li !!Il , l  ;

.  ! I 4

1 O

I O

e ATTACHMENT 5 l

l l

l 4

1 l

e 1

1 i

j i

i i

l l

1 f

)

f f

l I - .... _ m_ ,_, .., ,_ __ --. . . _ _ _ . _ _ _ _ ,

l l

l 1

, urtiversity of virginia Center for safetycretimes systeme l l Embedded Real-Time Safety-Critical Digital Systems

{

Reliability and Safety Modeling j Presented to:

Nuclear Regulatory Commission Advisory Council on Reactor Safety Presented by:

Barry W. Johnson Professor and Co-Director Center for Safety-Critical Systems University of Virginia May 3-4,1999

2. ~i Universityof virgin 6e Center for Safety 4rttical systems Outline introduction a University of Virginia s Center for Safety-Critical Systems e Embedded Real-Time Safety-Critical Digital Systems Research Objectives Digital System Reliability and Safety Assessment s Reliability and Safety Assessment Methodology a Reliability and Safety Modeling and Simulation Techniques a Tools to Support the Assessment Methodology a Application of the Assessment Methodology Conclusions Discussion

.,. ~>

~-- .---+~..~n.-nw-,,en.... - -----e-,-- -- --

1 l l l i l

l l untverony or virginie Center for setety critices syeteme

(

! Center for Safety-Critical Systems

History Research in safety-critical systems has been on-going for the past 15 l years within the University of Virginia s Center for Semicustom integrated l Systems (CSIS) a CSIS founded in 1984 m CSIS established as a state of Virginia Center of Excellence in 1986 Safety-critical systems research program has designed, implemented, and tested multiple experimental prototypes of safety-critical systems l l

s Electric wheelchair controller (three separate prototypes) e Automatic train protection system (two separate prototypes) e Magnetic bearing controller (four separate prototypes)

Funded research activities at University of Virginia have grown to more than $1 million per year l

Center for Safety-Critical Systems was established in July 1998 47444 Endr 1 l

l l

Univoretty or virgin 6e l center far setetycritices systems Center for Safety-Critical Systems Participants Three departments and six faculty infolved at the University of Virginia e Department of Electrical Engineering a Department of Computer Science o Department of Systems Engineering Research collaborations with five other universities (five faculty members) e University of Maryland - College Park e College of William and Mary a Technical University of Braunschweig (Germany) i e Carnegie Mellon University a Penn State University

! Founding membership of the center advisory board u Nuclear Regulatory Commission

! e Federal Railroad Administration l s New York City Transit Authority l s Federal Transit Administration l s National Transportation Safety Board I a American Association of Railroads I e Inter-Modal Transportation Institute

2. m.

I i

1

- .. _ _ w _ _ _ _ ._ _ _ __ , ,. . . ._

univernay of virginia center for sesetyr.,nimi sresems Center for Safety-Critical Systems Research Sponsors 1998-1999 Projects a Nuclear Regulatory Commission a Federal Railroad Administration m National Science Foundation m NASA Langley Research Center m New York City Transit Authority a Air Force Research Laboratory eDepartment of Navy Advanced Amphibious Assault Vehicle Program a Virginia s Center for innovative Technology Pending New Projects a Volpe National Transportation Research Center a Federal Transit Administration a Boeing a New York City Transit Authority e Illinois Department of Transportation univoreny of virginia Center for Safety <,rttical $yeesms Center for Safety-Critical Systems Research Areas Reliability and safety assessment methodologies and processes Reliability and safety modeling using analytical methods Analytical model solution techniques Human factors and human reliability Modeling and simulation of integrated hardware / software systems Distributed computing for complex model solution and simulation Fault modeling and fault simulation for hardware / software systems Statistical methods for reliability and safety estimation Computer-aided tools for reliability and safety modeling l Computer-aided tools for fault simulation of hardware / software systems Architectures for safety critical systems Safety-critical systems using commercial off the shelf (COTS) components ,

Experimental prototyping and testing of safety-critical systems  !

