ML110950332

From kanterella
Jump to navigation Jump to search
Nuclear Automation Watts Bar Unit 2, NSSS Completion Program I&C Project, WNA-TR-02451-WBT, Revision 0, Test Summary Report for the Post Accident Monitoring System.
ML110950332
Person / Time
Site: Watts Bar Tennessee Valley Authority icon.png
Issue date: 03/31/2011
From: Sfamenos N
Westinghouse
To:
Office of Nuclear Reactor Regulation
References
WNA-TR-02451-WBT, Rev 0
Download: ML110950332 (27)
v  d  e


Text

Attachment I TVA Letter Dated March 31, 2011 Responses to Licensee Open Items to be Resolved for SER Approval Westinghouse Electric Company WNA-TR-02451-WBT, Revision 0, "Test Summary Report for the Post Accident Monitoring System,"

Dated March 2011 (non-proprietary)

Westinghouse Westinghouse Non-Proprietary Class 3 Nuclear Automation Watts Bar Unit 2 NSSS Completion Program I&C Projects Test Summary Report for the Post Accident Monitoring System WNA-TR-02451-WBT, Rev. 0 March 2011 APPROVALS Function Name and Signature Author Nick Sfamenos*

Engineer, Independent Verification & Validation Reviewer Secil Karaaslan*

Engineer, Independent Verification & Validation Approver Murat S. Uzman*

Manager, Independent Verification & Validation

  • Electronically approved records are authenticated in the electronic document management system.

WESTINGHOUSE NON-PROPRIETARY CLASS 3

© 2011 Westinghouse Electric Company LLC All Rights Reserved

Nuclear Automation Test Summary Report for the Post Accident Watts Bar Unit 2 NSSS Completion Program I&C Projects Monitoring System LIST OF CONTRIBUTORS Revision Name and Title 0 Terrence C. Tuite Engineer, New Plant Safety Support Systems 0 Joseph A. Carretta Engineer, New Plant Safety Support Systems 0 Jenna L. Tyger Technical Editor, Technical Communications Template Version 2.2 WNA-TR-02451-WBT, Rev. 0 i Westinghouse Non-Proprietary Class 3

Nuclear Automation Test Su mmary Report for the Post Accident Watts Bar Unit 2 NSSS Completion Program I&C Projects Monitoring System REVISION HISTORY RECORD OF CHANGES Revision Author Description Completed 0 Nick Sfamenos Original Issue See EDMS DOCUMENT TRACEABILITY & COMPLIANCE Created to Support the Following Document(s) Document Number Verification and Validation Process for the Common Q WNA-PV-00009-GEN Safety Systems OPEN ITEMS Item Description Status None.

Rev. 00 ii Westinghouse Non-Proprietary Class 3 WNA-TR-02451-WBT, Rev. ii Westinghouse Non-Proprietary Class 3

Nuclear Automation Test Summary Report for the Post Accident Wafts Bar Unit 2 NSSS Completion Program I&C Projects Monitoring System TABLE OF CONTENTS Section Title Page LIST O F CON TRIBU TO R S ....................................................................................... i REV ISION H ISTO RY ................................................................................................ ii TABLE OF CON TEN TS ............................................................................................. III LIST O F TA BLES .................................................................................................. iv LIST O F FIG UR ES ................................................................................................ iv A CRON YM S AN D TRA D EM A RKS .................................................................... v G LO SSA RY OF TERM S ....................................................................................... vi REFEREN CES ............................................................................................................ viii SECTION 1 SU M M ARY ................................................................................................................. 1-1 SECTION 2 V ARIAN CES ............................................................................................................... 2-1 SECTION 3 CO M PREH EN SIVEN ESS A SSESSM EN T ................................................................ 3-1 3.1 TEST PHASE DESCRIPTION AND EVALUATION ............................................... 3-1 SECTION 4 SU MM A RY OF RESU LTS ........................................................................................ 4-1 SECTION 5 EV A LU A TION ........................................................................................................... 5-1 iii Westinghouse Non-Proprietary Class 3 WNA-TR-02451-WBT, Rev.Rev. 0 0 iii Westinghouse Non-Proprietary Class 3

Nuclear Automation Test Summary Report for the Post Accident Watts Bar Unit 2 NSSS Completion Program I&C Projects Monitoring System TABLE OF CONTENTS (cont.)

LIST OF TABLES Table Title Page Table 4-1. Exception Reports Identified During PMST, FPDST, and CIT/FAT .................................. 4-1 Table 4-2. Exception Reports Issued Against Generic Software .......................................................... 4-2 LIST OF FIGURES Figure Title Page None.

iv Westinghouse Non-Proprietary Class 3 WNA-TR-02451-WBT, Rev.Rev. 0 0 iv Westinghouse Non-Proprietary Class 3

Nuclear Automation Test Summary Report for the Post Accident Watts Bar Unit 2 NSSS Completion Program I&C Projects Monitoring System ACRONYMS AND TRADEMARKS Acronyms used in the document are defined in WNA-PS-00016-GEN, "Standard Acronyms and Definitions" (Reference 2), or included below to ensure unambiguous understanding of their use within this document.

Acronym Definition ACC AMPL Control Configuration AMPL ABB Master Programming Language ANO Anomaly COM Comment CIT Channel Integration Test EST Element Software Test EUT Element Under Test FAT Factory Acceptance Test FPDS Flat Panel Display System FPDST Flat Panel Display Software Test HSL High Speed Link IV&V Independent Verification and Validation MTP Maintenance and Test Panel OM Operator's Module PMST Processor Module Software Test RAI Request for Additional Information RSE Reusable Software Element RSED Reusable Software Element Document RTM Requirements Traceability Matrix SDS System Design Specification SIOS Standard Input/Output (I/O) Simulator SRR Software Release Record SRS Software Requirements Specification Advant, Lotus Notes, LDRA Testbed, Microsoft, Visual C++, and VMware are trademarks or registered trademarks of their respective owner(s). Other names may be trademarks of their respective owners.

