Browse Prior Art Database

Program Testing Techniques for Nuclear Reactor Protection Systems

IP.com Disclosure Number: IPCOM000131430D
Original Publication Date: 1979-Aug-01
Included in the Prior Art Database: 2005-Nov-11
Document File: 12 page(s) / 44K

Publishing Venue

Software Patent Institute

Related People

Werner Geiger: AUTHOR [+6]

Abstract

[Figure containing following caption omitted: The high-reliability software required for nuclear reactor protection systems cannot be validated by a single method. This approach combines several different but complementary techniques.] Sophisticated technical systems are assuming an ever greater role in the economies of the developed world. Along with this increased complexity has come greater public concern about the safety and environmental effects of such systems. One manifestation of this concern has been the establishment of regulatory agencies which require new projects to pass rigorous approval procedures. The 70's have seen an explosion of computer applications in process control and monitoring: computer systems are now essential in areas such as highspeed transportation systems, chemical plants, and nuclear reactors. Regulatory agencies therefore de mend the validation of the computer systems embedded in these projects -- particularly their complex software. The approving authorities, however, still hesitate to regard computers as safety-proof since no classical reliability figures exist, especially about the software. The validation strategy presented here can be considered as a first step toward proving the correct functioning of a real-time software system, in this case for an advanced computerized nuclear reactor protection system. It may also serve as a guideline for the systematic validation and testing of other safety-oriented software systems.

This text was extracted from a PDF file.
This is the abbreviated version, containing approximately 9% of the total text.

Page 1 of 12

THIS DOCUMENT IS AN APPROXIMATE REPRESENTATION OF THE ORIGINAL.

This record contains textual material that is copyright ©; 1979 by the Institute of Electrical and Electronics Engineers, Inc. All rights reserved. Contact the IEEE Computer Society http://www.computer.org/ (714-821-8380) for copies of the complete work that was the source of this textual material and for all use beyond that as a record from the SPI Database.

Program Testing Techniques for Nuclear Reactor Protection Systems

Werner Geiger , Lothar Gmeiner ,

Heinz Trauboth , and Udo Voges

Kernforschungszentrum Karlsrnhe GmbH

(Image Omitted: The high-reliability software required for nuclear reactor protection systems cannot be validated by a single method. This approach combines several different but complementary techniques.)

Sophisticated technical systems are assuming an ever greater role in the economies of the developed world. Along with this increased complexity has come greater public concern about the safety and environmental effects of such systems. One manifestation of this concern has been the establishment of regulatory agencies which require new projects to pass rigorous approval procedures.

The 70's have seen an explosion of computer applications in process control and monitoring: computer systems are now essential in areas such as highspeed transportation systems, chemical plants, and nuclear reactors. Regulatory agencies therefore de mend the validation of the computer systems embedded in these projects -- particularly their complex software.

The approving authorities, however, still hesitate to regard computers as safety-proof since no classical reliability figures exist, especially about the software. The validation strategy presented here can be considered as a first step toward proving the correct functioning of a real-time software system, in this case for an advanced computerized nuclear reactor protection system. It may also serve as a guideline for the systematic validation and testing of other safety-oriented software systems.

Reactor protection system

Computers in the nuclear field have been used mainly as passive components -- i.e., for data acquisition and data representation on display and logging devices. However, in a reactor protection system, the computer may now play a more active role.

The computerized reactor protection system considered here must scan about 200 measuring points every second.! The values of these temperature measurements are compared against upper and lower limits. A variable-limit band, calculated in each cycle, depends on the position of the fuel rod within the core, the power load of the reactor, and the burn-up of the fuel rod (Figure 1). A second fixed- limit band is used for redundancy and for plausibility checks. If the temperature is above an upper limit, shut- down must be initiated. If it is below a lower limit, a message must be sent to the control room. The protection system, however, should not cause mor...