._ _. i I

l L ._-. . . _.... . ...... _ _ _ _ _ . . _ . _ . ,

f l

?

l.. .

university of Virginia Center for Safety 4rttical Systems Center for Safety-Critical Systems Research Facilities integrated Circuits Laboratory (ICL) e CAD tools for integrated circuit design eintegrated circuit test facility s integrated circuit fabrication through the NSF MOSIS program  !

m High performance workstations for modeling and simulation Software Development Laboratory (SDL) l e Tools for embedded software development l

e Processor emulation capability j

e Embedded software test capabilities l Systems integration Laboratory (SIL) l m Printed circuit board design capability e Printed circuit board assembly and test facility (surface mount)

)

l m Hardware / software integration and test facility i

i l

i h Embedded System Structure on ore,ty Center for Safety 4rttical Systems i

l Feedback from Equipment / Commands to Equipment /

Commands from Humans l Equipment l , Information to Humans j l Human l

,___at___________________________ .____.

. i 8"*" ^*'" "  !

l Embedded Controller l t & l l i Analog Analog i l Harr! ware Hardware l l :t I..............................,i 4 l l l oigital j Software i. ni,ic,i l

]

8 Hardware f7 # Hardware i" Hardware l iinterfaces/ l.......................... ....l% ,,,,,  !

(Exam s_____ples)_______________________________l 419 % sas

• O#M 'MWM% M@M8 M'9 D $ 9 @_ MbW* QMW@ . -""' ** . tes- Ng = q-W4 "

9 *M

e

• Universityof Virginia Center for Safetyctucal Systems Generic Processor Model Data Path a ul Control Path Output )

System & Functions & System Inputs F F Outputs

& Next State r Functions 7

Control Functions l Registers l f l Cache l k

/

Instructions /

Data Im Program and

'\ N Results Status l

Data Memory

/

Univorsny of virginia Center for SeWritical Systems Hardware and Software are not independent Entities Software Faulti  : What happens when faults occur in both Hardware Faoitj th' h^'d** ""d software?

l

~.

l . , . -

1 l

l

r.

1 I

I unswere, c.n,ortty or - virginie s-Trends in Embedded Systems Replacing analog circuitry, mechanical devices, and electro-mechanical l relays with digital (hardware and software) systems 1

( a Nuclear reactor protection systems l m Railway control systems e Aircraft flight control computers a lmplanted medical devices Transitioning from total human control to human-assisted control or totally automated control a Driverless trains a Positive train control and positive train separation a Fly by-wire flight control e Automatic shutdown systems .

i increasing use of commercial off the shelf components

! e Processors a Real-time operating systems  ;

I e Communications networks (data highways) increasing hardware / software and application complexity 47990 Ehe il l

l Univoretty of Virginie center for sawrcemens syni m.

Research Objectives Develop a reliability and safety assessment methodology for digital systems a Consider the integrated hardware / software system a Allow for the inclusion of commercial off the shelf (COTS) hardware and software components l Develop modeling and simulation techniques that support the assessment j methodology l s Support the estimation of quantitative metrics l e Support the evaluation of qualitative attributes l Develop a set of tools that supports the assessment methodology l s Use COTS software tools where feasible l m Create new tools where needed Demonstrate the resulting approach and tools on real examples a Nuclear reactor protection systems (Virginia Power) l a Railway syctems (CSX and Federal Railroad Administration) i e Aircraft flight control (NASA and Boeing) 40990 she u l

l

F.

1 M f27fL . -

Reliability and Safety Assessment What can go wrong? What is the likelihood?

Fault 1 P(f) i Fault 2 P(f) 2 Fault m-1 P(f.i) m Fault m P(f.)

+

What are the consequences?

.?** suf M ?:fL.n impact of Digital Systems on Reliability and Safety Assessment What can go wrong? What is the likeUbood? l Embedded Embedded Fault 1 p(p)

Digital Digital Fault 2 p(7)

Systems Systems Faul m-1 \

Fault n+1 P(f i) \ P (f.i) o Fault m p(pg Fault m+1  :

P(f i) '

• ~ P(f,)

Fault z  :

Fault n P(f,)

+

What are the consecuences?