All other product and corporate names used in this document may be trademarks or registered trademarks of other companies, and are used only for explanation and to the owners' benefit, without intent to infringe.

V Westinghouse Non-Proprietary Class 3 WNA-TR-02451-WBT, Rev.

WNA-TR-02451-WBT, Rev. 00 V Westinghouse Non-Proprietary Class 3

Nuclear Automation Test Summary Report for the Post Accident Watts Bar Unit 2 NSSS Completion Program I&C Projects Monitoring System GLOSSARY OF TERMS Standard terms used in the document are defined in WNA-PS-00016-GEN, "Standard Acronyms and Definitions" (Reference 2), or included below to ensure unambiguous understanding of their use within this document.

Term Definition Black Box Testing Testing of a unit based on its externally perceived interface. The tester need not know any of the fine details of the structure of the unit. In this mode, only the interface to the unit and its outputs are tested. This is also known as functional testing.

Branch In software terminology, a branch controls the flow or sequence of statement execution.

Common Qualified Platform A safety system I&C platform that is defined in WCAP-16097-NP-A, (Common Q) "Common Qualified Platform Topical Report" (Reference 23).

Custom PC Element A process control (PC) element that is not part of the standard set of PC elements provided with AMPL Control Configuration (ACC), usually developed by Westinghouse for a specific application, such as the Core Protection Calculator System, or to provide an additional basic function, such as a lead-lag filter.

Path In software terminology, a path is a unique sequence of branches from the function entry to the exit.

Regression Analysis An inspection method by which a software modification is evaluated concerning the effect on the module's functionality. The purpose of this analysis is to determine the extent of analysis and testing that must be repeated when changes are made to any software previously examined.

Release The design process of issuing documentation that identifies a component or system as being maintained under version control and is ready for validation.

Test Engineer The person responsible for conducting the test, collecting the results, and writing the test report.

Tester The person responsible for executing the test procedure and recording the test results.

Test Harness In software terminology, a test harness is the ancillary software created to facilitate the injection of test inputs to the element under test (EUT) and capture the outputs from the EUT.

WNA-TR-02451-WBT, Rev. 0 Ai Westinghouse Non-Proprietary Class 3

Nuclear Automation Test Summary Report for the Post Accident Watts Bar Unit 2 NSSS Completion Program I&C Projects Monitoring System GLOSSARY OF TERMS (cont.)

Term Definition Type Circuit In ABB Master Programming Language (AMPL) programming, a Type Circuit is a reusable complex function that contains PC elements and/or DB elements. A Type Circuit can be used like a PC element, can be used multiple times in an AMPL program, and its logic is replicated within the AMPL code for each use. A Type Circuit can have symbolically defined parameters and DB elements. A Type Circuit in AMPL is analogous to a macroinstruction ("macro") in other programming languages.

Validation The test and evaluation of the integrated computer system (hardware and software) to ensure compliance with the functional, performance, and interface requirements.

Verification The process of determining whether or not the product of each phase of the computer system development process fulfills all the requirements imposed by the previous design phase.

White Box Testing A mode of testing that focuses on the detailed, structural analysis of the unit under test. This is also known as structural testing.

WORKM Common Q A Lotus Notes database used for exception reporting and resolution tracking.

vii Westinghouse Non-Proprietary Class 3 WNA-TR-02451-WBT, Rev.

WNA-TR-02451-WBT, Rev. 0 0 vii Westinghouse Non-Proprietary Class 3

Nuclear Automation Test Summary Report for the Post Accident Watts Bar Unit 2 NSSS Completion Program I&C Projects Monitoring System REFERENCES Following is a list of references used throughout this document.

1. WNA-PV-00009-GEN, Rev. 3, "Verification and Validation Process for the Common Q Safety Systems," Westinghouse Electric Company LLC.
2. WNA-PS-00016-GEN, Rev. 5, "Standard Acronyms and Definitions," Westinghouse Electric Company LLC.
3. WNA-PT-00138-WBT-P, Rev. 0, "Post Accident Monitoring System Test Plan," Westinghouse Electric Company LLC.
4. WNA-TR-02389-WBT, Rev. 0, "Processor Module Software Test Report for the Post Accident Monitoring System," Westinghouse Electric Company LLC.
5. WNA-TP-02955-WBT, Rev. 0, "Post Accident Monitoring System Flat Panel Display Software Test Procedure," Westinghouse Electric Company LLC.
6. WNA-TR-02387-WBT, Rev. 1, "Post Accident Monitoring System Flat Panel Display Software Test Report," Westinghouse Electric Company LLC.
7. WNA-TP-00357-GEN, Rev. 5, "Element Software Test Procedure," Westinghouse Electric Company LLC.
8. WNA-RL-00441-GEN, Rev. 7, "Software Release Record for the RVLIS AC 160 Library,"

Westinghouse Electric Company LLC.

9. WNA-TP-00644-GEN, Rev. 2, "Code Coverage Testing Procedure Utilizing the LDRA Testbed,"

Westinghouse Electric Company LLC.

10. WNA-TP-00410-GEN, Rev. 5, "Processor Module Software Test Procedure," Westinghouse Electric Company LLC.
11. WNA-TP-03057-WBT, Rev. 0, "Processor Module Software Test Procedure for the Post Accident Monitoring System," Westinghouse Electric Company LLC.
12. WNA-SD-00239-WBT-P, Rev. 4, "Software Requirements Specification for the Post Accident Monitoring System," Westinghouse Electric Company LLC.
13. WNA-TP-02988-WBT, Rev. 0, "Post Accident Monitoring System Channel Integration Test/Factory Acceptance Test," Westinghouse Electric Company LLC.
14. WNA-AR-00196-WBT, Rev. 0, "Regression Analysis for the Post Accident Monitoring System,"

Westinghouse Electric Company LLC.

