Licensing aspects of FPGAbased NPP I

1
Licensing aspects of FPGA-based NPP IC systems
Ukrainian experience
Volodymyr Sklyar, Mikhail Yastrebenetsky State
Scientific Technical Center on Nuclear and
Radiation Safety, Ukraine
2
Contents
1. Licensing of NPP IC systems based on the IC
platform RADIY
2. Assessment of FPGA-based NPP IC systems
compliance to safety requirements
3
1. Licensing of NPP IC systems based on the IC
platform RADIY
4
Licensing of NPP IC systems based on the IC
platform RADIY
NPP IC systems based on IC platform RADIY have
been licensed
IC platform RADIY includes FPGAs as programmable
components. Licensing aspects of FPGA-based NPP
IC systems lay in peculiarities of
FPGA-technology.
in Ukraine
in Russia
in Bulgaria.
5
Licensing of NPP IC systems based on the IC
platform RADIY
Peculiarities of FPGA from the point of view of
licensing (1)
FPGA is considered as programmable components
qualification is done for technical means which
include FPGA
6
Licensing of NPP IC systems based on the IC
platform RADIY
Peculiarities of FPGA from the point of view of
licensing (1)
FPGA is considered as programmable components
qualification is done for technical means
which include FPGA
7
Licensing of NPP IC systems based on the IC
platform RADIY
Peculiarities of FPGA from the point of view of
licensing (2)
FPGA projects are considered as SW types and
can include

• graphic diagrams of digital devices at
  problem-oriented languages
• 2) code at the language of equipment
  description
• 3) assembly code or code at the languages of
  high level, which is executed in environmentof
  microprocessors emulators implemented in FPGA.

8
Licensing of NPP IC systems based on the IC
platform RADIY
Peculiarities of FPGA from the point of view of
licensing (2)
Graphic diagram
9
Licensing of NPP IC systems based on the IC
platform RADIY
Peculiarities of FPGA from the point of view of
licensing (2)
VHDL program code
10
Licensing of NPP IC systems based on the IC
platform RADIY
Peculiarities of FPGA from the point of view of
licensing (2)
An example of FPGA-based controller
11
Licensing of NPP IC systems based on the IC
platform RADIY
Peculiarities of FPGA from the point of view of
licensing (3)
development of FPGA projects is a part of
life cycle of NPP IC system, which corresponds
to SW designing development stages of FPGA
consider the specifics of applied technologies
and tools each of the stages of FPGA
development is finished with verification of
received product specifics of applied methods
and tools is considered during verification of
FPGA projects.
12
Licensing of NPP IC systems based on the IC
platform RADIY
Peculiarities of FPGA from the point of view of
licensing (3)
Development and verification of FPGA-project
13
Licensing of NPP IC systems based on the IC
platform RADIY
A place of development and verification processes
of FPGA-projects in life cycle of NPP IC systems
(the base figure is from IAEA NS-G-1.1)
14
2. Assessment of FPGA-based NPP IC systems
compliance with safety requirements
15
Assessment of FPGA-based NPP IC systems
compliance with safety requirements
Documents which are passed through during
licensing process of IC systems for Ukrainian
NPP
 Conception of NPP IC system modernization  I
C system Requirements Specification (Term of
References)  Quality Assurance
Program  Software Verification Plan  Software
Verification Report  Validation
Plan  Validation Report  FAT and SAT Testing
Plans  FAT and SAT Testing Reports  Safety
Assessment Report.
State Scientific Technical Center on Radiation
and Nuclear Safety (supporting organization of
Ukrainian Regulatory Authority) has performed
independent state safety reviews (expertise) for
NPP IC system in Ukraine.
16
Assessment of FPGA-based NPP IC systems
compliance with safety requirements
Basic IAEA standards which contain requirements
to NPP IC systems
IAEA NS-R-1. Safety of nuclear power plants
design IAEA NS-R-2. Safety of nuclear power
plants operation IAEA NS-G-1.1. Software for
computer based systems important to safety in
nuclear power plants IAEA NS-G-1.2. Safety
assessment and verification for nuclear power
plants IAEA NS-G-1.3. Instrumentation and
control systems important to safety in nuclear
power plants IAEA NS-G-1.6. Seismic Design and
Qualification for Nuclear Power Plants IAEA
NS-G-2.3. Modifications to nuclear power plants.
