The development of high reliability software-RRA's experience for safety critical systems

Rolls-Royce and Associates design and procure nuclear steam raising plants. The newer generations of plant incorporate microprocessor based systems, including software which control plant operations critical to its safety. It has therefore been necessary both to develop software in such a way as to ensure its correct operation, and then to further demonstrate that this objective has been achieved. In defining the methods to be used for safety critical software, and subsequently implementing them, RRA has reviewed the approach required to subcontract detailed design of electronic systems. It has become evident that the requirements which are imposed by the need to develop safety critical software will have significant influence on decisions as to the most effective project organisation. The authors review the methods used in each of two projects so far undertaken, and examine the lessons learnt, both in terms of technical methods and project organisation.