A practical application of NUREG/CR-6430 software safety hazard analysis to FPGA software☆
Introduction
Digital instrumentation and control system (I&Cs) in nuclear power plants should be analyzed and evaluated to ensure that the systems are acceptably safe from hazards/risks/failures [2], [3]. Hazard analysis is a method for identifying potential hazardous portions of a system. Eliminating, reducing, or avoiding the impact of identified hazards should be appropriately followed to achieve the freedom from the hazards [4]. Software, which is a part of systems, can also be a cause of system hazards, and software hazard analysis should be performed rigorously [5], [6].
There are several standards/guidelines for software safety/hazard analysis [4], [7], and safety plan [8] for nuclear safety system software. The NUREG/CR-6430 suggests methods (processes) for analyzing software-affected hazards during whole software development life cycle (SDLC) like safety plan. It provides an analysis process for each phase of software development, and also provides guide phrases and several techniques that can be applied to software hazard analysis. The analysis process consists that are identify a high-level hazard, analyze each element of requirements with guide phrases, and so on. The details of the NUREG/CR-6430 are explained in the next section.
Field-programmable gate array (FPGA) has received much attention from the nuclear industry to develop digital I&C systems as an alternative platform of programmable logic controller (PLC). There are several standardization efforts for using FPGA in nuclear systems [9], [10]. FPGA-based digital controllers should be evaluated/analyzed that the systems are acceptably safe to operate, too. Since the typical FPGA development includes two different aspects of development, such as software and hardware, we need to apply hazard analysis hierarchically and compositionally [10], [11]. Although the NUREG/CR-6430 might provide a useful approach to perform hazard analysis against FPGA software, we need extensions or refinement methods to analyze FPGA software throughly. Nevertheless, there is no hazard analysis result reported for FPGA software used in digital I&Cs. There are only a few approaches concerning FPGA software verification, simulation [12], [13], and FPGA hardware reliability [14], [15], [16], to the best of our knowledge.
This paper proposes a refined hazard analysis process at the software requirements phase of the NUREG/CR-6430 that is applicable to FPGA software. It extends the steps of “identifyng software responsible hazards” and “applying guide phrases” in the NUREG/CR-6430 and also guide phrases to incorporate the hardware aspects of FPGA software requirements. The proposed refined process and guide phrases support to check for hardware aspects of software requirement hazard analysis on the FPGA software. We performed hazard analysis upon FPGA software in accordance with the NUREG/CR-6430 and proposed process in a case study. We used the hazard and operability (HAZOP) technique and one version of the FPGA software requirements specification of a process module in the digital FPGA logic controller-nuclear (DFLC-N) [17], which is an FPGA-based I&C controller under development in Korea. We also discussed the applicability and feasibility of the refined process presented in this paper through comparative analysis of the analysis aspects and analysis results.
The remainder of this paper is organized as follows. Section 2 introduces the FPGA development process and hazard analysis as a background. Section 3 presents the refined process of the NUREG/CR-6430 proposed in this paper, and we explain the performing hazard analysis upon the FPGA software as a case study in Section 4. Section 5 concludes this paper and provides remarks on future research extensions and directions.
Section snippets
The FPGA development process
FPGA-based digital I&Cs should follow the development life cycle described in the IEC (International Electrotechnical Commission)-61513 standard [3]. FPGA-based systems, however, have specific features that developing part using hardware description language (HDL) is classified into software, while after downloading to a chip is classified into hardware. Therefore, FPGA should be developed to comply with both the IEC-60880 standard [18] in terms of software and IEC-60987 standard [19] in terms
A refined process for hazard analysis of software requirement specifications
This paper proposes a refined process for the hazard analysis of FPGA software requirement specifications. It extends the hazard analysis process of the NUREG/CR-6430 to incorporate the hardware-specific features of FPGA software. We also extend the guide phrases of the NUREG/CR-6430 to handle the circuit and memory aspects of FPGA software. ⟨Fig. 3⟩ presents the refined process for FPGA software requirement hazard analysis. We compose the process into six steps and also change the order of
Case study
We conducted hazard analysis on an FPGA software requirement specification using the refined process and guide phrases proposed in this study. The target specification is one version of a process module in DFLC-N [17], which is an FPGA-based I&C controller developed in Korea. This case study introduces the feasibility and efficiency of the proposed process and guide phrases to software hazard analysis of FPGA software in accordance with the NUREG/CR-6430. Because of space limitations, we only
Conclusions and future work
This paper proposes a refined process and guide phrases for the hazard analysis of FPGA software requirement specifications. The proposed process extends the hazard analysis process of the NUREG/CR-6430 to incorporate the hardware features of FPGA software. The proposed process consists of six steps for requirement hazard analysis and extended guide phrases to handle the circuit and memory aspects of FPGA software. We performed a practical application of the proposed process in a case study on
Declaration of Competing Interest
The authors declare that they have no known competing financial interests or personal relationships that could have appeared to influence the work reported in this paper.
