untested inputs is 1, and the failure probability turns in 0 for successful testing of all test cases. However, in reality the chance of failure exists due to the test uncertainty. Some studies have been carried out to identify the test attributes that affect the test quality. Cao discussed the testing effort, testing coverage, and testing environment. Management of the test uncertainties was discussed in. In this study, the test uncertainty has been considered to estimate the software failure probability because the software testing process is considered to be inherently uncertain. A reliability estimation of software is very important for a probabilistic safety analysis of a digital safety critical system of NPPs. This study focused on the estimation of the probability of a software failure that considers the uncertainty in software testing. In our study, BBN has been employed as an example model for software test uncertainty quantification. Although it can be argued that the direct expert elicitation of test uncertainty is much simpler than BBN estimation, however the BBN approach provides more insights and a basis for uncertainty estimation

  16. Safety prediction for basic components of safety-critical software based on static testing

    International Nuclear Information System (INIS)

    Son, H.S.; Seong, P.H.

    2000-01-01

    The purpose of this work is to develop a safety prediction method, with which we can predict the risk of software components based on static testing results at the early development stage. The predictive model combines the major factor with the quality factor for the components, which are calculated based on the measures proposed in this work. The application to a safety-critical software system demonstrates the feasibility of the safety prediction method. (authors)

  17. KAERI software verification and validation guideline for developing safety-critical software in digital I and C system of NPP

    Energy Technology Data Exchange (ETDEWEB)

    Kim, Jang Yeol; Lee, Jang Soo; Eom, Heung Seop

    1997-07-01

    This technical report is to present V and V guideline development methodology for safety-critical software in NPP safety system. Therefore it is to present V and V guideline of planning phase for the NPP safety system in addition to critical safety items, for example, independence philosophy, software safety analysis concept, commercial off the shelf (COTS) software evaluation criteria, inter-relationships between other safety assurance organizations, including the concepts of existing industrial standard, IEEE Std-1012, IEEE Std-1059. This technical report includes scope of V and V guideline, guideline framework as part of acceptance criteria, V and V activities and task entrance as part of V and V activity and exit criteria, review and audit, testing and QA records of V and V material and configuration management, software verification and validation plan production etc., and safety-critical software V and V methodology. (author). 11 refs.

  18. KAERI software verification and validation guideline for developing safety-critical software in digital I and C system of NPP

    International Nuclear Information System (INIS)

    Kim, Jang Yeol; Lee, Jang Soo; Eom, Heung Seop.

    1997-07-01

    This technical report is to present V and V guideline development methodology for safety-critical software in NPP safety system. Therefore it is to present V and V guideline of planning phase for the NPP safety system in addition to critical safety items, for example, independence philosophy, software safety analysis concept, commercial off the shelf (COTS) software evaluation criteria, inter-relationships between other safety assurance organizations, including the concepts of existing industrial standard, IEEE Std-1012, IEEE Std-1059. This technical report includes scope of V and V guideline, guideline framework as part of acceptance criteria, V and V activities and task entrance as part of V and V activity and exit criteria, review and audit, testing and QA records of V and V material and configuration management, software verification and validation plan production etc., and safety-critical software V and V methodology. (author). 11 refs

  19. Safety prediction for basic components of safety critical software based on static testing

    International Nuclear Information System (INIS)

    Son, H.S.; Seong, P.H.

    2001-01-01

    The purpose of this work is to develop a safety prediction method, with which we can predict the risk of software components based on static testing results at the early development stage. The predictive model combines the major factor with the quality factor for the components, both of which are calculated based on the measures proposed in this work. The application to a safety-critical software system demonstrates the feasibility of the safety prediction method. (authors)

  20. Diversity requirements for safety critical software-based automation systems

    International Nuclear Information System (INIS)

    Korhonen, J.; Pulkkinen, U.; Haapanen, P.

    1998-03-01

    System vendors nowadays propose software-based systems even for the most critical safety functions in nuclear power plants. Due to the nature and mechanisms of influence of software faults new methods are needed for the safety and reliability evaluation of these systems. In the research project 'Programmable automation systems in nuclear power plants (OHA)' various safety assessment methods and tools for software based systems are developed and evaluated. This report first discusses the (common cause) failure mechanisms in software-based systems, then defines fault-tolerant system architectures to avoid common cause failures, then studies the various alternatives to apply diversity and their influence on system reliability. Finally, a method for the assessment of diversity is described. Other recently published reports in OHA-report series handles the statistical reliability assessment of software based (STUK-YTO-TR 119), usage models in reliability assessment of software-based systems (STUK-YTO-TR 128) and handling of programmable automation in plant PSA-studies (STUK-YTO-TR 129)

  1. CTMCONTROL: Addressing the MC/DC Objective for Safety-Critical Automotive Software

    OpenAIRE

    Mjeda , Anila; Hinchey , Mike

    2013-01-01

    International audience; We propose a method tailored to the requirements of safety-critical embedded automotive software, named CTMCONTROL. CTMCONTROL has a par-ticular focus on the specification-based control logic of the system under test and offers improvements in testing coverage metrics over a classic method which is routinely used in industry. The proposed method targets the Modified Condition/ Decision Coverage (MC/DC) objective for automotive safety-critical software. CTMCONTROL is va...

  2. Evaluation for nuclear safety-critical software reliability of DCS

    International Nuclear Information System (INIS)

    Liu Ying

    2015-01-01

    With the development of control and information technology at NPPs, software reliability is important because software failure is usually considered as one form of common cause failures in Digital I and C Systems (DCS). The reliability analysis of DCS, particularly qualitative and quantitative evaluation on the nuclear safety-critical software reliability belongs to a great challenge. To solve this problem, not only comprehensive evaluation model and stage evaluation models are built in this paper, but also prediction and sensibility analysis are given to the models. It can make besement for evaluating the reliability and safety of DCS. (author)

  3. Requirement analysis of the safety-critical software implementation for the nuclear power plant

    International Nuclear Information System (INIS)

    Chang, Hoon Seon; Jung, Jae Cheon; Kim, Jae Hack; Nam, Sang Ku; Kim, Hang Bae

    2005-01-01

    The safety critical software shall be implemented under the strict regulation and standards along with hardware qualification. In general, the safety critical software has been implemented using functional block language (FBL) and structured language like C in the real project. Software design shall comply with such characteristics as; modularity, simplicity, minimizing the use of sub-routine, and excluding the interrupt logic. To meet these prerequisites, we used the computer-aided software engineering (CASE) tool to substantiate the requirements traceability matrix that were manually developed using Word processors or Spreadsheets. And the coding standard and manual have been developed to confirm the quality of software development process, such as; readability, consistency, and maintainability in compliance with NUREG/CR-6463. System level preliminary hazard analysis (PHA) is performed by analyzing preliminary safety analysis report (PSAR) and FMEA document. The modularity concept is effectively implemented for the overall module configurations and functions using RTP software development tool. The response time imposed on the basis of the deterministic structure of the safety-critical software was measured

  4. Real-time software use in nuclear materials handling criticality safety control

    International Nuclear Information System (INIS)

    Huang, S.; Lappa, D.; Chiao, T.; Parrish, C.; Carlson, R.; Lewis, J.; Shikany, D.; Woo, H.

    1997-01-01

    This paper addresses the use of real-time software to assist handlers of fissionable nuclear material. We focus specifically on the issue of workstation mass limits, and the need for handlers to be aware of, and check against, those mass limits during material transfers. Here ''mass limits'' generally refer to criticality safety mass limits; however, in some instances, workstation mass limits for some materials may be governed by considerations other than criticality, e.g., fire or release consequence limitation. As a case study, we provide a simplified reliability comparison of the use of a manual two handler system with a software-assisted two handler system. We identify the interface points between software and handlers that are relevant to criticality safety

  5. Licensing safety critical software

    International Nuclear Information System (INIS)

    Archinoff, G.H.; Brown, R.A.

    1990-01-01

    Licensing difficulties with the shutdown system software at the Darlington Nuclear Generating Station contributed to delays in starting up the station. Even though the station has now been given approval by the Atomic Energy Control Board (AECB) to operate, the software issue has not disappeared - Ontario Hydro has been instructed by the AECB to redesign the software. This article attempts to explain why software based shutdown systems were chosen for Darlington, why there was so much difficulty licensing them, and what the implications are for other safety related software based applications

  6. V and V based Fault Estimation Method for Safety-Critical Software using BNs

    International Nuclear Information System (INIS)

    Eom, Heung Seop; Park, Gee Yong; Jang, Seung Cheol; Kang, Hyun Gook

    2011-01-01

    Quantitative software reliability measurement approaches have severe limitations in demonstrating the proper level of reliability for safety-critical software. These limitations can be overcome by using some other means of assessment. One of the promising candidates is based on the quality of the software development. Particularly in the nuclear industry, regulatory bodies in most countries do not accept the concept of quantitative goals as a sole means of meeting their regulations for the reliability of digital computers in NPPs, and use deterministic criteria for both hardware and software. The point of deterministic criteria is to assess the whole development process and its related activities during the software development life cycle for the acceptance of safety-critical software, and software V and V plays an important role in this process. In this light, we studied a V and V based fault estimation method using Bayesian Nets (BNs) to assess the reliability of safety-critical software, especially reactor protection system software in a NPP. The BNs in the study were made for an estimation of software faults and were based on the V and V frame, which governs the development of safety-critical software in the nuclear field. A case study was carried out for a reactor protection system that was developed as a part of the Korea Nuclear Instrumentation and Control System. The insight from the case study is that some important factors affecting the fault number of the target software include the residual faults in the system specification, maximum number of faults introduced in the development phase, ratio between process/function characteristic, uncertainty sizing, and fault elimination rate by inspection activities

  7. Estimation of Remained defects in a Safety-Critical Software using Bayesian Belief Network of Software Development Life Cycle

    International Nuclear Information System (INIS)

    Lee, Seung Jun; Jung, Wondea Jung

    2015-01-01

    Some researchers recognized Bayesian belief network (BBN) method to be a promising method of quantifying software reliability. Brookhaven National Laboratory (BNL) comprehensively reviewed various quantitative software reliability methods to identify the most promising methods for use in probabilistic safety assessments (PSAs) of digital systems of NPPs against a set of the most desirable characteristics developed therein. BBNs are recognized as a promising way of quantifying software reliability and are useful for integrating many aspects of software engineering and quality assurance. The method explicitly incorporates important factors relevant to reliability, such as the quality of the developer, the development process, problem complexity, testing effort, and the operation environment. In this work, a BBN model was developed to estimate the number of remained defects in a safety-critical software based on the quality evaluation of software development life cycle (SDLC). Even though a number of software reliability evaluation methods exist, none of them can be applicable to the safety-critical software in an NPP because software quality in terms of PDF is required for the PSA

  8. Fault tree synthesis for software design analysis of PLC based safety-critical systems

    International Nuclear Information System (INIS)

    Koo, S. R.; Cho, C. H.; Seong, P. H.

    2006-01-01

    As a software verification and validation should be performed for the development of PLC based safety-critical systems, a software safety analysis is also considered in line with entire software life cycle. In this paper, we propose a technique of software safety analysis in the design phase. Among various software hazard analysis techniques, fault tree analysis is most widely used for the safety analysis of nuclear power plant systems. Fault tree analysis also has the most intuitive notation and makes both qualitative and quantitative analyses possible. To analyze the design phase more effectively, we propose a technique of fault tree synthesis, along with a universal fault tree template for the architecture modules of nuclear software. Consequently, we can analyze the safety of software on the basis of fault tree synthesis. (authors)

  9. A Method to Select Test Input Cases for Safety-critical Software

    International Nuclear Information System (INIS)

    Kim, Heeeun; Kang, Hyungook; Son, Hanseong

    2013-01-01

    This paper proposes a new testing methodology for effective and realistic quantification of RPS software failure probability. Software failure probability quantification is important factor in digital system safety assessment. In this study, the method for software test case generation is briefly described. The test cases generated by this method reflect the characteristics of safety-critical software and past inputs. Furthermore, the number of test cases can be reduced, but it is possible to perform exhaustive test. Aspect of software also can be reflected as failure data, so the final failure data can include the failure of software itself and external influences. Software reliability is generally accepted as the key factor in software quality since it quantifies software failures which can make a powerful system inoperative. In the KNITS (Korea Nuclear Instrumentation and Control Systems) project, the software for the fully digitalized reactor protection system (RPS) was developed under a strict procedure including unit testing and coverage measurement. Black box testing is one type of Verification and validation (V and V), in which given input values are entered and the resulting output values are compared against the expected output values. Programmable logic controllers (PLCs) were used in implementing critical systems and function block diagram (FBD) is a commonly used implementation language for PLC

  10. Planning the Unplanned Experiment: Towards Assessing the Efficacy of Standards for Safety-Critical Software

    Science.gov (United States)

    Graydon, Patrick J.; Holloway, C. M.

    2015-01-01

    Safe use of software in safety-critical applications requires well-founded means of determining whether software is fit for such use. While software in industries such as aviation has a good safety record, little is known about whether standards for software in safety-critical applications 'work' (or even what that means). It is often (implicitly) argued that software is fit for safety-critical use because it conforms to an appropriate standard. Without knowing whether a standard works, such reliance is an experiment; without carefully collecting assessment data, that experiment is unplanned. To help plan the experiment, we organized a workshop to develop practical ideas for assessing software safety standards. In this paper, we relate and elaborate on the workshop discussion, which revealed subtle but important study design considerations and practical barriers to collecting appropriate historical data and recruiting appropriate experimental subjects. We discuss assessing standards as written and as applied, several candidate definitions for what it means for a standard to 'work,' and key assessment strategies and study techniques and the pros and cons of each. Finally, we conclude with thoughts about the kinds of research that will be required and how academia, industry, and regulators might collaborate to overcome the noted barriers.

  11. Reliability estimation of safety-critical software-based systems using Bayesian networks

    International Nuclear Information System (INIS)

    Helminen, A.

    2001-06-01

    Due to the nature of software faults and the way they cause system failures new methods are needed for the safety and reliability evaluation of software-based safety-critical automation systems in nuclear power plants. In the research project 'Programmable automation system safety integrity assessment (PASSI)', belonging to the Finnish Nuclear Safety Research Programme (FINNUS, 1999-2002), various safety assessment methods and tools for software based systems are developed and evaluated. The project is financed together by the Radiation and Nuclear Safety Authority (STUK), the Ministry of Trade and Industry (KTM) and the Technical Research Centre of Finland (VTT). In this report the applicability of Bayesian networks to the reliability estimation of software-based systems is studied. The applicability is evaluated by building Bayesian network models for the systems of interest and performing simulations for these models. In the simulations hypothetical evidence is used for defining the parameter relations and for determining the ability to compensate disparate evidence in the models. Based on the experiences from modelling and simulations we are able to conclude that Bayesian networks provide a good method for the reliability estimation of software-based systems. (orig.)

  12. Finite test sets development method for test execution of safety critical software

    International Nuclear Information System (INIS)

    Shin, Sung Min; Kim, Hee Eun; Kang, Hyun Gook; Lee, Sung Jiun

    2014-01-01

    The V and V method has been utilized for this safety critical software, while SRGM has difficulties because of lack of failure occurrence data on developing phase. For the safety critical software, however, failure data cannot be gathered after installation in real plant when we consider the severe consequence. Therefore, to complement the V and V method, the test-based method need to be developed. Some studies on test-based reliability quantification method for safety critical software have been conducted in nuclear field. These studies provide useful guidance on generating test sets. An important concept of the guidance is that the test sets represent 'trajectories' (a series of successive values for the input variables of a program that occur during the operation of the software over time) in the space of inputs to the software.. Actually, the inputs to the software depends on the state of plant at that time, and these inputs form a new internal state of the software by changing values of some variables. In other words, internal state of the software at specific timing depends on the history of past inputs. Here the internal state of the software which can be changed by past inputs is named as Context of Software (CoS). In a certain CoS, a software failure occurs when a fault is triggered by some inputs. To cover the failure occurrence mechanism of a software, preceding researches insist that the inputs should be a trajectory form. However, in this approach, there are two critical problems. One is the length of the trajectory input. Input trajectory should long enough to cover failure mechanism, but the enough length is not clear. What is worse, to cover some accident scenario, one set of input should represent dozen hours of successive values. The other problem is number of tests needed. To satisfy a target reliability with reasonable confidence level, very large number of test sets are required. Development of this number of test sets is a herculean

  13. NASA's Software Safety Standard

    Science.gov (United States)

    Ramsay, Christopher M.

    2007-01-01

    NASA relies more and more on software to control, monitor, and verify its safety critical systems, facilities and operations. Since the 1960's there has hardly been a spacecraft launched that does not have a computer on board that will provide command and control services. There have been recent incidents where software has played a role in high-profile mission failures and hazardous incidents. For example, the Mars Orbiter, Mars Polar Lander, the DART (Demonstration of Autonomous Rendezvous Technology), and MER (Mars Exploration Rover) Spirit anomalies were all caused or contributed to by software. The Mission Control Centers for the Shuttle, ISS, and unmanned programs are highly dependant on software for data displays, analysis, and mission planning. Despite this growing dependence on software control and monitoring, there has been little to no consistent application of software safety practices and methodology to NASA's projects with safety critical software. Meanwhile, academia and private industry have been stepping forward with procedures and standards for safety critical systems and software, for example Dr. Nancy Leveson's book Safeware: System Safety and Computers. The NASA Software Safety Standard, originally published in 1997, was widely ignored due to its complexity and poor organization. It also focused on concepts rather than definite procedural requirements organized around a software project lifecycle. Led by NASA Headquarters Office of Safety and Mission Assurance, the NASA Software Safety Standard has recently undergone a significant update. This new standard provides the procedures and guidelines for evaluating a project for safety criticality and then lays out the minimum project lifecycle requirements to assure the software is created, operated, and maintained in the safest possible manner. This update of the standard clearly delineates the minimum set of software safety requirements for a project without detailing the implementation for those

  14. The automatic programming for safety-critical software in nuclear power plants

    Energy Technology Data Exchange (ETDEWEB)

    Kim, Jang Yeol; Eom, Heung Seop; Choi, You Rark

    1998-06-01

    We defined the Korean unique safety-critical software development methodology by modifying Dr. Harel`s statechart-based on formal methods in order to digitalized the reactor protection system. It is suggested software requirement specification guideline to specify design specification which is basis for requirement specification and automatic programming by the caused by shutdown parameter logic of the steam generator water level for Wolsung 2/3/4 unit SDS no.1 and simulated it by binding the Graphic User Interface (GUI). We generated the K and R C code automatically by utilizing the Statemate MAGNUM Sharpshooter/C code generator. Auto-generated K and R C code is machine independent code and has high productivity, quality and provability. The following are the summaries of major research and development. - Set up the Korean unique safety-critical software development methodology - Developed software requirement specification guidelines - Developed software design specification guidelines - Reactor trip modeling for steam generator waster level Wolsung 2/3/4 SDS no. 1 shutdown parameter logic - Graphic panel binding with GUI. (author). 20 refs., 12 tabs., 15 figs

  15. The automatic programming for safety-critical software in nuclear power plants

    International Nuclear Information System (INIS)

    Kim, Jang Yeol; Eom, Heung Seop; Choi, You Rark

    1998-06-01

    We defined the Korean unique safety-critical software development methodology by modifying Dr. Harel's statechart-based on formal methods in order to digitalized the reactor protection system. It is suggested software requirement specification guideline to specify design specification which is basis for requirement specification and automatic programming by the caused by shutdown parameter logic of the steam generator water level for Wolsung 2/3/4 unit SDS no.1 and simulated it by binding the Graphic User Interface (GUI). We generated the K and R C code automatically by utilizing the Statemate MAGNUM Sharpshooter/C code generator. Auto-generated K and R C code is machine independent code and has high productivity, quality and provability. The following are the summaries of major research and development. - Set up the Korean unique safety-critical software development methodology - Developed software requirement specification guidelines - Developed software design specification guidelines - Reactor trip modeling for steam generator waster level Wolsung 2/3/4 SDS no. 1 shutdown parameter logic - Graphic panel binding with GUI. (author). 20 refs., 12 tabs., 15 figs

  16. Formal verification and validation of the safety-critical software in a digital reactor protection system

    International Nuclear Information System (INIS)

    Kwon, K. C.; Park, G. Y.

    2006-01-01

    This paper describes the Verification and Validation (V and V) activities for the safety-critical software in a Digital Reactor Protection System (DRPS) that is being developed through the Korea nuclear instrumentation and control system project. The main activities of the DRPS V and V process are a preparation of the software planning documentation, a verification of the software according to the software life cycle, a software safety analysis and a software configuration management. The verification works for the Software Requirement Specification (SRS) of the DRPS consist of a technical evaluation, a licensing suitability evaluation, a inspection and traceability analysis, a formal verification, and preparing a test plan and procedure. Especially, the SRS is specified by the formal specification method in the development phase, and the formal SRS is verified by a formal verification method. Through these activities, we believe we can achieve the functionality, performance, reliability, and safety that are the major V and V objectives of the nuclear safety-critical software in a DRPS. (authors)

  17. Resilience Engineering in Critical Long Term Aerospace Software Systems: A New Approach to Spacecraft Software Safety

    Science.gov (United States)

    Dulo, D. A.

    Safety critical software systems permeate spacecraft, and in a long term venture like a starship would be pervasive in every system of the spacecraft. Yet software failure today continues to plague both the systems and the organizations that develop them resulting in the loss of life, time, money, and valuable system platforms. A starship cannot afford this type of software failure in long journeys away from home. A single software failure could have catastrophic results for the spaceship and the crew onboard. This paper will offer a new approach to developing safe reliable software systems through focusing not on the traditional safety/reliability engineering paradigms but rather by focusing on a new paradigm: Resilience and Failure Obviation Engineering. The foremost objective of this approach is the obviation of failure, coupled with the ability of a software system to prevent or adapt to complex changing conditions in real time as a safety valve should failure occur to ensure safe system continuity. Through this approach, safety is ensured through foresight to anticipate failure and to adapt to risk in real time before failure occurs. In a starship, this type of software engineering is vital. Through software developed in a resilient manner, a starship would have reduced or eliminated software failure, and would have the ability to rapidly adapt should a software system become unstable or unsafe. As a result, long term software safety, reliability, and resilience would be present for a successful long term starship mission.

  18. Using Machine Learning for Risky Module Estimation of Safety-Critical Software

    International Nuclear Information System (INIS)

    Kim, Young Mi; Jeong, Choong Heui

    2009-01-01

    With the rapid development of digital computer and information processing technologies, nuclear I and C (Instrument and Control) system which needs safety critical function has adopted digital technologies. Software used in safety-critical system must have high dependability. Highly dependable software needs strict software testing and V and V activities. These days, regulatory demands for nuclear power plants are more and more increasing. But, human resources and time for regulation are limited. So, early software risky module prediction is very useful for software testing and regulation activities. Early estimation can be built from a collection of internal metrics during early development phase. Internal metrics are measures of a product derived from assessment of the product itself, and external metrics are measures of a product derived from assessment of the behavior of the systems. Internal metrics can be collected more easily and early than external metrics. In addition, internal metrics can be useful for estimating fault-prone software modules using machine learning. In this paper, we introduce current research status and techniques related to estimating risky software module using machine learning techniques. Section 2 describes the overview of the estimation model using machine learning and section 3 describes processes of the estimation model. Section 4 describes several estimation models using machine leanings. Section 5 concludes the paper

  19. A study on the quantitative evaluation of the reliability for safety critical software using Bayesian belief nets

    International Nuclear Information System (INIS)

    Eom, H. S.; Jang, S. C.; Ha, J. J.

    2003-01-01

    Despite the efforts to avoid undesirable risks, or at least to bring them under control in the world, new risks that are highly difficult to manage continue to emerge from the use of new technologies, such as the use of digital instrumentation and control (I and C) components in nuclear power plant. Whenever new risk issues came out by now, we have endeavored to find the most effective ways to reduce risks, or to allocate limited resources to do this. One of the major challenges is the reliability analysis of safety-critical software associated with digital safety systems. Though many activities such as testing, verification and validation (V and V) techniques have been carried out in the design stage of software, however, the process of quantitatively evaluating the reliability of safety-critical software has not yet been developed because of the irrelevance of the conventional software reliability techniques to apply for the digital safety systems. This paper focuses on the applicability of Bayesian Belief Net (BBN) techniques to quantitatively estimate the reliability of safety-critical software adopted in digital safety system. In this paper, a typical BBN model was constructed using the dedication process of the Commercial-Off-The-Shelf (COTS) installed by KAERI. In conclusion, the adoption of BBN technique can facilitate the process of evaluating the safety-critical software reliability in nuclear power plant, as well as provide very useful information (e.g., 'what if' analysis) associated with software reliability in the viewpoint of practicality

  20. Safety, danger and catastrophe inevitability in operation of safety-critical software algorithms: a possible new look at software safety analysis

    International Nuclear Information System (INIS)

    Povyakalo, A.A.

    2000-01-01

    The paper provides basic definitions and describes the basic procedure of the Formal Qualitative Safety Analysis (FQSA) of critical software algorithms. The procedure is described by C-based pseudo-code. It uses the notion of weakest precondition and representation of a given critical algorithm by a Gurevich's Abstract State Mashine (GASM). For a given GASM and a given Catastrophe Condition the procedure results in a Catastrophe Inevitability Condition (it means that every sequence of algorithm steps lead to a catastrophe early or late), Danger Condition (it means that next step may lead to a catastrophe or make a catastrophe to be inevitable, but a catastrophe may be prevented yet), Safety Condition (it means that a next step can not lead to a catastrophe or make a catastrophe to be inevitable). The using of proposed procedure is illustrated by a simplest test example of algorithm. The FQSA provides a logical basis for PSA of critical algorithm. (author)

  1. An integrated environment of software development and V and V for PLC based safety-critical systems

    International Nuclear Information System (INIS)

    Koo, Seo Ryong

    2005-02-01

    To develop and implement a safety-critical system, the requirements of the system must be analyzed thoroughly during the phases of a software development's life cycle because a single error in the requirements can generate serious software faults. We therefore propose an Integrated Environment (IE) approach for requirements which is an integrated approach that enables easy inspection by combining requirement traceability and effective use of a formal method. For the V and V tasks of requirements phase, our approach uses software inspection, requirement traceability, and formal specification with structural decomposition. Software inspection and the analysis of requirements traceability are the most effective methods of software V and V. Although formal methods are also considered an effective V and V activity, they are difficult to use properly in nuclear fields, as well as in other fields, because of their mathematical nature. We also propose another Integrated Environment (IE) for the design and implementation of safety-critical systems. In this study, a nuclear FED-style design specification and analysis (NuFDS) approach was proposed for PLC based safety-critical systems. The NuFDS approach is suggested in a straightforward manner for the effective and formal specification and analysis of software designs. Accordingly, the proposed NuFDS approach comprises one technique for specifying the software design and another for analyzing the software design. In addition, with the NuFDS approach, we can analyze the safety of software on the basis of fault tree synthesis. To analyze the design phase more effectively, we propose a technique of fault tree synthesis, along with a universal fault tree template for the architecture modules of nuclear software. Various tools have been needed to make software V and V more convenient. We therefore developed four kinds of computer-aided software engineering tools that could be used in accordance with the software's life cycle to

  2. NuSEE: an integrated environment of software specification and V and V for PLC based safety-critical systems

    International Nuclear Information System (INIS)

    Koo, Seo Ryong; Seong, Poong Hyun; Yoo, Jun Beom; Cha, Sung Deok; Youn, Cheong; Han, Hyun Chul

    2006-01-01

    As the use of digital systems becomes more prevalent, adequate techniques for software specification and analysis have become increasingly important in Nuclear Power Plant (NPP) safety-critical systems. Additionally, the importance of software Verification and Validation (V and V) based on adequate specification has received greater emphasis in view of improving software quality. For thorough V and V of safety-critical systems, V and V should be performed throughout the software lifecycle. However, systematic V and V is difficult as it involves many manual-oriented tasks. Tool support is needed in order to more conveniently perform software V and V. In response, we developed four kinds of Computer Aided Software Engineering (CASE) tools to support system specification for a formal-based analysis according to the software lifecycle. In this work, we achieved optimized integration of each tool. The toolset, NuSEE, is an integrated environment for software specification and V and V for PLC based safety-critical systems. In accordance with the software lifecycle, NuSEE consists of NuSISRT for the concept phase, NuSRS for the requirements phase, NuSDS for the design phase and NuSCM for configuration management. It is believed that after further development our integrated environment will be a unique and promising software specification and analysis toolset that will support the entire software lifecycle for the development of PLC based NPP safety-critical systems

  3. Licensing process for safety-critical software-based systems

    Energy Technology Data Exchange (ETDEWEB)

    Haapanen, P. [VTT Automation, Espoo (Finland); Korhonen, J. [VTT Electronics, Espoo (Finland); Pulkkinen, U. [VTT Automation, Espoo (Finland)

    2000-12-01

    System vendors nowadays propose software-based technology even for the most critical safety functions in nuclear power plants. Due to the nature of software faults and the way they cause system failures new methods are needed for the safety and reliability evaluation of these systems. In the research project 'Programmable automation systems in nuclear power plants (OHA)', financed together by the Radiation and Nuclear Safety Authority (STUK), the Ministry of Trade and Industry (KTM) and the Technical Research Centre of Finland (VTT), various safety assessment methods and tools for software based systems are developed and evaluated. As a part of the OHA-work a reference model for the licensing process for software-based safety automation systems is defined. The licensing process is defined as the set of interrelated activities whose purpose is to produce and assess evidence concerning the safety and reliability of the system/application to be licensed and to make the decision about the granting the construction and operation permissions based on this evidence. The parties of the licensing process are the authority, the licensee (the utility company), system vendors and their subcontractors and possible external independent assessors. The responsibility about the production of the evidence in first place lies at the licensee who in most cases rests heavily on the vendor expertise. The evaluation and gauging of the evidence is carried out by the authority (possibly using external experts), who also can acquire additional evidence by using their own (independent) methods and tools. Central issue in the licensing process is to combine the quality evidence about the system development process with the information acquired through tests, analyses and operational experience. The purpose of the licensing process described in this report is to act as a reference model both for the authority and the licensee when planning the licensing of individual applications

  4. Licensing process for safety-critical software-based systems

    International Nuclear Information System (INIS)

    Haapanen, P.; Korhonen, J.; Pulkkinen, U.

    2000-12-01

    System vendors nowadays propose software-based technology even for the most critical safety functions in nuclear power plants. Due to the nature of software faults and the way they cause system failures new methods are needed for the safety and reliability evaluation of these systems. In the research project 'Programmable automation systems in nuclear power plants (OHA)', financed together by the Radiation and Nuclear Safety Authority (STUK), the Ministry of Trade and Industry (KTM) and the Technical Research Centre of Finland (VTT), various safety assessment methods and tools for software based systems are developed and evaluated. As a part of the OHA-work a reference model for the licensing process for software-based safety automation systems is defined. The licensing process is defined as the set of interrelated activities whose purpose is to produce and assess evidence concerning the safety and reliability of the system/application to be licensed and to make the decision about the granting the construction and operation permissions based on this evidence. The parties of the licensing process are the authority, the licensee (the utility company), system vendors and their subcontractors and possible external independent assessors. The responsibility about the production of the evidence in first place lies at the licensee who in most cases rests heavily on the vendor expertise. The evaluation and gauging of the evidence is carried out by the authority (possibly using external experts), who also can acquire additional evidence by using their own (independent) methods and tools. Central issue in the licensing process is to combine the quality evidence about the system development process with the information acquired through tests, analyses and operational experience. The purpose of the licensing process described in this report is to act as a reference model both for the authority and the licensee when planning the licensing of individual applications. Many of the

  5. Development of Safety-Critical Software for Nuclear Power Plant using a CASE Tool

    Energy Technology Data Exchange (ETDEWEB)

    Kim, Chang Ho; Oh, Do Young; Kim, Koh Eun; Choi, Woong Seock; Sohn, Se Do; Kim, Jae Hack; Kim, Hang Bae [KEPCO E and C, Daejeon (Korea, Republic of)

    2011-08-15

    The Integrated SOftware Development Environment (ISODE) is developed to provide the major S/W life cycle processes that are composed of development process, V/V process, requirements traceability process, and automated document generation process and target importing process to Programmable Logic Controller (PLC) platform. This provides critical safety software developers with a certified, domain optimized, model-based development environment, and the associated services to reduce time and efforts to develop software such as debugging, simulation, code generation and document generation. This also provides critical safety software verifiers with integrated V/V features of each phase of the software life cycle using appropriate tools such as model test coverage, formal verification, and automated report generation. In addition to development and verification, the ISODE gives a complete traceability solution from the SW design phase to the testing phase. Using this information, the coverage and impact analysis can be done easily whenever software modification is necessary. The final source codes of ISODE are imported into the newly developed PLC environment, as a module based after automatically converted into the format required by PLC. Additional tests for module and unit level are performed on the target platform.

  6. Development of Safety-Critical Software for Nuclear Power Plant using a CASE Tool

    International Nuclear Information System (INIS)

    Kim, Chang Ho; Oh, Do Young; Kim, Koh Eun; Choi, Woong Seock; Sohn, Se Do; Kim, Jae Hack; Kim, Hang Bae

    2011-01-01

    The Integrated SOftware Development Environment (ISODE) is developed to provide the major S/W life cycle processes that are composed of development process, V/V process, requirements traceability process, and automated document generation process and target importing process to Programmable Logic Controller (PLC) platform. This provides critical safety software developers with a certified, domain optimized, model-based development environment, and the associated services to reduce time and efforts to develop software such as debugging, simulation, code generation and document generation. This also provides critical safety software verifiers with integrated V/V features of each phase of the software life cycle using appropriate tools such as model test coverage, formal verification, and automated report generation. In addition to development and verification, the ISODE gives a complete traceability solution from the SW design phase to the testing phase. Using this information, the coverage and impact analysis can be done easily whenever software modification is necessary. The final source codes of ISODE are imported into the newly developed PLC environment, as a module based after automatically converted into the format required by PLC. Additional tests for module and unit level are performed on the target platform

  7. A comparative study of formal methods for safety critical software in nuclear power plant

    International Nuclear Information System (INIS)

    Sohn, Se Do; Seong Poong Hyun

    2000-01-01

    The requirement of ultra high reliability of the safety critical software can not be demonstrated by testing alone. The specification based on formal method is recommended for safety system software. But there exist various kinds of formal methods, and this variety of formal method is recognized as an obstacle to the wide use of formal method. In this paper six different formal method have been applied to the same part of the functional requirements that is calculation algorithm intensive. The specification results were compared against the criteria that is derived from the characteristics that good software requirements specifications should have and regulatory body recommends to have. The application experience shows that the critical characteristics should be defined first, then appropriate method has to e selected. In our case, the Software Cost Reduction method was recommended for internal condition or calculation algorithm checking, and state chart method is recommended for the external behavioral description. (author)

  8. Safety critical software design approach developed for Canadian nuclear power plants

    International Nuclear Information System (INIS)

    Ichiyen, M.M.; Joannou, P.K.

    1995-01-01

    Recently two methodologies were developed that comply with a high safety critical standard: the Rational Design Process, which can be characterized as a methodology based on state machines where the required behaviour of the software is defined using mathematical functions written in a notation which has a well defined syntax and semantics, and the Integrated Approach, which uses a graphical functional notation to specify the functional software requirements. The first implementations based on the two methodologies are discussed. Results from all phases of testing show a remarkably low number of errors, demonstrating that the new methodologies have indeed led to a higher demonstrable level of software reliability. (orig./HP) [de

  9. Migration of nuclear criticality safety software from a mainframe to a workstation environment

    International Nuclear Information System (INIS)

    Bowie, L.J.; Robinson, R.C.; Cain, V.R.

    1993-01-01

    The Nuclear Criticality Safety Department (NCSD), Oak Ridge Y-12 Plant has undergone the transition of executing the Martin Marietta Energy Systems Nuclear Criticality Safety Software (NCSS) on IBM mainframes to a Hewlett-Packard (HP) 9000/730 workstation (NCSSHP). NCSSHP contains the following configuration controlled modules and cross-section libraries: BONAMI, CSAS, GEOMCHY, ICE, KENO IV, KENO Va, MODIIFY, NITAWL SCALE, SLTBLIB, XSDRN, UNIXLIB, albedos library, weights library, 16-Group HANSEN-ROACH master library, 27-Group ENDF/B-IV master library, and standard composition library. This paper will discuss the method used to choose the workstation, the hardware setup of the chosen workstation, an overview of Y-12 software quality assurance and configuration control methodology, code validation, difficulties encountered in migrating the codes, and advantages to migrating to a workstation environment

  10. Safety certification of airborne software: An empirical study

    International Nuclear Information System (INIS)

    Dodd, Ian; Habli, Ibrahim

    2012-01-01

    Many safety-critical aircraft functions are software-enabled. Airborne software must be audited and approved by the aerospace certification authorities prior to deployment. The auditing process is time-consuming, and its outcome is unpredictable, due to the criticality and complex nature of airborne software. To ensure that the engineering of airborne software is systematically regulated and is auditable, certification authorities mandate compliance with safety standards that detail industrial best practice. This paper reviews existing practices in software safety certification. It also explores how software safety audits are performed in the civil aerospace domain. The paper then proposes a statistical method for supporting software safety audits by collecting and analysing data about the software throughout its lifecycle. This method is then empirically evaluated through an industrial case study based on data collected from 9 aerospace projects covering 58 software releases. The results of this case study show that our proposed method can help the certification authorities and the software and safety engineers to gain confidence in the certification readiness of airborne software and predict the likely outcome of the audits. The results also highlight some confidentiality issues concerning the management and retention of sensitive data generated from safety-critical projects.

  11. Software Reliability Issues Concerning Large and Safety Critical Software Systems

    Science.gov (United States)

    Kamel, Khaled; Brown, Barbara

    1996-01-01

    This research was undertaken to provide NASA with a survey of state-of-the-art techniques using in industrial and academia to provide safe, reliable, and maintainable software to drive large systems. Such systems must match the complexity and strict safety requirements of NASA's shuttle system. In particular, the Launch Processing System (LPS) is being considered for replacement. The LPS is responsible for monitoring and commanding the shuttle during test, repair, and launch phases. NASA built this system in the 1970's using mostly hardware techniques to provide for increased reliability, but it did so often using custom-built equipment, which has not been able to keep up with current technologies. This report surveys the major techniques used in industry and academia to ensure reliability in large and critical computer systems.

  12. Survey of bayesian belif nets for quantitative reliability assessment of safety critical software used in nuclear power plants

    Energy Technology Data Exchange (ETDEWEB)

    Eom, H.S.; Sung, T.Y.; Jeong, H.S.; Park, J.H.; Kang, H.G.; Lee, K

    2001-03-01

    As part of the Probabilistic Safety Assessment of safety grade digital systems used in Nuclear Power plants research, measures and methodologies applicable to quantitative reliability assessment of safety critical software were surveyed. Among the techniques proposed in the literature we selected those which are in use widely and investigated their limitations in quantitative software reliability assessment. One promising methodology from the survey is Bayesian Belief Nets (BBN) which has a formalism and can combine various disparate evidences relevant to reliability into final decision under uncertainty. Thus we analyzed BBN and its application cases in digital systems assessment area and finally studied the possibility of its application to the quantitative reliability assessment of safety critical software.

  13. Survey of bayesian belif nets for quantitative reliability assessment of safety critical software used in nuclear power plants

    International Nuclear Information System (INIS)

    Eom, H. S.; Sung, T. Y.; Jeong, H. S.; Park, J. H.; Kang, H. G.; Lee, K.

    2001-03-01

    As part of the Probabilistic Safety Assessment of safety grade digital systems used in Nuclear Power plants research, measures and methodologies applicable to quantitative reliability assessment of safety critical software were surveyed. Among the techniques proposed in the literature we selected those which are in use widely and investigated their limitations in quantitative software reliability assessment. One promising methodology from the survey is Bayesian Belief Nets (BBN) which has a formalism and can combine various disparate evidences relevant to reliability into final decision under uncertainty. Thus we analyzed BBN and its application cases in digital systems assessment area and finally studied the possibility of its application to the quantitative reliability assessment of safety critical software

  14. Ontario Hydro experience in the identification and mitigation of potential failures in safety critical software systems

    International Nuclear Information System (INIS)

    Huget, R.G.; Viola, M.; Froebel, P.A.

    1995-01-01

    Ontario Hydro has had experience in designing and qualifying safety critical software used in the reactor shutdown systems of its nuclear generating stations. During software design, an analysis of system level hazards and potential hardware failure effects provide input to determining what safeguards will be needed. One form of safeguard, called software self checks, continually monitor the health of the computer on line. The design of self checks usually is a trade off between the amount of computing resources required, the software complexity, and the level of safeguarding provided. As part of the software verification activity, a software hazards analysis is performed, which identifiers any failure modes that could lead to the software causing an unsafe state, and which recommends changes to mitigate that potential. These recommendations may involve a re-structuring of the software to be more resistant to failure, or the introduction of other safeguarding measures. This paper discusses how Ontario Hydro has implemented these aspects of software design and verification into safety critical software used in reactor shutdown systems

  15. Evaluation of Model Driven Development of Safety Critical Software in the Nuclear Power Plant I and C system

    International Nuclear Information System (INIS)

    Jung, Jae Cheon; Chang, Hoon Seon; Chang, Young Woo; Kim, Jae Hack; Sohn, Se Do

    2005-01-01

    The major issues of the safety critical software are formalism and V and V. Implementing these two characteristics in the safety critical software will greatly enhance the quality of software product. The structure based development requires lots of output documents from the requirements phase to the testing phase. The requirements analysis phase is open omitted. According to the Standish group report in 2001, 49% of software project is cancelled before completion or never implemented. In addition, 23% is completed and become operational, but over-budget, over the time estimation, and with fewer features and functions than initially specified. They identified ten success factors. Among them, firm basic requirements and formal methods are technically achievable factors while the remaining eight are management related. Misunderstanding of requirements due to lack of communication between the design engineer and verification engineer causes unexpected result such as functionality error of system. Safety critical software shall comply with such characteristics as; modularity, simplicity, minimizing the sub-routine, and excluding the interrupt routine. In addition, the crosslink fault and erroneous function shall be eliminated. The easiness of repairing work after the installation shall be achieved as well. In consideration of the above issues, we evaluate the model driven development (MDD) methods for nuclear I and C systems software. For qualitative analysis, the unified modeling language (UML), functional block language (FBL) and the safety critical application environment (SCADE) are tested for the above characteristics

  16. Use of modern software - based instrumentation in safety critical systems

    International Nuclear Information System (INIS)

    Emmett, J.; Smith, B.

    2005-01-01

    Many Nuclear Power Plants are now ageing and in need of various degrees of refurbishment. Installed instrumentation usually uses out of date 'analogue' technology and is often no longer available in the market place. New technology instrumentation is generally un-qualified for nuclear use and specifically the new 'smart' technology contains 'firmware', (effectively 'soup' (Software of Uncertain Pedigree)) which must be assessed in accordance with relevant safety standards before it may be used in a safety application. Particular standards are IEC 61508 [1] and the British Energy (BE) PES (Programmable Electronic Systems) guidelines EPD/GEN/REP/0277/97. [2] This paper outlines a new instrument evaluation system, which has been developed in conjunction with the UK Nuclear Industry. The paper concludes with a discussion about on-line monitoring of Smart instrumentation in safety critical applications. (author)

  17. Anatomy of safety-critical computing problems

    International Nuclear Information System (INIS)

    Swu Yih; Fan Chinfeng; Shirazi, Behrooz

    1995-01-01

    This paper analyzes the obstacles faced by current safety-critical computing applications. The major problem lies in the difficulty to provide complete and convincing safety evidence to prove that the software is safe. We explain this problem from a fundamental perspective by analyzing the essence of safety analysis against that of software developed by current practice. Our basic belief is that in order to perform a successful safety analysis, the state space structure of the analyzed system must have some properties as prerequisites. We propose the concept of safety analyzability, and derive its necessary and sufficient conditions; namely, definability, finiteness, commensurability, and tractability. We then examine software state space structures against these conditions, and affirm that the safety analyzability of safety-critical software developed by current practice is severely restricted by its state space structure and by the problem of exponential growth cost. Thus, except for small and simple systems, the safety evidence may not be complete and convincing. Our concepts and arguments successfully explain the current problematic situation faced by the safety-critical computing domain. The implications are also discussed

  18. Analyzing Software Errors in Safety-Critical Embedded Systems

    Science.gov (United States)

    Lutz, Robyn R.

    1994-01-01

    This paper analyzes the root causes of safty-related software faults identified as potentially hazardous to the system are distributed somewhat differently over the set of possible error causes than non-safety-related software faults.

  19. Experiment to evaluate software safety

    International Nuclear Information System (INIS)

    Soubies, B.; Henry, J.Y.

    1994-01-01

    The process of licensing nuclear power plants for operation consists of mandatory steps featuring detailed examination of the instrumentation and control system by the safety authorities, including softwares. The criticality of these softwares obliges the manufacturer to develop in accordance with the IEC 880 standard 'Computer software in nuclear power plant safety systems' issued by the International Electronic Commission. The evaluation approach, a two-stage assessment is described in detail. In this context, the IPSN (Institute of Protection and Nuclear Safety), the technical support body of the safety authority uses the MALPAS tool to analyse the quality of the programs. (R.P.). 4 refs

  20. REVEAL - A tool for rule driven analysis of safety critical software

    International Nuclear Information System (INIS)

    Miedl, H.; Kersken, M.

    1998-01-01

    As the determination of ultrahigh reliability figures for safety critical software is hardly possible, national and international guidelines and standards give mainly requirements for the qualitative evaluation of software. An analysis whether all these requirements are fulfilled is time and effort consuming and prone to errors, if performed manually by analysts, and should instead be dedicated to tools as far as possible. There are many ''general-purpose'' software analysis tools, both static and dynamic, which help analyzing the source code. However, they are not designed to assess the adherence to specific requirements of guidelines and standards in the nuclear field. Against the background of the development of I and C systems in the nuclear field which are based on digital techniques and implemented in high level language, it is essential that the assessor or licenser has a tool with which he can automatically and uniformly qualify as many aspects as possible of the high level language software. For this purpose the software analysis tool REVEAL has been developed at ISTec and the Halden Reactor Project. (author)

  1. Co Modeling and Co Synthesis of Safety Critical Multi threaded Embedded Software for Multi Core Embedded Platforms

    Science.gov (United States)

    2017-03-20

    Kaiserslautern Kaiserslautern, Germany Sandeep Shukla FERMAT Lab Electrical and Computer Engineering Department Virginia Tech 900 North Glebe Road...Software Engineering , Software Producibility, Component-based software design, behavioral types, behavioral type inference, Polychronous model of...near future, many embedded applications including safety critical ones as used in avionics, automotive , mission control systems will run on

  2. Automated Translation of Safety Critical Application Software Specifications into PLC Ladder Logic

    Science.gov (United States)

    Leucht, Kurt W.; Semmel, Glenn S.

    2008-01-01

    The numerous benefits of automatic application code generation are widely accepted within the software engineering community. A few of these benefits include raising the abstraction level of application programming, shorter product development time, lower maintenance costs, and increased code quality and consistency. Surprisingly, code generation concepts have not yet found wide acceptance and use in the field of programmable logic controller (PLC) software development. Software engineers at the NASA Kennedy Space Center (KSC) recognized the need for PLC code generation while developing their new ground checkout and launch processing system. They developed a process and a prototype software tool that automatically translates a high-level representation or specification of safety critical application software into ladder logic that executes on a PLC. This process and tool are expected to increase the reliability of the PLC code over that which is written manually, and may even lower life-cycle costs and shorten the development schedule of the new control system at KSC. This paper examines the problem domain and discusses the process and software tool that were prototyped by the KSC software engineers.

  3. Software Dependability and Safety Evaluations ESA's Initiative

    Science.gov (United States)

    Hernek, M.

    ESA has allocated funds for an initiative to evaluate Dependability and Safety methods of Software. The objectives of this initiative are; · More extensive validation of Safety and Dependability techniques for Software · Provide valuable results to improve the quality of the Software thus promoting the application of Dependability and Safety methods and techniques. ESA space systems are being developed according to defined PA requirement specifications. These requirements may be implemented through various design concepts, e.g. redundancy, diversity etc. varying from project to project. Analysis methods (FMECA. FTA, HA, etc) are frequently used during requirements analysis and design activities to assure the correct implementation of system PA requirements. The criticality level of failures, functions and systems is determined and by doing that the critical sub-systems are identified, on which dependability and safety techniques are to be applied during development. Proper performance of the software development requires the development of a technical specification for the products at the beginning of the life cycle. Such technical specification comprises both functional and non-functional requirements. These non-functional requirements address characteristics of the product such as quality, dependability, safety and maintainability. Software in space systems is more and more used in critical functions. Also the trend towards more frequent use of COTS and reusable components pose new difficulties in terms of assuring reliable and safe systems. Because of this, its dependability and safety must be carefully analysed. ESA identified and documented techniques, methods and procedures to ensure that software dependability and safety requirements are specified and taken into account during the design and development of a software system and to verify/validate that the implemented software systems comply with these requirements [R1].

  4. Validation of Nuclear Criticality Safety Software and 27 energy group ENDF/B-IV cross sections

    International Nuclear Information System (INIS)

    Lee, B.L. Jr.

    1994-08-01

    The validation documented in this report is based on calculations that were executed during June through August 1992, and was completed in June 1993. The statistical analyses in Appendix C and Appendix D were completed in October 1993. This validation gives Portsmouth NCS personnel a basis for performing computerized KENO V.a calculations using the Martin Marietta Nuclear Criticality Safety Software. The first portion of the document outlines basic information in regard to validation of NCSS using ENDF/B-IV 27-group cross sections on the IBM 3090 at ORNL. A basic discussion of the NCSS system is provided, some discussion on the validation database and validation in general. Then follows a detailed description of the statistical analysis which was applied. The results of this validation indicate that the NCSS software may be used with confidence for criticality calculations at the Portsmouth Gaseous Diffusion Plant. When the validation results are treated as a single group, there is 95% confidence that 99.9% of future calculations of similar critical systems will have a calculated K eff > 0.9616. Based on this result the Portsmouth Nuclear Criticality Safety Department has adopted the calculational acceptance criteria that a k eff + 2σ ≤ 0.95 is safety subcritical. The validation of NCSS on the IBM 3090 at ORNL was extended to include NCSS on the IBM 3090 at K-25

  5. Software criticality analysis of COTS/SOUP

    Energy Technology Data Exchange (ETDEWEB)

    Bishop, Peter; Bloomfield, Robin; Clement, Tim; Guerra, Sofia

    2003-09-01

    This paper describes the Software Criticality Analysis (SCA) approach that was developed to support the justification of using commercial off-the-shelf software (COTS) in a safety-related system. The primary objective of SCA is to assess the importance to safety of the software components within the COTS and to show there is segregation between software components with different safety importance. The approach taken was a combination of Hazops based on design documents and on a detailed analysis of the actual code (100 kloc). Considerable effort was spent on validation and ensuring the conservative nature of the results. The results from reverse engineering from the code showed that results based only on architecture and design documents would have been misleading.

  6. Software criticality analysis of COTS/SOUP

    International Nuclear Information System (INIS)

    Bishop, Peter; Bloomfield, Robin; Clement, Tim; Guerra, Sofia

    2003-01-01

    This paper describes the Software Criticality Analysis (SCA) approach that was developed to support the justification of using commercial off-the-shelf software (COTS) in a safety-related system. The primary objective of SCA is to assess the importance to safety of the software components within the COTS and to show there is segregation between software components with different safety importance. The approach taken was a combination of Hazops based on design documents and on a detailed analysis of the actual code (100 kloc). Considerable effort was spent on validation and ensuring the conservative nature of the results. The results from reverse engineering from the code showed that results based only on architecture and design documents would have been misleading

  7. Comparison of the Safety Critical Software V and V Requirements for the Research Reactor Instrumentation and Control System

    Energy Technology Data Exchange (ETDEWEB)

    Joo, Sungmoon; Suh, Yong-Suk; Park, Cheol [Korea Atomic Energy Research Institute, Daejeon (Korea, Republic of)

    2016-10-15

    This study was motivated by a research reactor project where the owner of the project and the equipment vendors are from two different standards frameworks. This paper reviews two major standards frameworks - NRC-IEEE and IAEA-IEC - and the software classification schemes as a background, then discuss the V and V issue. The purpose of this paper is by no means to solve the cross-standards-framework qualification issue, but, rather, is to remind the stakeholders of research reactor projects. V and V are also essential for the approval from regulatory bodies. As standards define or recommend consolidated engineering practices, methods, or criteria, V and V activities for software qualification are not exceptional. Within a standards framework, usually, the processes for the qualification of safety-critical software are well-established such that the safety is maximized while minimizing the compromises in software quality, safety, and reliability. When, however, multiple standards frameworks are involved in a research reactor project, it is difficult for equipment vendors to implement appropriate V and V activities as there is no unified view on this cross-standards-framework qualification issue yet. There are two major standards frameworks for safety-critical software development in nuclear industry. Unfortunately different safety classifications for software and thus different requirements for qualification are in place. What makes things worse is that (i) there are ambiguities in the standards and rooms for each stakeholders’ interpretation, and (ii) there is no one-to-one mapping between the associated V and V methods and activities. These may put the stakeholders of research reactor projects in trouble.

