COTS SW dedication

Similar documents
example code are examined in this stage The low pressure pressurizer reactor trip module of the Plant Protection System was programmed as subject for

untitled

ISO17025.PDF

04-다시_고속철도61~80p

1.장인석-ITIL 소개.ppt

PowerPoint 프레젠테이션

SW¹é¼Ł-³¯°³Æ÷ÇÔÇ¥Áö2013

DE1-SoC Board

2016년 5월호 E 세계로, 미래로 나아가는 힘. nergy 우리의 열정과 노력이 KEPCO E&C의 에너지를 만들어냅니다. C ommunication 더 현명하게, 더 여유롭게 더 건강하게, 더 적극적으로 이 세상과 소통합니다. 04 K-Message 경영 메시지

<30362E20C6EDC1FD2DB0EDBFB5B4EBB4D420BCF6C1A42E687770>

Microsoft PowerPoint - 품질검증(CGID)소개e2.pptx

F1-1(수정).ppt

Microsoft Word - 1-차우창.doc

COTS SW Dedication

<32382DC3BBB0A2C0E5BED6C0DA2E687770>

2

13 Who am I? R&D, Product Development Manager / Smart Worker Visualization SW SW KAIST Software Engineering Computer Engineering 3

PowerPoint 프레젠테이션

06_ÀÌÀçÈÆ¿Ü0926

SchoolNet튜토리얼.PDF

APOGEE Insight_KR_Base_3P11

<C3D6C1BE5F2D FBCF6C1A42E687770>


Validation Plan Template

<31325FB1E8B0E6BCBA2E687770>

- 2 -

Security Overview

PowerPoint 프레젠테이션

ETL_project_best_practice1.ppt

학습영역의 Taxonomy에 기초한 CD-ROM Title의 효과분석

Microsoft PowerPoint - 3.공영DBM_최동욱_본부장-중소기업의_실용주의_CRM

보고서(겉표지).PDF

How we create value? 안전경영 조직 및 시스템 강화 위원장 위원 간사 CEO 전략사장, CFO, 인사지원실장, 사업부장, 사업장장 안전환경인프라팀장 삼성SDI는 안전사고의 위험성에 대비하고 안전한 근무환경을 조성하기 위해 전담부서 개 편과 업무 관리범위

Intro to Servlet, EJB, JSP, WS

강의지침서 작성 양식

MAX+plus II Getting Started - 무작정따라하기

DBPIA-NURIMEDIA

< FC1A4BAB8B9FDC7D D325FC3D6C1BEBABB2E687770>

15_3oracle

PROCES-WP012A-KO-P, 현재의 안전 계측 시스템(SIS)이 최신 표준을 준수하고 있습니까?

Journal of Educational Innovation Research 2019, Vol. 29, No. 1, pp DOI: (LiD) - - * Way to

00내지1번2번

thesis

Sensitive Compartmented Information Facility (SCIF) and Special Access Program Facility (SAPF) Criteria

Journal of Educational Innovation Research 2018, Vol. 28, No. 3, pp DOI: NCS : * A Study on

12È«±â¼±¿Ü339~370

<BFA9BAD02DB0A1BBF3B1A4B0ED28C0CCBCF6B9FC2920B3BBC1F62E706466>

09김정식.PDF

10송동수.hwp

Manufacturing6

Journal of Educational Innovation Research 2017, Vol. 27, No. 3, pp DOI: (NCS) Method of Con

DBPIA-NURIMEDIA

A New Equivalence Checker for Demonstrating Correctness of Synthesis and Generation of Safety-Critical Software

감사칼럼 (제131호) 다. 미국과 일본의 경제성장률(전기 대비)은 2010년 1/4분기 각각 0.9%와1.2%에서 2/4분기에는 모두 0.4%로 크게 둔화 되었다. 신흥국들도 마찬가지이다. 중국, 브라질 등 신흥국은 선진국에 비해 높은 경제성장률을 기


Æ÷Àå½Ã¼³94š

전용]

