ML13004A370
ML13004A370 | |
Person / Time | |
---|---|
Issue date: | 07/19/2013 |
From: | NRC/RES/DE/RGDB |
To: | |
Orr M | |
Shared Package | |
ML12354A534 | List: |
References | |
DG-1208 RG-1.171, Rev. 1 | |
Download: ML13004A370 (6) | |
Text
Public Comments and NRC Responses for Draft Regulatory Guide (DG) -1208, Software Unit Testing for Digital Computer Software Used in Safety Systems of Nuclear Power Plants DG-1208 is Revision 1 of Regulatory Guide (RG) 1.171 A Federal Register Notice was published on August 22, 2012 (77 FR 50722) announcing the availability of Draft Regulatory Guide (DG) -1208, Software Unit Testing for Digital Computer Software used in Safety Systems of Nuclear Power Plants for public comment. DG-1208 is Revision 1 of Regulatory Guide (RG) 1.171 dated September 1997. The following table contains the public comments received and the NRC staff responses.
Comments were received from the following individuals:
- 1. Swu Yih, 2. Mark Burzynski, 3. David Herrell, Chien Hsin University New Clear Day, Inc. MPR Associates, Inc.
7F-1, 356 Huanbei Rd. 2036 Marina Cove Dr. 320 King St., Alexandria, VA 22314 Zhongli City, Taiwan, ROC Hixson, TX 37343 (ADAMS - ML12346A034)
(ADAMS - ML12332A220) (ADAMS - ML122910759)
Comments on DG-1208, Software Unit Testing for Digital Computer Software used in Safety Systems of Nuclear Power Plants DG-1208 is Rev. 1 of RG 1.171 Originator Draft Guide Comment NRC Response David Herrell DG-1208 With the current emphasis on FPGAs, one would Thank you for your comment. No changes have been (RG 1.171) have thought that the topic would have at least been made as a result of the comment. The information on General mentioned in this draft. software can be applied to the software of field-Comment programmable gate arrays (FPGAs). For more direct Incorporate sufficient guidance on software lifecycle information on FPGAs see NUREG/CR-7006, techniques to support FPGA VHDL code Guidelines for Field-Programmable Gate Arrays in development.
Nuclear Power Plant Safety Systems (ADAMS Accession No. ML100880142)
David Herrell DG-1208 This regulatory guide clearly defines the roles and Thank you for your comment. No changes have been (RG 1.171) responsibilities of licensees, applicants, and NRC made as a result of the comment. The NRC is General staff for software processes. However, this responsible for regulating commercial nuclear power Comment reviewers experience shows that most, if not almost plants and other uses of nuclear material through its all, safety software is not written by licensees or licensing, inspection and enforcement of its applicants. Rather, safety software and safety regulations and requirements.
Page 1
Comments on DG-1208, Software Unit Testing for Digital Computer Software used in Safety Systems of Nuclear Power Plants DG-1208 is Rev. 1 of RG 1.171 Originator Draft Guide Comment NRC Response systems are designed and developed by various The NRC issues regulatory guidance documents, vendors. This regulatory guide does not define how such as regulatory guides, standard review plans, and software and system vendors are to apply the the NRC's Inspection Manual to aid licensees in regulatory guidance. This regulatory guide does not meeting the agencys safety requirements.
define which version of the regulatory guide is to be The NRC has no authority to regulate or direct the applied by a software vendor, or the requirements for activities of software developers or software and software vendors to maintain their programs current system vendors. The NRC promulgates its regulatory with regulatory guidance, which seems to be the guidance documents to the NRCs licensees and NRC requirement, based on topical report submittals.
applicants and it is the responsibility of the licensee Consistently define the application of RGs 1.168 and applicant to define software and software system through 1.173 for software and system vendors, requirements to their vendors as needed to throughout all sections of each of the regulatory demonstrate compliance with the NRC regulations.
guides. Define the expectations for use of current regulatory guides, since software and system vendors do not have the capability to commit to a given version of the regulatory guides and industry standards in a license. Define the expectations for use of current or older regulatory guides in topical report submissions, or point to other NRC documents that define these requirements.
David Herrell DG-1208 The sentence structure is unnecessarily complex. Thank you for your comment. As a result of the (RG 1.171) comment the sentence was revised as proposed.
Replace apply to all activities, including design, Section A second purchasing, installation, testing, operation, paragraph, last maintenance, or modification, that affect the safety-three lines related functions of such systems and components with apply to all activities, that affect the safety-related functions of such systems and components, including design, purchasing, installation, testing, operation, maintenance, or modification Page 2
Comments on DG-1208, Software Unit Testing for Digital Computer Software used in Safety Systems of Nuclear Power Plants DG-1208 is Rev. 1 of RG 1.171 Originator Draft Guide Comment NRC Response David Herrell DG-1208 Third paragraph, next to last line - Please clarify the Thank you for your comment. No changes have been (RG 1.171) version of NUREG-0800 used in reviews. made as a result of the comment. The NRC staff Section A does not identify specific revisions for some guidance After the phrase The NRC staff uses the add the documents. This type of dynamic referencing is done phrase latest version of to provide guidance to because different licensees and applicants may have industry.
committed to different versions of the guidance documents and it would be inappropriate to always use the latest version of the guidance document for reviews when different applicants and licensees may have committed to alternate versions.
David Herrell DG-1208 In the paragraph beginning Several criteria in Thank you for your comment. As a result of the (RG 1.171) Appendix B the word Criterions is used. The comment the word was changed to criteria.
Section B, plural form of criterion is criteria. While criterions page 3 shows up in several informal dictionaries, it should not be used in formal writing.