  8. Comparison of the Safety Critical Software V and V Requirements for the Research Reactor Instrumentation and Control System

    International Nuclear Information System (INIS)

    Joo, Sungmoon; Suh, Yong-Suk; Park, Cheol

    2016-01-01

    This study was motivated by a research reactor project where the owner of the project and the equipment vendors are from two different standards frameworks. This paper reviews two major standards frameworks - NRC-IEEE and IAEA-IEC - and the software classification schemes as a background, then discuss the V and V issue. The purpose of this paper is by no means to solve the cross-standards-framework qualification issue, but, rather, is to remind the stakeholders of research reactor projects. V and V are also essential for the approval from regulatory bodies. As standards define or recommend consolidated engineering practices, methods, or criteria, V and V activities for software qualification are not exceptional. Within a standards framework, usually, the processes for the qualification of safety-critical software are well-established such that the safety is maximized while minimizing the compromises in software quality, safety, and reliability. When, however, multiple standards frameworks are involved in a research reactor project, it is difficult for equipment vendors to implement appropriate V and V activities as there is no unified view on this cross-standards-framework qualification issue yet. There are two major standards frameworks for safety-critical software development in nuclear industry. Unfortunately different safety classifications for software and thus different requirements for qualification are in place. What makes things worse is that (i) there are ambiguities in the standards and rooms for each stakeholders’ interpretation, and (ii) there is no one-to-one mapping between the associated V and V methods and activities. These may put the stakeholders of research reactor projects in trouble

  9. Finite test sets development method for test execution of safety critical software

    International Nuclear Information System (INIS)

    El-Bordany Ayman; Yun, Won Young

    2014-01-01

    It reads inputs, computes new states, and updates output for each scan cycle. Korea Nuclear Instrumentation and Control System (KNICS) has recently developed a fully digitalized Reactor Protection System (RPS) based on PLD. As a digital system, this RPS is equipped with a dedicated software. The Reliability of this software is crucial to NPPs safety where its malfunction may cause irreversible consequences and affect the whole system as a Common Cause Failure (CCF). To guarantee the reliability of the whole system, the reliability of this software needs to be quantified. There are three representative methods for software reliability quantification, namely the Verification and Validation (V and V) quality-based method, the Software Reliability Growth Model (SRGM), and the test-based method. An important concept of the guidance is that the test sets represent 'trajectories' (a series of successive values for the input variables of a program that occur during the operation of the software over time) in the space of inputs to the software.. Actually, the inputs to the software depends on the state of plant at that time, and these inputs form a new internal state of the software by changing values of some variables. In other words, internal state of the software at specific timing depends on the history of past inputs. Here the internal state of the software which can be changed by past inputs is named as Context of Software (CoS). In a certain CoS, a software failure occurs when a fault is triggered by some inputs. To cover the failure occurrence mechanism of a software, preceding researches insist that the inputs should be a trajectory form. However, in this approach, there are two critical problems. One is the length of the trajectory input. Input trajectory should long enough to cover failure mechanism, but the enough length is not clear. What is worse, to cover some accident scenario, one set of input should represent dozen hours of successive values

  10. Prediction of safety critical software operational reliability from test reliability using testing environment factors

    International Nuclear Information System (INIS)

    Jung, Hoan Sung; Seong, Poong Hyun

    1999-01-01

    It has been a critical issue to predict the safety critical software reliability in nuclear engineering area. For many years, many researches have focused on the quantification of software reliability and there have been many models developed to quantify software reliability. Most software reliability models estimate the reliability with the failure data collected during the test assuming that the test environments well represent the operation profile. User's interest is however on the operational reliability rather than on the test reliability. The experiences show that the operational reliability is higher than the test reliability. With the assumption that the difference in reliability results from the change of environment, from testing to operation, testing environment factors comprising the aging factor and the coverage factor are developed in this paper and used to predict the ultimate operational reliability with the failure data in testing phase. It is by incorporating test environments applied beyond the operational profile into testing environment factors. The application results show that the proposed method can estimate the operational reliability accurately. (Author). 14 refs., 1 tab., 1 fig

  11. A Conceptual Model of Agile Software Development in a Safety-Critical Context: A Systematic Literature Review

    DEFF Research Database (Denmark)

    Tordrup Heeager, Lise; Nielsen, Peter Axel

    2018-01-01

    challenges of agile software development of safety-critical systems. The conceptual model consists of four problematic practice areas and five relationships, which we find to be even more important than the problematic areas. From this review, we suggest that there are important research gaps that need...... processes or agile processes that are purportedly faster and promise to lead to better products. Objective: To identify the issues and disputes in agile development of safety-critical software and the key qualities as found in the extant research literature. Method: We conducted a systematic literature...... review as an interpretive study following a research design to search, assess, extract, group, and understand the results of the found studies. Results: There are key issues and propositions that we elicit from the literature and combine into a conceptual model for understanding the foundational...

  12. Software design specification and analysis(NuFDS) approach for the safety critical software based on porgrammable logic controller(PLC)

    International Nuclear Information System (INIS)

    Koo, Seo Ryong; Seong, Poong Hyun; Jung, Jin Yong; Choi, Seong Soo

    2004-01-01

    This paper introduces the software design specification and analysis technique for the safety-critical system based on Programmable Logic Controller (PLC). During software development phases, the design phase should perform an important role to connect between requirements phase and implementation phase as a process of translating problem requirements into software structures. In this work, the Nuclear FBD-style Design Specification and analysis (NuFDS) approach was proposed. The NuFDS approach for nuclear Instrumentation and Control (I and C) software are suggested in a straight forward manner. It consists of four major specifications as follows; Database, Software Architecture, System Behavior, and PLC Hardware Configuration. Additionally, correctness, completeness, consistency, and traceability check techniques are also suggested for the formal design analysis in NuFDS approach. In addition, for the tool supporting, we are developing NuSDS tool based on the NuFDS approach which is a tool, especially for the software design specification in nuclear fields

  13. Model checking of safety-critical software in the nuclear engineering domain

    International Nuclear Information System (INIS)

    Lahtinen, J.; Valkonen, J.; Björkman, K.; Frits, J.; Niemelä, I.; Heljanko, K.

    2012-01-01

    Instrumentation and control (I and C) systems play a vital role in the operation of safety-critical processes. Digital programmable logic controllers (PLC) enable sophisticated control tasks which sets high requirements for system validation and verification methods. Testing and simulation have an important role in the overall verification of a system but are not suitable for comprehensive evaluation because only a limited number of system behaviors can be analyzed due to time limitations. Testing is also performed too late in the development lifecycle and thus the correction of design errors is expensive. This paper discusses the role of formal methods in software development in the area of nuclear engineering. It puts forward model checking, a computer-aided formal method for verifying the correctness of a system design model, as a promising approach to system verification. The main contribution of the paper is the development of systematic methodology for modeling safety critical systems in the nuclear domain. Two case studies are reviewed, in which we have found errors that were previously not detected. We also discuss the actions that should be taken in order to increase confidence in the model checking process.

  14. A New Method to Detect and Correct the Critical Errors and Determine the Software-Reliability in Critical Software-System

    International Nuclear Information System (INIS)

    Krini, Ossmane; Börcsök, Josef

    2012-01-01

    In order to use electronic systems comprising of software and hardware components in safety related and high safety related applications, it is necessary to meet the Marginal risk numbers required by standards and legislative provisions. Existing processes and mathematical models are used to verify the risk numbers. On the hardware side, various accepted mathematical models, processes, and methods exist to provide the required proof. To this day, however, there are no closed models or mathematical procedures known that allow for a dependable prediction of software reliability. This work presents a method that makes a prognosis on the residual critical error number in software. Conventional models lack this ability and right now, there are no methods that forecast critical errors. The new method will show that an estimate of the residual error number of critical errors in software systems is possible by using a combination of prediction models, a ratio of critical errors, and the total error number. Subsequently, the critical expected value-function at any point in time can be derived from the new solution method, provided the detection rate has been calculated using an appropriate estimation method. Also, the presented method makes it possible to make an estimate on the critical failure rate. The approach is modelled on a real process and therefore describes two essential processes - detection and correction process.

  15. Software important to safety in nuclear power plants

    International Nuclear Information System (INIS)

    1994-01-01

    The report provides guidance on current practices, documenting their strengths and weaknesses for dealing with the important issues of software engineering that nuclear power plant system designers, software producers and regulators are facing. The focus of the report is on safety critical applications of general purpose processors controlled by custom developed software; however, it should also have application in safety related applications and for other types of computers. In addition to system designers, software producers and regulators, the intended readership of this report includes users of software based systems, who should be aware of the relevant issues in specifying and obtaining software for systems important to safety. Refs, 1 fig., tabs

  16. A hybrid approach to quantify software reliability in nuclear safety systems

    International Nuclear Information System (INIS)

    Arun Babu, P.; Senthil Kumar, C.; Murali, N.

    2012-01-01

    Highlights: ► A novel method to quantify software reliability using software verification and mutation testing in nuclear safety systems. ► Contributing factors that influence software reliability estimate. ► Approach to help regulators verify the reliability of safety critical software system during software licensing process. -- Abstract: Technological advancements have led to the use of computer based systems in safety critical applications. As computer based systems are being introduced in nuclear power plants, effective and efficient methods are needed to ensure dependability and compliance to high reliability requirements of systems important to safety. Even after several years of research, quantification of software reliability remains controversial and unresolved issue. Also, existing approaches have assumptions and limitations, which are not acceptable for safety applications. This paper proposes a theoretical approach combining software verification and mutation testing to quantify the software reliability in nuclear safety systems. The theoretical results obtained suggest that the software reliability depends on three factors: the test adequacy, the amount of software verification carried out and the reusability of verified code in the software. The proposed approach may help regulators in licensing computer based safety systems in nuclear reactors.

  17. Methods and tools used at the IPSN for the safety assessment of critical software

    International Nuclear Information System (INIS)

    Regnier, P.; Henry, J.Y.

    1998-01-01

    A significant feature of EDF's latest 1400MWe ''N4'' generation of pressurized water reactor (PWR) is the extensive use of computerized instrumentation and control, including a fully digital system for the reactor protection function. For the safety assessment of the software driving the operation of this digital reactor protection called SPIN, IPSN has developed and implemented a set of methods and tools. Using the lessons learned from this experience, IPSN has worked at improving those methods and tools, mainly trying to make them more automatic to use, and has participated in an international assessment exercise to test some other methods and tools, either new products on the market or self-developed products. As a result of these works, this paper presents an up to date overview of the IPSN methods and tools used for the assessment of safety critical software. This assessment, which consists of an analysis of all the documentation associated with the technical specifications and of a representative set of functions, is usually carried out in five steps: (1) critical examination of the documents, (2) evaluation of the quality of the code, (3) determination of the critical software components, (4) development of test cases and choice of testing strategy, (5) dynamic analysis (consistency and robustness). This paper also presents methods and tools developed or implemented by IPSN in order to: evaluate the completeness and consistency of specification and design documents written in natural language; build a model and simulate specification or design items; evaluate the quality of the source code; carry out FMEA analysis; run the binary code and perform tests (CLAIRE); perform random or mutational tests. (author)

  18. Software Quality Assurance for Nuclear Safety Systems

    International Nuclear Information System (INIS)

    Sparkman, D R; Lagdon, R

    2004-01-01

    The US Department of Energy has undertaken an initiative to improve the quality of software used to design and operate their nuclear facilities across the United States. One aspect of this initiative is to revise or create new directives and guides associated with quality practices for the safety software in its nuclear facilities. Safety software includes the safety structures, systems, and components software and firmware, support software and design and analysis software used to ensure the safety of the facility. DOE nuclear facilities are unique when compared to commercial nuclear or other industrial activities in terms of the types and quantities of hazards that must be controlled to protect workers, public and the environment. Because of these differences, DOE must develop an approach to software quality assurance that ensures appropriate risk mitigation by developing a framework of requirements that accomplishes the following goals: (sm b ullet) Ensures the software processes developed to address nuclear safety in design, operation, construction and maintenance of its facilities are safe (sm b ullet) Considers the larger system that uses the software and its impacts (sm b ullet) Ensures that the software failures do not create unsafe conditions Software designers for nuclear systems and processes must reduce risks in software applications by incorporating processes that recognize, detect, and mitigate software failure in safety related systems. It must also ensure that fail safe modes and component testing are incorporated into software design. For nuclear facilities, the consideration of risk is not necessarily sufficient to ensure safety. Systematic evaluation, independent verification and system safety analysis must be considered for software design, implementation, and operation. The software industry primarily uses risk analysis to determine the appropriate level of rigor applied to software practices. This risk-based approach distinguishes safety-critical

  19. Validation of nuclear criticality safety software and 27 energy group ENDF/B-IV cross sections. Revision 1

    International Nuclear Information System (INIS)

    Lee, B.L. Jr.; D'Aquila, D.M.

    1996-01-01

    The original validation report, POEF-T-3636, was documented in August 1994. The document was based on calculations that were executed during June through August 1992. The statistical analyses in Appendix C and Appendix D were completed in October 1993. This revision is written to clarify the margin of safety being used at Portsmouth for nuclear criticality safety calculations. This validation gives Portsmouth NCS personnel a basis for performing computerized KENO V.a calculations using the Lockheed Martin Nuclear Criticality Safety Software. The first portion of the document outlines basic information in regard to validation of NCSS using ENDF/B-IV 27-group cross sections on the IBM3090 at ORNL. A basic discussion of the NCSS system is provided, some discussion on the validation database and validation in general. Then follows a detailed description of the statistical analysis which was applied. The results of this validation indicate that the NCSS software may be used with confidence for criticality calculations at the Portsmouth Gaseous Diffusion Plant. For calculations of Portsmouth systems using the specified codes and systems covered by this validation, a maximum k eff including 2σ of 0.9605 or lower shall be considered as subcritical to ensure a calculational margin of safety of 0.02. The validation of NCSS on the IBM 3090 at ORNL was extended to include NCSS on the IBM 3090 at K-25

  20. Reliability Quantification Method for Safety Critical Software Based on a Finite Test Set

    International Nuclear Information System (INIS)

    Shin, Sung Min; Kim, Hee Eun; Kang, Hyun Gook; Lee, Seung Jun

    2014-01-01

    Software inside of digitalized system have very important role because it may cause irreversible consequence and affect the whole system as common cause failure. However, test-based reliability quantification method for some safety critical software has limitations caused by difficulties in developing input sets as a form of trajectory which is series of successive values of variables. To address these limitations, this study proposed another method which conduct the test using combination of single values of variables. To substitute the trajectory form of input using combination of variables, the possible range of each variable should be identified. For this purpose, assigned range of each variable, logical relations between variables, plant dynamics under certain situation, and characteristics of obtaining information of digital device are considered. A feasibility of the proposed method was confirmed through an application to the Reactor Protection System (RPS) software trip logic

  1. Determination of the number of software tests using probabilistic safety assessment

    International Nuclear Information System (INIS)

    Kang, H. K.; Seong, T. Y.; Lee, K. Y.

    2000-01-01

    The broader usage of digital equipment in nuclear power plants gives rise to the safety problems of software. The field test should be performed before the software is used in critical applications because it is well known that software shows non-linear response when it is applied to different target systems in different environment. In the case of safety-critical applications, the result of tests contains usually zero failure case and the satisfiable number of tests is hard to be determined. In this paper, we suggests the method to determine the number of software tests without failure using the probabilistic safety assessment. From the result of the probabilistic safety assessment on total system, the desirable unavailability of software is calculated and the number of tests is determined

  2. Formal methods and their applicability in the development of safety critical software systems

    International Nuclear Information System (INIS)

    Sievertsen, T.

    1995-01-01

    The OECD Halden Reactor Project has for a number of years been involved in the development and application of a formal software specification and development method based on algebraic specification and the HRP Prover. In parallel to this activity the Project has been evaluating and comparing different methods and approaches to formal software development by their application on realistic case examples. Recent work has demonstrated that algebraic specification and the HRP Prover can be used both in the specification and design of a software system, even down to a concrete model which can be translated into the chosen implementation language. The HRP Prover is currently being used in a case study on the applicability of the methodology in the development of a power range monitoring system for a nuclear power plant. The presentation reviews some of the experiences drawn from the Project's research activities in this area, with special emphasis on questions relating to applicability and limitations, and the role of formal methods in the development of safety-critical software systems. (14 refs., 1 fig.)

  3. Design aspects of safety critical instrumentation of nuclear installations

    Energy Technology Data Exchange (ETDEWEB)

    Swaminathan, P. [Electronics Group, Indira Gandhi Centre for Atomic Research, Kalpakkam 603 102, Tamil Nadu (India)]. E-mail: swamy@igcar.ernet.in

    2005-07-01

    Safety critical instrumentation systems ensure safe shutdown/configuration of the nuclear installation when process status exceeds the safety threshold limits. Design requirements for safety critical instrumentation such as functional and electrical independence, fail-safe design, and architecture to ensure the specified unsafe failure rate and safe failure rate, human machine interface (HMI), etc., are explained with examples. Different fault tolerant architectures like 1/2, 2/2, 2/3 hot stand-by are compared for safety critical instrumentation. For embedded systems, software quality assurance is detailed both during design phase and O and M phase. Different software development models such as waterfall model and spiral model are explained with examples. The error distribution in embedded system is detailed. The usage of formal method is outlined to reduce the specification error. The guidelines for coding of application software are outlined. The interface problems of safety critical instrumentation with sensors, actuators, other computer systems, etc., are detailed with examples. Testability and maintainability shall be taken into account during design phase. Online diagnostics for safety critical instrumentation is detailed with examples. Salient details of design guides from Atomic Energy Regulatory Board, International Atomic Energy Agency and standards from IEEE, BIS are given towards the design of safety critical instrumentation systems. (author)

  4. Design aspects of safety critical instrumentation of nuclear installations

    International Nuclear Information System (INIS)

    Swaminathan, P.

    2005-01-01

    Safety critical instrumentation systems ensure safe shutdown/configuration of the nuclear installation when process status exceeds the safety threshold limits. Design requirements for safety critical instrumentation such as functional and electrical independence, fail-safe design, and architecture to ensure the specified unsafe failure rate and safe failure rate, human machine interface (HMI), etc., are explained with examples. Different fault tolerant architectures like 1/2, 2/2, 2/3 hot stand-by are compared for safety critical instrumentation. For embedded systems, software quality assurance is detailed both during design phase and O and M phase. Different software development models such as waterfall model and spiral model are explained with examples. The error distribution in embedded system is detailed. The usage of formal method is outlined to reduce the specification error. The guidelines for coding of application software are outlined. The interface problems of safety critical instrumentation with sensors, actuators, other computer systems, etc., are detailed with examples. Testability and maintainability shall be taken into account during design phase. Online diagnostics for safety critical instrumentation is detailed with examples. Salient details of design guides from Atomic Energy Regulatory Board, International Atomic Energy Agency and standards from IEEE, BIS are given towards the design of safety critical instrumentation systems. (author)

  5. Development methodology for the software life cycle process of the safety software

    Energy Technology Data Exchange (ETDEWEB)

    Kim, D. H.; Lee, S. S. [BNF Technology, Taejon (Korea, Republic of); Cha, K. H.; Lee, C. S.; Kwon, K. C.; Han, H. B. [KAERI, Taejon (Korea, Republic of)

    2002-05-01

    A methodology for developing software life cycle processes (SLCP) is proposed to develop the digital safety-critical Engineered Safety Features - Component Control System (ESF-CCS) successfully. A software life cycle model is selected as the hybrid model mixed with waterfall, prototyping, and spiral models and is composed of two stages , development stages of prototype of ESF-CCS and ESF-CCS. To produce the software life cycle (SLC) for the Development of the Digital Reactor Safety System, the Activities referenced in IEEE Std. 1074-1997 are mapped onto the hybrid model. The SLCP is established after the available OPAs (Organizational Process Asset) are applied to the SLC Activities, and the known constraints are reconciled. The established SLCP describes well the software life cycle activities with which the Regulatory Authority provides.

  6. Development methodology for the software life cycle process of the safety software

    International Nuclear Information System (INIS)

    Kim, D. H.; Lee, S. S.; Cha, K. H.; Lee, C. S.; Kwon, K. C.; Han, H. B.

    2002-01-01

    A methodology for developing software life cycle processes (SLCP) is proposed to develop the digital safety-critical Engineered Safety Features - Component Control System (ESF-CCS) successfully. A software life cycle model is selected as the hybrid model mixed with waterfall, prototyping, and spiral models and is composed of two stages , development stages of prototype of ESF-CCS and ESF-CCS. To produce the software life cycle (SLC) for the Development of the Digital Reactor Safety System, the Activities referenced in IEEE Std. 1074-1997 are mapped onto the hybrid model. The SLCP is established after the available OPAs (Organizational Process Asset) are applied to the SLC Activities, and the known constraints are reconciled. The established SLCP describes well the software life cycle activities with which the Regulatory Authority provides

  7. A Systematic Analysis of Functional Safety Certification Practices in Industrial Robot Software Development

    Directory of Open Access Journals (Sweden)

    Tong Xie

    2017-01-01

    Full Text Available For decades, industry robotics have delivered on the promise of speed, efficiency and productivity. The last several years have seen a sharp resurgence in the orders of industrial robots in China, and the areas addressed within industrial robotics has extended into safety-critical domains. However, safety standards have not yet been implemented widely in academia and engineering applications, particularly in robot software development. This paper presents a systematic analysis of functional safety certification practices in software development for the safety-critical software of industrial robots, to identify the safety certification practices used for the development of industrial robots in China and how these practices comply with the safety standard requirements. Reviewing from Chinese academic papers, our research shows that safety standards are barely used in software development of industrial robot. The majority of the papers propose various solutions to achieve safety, but only about two thirds of the papers refer to non-standardized approaches that mainly address the systematic level rather than the software development level. In addition, our research shows that with the development of artificial intelligent, an emerging field is still on the quest for standardized and suitable approaches to develop safety-critical software.

  8. Agility in Development of Safety-Critical Software: A Conceptual Model

    DEFF Research Database (Denmark)

    Tordrup Heeager, Lise; Nielsen, Peter Axel

    2018-01-01

    Safety-critical information systems are being used increasingly as we see applications in new areas such as personal medical devices, traffic control and detection of pathogens. A current research debate is whether safety-critical systems must be developed with traditional waterfall processes...

  9. Implementing Software Safety in the NASA Environment

    Science.gov (United States)

    Wetherholt, Martha S.; Radley, Charles F.

    1994-01-01

    the system to be built. Shortly thereafter, as the system requirements are being defined, the second iteration of hazard analyses takes place, the systems hazard analysis (SHA). During the systems requirements phase, decisions are made as to what functions of the system will be the responsibility of software. This is the most critical time to affect the safety of the software. From this point, software safety analyses as well as software engineering practices are the main focus for assuring safe software. While many of the steps proposed in this paper seem like just sound engineering practices, they are the best technical and most cost effective means to assure safe software within a safe system.

  10. Interaction between systems and software engineering in safety-critical systems

    International Nuclear Information System (INIS)

    Knight, J.

    1994-01-01

    There are three areas of concern: when is software to be considered safe; what, exactly, is the role of the software engineer; and how do systems, or sometimes applications, engineers and software engineers interact with each other. The author presents his perspective on these questions which he feels differ from those of many in the field. He argues for a clear definition of safety in the software arena, so the engineer knows what he is engineering toward. Software must be viewed as part of the entire system, since it does not function on its own, or isolation. He argues for the establishment of clear specifications in this area

  11. SCALE criticality safety verification and validation package

    International Nuclear Information System (INIS)

    Bowman, S.M.; Emmett, M.B.; Jordan, W.C.

    1998-01-01

    Verification and validation (V and V) are essential elements of software quality assurance (QA) for computer codes that are used for performing scientific calculations. V and V provides a means to ensure the reliability and accuracy of such software. As part of the SCALE QA and V and V plans, a general V and V package for the SCALE criticality safety codes has been assembled, tested and documented. The SCALE criticality safety V and V package is being made available to SCALE users through the Radiation Safety Information Computational Center (RSICC) to assist them in performing adequate V and V for their SCALE applications

  12. Software qualification for digital safety system in KNICS project

    International Nuclear Information System (INIS)

    Kwon, Kee-Choon; Lee, Dong-Young; Choi, Jong-Gyun

    2012-01-01

    In order to achieve technical self-reliance in the area of nuclear instrumentation and control, the Korea Nuclear Instrumentation and Control System (KNICS) project had been running for seven years from 2001. The safety-grade Programmable Logic Controller (PLC) and the digital safety system were developed by KNICS project. All the software of the PLC and digital safety system were developed and verified following the software development life cycle Verification and Validation (V and V) procedure. The main activities of the V and V process are preparation of software planning documentations, verification of the Software Requirement Specification (SRS), Software Design Specification (SDS) and codes, and a testing of the software components, the integrated software, and the integrated system. In addition, a software safety analysis and a software configuration management are included in the activities. For the software safety analysis at the SRS and SDS phases, the software Hazard Operability (HAZOP) was performed and then the software fault tree analysis was applied. The software fault tree analysis was applied to a part of software module with some critical defects identified by the software HAZOP in SDS phase. The software configuration management was performed using the in-house tool developed in the KNICS project. (author)

  13. Software system safety

    Science.gov (United States)

    Uber, James G.

    1988-01-01

    Software itself is not hazardous, but since software and hardware share common interfaces there is an opportunity for software to create hazards. Further, these software systems are complex, and proven methods for the design, analysis, and measurement of software safety are not yet available. Some past software failures, future NASA software trends, software engineering methods, and tools and techniques for various software safety analyses are reviewed. Recommendations to NASA are made based on this review.

  14. Software FMEA analysis for safety-related application software

    International Nuclear Information System (INIS)

    Park, Gee-Yong; Kim, Dong Hoon; Lee, Dong Young

    2014-01-01

    Highlights: • We develop a modified FMEA analysis suited for applying to software architecture. • A template for failure modes on a specific software language is established. • A detailed-level software FMEA analysis on nuclear safety software is presented. - Abstract: A method of a software safety analysis is described in this paper for safety-related application software. The target software system is a software code installed at an Automatic Test and Interface Processor (ATIP) in a digital reactor protection system (DRPS). For the ATIP software safety analysis, at first, an overall safety or hazard analysis is performed over the software architecture and modules, and then a detailed safety analysis based on the software FMEA (Failure Modes and Effect Analysis) method is applied to the ATIP program. For an efficient analysis, the software FMEA analysis is carried out based on the so-called failure-mode template extracted from the function blocks used in the function block diagram (FBD) for the ATIP software. The software safety analysis by the software FMEA analysis, being applied to the ATIP software code, which has been integrated and passed through a very rigorous system test procedure, is proven to be able to provide very valuable results (i.e., software defects) that could not be identified during various system tests

  15. V and V methods of a safety-critical software for a programmable logic controller

    Energy Technology Data Exchange (ETDEWEB)

    Kim, Jang Yeol; Lee, Young Jun; Cha, Kyung Ho; Cheon, Se Woo; Lee, Jang Soo; Kwon, Kee Choon [Korea Atomic Energy Research Institute, Daejeon (Korea, Republic of); Kong, Seung Ju [Korea Hydro and Nuclear Power Co., Ltd, Daejeon (Korea, Republic of)

    2005-11-15

    This paper addresses the Verification an Validation(V and V) process and the methodology for an embedded real time software of a safety-grade Programmable Logic Controller(PLC). This safety-grade PLC is being developed as one of the Korean Nuclear Instrumentation and Control System(KNICS) project KNICS projects are developing a Reactor Protection System(RPS) and an Engineered Safety Feature-Component Control System(ESF-CCS) as well as a safety-grade PLC. The safety-grade PLC will be a major component that encomposes the RPS systems and the ESF-CCS systems as nuclear instruments and control equipment. This paper describes the V and V guidelines an procedures, V and V environment, V and V process and methodology, and the V and V tools in the KNICS projects. Specifically, it describes the real-time operating system V and V experience which corresponds to the requirement analysis phase, design phase and the implementation and testing phase of the software development life cycle. Main activities of the V and V for the PLC system software are a technical evaluation, licensing suitability evaluation, inspection and traceability analysis, formal verification, software safety analysis, and a software configuration management. The proposed V and V methodology satisfies the Standard Review Plan(SRP)/Branch Technical Position(BTP)-14 criteria for the safety software in nuclear power plants. The proposed V and V methodology is going to be used to verify the upcoming software life cycle in the KNICS projects.

  16. V and V methods of a safety-critical software for a programmable logic controller

    International Nuclear Information System (INIS)

    Kim, Jang Yeol; Lee, Young Jun; Cha, Kyung Ho; Cheon, Se Woo; Lee, Jang Soo; Kwon, Kee Choon; Kong, Seung Ju

    2005-01-01

    This paper addresses the Verification an Validation(V and V) process and the methodology for an embedded real time software of a safety-grade Programmable Logic Controller(PLC). This safety-grade PLC is being developed as one of the Korean Nuclear Instrumentation and Control System(KNICS) project KNICS projects are developing a Reactor Protection System(RPS) and an Engineered Safety Feature-Component Control System(ESF-CCS) as well as a safety-grade PLC. The safety-grade PLC will be a major component that encomposes the RPS systems and the ESF-CCS systems as nuclear instruments and control equipment. This paper describes the V and V guidelines an procedures, V and V environment, V and V process and methodology, and the V and V tools in the KNICS projects. Specifically, it describes the real-time operating system V and V experience which corresponds to the requirement analysis phase, design phase and the implementation and testing phase of the software development life cycle. Main activities of the V and V for the PLC system software are a technical evaluation, licensing suitability evaluation, inspection and traceability analysis, formal verification, software safety analysis, and a software configuration management. The proposed V and V methodology satisfies the Standard Review Plan(SRP)/Branch Technical Position(BTP)-14 criteria for the safety software in nuclear power plants. The proposed V and V methodology is going to be used to verify the upcoming software life cycle in the KNICS projects

  17. Software safety analysis on the model specified by NuSCR and SMV input language at requirements phase of software development life cycle using SMV

    International Nuclear Information System (INIS)

    Koh, Kwang Yong; Seong, Poong Hyun

    2005-01-01

    Safety-critical software process is composed of development process, verification and validation (V and V) process and safety analysis process. Safety analysis process has been often treated as an additional process and not found in a conventional software process. But software safety analysis (SSA) is required if software is applied to a safety system, and the SSA shall be performed independently for the safety software through software development life cycle (SDLC). Of all the phases in software development, requirements engineering is generally considered to play the most critical role in determining the overall software quality. NASA data demonstrate that nearly 75% of failures found in operational software were caused by errors in the requirements. The verification process in requirements phase checks the correctness of software requirements specification, and the safety analysis process analyzes the safety-related properties in detail. In this paper, the method for safety analysis at requirements phase of software development life cycle using symbolic model verifier (SMV) is proposed. Hazard is discovered by hazard analysis and in other to use SMV for the safety analysis, the safety-related properties are expressed by computation tree logic (CTL)

  18. Software qualification in safety applications

    International Nuclear Information System (INIS)

    Lawrence, J.D.

    2000-01-01

    The developers of safety-critical instrumentation and control systems must qualify the design of the components used, including the software in the embedded computer systems, in order to ensure that the component can be trusted to perform its safety function under the full range of operating conditions. There are well known ways to qualify analog systems using the facts that: (1) they are built from standard modules with known properties; (2) design documents are available and described in a well understood language; (3) the performance of the component is constrained by physics; and (4) physics models exist to predict the performance. These properties are not generally available for qualifying software, and one must fall back on extensive testing and qualification of the design process. Neither of these is completely satisfactory. The research reported here is exploring an alternative approach that is intended to permit qualification for an important subset of instrumentation software. The research goal is to determine if a combination of static analysis and limited testing can be used to qualify a class of simple, but practical, computer-based instrumentation components for safety application. These components are of roughly the complexity of a motion detector alarm controller. This goal is accomplished by identifying design constraints that enable meaningful analysis and testing. Once such design constraints are identified, digital systems can be designed to allow for analysis and testing, or existing systems may be tested for conformance to the design constraints as a first step in a qualification process. This will considerably reduce the cost and monetary risk involved in qualifying commercial components for safety-critical service

  19. A Technique of Software Safety Analysis in the Design Phase for PLC Based Safety-Critical Systems

    International Nuclear Information System (INIS)

    Koo, Seo-Ryong; Kim, Chang-Hwoi

    2017-01-01

    The purpose of safety analysis, which is a method of identifying portions of a system that have the potential for unacceptable hazards, is firstly to encourage design changes that will reduce or eliminate hazards and, secondly, to conduct special analyses and tests that can provide increased confidence in especially vulnerable portions of the system. For the design and implementation phase of the PLC based systems, we proposed a technique for software design specification and analysis, and this technique enables us to generate software design specifications (SDSs) in nuclear fields. For the safety analysis in the design phase, we used architecture design blocks of NuFDS to represent the architecture of the software. On the basis of the architecture design specification, we can directly generate the fault tree and then use the fault tree for qualitative analysis. Therefore, we proposed a technique of fault tree synthesis, along with a universal fault tree template for the architecture modules of nuclear software. Through our proposed fault tree synthesis in this work, users can use the architecture specification of the NuFDS approach to intuitively compose fault trees that help analyze the safety design features of software.

  20. Failure Mode and Effect Analysis of the Application Software of the Safety-critical I and C System in APR1400

    Energy Technology Data Exchange (ETDEWEB)

    Kim, Koheun; Kim, Yong geul; Choi, Woong seok; Sohn, Se do [KEPCO Engineering and Construction, Daejeon (Korea, Republic of)

    2016-10-15

    In APR1400, the computer software hazard analysis is performed by hazard and operability analysis (HAZOP) method. Meanwhile, HAZOP has its limitation and cannot be considered better than fault tree analysis (FTA) or failure mode and effect (FMEA) analysis. HAZOP assumes that the system has been carefully studied, and all possible hazards, their effects or consequences and remedies are incorporated in the system. But incorporating every possible event in the design is impossible. In this light, this paper attempts to use FMEA method for evaluating the risk for safety-critical instrumentation and control (I and C) system software for NPP which is more practically than HAZOP. It is possible because the software failures are due to systematic faults that causing simultaneous failure in multiple division when the triggering event happens. This analysis is applied to safety-critical system of Shin-Hanul units 1 and 2 NPP, i.e., APR1400. Through SFMEA, the critical software failure modes and tasks that could result in CCF are identified and also evaluated to determine the associated risk level (e.g. high or intermediate or low) based on the failure effect. Biggest benefit from this analysis comparing with HAZOP is it can reveal the possible weak points and provide the guidance to the V and V team by helping to generate the test cases.

  1. Architecture Level Safety Analyses for Safety-Critical Systems

    Directory of Open Access Journals (Sweden)

    K. S. Kushal

    2017-01-01

    Full Text Available The dependency of complex embedded Safety-Critical Systems across Avionics and Aerospace domains on their underlying software and hardware components has gradually increased with progression in time. Such application domain systems are developed based on a complex integrated architecture, which is modular in nature. Engineering practices assured with system safety standards to manage the failure, faulty, and unsafe operational conditions are very much necessary. System safety analyses involve the analysis of complex software architecture of the system, a major aspect in leading to fatal consequences in the behaviour of Safety-Critical Systems, and provide high reliability and dependability factors during their development. In this paper, we propose an architecture fault modeling and the safety analyses approach that will aid in identifying and eliminating the design flaws. The formal foundations of SAE Architecture Analysis & Design Language (AADL augmented with the Error Model Annex (EMV are discussed. The fault propagation, failure behaviour, and the composite behaviour of the design flaws/failures are considered for architecture safety analysis. The illustration of the proposed approach is validated by implementing the Speed Control Unit of Power-Boat Autopilot (PBA system. The Error Model Annex (EMV is guided with the pattern of consideration and inclusion of probable failure scenarios and propagation of fault conditions in the Speed Control Unit of Power-Boat Autopilot (PBA. This helps in validating the system architecture with the detection of the error event in the model and its impact in the operational environment. This also provides an insight of the certification impact that these exceptional conditions pose at various criticality levels and design assurance levels and its implications in verifying and validating the designs.

  2. ESRS guidelines for software safety reviews. Reference document for the organization and conduct of Engineering Safety Review Services (ESRS) on software important to safety in nuclear power plants

    International Nuclear Information System (INIS)

    2000-01-01

    The IAEA provides safety review services to assist Member States in the application of safety standards and, in particular, to evaluate and facilitate improvements in nuclear power plant safety performance. Complementary to the Operational Safety Review Team (OSART) and the International Regulatory Review Team (IRRT) services are the Engineering Safety Review Services (ESRS), which include reviews of siting, external events and structural safety, design safety, fire safety, ageing management and software safety. Software is of increasing importance to safety in nuclear power plants as the use of computer based equipment and systems, controlled by software, is increasing in new and older plants. Computer based devices are used in both safety related applications (such as process control and monitoring) and safety critical applications (such as reactor protection). Their dependability can only be ensured if a systematic, fully documented and reviewable engineering process is used. The ESRS on software safety are designed to assist a nuclear power plant or a regulatory body of a Member State in the review of documentation relating to the development, application and safety assessment of software embedded in computer based systems important to safety in nuclear power plants. The software safety reviews can be tailored to the specific needs of the requesting organization. Examples of such reviews are: project planning reviews, reviews of specific issues and reviews prior final acceptance. This report gives information on the possible scope of ESRS software safety reviews and guidance on the organization and conduct of the reviews. It is aimed at Member States considering these reviews and IAEA staff and external experts performing the reviews. The ESRS software safety reviews evaluate the degree to which software documents show that the development process and the final product conform to international standards, guidelines and current practices. Recommendations are

  3. On the Use of Safety Certification Practices in Autonomous Field Robot Software Development

    DEFF Research Database (Denmark)

    Mogensen, Johann Thor Ingibergsson; Schultz, Ulrik Pagh; Kuhrmann, Marco

    2015-01-01

    reactions or performance in malfunctioning systems, and influence industry regarding software development and project management. However, academia seemingly did not reach the same degree of utilisation of standards. This paper presents the findings from a systematic mapping study in which we study...... the state-of-the-art in developing software for safety-critical software for autonomous field robots. The purpose of the study is to identify practices used for the development of autonomous field robots and how these practices relate to available safety standards. Our findings from reviewing 49 papers show...... on the quest for suitable approaches to develop safety-critical software, awaiting appropriate standards for this support....

  4. Development of a test rig and its application for validation and reliability testing of safety-critical software

    Energy Technology Data Exchange (ETDEWEB)

    Thai, N D; McDonald, A M [Atomic Energy of Canada Ltd., Mississauga, ON (Canada)

    1996-12-31

    This paper describes a versatile test rig developed by AECL for functional testing of safety-critical software used in the process trip computers of the Wolsong CANDU stations. The description covers the hardware and software aspects of the test rig, the test language and its interpreter, and other major testing software utilities such as the test oracle, sampler and profiler. The paper also discusses the application of the rig in the final stages of testing of the process trip computer software, namely validation and reliability tests. It shows how random test cases are generated, test scripts prepared and automatically run on the test rig. The versatility of the rig is further demonstrated in other types of testing such as sub-system tests, verification of the test oracle, testing of newly-developed test script, self-test and calibration. (author). 5 tabs., 10 figs.

  5. Development of a test rig and its application for validation and reliability testing of safety-critical software

    International Nuclear Information System (INIS)

    Thai, N.D.; McDonald, A.M.

    1995-01-01

    This paper describes a versatile test rig developed by AECL for functional testing of safety-critical software used in the process trip computers of the Wolsong CANDU stations. The description covers the hardware and software aspects of the test rig, the test language and its interpreter, and other major testing software utilities such as the test oracle, sampler and profiler. The paper also discusses the application of the rig in the final stages of testing of the process trip computer software, namely validation and reliability tests. It shows how random test cases are generated, test scripts prepared and automatically run on the test rig. The versatility of the rig is further demonstrated in other types of testing such as sub-system tests, verification of the test oracle, testing of newly-developed test script, self-test and calibration. (author). 5 tabs., 10 figs

  6. Natural Language Interface for Safety Certification of Safety-Critical Software

    Science.gov (United States)

    Denney, Ewen; Fischer, Bernd

    2011-01-01

    Model-based design and automated code generation are being used increasingly at NASA. The trend is to move beyond simulation and prototyping to actual flight code, particularly in the guidance, navigation, and control domain. However, there are substantial obstacles to more widespread adoption of code generators in such safety-critical domains. Since code generators are typically not qualified, there is no guarantee that their output is correct, and consequently the generated code still needs to be fully tested and certified. The AutoCert generator plug-in supports the certification of automatically generated code by formally verifying that the generated code is free of different safety violations, by constructing an independently verifiable certificate, and by explaining its analysis in a textual form suitable for code reviews.

  7. A formal safety analysis for PLC software-based safety critical system using Z

    International Nuclear Information System (INIS)

    Koh, Jung Soo

    1997-02-01

    This paper describes a formal safety analysis technique which is demonstrated by performing empirical formal safety analysis with the case study of beamline hutch door Interlock system that is developed by using PLC (Programmable Logic Controller) systems at the Pohang Accelerator Laboratory. In order to perform formal safety analysis, we have built the Z formal specifications representation from user requirement written in ambiguous natural language and target PLC ladder logic, respectively. We have also studied the effective method to express typical PLC timer component by using specific Z formal notation which is supported by temporal history. We present a formal proof technique specifying and verifying that the hazardous states are not introduced into ladder logic in the PLC-based safety critical system. And also, we have found that some errors or mismatches in user requirement and final implemented PLC ladder logic while analyzing the process of the consistency and completeness of Z translated formal specifications. In the case of relatively small systems like Beamline hutch door interlock system, a formal safety analysis including explicit proof is highly recommended so that the safety of PLC-based critical system may be enhanced and guaranteed. It also provides a helpful benefits enough to comprehend user requirement expressed by ambiguous natural language

  8. Safety critical software development qualification

    International Nuclear Information System (INIS)

    Marron, J. E.

    2006-01-01

    With the increasing use of digital systems in control applications, customers must acquire appropriate expectations for software development and quality assurance procedures. Purchasers and users of digital systems need to understand the benefits to the supplier of effective quality systems. These systems consist not only of procedures but tools that enable automation. Without the use of automation, quality can not be assured. A software and systems quality program starts with the documents you are very familiar with. But these documents must define more than the final system. They must address specific development environment characteristics and testing capabilities. Starting with the RFP, some of the items that should be introduced are Software Configuration Management, regression testing and defect tracking. The digital system customer is in the best position to enforce the use of software and systems quality programs by including them in project requirements as early as the Purchase Order. The customer's understanding of the full scope and implementation of a software quality program is essential to achieving the quality necessary in nuclear projects, and, incidentally, completing those projects on schedule. (authors)

  9. The safety implications of emerging software paradigms

    International Nuclear Information System (INIS)

    Suski, G.J.; Persons, W.L.; Johnson, G.L.

    1994-10-01

    This paper addresses some of the emerging software paradigms that may be used in developing safety-critical software applications. Paradigms considered in this paper include knowledge-based systems, neural networks, genetic algorithms, and fuzzy systems. It presents one view of the software verification and validation activities that should be associated with each paradigm. The paper begins with a discussion of the historical evolution of software verification and validation. Next, a comparison is made between the verification and validation processes used for conventional and emerging software systems. Several verification and validation issues for the emerging paradigms are discussed and some specific research topics are identified. This work is relevant for monitoring and control at nuclear power plants

  10. SCALE 5: Powerful new criticality safety analysis tools

    International Nuclear Information System (INIS)

    Bowman, Stephen M.; Hollenbach, Daniel F.; Dehart, Mark D.; Rearden, Bradley T.; Gauld, Ian C.; Goluoglu, Sedat

    2003-01-01

    Version 5 of the SCALE computer software system developed at Oak Ridge National Laboratory, scheduled for release in December 2003, contains several significant new modules and sequences for criticality safety analysis and marks the most important update to SCALE in more than a decade. This paper highlights the capabilities of these new modules and sequences, including continuous energy flux spectra for processing multigroup problem-dependent cross sections; one- and three-dimensional sensitivity and uncertainty analyses for criticality safety evaluations; two-dimensional flexible mesh discrete ordinates code; automated burnup-credit analysis sequence; and one-dimensional material distribution optimization for criticality safety. (author)

  11. SCALE Graphical Developments for Improved Criticality Safety Analyses

    International Nuclear Information System (INIS)

    Barnett, D.L.; Bowman, S.M.; Horwedel, J.E.; Petrie, L.M.

    1999-01-01

    New computer graphic developments at Oak Ridge National Ridge National Laboratory (ORNL) are being used to provide visualization of criticality safety models and calculational results as well as tools for criticality safety analysis input preparation. The purpose of this paper is to present the status of current development efforts to continue to enhance the SCALE (Standardized Computer Analyses for Licensing Evaluations) computer software system. Applications for criticality safety analysis in the areas of 3-D model visualization, input preparation and execution via a graphical user interface (GUI), and two-dimensional (2-D) plotting of results are discussed

  12. A study on a quantitative V and V for safety-critical software

    International Nuclear Information System (INIS)

    Eom, Heung Seop; Son, Han Seong; Kang, Hyun Gook; Chang, Seung Cheol

    2004-01-01

    Verification and Validation (V and V) plays important role in assessing the safety-critical software embedded in the digital systems for a Nuclear Power Plant. A conventional V and V usually adopts a checklist method and its answers are mostly qualitative. There are some limitations to this conventional V and V method. First, the difficulties in using the checklist method are: Even for an acceptable software, some checklist questions will have negative answers. The checklist itself does not help to explain the reasons for drawing an overall positive conclusion in the presence of a few negative answers. The checklist does not help decide when enough issues have been examined to achieve a reasonable confidence in the software. The checklist method does not support a consideration of different kinds of information, such as software engineering measures. Second, a difficulty comes from the qualitative form of the answers in the checklist method, which is: It is usually hard to know when sufficient evidence has been collected. Finally a difficulty comes from a human expert's way of combining a great number of diverse evidence and inferring the conclusion, which is: Some of this evidence is qualitative and others are quantitative. Both are necessary to evaluate the quality of the software correctly. But, in general, the experts' way of combining the diverse evidence and performing an inference is usually informal and qualitative, which is hard to discuss and will eventually lead to a debate about the conclusion. Our overall goal is to develop a systematic method that can obtain quantitative information of the software quality from the works of V and V. To achieve this goal and to solve the above-mentioned problems in the current V and V method, we studied a method that can combine qualitative and quantitative evidence, and can infer a conclusion in a formal and a quantitative way by using the benefits of BBN

  13. An effective technique for the software requirements analysis of NPP safety-critical systems, based on software inspection, requirements traceability, and formal specification

    International Nuclear Information System (INIS)

    Koo, Seo Ryong; Seong, Poong Hyun; Yoo, Junbeom; Cha, Sung Deok; Yoo, Yeong Jae

    2005-01-01

    A thorough requirements analysis is indispensable for developing and implementing safety-critical software systems such as nuclear power plant (NPP) software systems because a single error in the requirements can generate serious software faults. However, it is very difficult to completely analyze system requirements. In this paper, an effective technique for the software requirements analysis is suggested. For requirements verification and validation (V and V) tasks, our technique uses software inspection, requirement traceability, and formal specification with structural decomposition. Software inspection and requirements traceability analysis are widely considered the most effective software V and V methods. Although formal methods are also considered an effective V and V activity, they are difficult to use properly in the nuclear fields as well as in other fields because of their mathematical nature. In this work, we propose an integrated environment (IE) approach for requirements, which is an integrated approach that enables easy inspection by combining requirement traceability and effective use of a formal method. The paper also introduces computer-aided tools for supporting IE approach for requirements. Called the nuclear software inspection support and requirements traceability (NuSISRT), the tool incorporates software inspection, requirement traceability, and formal specification capabilities. We designed the NuSISRT to partially automate software inspection and analysis of requirement traceability. In addition, for the formal specification and analysis, we used the formal requirements specification and analysis tool for nuclear engineering (NuSRS)

  14. Proceedings of the nuclear criticality technology safety project

    Energy Technology Data Exchange (ETDEWEB)

    Sanchez, R.G. [comp.

    1997-06-01

    This document contains summaries of the most of the papers presented at the 1994 Nuclear Criticality Technology Safety Project (NCTSP) meeting, which was held May 10 and 11 at Williamsburg, Va. The meeting was broken up into seven sessions, which covered the following topics: (1) Validation and Application of Calculations; (2) Relevant Experiments for Criticality Safety; (3) Experimental Facilities and Capabilities; (4) Rad-Waste and Weapons Disassembly; (5) Criticality Safety Software and Development; (6) Criticality Safety Studies at Universities; and (7) Training. The minutes and list of participants of the Critical Experiment Needs Identification Workgroup meeting, which was held on May 9 at the same venue, has been included as an appendix. A second appendix contains the names and addresses of all NCTSP meeting participants. Separate abstracts have been indexed to the database for contributions to this proceedings.

  15. Proceedings of the nuclear criticality technology safety project

    International Nuclear Information System (INIS)

    Sanchez, R.G.

    1997-06-01

    This document contains summaries of the most of the papers presented at the 1994 Nuclear Criticality Technology Safety Project (NCTSP) meeting, which was held May 10 and 11 at Williamsburg, Va. The meeting was broken up into seven sessions, which covered the following topics: (1) Validation and Application of Calculations; (2) Relevant Experiments for Criticality Safety; (3) Experimental Facilities and Capabilities; (4) Rad-Waste and Weapons Disassembly; (5) Criticality Safety Software and Development; (6) Criticality Safety Studies at Universities; and (7) Training. The minutes and list of participants of the Critical Experiment Needs Identification Workgroup meeting, which was held on May 9 at the same venue, has been included as an appendix. A second appendix contains the names and addresses of all NCTSP meeting participants. Separate abstracts have been indexed to the database for contributions to this proceedings

  16. Experience gained in the production of licensable safety-critical software for Darlington NGS

    International Nuclear Information System (INIS)

    Crane, R.H.

    1992-01-01

    The Darlington Nuclear Generating Station is a new station, consisting of four 935 Mw units, built by Ontario Hydro, on the north shore of Lake Ontario, approximately 50 miles east of Toronto. In May, 1987, the first of the four units of this station was approaching the point where Ontario Hydro would be requesting a license to load fuel, and then proceed to first criticality. At this point, however, the regulatory authority, the Atomic Energy Control Board (AECB) started to show increasing concerns related to the Trip Computer Software associated with Darlington's newly-designed computerized shutdown systems. The concerns centered around whether or not the safety reliability, reviewability, and maintainability of this software could be demonstrated by Ontario Hydro or the system designer, Atomic Energy of Canada Limited (AECL). In order to back up the validity of their concerns, they hired a well-known consultant, who reviewed the code, and made recommendations concerning its design, implementation, and documentation. Considerable effort was required by Ontario Hydro and AECL in order to comply with those recommendations. This paper describes those efforts, outlines the difficulties encountered, and assesses the lessons learned from them

  17. Software diversity: way to enhance safety?

    International Nuclear Information System (INIS)

    Dahll, G.; Bishop, P.

    1990-01-01

    The topic of the paper is the use of diversely produced programs to enhance the safety of computer-based systems applied in safety-critical areas. The paper starts with a survey of scientific investigations on the impact of software redundancy made at various institutions around the world. Main emphasis will, however, be put on the PODS/STEM projects, which have been performed at the OECD Halden Project in cooperation with the Technical Research Center of Finland, the Safety and Reliability Directorate, AEA Technology, UK, and Central Electricity Research Laboratory (now National Power Technology and Environment Centre), UK. In these projects, three program versions were made independently by three different teams, all based on the same specification. The three programs were tested back-to-back with a large amount of test data. The experience and results from this process were carefully logged and used for further analysis. Various strategies for test data selection were compared, with respect to fault finding strategies, as well as to branch and statement coverages of the tested programs. The assumption of independence of failures in diversely produced programs was investigated. A particularly interesting effect, namely failure masking due to program structure, was revealed. Static analysis techniques, software measures, and software reliability estimates were also studied. (author)

  18. Final Technical Report on Quantifying Dependability Attributes of Software Based Safety Critical Instrumentation and Control Systems in Nuclear Power Plants

    International Nuclear Information System (INIS)

    Smidts, Carol; Huang, Fuqun; Li, Boyuan; Li, Xiang

    2016-01-01

    With the current transition from analog to digital instrumentation and control systems in nuclear power plants, the number and variety of software-based systems have significantly increased. The sophisticated nature and increasing complexity of software raises trust in these systems as a significant challenge. The trust placed in a software system is typically termed software dependability. Software dependability analysis faces uncommon challenges since software systems' characteristics differ from those of hardware systems. The lack of systematic science-based methods for quantifying the dependability attributes in software-based instrumentation as well as control systems in safety critical applications has proved itself to be a significant inhibitor to the expanded use of modern digital technology in the nuclear industry. Dependability refers to the ability of a system to deliver a service that can be trusted. Dependability is commonly considered as a general concept that encompasses different attributes, e.g., reliability, safety, security, availability and maintainability. Dependability research has progressed significantly over the last few decades. For example, various assessment models and/or design approaches have been proposed for software reliability, software availability and software maintainability. Advances have also been made to integrate multiple dependability attributes, e.g., integrating security with other dependability attributes, measuring availability and maintainability, modeling reliability and availability, quantifying reliability and security, exploring the dependencies between security and safety and developing integrated analysis models. However, there is still a lack of understanding of the dependencies between various dependability attributes as a whole and of how such dependencies are formed. To address the need for quantification and give a more objective basis to the review process -- therefore reducing regulatory uncertainty

  19. Final Technical Report on Quantifying Dependability Attributes of Software Based Safety Critical Instrumentation and Control Systems in Nuclear Power Plants

    Energy Technology Data Exchange (ETDEWEB)

    Smidts, Carol [The Ohio State Univ., Columbus, OH (United States); Huang, Funqun [The Ohio State Univ., Columbus, OH (United States); Li, Boyuan [The Ohio State Univ., Columbus, OH (United States); Li, Xiang [The Ohio State Univ., Columbus, OH (United States)

    2016-03-25

    With the current transition from analog to digital instrumentation and control systems in nuclear power plants, the number and variety of software-based systems have significantly increased. The sophisticated nature and increasing complexity of software raises trust in these systems as a significant challenge. The trust placed in a software system is typically termed software dependability. Software dependability analysis faces uncommon challenges since software systems’ characteristics differ from those of hardware systems. The lack of systematic science-based methods for quantifying the dependability attributes in software-based instrumentation as well as control systems in safety critical applications has proved itself to be a significant inhibitor to the expanded use of modern digital technology in the nuclear industry. Dependability refers to the ability of a system to deliver a service that can be trusted. Dependability is commonly considered as a general concept that encompasses different attributes, e.g., reliability, safety, security, availability and maintainability. Dependability research has progressed significantly over the last few decades. For example, various assessment models and/or design approaches have been proposed for software reliability, software availability and software maintainability. Advances have also been made to integrate multiple dependability attributes, e.g., integrating security with other dependability attributes, measuring availability and maintainability, modeling reliability and availability, quantifying reliability and security, exploring the dependencies between security and safety and developing integrated analysis models. However, there is still a lack of understanding of the dependencies between various dependability attributes as a whole and of how such dependencies are formed. To address the need for quantification and give a more objective basis to the review process -- therefore reducing regulatory uncertainty

  20. An integrated computer design environment for the development of micro-computer critical software

    International Nuclear Information System (INIS)

    De Agostino, E.; Massari, V.

