Han Seong Son

A formal software requirements specification method for digital nuclear plant protection systems

This article describes NuSCR, a formal software requirements specification method for digital plant protection system in nuclear power plants. NuSCR improves the readability and specifiability by providing graphical or tabular notations depending on the type of operations. NuSCR specifications can be formally analyzed for completeness, consistency, and against the properties specified in temporal logic. We introduce the syntax and semantics of NuSCR and demonstrate the effectiveness of the approach using reactor protection system, digital protection system being developed in Korea, as a case study.

Software safety analysis of function block diagrams using fault trees

Abstract As programmable logic controllers (PLCs) are often used to implement safety–critical embedded software, safety demonstration of PLC code is needed. In this paper, we propose a fault tree analysis technique on Function Block Diagrams (FBDs) which is one of the most widely used PLC programming languages. FBD is currently being used to develop Reactor Protection System (RPS) for a nuclear power plant in South Korea. Our approach to fault tree analysis, which combines fault-oriented and cause/effect-oriented viewpoints, is easy to understand and offers systematic guidelines to ensure safety of PLC code. Domain experts found the approach to be useful through a case study on RPS, and this paper compares completeness and comprehensiveness of the semi-automatically generated fault trees using the proposed approach against the one manually prepared by nuclear safety engineers.

Systematic evaluation of fault trees using real-time model checker UPPAAL

Abstract Fault tree analysis, the most widely used safety analysis technique in industry, is often applied manually. Although techniques such as cutset analysis or probabilistic analysis can be applied on the fault tree to derive further insights, they are inadequate in locating flaws when failure modes in fault tree nodes are incorrectly identified or when causal relationships among failure modes are inaccurately specified. In this paper, we demonstrate that model checking technique is a powerful tool that can formally validate the accuracy of fault trees. We used a real-time model checker UPPAAL because the system we used as the case study, nuclear power emergency shutdown software named Wolsong SDS2, has real-time requirements. By translating functional requirements written in SCR-style tabular notation into timed automata, two types of properties were verified: (1) if failure mode described in a fault tree node is consistent with the systems behavioral model; and (2) whether or not a fault tree node has been accurately decomposed. A group of domain engineers with detailed technical knowledge of Wolsong SDS2 and safety analysis techniques developed fault tree used in the case study. However, model checking technique detected subtle ambiguities present in the fault tree.

PLC-based safety critical software development for nuclear power plants

This paper proposes a PLC(Programmable Logic Controller)-based safety critical software development technique for nuclear power plants’ I&C software controllers. To improve software safety, we write the software requirements specification using a formal specification notation named NuSCR [1]. NuSCR specification is then mechanically transformed into semantically equivalent Function Block Diagram(FBD), a widely used PLC programming language. Finally, we manually refine the FBD programs so that redundant function blocks are identified and removed. As CASE tool supplied by PLC vendors automatically compiles the resulting FBD programs into PLC machine code, PLC software development is completed when the final FBD programs are essentially tested.

Software Reliability Improvement Techniques

Digital systems offer various advantages over analog systems. Their use in largescale control systems has greatly expanded in recent years. This raises challenging issues to be resolved. Extremely high-confidence in software reliability is one issue for safety-critical systems, such as NPPs. Some issues related to software reliability are tightly coupled with software faults to evaluate software reliability (Chapter 4). There is not “one right answer” as to how to estimate software reliability. Merely measuring software reliability does not directly make software more reliable, even if there is a “proper answer” for estimation of software reliability. Software faults should be carefully handled to make software more reliable with as many reliability improvement techniques as possible. However, software reliability evaluation may not be useful. Software reliability improvement techniques dealing with the existence and manifestation of faults in software are divided into three categories:

NuSEE: Nuclear Software Engineering Environment

The concept of software V&V throughout the software development lifecycle has been accepted as a means to assure the quality of safety-critical systems for more than a decade [1]. The Integrated Environment (IE) approach is introduced as one of the countermeasures for V&V (Chapter 5). Adequate tools are accompanied by V&V techniques for the convenience and efficiency of V&V processes. This chapter introduces NuSEE (Nuclear Software Engineering Environment), which is a toolset to support the IE approach developed at Korea Advanced Institute of Science and Technology (KAIST) [2]. The software lifecycle consists of concept, requirements, design, implementation, and test phases. Each phase is clearly defined to separate the activities to be conducted within it. Minimum V&V tasks for safety-critical systems are defined for each phase in IEEE Standard 1012 for “Software Verification and Validation” (Figure 6.1) [3]. V&V tasks are traceable back to the software requirements. A critical software product should be understandable for independent evaluation and testing. The products of all lifecycle phases are also evaluated for software quality attributes, such as correctness, completeness, consistency, and traceability. Therefore, it is critical to define an effective specification method for each software development phase and V&V task based on the effective specifications during the whole software lifecycle.