TY - BOOK
T1 - Diversity requirements for safety critical software-based automation systems
AU - Korhonen, Jukka
AU - Pulkkinen, Urho
AU - Haapanen, Pentti
PY - 1998
Y1 - 1998
N2 - System vendors nowadays propose software-based systems
even
for the most critical safety functions in nuclear power
plants. Due to the nature and mechanisms of influence of
software faults new methods are needed for the safety and
reliability evaluation of these systems. In the research
project "Programmable atuomation systems in nuclear power
plants (OHA)", financed together by the Radiation and
Nuclear Safety Authority (STUK), the Ministry of Trade
and
Industry and the Technical Research Centre of Finland
(VTT), various safety assessment methods and tools for
software based systems are developed and evaluated.
A well known fact is that it in practice is almost
impossible to produce totally fault-free software.
Software
faults are design faults introduced in the systems during
the design and implementation process. Redundant channels
containg identical software (with its faults) may
therefore
fail simultaneously i.e. the softwre faults can be a
source
of Common Cause Failures (CCF's). In safety critcal
applications some kind of diversity is usually required
to
protect the systems safety functions against Common Cause
protect the systems safety functions against Common Cause
Failures. The diversity can be realized at harware,
software of functional level or as a Common Cause
Failures.
The diversity can be realized at hardware, software or
functional level or as a combination of these. For
licensing purposes it is important to understand the
influence of different approaches on the system
reliability
and safety and to adjust the diversity requirements to a
proper level.
This report firstly discusses the (common cause) failure
mechanisms in software-based systems, then defines
fault-tolerant system architectures to avoid common cause
failures, then studies the various alternatives to apply
diversity and their influence on system reliability.
Finally, a method for the assessment of diversity is
described.
Other recently published reports in OHA-report series
handle the statistical reliability assessment of software
based (STUK-YTO-TR 119), usage models in reliability
assessment of software-based systems (STUK-YTO-TR 128)
and
handling of programmable automation in plant PSA-studies
(STUK-YTO TR 129).
AB - System vendors nowadays propose software-based systems
even
for the most critical safety functions in nuclear power
plants. Due to the nature and mechanisms of influence of
software faults new methods are needed for the safety and
reliability evaluation of these systems. In the research
project "Programmable atuomation systems in nuclear power
plants (OHA)", financed together by the Radiation and
Nuclear Safety Authority (STUK), the Ministry of Trade
and
Industry and the Technical Research Centre of Finland
(VTT), various safety assessment methods and tools for
software based systems are developed and evaluated.
A well known fact is that it in practice is almost
impossible to produce totally fault-free software.
Software
faults are design faults introduced in the systems during
the design and implementation process. Redundant channels
containg identical software (with its faults) may
therefore
fail simultaneously i.e. the softwre faults can be a
source
of Common Cause Failures (CCF's). In safety critcal
applications some kind of diversity is usually required
to
protect the systems safety functions against Common Cause
protect the systems safety functions against Common Cause
Failures. The diversity can be realized at harware,
software of functional level or as a Common Cause
Failures.
The diversity can be realized at hardware, software or
functional level or as a combination of these. For
licensing purposes it is important to understand the
influence of different approaches on the system
reliability
and safety and to adjust the diversity requirements to a
proper level.
This report firstly discusses the (common cause) failure
mechanisms in software-based systems, then defines
fault-tolerant system architectures to avoid common cause
failures, then studies the various alternatives to apply
diversity and their influence on system reliability.
Finally, a method for the assessment of diversity is
described.
Other recently published reports in OHA-report series
handle the statistical reliability assessment of software
based (STUK-YTO-TR 119), usage models in reliability
assessment of software-based systems (STUK-YTO-TR 128)
and
handling of programmable automation in plant PSA-studies
(STUK-YTO TR 129).
KW - safety
KW - safety analysis
KW - reliability analysis
KW - diversity
KW - automation
KW - programmable systems
KW - reactor protection systems
KW - nuclear reactor safety
M3 - Report
SN - 951-712-246-2
T3 - STUK-YTO-TR
BT - Diversity requirements for safety critical software-based automation systems
PB - Radiation and Nuclear Safety Authority STUK
CY - Helsinki
ER -