    1986-01-01

    The paper deals with the development of micro-computer software for Nuclear Safety System. More specifically, it describes an experimental work in the field of software development methodologies to be used for the implementation of micro-computer based safety systems. An investigation of technological improvements that are provided by state-of-the-art integrated packages for micro-based systems development has been carried out. The work has aimed to assess a suitable automated tools environment for the whole software life-cycle. The main safety functions, as DNBR, KW/FT, of a nuclear power reactor have been implemented in a host-target approach. A prototype test-bed microsystem has been implemented to run the safety functions in order to derive a concrete evaluation on the feasibility of critical software according to new technological trends of ''Software Factories''. (author)

  1. A formal safety analysis for PLC software-based safety critical system using Z

    International Nuclear Information System (INIS)

    Koh, Jung Soo; Seong, Poong Hyun

    1997-01-01

    This paper describes a formal safety analysis technique which is demonstrated by performing empirical formal safety analysis with the case study of beamline hutch door Interlock system that is developed by using PLC (Programmable Logic Controller) systems at the Pohang Accelerator Laboratory. In order to perform formed safety analysis, we have built the Z formal specifications representation from user requirement written in ambiguous natural language and target PLC ladder logic, respectively. We have also studied the effective method to express typical PLC timer component by using specific Z formal notation which is supported by temporal history. We present a formal proof technique specifying and verifying that the hazardous states are not introduced into ladder logic in the PLC-based safety critical system

  2. Evaluation procedure of software safety plan for digital I and C of KNGR

    International Nuclear Information System (INIS)

    Lee, Jang Soo; Park, Jong Kyun; Lee, Ki Young; Kwon, Ki Choon; Kim, Jang Yeol; Cheon, Se Woo

    2000-05-01

    The development, use, and regulation of computer systems in nuclear reactor instrumentation and control (I and C) systems to enhance reliability and safety is a complex issue. This report is one of a series of reports from the Korean next generation reactor (KNGR) software safety verification and validation (SSVV) task, Korea Atomic Energy Research Institute, which investigates different aspects of computer software in reactor I and C systems, and describes the engineering procedures for developing such a software. The purpose of this guideline is to give the software safety evaluator the trail map between the code and standards layer and the design methodology and documents layer for the software important to safety in nuclear power plants. Recently, the safety planning for safety-critical software systems is being recognized as the most important phase in the software life cycle, and being developed new regulatory positions and standards by the regulatory and the standardization organizations. The requirements for software important to safety of nuclear reactor are described in such positions and standards, for example, the new standard review plan (SRP), IEC 880 supplements, IEEE standard 1228-1994, IEEE standard 7-4.3.2-1993, and IAEA safety series No. 50-SG-D3 and D8. We presented the guidance for evaluating the safety plan of the software in the KNGR protection systems. The guideline consists of the regulatory requirements for software safety in chapter 2, the evaluation checklist of software safety plan in chapter3, and the evaluation results of KNGR software safety plan in chapter 4

  3. Evaluation procedure of software safety plan for digital I and C of KNGR

    Energy Technology Data Exchange (ETDEWEB)

    Lee, Jang Soo; Park, Jong Kyun; Lee, Ki Young; Kwon, Ki Choon; Kim, Jang Yeol; Cheon, Se Woo

    2000-05-01

    The development, use, and regulation of computer systems in nuclear reactor instrumentation and control (I and C) systems to enhance reliability and safety is a complex issue. This report is one of a series of reports from the Korean next generation reactor (KNGR) software safety verification and validation (SSVV) task, Korea Atomic Energy Research Institute, which investigates different aspects of computer software in reactor I and C systems, and describes the engineering procedures for developing such a software. The purpose of this guideline is to give the software safety evaluator the trail map between the code and standards layer and the design methodology and documents layer for the software important to safety in nuclear power plants. Recently, the safety planning for safety-critical software systems is being recognized as the most important phase in the software life cycle, and being developed new regulatory positions and standards by the regulatory and the standardization organizations. The requirements for software important to safety of nuclear reactor are described in such positions and standards, for example, the new standard review plan (SRP), IEC 880 supplements, IEEE standard 1228-1994, IEEE standard 7-4.3.2-1993, and IAEA safety series No. 50-SG-D3 and D8. We presented the guidance for evaluating the safety plan of the software in the KNGR protection systems. The guideline consists of the regulatory requirements for software safety in chapter 2, the evaluation checklist of software safety plan in chapter3, and the evaluation results of KNGR software safety plan in chapter 4.

  4. Testing existing software for safety-related applications. Revision 7.1

    International Nuclear Information System (INIS)

    Scott, J.A.; Lawrence, J.D.

    1995-12-01

    The increasing use of commercial off-the-shelf (COTS) software products in digital safety-critical applications is raising concerns about the safety, reliability, and quality of these products. One of the factors involved in addressing these concerns is product testing. A tester's knowledge of the software product will vary, depending on the information available from the product vendor. In some cases, complete source listings, program structures, and other information from the software development may be available. In other cases, only the complete hardware/software package may exist, with the tester having no knowledge of the internal structure of the software. The type of testing that can be used will depend on the information available to the tester. This report describes six different types of testing, which differ in the information used to create the tests, the results that may be obtained, and the limitations of the test types. An Annex contains background information on types of faults encountered in testing, and a Glossary of pertinent terms is also included. This study is pertinent for safety-related software at reactors

  5. Towards a lessons learned system for critical software

    International Nuclear Information System (INIS)

    Andrade, J.; Ares, J.; Garcia, R.; Pazos, J.; Rodriguez, S.; Rodriguez-Paton, A.; Silva, A.

    2007-01-01

    Failure can be a major driver for the advance of any engineering discipline and Software Engineering is no exception. But failures are useful only if lessons are learned from them. In this article we aim to make a strong defence of, and set the requirements for, lessons learned systems for safety-critical software. We also present a prototype lessons learned system that includes many of the features discussed here. We emphasize that, apart from individual organizations, lessons learned systems should target industrial sectors and even the Software Engineering community. We would like to encourage the Software Engineering community to use this kind of systems as another tool in the toolbox, which complements or enhances other approaches like, for example, standards and checklists

  6. Towards a lessons learned system for critical software

    Energy Technology Data Exchange (ETDEWEB)

    Andrade, J. [University of A Coruna. Campus de Elvina, s/n. 15071, A Coruna (Spain)]. E-mail: jag@udc.es; Ares, J. [University of A Coruna. Campus de Elvina, s/n. 15071, A Coruna (Spain)]. E-mail: juanar@udc.es; Garcia, R. [University of A Coruna. Campus de Elvina, s/n. 15071, A Coruna (Spain)]. E-mail: rafael@udc.es; Pazos, J. [Technical University of Madrid. Campus de Montegancedo, s/n. 28660, Boadilla del Monte, Madrid (Spain)]. E-mail: jpazos@fi.upm.es; Rodriguez, S. [University of A Coruna. Campus de Elvina, s/n. 15071, A Coruna (Spain)]. E-mail: santi@udc.es; Rodriguez-Paton, A. [Technical University of Madrid. Campus de Montegancedo, s/n. 28660, Boadilla del Monte, Madrid (Spain)]. E-mail: arpaton@fi.upm.es; Silva, A. [Technical University of Madrid. Campus de Montegancedo, s/n. 28660, Boadilla del Monte, Madrid (Spain)]. E-mail: asilva@fi.upm.es

    2007-07-15

    Failure can be a major driver for the advance of any engineering discipline and Software Engineering is no exception. But failures are useful only if lessons are learned from them. In this article we aim to make a strong defence of, and set the requirements for, lessons learned systems for safety-critical software. We also present a prototype lessons learned system that includes many of the features discussed here. We emphasize that, apart from individual organizations, lessons learned systems should target industrial sectors and even the Software Engineering community. We would like to encourage the Software Engineering community to use this kind of systems as another tool in the toolbox, which complements or enhances other approaches like, for example, standards and checklists.

  7. Claire, a simulation and testing tool for critical softwares

    International Nuclear Information System (INIS)

    Gassino, J.; Henry, J.Y.

    1996-01-01

    The CEA and IPSN (Institute of Nuclear Protection and Safety) needs concerning the testing of critical softwares, have led to the development of the CLAIRE tool which is able to test the softwares without modification. This tool allows to graphically model the system and its environment and to include components into the model which observe and do not modify the behaviour of the system to be tested. The executable codes are integrated in the model. The tool uses target machine simulators (microprocessors). The technique used (the event simulation) allows to associate actions with events such as the execution of an instruction, the access to a variable etc.. The simulation results are exploited using graphic, states research and test cover measurement tools. In particular, this tool can give help to the evaluation of critical softwares with pre-existing components. (J.S.)

  8. Dependability Assessment by Static Analysis of Software Important to Nuclear Power Plant Safety

    Energy Technology Data Exchange (ETDEWEB)

    Ourghanlian, Alain [EDF Lab, Chatou (France)

    2014-08-15

    We describe a practical experimentation of safety assessment of safety-critical software used in Nuclear Power Plants. To enhance the credibility of safety assessments and to optimize safety justification costs, Electricite de France (EDF) investigates the use of methods and tools for source code semantic analysis, to obtain indisputable evidence and help assessors focus on the most critical issues. EDF has been using the PolySpace tool for more than 10 years. Today, new industrial tools, based on the same formal approach, Abstract Interpretation, are available. Practical experimentation with these new tools shows that the precision obtained on one of our shutdown systems software is very significantly improved. In a first part, we present the analysis principles of the tools used in our experimentation. In a second part, we present the main characteristics of protection-system software, and why these characteristics are well adapted for the new analysis tools. In the last part, we present an overview of the results and the limitation of the tools.

  9. Software for computer based systems important to safety in nuclear power plants. Safety guide

    International Nuclear Information System (INIS)

    2004-01-01

    Computer based systems are of increasing importance to safety in nuclear power plants as their use in both new and older plants is rapidly increasing. They are used both in safety related applications, such as some functions of the process control and monitoring systems, as well as in safety critical applications, such as reactor protection or actuation of safety features. The dependability of computer based systems important to safety is therefore of prime interest and should be ensured. With current technology, it is possible in principle to develop computer based instrumentation and control systems for systems important to safety that have the potential for improving the level of safety and reliability with sufficient dependability. However, their dependability can be predicted and demonstrated only if a systematic, fully documented and reviewable engineering process is followed. Although a number of national and international standards dealing with quality assurance for computer based systems important to safety have been or are being prepared, internationally agreed criteria for demonstrating the safety of such systems are not generally available. It is recognized that there may be other ways of providing the necessary safety demonstration than those recommended here. The basic requirements for the design of safety systems for nuclear power plants are provided in the Requirements for Design issued in the IAEA Safety Standards Series.The IAEA has issued a Technical Report to assist Member States in ensuring that computer based systems important to safety in nuclear power plants are safe and properly licensed. The report provides information on current software engineering practices and, together with relevant standards, forms a technical basis for this Safety Guide. The objective of this Safety Guide is to provide guidance on the collection of evidence and preparation of documentation to be used in the safety demonstration for the software for computer based

  10. Software for computer based systems important to safety in nuclear power plants. Safety guide

    International Nuclear Information System (INIS)

    2005-01-01

    Computer based systems are of increasing importance to safety in nuclear power plants as their use in both new and older plants is rapidly increasing. They are used both in safety related applications, such as some functions of the process control and monitoring systems, as well as in safety critical applications, such as reactor protection or actuation of safety features. The dependability of computer based systems important to safety is therefore of prime interest and should be ensured. With current technology, it is possible in principle to develop computer based instrumentation and control systems for systems important to safety that have the potential for improving the level of safety and reliability with sufficient dependability. However, their dependability can be predicted and demonstrated only if a systematic, fully documented and reviewable engineering process is followed. Although a number of national and international standards dealing with quality assurance for computer based systems important to safety have been or are being prepared, internationally agreed criteria for demonstrating the safety of such systems are not generally available. It is recognized that there may be other ways of providing the necessary safety demonstration than those recommended here. The basic requirements for the design of safety systems for nuclear power plants are provided in the Requirements for Design issued in the IAEA Safety Standards Series.The IAEA has issued a Technical Report to assist Member States in ensuring that computer based systems important to safety in nuclear power plants are safe and properly licensed. The report provides information on current software engineering practices and, together with relevant standards, forms a technical basis for this Safety Guide. The objective of this Safety Guide is to provide guidance on the collection of evidence and preparation of documentation to be used in the safety demonstration for the software for computer based

  11. Software for computer based systems important to safety in nuclear power plants. Safety guide

    International Nuclear Information System (INIS)

    2000-01-01

    Computer based systems are of increasing importance to safety in nuclear power plants as their use in both new and older plants is rapidly increasing. They are used both in safety related applications, such as some functions of the process control and monitoring systems, as well as in safety critical applications, such as reactor protection or actuation of safety features. The dependability of computer based systems important to safety is therefore of prime interest and should be ensured. With current technology, it is possible in principle to develop computer based instrumentation and control systems for systems important to safety that have the potential for improving the level of safety and reliability with sufficient dependability. However, their dependability can be predicted and demonstrated only if a systematic, fully documented and reviewable engineering process is followed. Although a number of national and international standards dealing with quality assurance for computer based systems important to safety have been or are being prepared, internationally agreed criteria for demonstrating the safety of such systems are not generally available. It is recognized that there may be other ways of providing the necessary safety demonstration than those recommended here. The basic requirements for the design of safety systems for nuclear power plants are provided in the Requirements for Design issued in the IAEA Safety Standards Series.The IAEA has issued a Technical Report to assist Member States in ensuring that computer based systems important to safety in nuclear power plants are safe and properly licensed. The report provides information on current software engineering practices and, together with relevant standards, forms a technical basis for this Safety Guide. The objective of this Safety Guide is to provide guidance on the collection of evidence and preparation of documentation to be used in the safety demonstration for the software for computer based

  12. Risk-Informed Safety Assurance and Probabilistic Assessment of Mission-Critical Software-Intensive Systems

    Science.gov (United States)

    Guarro, Sergio B.

    2010-01-01

    This report validates and documents the detailed features and practical application of the framework for software intensive digital systems risk assessment and risk-informed safety assurance presented in the NASA PRA Procedures Guide for Managers and Practitioner. This framework, called herein the "Context-based Software Risk Model" (CSRM), enables the assessment of the contribution of software and software-intensive digital systems to overall system risk, in a manner which is entirely compatible and integrated with the format of a "standard" Probabilistic Risk Assessment (PRA), as currently documented and applied for NASA missions and applications. The CSRM also provides a risk-informed path and criteria for conducting organized and systematic digital system and software testing so that, within this risk-informed paradigm, the achievement of a quantitatively defined level of safety and mission success assurance may be targeted and demonstrated. The framework is based on the concept of context-dependent software risk scenarios and on the modeling of such scenarios via the use of traditional PRA techniques - i.e., event trees and fault trees - in combination with more advanced modeling devices such as the Dynamic Flowgraph Methodology (DFM) or other dynamic logic-modeling representations. The scenarios can be synthesized and quantified in a conditional logic and probabilistic formulation. The application of the CSRM method documented in this report refers to the MiniAERCam system designed and developed by the NASA Johnson Space Center.

  13. Health Monitor for Multitasking, Safety-Critical, Real-Time Software

    Science.gov (United States)

    Zoerner, Roger

    2011-01-01

    Health Manager can detect Bad Health prior to a failure occurring by periodically monitoring the application software by looking for code corruption errors, and sanity-checking each critical data value prior to use. A processor s memory can fail and corrupt the software, or the software can accidentally write to the wrong address and overwrite the executing software. This innovation will continuously calculate a checksum of the software load to detect corrupted code. This will allow a system to detect a failure before it happens. This innovation monitors each software task (thread) so that if any task reports "bad health," or does not report to the Health Manager, the system is declared bad. The Health Manager reports overall system health to the outside world by outputting a square wave signal. If the square wave stops, this indicates that system health is bad or hung and cannot report. Either way, "bad health" can be detected, whether caused by an error, corrupted data, or a hung processor. A separate Health Monitor Task is started and run periodically in a loop that starts and stops pending on a semaphore. Each monitored task registers with the Health Manager, which maintains a count for the task. The registering task must indicate if it will run more or less often than the Health Manager. If the task runs more often than the Health Manager, the monitored task calls a health function that increments the count and verifies it did not go over max-count. When the periodic Health Manager runs, it verifies that the count did not go over the max-count and zeroes it. If the task runs less often than the Health Manager, the periodic Health Manager will increment the count. The monitored task zeroes the count, and both the Health Manager and monitored task verify that the count did not go over the max-count.

  14. Safety management of software-based equipment

    CERN Document Server

    Boulanger, Jean-Louis

    2013-01-01

    A review of the principles of the safety of software-based equipment, this book begins by presenting the definition principles of safety objectives. It then moves on to show how it is possible to define a safety architecture (including redundancy, diversification, error-detection techniques) on the basis of safety objectives and how to identify objectives related to software programs. From software objectives, the authors present the different safety techniques (fault detection, redundancy and quality control). "Certifiable system" aspects are taken into account throughout the book. C

  15. Infusing Reliability Techniques into Software Safety Analysis

    Science.gov (United States)

    Shi, Ying

    2015-01-01

    Software safety analysis for a large software intensive system is always a challenge. Software safety practitioners need to ensure that software related hazards are completely identified, controlled, and tracked. This paper discusses in detail how to incorporate the traditional reliability techniques into the entire software safety analysis process. In addition, this paper addresses how information can be effectively shared between the various practitioners involved in the software safety analyses. The author has successfully applied the approach to several aerospace applications. Examples are provided to illustrate the key steps of the proposed approach.

  16. The achievement and assessment of safety in systems containing software

    International Nuclear Information System (INIS)

    Ball, A.; Dale, C.J.; Butterfield, M.H.

    1986-01-01

    In order to establish confidence in the safe operation of a reactor protection system, there is a need to establish, as far as it is possible, that: (i) the algorithms used are correct; (ii) the system is a correct implementation of the algorithms; and (iii) the hardware is sufficiently reliable. This paper concentrates principally on the second of these, as it applies to the software aspect of the more accurate and complex trip functions to be performed by modern reactor protection systems. In order to engineer safety into software, there is a need to use a development strategy which will stand a high chance of achieving a correct implementation of the trip algorithms. This paper describes three broad methodologies by which it is possible to enhance the integrity of software: fault avoidance, fault tolerance and fault removal. Fault avoidance is concerned with making the software as fault free as possible by appropriate choice of specification, design and implementation methods. A fault tolerant strategy may be advisable in many safety critical applications, in order to guard against residual faults present in the software of the installed system. Fault detection and removal techniques are used to remove as many faults as possible of those introduced during software development. The paper also discusses safety and reliability assessment as it applies to software, outlining the various approaches available. Finally, there is an outline of a research project underway in the UKAEA which is intended to assess methods for developing and testing safety and protection systems involving software. (author)

  17. Application of Software Safety Analysis Methods

    International Nuclear Information System (INIS)

    Park, G. Y.; Hur, S.; Cheon, S. W.; Kim, D. H.; Lee, D. Y.; Kwon, K. C.; Lee, S. J.; Koo, Y. H.

    2009-01-01

    A fully digitalized reactor protection system, which is called the IDiPS-RPS, was developed through the KNICS project. The IDiPS-RPS has four redundant and separated channels. Each channel is mainly composed of a group of bistable processors which redundantly compare process variables with their corresponding setpoints and a group of coincidence processors that generate a final trip signal when a trip condition is satisfied. Each channel also contains a test processor called the ATIP and a display and command processor called the COM. All the functions were implemented in software. During the development of the safety software, various software safety analysis methods were applied, in parallel to the verification and validation (V and V) activities, along the software development life cycle. The software safety analysis methods employed were the software hazard and operability (Software HAZOP) study, the software fault tree analysis (Software FTA), and the software failure modes and effects analysis (Software FMEA)

  18. Software safety hazard analysis

    International Nuclear Information System (INIS)

    Lawrence, J.D.

    1996-02-01

    Techniques for analyzing the safety and reliability of analog-based electronic protection systems that serve to mitigate hazards in process control systems have been developed over many years, and are reasonably well understood. An example is the protection system in a nuclear power plant. The extension of these techniques to systems which include digital computers is not well developed, and there is little consensus among software engineering experts and safety experts on how to analyze such systems. One possible technique is to extend hazard analysis to include digital computer-based systems. Software is frequently overlooked during system hazard analyses, but this is unacceptable when the software is in control of a potentially hazardous operation. In such cases, hazard analysis should be extended to fully cover the software. A method for performing software hazard analysis is proposed in this paper

  19. Automated tools for safety-critical software

    International Nuclear Information System (INIS)

    Lapassat, A.M.

    1993-01-01

    The regulatory (DSIN), the utilities (EDF, CEA..) and the CEA-Institute for Protection and Nuclear Safety (IPSN) work together at the French nuclear safety. This paper presents a tool, called CLAIRE, for simulation and tests of different nuclear safety system. (TEC)

  20. Lecture Notes on Criticality Safety Validation Using MCNP & Whisper

    Energy Technology Data Exchange (ETDEWEB)

    Brown, Forrest B. [Los Alamos National Lab. (LANL), Los Alamos, NM (United States); Rising, Michael Evan [Los Alamos National Lab. (LANL), Los Alamos, NM (United States); Alwin, Jennifer Louise [Los Alamos National Lab. (LANL), Los Alamos, NM (United States)

    2016-03-11

    Training classes for nuclear criticality safety, MCNP documentation. The need for, and problems surrounding, validation of computer codes and data area considered first. Then some background for MCNP & Whisper is given--best practices for Monte Carlo criticality calculations, neutron spectra, S(α,β) thermal neutron scattering data, nuclear data sensitivities, covariance data, and correlation coefficients. Whisper is computational software designed to assist the nuclear criticality safety analyst with validation studies with the Monte Carlo radiation transport package MCNP. Whisper's methodology (benchmark selection – Ck's, weights; extreme value theory – bias, bias uncertainty; MOS for nuclear data uncertainty – GLLS) and usage are discussed.

  1. Compiler issues associated with safety-related software

    International Nuclear Information System (INIS)

    Feinauer, L.R.

    1991-01-01

    A critical issue in the quality assurance of safety-related software is the ability of the software to produce identical results, independent of the host machine, operating system, or compiler version under which the software is installed. A study is performed using the VIPRE-0l, FREY-01, and RETRAN-02 safety-related codes. Results from an IBM 3083 computer are compared with results from a CYBER 860 computer. All three of the computer programs examined are written in FORTRAN; the VIPRE code uses the FORTRAN 66 compiler, whereas the FREY and RETRAN codes use the FORTRAN 77 compiler. Various compiler options are studied to determine their effect on the output between machines. Since the Control Data Corporation and IBM machines inherently represent numerical data differently, methods of producing equivalent accuracy of data representation were an important focus of the study. This paper identifies particular problems in the automatic double-precision option (AUTODBL) of the IBM FORTRAN 1.4.x series of compilers. The IBM FORTRAN version 2 compilers provide much more stable, reliable compilation for engineering software. Careful selection of compilers and compiler options can help guarantee identical results between different machines. To ensure reproducibility of results, the same compiler and compiler options should be used to install the program as were used in the development and testing of the program

  2. Quality assurance for software important to safety

    International Nuclear Information System (INIS)

    2000-01-01

    Software applications play an increasingly relevant role in nuclear power plant systems. This is particularly true of software important to safety used in both: calculations for the design, testing and analysis of nuclear reactor systems (design, engineering and analysis software); and monitoring, control and safety functions as an integral part of the reactor systems (monitoring, control and safety system software). Computer technology is advancing at a fast pace, offering new possibilities in nuclear reactor design, construction, commissioning, operation, maintenance and decommissioning. These advances also present new issues which must be considered both by the utility and by the regulatory organization. Refurbishment of ageing instrumentation and control systems in nuclear power plants and new safety related application areas have emerged, with direct (e.g. interfaces with safety systems) and indirect (e.g. operator intervention) implications for safety. Currently, there exist several international standards and guides on quality assurance for software important to safety. However, none of the existing documents provides comprehensive guidance to the developer, manager and regulator during all phases of the software life-cycle. The present publication was developed taking into account the large amount of available documentation, the rapid development of software systems and the need for updated guidance on h ow to do it . It provides information and guidance for defining and implementing quality assurance programmes covering the entire life-cycle of software important to safety. Expected users are managers, performers and assessors from nuclear utilities, regulatory bodies, suppliers and technical support organizations involved with the development and use of software applied in nuclear power plants

  3. Obtaining Valid Safety Data for Software Safety Measurement and Process Improvement

    Science.gov (United States)

    Basili, Victor r.; Zelkowitz, Marvin V.; Layman, Lucas; Dangle, Kathleen; Diep, Madeline

    2010-01-01

    We report on a preliminary case study to examine software safety risk in the early design phase of the NASA Constellation spaceflight program. Our goal is to provide NASA quality assurance managers with information regarding the ongoing state of software safety across the program. We examined 154 hazard reports created during the preliminary design phase of three major flight hardware systems within the Constellation program. Our purpose was two-fold: 1) to quantify the relative importance of software with respect to system safety; and 2) to identify potential risks due to incorrect application of the safety process, deficiencies in the safety process, or the lack of a defined process. One early outcome of this work was to show that there are structural deficiencies in collecting valid safety data that make software safety different from hardware safety. In our conclusions we present some of these deficiencies.

  4. Development of regulation technologies for software verification and validation of I and C systems important to safety in NPPs

    International Nuclear Information System (INIS)

    Kim, Bok Ryul; Oh, S. H.; Zhu, O. P.; Jeong, C. H.; Hwang, H. S.; Goo, C. S.; Chung, Y. H.

    2000-12-01

    The project has provided the draft regulatory policies and guides regarding the quality assurance of software used to I and C systems important to safety in nuclear power plants, differentiated V and V activities by safety classes which are important elements in ensuring software quality assurance, and suggested V and V techniques to be applied, regulatory guides and checklists for reviewing software important to safety. The project introduced the classification concepts on software quality assurance. The I and C systems important to safety are classified into IC-1, IC-2, IC-3, and Non-IC as based on safety classifications. And the software used to these I and C systems are classified into 3 categories, say, safety-critical software, safety-related software, and non-safety software, in the light of safety importance of functions to be performed. Based upon these safety classifications, the extent of software V and V activities by each class has been differentiated each other. On the other hand, the project has divided software important to safety into newly-developed software and previously-developed software in terms of design and implementation, and provided the draft regulatory guides on each type of software, for instance, newly-developed software, previously-developed software, and software tools

  5. Development of a methodology for assessing the safety of embedded software systems

    Science.gov (United States)

    Garrett, C. J.; Guarro, S. B.; Apostolakis, G. E.

    1993-01-01

    A Dynamic Flowgraph Methodology (DFM) based on an integrated approach to modeling and analyzing the behavior of software-driven embedded systems for assessing and verifying reliability and safety is discussed. DFM is based on an extension of the Logic Flowgraph Methodology to incorporate state transition models. System models which express the logic of the system in terms of causal relationships between physical variables and temporal characteristics of software modules are analyzed to determine how a certain state can be reached. This is done by developing timed fault trees which take the form of logical combinations of static trees relating the system parameters at different point in time. The resulting information concerning the hardware and software states can be used to eliminate unsafe execution paths and identify testing criteria for safety critical software functions.

  6. Software Design Improvements. Part 2; Software Quality and the Design and Inspection Process

    Science.gov (United States)

    Lalli, Vincent R.; Packard, Michael H.; Ziemianski, Tom

    1997-01-01

    The application of assurance engineering techniques improves the duration of failure-free performance of software. The totality of features and characteristics of a software product are what determine its ability to satisfy customer needs. Software in safety-critical systems is very important to NASA. We follow the System Safety Working Groups definition for system safety software as: 'The optimization of system safety in the design, development, use and maintenance of software and its integration with safety-critical systems in an operational environment. 'If it is not safe, say so' has become our motto. This paper goes over methods that have been used by NASA to make software design improvements by focusing on software quality and the design and inspection process.

  7. Evaluation of static analysis tools used to assess software important to nuclear power plant safety

    Energy Technology Data Exchange (ETDEWEB)

    Ourghanlian, Alain [EDF Lab CHATOU, Simulation and Information Technologies for Power Generation Systems Department, EDF R and D, Cedex (France)

    2015-03-15

    We describe a comparative analysis of different tools used to assess safety-critical software used in nuclear power plants. To enhance the credibility of safety assessments and to optimize safety justification costs, Electricit e de France (EDF) investigates the use of methods and tools for source code semantic analysis, to obtain indisputable evidence and help assessors focus on the most critical issues. EDF has been using the PolySpace tool for more than 10 years. Currently, new industrial tools based on the same formal approach, Abstract Interpretation, are available. Practical experimentation with these new tools shows that the precision obtained on one of our shutdown systems software packages is substantially improved. In the first part of this article, we present the analysis principles of the tools used in our experimentation. In the second part, we present the main characteristics of protection-system software, and why these characteristics are well adapted for the new analysis tools.

  8. The verification methodologies for a software modeling of Engineered Safety Features- Component Control System (ESF-CCS)

    International Nuclear Information System (INIS)

    Lee, Young-Jun; Cheon, Se-Woo; Cha, Kyung-Ho; Park, Gee-Yong; Kwon, Kee-Choon

    2007-01-01

    The safety of a software is not guaranteed through a simple testing of the software. The testing reviews only the static functions of a software. The behavior, dynamic state of a software is not reviewed by a software testing. The Ariane5 rocket accident and the failure of the Virtual Case File Project are determined by a software fault. Although this software was tested thoroughly, the potential errors existed internally. There are a lot of methods to solve these problems. One of the methods is a formal methodology. It describes the software requirements as a formal specification during a software life cycle and verifies a specified design. This paper suggests the methods which verify the design to be described as a formal specification. We adapt these methods to the software of a ESF-CCS (Engineered Safety Features-Component Control System) and use the SCADE (Safety Critical Application Development Environment) tool for adopting the suggested verification methods

  9. Software Safety and Security

    CERN Document Server

    Nipkow, T; Hauptmann, B

    2012-01-01

    Recent decades have seen major advances in methods and tools for checking the safety and security of software systems. Automatic tools can now detect security flaws not only in programs of the order of a million lines of code, but also in high-level protocol descriptions. There has also been something of a breakthrough in the area of operating system verification. This book presents the lectures from the NATO Advanced Study Institute on Tools for Analysis and Verification of Software Safety and Security; a summer school held at Bayrischzell, Germany, in 2011. This Advanced Study Institute was

  10. Security for safety critical space borne systems

    Science.gov (United States)

    Legrand, Sue

    1987-01-01

    The Space Station contains safety critical computer software components in systems that can affect life and vital property. These components require a multilevel secure system that provides dynamic access control of the data and processes involved. A study is under way to define requirements for a security model providing access control through level B3 of the Orange Book. The model will be prototyped at NASA-Johnson Space Center.

  11. BBN based Quantitative Assessment of Software Design Specification

    International Nuclear Information System (INIS)

    Eom, Heung-Seop; Park, Gee-Yong; Kang, Hyun-Gook; Kwon, Kee-Choon; Chang, Seung-Cheol

    2007-01-01

    Probabilistic Safety Assessment (PSA), which is one of the important methods in assessing the overall safety of a nuclear power plant (NPP), requires quantitative reliability information of safety-critical software, but the conventional reliability assessment methods can not provide enough information for PSA of a NPP. Therefore current PSA which includes safety-critical software does not usually consider the reliability of the software or uses arbitrary values for it. In order to solve this situation this paper proposes a method that can produce quantitative reliability information of safety-critical software for PSA by making use of Bayesian Belief Networks (BBN). BBN has generally been used to model an uncertain system in many research fields including the safety assessment of software. The proposed method was constructed by utilizing BBN which can combine the qualitative and the quantitative evidence relevant to the reliability of safety critical software. The constructed BBN model can infer a conclusion in a formal and a quantitative way. A case study was carried out with the proposed method to assess the quality of software design specification (SDS) of safety-critical software that will be embedded in a reactor protection system. The intermediate V and V results of the software design specification were used as inputs to the BBN model

  12. Static and Dynamic Verification of Critical Software for Space Applications

    Science.gov (United States)

    Moreira, F.; Maia, R.; Costa, D.; Duro, N.; Rodríguez-Dapena, P.; Hjortnaes, K.

    Space technology is no longer used only for much specialised research activities or for sophisticated manned space missions. Modern society relies more and more on space technology and applications for every day activities. Worldwide telecommunications, Earth observation, navigation and remote sensing are only a few examples of space applications on which we rely daily. The European driven global navigation system Galileo and its associated applications, e.g. air traffic management, vessel and car navigation, will significantly expand the already stringent safety requirements for space based applications Apart from their usefulness and practical applications, every single piece of onboard software deployed into the space represents an enormous investment. With a long lifetime operation and being extremely difficult to maintain and upgrade, at least when comparing with "mainstream" software development, the importance of ensuring their correctness before deployment is immense. Verification &Validation techniques and technologies have a key role in ensuring that the onboard software is correct and error free, or at least free from errors that can potentially lead to catastrophic failures. Many RAMS techniques including both static criticality analysis and dynamic verification techniques have been used as a means to verify and validate critical software and to ensure its correctness. But, traditionally, these have been isolated applied. One of the main reasons is the immaturity of this field in what concerns to its application to the increasing software product(s) within space systems. This paper presents an innovative way of combining both static and dynamic techniques exploiting their synergy and complementarity for software fault removal. The methodology proposed is based on the combination of Software FMEA and FTA with Fault-injection techniques. The case study herein described is implemented with support from two tools: The SoftCare tool for the SFMEA and SFTA

  13. Study on safety classifications of software used in nuclear power plants and distinct applications of verification and validation activities in each class

    International Nuclear Information System (INIS)

    Kim, B. R.; Oh, S. H.; Hwang, H. S.; Kim, D. I.

    2000-01-01

    This paper describes the safety classification regarding instrumentation and control (I and C) systems and their software used in nuclear power plants, provides regulatory positions for software important to safety, and proposes verification and validation (V and V) activities applied differently in software classes which are important elements in ensuring software quality assurance. In other word, the I and C systems important to safety are classified into IC-1, IC-2, IC-3, and Non-IC and their software are classified into safety-critical, safety-related, and non-safety software. Based upon these safety classifications, the extent of software V and V activities in each class is differentiated each other. In addition, the paper presents that the software for use in I and C systems important to safety is divided into newly-developed and previously-developed software in terms of design and implementation, and provides the regulatory positions on each type of software

  14. Reliability analysis of software based safety functions

    International Nuclear Information System (INIS)

    Pulkkinen, U.

    1993-05-01

    The methods applicable in the reliability analysis of software based safety functions are described in the report. Although the safety functions also include other components, the main emphasis in the report is on the reliability analysis of software. The check list type qualitative reliability analysis methods, such as failure mode and effects analysis (FMEA), are described, as well as the software fault tree analysis. The safety analysis based on the Petri nets is discussed. The most essential concepts and models of quantitative software reliability analysis are described. The most common software metrics and their combined use with software reliability models are discussed. The application of software reliability models in PSA is evaluated; it is observed that the recent software reliability models do not produce the estimates needed in PSA directly. As a result from the study some recommendations and conclusions are drawn. The need of formal methods in the analysis and development of software based systems, the applicability of qualitative reliability engineering methods in connection to PSA and the need to make more precise the requirements for software based systems and their analyses in the regulatory guides should be mentioned. (orig.). (46 refs., 13 figs., 1 tab.)

  15. The software safety analysis based on SFTA for reactor power regulating system in nuclear power plant

    International Nuclear Information System (INIS)

    Liu Zhaohui; Yang Xiaohua; Liao Longtao; Wu Zhiqiang

    2015-01-01

    The digitalized Instrumentation and Control (I and C) system of Nuclear power plants can provide many advantages. However, digital control systems induce new failure modes that differ from those of analog control systems. While the cost effectiveness and flexibility of software is widely recognized, it is very difficult to achieve and prove high levels of dependability and safety assurance for the functions performed by process control software, due to the very flexibility and potential complexity of the software itself. Software safety analysis (SSA) was one way to improve the software safety by identify the system hazards caused by software failure. This paper describes the application of a software fault tree analysis (SFTA) at the software design phase. At first, we evaluate all the software modules of the reactor power regulating system in nuclear power plant and identify various hazards. The SFTA was applied to some critical modules selected from the previous step. At last, we get some new hazards that had not been identified in the prior processes of the document evaluation which were helpful for our design. (author)

  16. Software safety analysis practice in installation phase

    Energy Technology Data Exchange (ETDEWEB)

    Huang, H. W.; Chen, M. H.; Shyu, S. S., E-mail: hwhwang@iner.gov.t [Institute of Nuclear Energy Research, No. 1000 Wenhua Road, Chiaan Village, Longtan Township, 32546 Taoyuan County, Taiwan (China)

    2010-10-15

    This work performed a software safety analysis in the installation phase of the Lung men nuclear power plant in Taiwan, under the cooperation of Institute of Nuclear Energy Research and Tpc. The US Nuclear Regulatory Commission requests licensee to perform software safety analysis and software verification and validation in each phase of software development life cycle with Branch Technical Position 7-14. In this work, 37 safety grade digital instrumentation and control systems were analyzed by failure mode and effects analysis, which is suggested by IEEE standard 7-4.3.2-2003. During the installation phase, skew tests for safety grade network and point to point tests were performed. The failure mode and effects analysis showed all the single failure modes can be resolved by the redundant means. Most of the common mode failures can be resolved by operator manual actions. (Author)

  17. Software safety analysis practice in installation phase

    International Nuclear Information System (INIS)

    Huang, H. W.; Chen, M. H.; Shyu, S. S.

    2010-10-01

    This work performed a software safety analysis in the installation phase of the Lung men nuclear power plant in Taiwan, under the cooperation of Institute of Nuclear Energy Research and Tpc. The US Nuclear Regulatory Commission requests licensee to perform software safety analysis and software verification and validation in each phase of software development life cycle with Branch Technical Position 7-14. In this work, 37 safety grade digital instrumentation and control systems were analyzed by failure mode and effects analysis, which is suggested by IEEE standard 7-4.3.2-2003. During the installation phase, skew tests for safety grade network and point to point tests were performed. The failure mode and effects analysis showed all the single failure modes can be resolved by the redundant means. Most of the common mode failures can be resolved by operator manual actions. (Author)

  18. Verification and validation process for the safety software in KNICS

    International Nuclear Information System (INIS)

    Kwon, Kee-Choon; Lee, Jang-Soo; Kim, Jang-Yeol

    2004-01-01

    This paper describes the Verification and Validation (V and V ) process for safety software of Programmable Logic Controller (PLC), Digital Reactor Protection System (DRPS), and Engineered Safety Feature-Component Control System (ESF-CCS) that are being developed in Korea Nuclear Instrumentation and Control System (KNICS) projects. Specifically, it presents DRPS V and V experience according to the software development life cycle. The main activities of DRPS V and V process are preparation of software planning documentation, verification of Software Requirement Specification (SRS), Software Design Specification (SDS) and codes, and testing of the integrated software and the integrated system. In addition, they include software safety analysis and software configuration management. SRS V and V of DRPS are technical evaluation, licensing suitability evaluation, inspection and traceability analysis, formal verification, preparing integrated system test plan, software safety analysis, and software configuration management. Also, SDS V and V of RPS are technical evaluation, licensing suitability evaluation, inspection and traceability analysis, formal verification, preparing integrated software test plan, software safety analysis, and software configuration management. The code V and V of DRPS are traceability analysis, source code inspection, test case and test procedure generation, software safety analysis, and software configuration management. Testing is the major V and V activity of software integration and system integration phase. Software safety analysis at SRS phase uses Hazard Operability (HAZOP) method, at SDS phase it uses HAZOP and Fault Tree Analysis (FTA), and at implementation phase it uses FTA. Finally, software configuration management is performed using Nu-SCM (Nuclear Software Configuration Management) tool developed by KNICS project. Through these activities, we believe we can achieve the functionality, performance, reliability and safety that are V

  19. Nuclear medicine software: safety aspects

    International Nuclear Information System (INIS)

    Anon.

    1989-01-01

    A brief editorial discusses the safety aspects of nuclear medicine software. Topics covered include some specific features which should be incorporated into a well-written piece of software, some specific points regarding software testing and legal liability if inappropriate medical treatment was initiated as a result of information derived from a piece of clinical apparatus incorporating a malfunctioning computer program. (U.K.)

  20. Software Innovation in a Mission Critical Environment

    Science.gov (United States)

    Fredrickson, Steven

    2015-01-01

    Operating in mission-critical environments requires trusted solutions, and the preference for "tried and true" approaches presents a potential barrier to infusing innovation into mission-critical systems. This presentation explores opportunities to overcome this barrier in the software domain. It outlines specific areas of innovation in software development achieved by the Johnson Space Center (JSC) Engineering Directorate in support of NASA's major human spaceflight programs, including International Space Station, Multi-Purpose Crew Vehicle (Orion), and Commercial Crew Programs. Software engineering teams at JSC work with hardware developers, mission planners, and system operators to integrate flight vehicles, habitats, robotics, and other spacecraft elements for genuinely mission critical applications. The innovations described, including the use of NASA Core Flight Software and its associated software tool chain, can lead to software that is more affordable, more reliable, better modelled, more flexible, more easily maintained, better tested, and enabling of automation.

  1. Secure Software Configuration Management Processes for nuclear safety software development environment

    International Nuclear Information System (INIS)

    Chou, I.-Hsin

    2011-01-01

    Highlights: → The proposed method emphasizes platform-independent security processes. → A hybrid process based on the nuclear SCM and security regulations is proposed. → Detailed descriptions and Process Flow Diagram are useful for software developers. - Abstract: The main difference between nuclear and generic software is that the risk factor is infinitely greater in nuclear software - if there is a malfunction in the safety system, it can result in significant economic loss, physical damage or threat to human life. However, secure software development environment have often been ignored in the nuclear industry. In response to the terrorist attacks on September 11, 2001, the US Nuclear Regulatory Commission (USNRC) revised the Regulatory Guide (RG 1.152-2006) 'Criteria for use of computers in safety systems of nuclear power plants' to provide specific security guidance throughout the software development life cycle. Software Configuration Management (SCM) is an essential discipline in the software development environment. SCM involves identifying configuration items, controlling changes to those items, and maintaining integrity and traceability of them. For securing the nuclear safety software, this paper proposes a Secure SCM Processes (S 2 CMP) which infuses regulatory security requirements into proposed SCM processes. Furthermore, a Process Flow Diagram (PFD) is adopted to describe S 2 CMP, which is intended to enhance the communication between regulators and developers.

  2. 75 FR 11918 - Hewlett Pachard Company, Business Critical Systems, Mission Critical Business Software Division...

    Science.gov (United States)

    2010-03-12

    ... Pachard Company, Business Critical Systems, Mission Critical Business Software Division, Openvms Operating... Colorado, Marlborough, Massachuetts; Hewlett Pachard Company, Business Critical Systems, Mission Critical... Company, Business Critical Systems, Mission Critical Business Software Division, OpenVMS Operating System...

  3. Software safety analysis application in installation phase

    International Nuclear Information System (INIS)

    Huang, H. W.; Yih, S.; Wang, L. H.; Liao, B. C.; Lin, J. M.; Kao, T. M.

    2010-01-01

    This work performed a software safety analysis (SSA) in the installation phase of the Lungmen nuclear power plant (LMNPP) in Taiwan, under the cooperation of INER and TPC. The US Nuclear Regulatory Commission (USNRC) requests licensee to perform software safety analysis (SSA) and software verification and validation (SV and V) in each phase of software development life cycle with Branch Technical Position (BTP) 7-14. In this work, 37 safety grade digital instrumentation and control (I and C) systems were analyzed by Failure Mode and Effects Analysis (FMEA), which is suggested by IEEE Standard 7-4.3.2-2003. During the installation phase, skew tests for safety grade network and point to point tests were performed. The FMEA showed all the single failure modes can be resolved by the redundant means. Most of the common mode failures can be resolved by operator manual actions. (authors)

  4. Design Information from the PSA for Digital Safety-Critical Systems

    International Nuclear Information System (INIS)

    Kang, Hyun Gook; Jang, Seung Cheol

    2005-01-01

    Many safety-critical applications such as nuclear field application usually adopt a similar design strategy for digital safety-critical systems. Their differences from the normal design for the non-safety-critical applications could be summarized as: multiple-redundancy, highly reliable components, strengthened monitoring mechanism, verified software, and automated test procedure. These items are focusing on maintaining the capability to perform the given safety function when it is requested. For the past several decades, probabilistic safety assessment (PSA) techniques are used in the nuclear industry to assess the relative effects of contributing events on plant risk and system reliability. They provide a unifying means of assessing physical faults, recovery processes, contributing effects, human actions, and other events that have a high degree of uncertainty. The applications of PSA provide not only the analysis results of already installed system but also the useful information for the system under design. The information could be derived from the PSA experience of the various safety-critical systems. Thanks to the design flexibility, the digital system is one of the most suitable candidates for risk-informed design (RID). In this article, we will describe the feedbacks for system design and try to develop a procedure for RID. Even though the procedure is not sophisticated enough now, it could be the start point of the further investigation for developing more complete and practical methodology

  5. Safety-Critical Partitioned Software Architecture: A Partitioned Software Architecture for Robotic

    Science.gov (United States)

    Horvath, Greg; Chung, Seung H.; Cilloniz-Bicchi, Ferner

    2011-01-01

    The flight software on virtually every mission currently managed by JPL has several major flaws that make it vulnerable to potentially fatal software defects. Many of these problems can be addressed by recently developed partitioned operating systems (OS). JPL has avoided adopting a partitioned operating system on its flight missions, primarily because doing so would require significant changes in flight software design, and the risks associated with changes of that magnitude cannot be accepted by an active flight project. The choice of a partitioned OS can have a dramatic effect on the overall system and software architecture, allowing for realization of benefits far beyond the concerns typically associated with the choice of OS. Specifically, we believe that a partitioned operating system, when coupled with an appropriate architecture, can provide a strong infrastructure for developing systems for which reusability, modifiability, testability, and reliability are essential qualities. By adopting a partitioned OS, projects can gain benefits throughout the entire development lifecycle, from requirements and design, all the way to implementation, testing, and operations.

  6. Software Safety Life cycle and Method of POSAFE-Q System

    International Nuclear Information System (INIS)

    Lee, Jang-Soo; Kwon, Kee-Choon

    2006-01-01

    This paper describes the relationship between the overall safety life cycle and the software safety life cycle during the development of the software based safety systems of Nuclear Power Plants. This includes the design and evaluation activities of components as well as the system. The paper also compares the safety life cycle and planning activities defined in IEC 61508 with those in IEC 60880, IEEE 7-4.3.2, and IEEE 1228. Using the KNICS project as an example, software safety life cycle and safety analysis methods applied to the POSAFE-Q are demonstrated. KNICS software safety life cycle is described by comparing to the software development, testing, and safety analysis process with international standards. The safety assessment of the software for POSAFE-Q is a joint Korean German project. The assessment methods applied in the project and the experiences gained from this project are presented

  7. Bureaucracy, Safety and Software: a Potentially Lethal Cocktail

    Science.gov (United States)

    Hatton, Les

    This position paper identifies a potential problem with the evolution of software controlled safety critical systems. It observes that the rapid growth of bureaucracy in society quickly spills over into rules for behaviour. Whether the need for the rules comes first or there is simple anticipation of the need for a rule by a bureaucrat is unclear in many cases. Many such rules lead to draconian restrictions and often make the existing situation worse due to the presence of unintended consequences as will be shown with a number of examples.

  8. Safety review on unit testing of safety system software of nuclear power plant

    International Nuclear Information System (INIS)

    Liu Le; Zhang Qi

    2013-01-01

    Software unit testing has an important place in the testing of safety system software of nuclear power plants, and in the wider scope of the verification and validation. It is a comprehensive, systematic process, and its documentation shall meet the related requirements. When reviewing software unit testing, attention should be paid to the coverage of software safety requirements, the coverage of software internal structure, and the independence of the work. (authors)

  9. Nuclear criticality safety guide

    International Nuclear Information System (INIS)

    Pruvost, N.L.; Paxton, H.C.

    1996-09-01

    This technical reference document cites information related to nuclear criticality safety principles, experience, and practice. The document also provides general guidance for criticality safety personnel and regulators

  10. Nuclear criticality safety guide

    Energy Technology Data Exchange (ETDEWEB)

    Pruvost, N.L.; Paxton, H.C. [eds.

    1996-09-01

    This technical reference document cites information related to nuclear criticality safety principles, experience, and practice. The document also provides general guidance for criticality safety personnel and regulators.

  11. A SOFTWARE RELIABILITY ESTIMATION METHOD TO NUCLEAR SAFETY SOFTWARE

    Directory of Open Access Journals (Sweden)

    GEE-YONG PARK

    2014-02-01

    Full Text Available A method for estimating software reliability for nuclear safety software is proposed in this paper. This method is based on the software reliability growth model (SRGM, where the behavior of software failure is assumed to follow a non-homogeneous Poisson process. Two types of modeling schemes based on a particular underlying method are proposed in order to more precisely estimate and predict the number of software defects based on very rare software failure data. The Bayesian statistical inference is employed to estimate the model parameters by incorporating software test cases as a covariate into the model. It was identified that these models are capable of reasonably estimating the remaining number of software defects which directly affects the reactor trip functions. The software reliability might be estimated from these modeling equations, and one approach of obtaining software reliability value is proposed in this paper.

  12. SafetyAnalyst : software tools for safety management of specific highway sites

    Science.gov (United States)

    2010-07-01

    SafetyAnalyst provides a set of software tools for use by state and local highway agencies for highway safety management. SafetyAnalyst can be used by highway agencies to improve their programming of site-specific highway safety improvements. SafetyA...

  13. Estimating Impact and Frequency of Risks to Safety and Mission Critical Systems Using CVSS

    NARCIS (Netherlands)

    Houmb, S.H.; Nunes Leal Franqueira, V.; Engum, E.A.

    2008-01-01

    Many safety and mission critical systems depend on the correct and secure operation of both supportive and core software systems. E.g., both the safety of personnel and the effective execution of core missions on an oil platform depend on the correct recording storing, transfer and interpretation of

  14. New enhancements to SCALE for criticality safety analysis

    International Nuclear Information System (INIS)

    Hollenbach, D.F.; Bowman, S.M.; Petrie, L.M.; Parks, C.V.

    1995-01-01

    As the speed, available memory, and reliability of computer hardware increases and the cost decreases, the complexity and usability of computer software will increase, taking advantage of the new hardware capabilities. Computer programs today must be more flexible and user friendly than those of the past. Within available resources, the SCALE staff at Oak Ridge National Laboratory (ORNL) is committed to upgrading its computer codes to keep pace with the current level of technology. This paper examines recent additions and enhancements to the criticality safety analysis sections of the SCALE code package. These recent additions and enhancements made to SCALE can be divided into nine categories: (1) new analytical computer codes, (2) new cross-section libraries, (3) new criticality search sequences, (4) enhanced graphical capabilities, (5) additional KENO enhancements, (6) enhanced resonance processing capabilities, (7) enhanced material information processing capabilities, (8) portability of the SCALE code package, and (9) other minor enhancements, modifications, and corrections to SCALE. Each of these additions and enhancements to the criticality safety analysis capabilities of the SCALE code system are discussed below

  15. Safety and reliability of automatization software

    Energy Technology Data Exchange (ETDEWEB)

    Kapp, K; Daum, R [Karlsruhe Univ. (TH) (Germany, F.R.). Lehrstuhl fuer Angewandte Informatik, Transport- und Verkehrssysteme

    1979-02-01

    Automated technical systems have to meet very high requirements concerning safety, security and reliability. Today, modern computers, especially microcomputers, are used as integral parts of those systems. In consequence computer programs must work in a safe and reliable mannter. Methods are discussed which allow to construct safe and reliable software for automatic systems such as reactor protection systems and to prove that the safety requirements are met. As a result it is shown that only the method of total software diversification can satisfy all safety requirements at tolerable cost. In order to achieve a high degree of reliability, structured and modular programming in context with high level programming languages are recommended.

  16. Software hazard analysis for nuclear digital protection system by Colored Petri Net

    International Nuclear Information System (INIS)

    Bai, Tao; Chen, Wei-Hua; Liu, Zhen; Gao, Feng

    2017-01-01

    Highlights: •A dynamic hazard analysis method is proposed for the safety-critical software. •The mechanism relies on Colored Petri Net. •Complex interactions between software and hardware are captured properly. •Common failure mode in software are identified effectively. -- Abstract: The software safety of a nuclear digital protection system is critical for the safety of nuclear power plants as any software defect may result in severe damage. In order to ensure the safety and reliability of safety-critical digital system products and their applications, software hazard analysis is required to be performed during the lifecycle of software development. The dynamic software hazard modeling and analysis method based on Colored Petri Net is proposed and applied to the safety-critical control software of the nuclear digital protection system in this paper. The analysis results show that the proposed method can explain the complex interactions between software and hardware and identify the potential common cause failure in software properly and effectively. Moreover, the method can find the dominant software induced hazard to safety control actions, which aids in increasing software quality.

  17. A 'Toolbox' Equivalent Process for Safety Analysis Software

    International Nuclear Information System (INIS)

    O'Kula, K.R.; Eng, Tony

    2004-01-01

    Defense Nuclear Facilities Safety Board (DNFSB) Recommendation 2002-1 (Quality Assurance for Safety-Related Software) identified a number of quality assurance issues on the use of software in Department of Energy (DOE) facilities for analyzing hazards, and designing and operating controls that prevent or mitigate potential accidents. The development and maintenance of a collection, or 'toolbox', of multiple-site use, standard solution, Software Quality Assurance (SQA)-compliant safety software is one of the major improvements identified in the associated DOE Implementation Plan (IP). The DOE safety analysis toolbox will contain a set of appropriately quality-assured, configuration-controlled, safety analysis codes, recognized for DOE-broad, safety basis applications. Currently, six widely applied safety analysis computer codes have been designated for toolbox consideration. While the toolbox concept considerably reduces SQA burdens among DOE users of these codes, many users of unique, single-purpose, or single-site software may still have sufficient technical justification to continue use of their computer code of choice, but are thwarted by the multiple-site condition on toolbox candidate software. The process discussed here provides a roadmap for an equivalency argument, i.e., establishing satisfactory SQA credentials for single-site software that can be deemed ''toolbox-equivalent''. The process is based on the model established to meet IP Commitment 4.2.1.2: Establish SQA criteria for the safety analysis ''toolbox'' codes. Implementing criteria that establish the set of prescriptive SQA requirements are based on implementation plan/procedures from the Savannah River Site, also incorporating aspects of those from the Waste Isolation Pilot Plant (SNL component) and the Yucca Mountain Project. The major requirements are met with evidence of a software quality assurance plan, software requirements and design documentation, user's instructions, test report, a

  18. Professional Training in Software Engineering: A Critical Need in the United States

    Directory of Open Access Journals (Sweden)

    Jennifer Waldrow

    2012-06-01

    Full Text Available The software is related to almost every aspect of daily life: manufacturing, banking, travel, communications, defense, medicine, research, government, education, entertainment, law ... Is an essential part of military systems and is used in all civilian sectors, including safety and mission critical. Moreover, the complexity of many of these systems has increased exponentially in recent decades and the software has become an essential component for all of them. Unfortunately, the "systems of higher education", in almost all countries have not kept pace with these changes. The current science and engineering programs, both undergraduate and graduate, they need to incorporate more training in Software Engineering. It is especially true in areas such as aerospace engineering, because these systems are highly dependent on computer, information, communications and software. This article presents an analysis of the current situation of the United States in what has to do with software engineering training that receive and require the aerospace engineers.

  19. Review of studies on criticality safety evaluation and criticality experiment methods

    International Nuclear Information System (INIS)

    Naito, Yoshitaka; Yamamoto, Toshihiro; Misawa, Tsuyoshi; Yamane, Yuichi

    2013-01-01

    Since the early 1960s, many studies on criticality safety evaluation have been conducted in Japan. Computer code systems were developed initially by employing finite difference methods, and more recently by using Monte Carlo methods. Criticality experiments have also been carried out in many laboratories in Japan as well as overseas. By effectively using these study results, the Japanese Criticality Safety Handbook was published in 1988, almost the intermediate point of the last 50 years. An increased interest has been shown in criticality safety studies, and a Working Party on Nuclear Criticality Safety (WPNCS) was set up by the Nuclear Science Committee of Organisation Economic Co-operation and Development in 1997. WPNCS has several task forces in charge of each of the International Criticality Safety Benchmark Evaluation Program (ICSBEP), Subcritical Measurement, Experimental Needs, Burn-up Credit Studies and Minimum Critical Values. Criticality safety studies in Japan have been carried out in cooperation with WPNCS. This paper describes criticality safety study activities in Japan along with the contents of the Japanese Criticality Safety Handbook and the tasks of WPNCS. (author)

  20. Software quality assurance and software safety in the Biomed Control System

    International Nuclear Information System (INIS)

    Singh, R.P.; Chu, W.T.; Ludewigt, B.A.; Marks, K.M.; Nyman, M.A.; Renner, T.R.; Stradtner, R.