WNA-TR-02451-WBT, Rev. 0 viii Westinghouse Non-Proprietary Class 3

Nuclear Automation Test Summary Report for the Post Accident Watts Bar Unit 2 NSSS Completion Program I&C Projects Monitoring System REFERENCES (cont.)

15. WNA-DS-01617-WBT-P, Rev. 4, "Post Accident Monitoring System - System Requirements Specification," Westinghouse Electric Company LLC.
16. WNA-RL-00646-WBT, Rev. 5, "Common Q Software Release Record for Watts Bar Unit 2 PAMS Train A, PAMA," Westinghouse Electric Company LLC.
17. WNA-RL-00648-WBT, Rev. 3, "Common Q Softxyare Release Record for Watts Bar Unit 2 PAMS Train B, PAMB," Westinghouse Electric Company LLC.
18. WNA-RL-00743-WBT, Rev. 5, "Software Release Record for Watts Bar Unit 2 PAMS FPDS,"

Westinghouse Electric Company LLC.

19. WNA-TR-02413-WBT, Rev. 1, "Post-Accident Monitoring System Channel Integration Test/Factory Acceptance Test Report," Westinghouse Electric Company LLC.
20. WNA-AR-00209-WBT, Rev. 1, "Regression Analysis for the Post Accident Monitoring System,"

Westinghouse Electric Company LLC.

21. WNA-SD-00250-WBT, Rev. 3, "Software Design Description for the Post Accident Monitoring System AC 160 Software," Westinghouse Electric Company LLC.
22. WNA-DS-01667-WBT-P, Rev. 4, "Post Accident Monitoring System - System Design Specification," Westinghouse Electric Company LLC.
23. WCAP-16097-NP-A, Rev. 0, "Common Qualified Platform Topical Report," Westinghouse Electric Company LLC.
24. WCAP-16096-NP-A, Rev. 1A, "Software Program Manual for Common Q Systems,"

Westinghouse Electric Company LLC.

25. WEC 12.1, Rev. 1, "Control of Inspection, Measuring, and Test Equipment," Westinghouse Electric Company LLC.
26. WNA-PT-00058-GEN, Rev. 0, "Testing Process for Common Q Safety Systems," Westinghouse Electric Company LLC.
27. WNA-IP-00520-WBT, Rev. 1, "Post Accident Monitoring System Installation Manual,"

Westinghouse Electric Company LLC.

28. WNA-VR-00279-WBT, Rev. 5, "Requirements Traceability Matrix for the Post-Accident Monitoring System," Westinghouse Electric Company LLC.
29. WNA-RL-00530-GEN, Rev. OV, "Software Release Record for the STDADD05 AC 160 Library,"

Westinghouse Electric Company LLC.

WNA-TR-02451-WBT, Rev. 0 ix Westinghouse Non-Proprietary Class 3

Nuclear Automation Test Summary Report for the Post Accident Watts Bar Unit 2 NSSS Completion Program I&C Projects Monitoring System

30. WNA-RL-00327-GEN, Rev. IV, "Software Release Record for the PAMSO1 AC160 Library,"

Westinghouse Electric Company LLC.

31. WNA-RL-00286-GEN, Rev. 3V, "Software Release Record for the Exclusive Module Error Type Circuit," Westinghouse Electric Company LLC.
32. WNA-RL-00412-GEN, Rev. 2V, "Software Release Record for PM Diagnostics Type Circuit,"

Westinghouse Electric Company LLC.

33. WNA-RL-00249-GEN, Rev. OV, "Software Release Record for the REFLASH Type Circuit,"

Westinghouse Electric Company LLC.

34. WNA-RL-00441-GENRev7_Verified, Rev. 0, "Software Release Record for the RVLIS AC 160 Library - Verified," Westinghouse Electric Company LLC.

(Last Page of Front Matter)

WNA-TR-02451-WBT, Rev. 0 X Westinghouse Non-Proprietary Class 3

Nuclear Automation Test Summary Report for the Post Accident Watts Bar Unit 2 NSSS Completion Program I&C Projects Monitoring System SECTION 1

SUMMARY

This report summarizes the results of the test activities performed throughout the execution of the Watts Bar Unit 2 Post Accident Monitoring System (PAMS) project. It also assesses the adequacy of the test program and its compliance with WNA-PT-00138-WBT-P, "Post Accident Monitoring System Test Plan" (Reference 3), and WCAP-16096-NP-A, "Software Program Manual for Common Q Systems (SPM)" (Reference 24). The test plan as documented in WNA-PT-00138-WBT-P, meets the requirements of the SPM with the following exceptions:

1. Procedures for qualification and control of the hardware to be used in testing are not documented.

Qualification and control of hardware used in testing is in accordance with Westinghouse procedure WEC 12. 1, "Control of Inspection, Measuring, and Test Equipment" (Reference 25).

2. Qualification and use of software tools is not documented. Qualification and use of software tools including the LDRA Testbed is in accordance with Westinghouse procedure WNA-TP-00058-GEN, "Testing Process for Common Q Safety Systems" (Reference 26).

The test program consists of phases as described in the Test Plan (Reference 3) from module-level Element Software Tests (ESTs), to unit-level Processor Module Software Tests (PMSTs), and ending with system-level Flat Panel Display Software Tests (FPDSTs) and Channel Integration Tests (CITs).

The EST for each reusable software element (RSE) has been developed under generic qualification efforts based on requirements identified in the Reusable Software Element Documents (RSEDs). In addition to the previously qualified generic option libraries (References 29, 30, 31, 32, 33), the Watts Bar Unit 2 PAMS project utilizes a newly developed RVLIS option library. The development and generic qualification of this new library has a separate life cycle, but is in parallel with the Project's life cycle.