. , . - ~.

1 l

l UnNorsityof virginis center for safety.catucal systems Reliability and Safety Assessment Process 0" "

g7 Reliability, Safety, etc.

+

h*, P

,}_ to l Design Processes, etc.

4 A A s l Fault space is infinite, etc.

+

I* Undetected faults are unsafe, etc.

,g .

+

h *,',),$[" #

l Stuck.at.1, st uck.at.0 faults, etc.

4 h s",'[,"N"*"

, l Hierarchical modeling methodology 4

h O's"*,",,','g D nnnl

, Solve models, simulate models, etc.

l 4

g , ,' Calculate reliability, safety, etc.

l l

l l

University of Virginia Center for setety4ritical systems System Modeling Methodology Reliebility. Safety, System l l MTBIIE, etc.

l Metrics l l 1r j Markov, Foult , Axiomatic , Estimated Parameters Tree Petri met,etc. , Models 1r Coverage, Failure 1 , Critical Rates, Latencies, etc. ' Parameters Parameter Estimation i t iP t t i Analytical Expert Worst Case Physical Simulation q l ,_ Models Opinion Estimates Models Models j l

Statidical Models 1r 1r 1r 43% =u 1 I

1 b l

t

.

• l l

h General Concept of Fault Coverage u ,s.w.

corner for severy cenical systems I

l Fault Coverage l Fault r 3 Coverage De etion on Iwla on R very 1r 9r 1r 1 r Coverage Failure

.2.. sa o h Parameter Estimation u .e, o, w.

Center for SeWical systems l Complete Fault Se if Sampling Strategy l l

t t

'arlance Reductio Random l l V

--> Sampled Fault Set l 1f Hardware / Software Fault Simulation k g y Fault Latency l Data (  ; ErrorLatency W Coverage

• 2'" .

e a

l l

l l

I unhwelty of Virginta Center for Safetycetical Systeme Hierarchical Modeling Methodology Faults that defeat Layers of alllayen yiel System Failure Design and Protection I'" I system failure e

f m '

gg Modeling i

1. se . ' Architectural Models ' I Architecture level . Markov,

( Petri, FT) .

j '//,8 l 4 > III h

' O O ' .I og p,g, gge, \

l E ' g Algorithmic Level i // Models li h l

\

l l & E '

) & ' O m '

{[It 8 m' Instruction Eaccution b

]W g

Functional Level i I e

1. i

,d ,#

Madel5 Y

D

' m a m '

, m Gate hvel g  ;

o = Logic Level Mad'35 l + l l l

'o m Nm ' m Circuit hvel Circuit LeveiN Madels

'\

tti P t PossiblePhysica Faults Faults defeat certain layers of protection o i.

l l

uniwreny of Virginia Center for sete'yctucal Systems integrated Hardware / Software Modeling Models are developed which j describe the faulty behavior of hardware / software modules  !

at the appropriate interfaces Possibly COTS l Module  ;

Inputs >

Module Interface Complex Hardwan and bl/  ? Outputs Software Module Module Interface n.,. ==

l l

l t.

. e 1

l l

\

l l

u,*

c , s.,ws.,e,

. w w.=,ue.is,.ne c.

Fault and Error Modeling Faults manifest themselves in both hardware and software Faults result in a corruption of information Three Universe Model Operational faults -* Error -+ Failure Design faults Physical informational Extemal UnNeme Unkene UnNeme hHardwar,e/ Software Integrated Modeling u,,

c.nt.,

. .t .

to, s.tety.crtiscal systems Ai ------ + 8 IE Memory 3

D -----

+ .5

<---- + ,! _

k Execute 1 -

g .

A3 8

A3

+  :]

.a

+ Fetch _  !

