Text

__

January 30, 1992 Mr. Robert White Lawrence Livermore National Laboratory Post Office Box 808 Livermore, CA 94550

Dear Mr. White:

SUBJECT:

LLNL TECHNICAL ASSISTANCE TO THE OFFICE OF NUCLEAR REACTOR REGULATION, NRC

" TECHNICAL ASSISTANCE ON REVIEW 0F ALWR REQUIREMENTS," FIN L-1867, PROJECT II This letter transmits the Statement of Work for TASK 5, Revision 1.

This revision replaces TASK 5, on which no work has begun. This work has been coordinated with Mr. G. Suski of LLNL and the cost is not to exceed $160,000.

Please indicate your acceptance of this task, by signing this letter in the space provided below and returning the original copy to me.

You are authorized to start work imediately on this project after acceptance of the work and the estimated cost.

\\

l Sincerely, IS L. C. Ruth, Senior Project Manager l

Technical Assistance Management Section Planning, Program and Management Support l

Branch Office of Nuclear Reactor Regulation

Accept Task Mr. Greg Suski

Accept Task Mr. Robert White cc: Mr. R. Barber, DOE Mr. G. Suski, LLNL Mr. R. White, LLNL DISTRIBUTION Central File L. Ruth SICB R/F T. Champion 4M 'v TAMS R/F J. Joyce Contract File A. Thadani

/\\ y(Ad W. Schwink f, (gegen_ d Ng

[

%W

1. W LV

/lb /> /

IFC : TAMS:Pt ib TAMS:PMS

SICB: DST

YMSJ PMSB

@ 3T:NRW:

14_.:..____......:

LAME :LRut m

TChampion e

WSchwink

AThadani IATE :1/3Q92

1/.3d/92

1/3*/92

1/g/92

1/'d/92 050053 i

0FFICIAL RECORD COPY Document N_ame: J0YCE/LML_

XA

/

1 i

62.02 DD5N

)

a TITLE (PROJECT II):

TECHNICAL ASSISTANCE TO ASSIST THE STAFF (SICB) REVIEW OF ADVANCED LIGHT WATER REACTORS AND DEVELOP TECHNICAL POSITIONS AND CRITERIA IN THE NEW AREA'S OF REVIEW FIN:

L-1867; Project II, Task 5 (Rev. 1)

Project Manager:

Larry C. Ruth, PMSB (504-1211)

Technical Monitor Joseph P. Joyce, SICB (504-2842)

TAC Nos.:

77982, 79097, 79346, 79053, 79513 BACKGROUND Nuclear Steam Supply Systems (NSSS) vendors are proposing major changes in advanced instrumentation and control systems through the use of the latest state-of-the-art technology. This technology is to be applied to all safety and non-safety systems, and is a major change in design philosophy.

The changes will occur because of (1) standardization of plant designs, (2) the introduction of microprocessors in protection, control and monitoring, and (3) the increased use of computers, multiplexing, fiber optics, and automation in the designs.

The staff will evaluate whether advanced designs meet the existing general design criteria in Appendix A and Appendix B of 10 CFR 50.

The technology reflected in these design criteria is analog hard-wired technology. With the technology used in past designs, the processing of measured signals is continuous with time.

However, the processing of measured process signals with digital technology is by a sampling and a discrete processing method.

Furthermore, the development of computer software is complex and error prone.

The detection of errors in software is generally more difficult than the test of a single purpose analog hard-wired system.

However, the logic and flexibility of software allows the designs to directly address complex safety issues, such as trip of the reactor when approaching the margin for departure from nucleate boiling ratio.

This i

requires the use of high quality software to achieve the desired safety benefits.

As part of the preliminary review of the evolutionary designs the staff has identified technical issues that need to be addressed in terms of digital technology and criteria / guidelines which need to be developed so that Instrumentation and Control System Branch (SICB) staff will have a basis on which to judge acceptability of the proposed designs. Each of the tasks listed below also has additional background provided.