Suggest rephrasing the start of the second sentence to either The listed criteria are only part or Each criterion listed below is only part to use correct grammar.
David Herrell DG-1208 Bullet for Criterion VI -The sentence provided is Thank you for your comment. No changes have been (RG 1.171) unnecessarily complex. made as a result of the comment. The proposed Section B, page change adds unnecessary complexity.
Suggest rephrasing the sentence from: activities 3,
affecting quality, such as instructions, procedures, and drawings, be subject to controls that ensure that documents, including changes, are reviewed for adequacy and approved for release by authorized personnel to activities affecting quality be subject to controls that ensure that documents are reviewed for adequacy and approved for release by Page 3
Comments on DG-1208, Software Unit Testing for Digital Computer Software used in Safety Systems of Nuclear Power Plants DG-1208 is Rev. 1 of RG 1.171 Originator Draft Guide Comment NRC Response authorized personnel. These documents include instructions, procedures, and drawings. Changes to the documents are subject to at least the same controls.
David Herrell DG-1208 The sentence is overly restrictive, in that it requires Thank you for your comment. No changes have been (RG 1.171) the information to be provided in this document. At made as a result of the comment. The requirements Section C.1 page least for Item a in the list, providing reference to the are a carry over from the original RG 1.171 Rev 0.
5, last line document that contains these records should be sufficient.
Revise the text to allow at least Item A to be referenced from the testing documentation, rather than duplicated in each testing document.
Swu Yih DG-1208 Test Program discusses criteria for measuring Thank you for your comment. No changes have been (RG 1.171) test completeness. The idea/concept of criteria for made as a result of the comment. The concept of Section C.2 measuring test completeness is a very effective and statement coverage still holds today unless its not objective tool for reviewing the quality of unit test a Von Neumann model computer being used. The results of digital I&C systems, and which has been a domain of the application as it affects the underlying common practice in other safety related disciplines, operating system, from whatever program language e.g., aviation. However, in DG -1208, this important design, still executes along a set of states and state issue-"criteria for measuring test completeness"- is transitions no matter what the advancement in not described in reasonable detail as it should be. For program language.
instance, DG-1208 says "The staff believes that As for the regulator prescribing directions verses the statement coverage is an insufficient criterion for licensee, the NRC is responsible for regulating measuring test completeness," then, it states the commercial nuclear power plants and other uses of licensee should identify and justify the unit testing nuclear material through its licensing, inspection and coverage criteria that it will use,"
enforcement of its regulations and requirements.
Based on our experience in using RG 1.171 on The NRC issues regulatory guidance documents, Lungmen ABWR project, we believe that it is better such as regulatory guides, standard review plans, and to let the regulators to prescribe clearly what is the NRC's Inspection Manual to aid licensees in Page 4
Comments on DG-1208, Software Unit Testing for Digital Computer Software used in Safety Systems of Nuclear Power Plants DG-1208 is Rev. 1 of RG 1.171 Originator Draft Guide Comment NRC Response "sufficient criterion for measuring test completeness," meeting the agencys safety requirements.
rather than leave it to the licensee, which almost The NRC has no authority to regulate or direct the always lead to a controversial, confusing and activities of software developers or software and unpredictable review process. Both IEC 61508 and system vendors. The NRC promulgates its regulatory RTCA DO-178B give very clear and detail definition guidance documents to the NRCs licensees and of what is "sufficient criterion for measuring test applicants and it is the responsibility of the licensee completeness," and both have been extensively and applicant to define software and software system applied for many projects for many years, therefore, requirements to their vendors as needed to we suggest NRC to consider to give clear definition demonstrate compliance with the NRC regulations.
of acceptable "sufficient criterion for measuring test completeness," in RG 1.171.
Also, the concept of "statement coverage" comes from traditional control-flow based computer programming language, such as C, Ada, fortran, etc.,
However, most current digital I&C systems are not implemented in these languages any more. Most digital I&C manufacturers adopt Function Block Diagram (FBD) as the coding language, therefore, RG 1.171 should to define suitable coverage criteria for FBD-based digital I&C systems.
David Herrell DG-1208 The phrase design changes shall be subject to Thank you for your comment. No changes have been (RG 1.171) design control measures commensurate with those made as a result of the comment. Early in this Section C.3, applied to the original design generates problems sentence the referenced phrase comes from Criterion page 6, 3rd line when updating from analog to digital systems, or III and is not available for changing. The basic updating an older digital system to a newer digital control function required is universal whether its system. adapted by digital or analog instrumentation and controls.
Please provide clarification that current practices need to be used for current programs. This paragraph appears to require application of the analog or primitive software processes used in the last part of Page 5
Comments on DG-1208, Software Unit Testing for Digital Computer Software used in Safety Systems of Nuclear Power Plants DG-1208 is Rev. 1 of RG 1.171 Originator Draft Guide Comment NRC Response th the 20 century to current replacement digital systems, or to modification to existing systems. That cannot be the intent of this guidance.
David Herrell DG-1208 1st paragraph, 2nd line - There is no need for a Thank you for your comment. No changes have been (RG 1.171) semicolon in the text. made as a result of the comment. The text editing is Section C.6, correct.
Break the sentence at the semicolon, making the single sentence into two separate sentences. Replace they with The annexes Mark DG-1208 DG-1208 Section D states: Thank you for your comment. The answer to your Burzynski (RG 1.171) question is that the regulatory guide information can Licensees may use the information in this regulatory Section D guide for actions which do not require NRC review and be used for any software installation.
approval such as changes to a facility design under 10 CFR 50.59. Licensees may use the information in this regulatory guide or applicable parts to resolve regulatory or inspection issues.
Does the first sentence of imply that this regulatory guide is not for actions which do require NRC review and approval?
Page 6