This paper describes a software safety analysis for a software code that is installed at an Automatic Test and Interface Processor (ATIP) in a digital reactor protection system. For the ATIP software safety analysis, an overall safety analysis is at first performed over the ATIP software architecture and modules, and then a detailed safety analysis based on the software FMEA (Failure Modes and Effect Analysis) method is applied to the ATIP program. For an efficient analysis, the software FMEA is carried out based on the so-called failure-mode template extracted from the function blocks used in the function block diagram (FBD) for the ATIP software. The software safety analysis by the software FMEA, being applied to the ATIP software code which has been integrated and passed through a very rigorous system test procedure, is proven to be able to provide very valuable results (i.e., software defects) which could not be identified during various system tests.
Software safety analysis of a flight management system vertical navigation function - a status report