The ESTs were performed on reusable software elements of the generic Reactor Vessel Level Instrumentation System (RVLIS) option library. The resulting exception reports (ERs) are listed in Table 4-2. The ESTs were conducted in accordance with generic test procedure WNA-TP-00357-GEN, "Element Software Test Procedure" (Reference 7), and the specific test procedures which include the test verification method (inspection or test) and test cases used for testing of each reusable software element.

These procedures provide all pertinent information to conduct "black box" testing of the software released for validation by WNA-RL-00441-GEN, "Software Release Record for the RVLIS AC 160 Library" (Reference 8). "White box" testing of the software Element Under Test (EUT) was conducted in accordance with WNA-TP-00644-GEN, "Code Coverage Testing Procedure Utilizing the LDRA Testbed" (Reference 9). All Custom PC elements developed for generic use have successfully completed all test cases and have been validated. The code reviews have been successfully completed. All prior anomalies recorded for these PC elements have been resolved. Consequently, the RVLIS Option Library was approved for use in appropriate Common Q projects and a verified software release record was issued by IV&V (Reference 34).

The PMST validated that the PAMS application software requirements - specified in WNA-SD-00239-WBT-P, "Software Requirements Specification for the Post Accident Monitoring System" (Reference 12)

WNA-TR-02451-WBT, Rev. 0 1-1 Westinghouse Non-Proprietary Class 3

Nuclear Automation Test Summary Report for the Post Accident Watts Bar Unit 2 NSSS Completion Program I&C Projects Monitoring System

- have been implemented. The PMSTs were conducted in accordance with WNA-TP-00410-GEN, "Processor Module Software Test Procedure" (Reference 10), and WNA-TP-03057-WBT, "Processor Module Software Test Procedure for the Post Accident Monitoring System" (Reference 11). Both tests and code inspections have been performed against Advant Controller 160 (AC 160) Application Software, as released by WNA-RL-00646-WBT, "Common Q Software Release Record for Watts Bar Unit 2 PAMS Train A, PAMA" (Revision 1). This resulted in nine ERs filed for the PMST phase, as seen in Table 4-1. Train B code was verified per regression analysis. It was found that the same findings were applicable to Train B. Results were reported in WNA-TR-02389-WBT, "Processor Module Software Test Report for the Post Accident Monitoring System" (Reference 4), which also includes the code inspection records. A regression analysis was performed between Train A Revision 1 of AC 160 Application Software and Train A Revision 2 to determine the level of testing and/or inspection necessary to verify satisfactory resolution of the anomalies identified during PMST. This regression analysis was recorded in WNA-AR-00196-WBT, "Regression Analysis for the Post Accident Monitoring System" (Reference 14).

A second regression analysis was then performed to analyze the changes from Train A Revision 2 through Train A Revision 5. This second regression analysis for both trains was recorded in WNA-AR-00209-WBT, "Regression Analysis for the Post Accident Monitoring System" (Reference 20). The changes to the corresponding application code for Train B were also analyzed and captured in these regression analysis reports.

The FPDST of the Watts Bar Unit 2 PAMS was performed on the AC 160 Application Software released by WNA-RL-00646-WBT, "Common Q Software Release Record for Watts Bar Unit 2 PAMS Train A, PAMA" (Revision 2) for Train A; WNA-RL-00648-WBT, "Common Q Software Release Record for Watts Bar Unit 2 PAMS Train B, PAMB" (Revision 0) for Train B; and FPD Application Software released by WNA-RL-00743-WBT, "Software Released Record for Watts Bar Unit 2 PAMS FPDS" (Revision 1). The FPDS testing of the Watts Bar Unit 2 operator's module (OM) and maintenance and test panel (MTP) subsystems resulted in the ERs noted in Table 4-1 (DT-841, DT843 through DT-854, and DT-856). Evaluation of these findings concluded that the exceptions found did not impact the functionality of the FPDS. Resolution of these ERs was documented in WNA-TR-02387-WBT, "Post Accident Monitoring System Flat Panel Display Software Test Report" (Reference 6).

Following FPDST, issues with the Trend Display and FPD Heartbeat status were identified. This resulted in a fix to the FPD application software, which was tracked via DT-918 and DT-959, respectively.

Further, additional testing was requested by IV&V to validate certain requirements (identified as Open Item P092 in WNA-VR-00279-WBT, "Requirements Traceability Matrix for the Post-Accident Monitoring System" [Reference 28]) that could not be addressed via code inspection alone. These were captured in ERs FPDS-008 and V&V-924, and added to the scope of FPDS Regression Testing. A regression test was performed to validate changes to the software and close out outstanding ERs. The test was conducted on modified software released through new revisions of the software release records WNA-RL-00646-WBT (Reference 16), WNA-RL-00648-WBT (Reference 17), and WNA-RL-00743-WBT (Revision 4). Test results were captured in the ERs and also documented in WNA-TR-02387-WBT (Reference 6). The outstanding ERs were successfully closed. FPDS Regression Testing demonstrated that all modifications and additions were verified to be accurate and complete.

During IV&V review of the Post Accident Monitoring System Installation Manual (Reference 27) a problem with initialization of the MTP display application was observed. V&V-932 was issued to track the problem. The startup scripts were modified and released (Reference 18) to ensure WBT PAMS WNA-TR-02451-WBT, Rev. 0 1-2 Westinghouse Non-Proprietary Class 3

Nuclear Automation Test Summary Report for the Post Accident Watts Bar Unit 2 NSSS Completion Program I&C Projects Monitoring System Application Software starts in the proper sequence. The modification was limited to startup scripts and there were no changes to the FPD Application Software. Additional regression testing was performed to confirm the implementation. Therefore, there is no impact to the PAMS FPD. Also, there is neither impact to the AC 160 Software, nor any functional impact on the FPDS displays. The previous FPDST (Reference 6) conclusions are still valid.

