Criticality analysis for safety-critical software in nuclear power plant distributed control system

Software criticality analysis examines the degree of contribution that each individual failure mode of a software component has on the reliability of software. Higher safety integrity levels are assigned to software modules whose failures cause an unacceptable impact on the operation of the system, and these levels require the implementation of more rigorous software quality assurance measures as defined in IEEE Std 1012 and in the customer’s system requirements specification. In this paper, a novel software criticality analysis method is proposed, the results of which can be used to guide the development of newly developed software and the procurement of Commercial-Off-The-Shelf (COTS) software. The software structure is first analyzed and the software is divided into modules according to their functions. Then the criticality levels of software components are preliminarily classified by means of a safety criticality preliminary analysis tree, followed by their verification through the software hazard and operability analysis (HAZOP). Finally, the target Safety Integrity Level (SIL) of each software module is determined based on its criticality level and the overall safety objective (i. e., SIL) of the system it resides in. As an example, this proposed method is applied to a nuclear power plant safety-critical system to demonstrate the detail application process and to verify the feasibility of the method. Compared with the existing software criticality analysis methods, this method has better operability and verifiability, and can be utilized as a technical guidance for the software criticality analysis of nuclear power plant digital control systems.