Procedure for Application of Software Reliability Growth Models to Npp Psa

Software reliability and/or safety [1] have become an important issue for instrumentation and control systems in nuclear power plants (NPPs). Software is one of the important safety issues in digital system safety assessment [2]. When using safety-critical software, various methods like formal verification and validation [3,4] play critical roles in demonstrating compliance with several regulatory requirements. Meanwhile, for the past several decades, Probabilistic Safety Assessment (PSA) techniques have been used in the nuclear industry to assess the relative effects of contributing events on plant risk and system reliability. More realistic PSA results provide more reasonable and accurate risk-informed decisions. The field experience of U.S. nuclear plants during the period of 1990 through 1993 shows that software error caused a significant number of digital system failures [5]. Software errors (30 failures) cause the majority of digital system failure events in comparison with the fact that only 9 events were caused by random component failures. In addition, since these failures could cause common-mode or cause failure, which might remove the redundancy effect if the same software is installed in redundant systems and can lead to significant safety events, software failure analysis is inevitable for realistic PSA results. Based on the results of sensitivity studies, a precedent research [6] pointed out that quantification of the ‘possibility of software error’ and ‘imperfection of a fault-tolerant mechanism’ is very important and an inevitable factor for realistic reliability evaluation. In summary, quantitative software reliability can give confidence for the use of software, especially when it is incorporated with NPP PSA. It is notable that there has been much discussion among software engineering researchers about whether a software failure can be treated in a probabilistic manner [7]. Software faults are design faults by definition. It means that software is deterministic and its failure cannot be represented by ‘failure probability.’ However, a fault in software causes a system failure only when the input sequence activates the fault. If we assume the randomness of the input sequences in the real use of software, its failure could be treated based on a probabilistic method. If the input profile of the software can be determined statistically, we can estimate the software reliability in a probabilistic manner based on the input profile [2]. Software faults are integrated into PSAs to statistically analyze system reliability and/or safety. Li et al. [8] developed the software failure taxonomy to integrate software into the PSA process, which also identifies software related failures. They pointed out that software failure events appear as the initiating and intermediate events in event sequence diagrams for event tree analysis or as the elements of fault trees. For example, a software fault which results in spurious activation of a reactor protection system causes a transient of a NPP and will be As the use of software increases at nuclear power plants (NPPs), the necessity for including software reliability and/or safety into the NPP Probabilistic Safety Assessment (PSA) rises. This work proposes an application procedure of software reliability growth models (RGMs), which are most widely used to quantify software reliability, to NPP PSA. Through the proposed procedure, it can be determined if a software reliability growth model can be applied to the NPP PSA before its real application. The procedure proposed in this work is expected to be very helpful for incorporating software into NPP PSA.