Critical software for nuclear reactors: 11 years of field experience analysis

Technicatome designs the nuclear reactors of the submarines and aircraft carriers of the French Navy. To improve the software development process of its new generation of digital instrumentation and control systems, and to evaluate their actual dependability, an analysis of data on operating experience has been performed. It covers 10 years of operation, more than 5.5 millions hours and 350 versions for 30 critical applications. The following conclusions can be drawn from this experience. (1) Classical methods are efficient and sufficient if they are performed according to high quality requirements. (2) The analysis of data on operating experience is an efficient means to improve the development processes. (3) Emergent methods, such as formal methods, would have been of little help to prevent the errors actually encountered in operation, since the latter concern hardware-software interactions and real-time issues that are extremely difficult to model