The CIT/FAT of the Watts Bar Unit 2 PAMS has been executed on the AC 160 Application Software released by WNA-RL-00646-WBT, "Common Q Software Release Record for Watts Bar Unit 2 PAMS Train A, PAMA" (Revision 2) for Train A and WNA-RL-00648-WBT, "Common Q Software Release Record for Watts Bar Unit 2 PAMS Train B, PAMB" (Revision 0) for Train B. ERs (Table 4-1) were generated to document problems identified during testing. Most of the issues discovered during testing were minor software and procedural problems. Satisfactory resolution for all CIT/FAT related ERs has been confirmed with a regression test that was performed on later releases of AC 160 Application Software (Reference 16 for Train A and Reference 17 for Train B) and documented in a new revision of the CIT/FAT Report (Reference 19).

(Last Page of Section 1)

WNA-TR-02451-WBT, Rev. 0 1-3 Westinghouse Non-Proprietary Class 3

Nuclear Automation Test Summary Report for the Post Accident Watts Bar Unit 2 NSSS Completion Program I&C Projects Monitoring System SECTION 2 VARIANCES The particular test variances with respect to each test item within each of the software test phases have been documented within their corresponding test reports (see Section 1, "Summary," for references to test reports). Following is a summary evaluation of these variances for each of the test phases.

EST Phase The variances documented with respect to EST level testing relate to several different categories of modifications to either the test harness used to evaluate the EUT on the processor module, or the test harness source code used to determine code coverage metrics.

The categories of modifications made are as follows:

  • Control Modules (CONTRM) were added to test harnesses to resolve signal synchronization issues

" Test harness variable names were changed to resolve compilation errors, caused by conflicts with the Microsoft Visual C++ development environment

. Additional test cases added or test cases modified as a result of modified requirements None of these specific variances affected the integrity of any EST environment, the intended basic functional behavior of the EUT, or the actual test results obtained.

PMST Phase The PMST was limited to a representative subset of the target hardware, as a complete copy of the target hardware configuration was not available to the independent verification and validation (IV&V) team. As such, the PMST was conducted against a hardware platform consisting of the following components:

" One PM646A Processor Module

" One C1631 Communication Interface Module

" Standard I/O Simulator Application (SIOS) Software

" One Engineering Workstation, with two high speed link (HSL) communication cards Given this hardware configuration, input/output (I/O) interface configuration items within the PAMS application code were modified to accommodate the hardware limitations. The specifics of all PAMS application code modifications are described within the PMST Report (Reference 4).

None of these specific variances affected the integrity of the PMST environment, the intended basic functional behavior of the PAMS code, or the actual test results obtained.

WNA-TR-02451-WBT, Rev. 0 2-1 Westinghouse Non-Proprietary Class 3

Nuclear Automation Test Summary Report for the Post Accident Watts Bar Unit 2 NSSS Completion Program I&C Projects Monitoring System FPDST Phase Throughout testing, various procedural errors were identified. These errors included:

" Typos in the procedure

" Lack of sufficient information for testing

" Extraneous test steps on which the test engineer used best judgment to determine accuracy and necessity In such cases, supplemental documents referenced in WNA-TP-02955-WBT, "Post Accident Monitoring System Flat Panel Display Software Test Procedure" (Reference 5) were consulted. Procedural errors that were corrected during testing were done so by a red-line of the procedure. Evaluation has determined that no red-line compromised the integrity of the test or test procedure. The test results, including red-lined steps, validate the functionality of the FPDS application. Test procedure red-lines are included in the FPDST Report (Reference 6, Appendix F.)

CIT/FAT Phase Various procedural errors were identified throughout testing, including:

" Typos in the procedure

  • Lack of sufficient information for testing
  • Revised requirements
  • Erroneous test steps where the test engineer used best judgment to determine accuracy and necessity In such cases, supplemental documents referenced in WNA-TP-02988-WBT, "Post Accident Monitoring System Channel Integration Test/Factory Acceptance Test" (Reference 13), were consulted. Procedural errors were corrected during testing by a red ink of the procedure. Test procedure red-lines are included in WNA-TR-02413-WBT, "Post-Accident Monitoring System Channel Integration Test/Factory Acceptance Test Report" (Reference 19, Appendix E), along with valid justification for red-lined information. The evaluation of the CIT Report determined that no red-line compromised the integrity of the test or test procedure.

(Last Page of Section 2)

WNA-TR-02451-WBT, Rev. 0 2-2 Westinghouse Non-Proprietary Class 3

Nuclear Automation Test Summary Report for the Post Accident Watts Bar Unit 2 NSSS Completion Program I&C Projects Monitoring System SECTION 3 COMPREHENSIVENESS ASSESSMENT The software-specific test phases, as defined by the Test Program within WNA-PT-00138-WBT-P (Reference 3), Section 3.1, have been executed according to the guidelines called out for each of these phases throughout the Test Plan. The test cases executed corresponding to each phase (PMST, FPDST, CIT/FAT) focused on validating the requirements called out in the Software Requirements Specification (SRS), WNA-SD-00239-WBT-P (Reference 12), and Custom PC Element specific RSED documents (ESTs). Each of these test phases have been evaluated for compliance with the Test Plan.

A summary of the exceptions filed throughout all phases has been included in Section 4, "Summary of Results."

Software artifacts corresponding to each phase were verified at increasing levels of integration, which ensured that lower level functions were fully verified prior to execution of the subsequent test phase. The chronological order of execution of each test phase occurred in succession as follows: EST -- PMST -*

FPDST ->CIT/FAT.

3.1 TEST PHASE DESCRIPTION AND EVALUATION EST Phase The purpose of the EST phase was to validate that the functionality of the Custom PC elements created to perform the various lower level RVLIS functions complied with the requirements called out in their corresponding RSED. The Watts Bar 2 PAMS application makes use of the generic RVLIS library. The twelve Custom PC Elements contained by this generic library were subjected to review and test activities, collectively called the EST. The goal of this EST phase was to validate that the design of the RVLIS Custom PC Element software meet the requirements specified in the respective RSEDs and have been completely and correctly implemented.