DBPIA-NURIMEDIA

3. 클라우드 컴퓨팅 상호 운용성 기반의 서비스 평가 방법론 개발.hwp


03.Agile.key

#Ȳ¿ë¼®

<30382E20B1C7BCF8C0E720C6EDC1FD5FC3D6C1BEBABB2E687770>

Orcad Capture 9.x

Product A4

Microsoft PowerPoint - AC3.pptx

< BFCFB7E15FC7D1B1B9C1A4BAB8B9FDC7D0C8B85F31352D31BCF6C1A4C8AEC0CE2E687770>

PCServerMgmt7

09권오설_ok.hwp

<313920C0CCB1E2BFF82E687770>

03-ÀÌÁ¦Çö

Rheu-suppl hwp

2 동북아역사논총 50호 구권협정으로 해결됐다 는 일본 정부의 주장에 대해, 일본군 위안부 문제는 일 본 정부 군 등 국가권력이 관여한 반인도적 불법행위이므로 한일청구권협정 에 의해 해결된 것으로 볼 수 없다 는 공식 입장을 밝혔다. 또한 2011년 8월 헌 법재판소는

Microsoft PowerPoint - Ieee standard pptx

340 法 學 硏 究 第 16 輯 第 2 號 < 국문초록 > 박근혜 정부 출범이후 상설특별검사제를 도입하기 위한 논의가 국회에서 진행 중이 다. 여당과 야당은 박근혜 대통령 공약인 상설특별검사제도를 2013년 상반기 중에 도입 하기로 합의했다. 상설특검은 고위공직자비리

< D28B9F8BFAA20BCF6C1A4BABB292E687770>


Journal of Educational Innovation Research 2018, Vol. 28, No. 1, pp DOI: * A Analysis of

192 法 學 硏 究 第 17 輯 第 2 號 < 국문초록 > 선하증권의 한계점을 극복하기 위해 실무에서 널리 화물선취보증장(L/G:Letter of Guarantee)제도가 이용되고는 있다. 그러나 수입상으로서는 추가적인 비용이 발생하고, 직접 은행을 방문해서 화물선취


untitled

2009년 국제법평론회 동계학술대회 일정

감각형 증강현실을 이용한

BSC Discussion 1

untitled

09È«¼®¿µ 5~152s

정보기술응용학회 발표

<C1DF3320BCF6BEF7B0E8C8B9BCAD2E687770>

Ver. T3_DWS.UTP-1.0 Unit Testing Plan for Digital Watch System Test Plan Test Design Specification Test Cases Specification Date Team Infor

untitled

서론 34 2

03 장태헌.hwp

슬라이드 1

VOL /2 Technical SmartPlant Materials - Document Management SmartPlant Materials에서 기본적인 Document를 관리하고자 할 때 필요한 세팅, 파일 업로드 방법 그리고 Path Type인 Ph

11¹Ú´ö±Ô

untitled

WHO 의새로운국제장애분류 (ICF) 에대한이해와기능적장애개념의필요성 ( 황수경 ) ꌙ 127 노동정책연구 제 4 권제 2 호 pp.127~148 c 한국노동연구원 WHO 의새로운국제장애분류 (ICF) 에대한이해와기능적장애개념의필요성황수경 *, (disabi

-

歯두산3.PDF


Transcription:

COTS SW Dedication Introduction and Concept 정세진 Dependable Software Laboratory Konkuk Univ.

NP-5652/TR-106439 The process overview of NP-5652 Performing combination of 4 methods to dedicate Targeting direct items Identify item program being procured Does item perform a safety function? Yes Is item being procured as a basic component? Commercial grade item No* Basic Component Procure item nonsafety related Procure item as a basic compoent Documented Safety Function(s)(by FMEA) Identify and Document Critical Characteristics Physical Performance Product/part identification, Hardware, Device interfaces Accuracy Functionality Environmental Conditions Select Acceptance Method(s) Combination of two or more methods Dependability Built-in Quality Configuration Control Operating History Method 1. Special Tests and Inspections Method 2. Survey of Commercial Supplier Method 3. Source Verification Method 4. Item/Vendor Performance Conduct acceptance activities. Evaluate and document results 2

NUREG/CR-6421 process overview The overview of NUREG/CR-6421 process Preliminary phase of criteria Identify safety function of SW Determine safety category of target COTS SW Detailed acceptance criteria Apply acceptance criteria accordance with safety category 3

LINTING 4

Linting Linter program checks static errors or potential errors and coding style guideline violations variables being used before being set division by zero conditions that are constant calculations whose result is likely to be outside the range of values representable in the type used Mixed lananguage Coding style check Etc 일반적으로 FPGA 개발에서는 RTL design 에적용됨 5