17
Assessment of FPGA-based NPP IC systems
compliance with safety requirements
Basic IEC standards which contain requirements to
NPP IC systems
IEC 607801998. Nuclear power plants
Electrical equipment of the safety system
Qualification IEC 608802006. Nuclear power
plants Instrumentation and control systems
important to safety Software aspects for
computer-based systems performing category A
functions IEC 609801989. Recommended
practices for seismic qualification of electrical
equipment of the safety system for nuclear
generating stations IEC 609872007. Nuclear
power plants Instrumentation and control
important to safety Hardware design
requirements for computer-based systems
18
Assessment of FPGA-based NPP IC systems
compliance with safety requirements
Basic IEC standards which contain requirements to
NPP IC systems
IEC 612262005. Nuclear power plants
Instrumentation and control systems important to
safety Classification of instrumentation and
control functions IEC 615132001. Nuclear
power plants Instrumentation and control for
systems important to safety General
requirements for systems IEC 621382004.
Nuclear power plants Instrumentation and
control for systems important to safety
Software aspects for computer-based systems
performing category B or C functions.
IEC 623402007. Nuclear power plants
Instrumentation and control systems important to
safety Requirements for coping with common
cause failure (CCF).
19
Assessment of FPGA-based NPP IC systems
compliance with safety requirements
Assessment of compliance with IAEA and IEC safety
requirements can be realized by the following
ways
 technical documentation analysis
 qualification testing
 analytical calculations
 functional validation testing
 software verification.
20
Assessment of FPGA-based NPP IC systems
compliance with safety requirements
The following requirements compliance is assessed
by technical documentation analysis
requirements to defense from common case
failures requirements to single failure
criterion requirements to redundancy
principle requirements to independency
principle requirements to personal errors
avoidance requirements to security
requirements to human-machine interface
requirements to quality.
21
Assessment of FPGA-based NPP IC systems
compliance with safety requirements
The following requirements compliance is assessed
by qualification testing
 requirements to timing characteristics  requir
ements to technical diagnostic  requirements to
stability against environment impacts  requireme
nts to stability against mechanical and seismic
impacts  requirements to stability against
power supply parameters changing  requirements
to electromagnetic compatibility.
22
Assessment of FPGA-based NPP IC systems
compliance with safety requirements
The following requirements compliance is
assessed by analytical calculations
 requirements to reliability indicators
 requirements to accuracy.
Compliance with requirements to functions
performance is assessed by validation
testing. Compliance with requirements to software
is assessed by verification. Results of
independent state safety reviews (expertise) have
proved complying of IC systems based on the IC
platform RADIY with IAEA and IEC standards safety
requirements.
23
Assessment of FPGA-based NPP IC systems
compliance with safety requirements
Requirements to reliability indicators
IAEA NS-R-1 (3.8) IAEA NS-G-1.3 (4.12, 4.33,
7.27) IEC 60987 (4.2) IEC 61513 (3.50, 6.1.1.1.1,
6.1.3.1.2)
24
Assessment of FPGA-based NPP IC systems
compliance with safety requirements
Reliability requirements to IC systems safety
functions
25
Assessment of FPGA-based NPP IC systems
compliance with safety requirements
Requirements to supporting of reliability of
safety functions performance
26
Assessment of FPGA-based NPP IC systems
compliance with safety requirements
Requirements to diversity principle
IAEA NS-R-1 (6.14, 6.34,6.40, 6.85) IAEA NS-G-1.3
(6.23-6.30) IEC 61513 (5.1.2.1.1, 5.3.1.5) IEC
62340 (3.1, 5.1)
This principle is realized on the lower level of
IC platform RADIY, for this principle were
developed main and diverse variants of execution
of main functional modules. Observance of variety
principle (diversity) is provided by means of
application  elemental base from different
manufacturers  different circuits of
hardware  different programmable components
(FPGA and microprocessors)  different SW
(different programming languages and development
tools)  different teams of designers.
27
Assessment of FPGA-based NPP IC systems
compliance with safety requirements
Requirements to defense from common case failures
IAEA NS-R-1 (5.33) IAEA NS-G-1.3 (4.18,
4.63) IAEA NS-G-2.3 (4.26) IEC 62340 (3.1, 5.1.1,
9.1.1)
The following measures are taken to protect from
software failures  decrease of program code
volume by means of application of FPGA as
programmable components  application of shared
SW and separation of executed functions of safety
category A from functions of safety category B
and C  using of methods and development tools
which are directed for prevention of defects
addition in SW  realization of SW self-control
and self-diagnostics functions  accomplishing
of SW verification.
28
Assessment of FPGA-based NPP IC systems
compliance with safety requirements
The following measures are applied to protect
from mistakes in hardware designing  observance
of independence principle  realization of
technical diagnostics means  application of
technical decisions and elemental base which are
approved by operation experience at NPP power
units  execution of total volume of hardware
qualification testing and IC functions
validation. In IC platform RADIY are realized
all necessary technical decisions which decrease
the probability of personnel mistakes, provide
stability of products to impact of temperature,
pressure, humidity, mechanical vibration and
strokes, electromagnetic interference, power
supply parameters deviations and other external
effecting factors which are possible during
operation.
29
Assessment of FPGA-based NPP IC systems
compliance with safety requirements
Requirements to timing characteristics
IAEA NS-G-1.3 (7.55) IEC 60987 (4.1)
Timing characteristics are given as duration of
input cycles of continuous and discrete signals
(not less than 6 ms) and threshold
values  resolution capability on the time of
data input (not worse than 0,01 s for discrete
signals, which characterize limits violation
and/or safe operation conditions and for
protection commands, 0,1 s for other discrete
signals, 1 s for continuous signals)  delays in
discrete functions execution (not more than 0,1 s
for outputting of control commands, 1 s for
annunciation about arising violations, 2-4 s for
data call for representation and/or registration,
1 min for annunciation about unauthenticity of
input information and detected failures)  speed
of continuous functions execution (calculations
not less than 100 design variables per second,
comparison with set points up to 10 times per
second for each of the controlled parameters,
archiving 100-150 values per second for each of
the controlled parameters).
30
Assessment of FPGA-based NPP IC systems
compliance with safety requirements
Requirements to supporting of quality of safety
functions performance
31
Assessment of FPGA-based NPP IC systems
compliance with safety requirements
Requirements to stability against environment
impacts
IAEA NS-R-1 (5.17, 5.45) IAEA NS-G-1.2 (3.91,
3.92, 3.94, 3.96) IAEA NS-G-1.3 (4.62, 4.64)
32
Assessment of FPGA-based NPP IC systems
compliance with safety requirements
Working and testing values of external impacts
for equipment of IC platform RADIY
33
Assessment of FPGA-based NPP IC systems
compliance with safety requirements
Requirements to stability against mechanical and
seismic impacts
IAEA NS-G-1.2 (3.43) IEC 60780 (5.3.4.1,
5.3.2) IEC 60980 (4.1)
34
Assessment of FPGA-based NPP IC systems
compliance with safety requirements
Testing values of seismic impacts for equipment
of IC platform RADIY
35
Assessment of FPGA-based NPP IC systems
compliance with safety requirements
Requirements to electromagnetic compatibility
IAEA NS-G-1.3 (4.77, 4.78, 5.40)
Hardness degree of electromagnetic compatibility
testing for equipment of IC platform RADIY
36
Assessment of FPGA-based NPP IC systems
compliance with safety requirements
Hardness degree of electromagnetic compatibility
testing for equipment of IC platform RADIY
37
Assessment of FPGA-based NPP IC systems
compliance with safety requirements
Requirements to stability against power supply
parameters changing
IEC 60987 (5.5)
Equipment of IC platform RADIY should be stable
against power supply parameters
changing  continuous (without time limit)
deviation of steady voltage from minus 15 up to
plus 10  short-time voltage deviations from
minus 30 up to plus 25 within 2 s with
intervals up to 10 s  frequency deviations from
plus 2 up to minus 2 (without time limit) and
up to minus 6 (within 10 s)  difference of
voltage phase angles of three-phase network up to
5 grades  deformation of the form of voltage
curve (coefficient of wave constituent  up
to 10).
38
Assessment of FPGA-based NPP IC systems
compliance with safety requirements
Requirements to software (IAEA NS-G-1.1, IEC
60880, IEC 62138)
39
Assessment of FPGA-based NPP IC systems
compliance with safety requirements
Requirements to software (IAEA NS-G-1.1, IEC
60880, IEC 62138)
40
Conclusion
41
Thank for your attention!
Company Radiy 29 Geroy?v Stalingrada
street, Kirovograd, Ukraine Tel. 38 (0522) 37
30 20 Fax 38 (0522) 55 51 79 E-Mail
marketing_at_radiy.kr.ua
http//www.radiy.kr.ua