    1989-01-01

    The Biomed Control System is a hardware/software system used for the delivery, measurement and monitoring of heavy-ion beams in the patient treatment and biology experiment rooms in the Bevalac at the Lawrence Berkeley Laboratory (LBL). This paper describes some aspects of this system including historical background philosophy, configuration management, hardware features that facilitate software testing, software testing procedures, the release of new software quality assurance, safety and operator monitoring. 3 refs

  1. Cyber Security Threats to Safety-Critical, Space-Based Infrastructures

    Science.gov (United States)

    Johnson, C. W.; Atencia Yepez, A.

    2012-01-01

    Space-based systems play an important role within national critical infrastructures. They are being integrated into advanced air-traffic management applications, rail signalling systems, energy distribution software etc. Unfortunately, the end users of communications, location sensing and timing applications often fail to understand that these infrastructures are vulnerable to a wide range of security threats. The following pages focus on concerns associated with potential cyber-attacks. These are important because future attacks may invalidate many of the safety assumptions that support the provision of critical space-based services. These safety assumptions are based on standard forms of hazard analysis that ignore cyber-security considerations This is a significant limitation when, for instance, security attacks can simultaneously exploit multiple vulnerabilities in a manner that would never occur without a deliberate enemy seeking to damage space based systems and ground infrastructures. We address this concern through the development of a combined safety and security risk assessment methodology. The aim is to identify attack scenarios that justify the allocation of additional design resources so that safety barriers can be strengthened to increase our resilience against security threats.

  2. Nuclear criticality safety guide

    International Nuclear Information System (INIS)

    Ro, Seong Ki; Shin, Hee Seong; Park, Seong Won; Shin, Young Joon.

    1997-06-01

    Nuclear criticality safety guide was described for handling, transportation and storage of nuclear fissile materials in this report. The major part of the report was excerpted frp, TID-7016(revision 2) and nuclear criticality safety written by Knief. (author). 16 tabs., 44 figs., 5 refs

  3. RICIS Symposium 1992: Mission and Safety Critical Systems Research and Applications

    Science.gov (United States)

    1992-01-01

    This conference deals with computer systems which control systems whose failure to operate correctly could produce the loss of life and or property, mission and safety critical systems. Topics covered are: the work of standards groups, computer systems design and architecture, software reliability, process control systems, knowledge based expert systems, and computer and telecommunication protocols.

  4. French safety and criticality testing programmes

    International Nuclear Information System (INIS)

    Barbry, F.; Leclerc, J.; Manaranche, J.C.; Maubert, L.

    1982-01-01

    This article underlines the need to include experimental safety-criticality programmes in the French nuclear effort. The means and methods used at the Section of Experimental Nuclear Safety and Criticality Research, attached to the CEA Valduc Centre, are described. Three experimental programmes are presented: safety-criticality of the PWR fuel cycle, neutron poisoning of plutonium solutions by gadolinium and safety-criticality of slightly enriched and slightly moderated uranium oxide. Criticality accidents studies in solution are then described [fr

  5. SCJ-Circus: a refinement-oriented formal notation for Safety-Critical Java

    Directory of Open Access Journals (Sweden)

    Alvaro Miyazawa

    2016-06-01

    Full Text Available Safety-Critical Java (SCJ is a version of Java whose goal is to support the development of real-time, embedded, safety-critical software. In particular, SCJ supports certification of such software by introducing abstractions that enforce a simpler architecture, and simpler concurrency and memory models. In this paper, we present SCJ-Circus, a refinement-oriented formal notation that supports the specification and verification of low-level programming models that include the new abstractions introduced by SCJ. SCJ-Circus is part of the family of state-rich process algebra Circus, as such, SCJ-Circus includes the Circus constructs for modelling sequential and concurrent behaviour, real-time and object orientation. We present here the syntax and semantics of SCJ-Circus, which is defined by mapping SCJ-Circus constructs to those of standard Circus. This is based on an existing approach for modelling SCJ programs. We also extend an existing Circus-based refinement strategy that targets SCJ programs to account for the generation of SCJ-Circus models close to implementations in SCJ.

  6. Reliability assessment for safety critical systems by statistical random testing

    International Nuclear Information System (INIS)

    Mills, S.E.

    1995-11-01

    In this report we present an overview of reliability assessment for software and focus on some basic aspects of assessing reliability for safety critical systems by statistical random testing. We also discuss possible deviations from some essential assumptions on which the general methodology is based. These deviations appear quite likely in practical applications. We present and discuss possible remedies and adjustments and then undertake applying this methodology to a portion of the SDS1 software. We also indicate shortcomings of the methodology and possible avenues to address to follow to address these problems. (author). 128 refs., 11 tabs., 31 figs

  7. Reliability assessment for safety critical systems by statistical random testing

    Energy Technology Data Exchange (ETDEWEB)

    Mills, S E [Carleton Univ., Ottawa, ON (Canada). Statistical Consulting Centre

    1995-11-01

    In this report we present an overview of reliability assessment for software and focus on some basic aspects of assessing reliability for safety critical systems by statistical random testing. We also discuss possible deviations from some essential assumptions on which the general methodology is based. These deviations appear quite likely in practical applications. We present and discuss possible remedies and adjustments and then undertake applying this methodology to a portion of the SDS1 software. We also indicate shortcomings of the methodology and possible avenues to address to follow to address these problems. (author). 128 refs., 11 tabs., 31 figs.

  8. ALARP considerations in criticality safety assessments

    International Nuclear Information System (INIS)

    Bowden, Russell L.; Barnes, Andrew; Thorne, Peter R.; Venner, Jack

    2003-01-01

    Demonstrating that the risk to the public and workers is As Low As Reasonably Practicable (ALARP) is a fundamental requirement of safety cases for nuclear facilities in the United Kingdom. This is embodied in the Safety Assessment Principles (SAPs) published by the Regulator, the essence of which is incorporated within the safety assessment processes of the various nuclear site licensees. The concept of ALARP within criticality safety assessments has taken some time to establish in the United Kingdom. In principle, the licensee is obliged to search for a deterministic criticality safety solution, such as safe geometry vessels and passive control features, rather than placing reliance on active measurement devices and plant administrative controls. This paper presents a consideration of some ALARP issues in relation to the development of criticality safety cases. The paper utilises some idealised examples covering a range of issues facing the criticality safety assessor, including new plant design, operational plant and decommissioning activities. These examples are used to outline the elements of the criticality safety cases and present a discussion of ALARP in the context of criticality safety assessments. (author)

  9. Software reliability and safety in nuclear reactor protection systems

    Energy Technology Data Exchange (ETDEWEB)

    Lawrence, J.D. [Lawrence Livermore National Lab., CA (United States)

    1993-11-01

    Planning the development, use and regulation of computer systems in nuclear reactor protection systems in such a way as to enhance reliability and safety is a complex issue. This report is one of a series of reports from the Computer Safety and Reliability Group, Lawrence Livermore that investigates different aspects of computer software in reactor National Laboratory, that investigates different aspects of computer software in reactor protection systems. There are two central themes in the report, First, software considerations cannot be fully understood in isolation from computer hardware and application considerations. Second, the process of engineering reliability and safety into a computer system requires activities to be carried out throughout the software life cycle. The report discusses the many activities that can be carried out during the software life cycle to improve the safety and reliability of the resulting product. The viewpoint is primarily that of the assessor, or auditor.

  10. Software reliability and safety in nuclear reactor protection systems

    International Nuclear Information System (INIS)

    Lawrence, J.D.

    1993-11-01

    Planning the development, use and regulation of computer systems in nuclear reactor protection systems in such a way as to enhance reliability and safety is a complex issue. This report is one of a series of reports from the Computer Safety and Reliability Group, Lawrence Livermore that investigates different aspects of computer software in reactor National Laboratory, that investigates different aspects of computer software in reactor protection systems. There are two central themes in the report, First, software considerations cannot be fully understood in isolation from computer hardware and application considerations. Second, the process of engineering reliability and safety into a computer system requires activities to be carried out throughout the software life cycle. The report discusses the many activities that can be carried out during the software life cycle to improve the safety and reliability of the resulting product. The viewpoint is primarily that of the assessor, or auditor

  11. Maintaining scale as a realiable computational system for criticality safety analysis

    International Nuclear Information System (INIS)

    Bowmann, S.M.; Parks, C.V.; Martin, S.K.

    1995-01-01

    Accurate and reliable computational methods are essential for nuclear criticality safety analyses. The SCALE (Standardized Computer Analyses for Licensing Evaluation) computer code system was originally developed at Oak Ridge National Laboratory (ORNL) to enable users to easily set up and perform criticality safety analyses, as well as shielding, depletion, and heat transfer analyses. Over the fifteen-year life of SCALE, the mainstay of the system has been the criticality safety analysis sequences that have featured the KENO-IV and KENO-V.A Monte Carlo codes and the XSDRNPM one-dimensional discrete-ordinates code. The criticality safety analysis sequences provide automated material and problem-dependent resonance processing for each criticality calculation. This report details configuration management which is essential because SCALE consists of more than 25 computer codes (referred to as modules) that share libraries of commonly used subroutines. Changes to a single subroutine in some cases affect almost every module in SCALE exclamation point Controlled access to program source and executables and accurate documentation of modifications are essential to maintaining SCALE as a reliable code system. The modules and subroutine libraries in SCALE are programmed by a staff of approximately ten Code Managers. The SCALE Software Coordinator maintains the SCALE system and is the only person who modifies the production source, executables, and data libraries. All modifications must be authorized by the SCALE Project Leader prior to implementation

  12. A reliability evaluation method for NPP safety DCS application software

    International Nuclear Information System (INIS)

    Li Yunjian; Zhang Lei; Liu Yuan

    2014-01-01

    In the field of nuclear power plant (NPP) digital i and c application, reliability evaluation for safety DCS application software is a key obstacle to be removed. In order to quantitatively evaluate reliability of NPP safety DCS application software, this paper propose a reliability evaluating method based on software development life cycle every stage's v and v defects density characteristics, by which the operating reliability level of the software can be predicted before its delivery, and helps to improve the reliability of NPP safety important software. (authors)

  13. 2011 Annual Criticality Safety Program Performance Summary

    Energy Technology Data Exchange (ETDEWEB)

    Andrea Hoffman

    2011-12-01

    The 2011 review of the INL Criticality Safety Program has determined that the program is robust and effective. The review was prepared for, and fulfills Contract Data Requirements List (CDRL) item H.20, 'Annual Criticality Safety Program performance summary that includes the status of assessments, issues, corrective actions, infractions, requirements management, training, and programmatic support.' This performance summary addresses the status of these important elements of the INL Criticality Safety Program. Assessments - Assessments in 2011 were planned and scheduled. The scheduled assessments included a Criticality Safety Program Effectiveness Review, Criticality Control Area Inspections, a Protection of Controlled Unclassified Information Inspection, an Assessment of Criticality Safety SQA, and this management assessment of the Criticality Safety Program. All of the assessments were completed with the exception of the 'Effectiveness Review' for SSPSF, which was delayed due to emerging work. Although minor issues were identified in the assessments, no issues or combination of issues indicated that the INL Criticality Safety Program was ineffective. The identification of issues demonstrates the importance of an assessment program to the overall health and effectiveness of the INL Criticality Safety Program. Issues and Corrective Actions - There are relatively few criticality safety related issues in the Laboratory ICAMS system. Most were identified by Criticality Safety Program assessments. No issues indicate ineffectiveness in the INL Criticality Safety Program. All of the issues are being worked and there are no imminent criticality concerns. Infractions - There was one criticality safety related violation in 2011. On January 18, 2011, it was discovered that a fuel plate bundle in the Nuclear Materials Inspection and Storage (NMIS) facility exceeded the fissionable mass limit, resulting in a technical safety requirement (TSR) violation. The

  14. System and software safety analysis for the ERA control computer

    International Nuclear Information System (INIS)

    Beerthuizen, P.G.; Kruidhof, W.

    2001-01-01

    The European Robotic Arm (ERA) is a seven degrees of freedom relocatable anthropomorphic robotic manipulator system, to be used in manned space operation on the International Space Station, supporting the assembly and external servicing of the Russian segment. The safety design concept and implementation of the ERA is described, in particular with respect to the central computer's software design. A top-down analysis and specification process is used to down flow the safety aspects of the ERA system towards the subsystems, which are produced by a consortium of companies in many countries. The user requirements documents and the critical function list are the key documents in this process. Bottom-up analysis (FMECA) and test, on both subsystem and system level, are the basis for safety verification. A number of examples show the use of the approach and methods used

  15. A guide on the elicitation of expert knowledge in constructing BBN for quantitative reliability assessment of safety critical software

    International Nuclear Information System (INIS)

    Eom, H. S.; Kang, H. G.; Chang, S. C.; Ha, J. J.

    2003-08-01

    This report describes the methodology which could elicit probabilistic representation from the experts' knowledge or qualitative data. It is necessary to elicit expert's knowledge while we quantitatively assess the reliability of safety critical software using Bayesian Belief Nets(BBNs). Especially in composing the node probability table and in making out the input data for BBN model, experts' qualitative judgment or qualitative data should be converted into probabilistic representation. This conversion process is vulnerable to bias or error. The purpose of the report is to provide the guideline to avoid the occurrence of this kinds of bias/error or to eliminate them which is included in the existing data prepared by experts. The contents of the report are: o The types and the explanation of bias and error The types of bias and error which might be occur in the process of eliciting the expert's knowledge. o The procedure of expert's judgment elicitation. The process and techniques to avoid bias and error in eliciting the expert's judgments. o The examples of expert's knowledge appeared in the BBNs The examples of expert's knowledge (probability values) appeared in the BBNs for assessing the safety of digital system

  16. Statistical reliability assessment of software-based systems

    International Nuclear Information System (INIS)

    Korhonen, J.; Pulkkinen, U.; Haapanen, P.

    1997-01-01

    Plant vendors nowadays propose software-based systems even for the most critical safety functions. The reliability estimation of safety critical software-based systems is difficult since the conventional modeling techniques do not necessarily apply to the analysis of these systems, and the quantification seems to be impossible. Due to lack of operational experience and due to the nature of software faults, the conventional reliability estimation methods can not be applied. New methods are therefore needed for the safety assessment of software-based systems. In the research project Programmable automation systems in nuclear power plants (OHA), financed together by the Finnish Centre for Radiation and Nuclear Safety (STUK), the Ministry of Trade and Industry and the Technical Research Centre of Finland (VTT), various safety assessment methods and tools for software based systems are developed and evaluated. This volume in the OHA-report series deals with the statistical reliability assessment of software based systems on the basis of dynamic test results and qualitative evidence from the system design process. Other reports to be published later on in OHA-report series will handle the diversity requirements in safety critical software-based systems, generation of test data from operational profiles and handling of programmable automation in plant PSA-studies. (orig.) (25 refs.)

  17. Licensing of safety critical software for nuclear reactors. Common position of seven European nuclear regulators and authorised technical support organisations

    International Nuclear Information System (INIS)

    2010-01-01

    of guidelines; - as a reference in safety cases and demonstrations of safety of software based systems; - as guidance for system design specifications by manufacturers and major I and C suppliers on the international market. From the outset, attention focused on computer based systems used in nuclear power plants for the implementation of safety functions (i.e. the functions of the highest safety criticality level); namely, those systems classified by the International Atomic Energy Agency as 'safety systems'. The recommendations of this report therefore mainly address 'safety systems'; 'safety related systems' are addressed in certain common positions and recommendations only where explicitly mentioned. The common positions are intended to convey the unanimous views of the Task Force members on the guidance that the licensees need to follow as part of an adequate safety demonstration. Throughout the document these common positions are expressed with the auxiliary verb 'shall'. The use of this verb for common positions is intended to convey the unanimous desire felt by the Task Force members for the licensees to satisfy the requirements expressed in the clause. The common positions are a common set of requirements and practices considered necessary by the member states represented in the task force. There was no systematic attempt, however, at guaranteeing that for each issue area these sets are complete or sufficient. It is also recognised that - in certain cases - other possible practices cannot be excluded, but the members felt that such alternatives will be difficult to justify. Recommended practices are supported by most, but may not be systematically implemented by all of the members states represented in the task force. Recommended practices are expressed with the auxiliary verb 'should'. In order to avoid the guidance being merely reduced to a lowest common denominator of safety (inferior levelling), the task force - in addition to commonly accepted practices

  18. Licensing of safety critical software for nuclear reactors. Common position of seven European nuclear regulators and authorised technical support organisations

    Energy Technology Data Exchange (ETDEWEB)

    2010-07-01

    policies and in revisions of guidelines; - as a reference in safety cases and demonstrations of safety of software based systems; - as guidance for system design specifications by manufacturers and major I and C suppliers on the international market. From the outset, attention focused on computer based systems used in nuclear power plants for the implementation of safety functions (i.e. the functions of the highest safety criticality level); namely, those systems classified by the International Atomic Energy Agency as 'safety systems'. The recommendations of this report therefore mainly address 'safety systems'; 'safety related systems' are addressed in certain common positions and recommendations only where explicitly mentioned. The common positions are intended to convey the unanimous views of the Task Force members on the guidance that the licensees need to follow as part of an adequate safety demonstration. Throughout the document these common positions are expressed with the auxiliary verb 'shall'. The use of this verb for common positions is intended to convey the unanimous desire felt by the Task Force members for the licensees to satisfy the requirements expressed in the clause. The common positions are a common set of requirements and practices considered necessary by the member states represented in the task force. There was no systematic attempt, however, at guaranteeing that for each issue area these sets are complete or sufficient. It is also recognised that - in certain cases - other possible practices cannot be excluded, but the members felt that such alternatives will be difficult to justify. Recommended practices are supported by most, but may not be systematically implemented by all of the members states represented in the task force. Recommended practices are expressed with the auxiliary verb 'should'. In order to avoid the guidance being merely reduced to a lowest common denominator of safety (inferior

  19. Nuclear criticality safety: 2-day training course

    International Nuclear Information System (INIS)

    Schlesser, J.A.

    1997-02-01

    This compilation of notes is presented as a source reference for the criticality safety course. At the completion of this training course, the attendee will: be able to define terms commonly used in nuclear criticality safety; be able to appreciate the fundamentals of nuclear criticality safety; be able to identify factors which affect nuclear criticality safety; be able to identify examples of criticality controls as used as Los Alamos; be able to identify examples of circumstances present during criticality accidents; have participated in conducting two critical experiments; be asked to complete a critique of the nuclear criticality safety training course

  20. Nuclear criticality safety: 2-day training course

    Energy Technology Data Exchange (ETDEWEB)

    Schlesser, J.A. [ed.] [comp.

    1997-02-01

    This compilation of notes is presented as a source reference for the criticality safety course. At the completion of this training course, the attendee will: be able to define terms commonly used in nuclear criticality safety; be able to appreciate the fundamentals of nuclear criticality safety; be able to identify factors which affect nuclear criticality safety; be able to identify examples of criticality controls as used as Los Alamos; be able to identify examples of circumstances present during criticality accidents; have participated in conducting two critical experiments; be asked to complete a critique of the nuclear criticality safety training course.

  1. V and V-based remaining fault estimation model for safety–critical software of a nuclear power plant

    International Nuclear Information System (INIS)

    Eom, Heung-seop; Park, Gee-yong; Jang, Seung-cheol; Son, Han Seong; Kang, Hyun Gook

    2013-01-01

    Highlights: ► A software fault estimation model based on Bayesian Nets and V and V. ► Use of quantified data derived from qualitative V and V results. ► Faults insertion and elimination process was modeled in the context of probability. ► Systematically estimates the expected number of remaining faults. -- Abstract: Quantitative software reliability measurement approaches have some limitations in demonstrating the proper level of reliability in cases of safety–critical software. One of the more promising alternatives is the use of software development quality information. Particularly in the nuclear industry, regulatory bodies in most countries use both probabilistic and deterministic measures for ensuring the reliability of safety-grade digital computers in NPPs. The point of deterministic criteria is to assess the whole development process and its related activities during the software development life cycle for the acceptance of safety–critical software. In addition software Verification and Validation (V and V) play an important role in this process. In this light, we propose a V and V-based fault estimation method using Bayesian Nets to estimate the remaining faults for safety–critical software after the software development life cycle is completed. By modeling the fault insertion and elimination processes during the whole development phases, the proposed method systematically estimates the expected number of remaining faults.

  2. Safety-critical Java for embedded systems

    DEFF Research Database (Denmark)

    Schoeberl, Martin; Dalsgaard, Andreas Engelbredt; Hansen, René Rydhof

    2016-01-01

    This paper presents the motivation for and outcomes of an engineering research project on certifiable Javafor embedded systems. The project supports the upcoming standard for safety-critical Java, which defines asubset of Java and libraries aiming for development of high criticality systems....... The outcome of this projectinclude prototype safety-critical Java implementations, a time-predictable Java processor, analysis tools formemory safety, and example applications to explore the usability of safety-critical Java for this applicationarea. The text summarizes developments and key contributions...

  3. Outline of criticality safety research project

    International Nuclear Information System (INIS)

    Kobayashi, Iwao; Tachimori, Shoichi; Suzaki, Takenori; Takeshita, Isao; Miyoshi, Yoshinori; Nakajima, Ken; Sakurai, Satoshi; Yanagisawa, Hiroshi

    1987-01-01

    As the power generation capacity of LWRs in Japan increased, the establishment and development of nuclear fuel cycle have become the important subject. Conforming to the safety research project of the nation, the Japan Atomic Energy Research Institute has advanced the project of constructing a new research facility, that is, Nuclear Fuel Cycle Engineering Research Facility (NUCEF). In this facility, it is planned to carry out the research on criticality safety, upgraded reprocessing techniques, and the treatment and disposal of transuranium element wastes. In this paper, the subjects of criticality safety research and the research carried out with a criticality safety experiment facility which is expected to be installed in the NUCEF are briefly reported. The experimental data obtained from the criticality safety handbooks and published literatures in foreign countries are short of the data on the mixture of low enriched uranium and plutonium which is treated in the reprocessing of spent fuel from LWRs. The acquisition of the criticality data for various forms of fuel, the elucidation of the scenario of criticality accidents, and the soundness of the confinement system for gaseous fission products and plutonium are the main subjects. The Static Criticality Safety Facility, Transient Criticality Safety Facility and pulse column system are the main facilities. (Kako, I.)

  4. Applicability of object-oriented design methods and C++ to safety-critical systems

    International Nuclear Information System (INIS)

    Cuthill, B.B.

    1994-01-01

    This paper reports on a study identifying risks and benefits of using a software development methodology containing object-oriented design (OOD) techniques and using C++ as a programming language relative to selected features of safety-critical systems development. These features are modularity, functional diversity, removing ambiguous code, traceability, and real-time performance

  5. Research and practice on NPP safety DCS application software V and V defect classification system

    International Nuclear Information System (INIS)

    Zhang Dongwei; Li Yunjian; Li Xiangjian

    2012-01-01

    One of the most significant aims of Verification and Validation (V and V) is to find software errors and risks, especially for a DCS application software designed for nuclear power plant (NPP). Through classifying and analyzing errors, a number of obtained data can be utilized to estimate current status and potential risks of software development and improve the quality of project. A method of error classification is proposed, which is applied to whole V and V life cycle, using a MW pressurized reactor project as an example. The purpose is to analyze errors discovered by V and V activities, and result in improvement of safety critical DCS application software. (authors)

  6. Development of an FPGA-based controller for safety critical application

    International Nuclear Information System (INIS)

    Xing, A.; De Grosbois, J.; Sklyar, V.; Archer, P.; Awwal, A.

    2011-01-01

    In implementing safety functions, Field Programmable Gate Arrays (FPGA) technology offers a distinct combination of benefits and advantages over microprocessor-based systems. FPGAs can be designed such that the final product is purely hardware, without any overhead runtime software, bringing the design closer to a conventional hardware-based solution. On the other hand, FPGAs can implement more complex safety logic that would generally require microprocessor-based safety systems. There are now qualified FPGA-based platforms available on the market with a credible use history in safety applications in nuclear power plants. Atomic Energy of Canada (AECL), in collaboration with RPC Radiy, has initiated a development program to define a vigorous FPGA engineering process suitable for implementing safety critical functions at the application development level. This paper provides an update on the FPGA development program along with the proposed design model using function block diagrams for the development of safety controllers in CANDU applications. (author)

  7. Nuclear criticality safety: 2-day training course

    International Nuclear Information System (INIS)

    Schlesser, J.A.

    1992-11-01

    This compilation of notes is presented as a source reference for the criticality safety course. At the completion of this training course, the attendee will: (1) be able to define terms commonly used in nuclear criticality safety; (2) be able to appreciate the fundamentals of nuclear criticality safety; (3) be able to identify factors which affect nuclear criticality safety; (4) be able to identify examples of criticality controls as used at Los Alamos; (5) be able to identify examples of circumstances present during criticality accidents; (6) have participated in conducting two critical experiments

  8. Evaluating software for safety systems in nuclear power plants

    International Nuclear Information System (INIS)

    Lawrence, J.D.; Persons, W.L.; Preckshot, G.G.; Gallagher, J.

    1994-01-01

    In 1991, LLNL was asked by the NRC to provide technical assistance in various aspects of computer technology that apply to computer-based reactor protection systems. This has involved the review of safety aspects of new reactor designs and the provision of technical advice on the use of computer technology in systems important to reactor safety. The latter includes determining and documenting state-of-the-art subjects that require regulatory involvement by the NRC because of their importance in the development and implementation of digital computer safety systems. These subjects include data communications, formal methods, testing, software hazards analysis, verification and validation, computer security, performance, software complexity and others. One topic software reliability and safety is the subject of this paper

  9. 49 CFR 238.105 - Train electronic hardware and software safety.

    Science.gov (United States)

    2010-10-01

    ... and software system safety as part of the pre-revenue service testing of the equipment. (d)(1... safely by initiating a full service brake application in the event of a hardware or software failure that... 49 Transportation 4 2010-10-01 2010-10-01 false Train electronic hardware and software safety. 238...

  10. The KNICS approach for verification and validation of safety software

    International Nuclear Information System (INIS)

    Cha, Kyung Ho; Sohn, Han Seong; Lee, Jang Soo; Kim, Jang Yeol; Cheon, Se Woo; Lee, Young Joon; Hwang, In Koo; Kwon, Kee Choon

    2003-01-01

    This paper presents verification and validation (VV) to be approached for safety software of POSAFE-Q Programmable Logic Controller (PLC) prototype and Plant Protection System (PPS) prototype, which consists of Reactor Protection System (RPS) and Engineered Safety Features-Component Control System (ESF-CCS) in development of Korea Nuclear Instrumentation and Control System (KNICS). The SVV criteria and requirements are selected from IEEE Std. 7-4.3.2, IEEE Std. 1012, IEEE Std. 1028 and BTP-14, and they have been considered for acceptance framework to be provided within SVV procedures. SVV techniques, including Review and Inspection (R and I), Formal Verification and Theorem Proving, and Automated Testing, are applied for safety software and automated SVV tools supports SVV tasks. Software Inspection Support and Requirement Traceability (SIS-RT) supports R and I and traceability analysis, a New Symbolic Model Verifier (NuSMV), Statemate MAGNUM (STM) ModelCertifier, and Prototype Verification System (PVS) are used for formal verification, and McCabe and Cantata++ are utilized for static and dynamic software testing. In addition, dedication of Commercial-Off-The-Shelf (COTS) software and firmware, Software Safety Analysis (SSA) and evaluation of Software Configuration Management (SCM) are being performed for the PPS prototype in the software requirements phase

  11. A proposal for performing software safety hazard analysis

    International Nuclear Information System (INIS)

    Lawrence, J.D.; Gallagher, J.M.

    1997-01-01

    Techniques for analyzing the safety and reliability of analog-based electronic protection systems that serve to mitigate hazards in process control systems have been developed over many years, and are reasonably understood. An example is the protection system in a nuclear power plant. The extension of these techniques to systems which include digital computers is not well developed, and there is little consensus among software engineering experts and safety experts on how to analyze such systems. One possible technique is to extend hazard analysis to include digital computer-based systems. Software is frequently overlooked during system hazard analyses, but this is unacceptable when the software is in control of a potentially hazardous operation. In such cases, hazard analysis should be extended to fully cover the software. A method for performing software hazard analysis is proposed in this paper. The method concentrates on finding hazards during the early stages of the software life cycle, using an extension of HAZOP

  12. Elements of a nuclear criticality safety program

    International Nuclear Information System (INIS)

    Hopper, C.M.

    1995-01-01

    Nuclear criticality safety programs throughout the United States are quite successful, as compared with other safety disciplines, at protecting life and property, especially when regarded as a developing safety function with no historical perspective for the cause and effect of process nuclear criticality accidents before 1943. The programs evolved through self-imposed and regulatory-imposed incentives. They are the products of conscientious individuals, supportive corporations, obliged regulators, and intervenors (political, public, and private). The maturing of nuclear criticality safety programs throughout the United States has been spasmodic, with stability provided by the volunteer standards efforts within the American Nuclear Society. This presentation provides the status, relative to current needs, for nuclear criticality safety program elements that address organization of and assignments for nuclear criticality safety program responsibilities; personnel qualifications; and analytical capabilities for the technical definition of critical, subcritical, safety and operating limits, and program quality assurance

  13. Technique for unit testing of safety software verification and validation

    International Nuclear Information System (INIS)

    Li Duo; Zhang Liangju; Feng Junting

    2008-01-01

    The key issue arising from digitalization of the reactor protection system for nuclear power plant is how to carry out verification and validation (V and V), to demonstrate and confirm the software that performs reactor safety functions is safe and reliable. One of the most important processes for software V and V is unit testing, which verifies and validates the software coding based on concept design for consistency, correctness and completeness during software development. The paper shows a preliminary study on the technique for unit testing of safety software V and V, focusing on such aspects as how to confirm test completeness, how to establish test platform, how to develop test cases and how to carry out unit testing. The technique discussed here was successfully used in the work of unit testing on safety software of a digital reactor protection system. (authors)

  14. Testing digital safety system software with a testability measure based on a software fault tree

    International Nuclear Information System (INIS)

    Sohn, Se Do; Hyun Seong, Poong

    2006-01-01

    Using predeveloped software, a digital safety system is designed that meets the quality standards of a safety system. To demonstrate the quality, the design process and operating history of the product are reviewed along with configuration management practices. The application software of the safety system is developed in accordance with the planned life cycle. Testing, which is a major phase that takes a significant time in the overall life cycle, can be optimized if the testability of the software can be evaluated. The proposed testability measure of the software is based on the entropy of the importance of basic statements and the failure probability from a software fault tree. To calculate testability, a fault tree is used in the analysis of a source code. With a quantitative measure of testability, testing can be optimized. The proposed testability can also be used to demonstrate whether the test cases based on uniform partitions, such as branch coverage criteria, result in homogeneous partitions that is known to be more effective than random testing. In this paper, the testability measure is calculated for the modules of a nuclear power plant's safety software. The module testing with branch coverage criteria required fewer test cases if the module has higher testability. The result shows that the testability measure can be used to evaluate whether partitions have homogeneous characteristics

  15. Criticality safety evaluation in Tokai Reprocessing Plant

    International Nuclear Information System (INIS)

    Shirai, Nobutoshi; Nakajima, Masayoshi; Takaya, Akikazu; Ohnuma, Hideyuki; Shirouzu, Hidetomo; Hayashi, Shinichiro; Yoshikawa, Koji; Suto, Toshiyuki

    2000-04-01

    Criticality limits for equipments in Tokai Reprocessing Plant which handle fissile material solution and are under shape and dimension control were reevaluated based on the guideline No.10 'Criticality safety of single unit' in the regulatory guide for reprocessing plant safety. This report presents criticality safety evaluation of each equipment as single unit. Criticality safety of multiple units in a cell or a room was also evaluated. The evaluated equipments were ones in dissolution, separation, purification, denitration, Pu product storage, and Pu conversion processes. As a result, it was reconfirmed that the equipments were safe enough from a view point of criticality safety of single unit and multiple units. (author)

  16. Engineering design guidelines for nuclear criticality safety

    International Nuclear Information System (INIS)

    Waltz, W.R.

    1988-08-01

    This document provides general engineering design guidelines specific to nuclear criticality safety for a facility where the potential for a criticality accident exists. The guide is applicable to the design of new SRP/SRL facilities and to major modifications Of existing facilities. The document is intended an: A guide for persons actively engaged in the design process. A resource document for persons charged with design review for adequacy relative to criticality safety. A resource document for facility operating personnel. The guide defines six basic criticality safety design objectives and provides information to assist in accomplishing each objective. The guide in intended to supplement the design requirements relating to criticality safety contained in applicable Department of Energy (DOE) documents. The scope of the guide is limited to engineering design guidelines associated with criticality safety and does not include other areas of the design process, such as: criticality safety analytical methods and modeling, nor requirements for control of the design process

  17. The Role and Quality of Software Safety in the NASA Constellation Program

    Science.gov (United States)

    Layman, Lucas; Basili, Victor R.; Zelkowitz, Marvin V.

    2010-01-01

    In this study, we examine software safety risk in the early design phase of the NASA Constellation spaceflight program. Obtaining an accurate, program-wide picture of software safety risk is difficult across multiple, independently-developing systems. We leverage one source of safety information, hazard analysis, to provide NASA quality assurance managers with information regarding the ongoing state of software safety across the program. The goal of this research is two-fold: 1) to quantify the relative importance of software with respect to system safety; and 2) to quantify the level of risk presented by software in the hazard analysis. We examined 154 hazard reports created during the preliminary design phase of three major flight hardware systems within the Constellation program. To quantify the importance of software, we collected metrics based on the number of software-related causes and controls of hazardous conditions. To quantify the level of risk presented by software, we created a metric scheme to measure the specificity of these software causes. We found that from 49-70% of hazardous conditions in the three systems could be caused by software or software was involved in the prevention of the hazardous condition. We also found that 12-17% of the 2013 hazard causes involved software, and that 23-29% of all causes had a software control. Furthermore, 10-12% of all controls were software-based. There is potential for inaccuracy in these counts, however, as software causes are not consistently scoped, and the presence of software in a cause or control is not always clear. The application of our software specificity metrics also identified risks in the hazard reporting process. In particular, we found a number of traceability risks in the hazard reports may impede verification of software and system safety.

  18. Nuclear criticality safety handbook. Version 2

    International Nuclear Information System (INIS)

    1999-03-01

    The Nuclear Criticality Safety Handbook, Version 2 essentially includes the description of the Supplement Report to the Nuclear Criticality Safety Handbook, released in 1995, into the first version of Nuclear Criticality Safety Handbook, published in 1988. The following two points are new: (1) exemplifying safety margins related to modelled dissolution and extraction processes, (2) describing evaluation methods and alarm system for criticality accidents. Revision is made based on previous studies for the chapter that treats modelling the fuel system: e.g., the fuel grain size that the system can be regarded as homogeneous, non-uniformity effect of fuel solution, and burnup credit. This revision solves the inconsistencies found in the first version between the evaluation of errors found in JACS code system and criticality condition data that were calculated based on the evaluation. (author)

  19. Experiment on safety software evaluation

    International Nuclear Information System (INIS)

    Soubies, B.; Henry, J.Y.

    1994-06-01

    The licensing procedures process of nuclear plants includes compulsory steps which bring about a thorough exam of the commands control system. In this context the IPSN uses a tool called MALPAS to carry out an analysis of the quality of the software involved in safety control. The IPSN also try to obtain the automation of the generation of test games necessary for dynamical analysis. The MALPAS tool puts forward the particularities of programing which can influence the testability and the upholding of the studied software. (TEC). 4 refs

  20. Building quality into performance and safety assessment software

    International Nuclear Information System (INIS)

    Wojciechowski, L.C.

    2011-01-01

    Quality assurance is integrated throughout the development lifecycle for performance and safety assessment software. The software used in the performance and safety assessment of a Canadian deep geological repository (DGR) follows the CSA quality assurance standard CSA-N286.7 [1], Quality Assurance of Analytical, Scientific and Design Computer Programs for Nuclear Power Plants. Quality assurance activities in this standard include tasks such as verification and inspection; however, much more is involved in producing a quality software computer program. The types of errors found with different verification methods are described. The integrated quality process ensures that defects are found and corrected as early as possible. (author)

  1. Criticality safety basics, a study guide

    Energy Technology Data Exchange (ETDEWEB)

    V. L. Putman

    1999-09-01

    This document is a self-study and classroom guide, for criticality safety of activities with fissile materials outside nuclear reactors. This guide provides a basic overview of criticality safety and criticality accident prevention methods divided into three parts: theory, application, and history. Except for topic emphasis, theory and history information is general, while application information is specific to the Idaho National Engineering and Environmental Laboratory (INEEL). Information presented here should be useful to personnel who must know criticality safety basics to perform their assignments safely or to design critically safe equipment or operations. However, the guide's primary target audience is fissile material handler candidates.

  2. Criticality safety basics, a study guide

    International Nuclear Information System (INIS)

    Putman, V.L.

    1999-01-01

    This document is a self-study and classroom guide, for criticality safety of activities with fissile materials outside nuclear reactors. This guide provides a basic overview of criticality safety and criticality accident prevention methods divided into three parts: theory, application, and history. Except for topic emphasis, theory and history information is general, while application information is specific to the Idaho National Engineering and Environmental Laboratory (INEEL). Information presented here should be useful to personnel who must know criticality safety basics to perform their assignments safely or to design critically safe equipment or operations. However, the guide's primary target audience is fissile material handler candidates

  3. 75 FR 5146 - Hewlett Packard Company Business Critical Systems, Mission Critical Business Software Division...

    Science.gov (United States)

    2010-02-01

    ... Packard Company Business Critical Systems, Mission Critical Business Software Division, OpenVMS Operating... Colorado, Marlborough, MA; Hewlett Packard Company Business Critical Systems, Mission Critical Business... Assistance on August 27, 2009, applicable to workers of Hewlett Packard Company, Business Critical Systems...

  4. Generic Safety Requirements for Developing Safe Insulin Pump Software

    Science.gov (United States)

    Zhang, Yi; Jetley, Raoul; Jones, Paul L; Ray, Arnab

    2011-01-01

    Background The authors previously introduced a highly abstract generic insulin infusion pump (GIIP) model that identified common features and hazards shared by most insulin pumps on the market. The aim of this article is to extend our previous work on the GIIP model by articulating safety requirements that address the identified GIIP hazards. These safety requirements can be validated by manufacturers, and may ultimately serve as a safety reference for insulin pump software. Together, these two publications can serve as a basis for discussing insulin pump safety in the diabetes community. Methods In our previous work, we established a generic insulin pump architecture that abstracts functions common to many insulin pumps currently on the market and near-future pump designs. We then carried out a preliminary hazard analysis based on this architecture that included consultations with many domain experts. Further consultation with domain experts resulted in the safety requirements used in the modeling work presented in this article. Results Generic safety requirements for the GIIP model are presented, as appropriate, in parameterized format to accommodate clinical practices or specific insulin pump criteria important to safe device performance. Conclusions We believe that there is considerable value in having the diabetes, academic, and manufacturing communities consider and discuss these generic safety requirements. We hope that the communities will extend and revise them, make them more representative and comprehensive, experiment with them, and use them as a means for assessing the safety of insulin pump software designs. One potential use of these requirements is to integrate them into model-based engineering (MBE) software development methods. We believe, based on our experiences, that implementing safety requirements using MBE methods holds promise in reducing design/implementation flaws in insulin pump development and evolutionary processes, therefore improving

  5. 78 FR 47015 - Software Requirement Specifications for Digital Computer Software Used in Safety Systems of...

    Science.gov (United States)

    2013-08-02

    ... NUCLEAR REGULATORY COMMISSION [NRC-2012-0195] Software Requirement Specifications for Digital Computer Software Used in Safety Systems of Nuclear Power Plants AGENCY: Nuclear Regulatory Commission... issuing a revised regulatory guide (RG), revision 1 of RG 1.172, ``Software Requirement Specifications for...

  6. Input-profile-based software failure probability quantification for safety signal generation systems

    International Nuclear Information System (INIS)

    Kang, Hyun Gook; Lim, Ho Gon; Lee, Ho Jung; Kim, Man Cheol; Jang, Seung Cheol

    2009-01-01

    The approaches for software failure probability estimation are mainly based on the results of testing. Test cases represent the inputs, which are encountered in an actual use. The test inputs for the safety-critical application such as a reactor protection system (RPS) of a nuclear power plant are the inputs which cause the activation of protective action such as a reactor trip. A digital system treats inputs from instrumentation sensors as discrete digital values by using an analog-to-digital converter. Input profile must be determined in consideration of these characteristics for effective software failure probability quantification. Another important characteristic of software testing is that we do not have to repeat the test for the same input value since the software response is deterministic for each specific digital input. With these considerations, we propose an effective software testing method for quantifying the failure probability. As an example application, the input profile of the digital RPS is developed based on the typical plant data. The proposed method in this study is expected to provide a simple but realistic mean to quantify the software failure probability based on input profile and system dynamics.

  7. Nuclear criticality safety department training implementation

    International Nuclear Information System (INIS)

    Carroll, K.J.; Taylor, R.G.; Worley, C.A.

    1996-01-01

    The Nuclear Criticality Safety Department (NCSD) is committed to developing and maintaining a staff of qualified personnel to meet the current and anticipated needs in Nuclear Criticality Safety (NCS) at the Oak Ridge Y-12 Plant. The NCSD Qualification Program is described in Y/DD-694, Qualification Program, Nuclear Criticality Safety Department This document provides a listing of the roles and responsibilities of NCSD personnel with respect to training and details of the Training Management System (TMS) programs, Mentoring Checklists and Checksheets, as well as other documentation utilized to implement the program. This document supersedes Y/DD-696, Revision 2, dated 3/27/96, Training Implementation, Nuclear Criticality Safety Department. There are no backfit requirements associated with revisions to this document

  8. Critical experiments facility and criticality safety programs at JAERI

    International Nuclear Information System (INIS)

    Kobayashi, Iwao; Tachimori, Shoichi; Takeshita, Isao; Suzaki, Takenori; Miyoshi, Yoshinori; Nomura, Yasushi

    1985-10-01

    The nuclear criticality safety is becoming a key point in Japan in the safety considerations for nuclear installations outside reactors such as spent fuel reprocessing facilities, plutonium fuel fabrication facilities, large scale hot alboratories, and so on. Especially a large scale spent fuel reprocessing facility is being designed and would be constructed in near future, therefore extensive experimental studies are needed for compilation of our own technical standards and also for verification of safety in a potential criticality accident to obtain public acceptance. Japan Atomic Energy Research Institute is proceeding a construction program of a new criticality safety experimental facility where criticality data can be obtained for such solution fuels as mainly handled in a reprocessing facility and also chemical process experiments can be performed to investigate abnormal phenomena, e.g. plutonium behavior in solvent extraction process by using pulsed colums. In FY 1985 detail design of the facility will be completed and licensing review by the government would start in FY 1986. Experiments would start in FY 1990. Research subjects and main specifications of the facility are described. (author)

  9. Autoclave nuclear criticality safety analysis

    Energy Technology Data Exchange (ETDEWEB)

    D`Aquila, D.M. [Martin Marietta Energy Systems, Inc., Piketon, OH (United States); Tayloe, R.W. Jr. [Battelle, Columbus, OH (United States)

    1991-12-31

    Steam-heated autoclaves are used in gaseous diffusion uranium enrichment plants to heat large cylinders of UF{sub 6}. Nuclear criticality safety for these autoclaves is evaluated. To enhance criticality safety, systems are incorporated into the design of autoclaves to limit the amount of water present. These safety systems also increase the likelihood that any UF{sub 6} inadvertently released from a cylinder into an autoclave is not released to the environment. Up to 140 pounds of water can be held up in large autoclaves. This mass of water is sufficient to support a nuclear criticality when optimally combined with 125 pounds of UF{sub 6} enriched to 5 percent U{sup 235}. However, water in autoclaves is widely dispersed as condensed droplets and vapor, and is extremely unlikely to form a critical configuration with released UF{sub 6}.

  10. Using Combined SFTA and SFMECA Techniques for Space Critical Software

    Science.gov (United States)

    Nicodemos, F. G.; Lahoz, C. H. N.; Abdala, M. A. D.; Saotome, O.

    2012-01-01

    This work addresses the combined Software Fault Tree Analysis (SFTA) and Software Failure Modes, Effects and Criticality Analysis (SFMECA) techniques applied to space critical software of satellite launch vehicles. The combined approach is under research as part of the Verification and Validation (V&V) efforts to increase software dependability and as future application in other projects under development at Instituto de Aeronáutica e Espaço (IAE). The applicability of such approach was conducted on system software specification and applied to a case study based on the Brazilian Satellite Launcher (VLS). The main goal is to identify possible failure causes and obtain compensating provisions that lead to inclusion of new functional and non-functional system software requirements.

  11. Tank farms criticality safety manual

    International Nuclear Information System (INIS)

    FORT, L.A.

    2003-01-01

    This document defines the Tank Farms Contractor (TFC) criticality safety program, as required by Title 10 Code of Federal Regulations (CFR-), Subpart 830.204(b)(6), ''Documented Safety Analysis'' (10 CFR- 830.204 (b)(6)), and US Department of Energy (DOE) 0 420.1A, Facility Safety, Section 4.3, ''Criticality Safety.'' In addition, this document contains certain best management practices, adopted by TFC management based on successful Hanford Site facility practices. Requirements in this manual are based on the contractor requirements document (CRD) found in Attachment 2 of DOE 0 420.1A, Section 4.3, ''Nuclear Criticality Safety,'' and the cited revisions of applicable standards published jointly by the American National Standards Institute (ANSI) and the American Nuclear Society (ANS) as listed in Appendix A. As an informational device, requirements directly imposed by the CRD or ANSI/ANS Standards are shown in boldface. Requirements developed as best management practices through experience and maintained consistent with Hanford Site practice are shown in italics. Recommendations and explanatory material are provided in plain type

  12. A Study on the Quantitative Assessment Method of Software Requirement Documents Using Software Engineering Measures and Bayesian Belief Networks

    International Nuclear Information System (INIS)

    Eom, Heung Seop; Kang, Hyun Gook; Park, Ki Hong; Kwon, Kee Choon; Chang, Seung Cheol

    2005-01-01

    One of the major challenges in using the digital systems in a NPP is the reliability estimation of safety critical software embedded in the digital safety systems. Precise quantitative assessment of the reliability of safety critical software is nearly impossible, since many of the aspects to be considered are of qualitative nature and not directly measurable, but they have to be estimated for a practical use. Therefore an expert's judgment plays an important role in estimating the reliability of the software embedded in safety-critical systems in practice, because they can deal with all the diverse evidence relevant to the reliability and can perform an inference based on the evidence. But, in general, the experts' way of combining the diverse evidence and performing an inference is usually informal and qualitative, which is hard to discuss and will eventually lead to a debate about the conclusion. We have been carrying out research on a quantitative assessment of the reliability of safety critical software using Bayesian Belief Networks (BBN). BBN has been proven to be a useful modeling formalism because a user can represent a complex set of events and relationships in a fashion that can easily be interpreted by others. In the previous works we have assessed a software requirement specification of a reactor protection system by using our BBN-based assessment model. The BBN model mainly employed an expert's subjective probabilities as inputs. In the process of assessing the software requirement documents we found out that the BBN model was excessively dependent on experts' subjective judgments in a large part. Therefore, to overcome the weakness of our methodology we employed conventional software engineering measures into the BBN model as shown in this paper. The quantitative relationship between the conventional software measures and the reliability of software were not identified well in the past. Then recently there appeared a few researches on a ranking of

  13. Linking Safety Analysis to Safety Requirements

    DEFF Research Database (Denmark)

    Hansen, Kirsten Mark

    Software for safety critical systems must deal with the hazards identified by safety analysistechniques: Fault trees, event trees,and cause consequence diagrams can be interpreted as safety requirements and used in the design activity. We propose that the safety analysis and the system design use...

  14. Digital System Reliability Test for the Evaluation of safety Critical Software of Digital Reactor Protection System

    Directory of Open Access Journals (Sweden)

    Hyun-Kook Shin

    2006-08-01

    Full Text Available A new Digital Reactor Protection System (DRPS based on VME bus Single Board Computer has been developed by KOPEC to prevent software Common Mode Failure(CMF inside digital system. The new DRPS has been proved to be an effective digital safety system to prevent CMF by Defense-in-Depth and Diversity (DID&D analysis. However, for practical use in Nuclear Power Plants, the performance test and the reliability test are essential for the digital system qualification. In this study, a single channel of DRPS prototype has been manufactured for the evaluation of DRPS capabilities. The integrated functional tests are performed and the system reliability is analyzed and tested. The results of reliability test show that the application software of DRPS has a very high reliability compared with the analog reactor protection systems.

  15. Safety Software Guide Perspectives for the Design of New Nuclear Facilities (U)

    International Nuclear Information System (INIS)

    VINCENT, Andrew

    2005-01-01

    In June of this year, the Department of Energy (DOE) issued directives DOE O 414.1C and DOE G 414.1-4 to improve quality assurance programs, processes, and procedures among its safety contractors. Specifically, guidance entitled, ''Safety Software Guide for use with 10 CFR 830 Subpart A, Quality Assurance Requirements, and DOE O 414.1C, Quality Assurance, DOE G 414.1-4'', provides information and acceptable methods to comply with safety software quality assurance (SQA) requirements. The guidance provides a roadmap for meeting DOE O 414.1C, ''Quality Assurance'', and the quality assurance program (QAP) requirements of Title 10 Code of Federal Regulations (CFR) 830, Subpart A, Quality Assurance, for DOE nuclear facilities and software application activities. [1, 2] The order and guide are part of a comprehensive implementation plan that addresses issues and concerns documented in Defense Nuclear Facilities Safety Board (DNFSB) Recommendation 2002-1. [3] Safety SQA requirements for DOE as well as National Nuclear Security Administration contractors are necessary to implement effective quality assurance (QA) processes and achieve safe nuclear facility operations. DOE G 414.1-4 was developed to provide guidance on establishing and implementing effective QA processes tied specifically to nuclear facility safety software applications. The Guide includes software application practices covered by appropriate national and international consensus standards and various processes currently in use at DOE facilities. While the safety software guidance is considered to be of sufficient rigor and depth to ensure acceptable reliability of safety software at all DOE nuclear facilities, new nuclear facilities are well suited to take advantage of the guide to ensure compliant programs and processes are implemented. Attributes such as the facility life-cycle stage and the hazardous nature of each facility operations are considered, along with the category and level of importance of the

  16. Nuclear Criticality Safety Department Qualification Program

    International Nuclear Information System (INIS)

    Carroll, K.J.; Taylor, R.G.; Worley, C.A.

    1996-01-01

    The Nuclear Criticality Safety Department (NCSD) is committed to developing and maintaining a staff of highly qualified personnel to meet the current and anticipated needs in Nuclear Criticality Safety (NCS) at the Oak Ridge Y-12 Plant. This document defines the Qualification Program to address the NCSD technical and managerial qualification as required by the Y-1 2 Training Implementation Matrix (TIM). This Qualification Program is in compliance with DOE Order 5480.20A and applicable Lockheed Martin Energy Systems, Inc. (LMES) and Y-1 2 Plant procedures. It is implemented through a combination of WES plant-wide training courses and professional nuclear criticality safety training provided within the department. This document supersedes Y/DD-694, Revision 2, 2/27/96, Qualification Program, Nuclear Criticality Safety Department There are no backfit requirements associated with revisions to this document

  17. Automated Freedom from Interference Analysis for Automotive Software

    OpenAIRE

    Leitner-Fischer , Florian; Leue , Stefan; Liu , Sirui

    2016-01-01

    International audience; Freedom from Interference for automotive software systems developed according to the ISO 26262 standard means that a fault in a less safety critical software component will not lead to a fault in a more safety critical component. It is an important concern in the realm of functional safety for automotive systems. We present an automated method for the analysis of concurrency-related interferences based on the QuantUM approach and tool that we have previously developed....

  18. Reusable libraries for safety-critical Java

    DEFF Research Database (Denmark)

    Rios Rivas, Juan Ricardo; Schoeberl, Martin

    2014-01-01

    The large collection of Java class libraries is a main factor of the success of Java. However, these libraries assume that a garbage-collected heap is used. Safety-critical Java uses scope-based memory areas instead of a garbage-collected heap. Therefore, the Java class libraries are problematic...... to use in safety-critical Java. We have identified common programming patterns in the Java class libraries that make them unsuitable for safety-critical Java. We propose ways to improve the libraries to avoid the impact of the identified problematic patterns. We illustrate these changes by implementing...

  19. Critical enrichment and critical density of infinite systems for nuclear criticality safety evaluation

    International Nuclear Information System (INIS)

    Naito, Yoshitaka; Koyama, Takashi; Komuro, Yuichi

    1986-03-01

    Critical enrichment and critical density of homogenous infinite systems, such as U-H 2 O, UO 2 -H 2 O, UO 2 F 2 aqueous solution, UO 2 (NO 3 ) 2 aqueous solution, Pu-H 2 O, PuO 2 -H 2 O, Pu(NO 3 ) 4 aqueous solution and PuO 2 ·UO 2 -H 2 O, were calculated with the criticality safety evaluation computer code system JACS for nuclear criticality safety evaluation on fuel facilities. The computed results were compared with the data described in European and American criticality handbooks and showed good agreement with each other. (author)

  20. V&V Within Reuse-Based Software Engineering

    Science.gov (United States)

    Addy, Edward A.

    1996-01-01

    Verification and Validation (V&V) is used to increase the level of assurance of critical software, particularly that of safety-critical and mission-critical software. V&V is a systems engineering discipline that evaluates the software in a systems context, and is currently applied during the development of a specific application system. In order to bring the effectiveness of V&V to bear within reuse-based software engineering, V&V must be incorporated within the domain engineering process.

  1. 14 CFR 417.123 - Computing systems and software.

    Science.gov (United States)

    2010-01-01

    ... 14 Aeronautics and Space 4 2010-01-01 2010-01-01 false Computing systems and software. 417.123... systems and software. (a) A launch operator must document a system safety process that identifies the... systems and software. (b) A launch operator must identify all safety-critical functions associated with...

  2. Human-centred radiological software techniques supporting improved nuclear safety

    International Nuclear Information System (INIS)

    Szoeke, Istvan; Johnsen, Terje

    2013-01-01

    The Institute for Energy Technology (IFE) is an international research foundation for energy and nuclear technology. IFE is also the host for the international OECD Halden Reactor Project. The Software Engineering Department in the Man Technology Organisation at IFE is a leading international centre of competence for the development and evaluation of human-centred technologies, process visualisation, and the lifecycle of high integrity software important to safety. This paper is an attempt to give a general overview of the current, and some of the foreseen, research and development of human-centred radiological software technologies at the Software Engineering department to meet with the need of improved radiological safety for not only nuclear industry but also other industries around the world. (author)

  3. 12: Assuring the quality of critical software

    International Nuclear Information System (INIS)

    Jacky, J.; Kalet, I.