Per the Watts Bar 2 PAMS Test Plan and the generic EST Procedure, WNA-TP-00357-GEN (Reference 7), the following were considered, as appropriate, in developing test cases:

" Confirm all requirements are addressed by inspection or test

" Confirm variables are initialized

" Elements with a variable number of inputs and outputs, as configured by call parameters, are checked at the minimum/maximum number of inputs and outputs

  • Confirm inputs are range checked
  • Confirm potential errors are handled correctly Rev. 00 3-1 Westinghouse Non-Proprietary Class 3 WNA-TR-02451-WBT, Rev.

WNA-TR-02451-WBT, 3-1 Westinghouse Non-Proprietary Class 3

Nuclear Automation Test Summary Report for the Post Accident Watts Bar Unit 2 NSSS Completion Program I&C Projects Monitoring System

" Confirm calculations are correct

" Confirm all statements and branches were exercised All twelve Custom PC elements developed for generic use are currently being used by the Watts Bar PAMS and have been fully validated. Satisfactory resolution of all ERs generated relating to these PC elements listed in Table 4-2 has been met. No open issues regarding these PC elements remain.

PMST Phase The purpose of the PMST was to verify that the AC 160 Application Code complied with the requirements described in the SRS, and that no unintended functional behavior outside the scope of the SRS was observed during test. To achieve this goal, various methods of requirements analysis, code inspection, and testing of the AC 160 application code were employed, including requirements analysis, application code inspection, application code testing, and regression analysis.

In order to determine the scope of the PMST Procedure, all SRS requirements were analyzed by the criteria set forth for the PMST in the Post Accident Monitoring System Test Plan (Reference 3).

Specifically, each SRS requirement was dispositioned as follows:

1. Each SRS requirement was reviewed for its testability on the PMST testbed. If the SRS requirement was deemed to be testable within this environment, a test case with acceptance criteria was created within the PMST Procedure (Reference 10). Any modifications or additional tests created were documented within the PMST Report (Reference 4).
2. SRS requirements which were determined not amenable to testing on the PMST testbed, but could be fully verified through inspection, were added to the PMST Procedure as a line item for the inspection process.
3. All remaining requirements which could not be adequately tested on the PMST testbed or verified through the inspection process by IV&V were determined to be more appropriately verified through the CIT or FPDST processes. The Requirements Traceability Matrix (RTM) addresses the dispositioning of these remaining SRS requirements.
4. In addition to verifying that the PAMS application code implementations are traceable to SRS requirements during the inspection process, WNA-SD-00250-WBT, "Software Design Description for the Post Accident Monitoring System AC 160 Software" (Reference 21) was also used to validate the PAMS implementation. This aspect of the inspection process further ensured that the implementation details described in the software design description (SDD), driven by corresponding SRS requirements, have been correctly implemented in the PAMS application.

All SRS requirements slated for verification during the PMST phase were verified to have been implemented in the PAMS application code. Satisfactory resolution of all ERs generated relating to the PMST phase listed in Table 4-1 has been met. No open issues regarding the PMST phase remain.

WNA-TR-02451-WBT, Rev. 0 3-2 Westinghouse Non-Proprietary Class 3

Nuclear Automation Test Summary Report for the Post Accident Watts Bar Unit 2 NSSS Completion Program I&C Projects Monitoring System FPDST Phase The FPDST validated the display software by ensuring that the FPDS complied with all display requirements related to the PAMS System Requirement Specification, WNA-DS-01617-WBT-P, "Post Accident Monitoring System - System Requirements Specification" (Reference 15), and PAMS Software Requirement Specification (Reference 12).

Analysis of these driving requirements documents led to a test approach for the FPDST Procedure that covered three general attributes of the FPDS that should be verified. Testing of these functional attributes was applied to each display in the FPD application. These attributes cover: Graphical Layout, Functionality, and Common Display Features.

For each of the MTP and OM display screens, as specified in the FPDST Procedure, each of these functional attributes was further broken down into specific points of verification. These verification points per each functional attribute are as follows:

" Graphical Layout Graphical Layout tests ensured that, on each display, all necessary aspects are visible and located where they are supposed to be. These objectives included:

- Verification of proper display hierarchy

- Verification of existence and location of navigational buttons

- Verification of existence and location of functional buttons

- Verification of existence and location of indicators

- Verification of existence and location of labels, including proper header and footer compositions

  • Functionality Functionality tests verify that, on each display, every functional object properly performs its intended function and every indicator properly displays its intended field. These objectives include:

- Verification of proper system startup and shutdown

- Verification of proper Point ID (PID) mapping of all indicators, values, statuses, and variables

- Verification that navigation buttons properly navigate to intended destination WNA-TR-02451-WBT, Rev. 0 3-3 Westinghouse Non-Proprietary Class 3

Nuclear Automation Test Summary Report for the Post Accident Watts Bar Unit 2 NSSS Completion Program I&C Projects Monitoring System

- Verification that functional buttons properly perform intended function

- Verification that all functions involving multiple displays or the overall system perform properly Common Display Features Common Display Features include the buttons and indicators in the header and footer of each display. These features do not vary between screens and will be tested with the same method for each display. However, some displays contain information relevant to the header and footer features and will be tested more extensively in the Common Display Features tests. The objectives of the Common Display Features tests include:

- Verification of operation of PAMS alarm indicators

- Verification of all common display features, including all buttons and indicators in the header and footer of each display are in the correct locations and function properly

- Verification of proper Directory Display hierarchy Testing was performed and successfully completed on both Watts Bar Unit 2 PAMS Trains A and B.

Each train included an MTP and an OM. All display attributes including Graphical Layout, Functionality, and Common Display Features were tested. The detailed results of the FPDST are provided in the FPD Software Test Report (Reference 6).

Satisfactory resolution of all ERs generated relating to the FPDST phase listed in Table 4-1 has been met.

No open issues regarding the FPDST phase remain.

