Title :
Ontario Hydro experience in the identification and mitigation of potential failures in safety critical software systems
Author :
Huget, R.G. ; Viola, M. ; Froebel, P.A.
Author_Institution :
Ontario Hydro, Toronto, Ont., Canada
fDate :
8/1/1995 12:00:00 AM
Abstract :
Ontario Hydro has had experience in designing and qualifying safety critical software used in the reactor shutdown systems of its nuclear generating stations. During software design, an analysis of system level hazards and potential hardware failure effects provide input to determining what safeguards will be needed. One form of safeguard, called software self checks, continually monitor the health of the computer on line. The design of self checks usually is a trade off between the amount of computing resources required, the software complexity, and the level of safeguarding provided. As part of the software verification activity, a software hazards analysis is performed, which identifies any failure modes that could lead to the software causing an unsafe state, and which recommends changes to mitigate that potential. These recommendations may involve a re-structuring of the software to be more resistant to failure, or the introduction of other safeguarding measures. This paper discusses how Ontario Hydro has implemented these aspects of software design and verification into safety critical software used in reactor shutdown systems
Keywords :
fission reactor safety; nuclear engineering computing; safety-critical software; software performance evaluation; Ontario Hydro; nuclear reactor; reactor shutdown systems; safety critical software systems; software design; software hazards analysis; software self checks; software verification; Computerized monitoring; Condition monitoring; Failure analysis; Hardware; Hazards; Inductors; Nuclear power generation; Software design; Software performance; Software safety;
Journal_Title :
Nuclear Science, IEEE Transactions on