    1987-01-01

    The authors recommend quality assurance procedures for radiation therapy software. Software quality assurance deals with preventing, detecting and repairing programming errors. Error detection difficulties are most severe in computer-based control systems, for example therapy machine control systems, because it may be impossible for users to confirm correct operation while treatments are in progress, or to intervene if things go wrong. Software quality assurance techniques observed in other industries in which public safety is at risk are reviewed. In some of these industries software must be approved or certified before it can be used. Approval is subject to technical reviews and audits by experts other than the program authors. The main obstacles to adoption of these techniques in the radiation therapy field are costs, lack of familiarity and doubts regarding efficacy. 18 refs

  4. Software V and V methods for a safety - grade programmable logic controller

    International Nuclear Information System (INIS)

    Jang Yeol Kim; Young Jun Lee; Kyung Ho Cha; Se Woo Cheon; Jang Soo Lee; Kee Choon Kwon

    2006-01-01

    This paper addresses the Verification and Validation(V and V) process and the methodology for an embedded real time software of a safety-grade Programmable Logic Controller(PLC). This safety- grade PLC is being developed as one of the Korean Nuclear Instrumentation and Control System (KNICS) projects. KNICS projects are developing a Reactor Protection System(RPS) and an Engineered Safety Feature-Component Control System(ESF-CCS) as well as a safety-grade PLC. The safety-grade PLC will be a major component that encomposes the RPS systems and the ESF-CCS systems as nuclear instruments and control equipment. This paper describes the V and V guidelines and procedures, V and V environment, V and V process and methodology, and the V and V tools in the KNICS projects. Specifically, it describes the real-time operating system V and V experience which corresponds to the requirement analysis phase, design phase and the implementation and testing phase of the software development life cycle. Main activities of the V and V for the PLC system software are a technical evaluation, licensing suitability evaluation, inspection and traceability analysis, formal verification, software safety analysis, and a software configuration management. The proposed V and V methodology satisfies the Standard Review Plan(SRP)/Branch Technical Position(BTP)-14 criteria for the safety software in nuclear power plants. The proposed V and V methodology is going to be used to verify the upcoming software life cycle in the KNICS projects. (author)

  5. A desktop 3D printer in safety-critical Java

    DEFF Research Database (Denmark)

    Strøm, Tórur Biskopstø; Schoeberl, Martin

    2012-01-01

    there exist several safety-critical Java framework implementations, there is a lack of safety-critical use cases implemented according to the specification. In this paper we present a 3D printer and its safety-critical Java level 1 implementation as a use case. With basis in the implementation we evaluate......It is desirable to bring Java technology to safety-critical systems. To this end The Open Group has created the safety-critical Java specification, which will allow Java applications, written according to the specification, to be certifiable in accordance with safety-critical standards. Although...

  6. Criticality Safety Evaluation for the TACS at DAF

    Energy Technology Data Exchange (ETDEWEB)

    Percher, C. M. [Lawrence Livermore National Lab. (LLNL), Livermore, CA (United States); Heinrichs, D. P. [Lawrence Livermore National Lab. (LLNL), Livermore, CA (United States)

    2011-06-10

    Hands-on experimental training in the physical behavior of multiplying systems is one of ten key areas of training required for practitioners to become qualified in the discipline of criticality safety as identified in DOE-STD-1135-99, Guidance for Nuclear Criticality Safety Engineer Training and Qualification. This document is a criticality safety evaluation of the training activities and operations associated with HS-3201-P, Nuclear Criticality 4-Day Training Course (Practical). This course was designed to also address the training needs of nuclear criticality safety professionals under the auspices of the NNSA Nuclear Criticality Safety Program1. The hands-on, or laboratory, portion of the course will utilize the Training Assembly for Criticality Safety (TACS) and will be conducted in the Device Assembly Facility (DAF) at the Nevada Nuclear Security Site (NNSS). The training activities will be conducted by Lawrence Livermore National Laboratory following the requirements of an Integrated Work Sheet (IWS) and associated Safety Plan. Students will be allowed to handle the fissile material under the supervision of an LLNL Certified Fissile Material Handler.

  7. The Department of Energy nuclear criticality safety program

    International Nuclear Information System (INIS)

    Felty, J.R.

    2004-01-01

    This paper broadly covers key events and activities from which the Department of Energy Nuclear Criticality Safety Program (NCSP) evolved. The NCSP maintains fundamental infrastructure that supports operational criticality safety programs. This infrastructure includes continued development and maintenance of key calculational tools, differential and integral data measurements, benchmark compilation, development of training resources, hands-on training, and web-based systems to enhance information preservation and dissemination. The NCSP was initiated in response to Defense Nuclear Facilities Safety Board Recommendation 97-2, Criticality Safety, and evolved from a predecessor program, the Nuclear Criticality Predictability Program, that was initiated in response to Defense Nuclear Facilities Safety Board Recommendation 93-2, The Need for Critical Experiment Capability. This paper also discusses the role Dr. Sol Pearlstein played in helping the Department of Energy lay the foundation for a robust and enduring criticality safety infrastructure.

  8. Application of software to development of reactor-safety codes

    International Nuclear Information System (INIS)

    Wilburn, N.P.; Niccoli, L.G.

    1980-09-01

    Over the past two-and-a-half decades, the application of new techniques has reduced hardware cost for digital computer systems and increased computational speed by several orders of magnitude. A corresponding cost reduction in business and scientific software development has not occurred. The same situation is seen for software developed to model the thermohydraulic behavior of nuclear systems under hypothetical accident situations. For all cases this is particularly noted when costs over the total software life cycle are considered. A solution to this dilemma for reactor safety code systems has been demonstrated by applying the software engineering techniques which have been developed over the course of the last few years in the aerospace and business communities. These techniques have been applied recently with a great deal of success in four major projects at the Hanford Engineering Development Laboratory (HEDL): 1) a rewrite of a major safety code (MELT); 2) development of a new code system (CONACS) for description of the response of LMFBR containment to hypothetical accidents, and 3) development of two new modules for reactor safety analysis

  9. Psychological Safety and Norm Clarity in Software Engineering Teams

    OpenAIRE

    Lenberg, Per; Feldt, Robert

    2018-01-01

    In the software engineering industry today, companies primarily conduct their work in teams. To increase organizational productivity, it is thus crucial to know the factors that affect team effectiveness. Two team-related concepts that have gained prominence lately are psychological safety and team norms. Still, few studies exist that explore these in a software engineering context. Therefore, with the aim of extending the knowledge of these concepts, we examined if psychological safety and t...

  10. Licensing of safety critical software for nuclear reactors. Common position of seven European nuclear regulators and authorised technical support organisations

    International Nuclear Information System (INIS)

    2007-01-01

    The major result of the work is the identification of consensus and common technical positions on a set of important licensing issues raised by the design and operation of computer-based systems used in Nuclear Power Plants for safety functions. The purpose is to introduce greater consistency and more mutual acceptance into current practices. To achieve these common positions, detailed consideration was paid to the licensing approaches followed in the different countries represented by the experts of the task force. The report is intended to be useful: - to coordinate regulators' and safety experts' technical viewpoints in the design of regulators' national policies and in revisions of guidelines; - as a reference in safety cases and demonstrations of safety of software based systems; - as guidance for system design specifications by manufacturers and major I and C suppliers on the international market. The task force decided at an early stage to focus attention on computer based systems used in Nuclear Power Plants for the implementation of safety functions; namely, those systems classified by the IAEA as 'Safety Systems'. Therefore, recommendations of this report - except those of chapter 1.11 - primarily address 'safety systems' and not 'safety related systems'. It was felt that the most difficult aspects of the licensing of digital programmable systems are rooted in the specific properties of the technology. The objective was therefore to delineate practical and technical licensing guidance, rather than discussing or proposing basic principles or requirements. The design requirements and the basic principles of nuclear safety in force in each member state are assumed to remain applicable. This report represents the consensus view achieved by the experts who contributed to the task force. It is the result of what was at the time of its initiation a first attempt at the international level to achieve consensus among nuclear regulators on practical methods for

  11. Overview of DOE/ONS criticality safety projects

    International Nuclear Information System (INIS)

    Barber, R.W.; Brown, B.P.; Hopper, C.M.

    1985-01-01

    The evolution of Federal involvement with nuclear criticality safety has traversed through the 1940's and early 1950's with the Manhattan Engineering District, the 1950's and 1960's with the Atomic Energy Commission, the early 1970's with the Energy Research and Development Administration, and the late 1970's to date with the US Department of Energy. The importance of nuclear criticality safety has been maintained throughout these periods; however, criticality safety has received shifting emphases in research/applications, promulgations of regulations/standards, origins of fiscal support and organization. In June 1981 the Office of Nuclear Safety was established in response to a Department of Energy study of the impact of the March 1979 Three Mile Island accident. The organizational structure of the ONS, its program for establishing and maintaining a progressive nuclear criticality safety program, and associated projects, and current history of ONS's fiscal support of program projects is presented. With the establishment of the ONS came concomitant missions to develop and maintain nuclear safety policy and requirements, to provide independent assurance that nuclear operations are performed safely, to provide resources and management for DOE responses to nuclear accidents, and to provide technical support. In the past four years, ONS has developed and initiated a continuing Department Nuclear Criticality Safety Program in such areas as communications and information, physics of criticality, knowledge of factors affecting criticality, and computational capability

  12. A Profile for Safety Critical Java

    DEFF Research Database (Denmark)

    Schoeberl, Martin; Søndergaard, Hans; Thomsen, Bent

    2007-01-01

    We propose a new, minimal specification for real-time Java for safety critical applications. The intention is to provide a profile that supports programming of applications that can be validated against safety critical standards such as DO-178B [15]. The proposed profile is in line with the Java...... specification request JSR-302: Safety Critical Java Technology, which is still under discussion. In contrast to the current direction of the expert group for the JSR-302 we do not subset the rather complex Real-Time Specification for Java (RTSJ). Nevertheless, our profile can be implemented on top of an RTSJ...

  13. Criticality safety research on nuclear fuel cycle facility

    Energy Technology Data Exchange (ETDEWEB)

    Miyoshi, Yoshinori [Japan Atomic Energy Research Inst., Tokai, Ibaraki (Japan). Tokai Research Establishment

    2004-07-01

    This paper present d s current status and future program of the criticality safety research on nuclear fuel cycle made by Japan Atomic Energy Research Institute. Experimental research on solution fuel treated in reprocessing plant has been performed using two critical facilities, STACY and TRACY. Fundamental data of static and transient characteristics are accumulated for validation of criticality safety codes. Subcritical measurements are also made for developing a monitoring system for criticality safety. Criticality safety codes system for solution and power system, and evaluation method related to burnup credit are developed. (author)

  14. Formal Methods for Life-Critical Software

    Science.gov (United States)

    Butler, Ricky W.; Johnson, Sally C.

    1993-01-01

    The use of computer software in life-critical applications, such as for civil air transports, demands the use of rigorous formal mathematical verification procedures. This paper demonstrates how to apply formal methods to the development and verification of software by leading the reader step-by-step through requirements analysis, design, implementation, and verification of an electronic phone book application. The current maturity and limitations of formal methods tools and techniques are then discussed, and a number of examples of the successful use of formal methods by industry are cited.

  15. Achieving Critical System Survivability Through Software Architectures

    National Research Council Canada - National Science Library

    Knight, John C; Strunk, Elisabeth A

    2006-01-01

    .... In a system with a survivability architecture, under adverse conditions such as system damage or software failures, some desirable function will be eliminated but critical services will be retained...

  16. Development of evaluation method for software safety analysis techniques

    International Nuclear Information System (INIS)

    Huang, H.; Tu, W.; Shih, C.; Chen, C.; Yang, W.; Yih, S.; Kuo, C.; Chen, M.

    2006-01-01

    Full text: Full text: Following the massive adoption of digital Instrumentation and Control (I and C) system for nuclear power plant (NPP), various Software Safety Analysis (SSA) techniques are used to evaluate the NPP safety for adopting appropriate digital I and C system, and then to reduce risk to acceptable level. However, each technique has its specific advantage and disadvantage. If the two or more techniques can be complementarily incorporated, the SSA combination would be more acceptable. As a result, if proper evaluation criteria are available, the analyst can then choose appropriate technique combination to perform analysis on the basis of resources. This research evaluated the applicable software safety analysis techniques nowadays, such as, Preliminary Hazard Analysis (PHA), Failure Modes and Effects Analysis (FMEA), Fault Tree Analysis (FTA), Markov chain modeling, Dynamic Flowgraph Methodology (DFM), and simulation-based model analysis; and then determined indexes in view of their characteristics, which include dynamic capability, completeness, achievability, detail, signal/ noise ratio, complexity, and implementation cost. These indexes may help the decision makers and the software safety analysts to choose the best SSA combination arrange their own software safety plan. By this proposed method, the analysts can evaluate various SSA combinations for specific purpose. According to the case study results, the traditional PHA + FMEA + FTA (with failure rate) + Markov chain modeling (without transfer rate) combination is not competitive due to the dilemma for obtaining acceptable software failure rates. However, the systematic architecture of FTA and Markov chain modeling is still valuable for realizing the software fault structure. The system centric techniques, such as DFM and Simulation-based model analysis, show the advantage on dynamic capability, achievability, detail, signal/noise ratio. However, their disadvantage are the completeness complexity

  17. Nuclear criticality safety in Canada

    International Nuclear Information System (INIS)

    Shultz, K.R.

    1980-04-01

    The approach taken to nuclear criticality safety in Canada has been influenced by the historical development of participants. The roles played by governmental agencies and private industry since the Atomic Energy Control Act was passed into Canadian Law in 1946 are outlined to set the scene for the current situation and directions that may be taken in the future. Nuclear criticality safety puts emphasis on the control of materials called special fissionable material in Canada. A brief account is given of the historical development and philosophy underlying the existing regulations governing special fissionable material. Subsequent events have led to a change in emphasis in the regulatory process that has not yet been fully integrated into Canadian legislation and regulations. Current efforts towards further development of regulations governing the practice of nuclear criticality safety are described. (auth)

  18. Method for critical software event execution reliability in high integrity software

    Energy Technology Data Exchange (ETDEWEB)

    Kidd, M.E. [Sandia National Labs., Albuquerque, NM (United States)

    1997-11-01

    This report contains viewgraphs on a method called SEER, which provides a high level of confidence that critical software driven event execution sequences faithfully exceute in the face of transient computer architecture failures in both normal and abnormal operating environments.

  19. The SCALE Web site: Resources for the worldwide nuclear criticality safety community

    International Nuclear Information System (INIS)

    Bowman, S.M.

    2000-01-01

    The Standardized Computer Analyses for Licensing Evaluations (SCALE) computer software system developed at Oak Ridge National Laboratory (ORNL) is widely used and accepted around the world for criticality safety analyses. SCALE includes the well-known KENO V.a and KENO VI three-dimensional Monte Carlo criticality computer codes. For several years, the SCALE staff at ORNL has maintained a Web site to provide information and support to sponsors and users in the worldwide criticality safety community. The SCALE WEB site is located at www.cped.ornl.gov/scale and provides information in the following areas: 1. important notices to users; 2. SCALE Users Electronic Notebook; 3. current and past issues of the SCALE Newsletter; 4. verification and validation (V and V) and benchmark reports; 5. download updates, utilities, and V and V input files; 6. SCALE training course information; 7. SCALE Manual on-line; 8. overview of SCALE system; 9. how to install and run SCALE; 10. SCALE quality assurance documents; and 11. nuclear resources on the Internet

  20. Two viewpoints for software failures and their relation in probabilistic safety assessment of digital instrumentation and control systems

    International Nuclear Information System (INIS)

    Kim, Man Cheol

    2015-01-01

    As the use of digital systems in nuclear power plants increases, the reliability of the software becomes one of the important issues in probabilistic safety assessment. In this paper, two viewpoints for a software failure during the operation of a digital system or a statistical software test are identified, and the relation between them is provided. In conventional software reliability analysis, a failure is mainly viewed with respect to the system operation. A new viewpoint with respect to the system input is suggested. The failure probability density functions for the two viewpoints are defined, and the relation between the two failure probability density functions is derived. Each failure probability density function can be derived from the other failure probability density function by applying the derived relation between the two failure probability density functions. The usefulness of the derived relation is demonstrated by applying it to the failure data obtained from the software testing of a real system. The two viewpoints and their relation, as identified in this paper, are expected to help us extend our understanding of the reliability of safety-critical software. (author)

  1. Nuclear criticality safety: 3-day training course

    International Nuclear Information System (INIS)

    Schlesser, J.A.

    1993-06-01

    The open-quotes 3-Day Training Courseclose quotes is an intensive course in criticality safety consisting of lectures and laboratory sessions, including active student participation in actual critical experiments, a visit to a plutonium processing facility, and in-depth discussions on safety philosophy. The program is directed toward personnel who currently have criticality safety responsibilities in the capacity of supervisory staff and/or line management. This compilation of notes is presented as a source reference for the criticality safety course. It represents the contributions of many people, particularly Tom McLaughlin, the course's primary instructor. It should be noted that when chapters were extracted, an attempt was made to maintain footnotes and references as originally written. Photographs and illustrations are numbered sequentially

  2. Application of an integrated PC-based neutronics code system to criticality safety

    International Nuclear Information System (INIS)

    Briggs, J.B.; Nigg, D.W.

    1991-01-01

    An integrated system of neutronics and radiation transport software suitable for operation in an IBM PC-class environment has been under development at the Idaho National Engineering Laboratory (INEL) for the past four years. Four modules within the system are particularly useful for criticality safety applications. Using the neutronics portion of the integrated code system, effective neutron multiplication values (k eff values) have been calculated for a variety of benchmark critical experiments for metal systems (Plutonium and Uranium), Aqueous Systems (Plutonium and Uranium) and LWR fuel rod arrays. A description of the codes and methods used in the analysis and the results of the benchmark critical experiments are presented in this paper. In general, excellent agreement was found between calculated and experimental results. (Author)

  3. A Generic Software Safety Document Generator

    Science.gov (United States)

    Denney, Ewen; Venkatesan, Ram Prasad

    2004-01-01

    Formal certification is based on the idea that a mathematical proof of some property of a piece of software can be regarded as a certificate of correctness which, in principle, can be subjected to external scrutiny. In practice, however, proofs themselves are unlikely to be of much interest to engineers. Nevertheless, it is possible to use the information obtained from a mathematical analysis of software to produce a detailed textual justification of correctness. In this paper, we describe an approach to generating textual explanations from automatically generated proofs of program safety, where the proofs are of compliance with an explicit safety policy that can be varied. Key to this is tracing proof obligations back to the program, and we describe a tool which implements this to certify code auto-generated by AutoBayes and AutoFilter, program synthesis systems under development at the NASA Ames Research Center. Our approach is a step towards combining formal certification with traditional certification methods.

  4. Status of criticality safety research at NUCEF

    Energy Technology Data Exchange (ETDEWEB)

    Nakajima, Ken [Japan Atomic Energy Research Inst., Tokai, Ibaraki (Japan). Tokai Research Establishment

    1998-03-01

    Two critical facilities, named STACY (Static Experiment Critical Facility) and TRACY (Transient Experiment Critical Facility), at the Nuclear Fuel Cycle Safety Engineering Research Facility (NUCEF) started their hot operations in 1995. Since then, basic experimental data for criticality safety research have been accumulated using STACY, and supercritical experiments for the study of criticality accident in a reprocessing plant have been performed using TRACY. In this paper, the outline of those critical facilities and the main results of TRACY experiments are presented. (author)

  5. Proceedings of the Nuclear Criticality Technology Safety Workshop

    Energy Technology Data Exchange (ETDEWEB)

    Rene G. Sanchez

    1998-04-01

    This document contains summaries of most of the papers presented at the 1995 Nuclear Criticality Technology Safety Project (NCTSP) meeting, which was held May 16 and 17 at San Diego, Ca. The meeting was broken up into seven sessions, which covered the following topics: (1) Criticality Safety of Project Sapphire; (2) Relevant Experiments For Criticality Safety; (3) Interactions with the Former Soviet Union; (4) Misapplications and Limitations of Monte Carlo Methods Directed Toward Criticality Safety Analyses; (5) Monte Carlo Vulnerabilities of Execution and Interpretation; (6) Monte Carlo Vulnerabilities of Representation; and (7) Benchmark Comparisons.

  6. 77 FR 50724 - Developing Software Life Cycle Processes for Digital Computer Software Used in Safety Systems of...

    Science.gov (United States)

    2012-08-22

    ... review of applications for permits and licenses. The DG entitled ``Developing Software Life Cycle... NUCLEAR REGULATORY COMMISSION [NRC-2012-0195] Developing Software Life Cycle Processes for Digital Computer Software Used in Safety Systems of Nuclear Power Plants AGENCY: Nuclear Regulatory Commission...

  7. Program of nuclear criticality safety experiment at JAERI

    International Nuclear Information System (INIS)

    Kobayashi, Iwao; Tachimori, Shoichi; Takeshita, Isao; Suzaki, Takenori; Ohnishi, Nobuaki

    1983-11-01

    JAERI is promoting the nuclear criticality safety research program, in which a new facility for criticality safety experiments (Criticality Safety Experimental Facility : CSEF) is to be built for the experiments with solution fuel. One of the experimental researches is to measure, collect and evaluate the experimental data needed for evaluation of criticality safety of the nuclear fuel cycle facilities. Another research area is a study of the phenomena themselves which are incidental to postulated critical accidents. Investigation of the scale and characteristics of the influences caused by the accident is also included in this research. The result of the conceptual design of CSEF is summarized in this report. (author)

  8. Criticality safety

    International Nuclear Information System (INIS)

    Walker, G.

    1983-01-01

    When a sufficient quantity of fissile material is brought together a self-sustaining neutron chain reaction will be started in it and will continue until some change occurs in the fissile material to stop the chain reaction. The quantity of fissile material required is the 'Critical Mass'. This is not a fixed quantity even for a given type of fissile material but varies between quite wide limits depending on a number of factors. In a nuclear reactor the critical mass of fissile material is assembled under well-defined condition to produce a controllable chain reaction. The same materials have to be handled outside the reactor in all stages of fuel element manufacture, storage, transport and irradiated fuel reprocessing. At any stage it is possible (at least in principle) to assemble a critical mass and thus initiate an accidental and uncontrollable chain reaction. Avoiding this is what criticality safety is all about. A system is just critical when the rate of production of neutrons balances the rate of loss either by escape or by absorption. The factors affecting criticality are, therefore, those which effect neutron production and loss. The principal ones are:- type of nuclide and enrichment (or isotopic composition), moderation, reflection, concentration (density), shape and interaction. Each factor is considered in detail. (author)

  9. Using simplex method in verifying software safety

    Directory of Open Access Journals (Sweden)

    Vujošević-Janičić Milena

    2009-01-01

    Full Text Available In this paper we have discussed the application of the Simplex method in checking software safety - the application in automated detection of buffer overflows in C programs. This problem is important because buffer overflows are suitable targets for hackers' security attacks and sources of serious program misbehavior. We have also described our implementation, including a system for generating software correctness conditions and a Simplex based theorem prover that resolves these conditions.

  10. Is Model-Based Development a Favorable Approach for Complex and Safety-Critical Computer Systems on Commercial Aircraft?

    Science.gov (United States)

    Torres-Pomales, Wilfredo

    2014-01-01

    A system is safety-critical if its failure can endanger human life or cause significant damage to property or the environment. State-of-the-art computer systems on commercial aircraft are highly complex, software-intensive, functionally integrated, and network-centric systems of systems. Ensuring that such systems are safe and comply with existing safety regulations is costly and time-consuming as the level of rigor in the development process, especially the validation and verification activities, is determined by considerations of system complexity and safety criticality. A significant degree of care and deep insight into the operational principles of these systems is required to ensure adequate coverage of all design implications relevant to system safety. Model-based development methodologies, methods, tools, and techniques facilitate collaboration and enable the use of common design artifacts among groups dealing with different aspects of the development of a system. This paper examines the application of model-based development to complex and safety-critical aircraft computer systems. Benefits and detriments are identified and an overall assessment of the approach is given.

  11. The International Criticality Safety Benchmark Evaluation Project

    International Nuclear Information System (INIS)

    Briggs, B. J.; Dean, V. F.; Pesic, M. P.

    2001-01-01

    In order to properly manage the risk of a nuclear criticality accident, it is important to establish the conditions for which such an accident becomes possible for any activity involving fissile material. Only when this information is known is it possible to establish the likelihood of actually achieving such conditions. It is therefore important that criticality safety analysts have confidence in the accuracy of their calculations. Confidence in analytical results can only be gained through comparison of those results with experimental data. The Criticality Safety Benchmark Evaluation Project (CSBEP) was initiated in October of 1992 by the US Department of Energy. The project was managed through the Idaho National Engineering and Environmental Laboratory (INEEL), but involved nationally known criticality safety experts from Los Alamos National Laboratory, Lawrence Livermore National Laboratory, Savannah River Technology Center, Oak Ridge National Laboratory and the Y-12 Plant, Hanford, Argonne National Laboratory, and the Rocky Flats Plant. An International Criticality Safety Data Exchange component was added to the project during 1994 and the project became what is currently known as the International Criticality Safety Benchmark Evaluation Project (ICSBEP). Representatives from the United Kingdom, France, Japan, the Russian Federation, Hungary, Kazakhstan, Korea, Slovenia, Yugoslavia, Spain, and Israel are now participating on the project In December of 1994, the ICSBEP became an official activity of the Organization for Economic Cooperation and Development - Nuclear Energy Agency's (OECD-NEA) Nuclear Science Committee. The United States currently remains the lead country, providing most of the administrative support. The purpose of the ICSBEP is to: (1) identify and evaluate a comprehensive set of critical benchmark data; (2) verify the data, to the extent possible, by reviewing original and subsequently revised documentation, and by talking with the

  12. Halden project activities on software dependability

    International Nuclear Information System (INIS)

    Dahll, G.; Sivertsen.

    1994-01-01

    Since 1977, the OECD Halden Reactor Project has been working in the field of software dependability. Special emphasis has been put on the use of software in safety critical systems. All phases in software development, from specification through software development, verification, and validation have been covered and are discussed in this article

  13. The PSA of safety-critical digital I and C system: the determination of important factors and sensitivity analysis

    International Nuclear Information System (INIS)

    Kang, H. G.; Sung, T. Y.; Eom, H. S.; Jeong, H. S.; Park, J. K.; Lee, K. Y.; Park, J. K.

    2002-01-01

    This report is prepared to suggest a practical Probabilistic Safety Assessment (PSA) methodology of safety-critical digital instrumentation and control (I and C) systems. Even though conventional probabilistic safety assessment methods are immature for applying to microprocessor-based digital systems, practical needs force to apply it because the result of probabilistic safety assessment plays very important role in proving the safety of a designed system. Microprocessors and software technologies make the digital system very complex and hard to analyze the safety of their applications. The aim of this is: (1) To summarize the factors which should be represented by the model for probabilistic safety assessment and to propose a standpoint of evaluation for digital systems. (2) To quantitatively presents the results of a mathematical case study which examines the analysis framework of the safety of digital systems in the context of the PSA. (3) To show the results of a sensitivity study for some critical factors

  14. 78 FR 47011 - Software Unit Testing for Digital Computer Software Used in Safety Systems of Nuclear Power Plants

    Science.gov (United States)

    2013-08-02

    ... NUCLEAR REGULATORY COMMISSION [NRC-2012-0195] Software Unit Testing for Digital Computer Software... revised regulatory guide (RG), revision 1 of RG 1.171, ``Software Unit Testing for Digital Computer Software Used in Safety Systems of Nuclear Power Plants.'' This RG endorses American National Standards...

  15. 77 FR 50722 - Software Unit Testing for Digital Computer Software Used in Safety Systems of Nuclear Power Plants

    Science.gov (United States)

    2012-08-22

    ... NUCLEAR REGULATORY COMMISSION [NRC-2012-0195] Software Unit Testing for Digital Computer Software...) is issuing for public comment draft regulatory guide (DG), DG-1208, ``Software Unit Testing for Digital Computer Software used in Safety Systems of Nuclear Power Plants.'' The DG-1208 is proposed...

  16. Plant safety review from mass criticality accident

    International Nuclear Information System (INIS)

    Susanto, B.G.

    2000-01-01

    The review has been done to understand the resent status of the plant in facing postulated mass criticality accident. From the design concept of the plant all the components in the system including functional groups have been designed based on favorable mass/geometry safety principle. The criticality safety for each component is guaranteed because all the dimensions relevant to criticality of the components are smaller than dimensions of 'favorable mass/geometry'. The procedures covering all aspects affecting quality including the safety related are developed and adhered to at all times. Staff are indoctrinated periodically in short training session to warn the important of the safety in process of production. The plant is fully equipped with 6 (six) criticality detectors in strategic places to alert employees whenever the postulated mass criticality accident occur. In the event of Nuclear Emergency Preparedness, PT BATAN TEKNOLOGI has also proposed the organization structure how promptly to report the crisis to Nuclear Energy Control Board (BAPETEN) Indonesia. (author)

  17. Quality assurance requirements for the computer software and safety analyses

    International Nuclear Information System (INIS)

    Husarecek, J.

    1992-01-01

    The requirements are given as placed on the development, procurement, maintenance, and application of software for the creation or processing of data during the design, construction, operation, repair, maintenance and safety-related upgrading of nuclear power plants. The verification and validation processes are highlighted, and the requirements put on the software documentation are outlined. The general quality assurance principles applied to safety analyses are characterized. (J.B.). 1 ref

  18. Nuclear Criticality Safety Handbook, Version 2. English translation

    International Nuclear Information System (INIS)

    2001-08-01

    The Nuclear Criticality Safety Handbook, Version 2 essentially includes the description of the Supplement Report to the Nuclear Criticality Safety Handbook, released in 1995, into the first version of the Nuclear Criticality Safety Handbook, published in 1988. The following two points are new: (1) exemplifying safety margins related to modeled dissolution and extraction processes, (2) describing evaluation methods and alarm system for criticality accidents. Revision has been made based on previous studies for the chapter that treats modeling the fuel system: e.g., the fuel grain size that the system can be regarded as homogeneous, non-uniformity effect of fuel solution, an burnup credit. This revision has solved the inconsistencies found in the first version between the evaluation of errors found in JACS code system and the criticality condition data that were calculated based on the evaluation. This report is an English translation of the Nuclear Criticality Safety Handbook, Version 2, originally published in Japanese as JAERI 1340 in 1999. (author)

  19. Software used to size the safety devices

    CERN Multimedia

    CERN. Geneva

    2016-01-01

    To avoid mistakes during the calculation, CEA/SBT has decided to write a software that take into account all the situations it is possible to encountered (subcritical state, supercritical state, …). The goal is to permit to the engineer in charge of a cryostat manufacturing to perform this calculation; he is the only person able to do the accidental analysis which is fundamental for the sizing of the safety device. The software performed will be presented.

  20. Fault tree analysis of KNICS RPS software

    International Nuclear Information System (INIS)

    Park, Gee Yong; Kwon, Kee Choon; Koh, Kwang Yong; Jee, Eun Kyoung; Seong, Poong Hyun; Lee, Dae Hyung

    2008-01-01

    This paper describes the application of a software Fault Tree Analysis (FTA) as one of the analysis techniques for a Software Safety Analysis (SSA) at the design phase and its analysis results for the safety-critical software of a digital reactor protection system, which is called the KNICS RPS, being developed in the KNICS (Korea Nuclear Instrumentation and Control Systems) project. The software modules in the design description were represented by Function Blocks (FBs), and the software FTA was performed based on the well-defined fault tree templates for the FBs. The SSA, which is part of the verification and validation (V and V) activities, was activated at each phase of the software lifecycle for the KNICS RPS. At the design phase, the software HAZOP (Hazard and Operability) and the software FTA were employed in the SSA in such a way that the software HAZOP was performed first and then the software FTA was applied. The software FTA was applied to some critical modules selected from the software HAZOP analysis

  1. Realism in nuclear criticality safety

    International Nuclear Information System (INIS)

    McLaughlin, T. P.

    2009-01-01

    Commercial nuclear power plant operation and regulation have made remarkable progress since the Three Mile Island Accident. This is attributed largely to a heavy dose of introspection and self-regulation by the industry and to a significant infusion of risk-informed and performance-based regulation by the Nuclear Regulatory Commission. This truly represents reality in action both by the plant operators and the regulators. On the other hand, the implementation of nuclear criticality safety in ex-reactor operations involving significant quantities of fissile material has not progressed, but, tragically, it has regressed. Not only is the practice of the discipline in excess of a factor of ten more expensive than decades ago; the trend continues. This unfortunate reality is attributed to a lack of coordination within the industry (as contrasted to what occurred in the reactor operations sector), and to a lack of implementation of risk-informed and performance-based regulation by the NRC While the criticality safety discipline is orders of magnitude smaller than the reactor safety discipline, both operators and regulators must learn from the progress made in reactor safety and apply it to the former to reduce the waste, inefficiency and potentially increased accident risks associated with current practices. Only when these changes are made will there be progress made toward putting realism back into nuclear criticality safety. (authors)

  2. Introduction to 'International Handbook of Criticality Safety Benchmark Experiments'

    International Nuclear Information System (INIS)

    Komuro, Yuichi

    1998-01-01

    The Criticality Safety Benchmark Evaluation Project (CSBEP) was initiated in 1992 by the United States Department of Energy. The project quickly became an international effort as scientists from other interested countries became involved. The International Criticality Safety Benchmark Evaluation Project (ICSBEP) is now an official activity of the Organization for Economic Cooperation and Development-Nuclear Energy Agency (OECD-NEA). 'International Handbook of Criticality Safety Benchmark Experiments' was prepared and is updated year by year by the working group of the project. This handbook contains criticality safety benchmark specifications that have been derived from experiments that were performed at various nuclear critical facilities around the world. The benchmark specifications are intended for use by criticality safety engineers to validate calculation techniques used. The author briefly introduces the informative handbook and would like to encourage Japanese engineers who are in charge of nuclear criticality safety to use the handbook. (author)

  3. Trustworthy Variant Derivation with Translation Validation for Safety Critical Product Lines

    DEFF Research Database (Denmark)

    Iosif-Lazăr, Alexandru Florin; Wasowski, Andrzej

    2016-01-01

    Software product line (SPL) engineering facilitates development of entire families of software products with systematic reuse. Model driven SPLs use models in the design and development process. In the safety critical domain, validation of models and testing of code increases the quality...... of the products altogether. However, to maintain this trustworthiness it is necessary to know that the SPL tools, which manipulate models and code to derive concrete product variants, do not introduce errors in the process. We propose a general technique of checking correctness of product derivation tools through...... translation validation. We demonstrate it using Featherweight VML—a core language for separate variability modeling relying on a single kind of variation point to define transformations of artifacts seen as object models. We use Featherweight VML with its semantics as a correctness specification...

  4. Software quality assurance for safety analysis and risk management at the Savannah River Site

    International Nuclear Information System (INIS)

    Ades, M.J.; Toffer, H.; Crowe, R.D.

    1991-01-01

    As part of its Reactor Operations Improvement Program at the Savannah River Site (SRS), Westinghouse Savannah River Company (WSRC), in cooperation with the Westinghouse Hanford Company, has developed and implemented quality assurance for safety-related software for technical programs essential to the safety and reliability of reactor operations. More specifically, the quality assurance process involved the development and implementation of quality standards and attendant procedures based on industry software quality standards. These procedures were then applied to computer codes in reactor safety and probabilistic risk assessment analyses. This paper provides a review of the major aspects of the WSRC safety-related software quality assurance. In particular, quality assurance procedures are described for the different life cycle phases of the software that include the Requirements, Software Design and Implementation, Testing and Installation, Operation and Maintenance, and Retirement Phases. For each phase, specific provisions are made to categorize the range of activities, the level of responsibilities, and the documentation needed to assure the control of the software. The software quality assurance procedures developed and implemented are evolutionary in nature, and thus, prone to further refinements. These procedures, nevertheless, represent an effective controlling tool for the development, production, and operation of safety-related software applicable to reactor safety and probabilistic risk assessment analyses

  5. SMART-P MMIS Software Development by Considering the Software License for Nuclear Power Plants and the Development Cost

    International Nuclear Information System (INIS)

    Suh, Yong Suk; Park, Jae Hong; Park, Heui Youn; Son, Ki Sung; Lee, Ki Hyun; Kim, Hyeon Soo

    2005-01-01

    The acceptance criteria of software for safety system functions in NPPs (Nuclear Power Plants) are as follows: 1) acceptable plans should be prepared to control the software development activities, 2) the plans should be followed in an acceptable software life cycle, and 3) the process should produce acceptable design outputs. The KINS (Korea Institute of Nuclear Safety) recommended that the software life cycle should be established based on the IEEE Std 1074 with a supplementary requirement of a software safety analysis. The KINS emphasized that the software should be developed to show its high qualities. This paper identifies the major requirements to achieve the software license from the KINS and presents the major facts reflected in the SMART-P (System-integrated Modular Advanced ReacTor-Pilot) MMIS (Man-Machine Interface Systems) which is being developed by KAERI and targeted to start operation in 2010. This paper also addresses major concerns on the development of a safety critical software and the facts reflected in the SMART-P MMIS

  6. Software for computers in the safety systems of nuclear power stations

    International Nuclear Information System (INIS)

    1987-08-01

    This standard includes the safety actuation systems, the safety system support features and the protection systems. The standard provides requirements for each stage of software generation, including design, development, qualification and operation as well as the documentation for each stage of the software generation for the purpose of achieving highly reliable software. The principles applied in developing these requirements include: Best available practice; top-down design methods; modularity; verification of each phase; clear documentation; auditable documents and validation testing. (orig./HP)

  7. Minimum qualifications for nuclear criticality safety professionals

    International Nuclear Information System (INIS)

    Ketzlach, N.

    1990-01-01

    A Nuclear Criticality Technology and Safety Training Committee has been established within the U.S. Department of Energy (DOE) Nuclear Criticality Safety and Technology Project to review and, if necessary, develop standards for the training of personnel involved in nuclear criticality safety (NCS). The committee is exploring the need for developing a standard or other mechanism for establishing minimum qualifications for NCS professionals. The development of standards and regulatory guides for nuclear power plant personnel may serve as a guide in developing the minimum qualifications for NCS professionals

  8. ICSBEP-2007, International Criticality Safety Benchmark Experiment Handbook

    International Nuclear Information System (INIS)

    Blair Briggs, J.

    2007-01-01

    1 - Description: The Critically Safety Benchmark Evaluation Project (CSBEP) was initiated in October of 1992 by the United Sates Department of Energy. The project quickly became an international effort as scientist from other interested countries became involved. The International Criticality Safety Benchmark Evaluation Project (ICSBEP) is now an official activity of the Organization of Economic Cooperation and Development - Nuclear Energy Agency (OECD-NEA). This handbook contains criticality safety benchmark specifications that have been derived from experiments that were performed at various nuclear critical facilities around the world. The benchmark specifications are intended for use by criticality safety engineers to validate calculational techniques used to establish minimum subcritical margins for operations with fissile material. The example calculations presented do not constitute a validation of the codes or cross section data. The work of the ICSBEP is documented as an International Handbook of Evaluated Criticality Safety Benchmark Experiments. Currently, the handbook spans over 42,000 pages and contains 464 evaluations representing 4,092 critical, near-critical, or subcritical configurations and 21 criticality alarm placement/shielding configurations with multiple dose points for each and 46 configurations that have been categorized as fundamental physics measurements that are relevant to criticality safety applications. The handbook is intended for use by criticality safety analysts to perform necessary validations of their calculational techniques and is expected to be a valuable tool for decades to come. The ICSBEP Handbook is available on DVD. You may request a DVD by completing the DVD Request Form on the internet. Access to the Handbook on the Internet requires a password. You may request a password by completing the Password Request Form. The Web address is: http://icsbep.inel.gov/handbook.shtml 2 - Method of solution: Experiments that are found

  9. SRTC criticality safety technical review: Nuclear Criticality Safety Evaluation 93-04 enriched uranium receipt

    International Nuclear Information System (INIS)

    Rathbun, R.

    1993-01-01

    Review of NMP-NCS-930087, open-quotes Nuclear Criticality Safety Evaluation 93-04 Enriched Uranium Receipt (U), July 30, 1993, close quotes was requested of SRTC (Savannah River Technology Center) Applied Physics Group. The NCSE is a criticality assessment to determine the mass limit for Engineered Low Level Trench (ELLT) waste uranium burial. The intent is to bury uranium in pits that would be separated by a specified amount of undisturbed soil. The scope of the technical review, documented in this report, consisted of (1) an independent check of the methods and models employed, (2) independent HRXN/KENO-V.a calculations of alternate configurations, (3) application of ANSI/ANS 8.1, and (4) verification of WSRC Nuclear Criticality Safety Manual procedures. The NCSE under review concludes that a 500 gram limit per burial position is acceptable to ensure the burial site remains in a critically safe configuration for all normal and single credible abnormal conditions. This reviewer agrees with that conclusion

  10. Generating Safety-Critical PLC Code From a High-Level Application Software Specification

    Science.gov (United States)

    2008-01-01

    The benefits of automatic-application code generation are widely accepted within the software engineering community. These benefits include raised abstraction level of application programming, shorter product development time, lower maintenance costs, and increased code quality and consistency. Surprisingly, code generation concepts have not yet found wide acceptance and use in the field of programmable logic controller (PLC) software development. Software engineers at Kennedy Space Center recognized the need for PLC code generation while developing the new ground checkout and launch processing system, called the Launch Control System (LCS). Engineers developed a process and a prototype software tool that automatically translates a high-level representation or specification of application software into ladder logic that executes on a PLC. All the computer hardware in the LCS is planned to be commercial off the shelf (COTS), including industrial controllers or PLCs that are connected to the sensors and end items out in the field. Most of the software in LCS is also planned to be COTS, with only small adapter software modules that must be developed in order to interface between the various COTS software products. A domain-specific language (DSL) is a programming language designed to perform tasks and to solve problems in a particular domain, such as ground processing of launch vehicles. The LCS engineers created a DSL for developing test sequences of ground checkout and launch operations of future launch vehicle and spacecraft elements, and they are developing a tabular specification format that uses the DSL keywords and functions familiar to the ground and flight system users. The tabular specification format, or tabular spec, allows most ground and flight system users to document how the application software is intended to function and requires little or no software programming knowledge or experience. A small sample from a prototype tabular spec application is

  11. Application of software engineering to development of reactor-safety codes

    International Nuclear Information System (INIS)

    Wilburn, N.P.; Niccoli, L.G.

    1980-11-01

    As a result of the drastically increasing cost of software and the lack of an engineering approach, the technology of Software Engineering is being developed. Software Engineering provides an answer to the increasing cost of developing and maintaining software. It has been applied extensively in the business and aerospace communities and is just now being applied to the development of scientific software and, in particular, to the development of reactor safety codes at HEDL

  12. International handbook of evaluated criticality safety benchmark experiments

    International Nuclear Information System (INIS)

    2010-01-01

    The Criticality Safety Benchmark Evaluation Project (CSBEP) was initiated in October of 1992 by the United States Department of Energy. The project quickly became an international effort as scientists from other interested countries became involved. The International Criticality Safety Benchmark Evaluation Project (ICSBEP) became an official activity of the Organization for Economic Cooperation and Development - Nuclear Energy Agency (OECD-NEA) in 1995. This handbook contains criticality safety benchmark specifications that have been derived from experiments performed at various nuclear critical facilities around the world. The benchmark specifications are intended for use by criticality safety engineers to validate calculational techniques used to establish minimum subcritical margins for operations with fissile material and to determine criticality alarm requirement and placement. Many of the specifications are also useful for nuclear data testing. Example calculations are presented; however, these calculations do not constitute a validation of the codes or cross section data. The evaluated criticality safety benchmark data are given in nine volumes. These volumes span over 55,000 pages and contain 516 evaluations with benchmark specifications for 4,405 critical, near critical, or subcritical configurations, 24 criticality alarm placement / shielding configurations with multiple dose points for each, and 200 configurations that have been categorized as fundamental physics measurements that are relevant to criticality safety applications. Experiments that are found unacceptable for use as criticality safety benchmark experiments are discussed in these evaluations; however, benchmark specifications are not derived for such experiments (in some cases models are provided in an appendix). Approximately 770 experimental configurations are categorized as unacceptable for use as criticality safety benchmark experiments. Additional evaluations are in progress and will be

  13. Nuclear Criticality Safety Data Book

    Energy Technology Data Exchange (ETDEWEB)

    Hollenbach, D. F. [Y-12 National Security Complex, Oak Ridge, TN (United States)

    2016-11-14

    The objective of this document is to support the revision of criticality safety process studies (CSPSs) for the Uranium Processing Facility (UPF) at the Y-12 National Security Complex (Y-12). This design analysis and calculation (DAC) document contains development and justification for generic inputs typically used in Nuclear Criticality Safety (NCS) DACs to model both normal and abnormal conditions of processes at UPF to support CSPSs. This will provide consistency between NCS DACs and efficiency in preparation and review of DACs, as frequently used data are provided in one reference source.

  14. Nuclear Criticality Safety Data Book

    International Nuclear Information System (INIS)

    Hollenbach, D. F.

    2016-01-01

    The objective of this document is to support the revision of criticality safety process studies (CSPSs) for the Uranium Processing Facility (UPF) at the Y-12 National Security Complex (Y-12). This design analysis and calculation (DAC) document contains development and justification for generic inputs typically used in Nuclear Criticality Safety (NCS) DACs to model both normal and abnormal conditions of processes at UPF to support CSPSs. This will provide consistency between NCS DACs and efficiency in preparation and review of DACs, as frequently used data are provided in one reference source.

  15. Nuclear criticality safety parameter evaluation for uranium metallic alloy

    Energy Technology Data Exchange (ETDEWEB)

    Sanchez, Andrea; Abe, Alfredo, E-mail: andreasdpz@hotmail.com, E-mail: abye@uol.com.br [Instituto de Pesquisas Energeticas e Nucleares (IPEN/CNEN-SP), Sao Paulo, SP (Brazil). Centro de Energia Nuclear

    2013-07-01

    Nuclear criticality safety during fuel fabrication process, transport and storage of fissile and fissionable materials requires criticality safety analysis. Normally the analysis involves computer calculations and safety parameters determination. There are many different Criticality Safety Handbooks where such safety parameters for several different fissile mixtures are presented. The handbooks have been published to provide data and safety principles for the design, safety evaluation and licensing of operations, transport and storage of fissile and fissionable materials. The data often comprise not only critical values, but also subcritical limits and safe parameters obtained for specific conditions using criticality safety calculation codes such as SCALE system. Although many data are available for different fissile and fissionable materials, compounds, mixtures, different enrichment level, there are a lack of information regarding a uranium metal alloy, specifically UMo and UNbZr. Nowadays uranium metal alloy as fuel have been investigated under RERTR program as possible candidate to became a new fuel for research reactor due to high density. This work aim to evaluate a set of criticality safety parameters for uranium metal alloy using SCALE system and MCNP Monte Carlo code. (author)

  16. Researches on nuclear criticality safety evaluation

    Energy Technology Data Exchange (ETDEWEB)

    Okuno, Hiroshi; Suyama, Kenya; Nomura, Yasushi [Japan Atomic Energy Research Inst., Tokai, Ibaraki (Japan). Tokai Research Establishment

    2003-10-01

    For criticality safety evaluation of burnup fuel, the general-purpose burnup calculation code, SWAT, was revised, and its precision was confirmed through comparison with other results from OECD/NEA's burnup credit benchmarks. Effect by replacing the evaluated nuclear data from JENDL-3.2 to ENDF/B-VI and JEF-2.2 was also studied. Correction factors were derived for conservative evaluation of nuclide concentrations obtained with the simplified burnup code ORIGEN2.1. The critical masses of curium were calculated and evaluated for nuclear criticality safety management of minor actinides. (author)

  17. Researches on nuclear criticality safety evaluation

    International Nuclear Information System (INIS)

    Okuno, Hiroshi; Suyama, Kenya; Nomura, Yasushi

    2003-01-01

    For criticality safety evaluation of burnup fuel, the general-purpose burnup calculation code, SWAT, was revised, and its precision was confirmed through comparison with other results from OECD/NEA's burnup credit benchmarks. Effect by replacing the evaluated nuclear data from JENDL-3.2 to ENDF/B-VI and JEF-2.2 was also studied. Correction factors were derived for conservative evaluation of nuclide concentrations obtained with the simplified burnup code ORIGEN2.1. The critical masses of curium were calculated and evaluated for nuclear criticality safety management of minor actinides. (author)

  18. Criticality Safety Evaluation of Hanford Tank Farms Facility

    Energy Technology Data Exchange (ETDEWEB)

    WEISS, E.V.

    2000-12-15

    Data and calculations from previous criticality safety evaluations and analyses were used to evaluate criticality safety for the entire Tank Farms facility to support the continued waste storage mission. This criticality safety evaluation concludes that a criticality accident at the Tank Farms facility is an incredible event due to the existing form (chemistry) and distribution (neutron absorbers) of tank waste. Limits and controls for receipt of waste from other facilities and maintenance of tank waste condition are set forth to maintain the margin subcriticality in tank waste.

  19. Criticality Safety Evaluation of Hanford Tank Farms Facility

    International Nuclear Information System (INIS)

    WEISS, E.V.

    2000-01-01

    Data and calculations from previous criticality safety evaluations and analyses were used to evaluate criticality safety for the entire Tank Farms facility to support the continued waste storage mission. This criticality safety evaluation concludes that a criticality accident at the Tank Farms facility is an incredible event due to the existing form (chemistry) and distribution (neutron absorbers) of tank waste. Limits and controls for receipt of waste from other facilities and maintenance of tank waste condition are set forth to maintain the margin subcriticality in tank waste

  20. Development of a Nevada Statewide Database for Safety Analyst Software

    Science.gov (United States)

    2017-02-02

    Safety Analyst is a software package developed by the Federal Highway Administration (FHWA) and twenty-seven participating state and local agencies including the Nevada Department of Transportation (NDOT). The software package implemented many of the...

  1. DRY TRANSFER FACILITY CRITICALITY SAFETY CALCULATIONS

    International Nuclear Information System (INIS)

    C.E. Sanders

    2005-01-01

    This design calculation updates the previous criticality evaluation for the fuel handling, transfer, and staging operations to be performed in the Dry Transfer Facility (DTF) including the remediation area. The purpose of the calculation is to demonstrate that operations performed in the DTF and RF meet the nuclear criticality safety design criteria specified in the ''Project Design Criteria (PDC) Document'' (BSC 2004 [DIRS 171599], Section 4.9.2.2), the nuclear facility safety requirement in ''Project Requirements Document'' (Canori and Leitner 2003 [DIRS 166275], p. 4-206), the functional/operational nuclear safety requirement in the ''Project Functional and Operational Requirements'' document (Curry 2004 [DIRS 170557], p. 75), and the functional nuclear criticality safety requirements described in the ''Dry Transfer Facility Description Document'' (BSC 2005 [DIRS 173737], p. 3-8). A description of the changes is as follows: (1) Update the supporting calculations for the various Category 1 and 2 event sequences as identified in the ''Categorization of Event Sequences for License Application'' (BSC 2005 [DIRS 171429], Section 7). (2) Update the criticality safety calculations for the DTF staging racks and the remediation pool to reflect the current design. This design calculation focuses on commercial spent nuclear fuel (SNF) assemblies, i.e., pressurized water reactor (PWR) and boiling water reactor (BWR) SNF. U.S. Department of Energy (DOE) Environmental Management (EM) owned SNF is evaluated in depth in the ''Canister Handling Facility Criticality Safety Calculations'' (BSC 2005 [DIRS 173284]) and is also applicable to DTF operations. Further, the design and safety analyses of the naval SNF canisters are the responsibility of the U.S. Department of the Navy (Naval Nuclear Propulsion Program) and will not be included in this document. Also, note that the results for the Monitored Geologic Repository (MGR) Site specific Cask (MSC) calculations are limited to the

  2. X-real-time executive (X-RTE) an ultra-high reliable real-time executive for safety critical systems

    International Nuclear Information System (INIS)

    Suresh Babu, R.M.

    1995-01-01

    With growing number of application of computers in safety critical systems of nuclear plants there has been a need to assure high quality and reliability of the software used in these systems. One way to assure software quality is to use qualified software components. Since the safety systems and control systems are real-time systems there is a need for a real-time supervisory software to guarantee temporal response of the system. This report describes one such software package, called X-Real-Time Executive (or X-RTE), which was developed in Reactor Control Division, BARC. The report describes all the capabilities and unique features of X-RTE and compares it with a commercially available operating system. The features of X-RTE include pre-emptive scheduling, process synchronization, inter-process communication, multi-processor support, temporal support, debug facility, high portability, high reliability, high quality, and extensive documentation. Examples have been used very liberally to illustrate the underlying concepts. Besides, the report provides a brief description about the methods used, during the software development, to assure high quality and reliability of X-RTE. (author). refs., 11 figs., tabs

  3. Spent fuel storage criticality safety

    Energy Technology Data Exchange (ETDEWEB)

    Amin, E M; Elmessiry, A M [National center of nuclear safety and radiation control atomic energy authority, (Egypt)

    1995-10-01

    The safety aspects of the spent fuel storage pool of the Egyptian test and research reactor one (ET-R R-1) has to be assessed as part of a general overall safety evaluation to be included in a safety analysis report (SAR) for this reactor. The present work treats the criticality safety of the spent fuel storage pool. Conservative calculations based on using fresh fuel has been performed, as well as less conservative using burned fuel. The calculations include cross library generation for burned and fresh fuel for the ET-R R-1 fuel type. The WIMS-D 4 code has been used in library generation and burn up calculation the critically calculations are performed using the one dimensional transport code (ANISN) and the two dimensional diffusion code (DIXY2). The possibility of increasing the storage efficiency either by insertion of absorber sheets of soluble boron salts or by reduction of fuel rod separation has been studied. 8 figs., 2 tabs.

  4. Spent fuel storage criticality safety

    International Nuclear Information System (INIS)

    Amin, E.M.; Elmessiry, A.M.

    1995-01-01

    The safety aspects of the spent fuel storage pool of the Egyptian test and research reactor one (ET-R R-1) has to be assessed as part of a general overall safety evaluation to be included in a safety analysis report (SAR) for this reactor. The present work treats the criticality safety of the spent fuel storage pool. Conservative calculations based on using fresh fuel has been performed, as well as less conservative using burned fuel. The calculations include cross library generation for burned and fresh fuel for the ET-R R-1 fuel type. The WIMS-D 4 code has been used in library generation and burn up calculation the critically calculations are performed using the one dimensional transport code (ANISN) and the two dimensional diffusion code (DIXY2). The possibility of increasing the storage efficiency either by insertion of absorber sheets of soluble boron salts or by reduction of fuel rod separation has been studied. 8 figs., 2 tabs

  5. Process mining application in software process assessment

    NARCIS (Netherlands)

    Samalikova, J.