CIT Phase The CIT, also referred to as the FAT, addresses the PAMS requirements documented in Appendix F of WNA-TR-02413-WBT, "Post-Accident Monitoring System Channel Integration Test/Factory Acceptance Test Report" (Reference 19). These requirements originated from WNA-DS-01617-WBT-P, "Post Accident Monitoring System - System Requirements Specification" (Reference 15); WNA-DS-O 1667-WBT-P, "Post Accident Monitoring System - System Design Specification" (Reference 22); and WNA-SD-00239-WBT-P, "Software Requirements Specification for the Post Accident Monitoring System" (Reference 12).

The CIT is a functional test that verified integration of the released software for both the PAMS and FPDS installed onto the deliverable hardware. The CIT Procedure was created using the requirements documents described above as the basis in the development of the test specifications and test cases required to ensure that the Watts Bar 2 PAMS is built in accordance with WNA-DS-01617-WBT-P. In order to determine the scope and organization of the CIT Procedure, all requirements specified in the System Requirements Specification and System Design Specification were analyzed by the criteria set forth for the PMST in the PAMS Test Plan (Reference 3). That is, prior to execution of the PMST and WNA-TR-02451-WBT, Rev. 0 3-4 Westinghouse Non-Proprietary Class 3

Nuclear Automation Test Summary Report for the Post Accident Watts Bar Unit 2 NSSS Completion Program I&C Projects Monitoring System CIT, all SRS and System Design Specification (SDS) requirements were dispositioned to determine the phase in which these requirements would be verified.

Testing was performed and successfully completed on both Watts Bar Unit 2 PAMS Trains A and B.

Each train included an MTP and an OM. The detailed results of the CIT are provided in the CIT Report (Reference 19).

Variances encountered during the Watts Bar Unit 2 PAMS CIT were recorded and tracked in the Common Q ER database. ERs were created in the WORKM Common Q database. Table 4-1 contains the list of ERs that were generated during the original CIT performance or were written as a result of internal reviews. Additionally, regression testing has been performed as part of the CIT in order to validate the implementations to the PAMS application which address the ERs discovered during the initial CIT.

Satisfactory resolution of all ERs generated relating to the CIT phase listed in Table 4-1 has been met. No open issues regarding the CIT phase remain.

In conclusion, the test procedures developed for Watts Bar 2 PAMS project are comprehensive and adequately validate the system. This conclusion was achieved by performing a compliance evaluation of the test program against the guidelines presented in the Watts Bar 2 PAMS Test Plan.

(Last Page of Section 3)

WNA-TR-02451-WBT, Rev. 0 3-5 Westinghouse Non-Proprietary Class 3

Nuclear Automation Test Summary Report for the Post Accident Watts Bar Unit 2 NSSS Completion Program I&C Projects Monitoring System SECTION 4

SUMMARY

OF RESULTS Table 4-1 lists the ERs that were raised throughout the test program and their statuses as of issuance of this Test Summary Report.

Table 4-1. Exception Reports Identified During PMST, FPDST, and CIT/FAT Test Phase ER Subject ER Workflow Status Open/Closed PMST PMST-168 SDD, Rev. 0 Resolution Complete Closed PMST PMST-169 SDD, Rev. 0 Resolution Complete Closed PMST PMST- 170 SDD, Rev. 0 Resolution Complete Closed PMST PMST- 171 RTD Quality Resolution Complete Closed PMST PMST- 172 DSP Quality Resolution Complete Closed PMST PMST- 173 Average RJT Resolution Complete Closed PMST PMST-174 RCS Press. Resolution Complete Closed PMST V&V-893 AC 160 Resolution Complete Closed PMST V&V-894 AC 160 Resolution Complete Closed FPDST FPDS-008 FPDS DB Resolution Complete Closed CIT/FAT CIT-620 FPDS DB Resolution Complete Closed CIT/FAT CIT-621 AC 160 Resolution Complete Closed thermocouple CIT/FAT CIT-622 AC 160 RTD Resolution Complete Closed CIT/FAT CIT-623 CETMON Resolution Complete Closed CIT/FAT CIT-624 AC 160 FOM Resolution Complete Closed CIT/FAT CIT-625 TMARCET Resolution Complete Closed CIT/FAT CIT-626 SMM Test Resolution Complete Closed CIT/FAT CIT-627 Cabnt Temp Resolution Complete Closed CIT/FAT CIT-628 RVLIS Calc Resolution Complete Closed FPDST DT-841 FPDS Resolution Complete Closed Printing FPDST DT-843 FPD Res Resolution Complete Closed FPDST DT-844 FPDS Screen Resolution Complete Closed FPDST DT-845 FPDS RTJ Resolution Complete Closed WNA-TR-02451-WBT, Rev. 0 4-1 Westinghouse Non-Proprietary Class 3

Nuclear Automation Test Summary Report for the Post Accident Watts Bar Unit 2 NSSS Completion Program I&C Projects Monitoring System Table 4-1. Exception Reports Identified During PMST, FPDST, and CIT/FAT (cont.)

Test Phase ER Subject ER Workflow Status Open/Closed FPDST DT-846 FPDS Time Resolution Complete Closed FPDST DT-847 SRS Resolution Complete Closed FPDST DT-848 FPDS Display Resolution Complete Closed FPDST DT-849 FPDS Display Resolution Complete Closed FPDST DT-850 Annun Test Resolution Complete Closed FPDST DT-851 FPDST Resolution Complete Closed Procedure FPDST DT-852 RCS P Res. Resolution Complete Closed FPDST DT-853 FPD Rounding Resolution Complete Closed FPDST DT-854 SMM Resolution Complete Closed FPDST DT-856 FPDS RCP Resolution Complete Closed CIT/FAT DT-882 DENSO4 Resolution Complete Closed breakpoints CIT/FAT DT-884 Datafetch Resolution Complete Closed CIT/FAT DT-902 PM646A WDT Resolution Complete Closed resistor CIT/FAT DT-918 FPDS Trends Resolution Complete Closed CIT/FAT DT-959 FPDS Alarms Resolution Complete Closed CIT/FAT V&V-932 FPDS startup Resolution Complete Closed Table 4-2 lists the ERs issued against the generic qualification of Custom PC Elements or Type Circuits used within the Watts Bar 2 PAMS project.