+ -] ,

l::: -

Software Model liardware Model

- Data Flow - Execution Model

- Actual Code - Gate-level Model 4 % 94 EM U e

O LWwomity of Wginia Center for selety<,rtlical systems UVA Tools Developed to Support the Reliability and Safety Assessment Process ADEPT (Advanced Design Environment Prototype Tod) e Developed by UVA under a DARPA research project e Supports data fiow as a primary modeling abstraction a Supports hardware / software modeling a Supports all levels of the hierarchical modeling methodology a Based on VHDL as a modeling and simulation language a Based on Petri nets, Markov models, and fault trees as analytica! ,

models a Supports fault simulation at all levels of modeling abstraction ROBUST e Developed by UVA under an Air Force Research Lab research project e Supports hierarchical fault modeling and simulation a Supports hardware / software modeling e Automates analysis of fault simulation results a Based on VHDL as a modeling and simulation language e Supports distributed simulation of modeis 2.eu

-s h Examples of UVA Modeling Research ur oreit. we center for seesty4:ritient systems Jehesse,3. sad Ayler,J, Benehmey and Esfety Assytds

^ '

er a Faede.Terrass Centrener, JHE E ' es metateary, Vet 3s, No. 4 ort Isad,, pp. 3ss.m1 Markov Models l Fault Trees l Petrt Nets Wenu.5.Johassa, B.and Aylor,J. Renately MedsEng af

+

HardwarW5ertware Sysessus , IME F>sasereses en Aeastery, Parameter Estimatlos vel M No. 3, EspL 19es, pp. 413 41L i Experimental Evolustion I ost, c. Johnson, B, and Pressen. In, J sesny Imuss is em C ;w Analyms of Dependable Architerewus. JEE Jff hrid A7proach F>enseresar es Aeesterp, vel e6, ha 3 SepL 19P7, pp 31633,3.

Sadeh, D.Jehesse, B.and Presas til,J spumme Dependatasy Models Mosfels sees see at 8, A 1986, 4-m, Data mw Data Flow Saheen, M.Jehasse, B.and Ayler, J. Sampessumentes headst af as Operator lastmet6on leserveuse set Arcensureure LWeg VHDL , IEEE Dratre and Tes, Neis Esecuties (Canyumrs, vel le, Na 3, Espt 19P3, pp 43 94- Mastels DeLees.T.Juhassen, B.and PrussesIX.J. A Fandt laisrese Models Gate [4 vel Terhaique for VHDL Behowleraktmal Madmis , JEEE Dralps med Test Maggelg p  ;

Wr . Vet 13. Na A hear.19en, pp 3633, 4 Seeish, D.Jehmane, B. Aadrinaak N, and Prefuta. Ell,J. A Vertence Maglegg Bediertes Tschehgese Udag Famit Espension for Fauls Cowrase Esumisese , Juf r>emismises se seastery, Yet es, is 3, Sept 89pt, 4 pp. 3a6314 Statistical Models I

4 74e4 sh ,4

- - i

e i

O 1

l hApplication of the Safety Assessment  % ., w.

canor ter r - ces systems Process Applied this process to a real-time, safety-critical digital system a System in the field for more than a decade at 150 locations a System contains more than 30,000 lines of assembly code a 250 millisecond response time requirement a System was designed as an event-driven system l J

Simplex system with extensive software-based diagnostics a 80% of software written for diagnostic purposes Fail-safe application (shut down is considered safe)

Results of assessment process used as proof of safety for a public utility commission (Califomia Public Utility Commission) 1 I

h Safety Requirements

u. ore t, w.

Career for safety Crttical System.