    2012-01-01

    Nowadays, our daily life heavily depends on software. Software is everywhere, from appliances in our homes, to safety-critical systems such as medical equipment. The failure of these software-intensive systems results in high financial losses, environmental or property damages, or even loss of life.

  6. A Web-Based Nuclear Criticality Safety Bibliographic Database

    International Nuclear Information System (INIS)

    Koponen, B L; Huang, S

    2007-01-01

    A bibliographic criticality safety database of over 13,000 records is available on the Internet as part of the U.S. Department of Energy's (DOE) Nuclear Criticality Safety Program (NCSP) website. This database is easy to access via the Internet and gets substantial daily usage. This database and other criticality safety resources are available at ncsp.llnl.gov. The web database has evolved from more than thirty years of effort at Lawrence Livermore National Laboratory (LLNL), beginning with compilations of critical experiment reports and American Nuclear Society Transactions

  7. Study of evaluation techniques of software safety and reliability in nuclear power plants

    Energy Technology Data Exchange (ETDEWEB)

    Youn, Cheong; Baek, Y. W.; Kim, H. C.; Park, N. J.; Shin, C. Y. [Chungnam National Univ., Taejon (Korea, Republic of)

    1999-04-15

    Software system development process and software quality assurance activities are examined in this study. Especially software safety and reliability requirements in nuclear power plant are investigated. For this purpose methodologies and tools which can be applied to software analysis, design, implementation, testing, maintenance step are evaluated. Necessary tasks for each step are investigated. Duty, input, and detailed activity for each task are defined to establish development process of high quality software system. This means applying basic concepts of software engineering and principles of system development. This study establish a guideline that can assure software safety and reliability requirements in digitalized nuclear plant systems and can be used as a guidebook of software development process to assure software quality many software development organization.

  8. Licensing of safety critical software for nuclear reactors - Common position of seven European nuclear regulators and authorised technical support organisations - Revision 2013

    International Nuclear Information System (INIS)

    2013-01-01

    This report is the 5th revision of the report. The task force was formed in 1994 as a group of experts on safety critical software. The members come from regulatory authorities and/or their technical support organization. Bo Liwaang, SSM, has been a member since the work started in 1994. For full information of the historical background, previous revisions of the report and objectives, see the Introduction of the report. The conclusions and viewpoints presented in the report are those of the authors and do not necessarily coincide with those of the SSM. The report, without the SSM cover and this page, will be published by or available at the websites of the other participating organizations. Effect on SSM supervisory and regulatory task: The effect of the report is high as it presents a common view on important issues by experts from seven European regulatory organizations, even though the report is not a regulation or guide

  9. K-effective as a measure of criticality safety

    International Nuclear Information System (INIS)

    Venner, J.; Haley, R.M.; Bowden, R.L.

    2003-01-01

    This paper considers the relation between the neutron multiplication of a system, k-effective, and critical parameters. It aims to investigate whether k-effective is always the most appropriate measure of safety. For simple systems handbook data can be effectively utilized, applying a safety factor to critical masses. In such situations, the criticality safety margin is readily apparent. However, more complex systems may use the calculated value of neutron multiplication to assess the criticality safety of the system under investigation. A problem arises because there is no exact consistency between k-effective and the physical margin of subcriticality, in terms of parameters such as mass. In the UK, commonly accepted safety criteria are applied to limit the k-effective of the system being assessed. These margins of subcriticality have no definitive justification to support the values chosen and might be considered rather arbitrary in nature. This paper aims to answer this question of suitability by investigating the relation between k-effective and the physical critical parameters for a wide range of systems. It concludes that the safety criteria currently applied in the UK are valid, but some difference exists between safety factors applied to the mass of fissile material present and the corresponding value of k-effective. (author)

  10. HSE's safety assessment principles for criticality safety

    International Nuclear Information System (INIS)

    Simister, D N; Finnerty, M D; Warburton, S J; Thomas, E A; Macphail, M R

    2008-01-01

    The Health and Safety Executive (HSE) published its revised Safety Assessment Principles for Nuclear Facilities (SAPs) in December 2006. The SAPs are primarily intended for use by HSE's inspectors when judging the adequacy of safety cases for nuclear facilities. The revised SAPs relate to all aspects of safety in nuclear facilities including the technical discipline of criticality safety. The purpose of this paper is to set out for the benefit of a wider audience some of the thinking behind the final published words and to provide an insight into the development of UK regulatory guidance. The paper notes that it is HSE's intention that the Safety Assessment Principles should be viewed as a reflection of good practice in the context of interpreting primary legislation such as the requirements under site licence conditions for arrangements for producing an adequate safety case and for producing a suitable and sufficient risk assessment under the Ionising Radiations Regulations 1999 (SI1999/3232 www.opsi.gov.uk/si/si1999/uksi_19993232_en.pdf). (memorandum)

  11. Use of a Web Site to Enhance Criticality Safety Training

    International Nuclear Information System (INIS)

    Huang, S T; Morman, J

    2003-01-01

    Currently, a website dedicated to enhancing communication and dissemination of criticality safety information is sponsored by the U.S. Department of Energy (DOE) Nuclear Criticality Safety Program (NCSP). This website was developed as part of the DOE response to the Defense Nuclear Facilities Safety Board (DNFSB) Recommendation 97-2, which reflected the need to make criticality safety information available to a wide audience. The website is the focal point for DOE nuclear criticality safety (NCS) activities, resources and references, including hyperlinks to other sites actively involved in the collection and dissemination of criticality safety information. The website is maintained by the Lawrence Livermore National Laboratory (LLNL) under auspices of the NCSP management. One area of the website contains a series of Nuclear Criticality Safety Engineer Training (NCSET) modules. During the past few years, many users worldwide have accessed the NCSET section of the NCSP website and have downloaded the training modules as an aid for their training programs. This trend was remarkable in that it points out a continuing need of the criticality safety community across the globe. It has long been recognized that training of criticality safety professionals is a continuing process involving both knowledge-based training and experience-based operations floor training. As more of the experienced criticality safety professionals reach retirement age, the opportunities for mentoring programs are reduced. It is essential that some method be provided to assist the training of young criticality safety professionals to replenish this limited human expert resource to support on-going and future nuclear operations. The main objective of this paper is to present the features of the NCSP website, including its mission, contents, and most importantly its use for the dissemination of training modules to the criticality safety community. We will discuss lessons learned and several ideas

  12. Criticality Safety Basics for INL FMHs and CSOs

    Energy Technology Data Exchange (ETDEWEB)

    V. L. Putman

    2012-04-01

    Nuclear power is a valuable and efficient energy alternative in our energy-intensive society. However, material that can generate nuclear power has properties that require this material be handled with caution. If improperly handled, a criticality accident could result, which could severely harm workers. This document is a modular self-study guide about Criticality Safety Principles. This guide's purpose it to help you work safely in areas where fissionable nuclear materials may be present, avoiding the severe radiological and programmatic impacts of a criticality accident. It is designed to stress the fundamental physical concepts behind criticality controls and the importance of criticality safety when handling fissionable materials outside nuclear reactors. This study guide was developed for fissionable-material-handler and criticality-safety-officer candidates to use with related web-based course 00INL189, BEA Criticality Safety Principles, and to help prepare for the course exams. These individuals must understand basic information presented here. This guide may also be useful to other Idaho National Laboratory personnel who must know criticality safety basics to perform their assignments safely or to design critically safe equipment or operations. This guide also includes additional information that will not be included in 00INL189 tests. The additional information is in appendices and paragraphs with headings that begin with 'Did you know,' or with, 'Been there Done that'. Fissionable-material-handler and criticality-safety-officer candidates may review additional information at their own discretion. This guide is revised as needed to reflect program changes, user requests, and better information. Issued in 2006, Revision 0 established the basic text and integrated various programs from former contractors. Revision 1 incorporates operation and program changes implemented since 2006. It also incorporates suggestions, clarifications

  13. Intermediate probabilistic safety assessment approach for safety critical digital systems

    International Nuclear Information System (INIS)

    Taeyong, Sung; Hyun Gook, Kang

    2001-01-01

    Even though the conventional probabilistic safety assessment methods are immature for applying to microprocessor-based digital systems, practical needs force to apply it. In the Korea, UCN 5 and 6 units are being constructed and Korean Next Generation Reactor is being designed using the digital instrumentation and control equipment for the safety related functions. Korean regulatory body requires probabilistic safety assessment. This paper analyzes the difficulties on the assessment of digital systems and suggests an intermediate framework for evaluating their safety using fault tree models. The framework deals with several important characteristics of digital systems including software modules and fault-tolerant features. We expect that the analysis result will provide valuable design feedback. (authors)

  14. Nuclear criticality safety program at the Fuel Cycle Facility

    International Nuclear Information System (INIS)

    Lell, R.M.; Fujita, E.K.; Tracy, D.B.; Klann, R.T.; Imel, G.R.; Benedict, R.W.; Rigg, R.H.

    1994-01-01

    The Fuel Cycle Facility (FCF) is designed to demonstrate the feasibility of a novel commercial-scale remote pyrometallurgical process for metallic fuels from liquid metal-cooled reactors and to show closure of the Integral Fast Reactor (IFR) fuel cycle. Requirements for nuclear criticality safety impose the most restrictive of the various constraints on the operation of FCF. The upper limits on batch sizes and other important process parameters are determined principally by criticality safety considerations. To maintain an efficient operation within appropriate safety limits, it is necessary to formulate a nuclear criticality safety program that integrates equipment design, process development, process modeling, conduct of operations, a measurement program, adequate material control procedures, and nuclear criticality analysis. The nuclear criticality safety program for FCF reflects this integration, ensuring that the facility can be operated efficiently without compromising safety. The experience gained from the conduct of this program in the Fuel cycle Facility will be used to design and safely operate IFR facilities on a commercial scale. The key features of the nuclear criticality safety program are described. The relationship of these features to normal facility operation is also described

  15. ICNC2003: Proceedings of the seventh international conference on nuclear criticality safety. Challenges in the pursuit of global nuclear criticality safety

    International Nuclear Information System (INIS)

    2003-10-01

    This proceedings contain (technical, oral and poster papers) presented papers at the Seventh International Conference on Nuclear Criticality Safety ICNC2003 held on 20-24 October 2003, in Tokai, Ibaraki, Japan, following ICNC'99 in Versailles, France. The theme of this conference is 'Challenges in the Pursuit of Global Nuclear Criticality Safety'. This proceedings represent the current status of nuclear criticality safety research throughout the world. The 81 of the presented papers are indexed individually. (J.P.N.)

  16. ICNC2003: Proceedings of the seventh international conference on nuclear criticality safety. Challenges in the pursuit of global nuclear criticality safety

    International Nuclear Information System (INIS)

    2003-10-01

    This proceedings contain (technical, oral and poster papers) presented papers at the Seventh International Conference on Nuclear Criticality Safety ICNC2003 held on 20-24 October 2003, in Tokai, Ibaraki, Japan, following ICNC'99 in Versailles, France. The theme of this conference is 'Challenges in the Pursuit of Global Nuclear Criticality Safety'. This proceedings represent the current status of nuclear criticality safety research throughout the world. The 79 of the presented papers are indexed individually. (J.P.N.)

  17. CRITICALITY SAFETY LIMIT EVALUATION PROGRAM (CSLEP's) AND QUICK SCREENS: ANSWERS TO EXPEDITED PROCESSING LEGACY CRITICALITY SAFETY LIMITS AND EVALUATIONS

    International Nuclear Information System (INIS)

    TOFFER, H.

    2006-01-01

    Since the end of the cold war, the need for operating weapons production facilities has faded. Criticality Safety Limits and controls supporting production modes in these facilities became outdated and furthermore lacked the procedure based rigor dictated by present day requirements. In the past, in many instances, the formalism of present day criticality safety evaluations was not applied. Some of the safety evaluations amounted to a paragraph in a notebook with no safety basis and questionable arguments with respect to double contingency criteria. When material stabilization, clean out, and deactivation activities commenced, large numbers of these older criticality safety evaluations were uncovered with limits and controls backed up by tenuous arguments. A dilemma developed: on the one hand, cleanup activities were placed on very aggressive schedules; on the other hand, a highly structured approach to limits development was required and applied to the cleanup operations. Some creative approaches were needed to cope with the limits development process

  18. Criticality safety studies at VTT Energy

    International Nuclear Information System (INIS)

    Roine, T.; Anttila, M.

    1995-01-01

    At VTT Energy a compact reactor physics calculation system is applied in many kind of problems. Generation of group constants for static and dynamic core calculations, flux and dose rate calculations as well as criticality safety studies are performed basically with the same codes. In the presentation a short overview of the wide variety of criticality safety problems analyzed at VTT Energy is given. The calculation system with some illustrative examples is also described. (12 refs., 1 tab.)

  19. A performance improvement plan to increase nurse adherence to use of medication safety software.

    Science.gov (United States)

    Gavriloff, Carrie

    2012-08-01

    Nurses can protect patients receiving intravenous (IV) medication by using medication safety software to program "smart" pumps to administer IV medications. After a patient safety event identified inconsistent use of medication safety software by nurses, a performance improvement team implemented the Deming Cycle performance improvement methodology. The combined use of improved direct care nurse communication, programming strategies, staff education, medication safety champions, adherence monitoring, and technology acquisition resulted in a statistically significant (p < .001) increase in nurse adherence to using medication safety software from 28% to above 85%, exceeding national benchmark adherence rates (Cohen, Cooke, Husch & Woodley, 2007; Carefusion, 2011). Copyright © 2012 Elsevier Inc. All rights reserved.

  20. Risky module prediction for nuclear I and C software

    International Nuclear Information System (INIS)

    Kim, Young Mi; Kim, Hyeon Soo

    2012-01-01

    As software based digital I and C (Instrumentation and Control) systems are used more prevalently in nuclear plants, enhancement of software dependability has become an important issue in the area of nuclear I and C systems. Critical attributes of software dependability are safety and reliability. These attributes are tightly related to software failures caused by faults. Software testing and V and V (Verification and Validation) activities are hence important for enhancing software dependability. If the risky modules of safety-critical software can be predicted, it will be possible to focus on testing and V and V activities more efficiently and effectively. It should also make it possible to better allocate resources for regulation activities. We propose a prediction technique to estimate risky software modules by adopting machine learning models based on software complexity metrics. An empirical study with various machine learning algorithms was executed for comparing the prediction performance. Experimental results show SVMs (Support Vector Machines) perform as well or better than the other methods.

  1. Prerequisites of ideal safety-critical organizations

    International Nuclear Information System (INIS)

    Takeuchi, Michiru; Hikono, Masaru; Matsui, Yuko; Goto, Manabu; Sakuda, Hiroshi

    2013-01-01

    This study explores the prerequisites of ideal safety-critical organizations, marshalling arguments of 4 areas of organizational research on safety, each of which has overlap: a safety culture, high reliability organizations (HROs), organizational resilience, and leadership especially in safety-critical organizations. The approach taken in this study was to retrieve questionnaire items or items on checklists of the 4 research areas and use them as materials of abduction (as referred to in the KJ method). The results showed that the prerequisites of ideal safety-oriented organizations consist of 9 factors as follows: (1) The organization provides resources and infrastructure to ensure safety. (2) The organization has a sharable vision. (3) Management attaches importance to safety. (4) Employees openly communicate issues and share wide-ranging information with each other. (5) Adjustments and improvements are made as the organization's situation changes. (6) Learning activities from mistakes and failures are performed. (7) Management creates a positive work environment and promotes good relations in the workplace. (8) Workers have good relations in the workplace. (9) Employees have all the necessary requirements to undertake their own functions, and act conservatively. (author)

  2. The Health and Safety Executive's regulatory framework for control of nuclear criticality safety

    International Nuclear Information System (INIS)

    Smith, K.; Simister, D.N.

    1991-01-01

    In the United Kingdom the Health and Safety at Work Act, 1974 is the main legal instrument under which risks to people from work activities are controlled. Certain sections of the Nuclear Installations Act, 1965 which deal with the licensing of nuclear sites and the regulatory control of risks arising from them, including the risk from accidental criticality, are relevant statutory provisions of the Health and Safety at Work Act. The responsibility for safety rests with the operator who has to make and implement arrangements to prevent accidental criticality. The adequacy of these arrangements must be demonstrated in a safety case to the regulatory authorities. Operators are encouraged to treat each plant on its own merits and develop the safety case accordingly. The Nuclear Installations Inspectorate (NII), for its part, assesses the adequacy of the operator's safety case against the industry's own standards and criteria, but more particularly against the NII's safety assessment principles and guides, and international standards. Risks should be made as low as reasonably practicable. Generally, the NII seeks improvements in safety using an enforcement policy which operates at a number of levels, ranging from persuasion through discussion to the ultimate deterrent of withdrawal of a site licence. This paper describes the role of the NII, which includes a specialist criticality expertise, within the Health and Safety Executive, in regulating the nuclear sites from the criticality safety viewpoint. (Author)

  3. A Bayesian belief nets based quantitative software reliability assessment for PSA: COTS case study

    International Nuclear Information System (INIS)

    Eom, H. S.; Sung, T. Y.; Jeong, H. S.; Park, J. H.; Kang, H. G.; Lee, K. Y.; Park, J. K

    2002-03-01

    Current reliability assessments of safety critical software embedded in the digital systems in nuclear power plants are based on the rule-based qualitative assessment methods. Then recently practical needs require the quantitative features of software reliability for Probabilistic Safety Assessment (PSA) that is one of important methods being used in assessing the whole safety of nuclear power plant. But conventional quantitative software reliability assessment methods are not enough to get the necessary results in assessing the safety critical software used in nuclear power plants. Thus, current reliability assessment methods for these digital systems exclude the software part or use arbitrary values for the software reliability in the assessment. This reports discusses a Bayesian Belief Nets (BBN) based quantification method that models current qualitative software assessment in formal way and produces quantitative results required for PSA. Commercial Off-The-Shelf (COTS) software dedication process that KAERI developed was applied to the discussed BBN based method for evaluating the plausibility of the proposed method in PSA

  4. Software for the occupational health and safety integrated management system

    International Nuclear Information System (INIS)

    Vătăsescu, Mihaela

    2015-01-01

    This paper intends to present the design and the production of a software for the Occupational Health and Safety Integrated Management System with the view to a rapid drawing up of the system documents in the field of occupational health and safety

  5. Software for the occupational health and safety integrated management system

    Energy Technology Data Exchange (ETDEWEB)

    Vătăsescu, Mihaela [University Politehnica Timisoara, Department of Engineering and Management, 5 Revolutiei street, 331128 Hunedoara (Romania)

    2015-03-10

    This paper intends to present the design and the production of a software for the Occupational Health and Safety Integrated Management System with the view to a rapid drawing up of the system documents in the field of occupational health and safety.

  6. New SCALE graphical interface for criticality safety

    International Nuclear Information System (INIS)

    Bowman, Stephen M.; Horwedel, James E.

    2003-01-01

    The SCALE (Standardized Computer Analyses for Licensing Evaluation) computer software system developed at Oak Ridge National Laboratory is widely used and accepted around the world for criticality safety analyses. SCALE includes the well-known KENO V.a and KENO-VI three-dimensional (3-D) Monte Carlo criticality computer codes. One of the current development efforts aimed at making SCALE easier to use is the SCALE Graphically Enhanced Editing Wizard (GeeWiz). GeeWiz is compatible with SCALE 5 and runs on Windows personal computers. GeeWiz provides input menus and context-sensitive help to guide users through the setup of their input. It includes a direct link to KENO3D to allow the user to view the components of their geometry model as it is constructed. Once the input is complete, the user can click a button to run SCALE and another button to view the output. KENO3D has also been upgraded for compatibility with SCALE 5 and interfaces directly with GeeWiz. GeeWiz and KENO3D for SCALE 5 are planned for release in late 2003. The presentation of this paper is designed as a live demonstration of GeeWiz and KENO3D for SCALE 5. (author)

  7. Method and practice on safety software verification and validation for digital reactor protection system

    International Nuclear Information System (INIS)

    Li Duo; Zhang Liangju; Feng Junting

    2010-01-01

    The key issue arising from digitalization of reactor protection system for Nuclear Power Plant (NPP) is in essence, how to carry out Verification and Validation (V and V), to demonstrate and confirm the software is reliable enough to perform reactor safety functions. Among others the most important activity of software V and V process is unit testing. This paper discusses the basic concepts on safety software V and V and the appropriate technique for software unit testing, focusing on such aspects as how to ensure test completeness, how to establish test platform, how to develop test cases and how to carry out unit testing. The technique discussed herein was successfully used in the work of unit testing on safety software of a digital reactor protection system. (author)

  8. Regulatory considerations for computational requirements for nuclear criticality safety

    International Nuclear Information System (INIS)

    Bidinger, G.H.

    1995-01-01

    As part of its safety mission, the U.S. Nuclear Regulatory Commission (NRC) approves the use of computational methods as part of the demonstration of nuclear criticality safety. While each NRC office has different criteria for accepting computational methods for nuclear criticality safety results, the Office of Nuclear Materials Safety and Safeguards (NMSS) approves the use of specific computational methods and methodologies for nuclear criticality safety analyses by specific companies (licensees or consultants). By contrast, the Office of Nuclear Reactor Regulation approves codes for general use. Historically, computational methods progressed from empirical methods to one-dimensional diffusion and discrete ordinates transport calculations and then to three-dimensional Monte Carlo transport calculations. With the advent of faster computational ability, three-dimensional diffusion and discrete ordinates transport calculations are gaining favor. With the proper user controls, NMSS has accepted any and all of these methods for demonstrations of nuclear criticality safety

  9. USNRC licensing process as related to nuclear criticality safety

    International Nuclear Information System (INIS)

    Ketzlach, N.

    1987-01-01

    The U.S. Code of Federal Regulations establishes procedures and criteria for the issuance of licenses to receive title to, own, acquire, deliver, receive, possess, use, and initially transfer special nuclear material; and establishes and provides for the terms and conditions upon which the Nuclear Regulatory Commission (NRC) will issue such licenses. Section 70.22 of the regulations, ''Contents of Applications'', requires that applications for licenses contain proposed procedures to avoid accidental conditions of criticality. These procedures are elements of a nuclear criticality safety program for operations with fissionable materials at fuels and materials facilities (i.e., fuel cycle facilities other than nuclear reactors) in which there exists a potential for criticality accidents. To assist the applicant in providing specific information needed for a nuclear criticality safety program in a license application, the NRC has issued regulatory guides. The NRC requirements for nuclear criticality safety include organizational, administrative, and technical requirements. For purely technical matters on nuclear criticality safety these guides endorse national standards. Others provide guidance on the standard format and content of license applications, guidance on evaluating radiological consequences of criticality accidents, or guidance for dealing with other radiation safety issues. (author)

  10. Proceedings of KURRI symposium on criticality safety

    International Nuclear Information System (INIS)

    Nishina, Kojiro; Kanda, Keiji

    1984-01-01

    On August 8, 1984, at the Reactor Application Center of the Research Reactor Institute, Kyoto University, the symposium on criticality safety was held, and 81 participants from various fields of reactor physics, nuclear fuel cycle engineering, reactor chemistry, nuclear chemistry, health physics and so on discussed the problem. The gists of the presentation are collected in this report. The contents are the techniques of evaluating criticality safety in respective fuel facilities, the system of control and its concept, the course and plan of the research on criticality safety in Japan and foreign countries, the techniques of determining multiplication factor and so on, and the review of present status, the pointing-out of problems and the report of new techniques were made. The measures coping with criticality safety have been mostly to meet urgent demand, but its fundamental examination and long term research should be carried out. This symposium was planned as the preparation for such research project, and favorable comment was given by the participants. In the next symposium, it is considered better to limit the themes and to allot more time to respective lectures. (Kako, I.)

  11. Concept Development for Software Health Management

    Science.gov (United States)

    Riecks, Jung; Storm, Walter; Hollingsworth, Mark

    2011-01-01

    This report documents the work performed by Lockheed Martin Aeronautics (LM Aero) under NASA contract NNL06AA08B, delivery order NNL07AB06T. The Concept Development for Software Health Management (CDSHM) program was a NASA funded effort sponsored by the Integrated Vehicle Health Management Project, one of the four pillars of the NASA Aviation Safety Program. The CD-SHM program focused on defining a structured approach to software health management (SHM) through the development of a comprehensive failure taxonomy that is used to characterize the fundamental failure modes of safety-critical software.

  12. Software analysis by simulation for nuclear plant availability and safety goals

    International Nuclear Information System (INIS)

    Lapassat, A.M.; Segalard, J.; Salichon, M.; Le Meur, M.; Boulc'h, J.

    1988-01-01

    The microprocessors utilisation for monitoring protection and safety of nuclear reactor has become reality in the eighties. The authorities responsible for reactor safety systems have considered the necessity of the correct functioning of reactor control systems. The problems take off, when analysis of software, has led us in a first time to develop a completely software tool of verification and validation of programs and specifications. The CEA (French Atomic Energie Commission) responsible of reliable distributed techniques of nuclear plant discusses in this paper the software test and simulation tools used to analyse real-time software. The tool O.S.T. make part of a big program of help for the conception and the evaluation for the systems' fault tolerance which the European ESPRIT SMART no. 1609 (System Measurement and Architecture Technique) will be the kernel [fr

  13. Criticality Safety in the Handling of Fissile Material. Specific Safety Guide

    Energy Technology Data Exchange (ETDEWEB)

    NONE

    2014-05-15

    This Safety Guide provides guidance and recommendations on how to meet the relevant requirements for ensuring subcriticality when dealing with fissile material and for planning the response to criticality accidents. The guidance and recommendations are applicable to both regulatory bodies and operating organizations. The objectives of criticality safety are to prevent a self-sustained nuclear chain reaction and to minimize the consequences of this if it were to occur. The Safety Guide makes recommendations on how to ensure subcriticality in systems involving fissile materials during normal operation, anticipated operational occurrences, and, in the case of accident conditions, within design basis accidents, from initial design through commissioning, operation, and decommissioning and disposal.

  14. Criticality Safety Information Resource Center Web portal: www.csirc.net

    International Nuclear Information System (INIS)

    Harmon, C.D. II; Jones, T.

    2000-01-01

    The Nuclear Criticality Safety Group (ESH-6) at Los Alamos National Laboratory (LANL) is in the process of collecting and archiving historical and technical information related to nuclear criticality safety from LANL and other facilities. In an ongoing effort, this information is being made available via the Criticality Safety Information Resource Center (CSIRC) web site, which is hosted and maintained by ESH-6 staff. Recently, the CSIRC Web site was recreated as a Web portal that provides the criticality safety community with much more than just archived data

  15. Computer Games as Virtual Environments for Safety-Critical Software Validation

    Directory of Open Access Journals (Sweden)

    Štefan Korečko

    2017-01-01

    Full Text Available Computer games became an inseparable part of everyday life in modern society and the time people spend playing them every day is increasing. This trend caused a noticeable research activity focused on utilizing the time spent playing in a meaningful way, for example to help solving scientific problems or tasks related to computer systems development. In this paper we present one contribution to this activity, a software system consisting of a modified version of the Open Rails train simulator and an application called TS2JavaConn, which allows to use separately developed software controllers with the simulator. The system is intended for validation of controllers developed by formal methods. The paper describes the overall architecture of the system and operation of its components. It also compares the system with other approaches to purposeful utilization of computer games, specifies suitable formal methods and illustrates its intended use on an example.

  16. Product-based Safety Certification for Medical Devices Embedded Software.

    Science.gov (United States)

    Neto, José Augusto; Figueiredo Damásio, Jemerson; Monthaler, Paul; Morais, Misael

    2015-01-01

    Worldwide medical device embedded software certification practices are currently focused on manufacturing best practices. In Brazil, the national regulatory agency does not hold a local certification process for software-intensive medical devices and admits international certification (e.g. FDA and CE) from local and international industry to operate in the Brazilian health care market. We present here a product-based certification process as a candidate process to support the Brazilian regulatory agency ANVISA in medical device software regulation. Center of Strategic Technology for Healthcare (NUTES) medical device embedded software certification is based on a solid safety quality model and has been tested with reasonable success against the Class I risk device Generic Infusion Pump (GIP).

  17. Applications of PRA in nuclear criticality safety

    International Nuclear Information System (INIS)

    McLaughlin, T.P.

    1992-01-01

    Traditionally, criticality accident prevention at Los Alamos has been based on a thorough review and understanding of proposed operations of changes to operations, involving both process supervision and criticality safety staff. The outcome of this communication was usually an agreement, based on professional judgement, that certain accident sequences were credible and had to be reduced in likelihood either by administrative controls or by equipment design and others were not credible, and thus did not warrant expenditures to further reduce their likelihood. The extent of analysis and documentation was generally in proportion to the complexity of the operation but did not include quantified risk assessments. During the last three years nuclear criticality safety related Probabilistic Risk Assessments (PRAs) have been preformed on operations in two Los Alamos facilities. Both of these were conducted in order to better understand the cost/benefit aspects of PRA's as they apply to largely ''hands-on'' operations with fissile material for which human errors or equipment failures significant to criticality safety are both rare and unique. Based on these two applications and an appreciation of the historical criticality accident record (frequency and consequences) it is apparent that quantified risk assessments should be performed very selectively

  18. Lecture notes for criticality safety

    International Nuclear Information System (INIS)

    Fullwood, R.

    1992-03-01

    These lecture notes for criticality safety are prepared for the training of Department of Energy supervisory, project management, and administrative staff. Technical training and basic mathematics are assumed. The notes are designed for a two-day course, taught by two lecturers. Video tapes may be used at the options of the instructors. The notes provide all the materials that are necessary but outside reading will assist in the fullest understanding. The course begins with a nuclear physics overview. The reader is led from the macroscopic world into the microscopic world of atoms and the elementary particles that constitute atoms. The particles, their masses and sizes and properties associated with radioactive decay and fission are introduced along with Einstein's mass-energy equivalence. Radioactive decay, nuclear reactions, radiation penetration, shielding and health-effects are discussed to understand protection in case of a criticality accident. Fission, the fission products, particles and energy released are presented to appreciate the dangers of criticality. Nuclear cross sections are introduced to understand the effectiveness of slow neutrons to produce fission. Chain reactors are presented as an economy; effective use of the neutrons from fission leads to more fission resulting in a power reactor or a criticality excursion. The six-factor formula is presented for managing the neutron budget. This leads to concepts of material and geometric buckling which are used in simple calculations to assure safety from criticality. Experimental measurements and computer code calculations of criticality are discussed. To emphasize the reality, historical criticality accidents are presented in a table with major ones discussed to provide lessons-learned. Finally, standards, NRC guides and regulations, and DOE orders relating to criticality protection are presented

  19. Nuclear criticality safety training: guidelines for DOE contractors

    International Nuclear Information System (INIS)

    Crowell, M.R.

    1983-09-01

    The DOE Order 5480.1A, Chapter V, Safety of Nuclear Facilities, establishes safety procedures and requirements for DOE nuclear facilities. This guide has been developed as an aid to implementing the Chapter V requirements pertaining to nuclear criticality safety training. The guide outlines relevant conceptual knowledge and demonstrated good practices in job performance. It addresses training program operations requirements in the areas of employee evaluations, employee training records, training program evaluations, and training program records. It also suggests appropriate feedback mechanisms for criticality safety training program improvement. The emphasis is on academic rather than hands-on training. This allows a decoupling of these guidelines from specific facilities. It would be unrealistic to dictate a universal program of training because of the wide variation of operations, levels of experience, and work environments among DOE contractors and facilities. Hence, these guidelines do not address the actual implementation of a nuclear criticality safety training program, but rather they outline the general characteristics that should be included

  20. International Criticality Safety Benchmark Evaluation Project (ICSBEP) - ICSBEP 2015 Handbook

    International Nuclear Information System (INIS)

    Bess, John D.

    2015-01-01

    The Criticality Safety Benchmark Evaluation Project (CSBEP) was initiated in October of 1992 by the United States Department of Energy (DOE). The project quickly became an international effort as scientists from other interested countries became involved. The International Criticality Safety Benchmark Evaluation Project (ICSBEP) became an official activity of the Nuclear Energy Agency (NEA) in 1995. This handbook contains criticality safety benchmark specifications that have been derived from experiments performed at various critical facilities around the world. The benchmark specifications are intended for use by criticality safety engineers to validate calculation techniques used to establish minimum subcritical margins for operations with fissile material and to determine criticality alarm requirements and placement. Many of the specifications are also useful for nuclear data testing. Example calculations are presented; however, these calculations do not constitute a validation of the codes or cross-section data. The evaluated criticality safety benchmark data are given in nine volumes. These volumes span approximately 69000 pages and contain 567 evaluations with benchmark specifications for 4874 critical, near-critical or subcritical configurations, 31 criticality alarm placement/shielding configurations with multiple dose points for each, and 207 configurations that have been categorised as fundamental physics measurements that are relevant to criticality safety applications. New to the handbook are benchmark specifications for neutron activation foil and thermoluminescent dosimeter measurements performed at the SILENE critical assembly in Valduc, France as part of a joint venture in 2010 between the US DOE and the French Alternative Energies and Atomic Energy Commission (CEA). A photograph of this experiment is shown on the front cover. Experiments that are found unacceptable for use as criticality safety benchmark experiments are discussed in these

  1. Critical Conversations: Feedback As A Stimulus To Creativity In Software Design

    Directory of Open Access Journals (Sweden)

    Raymond McCall

    2010-01-01

    Full Text Available Three decades of creating software to support design rationale showed the author how rationale processes can promote generation of novel ideas. Rationale can promote creative design by promoting critical conversations among designers and other project participants. Critical conversations intertwine ideation and evaluation, using feedback about consequences of decisions to challenge designers to devise new ideas. Such conversations take two forms. The first is discussion involving feedback from speculation about consequences of design decisions for implementation and use. The second is discussion involving feedback from actual experiences of implementation and use of the software being designed. The former is purely a process of reflective discourse, the latter a process of situated cognition involving both action and reflective discourse. Thus, the former is pure argumentation, the latter situated argumentation. Exploiting the full potential of critical conversations for creative design requires rethinking rationale methods and integrating them into software supporting implementation and use.

  2. Martin Marietta Energy Systems Nuclear Criticality Safety Improvement Program

    International Nuclear Information System (INIS)

    Speas, I.G.

    1987-01-01

    This report addresses questions raised by criticality safety violation at several DOE plants. Two charts are included that define the severity and reporting requirements for the six levels of accidents. A summary is given of all reported criticality incident at the DOE plants involved. The report concludes with Martin Marietta's Nuclear Criticality Safety Policy Statement

  3. Verification and Validation in a Rapid Software Development Process

    Science.gov (United States)

    Callahan, John R.; Easterbrook, Steve M.

    1997-01-01

    The high cost of software production is driving development organizations to adopt more automated design and analysis methods such as rapid prototyping, computer-aided software engineering (CASE) tools, and high-level code generators. Even developers of safety-critical software system have adopted many of these new methods while striving to achieve high levels Of quality and reliability. While these new methods may enhance productivity and quality in many cases, we examine some of the risks involved in the use of new methods in safety-critical contexts. We examine a case study involving the use of a CASE tool that automatically generates code from high-level system designs. We show that while high-level testing on the system structure is highly desirable, significant risks exist in the automatically generated code and in re-validating releases of the generated code after subsequent design changes. We identify these risks and suggest process improvements that retain the advantages of rapid, automated development methods within the quality and reliability contexts of safety-critical projects.

  4. Explicit Precedence Constraints in Safety-Critical Java

    DEFF Research Database (Denmark)

    Puffitsch, Wolfgang; Noulard, Eric; Pagetti, Claire

    2013-01-01

    Safety-critical Java (SCJ) aims at making the amenities of Java available for the development of safety-critical applications. The multi-rate synchronous language Prelude facilitates the specification of the communication and timing requirements of complex real-time systems. This paper combines...... to provide explicit support for precedence constraints. We present the considerations behind the design of this extension and discuss our experiences with a first prototype implementation based on the SCJ implementation of the Java Optimized Processor....

  5. Experience with performance based training of nuclear criticality safety engineers

    International Nuclear Information System (INIS)

    Taylor, R.G.

    1993-01-01

    Historically, new entrants to the practice of nuclear criticality safety have learned their job primarily by on-the-job training (OJT) often by association with an experienced nuclear criticality safety engineer who probably also learned their job by OJT. Typically, the new entrant learned what he/she needed to know to solve a particular problem and accumulated experience as more problems were solved. It is likely that more formalism will be required in the future. Current US Department of Energy requirements for those positions which have to demonstrate qualification indicate that it should be achieved by using a systematic approach such as performance based training (PBT). Assuming that PBT would be an acceptable mechanism for nuclear criticality safety engineer training in a more formal environment, a site-specific analysis of the nuclear criticality safety engineer job was performed. Based on this analysis, classes are being developed and delivered to a target audience of newer nuclear criticality safety engineers. Because current interest is in developing training for selected aspects of the nuclear criticality safety engineer job, the analysis i's incompletely developed in some areas. Details of this analysis are provided in this report

  6. Experience with performance based training of nuclear criticality safety engineers

    International Nuclear Information System (INIS)

    Taylor, R.G.

    1993-01-01

    For non-reactor nuclear facilities, the U.S. Department of Energy (DOE) does not require that nuclear criticality safety engineers demonstrate qualification for their job. It is likely, however, that more formalism will be required in the future. Current DOE requirements for those positions which do have to demonstrate qualification indicate that qualification should be achieved by using a systematic approach such as performance based training (PBT). Assuming that PBT would be an acceptable mechanism for nuclear criticality safety engineer training in a more formal environment, a site-specific analysis of the nuclear criticality safety engineer job was performed. Based on this analysis, classes are being developed and delivered to a target audience of newer nuclear criticality safety engineers. Because current interest is in developing training for selected aspects of the nuclear criticality safety engineer job, the analysis is incompletely developed in some areas

  7. Criticality safety (prospect of study in NUCEF)

    International Nuclear Information System (INIS)

    Itagaki, Masafumi

    1996-01-01

    Experimental studies of criticality safety are under way using STACY and TRACY in NUCEF. Collection of fundamental data on criticality in a solution system is undergoing with STACY to confirm that the likelihood of criticality safety in the system constructed on the assumption of apparatuses in a reprocessing plant is enough large. Whereas some experiments simulating criticality accidents in a reprocessing plant using TRACY were designed to investigate the behaviors of fuel solution and radioactive matters in order to clarify whether it is possible to safely shut them in the facility even if a critical accident occurs. Both STACY and TRACY reached the criticality in 1995. Up to now a series of criticality experiments have been done using STACY with a core tank φ60 cm and the first periodical examination is now under way. On the other hand, we have a plan using TRACY to investigate the behaviors of nuclear heat solution at a criticality accident, and the releasing, transfer and deposition of radioactive materials. After reaching the criticality for the first, the performance verification test has been conducted. The full-scale study using TRACY is planned to begin in the second half of 1996. (M.N.)

  8. Use of a web site to enhance criticality safety training

    International Nuclear Information System (INIS)

    Huang, Song T.; Morman, James A.

    2003-01-01

    Establishment of the NCSP (Nuclear Criticality Safety Program) website represents one attempt by the NCS (Nuclear Criticality Safety) community to meet the need to enhance communication and disseminate NCS information to a wider audience. With the aging work force in this important technical field, there is a common recognition of the need to capture the corporate knowledge of these people and provide an easily accessible, web-based training opportunity to those people just entering the field of criticality safety. A multimedia-based site can provide a wide range of possibilities for criticality safety training. Training modules could range from simple text-based material, similar to the NCSET (Nuclear Criticality Safety Engineer Training) modules, to interactive web-based training classes, to video lecture series. For example, the Los Alamos National Laboratory video series of interviews with pioneers of criticality safety could easily be incorporated into training modules. Obviously, the development of such a program depends largely upon the need and participation of experts who share the same vision and enthusiasm of training the next generation of criticality safety engineers. The NCSP website is just one example of the potential benefits that web-based training can offer. You are encouraged to browse the NCSP website at http://ncsp.llnl.gov. We solicit your ideas in the training of future NCS engineers and welcome your participation with us in developing future multimedia training modules. (author)

  9. The Development, Content, Design, and Conduct of the 2011 Piloted US DOE Nuclear Criticality Safety Program Criticality Safety Engineering Training and Education Project

    International Nuclear Information System (INIS)

    Hopper, Calvin Mitchell

    2011-01-01

    In May 1973 the University of New Mexico conducted the first nationwide criticality safety training and education week-long short course for nuclear criticality safety engineers. Subsequent to that course, the Los Alamos Critical Experiments Facility (LACEF) developed very successful 'hands-on' subcritical and critical training programs for operators, supervisors, and engineering staff. Since the inception of the US Department of Energy (DOE) Nuclear Criticality Technology and Safety Project (NCT and SP) in 1983, the DOE has stimulated contractor facilities and laboratories to collaborate in the furthering of nuclear criticality as a discipline. That effort included the education and training of nuclear criticality safety engineers (NCSEs). In 1985 a textbook was written that established a path toward formalizing education and training for NCSEs. Though the NCT and SP went through a brief hiatus from 1990 to 1992, other DOE-supported programs were evolving to the benefit of NCSE training and education. In 1993 the DOE established a Nuclear Criticality Safety Program (NCSP) and undertook a comprehensive development effort to expand the extant LACEF 'hands-on' course specifically for the education and training of NCSEs. That successful education and training was interrupted in 2006 for the closing of the LACEF and the accompanying movement of materials and critical experiment machines to the Nevada Test Site. Prior to that closing, the Lawrence Livermore National Laboratory (LLNL) was commissioned by the US DOE NCSP to establish an independent hands-on NCSE subcritical education and training course. The course provided an interim transition for the establishment of a reinvigorated and expanded two-week NCSE education and training program in 2011. The 2011 piloted two-week course was coordinated by the Oak Ridge National Laboratory (ORNL) and jointly conducted by the Los Alamos National Laboratory (LANL) classroom education and facility training, the Sandia National

  10. Present status of Japanese Criticality Safety Handbook

    International Nuclear Information System (INIS)

    Okuno, Hiroshi

    1999-01-01

    A draft of the second edition of Nuclear Criticality Safety Handbook has been finalized, and it is under examination by reviewing committee for JAERI Report. Working Group designated for revising the Japanese Criticality Safety Handbook, which is chaired by Prof. Yamane, is now preparing for 'Guide on Burnup Credit for Storage and Transport of Spent Nuclear Fuel' and second edition of 'Data Collection' part of Handbook. Activities related to revising the Handbook might give a hint for a future experiment at STACY. (author)

  11. Utilization of the MCNP-3A code for criticality safety analysis

    International Nuclear Information System (INIS)

    Maragni, M.G.; Moreira, J.M.L.

    1996-01-01

    In the last decade, Brazil started to operate facilities for processing and storing uranium in different forms. The necessity of criticality safety analysis appeared in the design phase of the uranium pilot process plants and also in the licensing of transportation and storage of fissile materials. The 2-MW research reactor and the Angra I power plant also required criticality safety assessments because their spent-fuel storage was approaching full-capacity utilization. The criticality safety analysis in Brazil has been based on KENO IV code calculations, which present some difficulties for correct geometry representation. The MCNP-3A code is not reported to be used frequently for criticality safety analysis in Brazil, but its good geometry representation makes it a possible tool for treating problems of complex geometry. A set of benchmark tests was performed to verify its applicability for criticality safety analysis in Brazil. This paper presents several benchmark tests aimed at selecting a set of options available in the MCNP-3A code that would be adequate for criticality safety analysis. The MCNP-3A code is also compared with the KENO-IV code regarding its performance for criticality safety analysis

  12. V & V Within Reuse-Based Software Engineering

    Science.gov (United States)

    Addy, Edward A.

    1996-01-01

    Verification and validation (V&V) is used to increase the level of assurance of critical software, particularly that of safety-critical and mission critical software. This paper describes the working group's success in identifying V&V tasks that could be performed in the domain engineering and transition levels of reuse-based software engineering. The primary motivation for V&V at the domain level is to provide assurance that the domain requirements are correct and that the domain artifacts correctly implement the domain requirements. A secondary motivation is the possible elimination of redundant V&V activities at the application level. The group also considered the criteria and motivation for performing V&V in domain engineering.

  13. Supplement report to the Nuclear Criticality Safety Handbook of Japan

    International Nuclear Information System (INIS)

    Okuno, Hiroshi; Komuro, Yuichi; Nakajima, Ken

    1995-10-01

    Supplementing works to 'The Nuclear Criticality Safety Handbook' of Japan have been continued since 1988, the year the handbook edited by the Science and Technology Agency first appeared. This report publishes the fruits obtained in the supplementing works. Substantial improvements are made in the chapters of 'Modelling the evaluation object' and 'Methodology for analytical safety assessment', and newly added are chapters of 'Criticality safety of chemical processes', 'Criticality accidents and their evaluation methods' and 'Basic principles on design and installation of criticality alarm system'. (author)

  14. The International Criticality Safety Benchmark Evaluation Project (ICSBEP)

    International Nuclear Information System (INIS)

    Briggs, J.B.

    2003-01-01

    The International Criticality Safety Benchmark Evaluation Project (ICSBEP) was initiated in 1992 by the United States Department of Energy. The ICSBEP became an official activity of the Organisation for Economic Cooperation and Development (OECD) - Nuclear Energy Agency (NEA) in 1995. Representatives from the United States, United Kingdom, France, Japan, the Russian Federation, Hungary, Republic of Korea, Slovenia, Yugoslavia, Kazakhstan, Israel, Spain, and Brazil are now participating. The purpose of the ICSBEP is to identify, evaluate, verify, and formally document a comprehensive and internationally peer-reviewed set of criticality safety benchmark data. The work of the ICSBEP is published as an OECD handbook entitled 'International Handbook of Evaluated Criticality Safety Benchmark Experiments.' The 2003 Edition of the Handbook contains benchmark model specifications for 3070 critical or subcritical configurations that are intended for validating computer codes that calculate effective neutron multiplication and for testing basic nuclear data. (author)

  15. Criticality safety and facility design considerations

    International Nuclear Information System (INIS)

    Waltz, W.R.

    1991-06-01

    Operations with fissile material introduce the risk of a criticality accident that may be lethal to nearby personnel. In addition, concerns over criticality safety can result in substantial delays and shutdown of facility operations. For these reasons, it is clear that the prevention of a nuclear criticality accident should play a major role in the design of a nuclear facility. The emphasis of this report will be placed on engineering design considerations in the prevention of criticality. The discussion will not include other important aspects, such as the physics of calculating limits nor criticality alarm systems

  16. Model-based testing for software safety

    NARCIS (Netherlands)

    Gurbuz, Havva Gulay; Tekinerdogan, Bedir

    2017-01-01

    Testing safety-critical systems is crucial since a failure or malfunction may result in death or serious injuries to people, equipment, or environment. An important challenge in testing is the derivation of test cases that can identify the potential faults. Model-based testing adopts models of a

  17. Application of software engineering to development of reactor safety codes

    International Nuclear Information System (INIS)

    Wilburn, N.P.; Niccoli, L.G.

    1981-01-01

    Software Engineering, which is a systematic methodology by which a large scale software development project is partitioned into manageable pieces, has been applied to the development of LMFBR safety codes. The techniques have been applied extensively in the business and aerospace communities and have provided an answer to the drastically increasing cost of developing and maintaining software. The five phases of software engineering (Survey, Analysis, Design, Implementation, and Testing) were applied in turn to development of these codes, along with Walkthroughs (peer review) at each stage. The application of these techniques has resulted in SUPERIOR SOFTWARE which is well documented, thoroughly tested, easy to modify, easier to use and maintain. The development projects have resulted in lower overall cost. (orig.) [de

  18. Fission, critical mass and safety-a historical review

    International Nuclear Information System (INIS)

    Meggitt, Geoff

    2006-01-01

    Since the discovery of fission, the notion of a chain reaction in a critical mass releasing massive amounts of energy has haunted physicists. The possibility of a bomb or a reactor prompted much of the early work on determining a critical mass, but the need to avoid an accidental critical excursion during processing or transport of fissile material drove much that took place subsequently. Because of the variety of possible situations that might arise, it took some time to develop adequate theoretical tools for criticality safety and the early assessments were based on direct experiment. Some extension of these experiments to closely similar situations proved possible, but it was not until the 1960s that theoretical methods (and computers to run them) developed enough for them to become reliable assessment tools. Validating such theoretical methods remained a concern, but by the end of the century they formed the backbone of criticality safety assessment. This paper traces the evolution of these methods, principally in the UK and USA, and summarises some related work concerned with the nature of criticality accidents and their radiological consequences. It also indicates how the results have been communicated and used in ensuring nuclear safety. (review)

  19. Data systems and computer science: Software Engineering Program

    Science.gov (United States)

    Zygielbaum, Arthur I.

    1991-01-01

    An external review of the Integrated Technology Plan for the Civil Space Program is presented. This review is specifically concerned with the Software Engineering Program. The goals of the Software Engineering Program are as follows: (1) improve NASA's ability to manage development, operation, and maintenance of complex software systems; (2) decrease NASA's cost and risk in engineering complex software systems; and (3) provide technology to assure safety and reliability of software in mission critical applications.

  20. USAEC Controls for Nuclear Criticality Safety

    Energy Technology Data Exchange (ETDEWEB)

    McCluggage, W. C. [Division of Operational Safety, United States Atomic Energy Commission Washington, DC (United States)

    1966-05-15

    This is a paper written to provide a broad general view of the United States Atomic Energy Commission's controls for nuclear criticality safety within its own facilities. Included also is a brief' discussion of the USAEC's methods of obtaining assurance that the controls are being applied. The body of the document contains three sections. The first two describe the functions of the USAEC; the third deals with the contractors. The provisions of the Atomic Energy Act applicable to health and safety are discussed in relation to nuclear criticality safety. The use of United States Atomic Energy Commission manual chapters and Federal regulations is described. The functions of the USAEC Headquarters' offices and the operations offices are briefly outlined. Comments regarding the USAEC's inspection, auditing and appraisal programmes are included. Also briefly mentioned are the basic qualifications which must be met to become a contractor to possess and process or use fissionable materials. On the plant, factory or facility level the duties and responsibilities of industrial management are briefly outlined. The fundamental standards and their origin, together with the principal documents and guides are mentioned. The chief methods of control used by contractors operating large USAEC facilities and plants are described and compared. These include diagrams of how a typical nuclear criticality safety problem is handled from inception, design, construction and finally plant operation. Also included is a brief discussion of the contractors' methods of assuring strict employee compliance with the operating rules and limits. (author)

  1. Consensus standards utilized and implemented for nuclear criticality safety in Japan

    International Nuclear Information System (INIS)

    Nomura, Yasushi; Okuno, Hiroshi; Naito, Yoshitaka

    1996-01-01

    The fundamental framework for the criticality safety of nuclear fuel facilities regulations is, in many advanced countries, generally formulated so that technical standards or handbook data are utilized to support the licensing safety review and to implement its guidelines. In Japan also, adequacy of the safety design of nuclear fuel facilities is checked and reviewed on the basis of licensing safety review guides. These guides are, first, open-quotes The Basic Guides for Licensing Safety Review of Nuclear Fuel Facilities,close quotes and as its subsidiaries, open-quotes The Uranium Fuel Fabrication Facility Licensing Safety Review Guidesclose quotes and open-quotes The Reprocessing Facility Licensing Safety Review Guides.close quotes The open-quotes Nuclear Criticality Safety Handbook close-quote of Japan and the Technical Data Collection are published and utilized to supply related data and information for the licensing safety review, such as for the Rokkasho reprocessing plant. The well-established technical standards and data abroad such as those by the American Nuclear Society and the American National Standards Institute are also utilized to complement the standards in Japan. The basic principles of criticality safety control for nuclear fuel facilities in Japan are duly stipulated in the aforementioned basic guides as follows: 1. Guide 10: Criticality control for a single unit; 2. Guide 11: Criticality control for multiple units; 3. Guide 12: Consideration for a criticality accident

  2. Nuclear criticality safety staff training and qualifications at Los Alamos National Laboratory

    International Nuclear Information System (INIS)

    Monahan, S.P.; McLaughlin, T.P.

    1997-01-01

    Operations involving significant quantities of fissile material have been conducted at Los Alamos National Laboratory continuously since 1943. Until the advent of the Laboratory's Nuclear Criticality Safety Committee (NCSC) in 1957, line management had sole responsibility for controlling criticality risks. From 1957 until 1961, the NCSC was the Laboratory body which promulgated policy guidance as well as some technical guidance for specific operations. In 1961 the Laboratory created the position of Nuclear Criticality Safety Office (in addition to the NCSC). In 1980, Laboratory management moved the Criticality Safety Officer (and one other LACEF staff member who, by that time, was also working nearly full-time on criticality safety issues) into the Health Division office. Later that same year the Criticality Safety Group, H-6 (at that time) was created within H-Division, and staffed by these two individuals. The training and education of these individuals in the art of criticality safety was almost entirely self-regulated, depending heavily on technical interactions between each other, as well as NCSC, LACEF, operations, other facility, and broader criticality safety community personnel. Although the Los Alamos criticality safety group has grown both in size and formality of operations since 1980, the basic philosophy that a criticality specialist must be developed through mentoring and self motivation remains the same. Formally, this philosophy has been captured in an internal policy, document ''Conduct of Business in the Nuclear Criticality Safety Group.'' There are no short cuts or substitutes in the development of a criticality safety specialist. A person must have a self-motivated personality, excellent communications skills, a thorough understanding of the principals of neutron physics, a safety-conscious and helpful attitude, a good perspective of real risk, as well as a detailed understanding of process operations and credible upsets

  3. Crosstalk: The Journal of Defense Software Engineering. Volume 22, Number 2, February 2009

    Science.gov (United States)

    2009-02-01

    possible system attacks. by Ron Greenfield and Dr. Charley Tichenor Enforcing Static Program Properties to Enable Safety-Critical Use of Java Software...Assurance by Ron Greenfield and Dr. Charley Tichenor, and Dr. Kelvin Nilsen’s Enforcing Static Program Properties in Safety-Critical Java Software Components...01&lang=en>. 5. Shakespeare, William. The Tempest. 6. Intel. “How Chips are Made.” 2008 <www.intel.com/ education /making chips/preparation.htm>. 7

  4. Proceedings of the first annual Nuclear Criticality Safety Technology Project

    International Nuclear Information System (INIS)

    Rutherford, D.A.

