Software Safety Analysis of Digital Protection System Requirements Using a Qualitative Formal Method

Abstract The safety analysis of requirements is a key problem area in the development of software for the digital protection systems of a nuclear power plant. When specifying requirements for software of the digital protection systems and conducting safety analysis, engineers find that requirements are often known only in qualitative terms and that existing fault-tree analysis techniques provide little guidance on formulating and evaluating potential failure modes. A framework for the requirements engineering process is proposed that consists of a qualitative method for requirements specification, called the qualitative formal method (QFM), and a safety analysis method for the requirements based on causality information, called the causal requirements safety analysis (CRSA). CRSA is a technique that qualitatively evaluates causal relationships between software faults and physical hazards. This technique, extending the qualitative formal method process and utilizing information captured in the state trajectory, provides specific guidelines on how to identify failure modes and the relationship among them. The QFM and CRSA processes are described using shutdown system 2 of the Wolsong nuclear power plants as the digital protection system example.

[1]  W E Vesely,et al.  Fault Tree Handbook , 1987 .

[2]  David Harel,et al.  Statecharts: A Visual Formalism for Complex Systems , 1987, Sci. Comput. Program..

[3]  Kaisa Sere,et al.  Safety Analysis in Formal Specification , 1999, World Congress on Formal Methods.

[4]  Nancy G. Leveson,et al.  Safety verification in MURPHY using fault tree analysis , 1988, Proceedings. [1989] 11th International Conference on Software Engineering.

[5]  Jonathan S. Ostroff,et al.  Formal methods for the specification and design of real-time safety critical systems , 1992, J. Syst. Softw..

[6]  Shaoying Liu,et al.  A Model-Oriented Approach to Safety Analysis Using Fault Trees and a Support System , 1996, J. Syst. Softw..

[7]  Stephen Sungdeok Cha A safety-critical software design and verification technique , 1992 .

[8]  John A. McDermid,et al.  Software fault trees and weakest preconditions: a comparison and analysis , 1993, Softw. Eng. J..

[9]  John A. McDermid,et al.  An integrated tool set for software safety analysis , 1993, J. Syst. Softw..

[10]  Jang-Soo Lee,et al.  Behavior verification of hybrid real-time requirements by qualitative formalism , 1997, Proceedings Fourth International Workshop on Real-Time Computing Systems and Applications.

[11]  Wei-Tek Tsai,et al.  A framework for designing safe software systems , 1995, Proceedings Nineteenth Annual International Computer Software and Applications Conference (COMPSAC'95).

[12]  Richard Fikes,et al.  Causal functional representation language with behavior-based semantics , 1995, Appl. Artif. Intell..

[13]  Nancy G. Leveson,et al.  Safety Analysis of Ada Programs Using Fault Trees , 1983, IEEE Transactions on Reliability.

[14]  J.-S. Lee,et al.  Qualitative formal method for requirements specification and validation of hybrid real-time safety systems , 2000, IEE Proc. Softw..

[15]  Nancy G. Leveson,et al.  Safety Analysis Using Petri Nets , 1987, IEEE Transactions on Software Engineering.

[16]  Daniel G. Bobrow,et al.  CML: A Compositional Modeling Language , 1994 .

[17]  Nancy G. Leveson,et al.  Analyzing Software Safety , 1983, IEEE Transactions on Software Engineering.