RTL Linting RTL linting is kinds of static analyzer for RTL design + rule checking There are several linting tools Leda of Synopsys SpyGlass lint of atrenta in synopsys Ascent Lint of Real Intent VHDL rule checker of Sigasi HAL of cadence => Cadence Circuit Design Tools 에서사용할수있음 They checks with their own rules and user defined rules also Ascent Lint of Real Intent FSM state reachability and coding issues Legal but dubious modeling indicating probable errors Differences between simulation and synthesis semantics Naming and RTL coding conventions Subset restrictions to enforce modeling clarity and reduce complexity Opportunities to improve simulation performance Operations with hidden or expensive implementation costs Downstream tool flow issues Network and connectivity checks for clocks, resets, and tri-state-driven signals Module partitioning rules Design testability 6

RTL Linting Rules 상용도구들의자세한규칙에대한내용은접근불가 Functional safety standard 에의한 safety lifecycle 에서 verification phase 에 static analysis 포함 ModelSim 에서는몇몇규칙에대해서 optional 하게제공 when Module ports are NULL. when assigning to an input port when referencing undeclared variables/nets in an instantiation Microsemi Libero SoC 11.5, Synopsys Synplify Pro 에서 linting 혹은 static analysis 를수행한다는것을 data sheet, white paper, guideline 에서찾아볼수없었음 7

NUREG/CR-7006 NUREG/CR-7006 is the Review Guidelines for Field-Programmable Gate Arrays in Nuclear Power Plant Safety Systems It is design practice and guidelines for developing FPGA based NPP safety systems Providing design practice guidelines for improving safety of FPGA Explain FPGA design about potentially unsafe It contains board-level (Hardware) design issue and HDL (Verilog, VHDL) design issues NUREG/CR-7006 uses framework of NUREG/CR-6463 Reliability Robustness Traceability Maintainability 8

NUREG/CR-7006 Design Entry Example Reliability If and Case Statements All of branches in if, case statements should be specified explicitly Maintainability Vendor-Specific Intellectual Property Cores Using IP Core library is able to reduce development cost and improve efficiency However, using in safety critical system should be avoided, because it makes hard to verify the system 9

Structural Analysis about FBD for safety critical software NUREG/CR-6463 기반의 Guideline 및 Rule Checker Reliability Correct Control Flow Correct Variables and Functions Type Conversion Maintainability Drawing Diagram Defining Variables Abstraction Verilog/VHDL 등에없는 keyword 사용에대해추가적인제약사항필요 Data type 에서도없는 keyword 가존재 (e.g. ANY_DURATION TIME, LTIME) NuDE 환경에서 FBD Rule checker 를 FPGA 에사용할때의영향 HDL 에존재하지않는 KEYWORD (Data type 등 ) 사용제약추가필요 변환기에서 7006 의내용적용이필요 10

IP CORE LIBRARY 11

IP Core Library IP (Intellectual Property) Core in FPGA Design, cell, chip, logic 등다시사용할수있는것들 복잡한시스템의설계를간단히하기위해미리정의한기능과회로의라이브러리 Vendor, 3 rd party 등에서제공 Microsemi 에서는 Libero SoC 안의 Smart Design tool 에서 IP Core 사용을제공 RTL code 도이용가능 12

IP Core using example in Smart Design 13

IP Core Library Generally, direct core is provided with release note, handbook, data sheet, V&V report, etc. CoreDDR is a high-performance SDRAM controller that is optimized for Microsemi FPGAs and designed to simplify system design while maximizing memory bandwidth and overall system performance Accordance with NUREG/CR-7006, IP core library is not recommended to use in safety systems 만약사용한다면, dedication 의대상이라고볼수있음 검증된 IP Core library 를사용해야함 14

IP Core Library 전체시스템 15

IP Core Library Library 로제공되는 controller 16

Vendor (Chip) specific macro libraries 각벤더 (chip) 별로합성, P&R 등의편의성을이유로 macro libraries 를지원 Dedication 대상이라기보다는대상 vendor 의 IDE 나 Synthesis 도구의 V&V 과정에서확인되어야할대상으로생각 17