    1994-09-01

    This document represents the published proceedings of the first annual Nuclear Criticality Safety Technology Project (NCSTP) Workshop, which took place May 12--14, 1992, in Gaithersburg, Md. The conference consisted of four sessions, each dealing with a specific aspect of nuclear criticality safety issues. The session titles were ''Criticality Code Development, Usage, and Validation,'' ''Experimental Needs, Facilities, and Measurements,'' ''Regulation, Compliance, and Their Effects on Nuclear Criticality Technology and Safety,'' and ''The Nuclear Criticality Community Response to the USDOE Regulations and Compliance Directives.'' The conference also sponsored a Working Group session, a report of the NCSTP Working Group is also presented. Individual papers have been cataloged separately

  5. Manual on quality assurance for computer software related to the safety of nuclear power plants

    International Nuclear Information System (INIS)

    1988-01-01

    The objective of the Manual is to provide guidance in the assurance of quality of specification, design, maintenance and use of computer software related to items and activities important to safety (hereinafter referred to as safety related) in nuclear power plants. This guidance is consistent with, and supplements, the requirements and recommendations of Quality Assurance for Safety in Nuclear Power Plants: A Code of Practice, 50-C-QA, and related Safety Guides on quality assurance for nuclear power plants. Annex A identifies the IAEA documents referenced in the Manual. The Manual is intended to be of use to all those who, in any way, are involved with software for safety related applications for nuclear power plants, including auditors who may be called upon to audit management systems and product software. Figs

  6. Providing Nuclear Criticality Safety Analysis Education through Benchmark Experiment Evaluation

    International Nuclear Information System (INIS)

    Bess, John D.; Briggs, J. Blair; Nigg, David W.

    2009-01-01

    One of the challenges that today's new workforce of nuclear criticality safety engineers face is the opportunity to provide assessment of nuclear systems and establish safety guidelines without having received significant experience or hands-on training prior to graduation. Participation in the International Criticality Safety Benchmark Evaluation Project (ICSBEP) and/or the International Reactor Physics Experiment Evaluation Project (IRPhEP) provides students and young professionals the opportunity to gain experience and enhance critical engineering skills.

  7. Defense-in-depth for common cause failure of nuclear power plant safety system software

    International Nuclear Information System (INIS)

    Tian Lu

    2012-01-01

    This paper briefly describes the development of digital I and C system in nuclear power plant, and analyses the viewpoints of NRC and other nuclear safety authorities on Software Common Cause Failure (SWCCF). In view of the SWCCF issue introduced by the digitized platform adopted in nuclear power plant safety system, this paper illustrated a diversified defence strategy for computer software and hardware. A diversified defence-in-depth solution is provided for digital safety system of nuclear power plant. Meanwhile, analysis on problems may be faced during application of nuclear safety license are analyzed, and direction of future nuclear safety I and C system development are put forward. (author)

  8. ACRR fuel storage racks criticality safety analysis

    International Nuclear Information System (INIS)

    Bodette, D.E.; Naegeli, R.E.

    1997-10-01

    This document presents the criticality safety analysis for a new fuel storage rack to support modification of the Annular Core Research Reactor for production of molybdenum-99 at Sandia National Laboratories, Technical Area V facilities. Criticality calculations with the MCNP code investigated various contingencies for the criticality control parameters. Important contingencies included mix of fuel element types stored, water density due to air bubbles or water level for the over-moderated racks, interaction with existing fuel storage racks and fuel storage holsters in the fuel storage pool, neutron absorption of planned rack design and materials, and criticality changes due to manufacturing tolerances or damage. Some limitations or restrictions on use of the new fuel storage rack for storage operations were developed through the criticality analysis and are required to meet the double contingency requirements of criticality safety. As shown in the analysis, this system will remain subcritical under all credible upset conditions. Administrative controls are necessary for loading, moving, and handling the storage rack as well as for control of operations around it. 21 refs., 16 figs., 4 tabs

  9. Calculational study for criticality safety data of fissionable actinides

    International Nuclear Information System (INIS)

    Nojiri, Ichiro; Fukasaku, Yasuhiro.

    1997-01-01

    This study has been carried out to obtain basic criticality safety characteristics of minor actinides nuclides. Criticality safety data of minor actinides nuclides have been surveyed through public literatures. Critical mass of seven nuclides, Np-237, Am-241, Am-242m, Am-243, Cm-243, Cm-244 and Cm-245, have been calculated by using two code systems of criticality safety analysis, SCALE-4 and MCNP4A, under some material and reflector conditions. Some applicable cross-section libraries have been used for each code systems. Calculated data have been compared with each other and with published data. The results of this comparison shows that there is no discrepancy within the computational codes and the calculated data is strongly depend on the cross-section library. (author)

  10. Practicality for Software Hazard Analysis for Nuclear Safety I and C System

    International Nuclear Information System (INIS)

    Kim, Yong-Ho; Moon, Kwon-Ki; Chang, Young-Woo; Jeong, Soo-Hyun

    2016-01-01

    We are using the concept of system safety in engineering. It is difficult to make any system perfectly safe and probably a complete system may not easily be achieved. The standard definition of a system from MIL-STD- 882E is: “The organization of hardware, software, material, facilities, personnel, data, and services needed to perform a designated function within a stated environment with specified results.” From the perspective of the system safety engineer and the hazard analysis process, software is considered as a subsystem. Regarding hazard analysis, to date, methods for identifying software failures and determining their effects is still a research problem. Since the success of software development is based on rigorous test of hardware and software, it is necessary to check the balance between software test and hardware test, and in terms of efficiency. Lessons learned and experience from similar systems are important for the work of hazard analysis. No major hazard has been issued for the software developed and verified in Korean NPPs. In addition to hazard analysis, software development, and verification and validation were thoroughly performed. It is reasonable that the test implementation including the development of the test case, stress and abnormal conditions, error recovery situations, and high risk hazardous situations play a key role in detecting and preventing software faults

  11. Practicality for Software Hazard Analysis for Nuclear Safety I and C System

    Energy Technology Data Exchange (ETDEWEB)

    Kim, Yong-Ho; Moon, Kwon-Ki; Chang, Young-Woo; Jeong, Soo-Hyun [KEPCO Engineering and Construction Co., Deajeon (Korea, Republic of)

    2016-10-15

    We are using the concept of system safety in engineering. It is difficult to make any system perfectly safe and probably a complete system may not easily be achieved. The standard definition of a system from MIL-STD- 882E is: “The organization of hardware, software, material, facilities, personnel, data, and services needed to perform a designated function within a stated environment with specified results.” From the perspective of the system safety engineer and the hazard analysis process, software is considered as a subsystem. Regarding hazard analysis, to date, methods for identifying software failures and determining their effects is still a research problem. Since the success of software development is based on rigorous test of hardware and software, it is necessary to check the balance between software test and hardware test, and in terms of efficiency. Lessons learned and experience from similar systems are important for the work of hazard analysis. No major hazard has been issued for the software developed and verified in Korean NPPs. In addition to hazard analysis, software development, and verification and validation were thoroughly performed. It is reasonable that the test implementation including the development of the test case, stress and abnormal conditions, error recovery situations, and high risk hazardous situations play a key role in detecting and preventing software faults.

  12. Nuclear Criticality Safety Organization qualification program. Revision 4

    International Nuclear Information System (INIS)

    Carroll, K.J.; Taylor, R.G.; Worley, C.A.

    1997-01-01

    The Nuclear Criticality Safety Organization (NCSO) is committed to developing and maintaining a staff of highly qualified personnel to meet the current and anticipated needs in Nuclear Criticality Safety (NCS) at the Oak Ridge Y-12 Plant. This document defines the Qualification Program to address the NCSO technical and managerial qualification as required by the Y-12 Training Implementation Matrix (TIM). It is implemented through a combination of LMES plant-wide training courses and professional nuclear criticality safety training provided within the organization. This Qualification Program is applicable to technical and managerial NCSO personnel, including temporary personnel, sub-contractors and/or LMES employees on loan to the NCSO, who perform the NCS tasks or serve NCS-related positions as defined in sections 5 and 6 of this program

  13. Nuclear criticality safety specialist training and qualification programs

    International Nuclear Information System (INIS)

    Hopper, C.M.

    1993-01-01

    Since the beginning of the Nuclear Criticality Safety Division of the American Nuclear Society (ANS) in 1967, the nuclear criticality safety (NCS) community has sought to provide an exchange of information at a national level to facilitate the education and development of NCS specialists. In addition, individual criticality safety organizations within government contractor and licensed commercial nonreactor facilities have developed training and qualification programs for their NCS specialists. However, there has been substantial variability in the content and quality of these program requirements and personnel qualifications, at least as measured within the government contractor community. The purpose of this paper is to provide a brief, general history of staff training and to describe the current direction and focus of US DOE guidance for the content of training and qualification programs designed to develop NCS specialists

  14. 77 FR 50723 - Verification, Validation, Reviews, and Audits for Digital Computer Software Used in Safety...

    Science.gov (United States)

    2012-08-22

    ... regulations with respect to software verification and auditing of digital computer software used in the safety... Standards and Records,'' which requires, in part, that a quality assurance program be established and implemented to provide adequate assurance that systems and components important to safety will satisfactorily...

  15. 78 FR 47014 - Configuration Management Plans for Digital Computer Software Used in Safety Systems of Nuclear...

    Science.gov (United States)

    2013-08-02

    .... ML12354A524. 3. Revision 1 of RG 1.170, ``Test Documentation for Digital Computer Software used in Safety... is in ADAMS at Accession No. ML12354A531. 4. Revision 1 of RG 1.171, ``Software Unit Testing for... Software Used in Safety Systems of Nuclear Power Plants AGENCY: Nuclear Regulatory Commission. ACTION...

  16. Administrative practices for nuclear criticality safety, ANSI/ANS-8.19-1996

    International Nuclear Information System (INIS)

    Smith, D.R.

    1996-01-01

    American National Standard, open-quotes Administrative Practices for Nuclear Criticality Safety,close quotes American National Standards Institute/American Nuclear Society (ANSI/ANS)-8.19-1996, addresses the responsibilities of management, supervision, and the criticality safety staff in the administration of an effective criticality safety program. Characteristics of operating procedures, process evaluations, material control procedures, and emergency plans are discussed

  17. Nuclear criticality safety. Chapter 0530 of AEC manual

    International Nuclear Information System (INIS)

    2006-01-01

    The programme objectives of this chapter of the U.S. Atomic Energy Commission manual on nuclear criticality safety are to protect the health and safety of the public and of the government and contractor personnel working in plants that handle fissionable material and to protect public and private property from the consequences of a criticality accident occurring in AEC-owned plants and other AEC-contracted activities involving fissionable materials

  18. Nuclear critical safety analysis for UX-30 transport of freight package

    International Nuclear Information System (INIS)

    Quan Yanhui; Zhou Qi; Yin Shenggui

    2014-01-01

    The nuclear critical safety analysis and evaluation for UX-30 transport freight package in the natural condition and accident condition were carried out with MONK-9A code and MCNP code. Firstly, the critical benchmark experiment data of public in international were selected, and the deflection and subcritical limiting value with MONK-9A code and MCNP code in calculating same material form were validated and confirmed. Secondly, the neutron efficiency multiplication factors in the natural condition and accident condition were calculated and analyzed, and the safety in transport process was evaluated by taking conservative suppose of nuclear critical safety. The calculation results show that the max value of k eff for UX-30 transport freight package is less than the subcritical limiting value, and the UX-30 transport freight package is in the state of subcritical safety. Moreover, the critical safety index (CSI) for UX-30 package can define zero based on the definition of critical safety index. (authors)

  19. Formal Verification of Digital Protection Logic and Automatic Testing Software

    Energy Technology Data Exchange (ETDEWEB)

    Cha, S. D.; Ha, J. S.; Seo, J. S. [KAIST, Daejeon (Korea, Republic of)

    2008-06-15

    - Technical aspect {center_dot} It is intended that digital I and C software have safety and reliability. Project results help the software to acquire license. Software verification technique, which results in this project, can be to use for digital NPP(Nuclear power plant) in the future. {center_dot} This research introduces many meaningful results of verification on digital protection logic and suggests I and C software testing strategy. These results apply to verify nuclear fusion device, accelerator, nuclear waste management and nuclear medical device that require dependable software and high-reliable controller. Moreover, These can be used for military, medical or aerospace-related software. - Economical and industrial aspect {center_dot} Since safety of digital I and C software is highly import, It is essential for the software to be verified. But verification and licence acquisition related to digital I and C software face high cost. This project gives economic profit to domestic economy by using introduced verification and testing technique instead of foreign technique. {center_dot} The operation rate of NPP will rise, when NPP safety critical software is verified with intellectual V and V tool. It is expected that these software substitute safety-critical software that wholly depend on foreign. Consequently, the result of this project has high commercial value and the recognition of the software development works will be able to be spread to the industrial circles. - Social and cultural aspect People expect that nuclear power generation contributes to relieving environmental problems because that does not emit more harmful air pollution source than other power generations. To give more trust and expectation about nuclear power generation to our society, we should make people to believe that NPP is highly safe system. In that point of view, we can present high-reliable I and C proofed by intellectual V and V technique as evidence

  20. Criticality safety engineer training at WSRC

    International Nuclear Information System (INIS)

    Williamson, T.G.; Mincey, J.F.

    1993-01-01

    Two programs designed to prepare engineers for certification as criticality safety engineers are offered at Westinghouse Savannah River Company (WSRC). One program, Student On Loan Criticality Engineer Training (SOLCET), is an intensive 2-yr course involving lectures, rigorous problem assignments, and mentoring. The other program, In-Field Criticality Engineer Training (IN-FIELD), is a less intensive series of lectures and problem assignments. Both courses are conducted by members of the Applied Physics Group (APG) of the Savannah River Technical Center, the organization at WSRC responsible for the operation and maintenance of criticality codes and for training of code users

  1. E-learning for Critical Thinking: Using Nominal Focus Group Method to Inform Software Content and Design

    Science.gov (United States)

    Parker, Steve; Mayner, Lidia; Michael Gillham, David

    2015-01-01

    Background: Undergraduate nursing students are often confused by multiple understandings of critical thinking. In response to this situation, the Critiique for critical thinking (CCT) project was implemented to provide consistent structured guidance about critical thinking. Objectives: This paper introduces Critiique software, describes initial validation of the content of this critical thinking tool and explores wider applications of the Critiique software. Materials and Methods: Critiique is flexible, authorable software that guides students step-by-step through critical appraisal of research papers. The spelling of Critiique was deliberate, so as to acquire a unique web domain name and associated logo. The CCT project involved implementation of a modified nominal focus group process with academic staff working together to establish common understandings of critical thinking. Previous work established a consensus about critical thinking in nursing and provided a starting point for the focus groups. The study was conducted at an Australian university campus with the focus group guided by open ended questions. Results: Focus group data established categories of content that academic staff identified as important for teaching critical thinking. This emerging focus group data was then used to inform modification of Critiique software so that students had access to consistent and structured guidance in relation to critical thinking and critical appraisal. Conclusions: The project succeeded in using focus group data from academics to inform software development while at the same time retaining the benefits of broader philosophical dimensions of critical thinking. PMID:26835469

  2. E-learning for Critical Thinking: Using Nominal Focus Group Method to Inform Software Content and Design.

    Science.gov (United States)

    Parker, Steve; Mayner, Lidia; Michael Gillham, David

    2015-12-01

    Undergraduate nursing students are often confused by multiple understandings of critical thinking. In response to this situation, the Critiique for critical thinking (CCT) project was implemented to provide consistent structured guidance about critical thinking. This paper introduces Critiique software, describes initial validation of the content of this critical thinking tool and explores wider applications of the Critiique software. Critiique is flexible, authorable software that guides students step-by-step through critical appraisal of research papers. The spelling of Critiique was deliberate, so as to acquire a unique web domain name and associated logo. The CCT project involved implementation of a modified nominal focus group process with academic staff working together to establish common understandings of critical thinking. Previous work established a consensus about critical thinking in nursing and provided a starting point for the focus groups. The study was conducted at an Australian university campus with the focus group guided by open ended questions. Focus group data established categories of content that academic staff identified as important for teaching critical thinking. This emerging focus group data was then used to inform modification of Critiique software so that students had access to consistent and structured guidance in relation to critical thinking and critical appraisal. The project succeeded in using focus group data from academics to inform software development while at the same time retaining the benefits of broader philosophical dimensions of critical thinking.

  3. Verification and testing of the RTOS for safety-critical embedded systems

    Energy Technology Data Exchange (ETDEWEB)

    Lee, Na Young [Seoul National University, Seoul (Korea, Republic of); Kim, Jin Hyun; Choi, Jin Young [Korea University, Seoul (Korea, Republic of); Sung, Ah Young; Choi, Byung Ju [Ewha Womans University, Seoul (Korea, Republic of); Lee, Jang Soo [KAERI, Taejon (Korea, Republic of)

    2003-07-01

    Development in Instrumentation and Control (I and C) technology provides more convenience and better performance, thus, adopted in many fields. To adopt newly developed technology, nuclear industry requires rigorous V and V procedure and tests to assure reliable operation. Adoption of digital system requires verification and testing of the OS for licensing. Commercial real-time operating system (RTOS) is targeted to apply to various, unpredictable needs, which makes it difficult to verify. For this reason, simple, application-oriented realtime OS is developed for the nuclear application. In this work, we show how to verify the developed RTOS at each development lifecycle. Commercial formal tool is used in specification and verification of the system. Based on the developed model, software in C language is automatically generated. Tests are performed for two purposes; one is to identify consistency between the verified model and the generated code, the other is to find errors in the generated code. The former assumes that the verified model is correct, and the latter incorrect. Test data are generated separately to satisfy each purpose. After we test the RTOS software, we implement the test board embedded with the developed RTOS and the application software, which simulates the safety critical plant protection function. Testing to identify whether the reliability criteria is satisfied or not is also designed in this work. It results in that the developed RTOS software works well when it is embedded in the system.

  4. Verification and testing of the RTOS for safety-critical embedded systems

    International Nuclear Information System (INIS)

    Lee, Na Young; Kim, Jin Hyun; Choi, Jin Young; Sung, Ah Young; Choi, Byung Ju; Lee, Jang Soo

    2003-01-01

    Development in Instrumentation and Control (I and C) technology provides more convenience and better performance, thus, adopted in many fields. To adopt newly developed technology, nuclear industry requires rigorous V and V procedure and tests to assure reliable operation. Adoption of digital system requires verification and testing of the OS for licensing. Commercial real-time operating system (RTOS) is targeted to apply to various, unpredictable needs, which makes it difficult to verify. For this reason, simple, application-oriented realtime OS is developed for the nuclear application. In this work, we show how to verify the developed RTOS at each development lifecycle. Commercial formal tool is used in specification and verification of the system. Based on the developed model, software in C language is automatically generated. Tests are performed for two purposes; one is to identify consistency between the verified model and the generated code, the other is to find errors in the generated code. The former assumes that the verified model is correct, and the latter incorrect. Test data are generated separately to satisfy each purpose. After we test the RTOS software, we implement the test board embedded with the developed RTOS and the application software, which simulates the safety critical plant protection function. Testing to identify whether the reliability criteria is satisfied or not is also designed in this work. It results in that the developed RTOS software works well when it is embedded in the system

  5. CANISTER HANDLING FACILITY CRITICALITY SAFETY CALCULATIONS

    International Nuclear Information System (INIS)

    C.E. Sanders

    2005-01-01

    This design calculation revises and updates the previous criticality evaluation for the canister handling, transfer and staging operations to be performed in the Canister Handling Facility (CHF) documented in BSC [Bechtel SAIC Company] 2004 [DIRS 167614]. The purpose of the calculation is to demonstrate that the handling operations of canisters performed in the CHF meet the nuclear criticality safety design criteria specified in the ''Project Design Criteria (PDC) Document'' (BSC 2004 [DIRS 171599], Section 4.9.2.2), the nuclear facility safety requirement in ''Project Requirements Document'' (Canori and Leitner 2003 [DIRS 166275], p. 4-206), the functional/operational nuclear safety requirement in the ''Project Functional and Operational Requirements'' document (Curry 2004 [DIRS 170557], p. 75), and the functional nuclear criticality safety requirements described in the ''Canister Handling Facility Description Document'' (BSC 2004 [DIRS 168992], Sections 3.1.1.3.4.13 and 3.2.3). Specific scope of work contained in this activity consists of updating the Category 1 and 2 event sequence evaluations as identified in the ''Categorization of Event Sequences for License Application'' (BSC 2004 [DIRS 167268], Section 7). The CHF is limited in throughput capacity to handling sealed U.S. Department of Energy (DOE) spent nuclear fuel (SNF) and high-level radioactive waste (HLW) canisters, defense high-level radioactive waste (DHLW), naval canisters, multicanister overpacks (MCOs), vertical dual-purpose canisters (DPCs), and multipurpose canisters (MPCs) (if and when they become available) (BSC 2004 [DIRS 168992], p. 1-1). It should be noted that the design and safety analyses of the naval canisters are the responsibility of the U.S. Department of the Navy (Naval Nuclear Propulsion Program) and will not be included in this document. In addition, this calculation is valid for the current design of the CHF and may not reflect the ongoing design evolution of the facility

  6. Criticality Safety Basics for INL Emergency Responders

    Energy Technology Data Exchange (ETDEWEB)

    Valerie L. Putman

    2012-08-01

    This document is a modular self-study guide about criticality safety principles for Idaho National Laboratory emergency responders. This guide provides basic criticality safety information for people who, in response to an emergency, might enter an area that contains much fissionable (or fissile) material. The information should help responders understand unique factors that might be important in responding to a criticality accident or in preventing a criticality accident while responding to a different emergency.

    This study guide specifically supplements web-based training for firefighters (0INL1226) and includes information for other Idaho National Laboratory first responders. However, the guide audience also includes other first responders such as radiological control personnel.

    For interested readers, this guide includes clearly marked additional information that will not be included on tests. The additional information includes historical examples (Been there. Done that.), as well as facts and more in-depth information (Did you know …).

    INL criticality safety personnel revise this guide as needed to reflect program changes, user requests, and better information. Revision 0, issued May 2007, established the basic text. Revision 1 incorporates operation, program, and training changes implemented since 2007. Revision 1 increases focus on first responders because later responders are more likely to have more assistance and guidance from facility personnel and subject matter experts. Revision 1 also completely reorganized the training to better emphasize physical concepts behind the criticality controls that help keep emergency responders safe. The changes are based on and consistent with changes made to course 0INL1226.

  7. Criticality safety analysis for plutonium dissolver using silver mediated electrolytic oxidation method

    International Nuclear Information System (INIS)

    Umeda, Miki; Sugikawa, Susumu; Nakamura, Kazuhito; Egashira, Tetsurou

    1998-08-01

    Design and construction of a plutonium dissolver using silver mediated electrolytic oxidation method are promoted in NUCEF. Criticality safety analysis for the plutonium dissolver is described in this report. The electrolytic plutonium dissolver consists of connection pipes and three pots for MOX powder supply, circulation and electrolysis. The criticality control for the dissolver is made by geometrically safe shape with mass limitation. Monte Carlo code KENO-IV using MGCL-137 library based on ENDF/B-IV was used for the criticality safety analysis for the plutonium dissolver. Considering the required size for construction and criticality safety, diameter of pot and distance between two pots were determined. On this condition, the criticality safety analysis for the plutonium dissolver with connection pipes was carried out. As the result of the criticality safety analysis, an effective neutron multiplication factor keff of 0.91 was obtained and the criticality safety of the plutonium dissolver was confirmed on the basis of criteria of ≤0.95. (author)

  8. Evaluation of features to support safety and quality in general practice clinical software

    Science.gov (United States)

    2011-01-01

    Background Electronic prescribing is now the norm in many countries. We wished to find out if clinical software systems used by general practitioners in Australia include features (functional capabilities and other characteristics) that facilitate improved patient safety and care, with a focus on quality use of medicines. Methods Seven clinical software systems used in general practice were evaluated. Fifty software features that were previously rated as likely to have a high impact on safety and/or quality of care in general practice were tested and are reported here. Results The range of results for the implementation of 50 features across the 7 clinical software systems was as follows: 17-31 features (34-62%) were fully implemented, 9-13 (18-26%) partially implemented, and 9-20 (18-40%) not implemented. Key findings included: Access to evidence based drug and therapeutic information was limited. Decision support for prescribing was available but varied markedly between systems. During prescribing there was potential for medicine mis-selection in some systems, and linking a medicine with its indication was optional. The definition of 'current medicines' versus 'past medicines' was not always clear. There were limited resources for patients, and some medicines lists for patients were suboptimal. Results were provided to the software vendors, who were keen to improve their systems. Conclusions The clinical systems tested lack some of the features expected to support patient safety and quality of care. Standards and certification for clinical software would ensure that safety features are present and that there is a minimum level of clinical functionality that clinicians could expect to find in any system.

  9. Handbook on criticality. Vol. 1. Criticality and nuclear safety; Handbuch zur Kritikalitaet. Bd. 1. Kritikalitaet und nukleare Sicherheit

    Energy Technology Data Exchange (ETDEWEB)

    NONE

    2015-04-15

    This handbook was prepared primarily with the aim to provide information to experts in industry, authorities or research facilities engaged in criticality-safety-related problems that will allow an adequate and rapid assessment of criticality safety issues already in the planning and preparation of nuclear facilities. However, it is not the intention of the authors of the handbook to offer ready solutions to complex problems of nuclear safety. Such questions have to remain subject to an in-depth analysis and assessment to be carried out by dedicated criticality safety experts. Compared with the previous edition dated December 1998, this handbook has been further revised and supplemented. The proven basic structure of the handbook remains unchanged. The handbook follows in some ways similar criticality handbooks or instructions published in the USA, UK, France, Japan and the former Soviet Union. The expedient use of the information given in this handbook requires a fundamental understanding of criticality and the terminology of nuclear safety. In Vol. 1, ''Criticality and Nuclear Safety'', therefore, first the most important terms and fundamentals are introduced and explained. Subsequently, experimental techniques and calculation methods for evaluating criticality problems are presented. The following chapters of Vol. 1 deal i. a. with the effect of neutron reflectors and absorbers, neutron interaction, measuring methods for criticality, and organisational safety measures and provide an overview of criticality-relevant operational experience and of criticality accidents and their potential hazardous impact. Vol. 2 parts 1 and 2 finally compile criticality parameters in graphical and tabular form. The individual graph sheets are provided with an initially explained set of identifiers, to allow the quick finding of the information of current interest. Part 1 includes criticality parameters for systems with {sup 235}U as fissile material, while part

  10. Software Graphics Processing Unit (sGPU) for Deep Space Applications

    Science.gov (United States)

    McCabe, Mary; Salazar, George; Steele, Glen

    2015-01-01

    A graphics processing capability will be required for deep space missions and must include a range of applications, from safety-critical vehicle health status to telemedicine for crew health. However, preliminary radiation testing of commercial graphics processing cards suggest they cannot operate in the deep space radiation environment. Investigation into an Software Graphics Processing Unit (sGPU)comprised of commercial-equivalent radiation hardened/tolerant single board computers, field programmable gate arrays, and safety-critical display software shows promising results. Preliminary performance of approximately 30 frames per second (FPS) has been achieved. Use of multi-core processors may provide a significant increase in performance.

  11. Nuclear Criticality Technology and Safety Project parameter study database

    International Nuclear Information System (INIS)

    Toffer, H.; Erickson, D.G.; Samuel, T.J.; Pearson, J.S.

    1993-03-01

    A computerized, knowledge-screened, comprehensive database of the nuclear criticality safety documentation has been assembled as part of the Nuclear Criticality Technology and Safety (NCTS) Project. The database is focused on nuclear criticality parameter studies. The database has been computerized using dBASE III Plus and can be used on a personal computer or a workstation. More than 1300 documents have been reviewed by nuclear criticality specialists over the last 5 years to produce over 800 database entries. Nuclear criticality specialists will be able to access the database and retrieve information about topical parameter studies, authors, and chronology. The database places the accumulated knowledge in the nuclear criticality area over the last 50 years at the fingertips of a criticality analyst

  12. Criticality safety evaluations - a open-quotes stalking horseclose quotes for integrated safety assessment

    International Nuclear Information System (INIS)

    Williams, R.A.

    1995-01-01

    The Columbia Fuel Fabrication Facility of the Westinghouse Commercial Nuclear Fuel Division manufactures low-enriched uranium fuel and associated components for use in commercial pressurized water power reactors. To support development of a comprehensive integrated safety assessment (ISA) for the facility, as well as to address increasing U.S. Nuclear Regulatory Commission (NRC) expectations regarding such a facility's criticality safety assessments, a project is under way to complete criticality safety evaluations (CSEs) of all plant systems used in processing nuclear materials. Each CSE is made up of seven sections, prepared by a multidisciplinary team of process engineers, systems engineers, safety engineers, maintenance representatives, and operators. This paper provides a cursory outline of the type of information presented in a CSE

  13. Software Safety Analysis of Digital Protection System Requirements Using a Qualitative Formal Method

    International Nuclear Information System (INIS)

    Lee, Jang-Soo; Kwon, Kee-Choon; Cha, Sung-Deok

    2004-01-01

    The safety analysis of requirements is a key problem area in the development of software for the digital protection systems of a nuclear power plant. When specifying requirements for software of the digital protection systems and conducting safety analysis, engineers find that requirements are often known only in qualitative terms and that existing fault-tree analysis techniques provide little guidance on formulating and evaluating potential failure modes. A framework for the requirements engineering process is proposed that consists of a qualitative method for requirements specification, called the qualitative formal method (QFM), and a safety analysis method for the requirements based on causality information, called the causal requirements safety analysis (CRSA). CRSA is a technique that qualitatively evaluates causal relationships between software faults and physical hazards. This technique, extending the qualitative formal method process and utilizing information captured in the state trajectory, provides specific guidelines on how to identify failure modes and the relationship among them. The QFM and CRSA processes are described using shutdown system 2 of the Wolsong nuclear power plants as the digital protection system example

  14. How to interpret safety critical failures in risk and reliability assessments

    International Nuclear Information System (INIS)

    Selvik, Jon Tømmerås; Signoret, Jean-Pierre

    2017-01-01

    Management of safety systems often receives high attention due to the potential for industrial accidents. In risk and reliability literature concerning such systems, and particularly concerning safety-instrumented systems, one frequently comes across the term ‘safety critical failure’. It is a term associated with the term ‘critical failure’, and it is often deduced that a safety critical failure refers to a failure occurring in a safety critical system. Although this is correct in some situations, it is not matching with for example the mathematical definition given in ISO/TR 12489:2013 on reliability modeling, where a clear distinction is made between ‘safe failures’ and ‘dangerous failures’. In this article, we show that different interpretations of the term ‘safety critical failure’ exist, and there is room for misinterpretations and misunderstandings regarding risk and reliability assessments where failure information linked to safety systems are used, and which could influence decision-making. The article gives some examples from the oil and gas industry, showing different possible interpretations of the term. In particular we discuss the link between criticality and failure. The article points in general to the importance of adequate risk communication when using the term, and gives some clarification on interpretation in risk and reliability assessments.

  15. Preparation for the second edition of nuclear criticality safety handbook

    International Nuclear Information System (INIS)

    Okuno, Hiroshi; Nomura, Yasushi

    1997-01-01

    The making of the second edition of Nuclear Criticality Safety Handbook entered the final stage of investigation by the working group. In the second edition, the newest results of the researches in Japan were taken. In this report, among the subjects which were examined continuously from the first edition published in 1988, the size of fuel particles which can be regarded as homogeneous even in a heterogeneous system, the reactivity effect when fuel concentration distribution became not uniform in a homogeneous fuel system, the method of evaluating criticality safety in which submersion is not assumed, and the criticality data when fuel burning is considered are explained. Further, about the matters related to the criticality in chemical processes and the matters related to criticality accident, the outlines are introduced. Finally, the state of preparation for aiming at the third edition is mentioned. Criticality safety control is important for overall nuclear fuel cycle including the transportation and storage of fuel. The course of the publication of this Handbook is outlined. The matters which have been successively examined from the first edition, the results of criticality safety analysis for the dissolving tanks of fuel reprocessing, and the analysis code and the simplified evaluation method for criticality accident are reported. (K.I.)

  16. Computational methods for nuclear criticality safety analysis

    International Nuclear Information System (INIS)

    Maragni, M.G.

    1992-01-01

    Nuclear criticality safety analyses require the utilization of methods which have been tested and verified against benchmarks results. In this work, criticality calculations based on the KENO-IV and MCNP codes are studied aiming the qualification of these methods at the IPEN-CNEN/SP and COPESP. The utilization of variance reduction techniques is important to reduce the computer execution time, and several of them are analysed. As practical example of the above methods, a criticality safety analysis for the storage tubes for irradiated fuel elements from the IEA-R1 research has been carried out. This analysis showed that the MCNP code is more adequate for problems with complex geometries, and the KENO-IV code shows conservative results when it is not used the generalized geometry option. (author)

  17. 77 FR 50720 - Test Documentation for Digital Computer Software Used in Safety Systems of Nuclear Power Plants

    Science.gov (United States)

    2012-08-22

    ... Used in Safety Systems of Nuclear Power Plants AGENCY: Nuclear Regulatory Commission. ACTION: Draft... Computer Software used in Safety Systems of Nuclear Power Plants.'' The DG-1207 is proposed Revision 1 of... for Digital Computer Software Used in Safety Systems of Nuclear Power Plants'' is temporarily...

  18. Quality assurance of the modernized Dukovany I and C safety system software

    International Nuclear Information System (INIS)

    Karpeta, C.

    2005-01-01

    The approach to quality assurance of the software that implements the instrumentation and control functions for safety category A as per IEC 61226, which has been adopted within the 'NPP Dukovany I and C Refurbishment' project, is described. A survey of the requirements for software quality assurance of the systems that initiate protection interventions in the event of anticipated operational occurrences or accident conditions is given. The software development process applied by the system designers and manufacturers, from the software requirements specification phase to the software testing phase, is outlined. Basic information on technical audits of the software development process is also provided. (orig.)

  19. Developing safety-critical software: a practical guide for aviation software and DO-178c compliance

    National Research Council Canada - National Science Library

    Rierson, Leanna

    2013-01-01

    ... of a particular pedagogical approach or particular use of the MATLAB® and Simulink® software. CRC Press Taylor & Francis Group 6000 Broken Sound Parkway NW, Suite 300 Boca Raton, FL 33487-2742 © 2013 by Taylor & Francis Group, LLC CRC Press is an imprint of Taylor & Francis Group, an Informa business No claim to original U.S. Government works Versi...

  20. Safety culture and subcontractor network governance in a complex safety critical project

    International Nuclear Information System (INIS)

    Oedewald, Pia; Gotcheva, Nadezhda

    2015-01-01

    In safety critical industries many activities are currently carried out by subcontractor networks. Nevertheless, there are few studies where the core dimensions of resilience would have been studied in safety critical network activities. This paper claims that engineering resilience into a system is largely about steering the development of culture of the system towards better ability to anticipate, monitor, respond and learn. Thus, safety culture literature has relevance in resilience engineering field. This paper analyzes practical and theoretical challenges in applying the concept of safety culture in a complex, dynamic network of subcontractors involved in the construction of a new nuclear power plant in Finland, Olkiluoto 3. The concept of safety culture is in focus since it is widely used in nuclear industry and bridges the scientific and practical interests. This paper approaches subcontractor networks as complex systems. However, the management model of the Olkiluoto 3 project is to a large degree a traditional top-down hierarchy, which creates a mismatch between the management approach and the characteristics of the system to be managed. New insights were drawn from network governance studies. - Highlights: • We studied a relevant topical subject safety culture in nuclear new build project. • We integrated safety science challenges and network governance studies. • We produced practicable insights in managing safety of subcontractor networks

  1. Software programming languages for use in developing safety systems of nuclear power plant

    Energy Technology Data Exchange (ETDEWEB)

    Lee, Jang Soo

    1997-07-01

    This report provides guidance to a verifier on reviewing of programs for safety systems written in the high level languages, such as Ada, C, and C++. The focus of the report is on programming, not design, requirements engineering, or testing. We have defined the attributes, for example, reliability, robustness, traceability, and maintainability, which largely define a general quality of software related to safety. Although an extensive revision to the standard of Ada occurred in 1995, current compiler implementations are insufficiently mature to be considered for safety systems. The discussion on C program emphasized the problem in memory allocation and deallocation, pointers, control flow, and software interface. (author). 26 refs.

  2. 48 CFR 209.270 - Aviation and ship critical safety items.

    Science.gov (United States)

    2010-10-01

    ... Requirements 209.270 Aviation and ship critical safety items. ... 48 Federal Acquisition Regulations System 3 2010-10-01 2010-10-01 false Aviation and ship critical safety items. 209.270 Section 209.270 Federal Acquisition Regulations System DEFENSE ACQUISITION...

  3. Criticality safety benchmark evaluation project: Recovering the past

    Energy Technology Data Exchange (ETDEWEB)

    Trumble, E.F.

    1997-06-01

    A very brief summary of the Criticality Safety Benchmark Evaluation Project of the Westinghouse Savannah River Company is provided in this paper. The purpose of the project is to provide a source of evaluated criticality safety experiments in an easily usable format. Another project goal is to search for any experiments that may have been lost or contain discrepancies, and to determine if they can be used. Results of evaluated experiments are being published as US DOE handbooks.

  4. The Criticality Safety Information Resource Center (CSIRC) at Los Alamos National Laboratory

    International Nuclear Information System (INIS)

    Henderson, B.D.; Meade, R.A.; Pruvost, N.L.

    1999-01-01

    The Criticality Safety Information Resource Center (CSIRC) at Los Alamos National Laboratory (LANL) is a program jointly funded by the U.S. Department of Energy (DOE) and the U.S. Nuclear Regulatory Commission (NRC) in conjunction with the Defense Nuclear Facilities Safety Board (DNFSB) Recommendation 97-2. The goal of CSIRC is to preserve primary criticality safety documentation from U.S. critical experimental sites and to make this information available for the benefit of the technical community. Progress in archiving criticality safety primary documents at the LANL archives as well as efforts to make this information available to researchers are discussed. The CSIRC project has a natural linkage to the International Criticality Safety Benchmark Evaluation Project (ICSBEP). This paper raises the possibility that the CSIRC project will evolve in a fashion similar to the ICSBEP. Exploring the implications of linking the CSIRC to the international criticality safety community is the motivation for this paper

  5. Questioning the Role of Requirements Engineering in the Causes of Safety-Critical Software Failures

    Science.gov (United States)

    Johnson, C. W.; Holloway, C. M.

    2006-01-01

    Many software failures stem from inadequate requirements engineering. This view has been supported both by detailed accident investigations and by a number of empirical studies; however, such investigations can be misleading. It is often difficult to distinguish between failures in requirements engineering and problems elsewhere in the software development lifecycle. Further pitfalls arise from the assumption that inadequate requirements engineering is a cause of all software related accidents for which the system fails to meet its requirements. This paper identifies some of the problems that have arisen from an undue focus on the role of requirements engineering in the causes of major accidents. The intention is to provoke further debate within the emerging field of forensic software engineering.

  6. Model-based Development of Safety-critical Functions and ISO 26262 Work Products using modified EAST-ADL

    Directory of Open Access Journals (Sweden)

    Bülent Sari

    2017-07-01

    Full Text Available Safety is becoming more and more important with the ever increasing level of safety related E/E Systems built into the cars. Increasing functionality of vehicle systems through electrification of power train, in future even more by autonomous driving, leads to complexity in designing system, software and safety architecture. ISO 26262 aims to reduce the complexity and to approve the traceability of the different safety activities. This paper presents an approach about model-based development of system, software and safety architecture using Electronics Architecture and Software Technology – Architecture Description Language (EAST-ADL, being in line with the relevant standard ISO 26262. In particular, we briefly discuss how the main safety related activities, such as hazard analysis and risk assessment, developing functional and technical safety concepts and performing safety analysis can be performed model-based and how the activities can be related with system and software development. The state-of-art is also provided and compared with the proposed approach.

  7. Tank waste remediation system nuclear criticality safety program management review

    International Nuclear Information System (INIS)

    BRADY RAAP, M.C.

    1999-01-01

    This document provides the results of an internal management review of the Tank Waste Remediation System (TWRS) criticality safety program, performed in advance of the DOE/RL assessment for closure of the TWRS Nuclear Criticality Safety Issue, March 1994. Resolution of the safety issue was identified as Hanford Federal Facility Agreement and Consent Order (Tri-Party Agreement) Milestone M-40-12, due September 1999

  8. CANISTER HANDLING FACILITY CRITICALITY SAFETY CALCULATIONS

    Energy Technology Data Exchange (ETDEWEB)

    C.E. Sanders

    2005-04-07

    This design calculation revises and updates the previous criticality evaluation for the canister handling, transfer and staging operations to be performed in the Canister Handling Facility (CHF) documented in BSC [Bechtel SAIC Company] 2004 [DIRS 167614]. The purpose of the calculation is to demonstrate that the handling operations of canisters performed in the CHF meet the nuclear criticality safety design criteria specified in the ''Project Design Criteria (PDC) Document'' (BSC 2004 [DIRS 171599], Section 4.9.2.2), the nuclear facility safety requirement in ''Project Requirements Document'' (Canori and Leitner 2003 [DIRS 166275], p. 4-206), the functional/operational nuclear safety requirement in the ''Project Functional and Operational Requirements'' document (Curry 2004 [DIRS 170557], p. 75), and the functional nuclear criticality safety requirements described in the ''Canister Handling Facility Description Document'' (BSC 2004 [DIRS 168992], Sections 3.1.1.3.4.13 and 3.2.3). Specific scope of work contained in this activity consists of updating the Category 1 and 2 event sequence evaluations as identified in the ''Categorization of Event Sequences for License Application'' (BSC 2004 [DIRS 167268], Section 7). The CHF is limited in throughput capacity to handling sealed U.S. Department of Energy (DOE) spent nuclear fuel (SNF) and high-level radioactive waste (HLW) canisters, defense high-level radioactive waste (DHLW), naval canisters, multicanister overpacks (MCOs), vertical dual-purpose canisters (DPCs), and multipurpose canisters (MPCs) (if and when they become available) (BSC 2004 [DIRS 168992], p. 1-1). It should be noted that the design and safety analyses of the naval canisters are the responsibility of the U.S. Department of the Navy (Naval Nuclear Propulsion Program) and will not be included in this document. In addition, this calculation is valid for

  9. Rule-based Dynamic Safety Monitoring for Mobile Robots

    DEFF Research Database (Denmark)

    Adam, Marian Sorin; Larsen, Morten; Jensen, Kjeld

    2016-01-01

    Safety is a key challenge in robotics, in particular for mobile robots operating in an open and unpredictable environment. Safety certification is desired for commercial robots, but no existing approaches for addressing the safety challenge provide a clearly specified and isolated safety layer......, defined in an easily understandable way for facilitating safety certification. In this paper, we propose that functional-safety-critical concerns regarding the robot software be explicitly declared separately from the main program, in terms of externally observable properties of the software. Concretely...

  10. Nuclear data for criticality safety

    International Nuclear Information System (INIS)

    Westfall, R.M.

    1994-01-01

    A brief overview is presented on emerging requirements for new criticality safety analyses arising from applications involving nuclear waste management, facility remediation, and the storage of nuclear weapons components. A derivation of criticality analyses from the specifications of national consensus standards is given. These analyses, both static and dynamic, define the needs for nuclear data. Integral data, used primarily for analytical validation, and differential data, used in performing the analyses, are listed, along with desirable margins of uncertainty. Examples are given of needs for additional data to address systems having intermediate neutron energy spectra and/or containing nuclides of intermediate mass number

  11. Request from nuclear fuel cycle and criticality safety design

    International Nuclear Information System (INIS)

    Hamasaki, Manabu; Sakashita, Kiichiro; Natsume, Toshihiro

    2005-01-01

    The quality and reliability of criticality safety design of nuclear fuel cycle systems such as fuel fabrication facilities, fuel reprocessing facilities, storage systems of various forms of nuclear materials or transportation casks have been largely dependent on the quality of criticality safety analyses using qualified criticality calculation code systems and reliable nuclear data sets. In this report, we summarize the characteristics of the nuclear fuel cycle systems and the perspective of the requirements for the nuclear data, with brief comments on the recent issue about spent fuel disposal. (author)

  12. Influence of safeguards and fire protection on criticality safety

    International Nuclear Information System (INIS)

    Six, D.E.

    1980-01-01

    There are several positive influences of safeguards and fire protection on criticality safety. Experts in each discipline must be aware of regulations and requirements of the others and work together to ensure a fault-tree design. EG and G Idaho, Inc., routinely uses an Occupancy-Use Readiness Manual to consider all aspects of criticality safety, fire protection, and safeguards. The use of the analytical tree is described

  13. International Handbook of Evaluated Criticality Safety Benchmark Experiments - ICSBEP (DVD), Version 2013

    International Nuclear Information System (INIS)

    2013-01-01

    The Criticality Safety Benchmark Evaluation Project (CSBEP) was initiated in October of 1992 by the United States Department of Energy. The project quickly became an international effort as scientists from other interested countries became involved. The International Criticality Safety Benchmark Evaluation Project (ICSBEP) became an official activity of the Organisation for Economic Co-operation and Development (OECD) Nuclear Energy Agency (NEA) in 1995. This handbook contains criticality safety benchmark specifications that have been derived from experiments performed at various nuclear critical experiment facilities around the world. The benchmark specifications are intended for use by criticality safety engineers to validate calculational techniques used to establish minimum subcritical margins for operations with fissile material and to determine criticality alarm requirement and placement. Many of the specifications are also useful for nuclear data testing. Example calculations are presented; however, these calculations do not constitute a validation of the codes or cross section data. The evaluated criticality safety benchmark data are given in nine volumes. These volumes span nearly 66,000 pages and contain 558 evaluations with benchmark specifications for 4,798 critical, near critical or subcritical configurations, 24 criticality alarm placement/shielding configurations with multiple dose points for each and 200 configurations that have been categorised as fundamental physics measurements that are relevant to criticality safety applications. New to the Handbook are benchmark specifications for Critical, Bare, HEU(93.2)- Metal Sphere experiments referred to as ORSphere that were performed by a team of experimenters at Oak Ridge National Laboratory in the early 1970's. A photograph of this assembly is shown on the front cover

  14. Criticality safety evaluations - a {open_quotes}stalking horse{close_quotes} for integrated safety assessment

    Energy Technology Data Exchange (ETDEWEB)

    Williams, R.A. [Westinghouse Electric Corp., Columbia, SC (United States)

    1995-12-31

    The Columbia Fuel Fabrication Facility of the Westinghouse Commercial Nuclear Fuel Division manufactures low-enriched uranium fuel and associated components for use in commercial pressurized water power reactors. To support development of a comprehensive integrated safety assessment (ISA) for the facility, as well as to address increasing U.S. Nuclear Regulatory Commission (NRC) expectations regarding such a facility`s criticality safety assessments, a project is under way to complete criticality safety evaluations (CSEs) of all plant systems used in processing nuclear materials. Each CSE is made up of seven sections, prepared by a multidisciplinary team of process engineers, systems engineers, safety engineers, maintenance representatives, and operators. This paper provides a cursory outline of the type of information presented in a CSE.

  15. Software coding for reliable data communication in a reactor safety system

    International Nuclear Information System (INIS)

    Maghsoodi, R.

    1978-01-01

    A software coding method is proposed to improve the communication reliability of a microprocessor based fast-reactor safety system. This method which replaces the conventional coding circuitry, applies a program to code the data which is communicated between the processors via their data memories. The system requirements are studied and the suitable codes are suggested. The problems associated with hardware coders, and the advantages of software coding methods are discussed. The product code which proves a faster coding time over the cyclic code is chosen as the final code. Then the improvement of the communication reliability is derived for a processor and its data memory. The result is used to calculate the reliability improvement of the processing channel as the basic unit for the safety system. (author)

  16. Applications of PRA in nuclear criticality safety

    International Nuclear Information System (INIS)

    McLaughlin, T.P.

    1992-01-01

    Traditionally, criticality accident prevention at Los Alamos National Laboratory (LANL) has been based on a thorough review and understanding of proposed operations or changes to operations involving both process supervision and criticality safety staff. The outcome of this communication was usually an agreement, based on professional judgment, that certain accident sequences were credible and had to be precluded by design; others were incredible and thus did not warrant expenditures to further reduce their likelihood. The extent of documentation was generally in proportion to the complexity of the operation but never as detailed as that associated with quantified risk assessments. During the last 3 yr, nuclear criticality safety-related probabilistic risk assessments (PRAs) have been performed on operations in two LANL facilities. Both of these were conducted in order to better understand the cost/benefit aspects of PRAs as they apply to largely hands-on operations with fissile material

  17. Modelling the critical success factors of agile software development projects in South Africa

    Directory of Open Access Journals (Sweden)

    Tawanda B. Chiyangwa

    2017-10-01

    Full Text Available Background: The continued in failure of agile and traditional software development projects have led to the consideration, attention and dispute to critical success factors that are the aspects which are most vital to make a software engineering methodology fruitful. Although there is an increasing variety of critical success factors and methodologies, the conceptual frameworks which have causal relationship are limited. Objective: The objective of this study was to identify and provide insights into the critical success factors that influence the success of software development projects using agile methodologies in South Africa. Method: Quantitative method of collecting data was used. Data were collected in South Africa through a Web-based survey using structured questionnaires. Results: These results show that organisational factors have a great influence on performance expectancy characteristics. Conclusion: The results of this study discovered a comprehensive model that could provide guidelines to the agile community and to the agile professionals.

  18. Safety Characteristics in System Application Software for Human Rated Exploration

    Science.gov (United States)

    Mango, E. J.

    2016-01-01

    NASA and its industry and international partners are embarking on a bold and inspiring development effort to design and build an exploration class space system. The space system is made up of the Orion system, the Space Launch System (SLS) and the Ground Systems Development and Operations (GSDO) system. All are highly coupled together and dependent on each other for the combined safety of the space system. A key area of system safety focus needs to be in the ground and flight application software system (GFAS). In the development, certification and operations of GFAS, there are a series of safety characteristics that define the approach to ensure mission success. This paper will explore and examine the safety characteristics of the GFAS development.

  19. SU-E-P-43: A Knowledge Based Approach to Guidelines for Software Safety

    International Nuclear Information System (INIS)

    Salomons, G; Kelly, D

    2015-01-01

    Purpose: In the fall of 2012, a survey was distributed to medical physicists across Canada. The survey asked the respondents to comment on various aspects of software development and use in their clinic. The survey revealed that most centers employ locally produced (in-house) software of some kind. The respondents also indicated an interest in having software guidelines, but cautioned that the realities of cancer clinics include variations, that preclude a simple solution. Traditional guidelines typically involve periodically repeating a set of prescribed tests with defined tolerance limits. However, applying a similar formula to software is problematic since it assumes that the users have a perfect knowledge of how and when to apply the software and that if the software operates correctly under one set of conditions it will operate correctly under all conditions Methods: In the approach presented here the personnel involved with the software are included as an integral part of the system. Activities performed to improve the safety of the software are done with both software and people in mind. A learning oriented approach is taken, following the premise that the best approach to safety is increasing the understanding of those associated with the use or development of the software. Results: The software guidance document is organized by areas of knowledge related to use and development of software. The categories include: knowledge of the underlying algorithm and its limitations; knowledge of the operation of the software, such as input values, parameters, error messages, and interpretation of output; and knowledge of the environment for the software including both data and users. Conclusion: We propose a new approach to developing guidelines which is based on acquiring knowledge-rather than performing tests. The ultimate goal is to provide robust software guidelines which will be practical and effective

  20. SU-E-P-43: A Knowledge Based Approach to Guidelines for Software Safety

    Energy Technology Data Exchange (ETDEWEB)

    Salomons, G [Cancer Center of Southeastern Ontario & Queen’s University, Kingston, ON (Canada); Kelly, D [Royal Military College of Canada, Kingston, ON, CA (Canada)

    2015-06-15

    Purpose: In the fall of 2012, a survey was distributed to medical physicists across Canada. The survey asked the respondents to comment on various aspects of software development and use in their clinic. The survey revealed that most centers employ locally produced (in-house) software of some kind. The respondents also indicated an interest in having software guidelines, but cautioned that the realities of cancer clinics include variations, that preclude a simple solution. Traditional guidelines typically involve periodically repeating a set of prescribed tests with defined tolerance limits. However, applying a similar formula to software is problematic since it assumes that the users have a perfect knowledge of how and when to apply the software and that if the software operates correctly under one set of conditions it will operate correctly under all conditions Methods: In the approach presented here the personnel involved with the software are included as an integral part of the system. Activities performed to improve the safety of the software are done with both software and people in mind. A learning oriented approach is taken, following the premise that the best approach to safety is increasing the understanding of those associated with the use or development of the software. Results: The software guidance document is organized by areas of knowledge related to use and development of software. The categories include: knowledge of the underlying algorithm and its limitations; knowledge of the operation of the software, such as input values, parameters, error messages, and interpretation of output; and knowledge of the environment for the software including both data and users. Conclusion: We propose a new approach to developing guidelines which is based on acquiring knowledge-rather than performing tests. The ultimate goal is to provide robust software guidelines which will be practical and effective.

  1. Overview of Risk Mitigation for Safety-Critical Computer-Based Systems

    Science.gov (United States)

    Torres-Pomales, Wilfredo

    2015-01-01

    This report presents a high-level overview of a general strategy to mitigate the risks from threats to safety-critical computer-based systems. In this context, a safety threat is a process or phenomenon that can cause operational safety hazards in the form of computational system failures. This report is intended to provide insight into the safety-risk mitigation problem and the characteristics of potential solutions. The limitations of the general risk mitigation strategy are discussed and some options to overcome these limitations are provided. This work is part of an ongoing effort to enable well-founded assurance of safety-related properties of complex safety-critical computer-based aircraft systems by developing an effective capability to model and reason about the safety implications of system requirements and design.

  2. Computational methods for criticality safety analysis within the scale system

    International Nuclear Information System (INIS)

    Parks, C.V.; Petrie, L.M.; Landers, N.F.; Bucholz, J.A.

    1986-01-01

    The criticality safety analysis capabilities within the SCALE system are centered around the Monte Carlo codes KENO IV and KENO V.a, which are both included in SCALE as functional modules. The XSDRNPM-S module is also an important tool within SCALE for obtaining multiplication factors for one-dimensional system models. This paper reviews the features and modeling capabilities of these codes along with their implementation within the Criticality Safety Analysis Sequences (CSAS) of SCALE. The CSAS modules provide automated cross-section processing and user-friendly input that allow criticality safety analyses to be done in an efficient and accurate manner. 14 refs., 2 figs., 3 tabs

  3. Criticality safety analysis of Hanford Waste Tank 241-101-SY

    International Nuclear Information System (INIS)

    Perry, R.T.; Sapir, J.L.; Krohn, B.J.

    1993-01-01

    As part of a safety assessment for proposed pump mixing operations to mitigate episodic gas releases in Tank 241-101-SY at the Hanford Site, Richland, Washington, a criticality safety analysis was made using the Sn transport code ONEDANT. The tank contains approximately one million gallons of waste and an estimated 910 G of plutonium. the criticality analysis considers reconfiguration and underestimation of plutonium content. The results indicate that Tank SY-101 does not present a criticality hazard. These methods are also used in criticality analyses of other Hanford tanks

  4. Review of WHC criticality safety audit findings for 1970-1981

    International Nuclear Information System (INIS)

    Rogers, C.A.; Paglieri, J.N.

