No Slide Title
Download
Report
Transcript No Slide Title
The OECD Halden Reactor Project
1
The OECD Halden Reactor Project (HRP) is an
International Research Project between 19 countries
in Europe, America and Asia
Two main research areas:
–
–
File:
Fuel research at the Halden Boiling Water Reactor
Safety - MTO (Man-Technology-Organisation), with
emphasis on computer applications and human factor
research
Software Verification and Validation at the
2
Halden Project
A main research activity is the safe use of computers for
control and supervision of nuclear power plants.
HRP has for thirty years worked in the area of software
dependability, focusing on
- fault avoidance
·
quality assurance principles
·
formal development methods
- fault detection,
·
static analysis
·
testing
- fault tolerance,
·
diversity
·
safety checks
·- reliability and safety assessment
File:
Questions/Problems
3
Deryk has asked us to give comments to four
questions /problems.
These are difficult questions to answer, in
particular in less than 5 minutes.
I will rather comment on them with reference to
related activities at the Halden Project
File:
Safety Justification
How to construct a safety justification for
programmable systems important to safety?
Safety justification will be based on a variety
qualitative and quantitative evidences.
At Halden we have in an experiment tried
combine these evidences using Bayesian Belief
Nets
File:
4
Assessment based on disparate sources5
Four quality aspects are combined with other
nodes in the net and lead to a node representing the
prior reliability of the system.
Quality of
Producer
Quality of
Process
Solution
Complexity
Quality of
Analysis
Prior reliability
File:
Problem
Complexity
Quality of
Product
Combining prior reliabilty with
quantitative data
Halden
PRODUCT
CHARACTERISTICS
DEVELOPMENT
PROCESS
PRIOR
RELIABILITY
POSTERIOR
RELIABILITY
TESTING
VTT
File:
OPERATIONAL
EXPERIENCE
6
Justification criteria
7
Safety
defences
Hazard/risk
analysis
Risk
reduction
System
reliability
Plant PSA
Safety
assessment
Justification for
safety critical
application
File:
Political
aspects
Other
acceptance
criteria
Legal
aspects
Security
aspects
Requirements Specification
8
How to make the requirements specification accurate and
cost-effective - especially at the interfaces between the
supplier, user and regulator?
We are participating in a Nordic project on requirements
specification.
Emphasis on traceability between
– different requirements
– requirements in different versions
– requirements and their realisation.
Adaption to different levels of formality.
This will aid the configuration management of the
requirement specification and their realisation.
File:
COTS
9
How to provide sufficient evidence of 'off-the shelf'
product quality for applications important to safety?
Data on producer pedigree may be available
A ’good’ vendor may provide principles for production
Difficult to get detailed information about development
process.
User experience and operational data would be useful,
but often not available.
It may be useful to divide COTS based systems into
smaller components and estimate reliability of them,
and then use conventional reliability analysis methods.
File:
Licensing programmable or 'smart' devices
10
Licensing aspects of programmable or 'smart' devices
for the nuclear industry - what issues should future
research resolve.
Related to statements on justification and COTS.
For software safety critical 'smart' devices, where no
information about development and code is available,
It may be necessary to analyse the machine code.
Tools for program analysis based on machine code was
made in the SOSAT project with TüV, ISTec and Halden.
File: