DOI QR코드

DOI QR Code

NuDE 2.0: A Formal Method-based Software Development, Verification and Safety Analysis Environment for Digital I&Cs in NPPs

  • Kim, Eui-Sub (Division of Computer Science and Engineering, Konkuk University) ;
  • Lee, Dong-Ah (Division of Computer Science and Engineering, Konkuk University) ;
  • Jung, Sejin (Division of Computer Science and Engineering, Konkuk University) ;
  • Yoo, Junbeom (Division of Computer Science and Engineering, Konkuk University) ;
  • Choi, Jong-Gyun (Man-Machine Interface System Team, Korea Atomic Energy Research Institute) ;
  • Lee, Jang-Soo (Man-Machine Interface System Team, Korea Atomic Energy Research Institute)
  • Received : 2016.10.19
  • Accepted : 2017.02.04
  • Published : 2017.03.30

Abstract

NuDE 2.0 (Nuclear Development Environment 2.0) is a formal-method-based software development, verification and safety analysis environment for safety-critical digital I&Cs implemented with programmable logic controller (PLC) and field-programmable gate array (FPGA). It simultaneously develops PLC/FPGA software implementations from one requirement/design specification and also helps most of the development, verification, and safety analysis to be performed mechanically and in sequence. The NuDE 2.0 now consists of 25 CASE tools and also includes an in-depth solution for indirect commercial off-the-shelf (COTS) software dedication of new FPGA-based digital I&Cs. We expect that the NuDE 2.0 will be widely used as a means of diversifying software design/implementation and model-based software development methodology.

Keywords

References

  1. Programmable Controllers-Part 3: Programming languages, International Electrotechnical Commission, IEC 61131-3, 1993.
  2. J. G. Choi and D. Y. Lee, "Development of RPS trip logic based on PLD technology," Nuclear Engineering and Technology, vol. 44, no. 6, pp. 697-708, 2012. https://doi.org/10.5516/NET.04.2011.004
  3. J. Ranta, "The current state of FPGA technology in the nuclear domain," VTT Technical Research Centre of Finland, Espoo, Finland, 2012.
  4. J. She, "Investigation on the benefits of safety margin improvement in CANDU nuclear power plant using an FPGA-based shutdown system," Ph.D. dissertation, The University of Western Ontario, Canada, 2012.
  5. L. Lotjonen, "Field-programmable gate arrays in nuclear power plant safety automation," M.S. thesis, Aalto University, Espoo, Finland, 2013.
  6. J. Yoo, J. H. Lee, and J. S. Lee, "A research on seamless platform change of reactor protection system from PLC to FPGA," Nuclear Engineering and Technology, vol. 45, no. 4, pp. 477-488, 2013. https://doi.org/10.5516/NET.04.2012.078
  7. J. Yoo, E. Jee, and S. Cha, "Formal modeling and verification of safety-critical software," IEEE Software, vol. 26, no. 3, pp. 42-49, 2009. https://doi.org/10.1109/MS.2009.67
  8. J. H. Lee and J. Yoo, "NuDE: development environment for safety-critical software of nuclear power plant," in Transactions of the Korean Nuclear Society Spring Meeting, 2012, pp. 1154-1155.
  9. J. Yoo, E. S. Kim, D. A. Lee, J. G. Choi, Y. J. Lee, and J. S. Lee, "NuDE 2.0: a model-based software development environment for the PLC & FPGA based digital systems in nuclear power plants," in Proceedings of 2014 14th International Symposium of Integrated Circuit (ISIC), Singapore, 2014, pp. 604-607.
  10. J. Yoo, E. S. Kim, D. A. Lee, and J. G. Choi, "An integrated software development framework for PLC & FPGA based digital I&Cs," in Proceedings of International Symposium on Future I&C for Nuclear Power Plants/International Symposium on Symbiotic Nuclear Power System (ISOFIC/ ISSNP), Jeju, Korea, 2014.
  11. J. Yoo, T. Kim, S. Cha, J. S. Lee, and H. S. Son, "A formal software requirements specification method for digital nuclear plant protection systems," Journal of Systems and Software, vol. 74, no. 1, pp. 73-83, 2005. https://doi.org/10.1016/j.jss.2003.10.018
  12. Korea Atomic Energy Research Institute, "SRS for reactor protection system (KNICS-RPS-SRS101)," 2003.
  13. Korea Atomic Energy Research Institute, "SRS for reactor protection system (KNICS-RPS-SRS221)," 2005.
  14. Korea Atomic Energy Research Institute, "Software design specification for reactor protection system (KNICS-RPSSDS231)," 2006.
  15. C. A. Ericson, Hazard Analysis Techniques for System Safety, Hoboken, NJ: John Wiley & Sons, 2015.
  16. Functional safety of electrical/electronic/programmable electronic safety related systems, International Electrotechnical Commission, IEC 61508, 2000.
  17. Nuclear power plants-Instrumentation and control important to safety-General requirements for systems, International Electrotechnical Commission, IEC 61513:2011, 2011.
  18. Nuclear power plants-Instrumentation and control systems important to safety-Software aspects for computer-based systems performing category A functions, International Electrotechnical Commission, IEC 60880:2006, 2006.
  19. IEEE Standard Criteria for Safety Systems for Nuclear Power Generating Stations, IEEE Standard 603-2009, 2009.
  20. IEEE Standard Criteria for Digital Computers in Safety Systems of Nuclear Power Generating Stations, IEEE Standard 7-4.3.2-2010, 2010.
  21. IEEE Standard for Software Safety Plans, IEEE Standard 1228-1994, 1994.
  22. M. Manimaran, A. Shanmugam, P. Parimalam, N. Murali, and S. S. Murty, "Software development methodology for computer based I&C systems of prototype fast breeder reactor," Nuclear Engineering and Design, vol. 292, pp. 46-56, 2015. https://doi.org/10.1016/j.nucengdes.2015.05.014
  23. J. S. Lee, A. Lindner, J. G. Choi, H. Miedl, and K. C. Kwon, "Software safety lifecycles and the methods of a programmable electronic safety system for a nuclear power plant," in Proceedings of International Conference on Computer Safety, Reliability, and Security, Gdansk, Poland, 2006, pp. 85-98.
  24. J. S. Lee, V. Katta, E. K. Jee, and C. Raspotnig, "Meansends and whole-part traceability analysis of safety requirements," Journal of Systems and Software, vol. 83, no. 9, pp. 1612-1621, 2010. https://doi.org/10.1016/j.jss.2009.08.022
  25. H. A. Gabbar, "Integrated framework for safety control design of nuclear power plants," Nuclear Engineering and Design, vol. 240, no. 10, pp. 3550-3558, 2010. https://doi.org/10.1016/j.nucengdes.2010.07.024
  26. PONU-Tech, "Nuclear plant design and repair services," 2015; http://www.ponu-tech.co.kr/.
  27. S. Cho, K. Koo, B. You, T. W. Kim, T. Shim, and J. S. Lee, "Development of the loader software for PLC programming," in Proceedings of Conference of the Institute of Electronics Engineers of Korea, 2007, pp. 959-960.
  28. M. Young, Software Testing and Analysis: Process, Principles, and Techniques, Hoboken, NJ: John Wiley & Sons, 2008.
  29. Liverpool Data Research Associates, "LDRA tool suite," http://www.ldra.com.
  30. Esterel Technologies, "SCADE - IEC 60880 Compliant," http://www.esterel-technologies.com/industries/iec-60880/.
  31. J. H. Kim, D. Y. Oh, N. H. Lee, C. H. Kim, and J. H. Kim, "A nuclear safety system based on industrial computer," in Transactions of the Korean Nuclear Society Spring Meeting, 2011, pp. 963-964.
  32. C. Park, C. Choe, and S. Jin, "An effective application process for code coverage analysis," in Proceedings of International Symposium on Future I&C for Nuclear Power Plants/International Symposium on Symbiotic Nuclear Power System (ISOFIC/ISSNP), Jeju, Korea, 2014.
  33. E. Jee, J. Yoo, S. Cha, and D. Bae, "A data flow-based structural testing technique for FBD programs," Information and Software Technology, vol. 51, no. 7, pp. 1131-1139, 2009. https://doi.org/10.1016/j.infsof.2009.01.003
  34. E. Jee, D. Shin, S. Cha, J. S. Lee, and D. H. Bae, "Automated test case generation for FBD programs implementing reactor protection system software," Software Testing, Verification and Reliability, vol. 24, no. 8, pp. 608-628, 2014. https://doi.org/10.1002/stvr.1548
  35. D. Shin, E. Jee, and D. H. Bae, "Comprehensive analysis of FBD test coverage criteria using mutants," Software & Systems Modeling, vol. 15, no. 3, pp. 631-645, 2016. https://doi.org/10.1007/s10270-014-0428-y
  36. T. Hoare, "The verifying compiler: a grand challenge for computing research," Journal of the ACM, vol. 50, no. 1, pp. 63-69, 2003. https://doi.org/10.1145/602382.602403
  37. X. Leroy, "Formal verification of a realistic compiler," Communication of the ACM, vol. 52, no. 7, pp. 107-115, 2009. https://doi.org/10.1145/1538788.1538814
  38. Nuclear power plants-Instrumentation and control important to safety-Hardware design requirements for computerbased systems, International Electrotechnical Commission, IEC 60987:2007, 2007.
  39. Nuclear power plants-Instrumentation and control important to safety-Development of HDL-programmed integrated circuits for systems performing category A functions, International Electrotechnical Commission, IEC 62566:2012, 2012.
  40. M. Bobrek, D. Bouldin, D. E. Holcomb, S. M. Killough, S. F. Smith, C. Ward, and R. T. Wood, "Review guidelines for field-programmable gate arrays in nuclear power plant safety systems," United States Nuclear Regulatory Commission, Rockville, MD, Report No. NUREG/CR-7006, 2010.
  41. S. Y. Huang and K. T. Cheng, Formal Equivalence Checking and Design Debugging, Boston, MA: Kluwer Academic Publishers, 1998.
  42. J. R. Burch, E. M. Clarke, D. E. Long, K. L. McMillan, and D. L. Dill, "Symbolic model checking for sequential circuit verification," IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems, vol. 13, no. 4, pp. 401-424, 1994. https://doi.org/10.1109/43.275352
  43. M. Broy, M. Feilkas, M. Herrmannsdoerfer, S. Merenda, and D. Ratiu, "Seamless model-based development: from isolated tools to integrated model engineering environments," Proceedings of the IEEE, vol. 98, no. 4, pp. 526-545, 2010. https://doi.org/10.1109/JPROC.2009.2037771
  44. K. L. Heninger, "Specifying software requirements for complex systems: new techniques and their application," IEEE Transactions on Software Engineering, vol. 6, no. 1, pp. 2-13, 1980.
  45. J. Jo, S. Yoon, and J. Yoo, "Improvement of quick checker for the verification of NuSCR," in Proceedings of the Korea Conference on Software Engineering (KCSE 2011), 2011, pp. 393-400.
  46. J. Cho, J. Yoo, and S. Cha, "NuEditor: a tool suite for specification and verification of NuSCR," in International Conference on Software Engineering Research and Applications, Heidelberg: Springer, 2004, pp. 19-28.
  47. E. M. Clarke, O. Grumberg, and D. Peled, Model Checking, Cambridge, MA: MIT Press, 1999.
  48. K. McMillan, "Cadence SMV," http://www.kenmcmil.com/smv.html.
  49. J. Yoo, S. Cha, C. H. Kim, and Y. Oh, "Formal software requirements specification for digital reactor protection systems," Journal of KIISE: Software and Applications, vol. 31, no. 6, pp. 750-759, 2004.
  50. E. Jee, D. Shin, and D. H. Bae, "Analysis of model checking and testing and consideration of development direction for ensuring safety of RPS software," Communications of the Korean Institute of Information Scientists and Engineer, vol. 33, no. 7, pp. 15-26, 2015.
  51. T. Kim, J. Yoo, and S. Cha, "A synthesis method of software fault tree from NuSCR formal specification using templates," Journal of KIISE: Software and Applications, vol. 32, no. 12, pp. 1178-1191, 2005.
  52. S. Cha and J. Yoo, "A safety-focused verification using software fault trees," Future Generation Computer Systems, vol. 28, no. 8, pp. 1272-1282, 2012. https://doi.org/10.1016/j.future.2011.02.004
  53. N. Leveson and J. Thomas, "An STPA primer," Massachusetts Institute of Technology, Cambridge, MA, 2013.
  54. Y. Seo, "An extended process of STPA and implementation of an automatic assistant tool for reactor protection system software," M.S. thesis, Konkuk University, Seoul, 2016.
  55. J. Yoo, S. Cha, C. H. Kim, and D. Y. Song, "Synthesis of FBD-based PLC design from NuSCR formal specification," Reliability Engineering & System Safety, vol. 87, no. 2, pp. 287-294, 2005. https://doi.org/10.1016/j.ress.2004.05.005
  56. D. A. Lee, E. S. Kim, Y. J. Seo, and J. Yoo, "FBDEditor: an FBD design program for developing nuclear digital I&C systems," in Proceedings of the Korea Conference on Software Engineering (KCSE 2014), 2014, pp. 315-318.
  57. PLCopen, "PLCopen for efficiency in automation," http://www.plcopen.org.
  58. D. A. Lee and J. Yoo, "pSET2TC6: a translation tool to standardize the output format of pSET," in Proceedings of the KIISE 2011 Fall Conference, 2011, pp. 105-107.
  59. S. Jung, J. Yoo, and J. S. Lee, "A platform-independent structural analysis on FBD programs for digital reactor protection systems," Annals of Nuclear Energy, vol. 103, pp. 454-469, 2017. https://doi.org/10.1016/j.anucene.2017.02.006
  60. Functional safety of electrical/electronic/programmable electronic safety related systems-Part 3: Software requirements, International Electrotechnical Commission, IEC 61508-3:2000, 2000.
  61. H. Hecht, M Hecht, S. Graff, W. Green, D. Lin, S. Koch, A. Tai, and D. Wendelboe, "Review guidelines on software languages for use in nuclear power plant safety systems," United States Nuclear Regulatory Commission, Rockville, MD, Report No. NUREG/CR-6463, 1996.
  62. E. S. Kim, D. A. Lee, and J. Yoo, "The scenario generator for verifying the correctness of FBDtoVerilog Translator," in Proceedings of the Korea Information Processing Society 2014 Spring Conference, 2014, pp. 599-602.
  63. J. Kim, E. S. Kim, J. Yoo, Y. J. Lee, and J. G. Choi, "An integrated software testing framework for FPGA-based controllers in nuclear power plants," Nuclear Engineering and Technology, vol. 48, no. 2, pp. 470-481, 2016. https://doi.org/10.1016/j.net.2015.12.008
  64. J. Yoo, S. Cha, and E. Jee, "Verification of PLC programs written in FBD with VIS," Nuclear Engineering and Technology, vol. 41, no. 1, pp. 79-90, 2009. https://doi.org/10.5516/NET.2009.41.1.079
  65. J. Yoo, J. H. Lee, S. Jeong, and S. Cha, "FBDtoVerilog: a vendor-independent translation from FBDs into Verilog programs," in Proceedings of the 23rd International Conference on Software Engineering and Knowledge Engineering (SEKE 2011), Miami Beach, FL, 2011, pp. 48-51.
  66. R. K. Brayton, G. D. Hachtel, A. Sangiovanni-Vincentelli, F. Somenzi, A. Aziz, S. T. Cheng, et al., "VIS: a system for verification and synthesis," in Proceedings of the 8th International Conference on Computer Aided Verification (CAV'96), New Brunswick, NJ, 1996, pp. 428-432.
  67. S. Jeong, J. Yoo, and S. Cha, "VIS analyzer: a visual assistant for VIS verification and analysis," in Proceedings of the 13th IEEE International Symposium on Object/Component/Service-Oriented Real-Time Distributed Computing (ISORC), Carmona, Spain, 2010, pp. 250-254.
  68. Dependable Software Laboratory, "FBD FTA," http://dslab.konkuk.ac.kr/Nuclear-Requirement/FBD_FTA.htm.
  69. Y. Oh, J. Yoo, S. Cha, and H. S. Son, "Software safety analysis of function block diagrams using fault trees," Reliability Engineering & System Safety, vol. 88, no. 3, pp. 215-228, 2005. https://doi.org/10.1016/j.ress.2004.07.019
  70. G. Y. Park, K. Y. Koh, E. Jee, and P. H. Seong, "Fault tree analysis of KNICS RPS software," Nuclear Engineering and Technology, vol. 40, no. 5, pp. 397-408, 2008. https://doi.org/10.5516/NET.2008.40.5.397
  71. J. Yoo, E. S. Kim, and J. S. Lee, "A behavior-preserving translation from FBD design to c implementation for reactor protection system software," Nuclear Engineering and Technology, vol. 45, no. 4, pp. 489-504, 2013. https://doi.org/10.5516/NET.04.2012.085
  72. D. A. Lee, E. S. Kim, and J. Yoo, "FBDtoVerilog 2.0: an automatic translation of FBD into Verilog to develop FPGA," in Proceedings of the 5th International Conference on Information Science and Application (ICISA 2014), Seoul, Korea, 2014, pp. 447-450.
  73. Dependable Software Laboratory, "FBDtoVerilog 2.10," http://dslab.konkuk.ac.kr/Nuclear-Design/FBDtoVerilog.htm.
  74. J. Kim, E. S. Kim, J. Yoo, Y. J. Lee, and J. G. Choi, "FBDtoVHDL: an automatic translation from FBD into VHDL for FPGA development," Journal of KIISE, vol. 43, no. 5, pp. 569-578, 2016. https://doi.org/10.5626/JOK.2016.43.5.569
  75. Y. Seo, D. A. Lee, and J. Yoo, "VerilogLinker: a tool for link IDE for FPGA controller to commercial FPGA synthesis software," in Proceedings of the Korea Information Processing Society 2014 Spring Conference, 2014, pp. 595-599.
  76. E. Clarke and D. Kroening, "Hardware verification using ANSI-C programs as a reference," in Proceedings of the 2003 Asia and South Pacific Design Automation Conference, Yokohama, Japan, 2003, pp. 308-311.
  77. D. A. Lee, J. Yoo, and J. S. Lee, "A systematic verification of behavioral consistency between FBD design and ANSI-C implementation using HWCBMC," Reliability Engineering & System Safety, vol. 120, no. 12, pp. 139-149, 2013. https://doi.org/10.1016/j.ress.2013.06.006
  78. E. S. Kim, "A technique for demonstrating correctness and safety of program translators: strategy and case study," M.S. thesis, Konkuk University, Seoul, 2015.
  79. S. Jung, E. S. Kim, J. Yoo, J. Y. Kim, and J. G. Choi, "An evaluation and acceptance of COTS software for FPGAbased controllers in NPPs," Annals of Nuclear Energy, vol. 94, pp. 338-349, 2016. https://doi.org/10.1016/j.anucene.2016.03.026
  80. E. S. Kim, J. Yoo, J. G. Choi, J. Y. Kim, and J. S. Lee, "A technique for demonstrating safety and correctness of program translators: strategy and case study," in Proceedings of the 2nd International Workshop on Assurance Cases for Software-intensive Systems (ASSURE), Naples, Italy, 2014, pp. 210-215.
  81. J. Yoo, E. S. Kim, and S. Jung, "Verification techniques for COTS dedication of commercial FPGA tools," in Proceedings of the 10th International Symposium on Embedded Technology (ISET2015), Daegu, Korea, 2015, pp. 150-151.
  82. E. S. Kim, J. Yoo, and J. Y. Kim, "CVEC: a customized VIS-based equivalence checker for FPGA logic synthesis," Science of Computer Programming, 2016, submitted.
  83. D. Kim, M. Ciesielski, and S. Yang, "A new distributed event-driven gate-level HDL simulation by accurate prediction," in Proceedings of Design, Automation & Test in Europe Conference & Exhibition (DATE), Grenoble, France, 2011, pp. 1-4.
  84. D. Zheng, W. Yichen, and Z. Xueyi, "The methods of FPGA software verification," in Proceedings of 2011 IEEE International Conference on Computer Science and Automation Engineering (CSAE), Shanghai, China, 2011, pp. 86-89.
  85. R. E. Bryant, "A methodology for hardware verification based on logic simulation," Journal of the ACM, vol. 38, no. 2, pp. 299-328, 1991. https://doi.org/10.1145/103516.103519
  86. Esterel Technologies, "SCADE Suite," http://www.estereltechnologies.com/products/scade-suite/.
  87. MathWorks, "Simulink," https://www.mathworks.com/products/simulink.html.
  88. MathWorks, "MATLAB," https://www.mathworks.com/products/matlab.html.
  89. IBM, "Rational Rhapsody," http://www.ibm.com.
  90. IBM, "Rational Rose RealTime," http://www.ibm.com.
  91. ETAS, "ASCET," http://www.etas.com.
  92. P. Thevenod-Fosse, "Unit and integration testing of LUSTRE programs: a case study from the nuclear industry," Centre National de la Recherche Scientifique (CNRS), Toulouse, France, Report No. CNRS-LAAS-98078, 1998.
  93. H. Gao, C. Wang, and W. Pan, "A detailed nuclear power plant model for power system analysis based on PSS/E," in Proceedings of 2006 IEEE PES Power Systems Conference and Exposition (PSCE), Atlanta, GA, 2006, pp. 1582-1586.
  94. S. A. M. Shirazi, "The theoretical simulation of a model by SIMULINK for surveying the work and dynamical stability of nuclear reactors cores," in Nuclear Reactor, Rijeka, Croatia: InTech, 2012.
  95. P. Pihlanko, S. Sierla, K. Thramboulidis, and M. Viitasalo, "An industrial evaluation of SysML: the case of a nuclear automation modernization project," in Proceedings of 2013 IEEE 18th Conference on Emerging Technologies & Factory Automation (ETFA), Cagliari, Italy, 2013, pp. 1-8.