Safety analysis of safety-critical software for nuclear digital protection system

A strategy and relating activities of a software safety analysis (SSA) are presented for the software of a digital reactor protection system where software modules in the design description are represented by function blocks (FBs). The SSA, as a part of the verification and validation activities, was activated at each phase of the software lifecycle. For the SSA of the FB modules, the software HAZOP was performed and then the SFTA (Software Fault Tree Analysis) was applied. Both methods are redundant and complementary because the software HAZOP is a forward broad-thinking analysis method and the SFTA is a backward step-by-step local analysis method. The software HAZOP with qualitative properties for a deviation evaluated all the software modules and identified various hazards. The SFTA with well-defined FB; fault tree templates was applied to some critical modules selected from the software HAZOP analysis and it identified some hazards that had not been identified in the prior processes of the document evaluation and the formal verification.