OTHER STANDARDS ABOUT DEDICATION 18

Other Standards In addition to, there are some standards about COTS dedication TR-107330 : Generic Requirements Specification for Qualifying a Commercially Available PLC for Safety-Related Applications in Nuclear Power Plants, 1996 TR-107339 : Evaluating Commercial Digital Equipment for High Integrity Applications A Supplement to EPRI Report TR-106439, 1997 106439 보충 TR-104159 : Experience with the Use of Programmable Logic Controllers in Nuclear Safety Applications PLC 를대상으로 dedication 경험 NP-7218 : Guideline for Sampling in the Commercial Grade Item Acceptance Process, 1992 TR-017218 : Guideline for Sampling in the Commercial-Grade Item Acceptance Process (Revision of NP-7218), 1999 Sampling guideline => 전자 / 전기기기들을대상으로특별시험적용시에 sampling 가이드라인 19

Other Standards TR-103699 V1-2 : Programmable Logic Controller Qualification Guidelines for Nuclear Applications, 1994 PLC qualification guideline : 106439 의기반? TR-1025243 : Plant Engineering : Guidelines for the Acceptance of Commercial-Grade Design and Analysis Computer Programs Used in Nuclear Safety-Related Applications, 2013 NP-6406 : Guidelines for the Technical Evaluation of Replacement Items in Nuclear Power Plants (NCIG-11), 1989 TR-1008256 : Plant Support Engineering : Guidelines for the Technical Evaluation of Replacement Items in Nuclear Power Plants (Revision of NP- 6406), 2006 NP-5652 의 technical evaluation 부분에대한추가적인가이드라인 NP-6895 : Guidelines for the Safety Classification of Systems Components, and Parts Used in Nuclear Power Plant Applications (NCIG-17), 1991 20

Other Standards ASME NQA-1 TR-112579 : Critical Characteristics for Acceptance of Seismically Sensitive Items, 2007 Seismically sensitive 한제품들의 critical characteristics 에대해설명 TR-1016157 : Plant Support Engineering: Information for Use in Conducting Audits of Supplier Commercial Grade Item Dedication Programs NUREG-6294 : Design Factors for Safety-Critical Software, 1994 21

However Evaluation of Guidance for Tools Used to Develop Safety-Related Digital Instrumentation and Control Software for Nuclear Power Plants by NRC Task 1 Report : Survey of the State of Practice Survey of concerning the use of software tools Task 2 Report : Analysis of the State of Practice, 2014, 350 pages 여러산업표준들에대해 detailed analysis 수행, Task 3 Report : Technical Basis for Regulatory Guidance, 2015, 80 pages Technical basis for software tool regulatory guidance for review and acceptance of software tools 각종산업 (auto, railway, nuclear, aerospace, aviation), 각종기관 (NRC, IEEE, IEC, IAEA, EPRI, NIST, AECL, NASA, etc) 의 regulatory guideline, practice, experience, standard, TR 을통하여 safety-related or safety system 개발에사용되는 software tool 의 selection, evaluation, acceptance 등 the safety assessment of software tool 에대한내용정리및분석, regulatory guidance 를위한기초제공목적 TR-1025243 : Plant Engineering : Guidelines for the Acceptance of Commercial- Grade Design and Analysis Computer Programs Used in Nuclear Safety-Related Applications, 2014 Computer program 의 dedication 에대해내용제공 22

Common Position Licensing of safety critical software for nuclear reactors It is Common position of international nuclear regulators and authorized technical support organisations Common technical positions on a set of important licensing issues Task force, which contains 7 countries, establish documents for licensing issues of safety critical software (Licensing issues of safety critical software for nuclear reactors) Belgium, Germany, Canada, Spain, United Kingdom, Sweden, Finland In the later, the U.S. NRC has participated in the meetings of the task force National regulations may have additional requirements or different requirements, but hopefully in the end no essential divergence with the common positions. 23

Common Position This documents consists of involved issues, common positions, recommended practices about each licensing issues It provides 23 issues about licensing 1.1 Safety Demonstration 1.2 System Classes, Function Categories and Graded Requirements for Software 1.3 Reference Standards 1.4 Pre-existing Software (PSW) 1.5 Tools 1.6 Organizational Requirements 1.7 Software Quality Assurance Program and Plan 1.8 Security 1.9 Formal Methods 1.10 Independent Assessment 1.11 Graded Requirements for Safety Related Systems (New and Pre-existing Software) 1.12 Software Design Diversity 1.13 Software Reliability 1.14 Use of Operating Experience 1.15 Smart Sensors and Actuators 2.1 Computer Based System Requirements 2.2 Computer System Architecture and Design 2.3 Software Requirements, Architecture and Design 2.4 Software Implementation 2.5 Verification 2.6 Validation and Commissioning 2.7 Change Control and Configuration Management 2.8 Operational Requirements 24

