Requirements to Products and Processes for Software of Safety Important NPP I&C Systems

Requirements to Products and Processes for Software of Safety Important NPP I&C Systems

Vladimir Sklyar (National Aerospace University KhAI, Ukraine), Andriy Volkoviy (Mellanox Technologies Ltd., Kyiv R&D Center, Ukraine), Oleksandr Gordieiev (Banking University, Ukraine) and Vyacheslav Duzhyi (National Aerospace University KhAI, Ukraine)
DOI: 10.4018/978-1-7998-3277-5.ch004
OnDemand PDF Download:
No Current Special Offers


Features of software as a component of instrumentation and control (I&C) systems are analyzed. Attention is paid to the importance of functions performed by software and hazards of such software. Requirements for characteristics of software as a component of I&C systems are analyzed. Different regulatory documents are considered in order to disclose common approaches to the use of dedicated software and off-the-shelf software components. Classification of software, as well as classification of requirements, is described. Criteria of selection and structuring of requirements, as well as criteria for software verification, are defined. As long as the characteristics of software components directly depend on the quality of the processes of software development and verification, requirements for software life cycle processes are considered.
Chapter Preview


The increase of the number of nuclear power plant I&C software executed functions causes an increase of the “weight” of software device defects and its possible sources of failures. Based on different estimates such defects cause up to 70% of the failures of computer systems of critical application complexes, of the total number of those attributed to nuclear power plant I&C systems (Everett, 1998) (Lyu, 1996). Given this, the present trend is having an increasing dynamic role over time.

In the 1960s software defects caused up to 15% of the failures, and in the 1970s it was 15-30%, and by the year 2000 they were the cause of up to 70% of computer system failures. This trend shows up even more in space rocket technology (Aizenberg, 2002). Analysis of the cause of accidents and catastrophes of space rocket systems, where on board and ground computer systems have already been in use for several decades, allows one to determine that in the past 40 years each fifth accident is related to failure of a digital control system. Six of seven failures of these systems were caused by the occurrence of software defects. One such defect of computer software of the Ariane-5 navigational system in 1997 led to an accident which cost nearly one half billion dollars (Adziev, 1998). In nuclear power generation programmable I&C systems have had a shorter history, however, here also there have been accidents due to software defects.

The reliability of software, as for the I&C system as a whole, depends on the design quality at stages that directly precede development of the software:

  • Development of requirements for I&C system.

  • Mathematical modeling.

  • Software implemented functioning algorithms.

Errors committed at these stages become sources of complex defects in software. In this sense, software, on the one hand, accumulates the deficiencies of the preceding stages, and on the other hand, is the “field,” in which they can show up and be eliminated. However, the efforts that must be made to do this, increase by an order of magnitude.

Consequently, software is becoming an even more important factor determining the safety of nuclear power plant I&C system. This explains the fact that software of nuclear power plant I&C system, in accordance with national and international normative documents, is a separate and very important object of safety standardization.

Key Terms in this Chapter

Fault Tolerance: Is the ability of software to retain a certain functioning level during the onset of software malfunctions.

Diversity: Presence of two or more redundant systems or components to perform an identified function, where the different systems or components have different attributes so as to reduce the possibility of common cause failure, including common mode failure.

Common-Cause Failure (CCF): Failure of two or more structures, systems, or components due to a single specific event or cause.

Common-Mode Failure (CMF): Failure of two or more structures, systems, and components in the same manner or mode due to a single event or cause.

Fault Tree Analysis (FTA): Deductive technique that starts by hypothesizing and defining failure events and systematically deduces the events or combinations of events that caused the failure events to occur.

Off-the-Shelf (OTS) Software Component: Pre-developed software components, usually developed by other organization and designed for specific solutions.

Failure Mode, Effects, and Criticality Analysis (FMECA): Is a reliability evaluation/design technique which examines the potential failure modes within a system and its equipment, in order to determine the effects on equipment and system performance.

Complete Chapter List

Search this Book: