Abstract
Each of the four reactor units at the Ontario Hydro Bruce A Nuclear Generating Station is controlled by the Reactor Regulating System (RRS) software running on digital computers. This research report presents an assessment of the quality and reliability of the RRS software based on a review of the RRS design documentation, an analysis of certain significant Event Reports (SERs), and an examination of selected software changes. We found that the RRS software requirements (i.e., what the software should do) were never clearly documented, and that design documents, which should describe how the requirements are implemented, are incomplete and inaccurate. Some RRS-related SERs (i.e., reports on unexpected incidents relating to the reactor control) implied that there were faults in the RRS, or that RRS changes should be made to help prevent certain unexpected events. The follow-up investigations were generally poorly documented, and so it could not usually be determined that problems were properly resolved. The Bruce A software change control procedures require improvement. For the software changes examined, there was insufficient evidence provided by Ontario Hydro that the required procedures regarding change approval, independent review, documentation updates, and testing were followed. Ontario Hydro relies on the expertise of their technical
More>>
Citation Formats
None.
Review of Bruce A reactor regulating system software.
Canada: N. p.,
1995.
Web.
None.
Review of Bruce A reactor regulating system software.
Canada.
None.
1995.
"Review of Bruce A reactor regulating system software."
Canada.
@misc{etde_252820,
title = {Review of Bruce A reactor regulating system software}
author = {None}
abstractNote = {Each of the four reactor units at the Ontario Hydro Bruce A Nuclear Generating Station is controlled by the Reactor Regulating System (RRS) software running on digital computers. This research report presents an assessment of the quality and reliability of the RRS software based on a review of the RRS design documentation, an analysis of certain significant Event Reports (SERs), and an examination of selected software changes. We found that the RRS software requirements (i.e., what the software should do) were never clearly documented, and that design documents, which should describe how the requirements are implemented, are incomplete and inaccurate. Some RRS-related SERs (i.e., reports on unexpected incidents relating to the reactor control) implied that there were faults in the RRS, or that RRS changes should be made to help prevent certain unexpected events. The follow-up investigations were generally poorly documented, and so it could not usually be determined that problems were properly resolved. The Bruce A software change control procedures require improvement. For the software changes examined, there was insufficient evidence provided by Ontario Hydro that the required procedures regarding change approval, independent review, documentation updates, and testing were followed. Ontario Hydro relies on the expertise of their technical staff to modify the RRS software correctly; they have confidence in the software code itself, even if the documentation is not up-to-date. Ontario Hydro did not produce the documentation required for an independent formal assessment of the reliability of the RRS. (author). 37 refs., 3 figs.}
place = {Canada}
year = {1995}
month = {Dec}
}
title = {Review of Bruce A reactor regulating system software}
author = {None}
abstractNote = {Each of the four reactor units at the Ontario Hydro Bruce A Nuclear Generating Station is controlled by the Reactor Regulating System (RRS) software running on digital computers. This research report presents an assessment of the quality and reliability of the RRS software based on a review of the RRS design documentation, an analysis of certain significant Event Reports (SERs), and an examination of selected software changes. We found that the RRS software requirements (i.e., what the software should do) were never clearly documented, and that design documents, which should describe how the requirements are implemented, are incomplete and inaccurate. Some RRS-related SERs (i.e., reports on unexpected incidents relating to the reactor control) implied that there were faults in the RRS, or that RRS changes should be made to help prevent certain unexpected events. The follow-up investigations were generally poorly documented, and so it could not usually be determined that problems were properly resolved. The Bruce A software change control procedures require improvement. For the software changes examined, there was insufficient evidence provided by Ontario Hydro that the required procedures regarding change approval, independent review, documentation updates, and testing were followed. Ontario Hydro relies on the expertise of their technical staff to modify the RRS software correctly; they have confidence in the software code itself, even if the documentation is not up-to-date. Ontario Hydro did not produce the documentation required for an independent formal assessment of the reliability of the RRS. (author). 37 refs., 3 figs.}
place = {Canada}
year = {1995}
month = {Dec}
}