The overall objective of the HARMONICS project is to ensure that the nuclear industry has well founded and up-to-date methods and data for assessing software of computer-based safety systems of Gen-II and Gen-III NPPs. It will take advantage of the aforementioned advances to propose systematic and consistent, yet realistic and practical approaches for software assessment. These approaches will address the complete software and system lifecycle, from requirements specification to architectural and detailed design, development, testing, use and maintenance.
The approach will be the result of a close co-operation between the EU and China, where a parallel project entitled “Reliability And V&V Of Nuclear Safety I&C Software” (RAVONSICS) will be carried out, and will take into consideration the different views, practices, and requirements of the participating countries. Also, in addition to the core project team, a larger “end user group” will be constituted with other interested stakeholders (utilities, regulatory bodies, suppliers) to review and give feedback on the project work. Thus, the project should foster an international consensus based on a sound scientific and technical approach, and hopefully provide a good basis for harmonisation.
The project will address three key issues: software verification & validation (V&V), software safety justification, and quantitative evaluation of software reliability. The term “software reliability” is used throughout this document as a shortcut for “software-related aspects of system reliability”. The focus will be mainly on I&C systems performing category A functions (as defined by IEC 61226) which is the highest safety category in NPP. To support research activities on these three main issues, the project will investigate and develop theories, techniques and tools as necessary. In addition, the feasibility of the developed approaches will be demonstrated with selected case examples provided by the project participants and the end user group.
Regarding software V&V, the project will analyse the state of the art, propose innovative techniques and tools, and provide practical guidelines for applying some of these techniques and tools. V&V may be used to ascertain the effective implementation of fault avoidance measures, such as compliance to complexity limits, to design and coding rules, to specified development processes and methods. V&V may also be used for fault detection (for their subsequent removal), by applying techniques such as simulation and testing, formal verification, inspection. Lastly, V&V may be used to ascertain the effective implementation of design measures taken to guarantee that certain types of postulated residual software faults will not lead to failures or common cause failures.
Regarding software safety justification, the HARMONICS project will build on current practices and on results of previous Euratom FP6 research projects, namely CEMSIS (Cost-Effective Modernisation of Systems Important to Safety) and BE-SECBS (Benchmark Exercise on Safety Evaluation of Computer Based Systems). In particular, it will propose a framework integrated into the overall system safety justification, and based on the complementarity and integration of the rule-based, the goal-based and the risk-informed approaches. In particular, the project will analyse the domain of applicability and acceptability of each approach, and will provide practical guidelines based in particular on the information gathered with the proposed V&V techniques. For example, in the claim-argument-evidence approach suggested by CEMSIS, V&V can be used to shape the claims and argument, and to provide the evidence part of the justification. Methods benchmarked in the BE-SECBS can be applied to software reliability assessment.
Regarding software reliability, the intended framework integrates quantitative software reliability claims in the overall software and system safety justification. In particular, the project will investigate the nature and justification for any reliability claim limit. It will also propose practical approaches to estimate the values needed for Probabilistic Safety Assessments (PSA): probabilities of failure on demand, conditional probabilities of common cause failures (so-called beta-factors), and possibly frequencies of spurious actuations that lead to initiating events. To this end, the project will analyse the current state of the art, which is usually based on holistic approaches (e.g., conformance to international standards, collection and analysis of operating experience, statistical testing and corresponding trade-offs between realism and scale of tests). It will also propose a more analytical approach that takes into consideration all the information obtained by V&V and organised by the software safety justification. This approach can be based on the identification of failure modes of interest, of the failure mechanisms that could lead to these modes, and on the effectiveness of the measures taken to prevent given mechanisms. It will also consider the implication of I&C architectures (levels of defence and diversity) and implementation technologies in the system safety justification.