The END END 25

FUNCTIONAL SAFETY 26

IEC 61508 Functional Safety 전자, 전기시스템의기능안전을위한표준 특정분야에구애받지않은전반적인요구사항 E/E/PE safety-related system 의기능안전성을달성하기위해필요한관리및기술적활동을명시 Safety Life Cycle 기능안전달성을위한활동을체계적으로관리하기위해제안및채택 7.5 전체안전요구사항 : Hazard & Risk analysis 를통해 E/E/PE safety-related system, 기타기술안전관련시스템, 외부리스크감소설비에대하여안전기능요구사항및완전무결성요구사항의측면에서전체안전요구사항에대한명세서를개발함으로써기능안전성을달성 각위험원에대해요구되는기능안전성을확보하기위해서필요한안전기능들이명시되어야함 리스크감소측면에서, 안전무결성요구사항 (SIL) 이각안전기능에대해명시되어야한다 61508-3 requirements 중소프트웨어개발 7.4.2.11 표준화된소프트웨어또는기존에개발된소프트웨어가설계단계에서활용된다면, 해당소프트웨어를분명하게파악해야한다. 소프트웨어안전요구사항명세를만족하는데대한소프트웨어적합성은그근거가제시되어야한다. 개발에사용되는언어, 컴파일러, 형상관리도구, V&V 도구세트는 SIL 에따라선택되어야한다 SIL 수준에따라확증인증서를보유한번역기 / 컴파일러를가져야함 충족되지못하면그타당성을문서화되어야함 부록으로정적분석의몇몇항목에대해표로표시하고있음 27

Functional Safety Certification SIL(Safety Integrity Level) : 제품의안전기능에요구되는신뢰도수준 Using Performance Measures, probability of the safety function operation 28

Functional Safety Certification Standards for providing the requirements for the functional safety system IEC 61508 : functional safety of electrical, electronic, and programmable electronic equipment IEC 61513 : for NPP system IEC 60880 : for category A software IEC 62138 : for category A software ISO 26262 : for automotive 29

IEC 60880 고려사항 Software tool 선택은 ( 개발에사용되는 ) 60880 의 1~12 chapter 의요구사항을만족하거나 15 chapter 의 assessment 를만족해야함 => dedication 관점과비슷하게사용됨 60880 의전체적인내용과 dedication 에서사용하고있는그런 critical characteristics 를통한 criteria 와잘매핑을시켜보면서두개의연관성에대해고려해보고생각할수있을것으로판단됨 적용되어야하는 assessment수준은 tool의 type에따라달라짐 1. compiler, translator 2. verification tools 3. os 4. development support systems (e.g. word processor?) 5. version control tool (e.g. svn) 각각의분류에따른수준에대한언급부족 Compiler, translator 의 optimization Should be avoided 사용한다면, 컴파일결과에대해 test, verification, validation 반드시수행 30

COMMON POSITION EXAMPLE 31

1.4 Pre-existing Software Issues Involved Issues involved A set of issues about licensing Issues about 1.4 pre-existing software The functional behavior and non-functional qualities of the PSW is often not clearly specified and documented It is not certain that developing under safety life cycle like IEC 60880 The operational experience of the PSW are not often enough to compensate for the lack of knowledge on the PSW (information about product and development process) 32

1.4 Pre-existing Software Common Position Common Position A set of common positions on the basis for licensing and evidence which should be sought by task forces Common positions about 1.4 pre-existing software The functions that have to be performed by PSW, shall be clearly and unambiguously specified The code version of PSW shall be clearly identified The interfaces (the user or other software) shall be clearly identified The PSW shall have been developed and maintained according to QA standards and software development process Documentation and source code shall be available if modification Documents of quality assurance plan and development process shall be available Conditions for accepting Verify the functions performed by the PSW about requirements specification The PSW functions shall be validated by testing Defects which are found during validation shall be analyzed 33

1.4 Pre-existing Software Recommended Practices Recommended Practices Consensus on best design and licensing recommended practices by task forces Recommended Practices about 1.4 pre-existing software Operational experience may be regarded as evidence to validation or verification 34

Example of Certification by IEC 61508 This product receives IEC-61508 SIL2 certification 내압방폭구조로서폭발위험지역에설치하여가연성, CO2, CO, N2O 가스를연속적으로감지 35

TI development process SafeTI software development process receive functional safety ceritification 36