1

File:

The OECD Halden Reactor Project

The OECD Halden Reactor Project (HRP) is an International Research Project between 19 countries in Europe, America and Asia

 

Two main research areas:– Fuel research at the Halden Boiling Water Reactor– Safety - MTO (Man-Technology-Organisation), with

emphasis on computer applications and human factor research

2

File:

Software Verification and Validation at the Halden Project

A main research activity is the safe use of computers for control and supervision of nuclear power plants.HRP has for thirty years worked in the area of software dependability, focusing on- fault avoidance· quality assurance principles· formal development methods- fault detection,· static analysis· testing- fault tolerance,· diversity· safety checks·- reliability and safety assessment

3

File:

Questions/Problems

Deryk has asked us to give comments to four questions /problems.

These are difficult questions to answer, in particular in less than 5 minutes.

I will rather comment on them with reference to related activities at the Halden Project

4

File:

Safety Justification

How to construct a safety justification for programmable systems important to safety?

Safety justification will be based on a variety qualitative and quantitative evidences.

At Halden we have in an experiment tried combine these evidences using Bayesian Belief Nets

5

File:

Assessment based on disparate sources

Four quality aspects are combined with other nodes in the net and lead to a node representing the prior reliability of the system.

Quality of Producer

Quality of Product

Quality of Analysis

Quality of Process

Solution Complexity

Problem Complexity

Prior reliability

6

File:

Combining prior reliabilty with quantitative data

PRODUCTCHARACTERISTICS

DEVELOPMENTPROCESS

OPERATIONAL EXPERIENCETESTING

PRIOR RELIABILITY

POSTERIOR RELIABILITY

Halden

VTT

7

File:

Justification criteria

System reliability

Hazard/risk analysis

Safety defences

Plant PSA

Other acceptance criteria

Justification for safety critical application

Safety assessment Security

aspects

Legal aspects

Political aspectsRisk

reduction

8

File:

Requirements Specification

How to make the requirements specification accurate and cost-effective - especially at the interfaces between the supplier, user and regulator?We are participating in a Nordic project on requirements specification.Emphasis on traceability between

– different requirements– requirements in different versions – requirements and their realisation.

Adaption to different levels of formality.

This will aid the configuration management of the requirement specification and their realisation.

9

File:

COTS

How to provide sufficient evidence of 'off-the shelf' product quality for applications important to safety?

Data on producer pedigree may be available

A ’good’ vendor may provide principles for production

Difficult to get detailed information about development process.

User experience and operational data would be useful, but often not available.

It may be useful to divide COTS based systems into smaller components and estimate reliability of them,

and then use conventional reliability analysis methods.

10

File:

Licensing programmable or 'smart' devices

Licensing aspects of programmable or 'smart' devices for the nuclear industry - what issues should future research resolve.

Related to statements on justification and COTS.

For software safety critical 'smart' devices, where no information about development and code is available,

It may be necessary to analyse the machine code.

Tools for program analysis based on machine code was made in the SOSAT project with TüV, ISTec and Halden.