Safety requirements were qualitative and quantitative Quantitative a Mean Time Between Hazardous Events (MTBHE)

+ 105 years for the complete system e 107 years for any single processor unit a Fault detection time Total time of 250 ms in certain a Reconfiguration time cases and 500 ms in other cases aTime to perform a safe shutdown Qualitative a Correct operation of hardware / software system in the presence of prescribed faulty conditions a Correct functional behavior under fault-free conditions

2. .-

.+.-.._.n.-- . ----- - . - -,. _ .... - - -

1 l

university of virginia center for satetycensesi syenema Structure of the Overall System Communications Bus ,

if if if Slave Slave Master Slave Master

,.,t ,.,, r, ,.,t ,o,, ...

i  ! ,o,t erecessor-based Unit hwessor. based Unit ,rocessor-based Unit e 2*w w, 1

a Univoreaty of Virginio center for semical sysians Structure of the Processor-Based Units Conditional Safety Critical output ,ower

. Power Circuit Jk Safety Critical Watchdog Signal 1f Safety-Critical _ Safety Critical inputs }.unctional Outputs M i r Diagnostic j( httware I'

JL Output Centru! bignal Moottor Monitor and Circuit IAvels Modeled at the Instruction Execution Level 479 % EM 23 I

i w .= ~ e e .e a m e ,s., 4 ., + e 4 s.m to--e nw...,. m.w.w w.w w e- -

~e.pe,,e.. e .-

,, e t

l h System Software Execution Flow o,, ., w.

centw tw sanstyomcel symeme No laput

""8' Software-based

/ Diagnostics Application Diversity  ;" g Input if -

Change Process Version I l

i

ofApplication gDiagmtic Il Equations , j Read Compare l Diagnostic d Deliver I Inputs Results j Outputs l Process Version 2 ofApplication h

"*"*"8 hiagnostic nl l

2.. .

himplementation of the Control Units o,, ,

w .

cente for sewycnusi systems Code System Peripheral Interface Printed Printed Circuit Circuit Board Board j Ji- JL j JL JL Y Data Bus Y ll' 1r Control Bus ifJk N Address Bus I Ji

_1 r 1r 1r 1r 1r I/O Bus Processor Interface Printed Printed Circuit Circuit Board Board o.. ===

, ~ - - - . . - _ . . - . - _ _ . .

f l

h System Safety Model U.orei,y Corner f ar seesty4ritioni syewms 4 L N

( 1-P., P.,,

Permanent

% Transient Fault for \'

Maliciourk Trans6eA Iault(

r, g.' l P, gs . 1-7, D-Safe Unsafe 4 ?m mu University of Virginia Center for Soloty-Crttical Systems Sensitivity to Architecture Selection

,.0 - . n f]

0.8C-5 ir #

OA C, = 0. 9 o-f> Simplex C5---4E RDWC l

4---t*DWC OA H RTWC 4--< TWC M RDWCR M RTWCR i

0.1 1

g  :-

Q 0.0  :  :

Chol, C., Johnson, B., and Profeta, III, J, $afety Issues la she Comparative Analysis of Dependable Architectures , IEEE Trenracdons on Reliabiley, Vol. 4 No. 3, Sept.1997, pp. 31&322.

. ,w, eu l

l I

l l

l l

[

M M s-Sensitivity to Permanent Fault Coverage 5 x 108 4 x 108 3 3 x 10e .

2 x 108 1 x 10s .

0.0: .  :  :  :  :

0.9 0.999 0.99999 0.9999999 Permanent Faut Comrage R Sensitivity to Transient Fault Coverage

= = ._

8x1& _

6 x 108 -

I 4 x 108 2 x 108 l

0.0 L l 0.9 0.999 099999 0.9999999 Transent Faut Cowrage

.?o w He H

la l

University of Virginia Center for Safe 4<,rttical Systems Two Levels of Simulation Models Used in the Safety Assessment Process Famit Dictionary Characiertsation 1/O Circuits- l Proc, Memory Hardware Analog & Digital l Buses, etc, FaulWError Design Detection All Credible g4 Internal Faults

' --+ rr babsuues, Component Faults (s-a-1, s-a-0) Eue u n Tunes, Simulated Transient Execution Tables

-* & Permanent

- Actual Software Design (Code)

System Arc'altecture Tools used: Tools used:

Analogy Saber VHDL Mentor Graphics ADEI'T Vantage

. , - .- 1 i University of virginia Center for Seesty <,rtlical Eyetems input / Output Bus interface PCB To Safety Ou i Ingat Data aM Cutoff Relay 3g c,,g, g g,,

e- - - - --s Output Input inpuu

+ +

l i

Ne8st8ve Voltage I

e Buffers Buffers hM Mat er e jL i n , ..

