Use of Diversity in Experimental Reactor Safety Systems
This paper describes two projects which were conducted at the Kernforschungszentrum Karlsruhe. The first was “BPI”, a pilot implementation of parts of a reactor safety shut down system. In this experiment the problem was specified in natural language (German) with heavy use of mathematical notations. Based on this specification three teams prepared in parallel three implementations in three different languages.
The results of this experiment show that not only the errors made by the different teams were different, but also that the error detection capabilities were increased through the use of different teams. Therefore the overall reliability was higher than in a development environment without use of diversity.
The second project consisted of the design of the reactor safety shut down system “MIRA”. Analogue to the triple modular redundant hardware structure of the system, three diverse versions of the application software should be installed. The design of the system as well as the reasons leading to the incorporation of software diversity are presented. It is anticipated that not only errors in those parts which are realized diversely can be tolerated to some extent, but also errors in those parts which are identical in the redundant system.
KeywordsFuel Element Fast Breeder Reactor Fault Tree Analysis Software Requirement Specification Reactor Safety
Unable to display preview. Download preview PDF.
- [Avižienis 1977]A. Avižienis and L. Chen: On the Implementation of N-Version Programming for Software Fault-Tolerance during Program Execution. Proceedings COMP- SAC ’77,1977, pp. 149–155.Google Scholar
- [Avižienis 1984]
- [Bishop 1987]P.G. Bishop: The PODS Diversity Experiment, this book.Google Scholar
- [Boehm 1974]B.W. Boehm: Some Steps toward Formal and Automated Aids to Software Requirements Analysis and Design. 2nd IFIP Congress, Stockholm, 1974.Google Scholar
- [Eckert 1981]
- [Elies 1984]V. Elies: A Protocol System as an Extension of the MIRA Reactor Protection System. IAEA-Meeting Saclay, F, 1984.Google Scholar
- [EWICS 1981]EWICS: Development of Safety Related Software. EWICS TC7 Position Paper No. 268,1981.Google Scholar
- [Geiger 1979]
- [Gmeiner 1978]L. Gmeiner: Projektbegleitende Fehleraufzeichnung und -auswertung während der BESS Y-Pilotimplementierung (unpublished 1978).Google Scholar
- [Gmeiner 1980]L. Gmeiner and U. Voges: Software Diversity in Reactor Protection Systems: An Experiment. Proc. IFAC Workshop SAFECOMP’79, Oxford, Pergamon Press 1980, pp. 75–79.Google Scholar
- [IEEE 1984]IEEE: Standard for Software Quality Assurance Plans, IEEE Std 730, 1984.Google Scholar
- [IFTRAN 1976]Structured Programming Preprocessors for FORTRAN. General Research Corporation, Santa Barbara, 1976.Google Scholar
- [Jüngst 1976]U. Jüngst: Design Features of the Fuel Element Computerized Protection System. IAEA/NPPCI Specialists’ Meeting, München, 1976.Google Scholar
- [PHI2]PHI2-Programmierhilfe-Makros für strukturierte Programmierung. SIEMENS Programmbeschreibung P71100-J1015-X-X-35.Google Scholar
- [RXVP 1985]RXVP 80. The Verification and Validation System for FORTRAN. User’s Manual. General Research Corporation, Santa Barbara, 1985.Google Scholar
- [Schriefer 1983]D. Schriefer, U. Voges and G. Weber: Design and Construction of a Reliable Microcomputer-Based LMFBR Protection System. In: Proceedings of Internat. Workshop on Nuclear Power Plant Control and Instrumentation, IAEA-SM 265, 1983, pp. 355–366.Google Scholar
- [Voges 1975]U. Voges and W. Ehrenberger: Vorschläge zu Programmierrichtlinien für ein Reaktorschutzsystem. KfK-Ext. 13/75–2, Kernforschungszentrum Karlsruhe, 1975.Google Scholar
- [Voges 1980]
- [Voges 1982]U. Voges, F. Fetsch and L. Gmeiner: Use of Microprocessors in a Safety-Oriented Reactor Shut-Down System. EUROCON ’82, Lyngby, DK, 14–18 June 1982. E. Lauger, J. Moeltoft (Eds.), Reliability in Electrical and Electronic Components and Systems. Amsterdam: North Holland Publ. Co. 1982, pp. 493–497.Google Scholar
- [Voges 1983]U. Voges and J. R. Taylor: Systematic Software Testing, In: Proceedings of EWICS, Schriftenreihe der Österreichischen Computer-Gesellschaft 21 (1983), pp. 165–183.Google Scholar
- [Voges 1985]U. Voges: Application of a Fault-Tolerant Microprocessor-Based Core Surveillance System in a German Fast Breeder Reactor. EPRI-Seminar: Power Plant Digital Control and Fault-Tolerant Microcomputers, Scottsdale, AZ, USA, 9–12 April 1985.Google Scholar