Diversity and Multi-Version Systems

Abstract

To protect safety-critical systems from common-cause failures that can lead to potentially dangerous outcomes, special methods are applied, including multi-version technologies operating at different levels of diversity. A model representing different diversity types during the development of safety-critical systems is suggested. The model addresses diversity types that are the most expedient in providing required safety. The diversity of complex electronic components (FPGA, etc.), printed circuit boards, manufacturers, specification languages, design, and program languages, etc. are considered. The challenges addressed are related to factors of scale and dependencies among diversity types, since not all combinations of used diversity are feasible. Taking these dependencies into consideration, the model simplifies the choice of diversity options. This chapter presents a cost effective approach to selection of the most diverse NPP Reactor Trip System (RTS) under uncertainty. The selection of a pair of primary and secondary RTS is named a diversity strategy. All possible strategies are evaluated on an ordinal scale with linguistic values provided by experts. These values express the expert’s degree of confidence that evaluated variants of secondary RTS are different from primary. All diversity strategies are evaluated on a set of linguistic diversity criteria, which are included into a corresponding diversity attribute. The generic fuzzy diversity score is an aggregation of the linguistic values provided by the experts to obtain a collective assessment of the secondary RTS’s similarity (difference) with a primary one. This rational diversity strategy is found during the exploitation stage, taking into consideration the fuzzy diversity score and cost.