I if l Input Parallet h l Address

+

. nite, , i. terra. -

I I Adapters W" Dee.,,e,, l j(

I g  !

I g Asynchronous p l 8

Driver  ; Comununcadoes -

l I g 500 H Signal laterface Adapter Analk~~~5 U""""""'""'""

- - Te Vital

",e " Unit Master Modeled at the Modeled at the Modeled at the Instruction Execution Level Gate Level Circuit level

. tm ua

l

l. - ,

i l l l

l \

1 i

2"i university c of. virginia

,to,s..,ye, s-Prdiessor Printed Circuit Board (PCB)  !

JL Address j( Data and l Bus 1r Controlbus i Output inpuu M'"

Analog JL JL Section 1 i I Processor 5 Volt

' l s Regulator g

+

M m r--

i JRecover t  !

Latch I and Time l

Rectifier i i Delay g

, g_________________i 4 4  ;

e F1 Ik e r Am r l____ 8 Modeled at the Modeled at the Modeled at the lutruction Esecution level Gate Level Circuit level anu w,

, university of virginis center for setetycrettosi systems Fault Dictionary Characterization for the input / Output Modules of the System Single-bit corruption e A single dt.ta bit value 2 corrupted All signals go to high impedance value e All affected signal values bu,ome 1 s or all become O s indeterminate values s Signals have random values Signal delay problems e Signal delay is too long or too short Contention on the input / output bus L Multiple devices attempt to place data on the bus simusaneously Subset of signals go to high impedance value e Subset of signal values becomes 1 s or 0 s Latent faults e Output signats are not impacted t

• nee =%e, %g m.,p w et e-*se += r = ==

=_***-4p+me .*wy g yyq. y . pp.-ey-=..* _

I I

l l

$ Hardware / Software Fault Space r.:Cr.=:_.-

Considered in Safety Assessment System Faults Operational Design Random Designer sciected Permanent Transient (Includes Intermittent)

Exhaustive h s No - 'clous Algorithmically Randomly Selected Selected I ., - --

l

~

T. 0 f. 3 1 . -

Algorithm for Fault Selection

.=

er 8

• [gi;p,=ess:

u .a i

i i

g 1 .

!g 4 h un-r

._ t. _. _. ._ 1 l Malicious Fault List Generation Process  !

l l

l Ferform Generate Determine Select Fault Fault. free 4 Data Flow 4 Unsafe 4 --$a List from l Simulation Graph Outputs a Fault Tree 1

Smith, D., Johnson, B., and Profet2,III, J., System Dependability Evaluation ~

Using a Fault List Generation Algorithm , IEEE Transactions on Conputers, Vol. 45, No. 8, Aug.1996, pp. 974-979.

1 1

1 1

1 i

1 u+.rav e ***

ceni.e for sacrimesi systems Illustration of Randomly Sampled Fault l Space l

System ault Space a

. s.

. .~ ..,

t

' - ra 0vunrewavd fauk 4 ?. w *2

- -- ,-.* ~ ~ ~ - - .- -- ~ .v.-.. -

-- + , - . . - . , . - -

fg 6

)

l I

I Unheretty of Virginia Ceiw for Seesty-cattleal Systems Fault Expansion Concept j System Fault Space o i k

e a,, s, . in ena j Es l Es .1 E, ean Ea g E, e

\

• = =,..

ES E, ,

lysovered fault f* * (8st, . 8ab . 8ee)

Ovunasvered fauli Endth,D.,Jabiumn,S Andrission,N.and Profeta,(H,J. A Variance Redurton Tec' nique a Lising Fault Espans6an for Iadt Coverage Easniattom , lEEE Tressermens es ReAeMuy, Vol. 46, No. 3, Sept 1997, pp. 366 374.

