Software
QA
By H.M. Hashemian, Analysis and
Measurement Services Corporation.
H.M. Hashemian
Dr. H.M. “Hash” Hashemian is
president of Analysis and Measurement
Services Corporation (AMS), a nuclear
engineering company headquartered in
Knoxville, Tennessee,
specializing in testing
the instrumentation
and control systems
of nuclear power
plants.
Dr. Hashemian holds
three doctorates in
nuclear engineering,
electrical
engineering,
and computer
engineering. He
specializes in process instrumentation,
equipment condition monitoring, on-line
diagnostics of anomalies in industrial
equipment and processes, automated
testing, and technical training. He is
the author of 3 books, 9 book chapters,
and more than 300 papers and reports,
including 70 peer-reviewed journal and
magazine articles and more than 250
conference papers. In addition, he is the
author or co-author of 22 U.S. patents
(15 awarded and 5 pending).
Dr. Hashemian is a Fellow of the
American Nuclear Society (ANS), a
Fellow of the International Society of
Automation (ISA), a Senior Member of
the Institute of Electrical and Electronics
Engineers (IEEE), and a member of the
European Nuclear Society (ENS).
An overview report of the
Instrumentation Session by H.M.
Hashemian. The papers were presented
at the American Nuclear Society’s
Winter Meeting in Washington, D.C. on
November 11, 2015.
Estimation of Software CCFs
By Kim Koh-eun, KEPCO International
Graduate School.
The common cause failure (CCF)
paper was presented by Koh-eun Kim
and was an excellent paper on how to as-
sess the reliability of a software package
for a safety-related application in nuclear
power plants. The paper was somewhat
unique in that it introduced a software
quality assurance process starting with a
failure mode and effect analysis (FMEA).
An interesting discussion ensued after the
presentation as to an acceptable number
that can be assigned to software reliabil-
ity. We heard values in the range of 10
-4
to 10
-2
. What I learned from it was that
it presented a systematic and unique ap-
proach for an objec-
tive assessment of
probability of soft-
ware common cause
failure.
Another
note-
worthy point men-
tioned by the present-
er was that there is a
ton of guidelines and
standards for software
common cause failure
assessment but no
objective regulatory
guidelines.
Software common cause failure
(SW-CCF) represents the triggering
of common latent fault of the software
which results in, or contributes to the
simultaneous failure of redundant
channels in the safety system. An SW-
CCF may disable the intended functions
of safety systems when they are required.
The risk of SW-CCF remains a concern
in the use of digital safety system
software. The methodology combines
the SFMEA (Software FMEA) and SPN
(Stochastic Petri Nets) which enables
evaluating SW-CCFs and software
design. The methodology proposed in
the paper consists of four steps: system
level modeling, root cause analysis, fault
modeling, and simulation. The first step
identifies the possible failure modes and
their causes which lead to a significant
probability of a CCF. The second step
identifies potential vulnerabilities, that
is, the fault in the life cycle of software
development which may introduce the
causes of failure identified in the previous
step. The third step builds the SPN model
from the output of root cause analysis
to find the probability of latent fault in
the final software state. The final step
simulates the SW-CCF SPN models and
estimates the SW-CCF probability. A
case study of a Plant Protection System
(PPS) was used as an example. The
case study estimated the probability
as 4.27x10
-4
/cycle. If the approach is
extended to all the failure modes, it is
expected that the SW-CCF probability
can be estimated and be used as an input
to the PSA for safety-critical digital
system in NPPs.
Contact: Kim Koh-eun, KEPCO
International Graduate School, email:
Modelling Radiation-Induced
Failures in FPGAs
By Phillip McNelles, Zhao Chang Zeng
and Guna Renganathan, Canadian
Nuclear Safety Commission (CNSC
CCSN).
This was another outstanding
paper dealing with the assessment of
the reliability of embedded software in
FPGAs. Canada uses 10
-3
as an acceptance
criteria and this paper presented an
experimental method whereby signals
were injected into digital devices with
embedded FPGA to assess the level
of their reliability and vulnerability to
radiation damage. Brent Shumaker and
I particularly liked this paper as it spoke
of an effort similar to what we are doing
at AMS to develop a software tester.
The tester will inject analog and digital
data into digital systems to quantify
their reliability. The discussion after
this paper centered around a lack of a
consistent method/means for quantitative
software quality assurance and objective
presentation of software reliability. I was
very intrigued to realize that radiation can
affect the output of FPGAs to the level
that the author described.
Field Programmable Gate Arrays
(FPGAs) are a type of programmable
logic device (PLD) used to make digital
logic circuits. FPGAs do not include
software or operating systems, as the logic
functions are configured (synthesized)
38
NuclearPlantJournal.com Nuclear Plant Journal, January-February 2016
