Evaluating software for safety systems in nuclear power plants

This paper presents the results of work performed by Lawrence Livermore National Laboratory to assist the U.S. Nuclear Regulatory Commission in understanding the state of the art in software reliability for computer-based reactor protection systems. The activities reported upon summarize advice from technical experts in software reliability and safety, and identify the best current software development practices used in industry for safety-critical software. The research reported here has identified a number of positive and negative design factors that can serve as the basis for a safety assessment. The results of the interviews and discussions were combined into a set of principles which were termed “design factors”. Although the areas of emphasis among the three sources of information (standards, experts and organizations) tend to be quite different, no substantial areas of disagreement were found. Many of the factors contributing to the success or failure of software may be attributed to the knowledge, understanding, intelligence, and care of the individuals and companies involved in the development of safety-critical software. By combining the best from theory and practice it is possible to isolate a number of factors that distinguish the good from the bad