Univoralty of Virginie comer tar Seestym Systems Safety Assessment Results Discovered 3 latent design faults that were safety significant Demonstrated safety-critical operation of the system Results used at proof of safety for a public utility commission identified design techniques to ensure meeting safety requirements and to ease the process of safety assessment 3 .-

--...%-e..~-..

i 1

i

4. .

l u m nyorvi,sim cann tw semyomeni sy Conclusions (Lessons Learned)

Evaluate the integrated hardware / software system Develop a higher level of modeling abstraction Create a new theory for integrated hardware and software modeling Develop a new theory to support integrated modeling of design and operational faults Develop techniques to prove the correctness of software algorithms Provide integrated modeling tools and environments Develop techniques to establish confidence levels for safety estimates Exploit knowledge of the system in the assessment process Develop design principles which make assessment easier Create techriques for reliability modeling of hardware / software systems and integration of results into the PRA Develop techniques to handle hardware / software common mode faults Provide more experimental research to provide proof of the concept am ~ . ,

i I

l e,

.+-~m...... ,.-. .~ _ - - - . . . + - . . - - . - -

_ #+ 4 0

m W

ATTACHMENT 5 l

l l

l i

l i

l i

e== + + e - % +.gnya - . g.geg e w egurrees- Armee .w- * ' " - ' * *'""*'**Se* - * ' *

• E-g 6# D k.

h O

ATTACHMENT 6 l

l l

i l

l t

'?' NRC/UVA Projcct l 5 DFW Documentation inventory NORMS ID Rev. Desenption Proprietary?

1 SYSD-045-0001 0000 FW System Description No (2; SR0032 0004 DFW System Requirements Document A

1. 32 SD0020 0003 DFW SDD Lyes)

(4' HZ0009 0002 DFW Hazards Analysis Yeg 5 SR0012 0001 MFV Controller SRS No l 6 SR0013 0001 BFV Controller SRS No l 7 SR0014 0002 SGFP Controller SRS No -

8 Sf0015 0003 PDI Attemate Controller SRS No l

9 SD0008 0004 DFW Controllers SDD No 10 64302 0003 Unit 1 FW & Cond. Simplified Dwg. No 11 64305 0003 Unit 1 RCS Simplified Dwg. No 12 60920SH0019 0012 SG11 Loop Diagram No 13 60920SH0019A 0005 SG11 Loop Diagram - Analog No 14 60920Sh0019B {

0002 SG11 Loop Diagram - Digital No 15 60920SH00190 0006 SG11 Loop Diagram - Neutron Flux No 16 60920SH0020 0012 SG12 Loop Diagram No 17 60920SH0020A 0004 SG12 Loop Diagram- Analog No 18 60920SH0020B 0002 SG12 Loop Diagram - Digital No 19 60920SH0020C 0005 SG12 Loop Diagram - Neutron Flux No 20 N/A N/A F&P instruction Bulletin No 21 N/A N/A Azonix-7000 User's Manual No 22_ SWO201 07.00 Unit 1 DFW Controller Software No )

43 SWO274 02.00 Unit 1 DFW Source Code /fes) )

$4 SWO275 02.00 Unit 1 DFW Executable %ts/ '

25 SWO276 02.00 Unit 1 DFW Setpoints No 26 SWO277 00.00 Unit 1 DFW Configuration File No i

5 0

..e c o gg pego yw w.,: y e e . enes>we T W "* ** * ** ~

o

'd 1.h # 8 4

)

I Distribution:

cooies w/o atts*

• J. Craig

• A.Thadani

• J. Calvo G. Marino J. Mauck j J.C. Stewart q CC SRI J.S. Stewart )

• G. Vissing, D. Solorio

• M. Riggs M. Federline

• J. Strosnider

• M Evans J. Kramer ,

A. Dromerick l E. Thomsbury T. Jackson

• T. King )

N.Siu '

'M. Cunningham R. Brill C. Antonescu

• J. Rosenthal Public Document Room 50-317,50-318 BCC w/atts I i

Dr. Barry Johnson, UVA Dr. Carol Smidts, UMD ,

L