Wang Xi(✉), Peng-Fei Gu, Wei Liu, and Wei-Hua Chen
State Key Laboratory of Nuclear Power Safety Monitoring Technology and Equipment, Laboratory of I&C Equipment Qualification and Software V&V,
China Nuclear Power Design Co., Ltd., Shenzhen, China [email protected]
Abstract. V&V (Verification and Validation) is an important way to assure the safety and reliability of software. Requirement management plays a critical role through the whole process of V&V. Based on the practice on Generation II + pres‐
surized water reactor named CPR1000, this paper establishes requirement management scheme for digital RPS (Reactor Protection System) software V&V, the scheme is applied in typical DCS (Digital Control System) V&V project of nuclear power plant, and enhances the trace efficiency. The successful engi‐
neering practice provides efficient requirement management reference for succeed nuclear DCS devices development and test projects.
Keywords: NPP · DCS · RPS · V&V · Requirement management
1 Introduction
The Reactor Protection System (RPS) is an important part of the instrument control system [1], including the Reactor Trip (RT) and Engineering Safety Feature (ESF) actuation protection devices, which is the core system to ensure the safe and reliable operation of the Nuclear Power Plant (NPP). Compared with the analog instrument control system, the digital instrumentation control system (DCS) introduce the software in nuclear safety level. The DCS obtained higher control precision, integration, easy expansion and data transmission reliability. Software and system defects may cause system failure, furthermore, resulting in serious consequences. In accordance with the requirement of the nuclear safety regulations HAF102 [3], V&V [1, 2] is a necessary step to ensure the quality of the software. The safety and reliability of the software, which is applied in nuclear power station safety functions, should be demonstrated and confirmed by V&V process [4].
Requirement management is a systematic approach to acquiring, organizing and docu‐
menting system requirement, as well as a process that enables customers and project teams to reach and align with changing system requirement. Requirement management is also an important part for QC (quality control [5]) in development of the entire nuclear power project and V&V. Requirement management includes requirement change management,
© Springer Nature Singapore Pte Ltd. 2018
Y. Xu et al. (eds.), Nuclear Power Plants: Innovative Technologies for Instrumentation and Control Systems, Lecture Notes in Electrical Engineering 455,
https://doi.org/10.1007/978-981-10-7416-5_2
requirement version management and requirement tracing management, all of them providing a reusable and traceable evidence for software reliability verification [6].
Based on the practice of CPR1000 project, this paper constructs requirement management model and file tracking network for digital reactor protection system soft‐
ware V&V, the model applies on typical products of localization nuclear power instru‐
mentation control equipment.
2 V&V Model for RPS
According to IEC 60880 Standard for software used in nuclear power plant safety systems [7] and IEEE Std. 1012 Standard for Software Verification and Validation [8], this paper construct the V&V model relies on the V&V project combined with the actual situation of RPS software requirements and designs process in NPP.
As shown in Fig. 1, according to the design and implementation of system require‐
ment and software requirement in reactor protection system, the V&V model divides the V&V process into 5 stages, including Concept V&V, Requirement V&V, Design V&V, Implementation V&V, and Test V&V. Each stage verifies its input and output files. The Test V&V including integration test, which validate the software requirement, and acceptance test, which validate the system requirements.
I&C System
Fig. 1. V&V model for digital RPS
3 V&V Requirement Management Scheme for RPS
3.1 Files Architecture
The basic files architecture of RPS system design and development process is shown in Fig. 2.
• In the concept stage, the “RPS system requirement specification” and “logic diagram and analog diagram” are proposed by the designer. The developer will refine the 14 W. Xi et al.
system requirement into the “functional design specification” according to the design document.
• In the requirement stage, the software-related part of the functional design specifi‐
cation can be extracted as “software requirement specification”, the “functional diagram” is established in according to the software function requirement and “logic/
analog diagram”.
• In the design stage, the developer makes the function diagram into software config‐
uration diagram by special software tool;
• In the implementation stage, the configuration diagram of the specific algorithm block is achieved by the code, and get executable function block;
• In the integration test stage, the integrated system should be tested.
Therefore, the RPS files architecture has the dependencies among various stages, as well as the characteristics of the design documents and diagrams, on which need to be focused in the requirement management.
RPS System
Concept Requirement Design Implementation Test
Integration Test
Fig. 2. RPS files architecture
3.2 Requirement Management Model
In according to the relationships of RPS files, this paper constructs the requirement management model from three aspects: requirement version management, requirement change management and requirement tracking management. Requirement tracking is the main content of requirement management. As shown in Fig. 3, the model establishes a baseline for each file to control the version, performs requirement tracking at each stage. When the requirement change, the baseline should be updated, the requirement management process for the update should be repeated, and ensure that the requirement change in upstream file has been re-implemented in downstream file with continued consistency and traceability.
A Study and Application About Software V&V Requirement Management 15
Start
Fig. 3. V&V model for digital RPS
3.3 Requirement Management
In according to RPS system document system characteristics and requirement manage‐
ment model, this paper constructs the requirement management scheme for RPS system software V&V. As shown in Fig. 4, this scheme combines the actual situation of CPR1000 project to build the most complete requirement management.
• The concept stage is the source of requirement tracking, the correctness of require‐
ment analysis is related to the whole project design. In the actual project, the contract annex is the supplement for RPS requirement specification. In this scheme, both the contract annex and the RPS requirement specification are made an upstream docu‐
ment in concept stage, to improve the quality of project requirement entry from the source.
• The file of the downstream stage of the concept stage includes the “Overall Design Specification” and its “Subsystem Design file” and “Special Function Design Spec‐
ification”. This scheme adds the forward and backward tracking from “Overall Design Specification” to “Subsystem Design Manual” and “special function design specifications” for their internal file relationship, to further ensure that the functional design specifications to meet the upstream file needs.
• The “Basic I/O List”, “Set point Manual” and “Safety Control Display Device (SCID) Database” are also generated at the same time as the “Software Requirement Spec‐
ification”, “Logic/Analog diagram”, these three documents describe the details of signal point name, value assignment and equipment relationships in functional diagram. In requirement stage, the internal relationship between the functional diagram and the above three documents is tracked to further ensure the functional design satisfice the requirement.
16 W. Xi et al.
• In the design stage, this scheme makes “detailed I/O list” and “configuration diagram”
together as a management object to ensure the configuration diagram interface to meet the needs.
• In the implementation stage, this paper makes “software code” and “function block user manual” as a management object, on the one hand to verify the configuration diagram function module to meet the requirement, and the other hand to verify the functional unit code design to meet the needs.
• In the testing stage, this scheme use “integration test program”, “ integration test program”, and “ integration test results” together as a management object, on the one hand to confirm whether the developer integrated test design can effectively meet the test requirement, on the other hand to verify the integration whether the test results meet the functional requirement.
Overall Design File
By-pass Design File Reactor Trip Protection Design File
Self-diagnose Design File
Fig. 4. Digital RPS software V&V requirement management scheme
A Study and Application About Software V&V Requirement Management 17