NPP I&C Safety Assessment by Aggregation of Formal Techniques

Safety assessment of nuclear power plant instrumentation and control systems (NPP I&Cs) is a complicated and resource consuming process that is required be done so as to ensure the required safety level and comply to normative regulations. A lot of work have been performed in the field of application of different assessment methods and techniques, modifying them and using their combinations so as to provide unified approach in comprehensive safety assessment. Anyway, performed research have shown there are still challenges to overcome, including rationale and choice of the safety assessment method, verification of assessment results, choosing and applying techniques that support safety assessment process, especially in the nuclear field. In our work we present developed framework that aggregates the most appropriate safety assessment methods typically used for NPP I&Cs. Key features that this framework provides are the formal descriptions of all required input information for every safety assessment method, possible data flows between methods, possible output information for every method. Such representation allows to obtain possible paths required to get necessary indicators, analyze the possibility to verify them by application of different methods that provide same indicators etc. During safety assessment of NPP I&Cs it is very important to address software due to its crucial role in I&C safety assurance. Relevant standards like IEC 60880 [1] and IEC 62138 [2] provide requirements for software related activities and supporting processes in the software safety lifecycle of computer-based I&C systems of nuclear power plants performing functions of safety category A, B and C, as defined by IEC 61226 [3]. Requirements and frameworks provided by IEC 60880 and IEC 62138 for the nuclear application sector correspond to IEC 61508, part 3 [4]. These standards define several types of safety related software and specify particular requirements for each software type. So as to verify software and confirm correspondence to required safety level, different techniques are suggested in normative documents. We share our experience obtained during software failure modes and effect analysis (software FMEA) and software fault insertion (software FIT) processes into FPGA-based platform, NPP I&C systems based on that platform, and RPCT, integrated development environment used by RPC Radiy and end users to design user application logic, specify hardware configuration etc. We apply software FIT to outputs of RPCT, considering source code, configuration files and firmware files. Finally, we provide a case study of application the developed safety assessment framework and software FMEA/FIT practices during practical assessment of FPGA-based NPP I&C system.