)

OBJECTIVE The objective of the following task orders is to obtain expert technical assistance to assist the staff in the area of advanced instrumentation and control (I&C).

These experts will assist the staff in the review of the evolutionary and advanced I&C designs and will develop the necessary acceptance criteria / technical positions that can be applied to the specific technical issues as detailed in the following work requirements.

The technical assistance will include a review of the state-of-the-art for several topics.

The technical assistance will evaluate the infonnation and provide review and acceptance criteria for each topic.

TECHNICAL QUALIFICATIONS REQUIRED The contractor shall provide engineers and scientists with substantial experience in the design and evaluation of digital systems. The engineer / scientist shall have substantial knowledge of the topics listed below as demonstrated by advanced academic - achievement, extensive published works subject to peer review, or equivalent.

WORK REQUIREMENTS The contractor will review the following task, and prepare a technical letter report for task 5.

TASK 5:

TESTING COMMERCI AL SAFETY-RELATED SOFTWARE -THE PURPOSE OF THIS TASK IS TO DETERMINE AND EVALUATE ACCEPTED PRACTICES FOR THE TESTING AND CERTIFICATION OF 0FF-THE-SHELF SOFTWARE-BASED SYSTEMS FOR USE IN l

SAFETY-CRITICAL APPLICATIONS.

Advances in digital computer technology have lead to the increased use of off-the-shelf commercial systems in safety-critical applications.

A concern generated herein is that of the assurance of the safety, reliability, and overall quality of these systems.

Before these systems can be used with assurance of their safety in critical applications, several levels of testing and evaluation must occur including functional testing, structural testing, statistical testing, and the evaluation of operating experience. The key issues to address include:

1.

Static source code analysis using automated source code analysis tools to find source code flaws.

2.

Functional or black box testing to determine that the system-performs all required functions.

3.

White box or structural testing, with the aid of automated reverse engineering and testing tools, to find structural flaws.

4.

Statistical random testing to gain knowledge of software behavior and to make reliability measures.

5.

Stress testing to detemine performance degradation and failure modes.

6.

Ongoing evaluation of the system during operation in the forms of regression testing to verify software changes and error tracking to monitor reliability and repair rates.

The contractor will:

(1)

Prepare a compilation of methods for the evaluation of software based safety-critical systems suitable for application to off-the-shelf systems.

(2)

Evaluate the strengths, weaknesses, and suitability of.each technique.

i

(3)

Develop review criteria for the evaluazion of off-the-shelf software-based safety-critical systems based upon these techniques.

4 Summary of the tasks listed above:

LEVEL OF EFFORT The level of effort is estimated at 33 professional staff weeks, apportioned among the task as shown below for planning purposes:

TASKS LEVEL OF EFFORT 5.

Testing Commercial Safety-related Software 5.1 Preparation meeting and scoping task 2

5.2 Compilation of techniques 6

5.3 Review meeting 2

5.4 Evaluation of techniques 8

5.5 Review meeting 2

5.6 Develop review criteria 6

5.7 Draft report submittal 2

5.8 Review meeting 2

5.9 Final report submittal 3

PERIOD OF PERFORMANCE This period of performance is projected to be February 1992 until September 1992.

REPORTING REOUIREMENTS

1) The contractor will provide a hard copy of the methods for evaluation, the strengths, weaknesses, and suitability of each technique and the review criteria to the technical teocitor during the review meetings (sub-task 5.5 and 5.8).

2) The contractor will provide a hard copy of each draft and final technical evaluation letter report to the project manager and technical monitor.

In addition, the contractor shall supply all draft and final reports to the technical monitor via floppy disk in word)erfect 5.0/5.1 or ASCII text format.

Photo ready copies of any graphics used s1ould also be provided.

MEETINGS AND TRAVEL For planning purpose the following trips are planned for task 5.

Task 5: Two, two person trips to Rockville, Md.

NRC FURNISHFD MATERIAL The NRC will furnish copies of information that should be considered in the compilations described above in the first preparation meeting for Task 5.

/