Table 4-2. Exception Reports Issued Against Generic Software ER Subject ANO COM RAI ER Status Open/Closed V&V-703 MAXS 2 Resolution Complete Closed V&V-707 SRR RVLIS Library 1 Resolution Complete Closed V&V-711 LVLMNTR 1 Resolution Complete Closed V&V-739 NDH 1 Resolution Complete Closed V&V-740 SRR RVLIS Library 2 Resolution Complete Closed WNA-TR-02451-WBT, Rev. 0 4-2 Westinghouse Non-Proprietary Class 3

Nuclear Automation Test Summary Report for the Post Accident Watts Bar Unit 2 NSSS Completion Program I&C Projects Monitorine System Table 4-2. Exception Reports Issued Against Generic Software (cont.)

ER Subject ANO COM RAI ER Status Open/Closed V&V-742 LVLALM 2 Resolution Complete Closed V&V-745 DENSO4 1 Resolution Complete Closed V&V-746 RLDCORR 3 Resolution Complete Closed V&V-747 PUMPSTAT 2 Resolution Complete Closed V&V-749 FILTOl 2 Resolution Complete Closed V&V-751 PUMPSTAT 1 Resolution Complete Closed V&V-750 DENSO4 1 Resolution Complete Closed V&V-752 NDH 1 Resolution Complete Closed V&V-757 RLDCORR 1 1 Resolution Complete Closed V&V-758 DENSO4 1 Resolution Complete Closed V&V-760 STLVLCAL 1 Resolution Complete Closed V&V-762 DHCALC 1 Resolution Complete Closed V&V-039 SYS-TIME 1 Resolution Complete Closed V&V-755 SYS-TIME 1 Resolution Complete Closed V&V-779 STLVLCAL 3 Resolution Complete Closed V&V-781 DHCALC 1 Resolution Complete Closed V&V-785 PMDIAG 13 6 Resolution Complete Closed V&V-792 DHCALC 1 Resolution Complete Closed V&V-794 VOIDFRAC I Resolution Complete Closed (Last Page of Section 4)

WNA-TR-02451-WBT, Rev. 0 4-3 Westinghouse Non-Proprietary Class 3

Nuclear Automation Test Summary Report for the Post Accident Watts Bar Unit 2 NSSS Completion Program I&C Projects Monitoring System SECTION 5 EVALUATION Execution of the EST procedures provides reasonable assurance that the RVLIS Custom PC Elements implement the requirements presented in the RSEDs. Performing the review of the code modules associated with the Custom PC Elements provide reasonable assurance that there is no unintended functionality within the Custom PC Elements.

Execution of the PMST procedure on Train A Revision 1 of the AC160 of the application software validates the requirements presented in the SRS (Revision 2) and the generic PMST procedure (Reference 10), except for anomalies discovered during testing and inspection performed on PAMS Train A application software. The difference analysis between Train A and Train B indicated that the differences between these trains are limited to the CET terminal names, as expected. There were no other differences discovered between the PAMS Train A and Train B application code. As a result, no additional tests or inspections were performed for Train B.

The changes which occurred between Train A Revision 1 and Train A Revision 2 of the AC 160 application code were subjected to a regression analysis to determine the level of testing or inspection needed to be performed against the software changes. This analysis and the results of the verification and validation activities were documented in WNA-AR-00196-WBT, "Regression Analysis for the Post Accident Monitoring System" (Reference 14). The changes applied from Train A Revision 2 through Train A Revision 5 (Reference 16) were also subjected to a regression analysis. This analysis has been documented in WNA-AR-00209-WBT, "Regression Analysis for the Post Accident Monitoring System" (Reference 20).

Prior to execution of CIT, a validation of the display software was performed through an FPDST in order to ensure that the FPDS complies with all display requirements, thereby reducing the risk of CIT failure due to display issues. Execution of the FPDST Procedure resulted in anomalies. The ER(s) generated during testing are documented in Table 4-1. Test procedure errors were corrected during testing as red-lines.

Evaluation of the FPDST findings concluded that the exceptions found do not impact the functionality of the FPDS. Additionally, regression testing was performed in certain areas to ensure validation of the implementation. The results provide reasonable assurance that the FAT can proceed with the FPDS software application that was subject to the testing described in WNA-TP-02955-WBT, "Post Accident Monitoring System Flat Panel Display Software Test Procedure" (Reference 5). Evaluation of the FPDST phase concludes that it complies with the exceptions of the PAMS Test Plan and FPDST Procedure. The FPDST phase has been properly developed and executed and the test procedure contains comprehensive detail to adequately validate the test items.

The results of the CIT, in consideration of the initial CIT and regression tests performed, provide reasonable assurance that the CIT fulfills the requirements specified by WNA-DS-01617-WBT-P, "Post Accident Monitoring System - System Requirements Specification" (Reference 15) and WNA-DS-01667-WBT-P, "Post Accident Monitoring System - System Design Specification" (Reference 22).

WNA-TR-02451-WBT, Rev. 0 5-1 Westinghouse Non-Proprietary Class 3

Nuclear Automation Test Summary Report for the Post Accident Watts Bar Unit 2 NSSS Completion Program I&C Projects Monitoring System The CIT phase has been properly developed and executed and the test procedure contains comprehensive detail to adequately validate the test items.

(Last Page of Document)

WNA-TR-02451-WBT, Rev. 0 5-2 Westinghouse Non-Proprietary Class 3

Retrieved from "https://kanterella.com/w/index.php?title=ML110950332&oldid=2119432"