CRediT authorship contribution statement
Sejin Jung: Methodology, Validation, Visualization, Writing - original draft, Writing - review & editing. Junbeom Yoo: Conceptualization, Methodology, Validation, Writing - original draft, Writing - review & editing. Young-Jun Lee: Resources, Validation, Writing - review & editing.
Acknowledgements
This research was supported by Basic Science Research Program through the National Research Foundation of Korea (NRF) funded by the Ministry of Education (NRF-2017R1D1A1B03030065) and Next-Generation Information Computing Development Program through the National Research Foundation (NRF) of Korea funded by the Ministry of Science, ICT (NRF-2017M3C4A7066479).
References (36)
- et al.
Predicting system failure rates of SRAM-based FPGA on-board processors in space radiation environments
Reliabil Eng Syst Saf
(2019) - et al.
Dependability modeling and optimization of triple modular redundancy partitioning for SRAM-based FPGAs
Reliabil Eng Syst Saf
(2019) - et al.
FPGA software testing process management
2015 IEEE international conference on grey systems and intelligent services (GSIS)
(2015) - et al.
Software verification process and methodology for the development of FPGA-based engineered safety features system
Nucl Eng Des
(2018) - et al.
System assessment of an FPGA-based RPS for ABWR nuclear power plant
Prog Nucl Energy
(2015) - et al.
Failure mode and effect analysis improvement: asystematic literature review and future research agenda
Reliabil Eng Syst Saf
(2020) - et al.
Failure mode taxonomy for assessing the reliability of field programmable gate array based instrumentation and control systems
Ann Nucl Energy
(2017) Safeware: system safety and computers
(1995)- et al.
Hazard analysis of software requirements specification for process module of FPGA-based controllers in NPP
Transactions of the Korean nuclear society autumn meeting, Gyeongju, Korea
(2016) Design of Instrumentation and control systems for nuclear power plant
Tech. Rep.
(2016)
Nuclear power plants - instrumentation and control important to safety - general requirements for systems (IEC 61513)
Tech. Rep.
Software safety hazard analysis (NUREG/CR-6430)
Tech. Rep.
Software safety in embedded computer systems
Commun ACM
Software hazard and safety analysis
International symposium on formal techniques in real-time and fault-tolerant systems
Software reliability and safety in nuclear reactor protection systems (NUREG/CR-6101)
Tech. Rep.
IEEE Standard for Software Safety Plans (IEEE 1228)
Tech. Rep.
Nuclear power plants - instrumentation and control important to safety - development of HDL-programmed integrated circuits for systems performing category A functions (IEC 62566)
Tech. Rep.
Application of field programmable gate arrays in instrumentation and control systems of nuclear power plants
Tech. Rep.
Cited by (2)
Smart grid and nuclear power plant security by integrating cryptographic hardware chip
2021, Nuclear Engineering and TechnologyCitation Excerpt :It is helpful to prevent instrumentation and control hardware failure and delays in communication within and between the systems [19]. PLC-based systems [20] can be replaced by FPGA in the nuclear power plant. FPGA is a hardware platform that configures a prototype version with a specific FPGA controller, then hazard analysis is required on FPGA software to check the feasibility of the system.
An Approach for Hazard Analysis of Multiple-Cooperative Systems Considering Dynamic Configuration Uncertainty
2022, Proceedings - Asia-Pacific Software Engineering Conference, APSEC
- ☆
This paper was originally published in Korean Nuclear Society Autumn Meeting 2016 [1].