    1984-01-01

    At Westinghouse Hanford Company (WHC) all fissionable material handling must meet DOE requirements for safety. This necessitates a program of regular audits by the Safety group to verify compliance with criticality safety limits and controls and to alert facility management to observed discrepancies and potential problems. Audits of fissionable material facilities by Safety are required at least once every 6 months, but in practice are conducted more frequently. This paper summarizes findings from over 400 criticality safety audits conducted by Safety between July 1970 and July 1981 in seven fissionable material facilities to show their types and frequencies of occurrence. All limit violations occurring during this period are summarized, including those found by the operating group. 1 ref., 1 tab

  5. Estratégia empresarial da Critical Software

    OpenAIRE

    Sousa, Inês Pais de

    2010-01-01

    Projecto de Mestrado em Gestão Empresarial A tese de mestrado, que se apresenta, consiste num caso de estudo sobre a Critical Software, na vertente da sua Estratégia Empresarial, e tem como objectivo percepcionar quais os aspectos determinantes de uma estratégia capazes de conduzir ao sucesso de uma empresa. Com a resolução do presente caso é ainda possível percepcionar a importância da conquista de uma vantagem competitiva e da definição de um claro posicionamento no mercado. Com ba...

  6. Nuclear Criticality Safety Assessment Using the SCALE Computer Code Package. A demonstration based on an independent review of a real application

    International Nuclear Information System (INIS)

    Mennerdahl, Dennis

    1998-06-01

    The purpose of this project was to instruct a young scientist from the Lithuanian Energy Institute (LEI) on how to carry out an independent review of a safety report. In particular, emphasis, was to be put on how to use the personal computer version of the calculation system SCALE 4.3 in this process. Nuclear criticality safety together with radiation shielding from gamma and neutron sources were areas of interest. This report concentrates on nuclear criticality safety aspects while a separate report covers radiation shielding. The application was a proposed storage cask for irradiated fuel assemblies from the Ignalina RBMK reactors in Lithuania. The safety report contained various documents involving many design and safety considerations. A few other documents describing the Ignalina reactors and their operation were available. The time for the project was limited to approximately one month, starting 'clean' with a SCALE 4.3 CD-ROM, a thick safety report and a fast personal computer. The results should be of general interest to Swedish authorities, in particular related to shielding where experience in using advanced computer codes like those available in SCALE is limited. It has been known for many years that criticality safety is very complicated, and that independent reviews are absolutely necessary to reduce the risk from quite common errors in the safety assessments. Several important results were obtained during the project. Concerning use of SCALE 4.3, it was confirmed that a young scientist, without extensive previous experience in the code system, can learn to use essentially all options. During the project, it was obvious that familiarity with personal computers, operating systems (including network system) and office software (word processing, spreadsheet and Internet browser software) saved a lot of time. Some of the Monte Carlo calculations took several hours. Experience is valuable in quickly picking out input or source document errors. Understanding

  7. Developing guidance in the nuclear criticality safety assessment for fuel cycle facilities

    International Nuclear Information System (INIS)

    Galet, C.; Evo, S.

    2012-01-01

    In this poster IRSN (Institute for radiation protection and nuclear safety) presents its safety guides whose purpose is to transmit the safety assessment know-how to any 'junior' staff or even to give a view of the safety approach on the overall risks to any staff member. IRSN has written a first version of such a safety guide for fuel cycle facilities and laboratories. It is organized into several chapters: some refer to types of assessments, others concern the types of risks. Currently, this guide contains 13 chapters and each chapter consists of three parts. In parallel to the development of criticality chapter of this guide, the IRSN criticality department has developed a nuclear criticality safety guide. It follows the structure of the three parts fore-mentioned, but it presents a more detailed first part and integrates, in the third part, the experience feedback collected on nuclear facilities. The nuclear criticality safety guide is online on the IRSN's web site

  8. Research on neutron source multiplication method in nuclear critical safety

    International Nuclear Information System (INIS)

    Zhu Qingfu; Shi Yongqian; Hu Dingsheng

    2005-01-01

    The paper concerns in the neutron source multiplication method research in nuclear critical safety. Based on the neutron diffusion equation with external neutron source the effective sub-critical multiplication factor k s is deduced, and k s is different to the effective neutron multiplication factor k eff in the case of sub-critical system with external neutron source. The verification experiment on the sub-critical system indicates that the parameter measured with neutron source multiplication method is k s , and k s is related to the external neutron source position in sub-critical system and external neutron source spectrum. The relation between k s and k eff and the effect of them on nuclear critical safety is discussed. (author)

  9. Analysis of Critical Characteristics for Safety Graded Personnel Computers in the KNICS Architecture

    International Nuclear Information System (INIS)

    Lee, Hyun Chul; Lee, Dong Young

    2009-01-01

    Critical characteristics analysis of a safety related item is to identify characteristics to be verified to replace an original item with the dedicated item. It is sure that the dedicated item meeting critical characteristics would perform its intended safety function instead of the specified item. KNICS project developed two safety systems: IDiPS RPS (Reactor Protection System) and IDiPS ESF-CCS (Engineered Safety Features-Component Control System). Two safety systems of IDiPS are equipped with personnel computers, so-called COMs (Cabinet Operator Modules), in their cabinets. The personnel computers, COMs, are responsible for safety system monitoring, testing, and maintaining. Even though two safety systems are safety critical system, the personnel computers of two systems, i.e. COMs, are not graded as safety-graded items. Regulation requirements are expected to be strengthened, and the functions of the personnel computer may be enhanced to include safety-related functions and safety functions, it would be necessary that the grade of the personnel computers is adjusted to a higher level, the safety grade. To try to upgrade a non safety system, i.e. COMs, to a safety system, its safety functions and requirements, i.e. critical characteristics, must be identified and verified. This paper describes the process of the identification of critical characteristics and the results of analysis

  10. Quality factors in the life cycle of software oriented to safety systems in nuclear power plants

    International Nuclear Information System (INIS)

    Nunez McLeod, J.E.; Rivera, S.S.

    1997-01-01

    The inclusion of software in safety related systems for nuclear power plants, makes it necessary to include the software quality assurance concept. The software quality can be defined as the adjustment degree between the software and the specified requirements and user expectations. To guarantee a certain software quality level it is necessary to make a systematic and planned set of tasks, that constitute a software quality guaranty plan. The application of such a plan involves activities that should be performed all along the software life cycle, and that can be evaluated through the so called quality factors, due to the fact that the quality itself cannot be directly measured, but indirectly as some of it manifestations. In this work, a software life cycle model is proposed, for nuclear power plant safety related systems. A set os software quality factors is also proposed , with its corresponding classification according to the proposed model. (author) [es

  11. Criticality safety training at the Hot Fuel Examination Facility

    International Nuclear Information System (INIS)

    Garcia, A.S.; Courtney, J.C.; Thelen, V.N.

    1983-01-01

    HFEF comprises four hot cells and out-of-cell support facilities for the US breeder program. The HFEF criticality safety program includes training in the basic theory of criticality and in specific criticality hazard control rules that apply to HFEF. A professional staff-member oversees the implementation of the criticality prevention program

  12. Lessons learned from development and quality assurance of software systems at the Halden Project

    International Nuclear Information System (INIS)

    Bjorlo, T.J.; Berg, O.; Pehrsen, M.; Dahll, G.; Sivertsen, T.

    1996-01-01

    The OECD Halden Reactor Project has developed a number of software systems within the research programmes. These programmes have comprised a wide range of topics, like studies of software for safety-critical applications, development of different operator support systems, and software systems for building and implementing graphical user interfaces. The systems have ranged from simple prototypes to installations in process plants. In the development of these software systems, Halden has gained much experience in quality assurance of different types of software. This paper summarises the accumulated experience at the Halden Project in quality assurance of software systems. The different software systems being developed at the Halden Project may be grouped into three categories. These are plant-specific software systems (one-of-a-kind deliveries), generic software products, and safety-critical software systems. This classification has been found convenient as the categories have different requirements to the quality assurance process. In addition, the experience from use of software development tools and proprietary software systems at Halden, is addressed. The paper also focuses on the experience gained from the complete software life cycle, starting with the software planning phase and ending with software operation and maintenance

  13. SACS2: Dynamic and Formal Safety Analysis Method for Complex Safety Critical System

    International Nuclear Information System (INIS)

    Koh, Kwang Yong; Seong, Poong Hyun

    2009-01-01

    Fault tree analysis (FTA) is one of the most widely used safety analysis technique in the development of safety critical systems. However, over the years, several drawbacks of the conventional FTA have become apparent. One major drawback is that conventional FTA uses only static gates and hence can not capture dynamic behaviors of the complex system precisely. Although several attempts such as dynamic fault tree (DFT), PANDORA, formal fault tree (FFT) and so on, have been made to overcome this problem, they can not still do absolute or actual time modeling because they adapt relative time concept and can capture only sequential behaviors of the system. Second drawback of conventional FTA is its lack of rigorous semantics. Because it is informal in nature, safety analysis results heavily depend on an analyst's ability and are error-prone. Finally reasoning process which is to check whether basic events really cause top events is done manually and hence very labor-intensive and timeconsuming for the complex systems. In this paper, we propose a new safety analysis method for complex safety critical system in qualitative manner. We introduce several temporal gates based on timed computational tree logic (TCTL) which can represent quantitative notion of time. Then, we translate the information of the fault trees into UPPAAL query language and the reasoning process is automatically done by UPPAAL which is the model checker for time critical system

  14. Applications of probabilistic risk analysis in nuclear criticality safety design

    International Nuclear Information System (INIS)

    Chang, J.K.

    1992-01-01

    Many documents have been prepared that try to define the scope of the criticality analysis and that suggest adding probabilistic risk analysis (PRA) to the deterministic safety analysis. The report of the US Department of Energy (DOE) AL 5481.1B suggested that an accident is credible if the occurrence probability is >1 x 10 -6 /yr. The draft DOE 5480 safety analysis report suggested that safety analyses should include the application of methods such as deterministic safety analysis, risk assessment, reliability engineering, common-cause failure analysis, human reliability analysis, and human factor safety analysis techniques. The US Nuclear Regulatory Commission (NRC) report NRC SG830.110 suggested that major safety analysis methods should include but not be limited to risk assessment, reliability engineering, and human factor safety analysis. All of these suggestions have recommended including PRA in the traditional criticality analysis

  15. Development of the safety PLC for plant protection system

    Energy Technology Data Exchange (ETDEWEB)

    Kim, Chang Hwoi; Lee, Dong Young [Korea Atomic Energy Research Institute, Taejeon (Korea, Republic of)

    2005-11-15

    The safety PLC (POSAFE-Q) is developing in the Korea Nuclear Instrumentation and Control System (KNICS) R and D project. The PLC satisfies Safety Class 1E, Quality Class 1, and Seismic Category I. The software such as RTOS and firmware are developed according to safety critical software life cycle. Especially, the formal method is applied to design SRS (Software Requirement Spec.) and SDS (Software Design Specification.) for error-free. The developed software according to software life cycle is verified by independent software V and V team. The overall response time from an input to the outputs shall be 50ms or less. The prototype for the POSAFE-Q was developed and functional testing and equipment qualification tests have been underway.

  16. Role of criticality models in ANSI standards for nuclear criticality safety

    International Nuclear Information System (INIS)

    Thomas, J.T.

    1976-01-01

    Two methods used in nuclear criticality safety evaluations in the area of neutron interaction among subcritical components of fissile materials are the solid angle and surface density techniques. The accuracy and use of these models are briefly discussed

  17. Reliability modeling of digital RPS with consideration of undetected software faults

    Energy Technology Data Exchange (ETDEWEB)

    Khalaquzzaman, M.; Lee, Seung Jun; Jung, Won Dea [Korea Atomic Energy Research Institute, Daejeon (Korea, Republic of); Kim, Man Cheol [Chung Ang Univ., Seoul (Korea, Republic of)

    2013-10-15

    This paper provides overview of different software reliability methodologies and proposes a technic for estimating the reliability of RPS with consideration of undetected software faults. Software reliability analysis of safety critical software has been challenging despite spending a huge effort for developing large number of software reliability models, and no consensus yet to attain on an appropriate modeling methodology. However, it is realized that the combined application of BBN based SDLC fault prediction method and random black-box testing of software would provide better ground for reliability estimation of safety critical software. Digitalizing the reactor protection system of nuclear power plant has been initiated several decades ago and now full digitalization has been adopted in the new generation of NPPs around the world because digital I and C systems have many better technical features like easier configurability and maintainability over analog I and C systems. Digital I and C systems are also drift-free and incorporation of new features is much easier. Rules and regulation for safe operation of NPPs are established and has been being practiced by the operators as well as regulators of NPPs to ensure safety. The failure mechanism of hardware and analog systems well understood and the risk analysis methods for these components and systems are well established. However, digitalization of I and C system in NPP introduces some crisis and uncertainty in reliability analysis methods of the digital systems/components because software failure mechanisms are still unclear.

  18. Intelligent Hardware-Enabled Sensor and Software Safety and Health Management for Autonomous UAS

    Science.gov (United States)

    Rozier, Kristin Y.; Schumann, Johann; Ippolito, Corey

    2015-01-01

    Unmanned Aerial Systems (UAS) can only be deployed if they can effectively complete their mission and respond to failures and uncertain environmental conditions while maintaining safety with respect to other aircraft as well as humans and property on the ground. We propose to design a real-time, onboard system health management (SHM) capability to continuously monitor essential system components such as sensors, software, and hardware systems for detection and diagnosis of failures and violations of safety or performance rules during the ight of a UAS. Our approach to SHM is three-pronged, providing: (1) real-time monitoring of sensor and software signals; (2) signal analysis, preprocessing, and advanced on-the- y temporal and Bayesian probabilistic fault diagnosis; (3) an unobtrusive, lightweight, read-only, low-power hardware realization using Field Programmable Gate Arrays (FPGAs) in order to avoid overburdening limited computing resources or costly re-certi cation of ight software due to instrumentation. No currently available SHM capabilities (or combinations of currently existing SHM capabilities) come anywhere close to satisfying these three criteria yet NASA will require such intelligent, hardwareenabled sensor and software safety and health management for introducing autonomous UAS into the National Airspace System (NAS). We propose a novel approach of creating modular building blocks for combining responsive runtime monitoring of temporal logic system safety requirements with model-based diagnosis and Bayesian network-based probabilistic analysis. Our proposed research program includes both developing this novel approach and demonstrating its capabilities using the NASA Swift UAS as a demonstration platform.

  19. STARS software tool for analysis of reliability and safety

    International Nuclear Information System (INIS)

    Poucet, A.; Guagnini, E.

    1989-01-01

    This paper reports on the STARS (Software Tool for the Analysis of Reliability and Safety) project aims at developing an integrated set of Computer Aided Reliability Analysis tools for the various tasks involved in systems safety and reliability analysis including hazard identification, qualitative analysis, logic model construction and evaluation. The expert system technology offers the most promising perspective for developing a Computer Aided Reliability Analysis tool. Combined with graphics and analysis capabilities, it can provide a natural engineering oriented environment for computer assisted reliability and safety modelling and analysis. For hazard identification and fault tree construction, a frame/rule based expert system is used, in which the deductive (goal driven) reasoning and the heuristic, applied during manual fault tree construction, is modelled. Expert system can explain their reasoning so that the analyst can become aware of the why and the how results are being obtained. Hence, the learning aspect involved in manual reliability and safety analysis can be maintained and improved

  20. University of New Mexico short course in nuclear criticality safety: Training for new NCS [nuclear criticality safety] specialists

    International Nuclear Information System (INIS)

    Busch, R.D.

    1990-01-01

    Since 1973, the University of New Mexico (UNM) has given ten short courses in nuclear criticality safety (NCS). Generally, thee have been given every other year, although in 1989 it was decided to offer the course on an annual basis. This decision was primarily based on the large demand for NCS specialists and a large turnover rate in the industry. The purpose of the course is to provide a 1-week overview of NCS. The typical student has been involved in NCS for <1 yr, although it many cases they have been associated with the nuclear industry in other capacities for many years. The short course is conducted at several levels. Carefully prepared lectures provide the information framework for selected topics. The following topics are covered in the course: basic reactor theory, criticality accidents and consequences, hand calculations, administration of a criticality safety program, regulators and their processes, computer methods and applications, experimental methods and correlations, overview of some process operations, and transportation and storage issues in NCS

  1. Qualification of Simulation Software for Safety Assessment of Sodium Cooled Fast Reactors. Requirements and Recommendations

    Energy Technology Data Exchange (ETDEWEB)

    Brown, Nicholas R. [Oak Ridge National Lab. (ORNL), Oak Ridge, TN (United States); Pointer, William David [Oak Ridge National Lab. (ORNL), Oak Ridge, TN (United States); Sieger, Matt [Oak Ridge National Lab. (ORNL), Oak Ridge, TN (United States); Flanagan, George F. [Oak Ridge National Lab. (ORNL), Oak Ridge, TN (United States); Moe, Wayne [Oak Ridge National Lab. (ORNL), Oak Ridge, TN (United States); HolbrookINL, Mark [Oak Ridge National Lab. (ORNL), Oak Ridge, TN (United States)

    2016-04-01

    The goal of this review is to enable application of codes or software packages for safety assessment of advanced sodium-cooled fast reactor (SFR) designs. To address near-term programmatic needs, the authors have focused on two objectives. First, the authors have focused on identification of requirements for software QA that must be satisfied to enable the application of software to future safety analyses. Second, the authors have collected best practices applied by other code development teams to minimize cost and time of initial code qualification activities and to recommend a path to the stated goal.

  2. Nuclear Data Activities in Support of the DOE Nuclear Criticality Safety Program

    International Nuclear Information System (INIS)

    Westfall, R.M.; McKnight, R.D.

    2005-01-01

    The DOE Nuclear Criticality Safety Program (NCSP) provides the technical infrastructure maintenance for those technologies applied in the evaluation and performance of safe fissionable-material operations in the DOE complex. These technologies include an Analytical Methods element for neutron transport as well as the development of sensitivity/uncertainty methods, the performance of Critical Experiments, evaluation and qualification of experiments as Benchmarks, and a comprehensive Nuclear Data program coordinated by the NCSP Nuclear Data Advisory Group (NDAG).The NDAG gathers and evaluates differential and integral nuclear data, identifies deficiencies, and recommends priorities on meeting DOE criticality safety needs to the NCSP Criticality Safety Support Group (CSSG). Then the NDAG identifies the required resources and unique capabilities for meeting these needs, not only for performing measurements but also for data evaluation with nuclear model codes as well as for data processing for criticality safety applications. The NDAG coordinates effort with the leadership of the National Nuclear Data Center, the Cross Section Evaluation Working Group (CSEWG), and the Working Party on International Evaluation Cooperation (WPEC) of the OECD/NEA Nuclear Science Committee. The overall objective is to expedite the issuance of new data and methods to the DOE criticality safety user. This paper describes these activities in detail, with examples based upon special studies being performed in support of criticality safety for a variety of DOE operations

  3. Criticality safety study of shutdown diffusion cascade coolers

    International Nuclear Information System (INIS)

    Paschal, L.S.; Basoglu, B.; Bentley, C.L.; Dunn, M.E.

    1996-01-01

    Gaseous diffusion plants use cascade coolers in the production of highly enriched uranium (HEU) to remove heat from the enriched stream of UF 6 . The cascade coolers operate like shell and tube heat exchangers with the UF 6 on the shell side and Freon on the tube side. Recirculating cooling water (RCW) in condensers is used to cool the Freon. A criticality safety analysis was previously performed for cascade coolers during normal operation. The purpose of this paper is to evaluate several different hypothetical accidents regarding RCW ingress into the cooler to determine whether criticality safety concerns exist

  4. Tank waste remediation system nuclear criticality safety inspection and assessment plan

    International Nuclear Information System (INIS)

    VAIL, T.S.

    1999-01-01

    This plan provides a management approved procedure for inspections and assessments of sufficient depth to validate that the Tank Waste Remediation System (TWRS) facility complies with the requirements of the Project Hanford criticality safety program, NHF-PRO-334, ''Criticality Safety General, Requirements''

  5. Dependability Analysis Methods For Configurable Software

    International Nuclear Information System (INIS)

    Dahll, Gustav; Pulkkinen, Urho

    1996-01-01

    Configurable software systems are systems which are built up by standard software components in the same way as a hardware system is built up by standard hardware components. Such systems are often used in the control of NPPs, also in safety related applications. A reliability analysis of such systems is therefore necessary. This report discusses what configurable software is, and what is particular with respect to reliability assessment of such software. Two very commonly used techniques in traditional reliability analysis, viz. failure mode, effect and criticality analysis (FMECA) and fault tree analysis are investigated. A real example is used to illustrate the discussed methods. Various aspects relevant to the assessment of the software reliability in such systems are discussed. Finally some models for quantitative software reliability assessment applicable on configurable software systems are described. (author)

  6. Presentation of a Software Method for Use of Risk Assessment in Building Fire Safety Measure Optimization

    Directory of Open Access Journals (Sweden)

    A. R. Koohpaei

    2012-05-01

    Full Text Available Background and aims: The property loss and physical injuries due to fire events in buildings demonstrate the necessity of implementation of efficient and performance based fire safety measures. Effective and high efficiency protection is possible when design and selection of protection measures are based on risk assessment. This study aims at presenting a software method to make possible selection and design of building fire safety measures based upon quantitative risk assessment and building characteristics. Methods: based on “Fire Risk Assessment Method for Engineer (FRAME” a program in MATLB software was written. The first section of this program, according to the FRAME method and based on the specification of a building, calculates the potential risk and acceptable risk level. In the second section, according to potential risk, acceptable risk level and the fire risk level that user want, program calculate concession of protective factor for that building.Results: The prepared software make it possible to assign the fire safety measure based on quantitative risk level and all building specifications. All calculations were performed with 0.001 of precision and the accuracy of this software was assessed with handmade calculations. During the use of the software if an error occurs in calculations, it can be distinguished in the output. Conclusion: Application of quantitative risk assessment is a suitable tool for increasing of efficiency in designing and execution of fire protection measure in building. With using this software the selected fire safety measure would be more efficient and suitable since the selection of fire safety measures performed on risk assessment and particular specification of a building. Moreover fire risk in the building can be managed easily and carefully.

  7. SRTC criticality safety technical review: Nuclear criticality safety evaluation 94-02, uranium solidification facility pencil tank module spacing

    International Nuclear Information System (INIS)

    Rathbun, R.

    1994-01-01

    Review of NMP-NCS-94-0087, ''Nuclear Criticality Safety Evaluation 94-02: Uranium Solidification Facility Pencil Tank Module Spacing (U), April 18, 1994,'' was requested of the SRTC Applied Physics Group. The NCSE is a criticality assessment to show that the USF process module spacing, as given in Non-Conformance Report SHM-0045, remains safe for operation. The NCSE under review concludes that the module spacing as given in Non-Conformance Report SHM-0045 remains in a critically safe configuration for all normal and single credible abnormal conditions. After a thorough review of the NCSE, this reviewer agrees with that conclusion

  8. Using fuzzy self-organising maps for safety critical systems

    International Nuclear Information System (INIS)

    Kurd, Zeshan; Kelly, Tim P.

    2007-01-01

    This paper defines a type of constrained artificial neural network (ANN) that enables analytical certification arguments whilst retaining valuable performance characteristics. Previous work has defined a safety lifecycle for ANNs without detailing a specific neural model. Building on this previous work, the underpinning of the devised model is based upon an existing neuro-fuzzy system called the fuzzy self-organising map (FSOM). The FSOM is type of 'hybrid' ANN which allows behaviour to be described qualitatively and quantitatively using meaningful expressions. Safety of the FSOM is argued through adherence to safety requirements-derived from hazard analysis and expressed using safety constraints. The approach enables the construction of compelling (product-based) arguments for mitigation of potential failure modes associated with the FSOM. The constrained FSOM has been termed a 'safety critical artificial neural network' (SCANN). The SCANN can be used for non-linear function approximation and allows certified learning and generalisation for high criticality roles. A discussion of benefits for real-world applications is also presented

  9. Criticality Safety Evaluation of Hanford Site High Level Waste Storage Tanks

    Energy Technology Data Exchange (ETDEWEB)

    ROGERS, C.A.

    2000-02-17

    This criticality safety evaluation covers operations for waste in underground storage tanks at the high-level waste tank farms on the Hanford site. This evaluation provides the bases for criticality safety limits and controls to govern receipt, transfer, and long-term storage of tank waste. Justification is provided that a nuclear criticality accident cannot occur for tank farms operations, based on current fissile material and operating conditions.

  10. Criticality Safety Evaluation of Hanford Site High-Level Waste Storage Tanks

    International Nuclear Information System (INIS)

    ROGERS, C.A.

    2000-01-01

    This criticality safety evaluation covers operations for waste in underground storage tanks at the high-level waste tank farms on the Hanford site. This evaluation provides the bases for criticality safety limits and controls to govern receipt, transfer, and long-term storage of tank waste. Justification is provided that a nuclear criticality accident cannot occur for tank farms operations, based on current fissile material and operating conditions

  11. Computational Methods for Sensitivity and Uncertainty Analysis in Criticality Safety

    International Nuclear Information System (INIS)

    Broadhead, B.L.; Childs, R.L.; Rearden, B.T.

    1999-01-01

    Interest in the sensitivity methods that were developed and widely used in the 1970s (the FORSS methodology at ORNL among others) has increased recently as a result of potential use in the area of criticality safety data validation procedures to define computational bias, uncertainties and area(s) of applicability. Functional forms of the resulting sensitivity coefficients can be used as formal parameters in the determination of applicability of benchmark experiments to their corresponding industrial application areas. In order for these techniques to be generally useful to the criticality safety practitioner, the procedures governing their use had to be updated and simplified. This paper will describe the resulting sensitivity analysis tools that have been generated for potential use by the criticality safety community

  12. Safety physics inter-comparison of advanced concepts of critical reactors and ADS

    International Nuclear Information System (INIS)

    Slessarev, I.

    2001-01-01

    Enhanced safety based on the principle of the natural ''self-defence'' is one of the most desirable features of innovative nuclear systems (critical or sub-critical) regarding both TRU transmutation and ''clean'' energy producer concepts. For the evaluation of the ''self-defence'' domain, the method of the asymptotic reactivity balance has been generalised. The promising option of Hybrids systems (that use a symbiosis of fission and spallation in sub-critical cores) which could benefit the advantages of both Accelerated Driven Systems of the traditional type and regular critical systems, has been advocated. General features of Hybrid dynamics have been presented and analysed. It was demonstrated that an external neutron source of Hybrids can expand the inherent safety potential significantly. This analysis has been applied to assess the safety physics potential of innovative concepts for prospective nuclear power both for energy producers and for transmutation. It has been found, that safety enhancement goal defines a choice of sub-criticality of Hybrids. As for energy producers with Th-fuel cycle, a significant sub-criticality level is required due to a necessity of an improvement of neutronics together with safety enhancement task. (author)

  13. An Introduction to Formal Methods for the Development of Safety-critical Applications

    DEFF Research Database (Denmark)

    Haxthausen, Anne Elisabeth

    2010-01-01

    This report is a delivery to The Danish Government’s railway authority, Trafikstyrelsen, as a part of the Public Sector Consultancy service offered by the Technical University of Denmark. The purpose of the report is to give the reader an insight into the stateof-the-art of formal methods. The reader...... is assumed to have some knowledge about software development, but not on formal methods. The background for the railway authorities’ interest in formal methods is the fact that during the next decade a total renewal of the Danish signalling infrastructure is going to take place. Central parts of the new...... systems will be software components that must fulfill strong safety requirements: in order to get the software certified at the highest Safety Integrity Levels of the European CENELEC standards for railway applications, the software providers are expected to use formal methods....

  14. Criticality safety enhancements for SCALE 6.2 and beyond

    International Nuclear Information System (INIS)

    Rearden, Bradley T.; Bekar, Kursat B.; Celik, Cihangir; Clarno, Kevin T.; Dunn, Michael E.; Hart, Shane W.; Ibrahim, Ahmad M.; Johnson, Seth R.; Langley, Brandon R.; Lefebvre, Jordan P.; Lefebvre, Robert A.; Marshall, William J.; Mertyurek, Ugur; Mueller, Don; Peplow, Douglas E.; Perfetti, Christopher M.; Petrie Jr, Lester M.; Thompson, Adam B.; Wiarda, Dorothea; Wieselquist, William A.; Williams, Mark L.

    2015-01-01

    SCALE is a widely used suite of tools for nuclear systems modeling and simulation that provides comprehensive, verified and validated, user-friendly capabilities for criticality safety, reactor physics, radiation shielding, and sensitivity and uncertainty analysis. Since 1980, regulators, industry, and research institutions around the world have relied on SCALE for nuclear safety analysis and design. SCALE 6.2 provides several new capabilities and significant improvements in many existing features for criticality safety analysis. Enhancements are realized for nuclear data; multigroup resonance self-shielding; continuous-energy Monte Carlo analysis for sensitivity/uncertainty analysis, radiation shielding, and depletion; and graphical user interfaces. An overview of these capabilities is provided in this paper, and additional details are provided in several companion papers.

  15. A Study on Quantitative Assessment of Design Specification of Reactor Protection System Software Using Bayesian Belief Networks

    International Nuclear Information System (INIS)

    Eom, H. S.; Kang, H. G.; Chang, S. C.; Park, G. Y.; Kwon, K. C.

    2007-02-01

    This report propose a method that can produce quantitative reliability of safety-critical software for PSA by making use of Bayesian Belief Networks (BBN). BBN has generally been used to model the uncertain system in many research fields. The proposed method was constructed by utilizing BBN that can combine the qualitative and the quantitative evidence relevant to the reliability of safety-critical software, and then can infer a conclusion in a formal and a quantitative way. A case study was also carried out with the proposed method to assess the quality of software design specification of safety-critical software that will be embedded in reactor protection system. The V and V results of the software were used as inputs for the BBN model. The calculation results of the BBN model showed that its conclusion is mostly equivalent to those of the V and V expert for a given input data set. The method and the results of the case study will be utilized in PSA of NPP. The method also can support the V and V expert's decision making process in controlling further V and V activities

  16. Safety Critical Java for Robotics Programming

    DEFF Research Database (Denmark)

    Thomsen, Bent; Luckow, Kasper Søe; Bøgholm, Thomas

    2015-01-01

    This paper introduces Safety Critical Java (SCJ) and argues its readiness for robotics programming. We give an overview of the work done at Aalborg University and elsewhere on SCJl, some of its implementations in the form of the JOP, FijiVM and HVM and some of the tools, especially WCA, Teta...

  17. Nuclear Criticality Safety Organization training implementation. Revision 4

    International Nuclear Information System (INIS)

    Carroll, K.J.; Taylor, R.G.; Worley, C.A.

    1997-01-01

    The Nuclear Criticality Safety Organization (NCSO) is committed to developing and maintaining a staff of qualified personnel to meet the current and anticipated needs in Nuclear Criticality Safety (NCS) at the Oak Ridge Y-12 Plant. This document provides a listing of the roles and responsibilities of NCSO personnel with respect to training and details of the Training Management System (TMS) programs, Mentoring Checklists and Checksheets, as well as other documentation utilized to implement the program. This Training Implementation document is applicable to all technical and managerial NCSO personnel, including temporary personnel, sub-contractors and/or LMES employees on loan to the NCSO, who are in a qualification program

  18. Nuclear Criticality Safety Organization training implementation. Revision 4

    Energy Technology Data Exchange (ETDEWEB)

    Carroll, K.J.; Taylor, R.G.; Worley, C.A.

    1997-05-19

    The Nuclear Criticality Safety Organization (NCSO) is committed to developing and maintaining a staff of qualified personnel to meet the current and anticipated needs in Nuclear Criticality Safety (NCS) at the Oak Ridge Y-12 Plant. This document provides a listing of the roles and responsibilities of NCSO personnel with respect to training and details of the Training Management System (TMS) programs, Mentoring Checklists and Checksheets, as well as other documentation utilized to implement the program. This Training Implementation document is applicable to all technical and managerial NCSO personnel, including temporary personnel, sub-contractors and/or LMES employees on loan to the NCSO, who are in a qualification program.

  19. Evaluation procedure of software requirements specification for digital I and C of KNGR

    International Nuclear Information System (INIS)

    Lee, Jang Soo; Park, Jong Kyun; Lee, Ki Young; Kim, Jang Yeol; Cheon, Se Woo

    2001-06-01

    The accuracy of the specification of requirements of a digital system is of prime importance to the acceptance and success of the system. The development, use, and regulation of computer systems in nuclear reactor Instrumentation and Control (I and C) systems to enhance reliability and safety is a complex issue. This report is one of a series of reports from the Korean Next Generation Reactor (KNGR) Software Safety Verification and Validation (SSVV) Task, Korea Atomic Energy Research Institute, which investigates different aspects of computer software in reactor I and C systems, and describes the engineering procedures for developing such a software. The purpose of this guideline is to give the software safety evaluator the trail map between the code and standards layer and the design methodology and documents layer for the software important to safety in nuclear power plants. Recently, the requirements specification of safety-critical software systems and safety analysis of them are being recognized as one of the important issues in the software life cycle, and being developed new regulatory positions and standards by the regulatory and the standardization organizations such as IAEA, IEC, and IEEE. We presented the procedure for evaluating the software requirements specifications of the KNGR protection systems. We believe it can be useful for both licenser and licensee to conduct an evaluation of the safety in the requirements phase of developing the software. The guideline consists of the requirements engineering for software of KNGR protection systems in chapter 1, the evaluation checklist of software requirements specification in chapter2.3, and the safety evaluation procedure of KNGR software requirements specification in chapter 2.4

  20. Model extension and improvement for simulator-based software safety analysis

    Energy Technology Data Exchange (ETDEWEB)

    Huang, H.-W. [Department of Engineering and System Science, National Tsing Hua University (NTHU), 101 Section 2 Kuang Fu Road, Hsinchu, Taiwan (China) and Institute of Nuclear Energy Research (INER), No. 1000 Wenhua Road, Chiaan Village, Longtan Township, Taoyuan County 32546, Taiwan (China)]. E-mail: hwhwang@iner.gov.tw; Shih Chunkuan [Department of Engineering and System Science, National Tsing Hua University (NTHU), 101 Section 2 Kuang Fu Road, Hsinchu, Taiwan (China); Yih Swu [Department of Computer Science and Information Engineering, Ching Yun University, 229 Chien-Hsin Road, Jung-Li, Taoyuan County 320, Taiwan (China); Chen, M.-H. [Institute of Nuclear Energy Research (INER), No. 1000Wenhua Road, Chiaan Village, Longtan Township, Taoyuan County 32546, Taiwan (China); Lin, J.-M. [Taiwan Power Company (TPC), 242 Roosevelt Road, Section 3, Taipei 100, Taiwan (China)

    2007-05-15

    One of the major concerns when employing digital I and C system in nuclear power plant is digital system may introduce new failure mode, which differs with previous analog I and C system. Various techniques are under developing to analyze the hazard originated from software faults in digital systems. Preliminary hazard analysis, failure modes and effects analysis, and fault tree analysis are the most extensive used techniques. However, these techniques are static analysis methods, cannot perform dynamic analysis and the interactions among systems. This research utilizes 'simulator/plant model testing' technique classified in (IEEE Std 7-4.3.2-2003, 2003. IEEE Standard for Digital Computers in Safety Systems of Nuclear Power Generating Stations) to identify hazards which might be induced by nuclear I and C software defects. The recirculation flow system, control rod system, feedwater system, steam line model, dynamic power-core flow map, and related control systems of PCTran-ABWR model were successfully extended and improved. The benchmark against ABWR SAR proves this modified model is capable to accomplish dynamic system level software safety analysis and better than the static methods. This improved plant simulation can then further be applied to hazard analysis for operator/digital I and C interface interaction failure study, and the hardware-in-the-loop fault injection study.

  1. Issues and relationships among software standards for nuclear safety applications. Version 2.0

    International Nuclear Information System (INIS)

    Scott, J.A.; Preckshot, G.G.; Lawrence, J.D.; Johnson, G.L.

    1996-01-01

    Lawrence Livermore National Laboratory is assisting the Nuclear Regulatory Commission with the development of draft regulatory guides for selected software engineering standards. This report describes the results of the initial task in this work. The selected software standards and a set of related software engineering standards were reviewed, and the resulting preliminary elements of the regulatory positions are identified in this report. The importance of a thorough understanding of the relationships among standards useful for developing safety-related software is emphasized. The relationship of this work to the update of the Standard Review Plan is also discussed

  2. Data-Centric Knowledge Discovery Strategy for a Safety-Critical Sensor Application

    Directory of Open Access Journals (Sweden)

    Nilamadhab Mishra

    2014-01-01

    Full Text Available In an indoor safety-critical application, sensors and actuators are clustered together to accomplish critical actions within a limited time constraint. The cluster may be controlled by a dedicated programmed autonomous microcontroller device powered with electricity to perform in-network time critical functions, such as data collection, data processing, and knowledge production. In a data-centric sensor network, approximately 3–60% of the sensor data are faulty, and the data collected from the sensor environment are highly unstructured and ambiguous. Therefore, for safety-critical sensor applications, actuators must function intelligently within a hard time frame and have proper knowledge to perform their logical actions. This paper proposes a knowledge discovery strategy and an exploration algorithm for indoor safety-critical industrial applications. The application evidence and discussion validate that the proposed strategy and algorithm can be implemented for knowledge discovery within the operational framework.

  3. Validation of calculational methods for nuclear criticality safety - approved 1975

    International Nuclear Information System (INIS)

    Anon.

    1977-01-01

    The American National Standard for Nuclear Criticality Safety in Operations with Fissionable Materials Outside Reactors, N16.1-1975, states in 4.2.5: In the absence of directly applicable experimental measurements, the limits may be derived from calculations made by a method shown to be valid by comparison with experimental data, provided sufficient allowances are made for uncertainties in the data and in the calculations. There are many methods of calculation which vary widely in basis and form. Each has its place in the broad spectrum of problems encountered in the nuclear criticality safety field; however, the general procedure to be followed in establishing validity is common to all. The standard states the requirements for establishing the validity and area(s) of applicability of any calculational method used in assessing nuclear criticality safety

  4. The International Criticality Safety Benchmark Evaluation Project on the Internet

    International Nuclear Information System (INIS)

    Briggs, J.B.; Brennan, S.A.; Scott, L.

    2000-01-01

    The International Criticality Safety Benchmark Evaluation Project (ICSBEP) was initiated in October 1992 by the US Department of Energy's (DOE's) defense programs and is documented in the Transactions of numerous American Nuclear Society and International Criticality Safety Conferences. The work of the ICSBEP is documented as an Organization for Economic Cooperation and Development (OECD) handbook, International Handbook of Evaluated Criticality Safety Benchmark Experiments. The ICSBEP Internet site was established in 1996 and its address is http://icsbep.inel.gov/icsbep. A copy of the ICSBEP home page is shown in Fig. 1. The ICSBEP Internet site contains the five primary links. Internal sublinks to other relevant sites are also provided within the ICSBEP Internet site. A brief description of each of the five primary ICSBEP Internet site links is given

  5. Proceedings of the Twenty-Third Annual Software Engineering Workshop

    Science.gov (United States)

    1999-01-01

    The Twenty-third Annual Software Engineering Workshop (SEW) provided 20 presentations designed to further the goals of the Software Engineering Laboratory (SEL) of the NASA-GSFC. The presentations were selected on their creativity. The sessions which were held on 2-3 of December 1998, centered on the SEL, Experimentation, Inspections, Fault Prediction, Verification and Validation, and Embedded Systems and Safety-Critical Systems.

  6. Memory Management for Safety-Critical Java

    DEFF Research Database (Denmark)

    Schoeberl, Martin

    2011-01-01

    Safety-Critical Java (SCJ) is based on the Real-Time Specification for Java. To simplify the certification of Java programs, SCJ supports only a restricted scoped memory model. Individual threads share only immortal memory and the newly introduced mission memory. All other scoped memories...... implementation is evaluated on an embedded Java processor....

  7. Criteria and tools for scientific software quality measurements

    Energy Technology Data Exchange (ETDEWEB)

    Tseng, M Y [Previse Inc., Willowdale ON (Canada)

    1995-12-01

    Not all software used in the nuclear industry needs the rigorous formal verification, reliability testing and quality assessment that are being applied to safety critical software. Recently, however, there is increasing recognition that systematic and objective quality assessment of the scientific software used in design and safety analyses of nuclear facilities is necessary to support safety and licensing decisions. Because of the complexity and large size of these programs and the resource constraints faced by the AECB reviewer, it is desirable that appropriate automated tools are used wherever practical. To objectively assess the quality of software, a set of attributes of a software product by which its quality is described and evaluated must be established. These attributes must be relevant to the application domain of software under evaluation. To effectively assess the quality of software, metrics defining quantitative scale and method appropriate to determine the value of attributes need to be applied. To cost-effectively perform the evaluation, use of suitable automated tools is desirable. In this project, criteria for evaluating the quality of scientific software are presented; metrics for which those criteria can be evaluated are identified; a survey of automated tools to measure those metrics was conducted and the most appropriate tool (QA Fortran) was acquired; and the tool usage was demonstrated on three sample programs. (author) 5 refs.

  8. Criteria and tools for scientific software quality measurements

    International Nuclear Information System (INIS)

    Tseng, M.Y.

    1995-12-01

    Not all software used in the nuclear industry needs the rigorous formal verification, reliability testing and quality assessment that are being applied to safety critical software. Recently, however, there is increasing recognition that systematic and objective quality assessment of the scientific software used in design and safety analyses of nuclear facilities is necessary to support safety and licensing decisions. Because of the complexity and large size of these programs and the resource constraints faced by the AECB reviewer, it is desirable that appropriate automated tools are used wherever practical. To objectively assess the quality of software, a set of attributes of a software product by which its quality is described and evaluated must be established. These attributes must be relevant to the application domain of software under evaluation. To effectively assess the quality of software, metrics defining quantitative scale and method appropriate to determine the value of attributes need to be applied. To cost-effectively perform the evaluation, use of suitable automated tools is desirable. In this project, criteria for evaluating the quality of scientific software are presented; metrics for which those criteria can be evaluated are identified; a survey of automated tools to measure those metrics was conducted and the most appropriate tool (QA Fortran) was acquired; and the tool usage was demonstrated on three sample programs. (author) 5 refs

  9. MDEP Generic Common Position No DICWG-01. Common position on the treatment of common cause failure caused by software within digital safety systems

    International Nuclear Information System (INIS)

    2013-01-01

    Common cause failures (CCF)2 have been a significant safety concern for nuclear power plant systems. The increasing dependence on software-in safety systems for nuclear power plants has increased the safety significance of CCF caused by software, when software in redundant channels or portions of safety systems has some common dependency. For example, the effect of systematic failures can lead to a loss of safety in many ways: unwanted actuations, a safety function is not provided when needed. Therefore, nuclear power plants should be systematically protected from the effects of common cause failures caused by software in DI and C safety systems. Software for nuclear power plant safety systems should be of the high quality necessary to help assure against the loss of safety (i.e. developed with high-quality engineering practices, commensurate quality assurance applied, with continuous improvement through corrective actions based on lessons learned from operating experience). However, demonstrating adequate software quality only through verification and validation activities and controls on the development process has proved to be problematic. Therefore, this common position provides guidance for the assessment of the potential for CCF for software. It is recognized that programmable logic devices do not execute software in the conventional sense; however, the application development process using these devices have many similarities with software development, and the deficiencies that may be introduced during the application development process may induce errors in the programmable logic devices that can result in common cause failures of these devices of a type similar to software common cause failure. Although deficiencies with the potential to give rise to software common cause failures can be introduced at all phases of the software life cycle, this common position will only consider the potential for software common cause failures within digital safety system

  10. Critical Thinking Skills of Students through Mathematics Learning with ASSURE Model Assisted by Software Autograph

    Science.gov (United States)

    Kristianti, Y.; Prabawanto, S.; Suhendra, S.

    2017-09-01

    This study aims to examine the ability of critical thinking and students who attain learning mathematics with learning model ASSURE assisted Autograph software. The design of this study was experimental group with pre-test and post-test control group. The experimental group obtained a mathematics learning with ASSURE-assisted model Autograph software and the control group acquired the mathematics learning with the conventional model. The data are obtained from the research results through critical thinking skills tests. This research was conducted at junior high school level with research population in one of junior high school student in Subang Regency of Lesson Year 2016/2017 and research sample of class VIII student in one of junior high school in Subang Regency for 2 classes. Analysis of research data is administered quantitatively. Quantitative data analysis was performed on the normalized gain level between the two sample groups using a one-way anova test. The results show that mathematics learning with ASSURE assisted model Autograph software can improve the critical thinking ability of junior high school students. Mathematical learning using ASSURE-assisted model Autograph software is significantly better in improving the critical thinking skills of junior high school students compared with conventional models.

  11. Fault Tree Analysis for Safety/Security Verification in Aviation Software

    Directory of Open Access Journals (Sweden)

    Andrew J. Kornecki

    2013-01-01

    Full Text Available The Next Generation Air Traffic Management system (NextGen is a blueprint of the future National Airspace System. Supporting NextGen is a nation-wide Aviation Simulation Network (ASN, which allows integration of a variety of real-time simulations to facilitate development and validation of the NextGen software by simulating a wide range of operational scenarios. The ASN system is an environment, including both simulated and human-in-the-loop real-life components (pilots and air traffic controllers. Real Time Distributed Simulation (RTDS developed at Embry Riddle Aeronautical University, a suite of applications providing low and medium fidelity en-route simulation capabilities, is one of the simulations contributing to the ASN. To support the interconnectivity with the ASN, we designed and implemented a dedicated gateway acting as an intermediary, providing logic for two-way communication and transfer messages between RTDS and ASN and storage for the exchanged data. It has been necessary to develop and analyze safety/security requirements for the gateway software based on analysis of system assets, hazards, threats and attacks related to ultimate real-life future implementation. Due to the nature of the system, the focus was placed on communication security and the related safety of the impacted aircraft in the simulation scenario. To support development of safety/security requirements, a well-established fault tree analysis technique was used. This fault tree model-based analysis, supported by a commercial tool, was a foundation to propose mitigations assuring the gateway system safety and security. 

  12. Safety physics inter-comparison of advanced concepts of critical reactors and ADS

    Energy Technology Data Exchange (ETDEWEB)

    Slessarev, I. [CEA Cadarache, 13 - Saint-Paul-lez-Durance (France). Dept. d' Etudes des Reacteurs

    2001-07-01

    Enhanced safety based on the principle of the natural ''self-defence'' is one of the most desirable features of innovative nuclear systems (critical or sub-critical) regarding both TRU transmutation and ''clean'' energy producer concepts. For the evaluation of the ''self-defence'' domain, the method of the asymptotic reactivity balance has been generalised. The promising option of Hybrids systems (that use a symbiosis of fission and spallation in sub-critical cores) which could benefit the advantages of both Accelerated Driven Systems of the traditional type and regular critical systems, has been advocated. General features of Hybrid dynamics have been presented and analysed. It was demonstrated that an external neutron source of Hybrids can expand the inherent safety potential significantly. This analysis has been applied to assess the safety physics potential of innovative concepts for prospective nuclear power both for energy producers and for transmutation. It has been found, that safety enhancement goal defines a choice of sub-criticality of Hybrids. As for energy producers with Th-fuel cycle, a significant sub-criticality level is required due to a necessity of an improvement of neutronics together with safety enhancement task. (author)

  13. Safety Characteristics in System Application of Software for Human Rated Exploration Missions for the 8th IAASS Conference

    Science.gov (United States)

    Mango, Edward J.

    2016-01-01

    NASA and its industry and international partners are embarking on a bold and inspiring development effort to design and build an exploration class space system. The space system is made up of the Orion system, the Space Launch System (SLS) and the Ground Systems Development and Operations (GSDO) system. All are highly coupled together and dependent on each other for the combined safety of the space system. A key area of system safety focus needs to be in the ground and flight application software system (GFAS). In the development, certification and operations of GFAS, there are a series of safety characteristics that define the approach to ensure mission success. This paper will explore and examine the safety characteristics of the GFAS development. The GFAS system integrates the flight software packages of the Orion and SLS with the ground systems and launch countdown sequencers through the 'agile' software development process. A unique approach is needed to develop the GFAS project capabilities within this agile process. NASA has defined the software development process through a set of standards. The standards were written during the infancy of the so-called industry 'agile development' movement and must be tailored to adapt to the highly integrated environment of human exploration systems. Safety of the space systems and the eventual crew on board is paramount during the preparation of the exploration flight systems. A series of software safety characteristics have been incorporated into the development and certification efforts to ensure readiness for use and compatibility with the space systems. Three underlining factors in the exploration architecture require the GFAS system to be unique in its approach to ensure safety for the space systems, both the flight as well as the ground systems. The first are the missions themselves, which are exploration in nature, and go far beyond the comfort of low Earth orbit operations. The second is the current exploration

  14. Programming Guidelines for FBD Programs in Reactor Protection System Software

    International Nuclear Information System (INIS)

    Jung, Se Jin; Lee, Dong Ah; Kim, Eui Sub; Yoo, Jun Beom; Lee, Jang Su

    2014-01-01

    Properties of programming languages, such as reliability, traceability, etc., play important roles in software development to improve safety. Several researches are proposed guidelines about programming to increase the dependability of software which is developed for safety critical systems. Misra-c is a widely accepted programming guidelines for the C language especially in the sector of vehicle industry. NUREG/CR-6463 helps engineers in nuclear industry develop software in nuclear power plant systems more dependably. FBD (Function Block Diagram), which is one of programming languages defined in IEC 61131-3 standard, is often used for software development of PLC (programmable logic controllers) in nuclear power plants. Software development for critical systems using FBD needs strict guidelines, because FBD is a general language and has easily mistakable elements. There are researches about guidelines for IEC 61131-3 programming languages. They, however, do not specify details about how to use languages. This paper proposes new guidelines for the FBD based on NUREG/CR-6463. The paper introduces a CASE (Computer-Aided Software Engineering) tool to check FBD programs with the new guidelines and shows availability with a case study using a FBD program in a reactor protection system. The paper is organized as follows

  15. Programming Guidelines for FBD Programs in Reactor Protection System Software

    Energy Technology Data Exchange (ETDEWEB)

    Jung, Se Jin; Lee, Dong Ah; Kim, Eui Sub; Yoo, Jun Beom [Division of Computer Science and Engineering College of Information and Communication, Konkuk University, Seoul (Korea, Republic of); Lee, Jang Su [Man-Machine Interface System team Korea Atomic Energy Research Institute, Daejeon (Korea, Republic of)

    2014-10-15

    Properties of programming languages, such as reliability, traceability, etc., play important roles in software development to improve safety. Several researches are proposed guidelines about programming to increase the dependability of software which is developed for safety critical systems. Misra-c is a widely accepted programming guidelines for the C language especially in the sector of vehicle industry. NUREG/CR-6463 helps engineers in nuclear industry develop software in nuclear power plant systems more dependably. FBD (Function Block Diagram), which is one of programming languages defined in IEC 61131-3 standard, is often used for software development of PLC (programmable logic controllers) in nuclear power plants. Software development for critical systems using FBD needs strict guidelines, because FBD is a general language and has easily mistakable elements. There are researches about guidelines for IEC 61131-3 programming languages. They, however, do not specify details about how to use languages. This paper proposes new guidelines for the FBD based on NUREG/CR-6463. The paper introduces a CASE (Computer-Aided Software Engineering) tool to check FBD programs with the new guidelines and shows availability with a case study using a FBD program in a reactor protection system. The paper is organized as follows.

  16. Criticality safety for TMI-2 canister storage at INEL

    International Nuclear Information System (INIS)

    Jones, R.R.; Briggs, J.B.; Ayers, A.L. Jr.

    1986-01-01

    Canisters containing Three Mile Island Unit 2 (TMI-2) core debris will be researched, stored, and prepared for final disposition at the Idaho National Engineering Laboratory (INEL). The canisters will be placed into storage modules and assembled into a storage rack, which will be located in the Test Area North (TAN) storage pool. Criticality safety calculations were made (a) to ensure that the storage rack is safe for both normal and accident conditions and (b) to determine the effects of degradation of construction materials (Boraflex and polyethylene) on criticality safety

  17. Safety-Critical Java for Embedded Systems

    DEFF Research Database (Denmark)

    Rios Rivas, Juan Ricardo

    for Java aims at providing a reduced set of the Java programming language that can be used for systems that need to be certified at the highest levels of criticality. Safety-critical Java (SCJ) restricts how a developer can structure an application by providing a specific programming model...... and by restricting the set of methods and libraries that can be used. Furthermore, its memory model do not use a garbage-collected heap but scoped memories. In this thesis we examine the use of the SCJ specification through an implementation in a time-predictable, FPGA-based Java processor. The specification is now...

  18. Critical incidents related to cardiac arrests reported to the Danish Patient Safety Database

    DEFF Research Database (Denmark)

    Andersen, Peter Oluf; Maaløe, Rikke; Andersen, Henning Boje

    2010-01-01

    Background Critical incident reports can identify areas for improvement in resuscitation practice. The Danish Patient Safety Database is a mandatory reporting system and receives critical incident reports submitted by hospital personnel. The aim of this study is to identify, analyse and categorize...... critical incidents related to cardiac arrests reported to the Danish Patient Safety Database. Methods The search terms “cardiac arrest” and “resuscitation” were used to identify reports in the Danish Patient Safety Database. Identified critical incidents were then classified into categories. Results One...

  19. Modeling for safety in a synthesis-centric systems engineering framework

    NARCIS (Netherlands)

    Markovski, J.; Mortel - Fronczak, van de J.M.; Ortmeier, F.; Daniel, P.

    2012-01-01

    The ever-increasing complexity of safety-critical systems puts high demands on safety assurance and certification. We focus on the development of control software, where safety) requirements engineering plays a crucial and delicate role. Nowadays, most of the safety features are ensured by the

  20. Reliability modeling of safety-critical network communication in a digitalized nuclear power plant

    International Nuclear Information System (INIS)

    Lee, Sang Hun; Kim, Hee Eun; Son, Kwang Seop; Shin, Sung Min; Lee, Seung Jun; Kang, Hyun Gook

    2015-01-01

    The Engineered Safety Feature-Component Control System (ESF-CCS), which uses a network communication system for the transmission of safety-critical information from group controllers (GCs) to loop controllers (LCs), was recently developed. However, the ESF-CCS has not been applied to nuclear power plants (NPPs) because the network communication failure risk in the ESF-CCS has yet to be fully quantified. Therefore, this study was performed to identify the potential hazardous states for network communication between GCs and LCs and to develop quantification schemes for various network failure causes. To estimate the risk effects of network communication failures in the ESF-CCS, a fault-tree model of an ESF-CCS signal failure in the containment spray actuation signal condition was developed for the case study. Based on a specified range of periodic inspection periods for network modules and the baseline probability of software failure, a sensitivity study was conducted to analyze the risk effect of network failure between GCs and LCs on ESF-CCS signal failure. This study is expected to provide insight into the development of a fault-tree model for network failures in digital I&C systems and the quantification of the risk effects of network failures for safety-critical information transmission in NPPs. - Highlights: • Network reliability modeling framework for digital I&C system in NPP is proposed. • Hazardous states of network protocol between GC and LC in ESF-CCS are identified. • Fault-tree model of ESF-CCS signal failure in ESF actuation condition is developed. • Risk effect of network failure on ESF-CCS signal failure is analyzed.