Software certification experience in the canadian nuclear industry: lessons for the future

Authors:
Alan Wassyng;Mark S. Lawford;Thomas S.E. Maibaum
Affiliations:
McMaster University, Hamilton, ON, Canada;McMaster University, Hamilton, ON, Canada;McMaster University, Hamilton, ON, Canada
Venue:
EMSOFT '11 Proceedings of the ninth ACM international conference on Embedded software
Year:
2011

Citing 10
Cited 0

Symbolic model checking: 1020 states and beyond

Information and Computation - Special issue: Selections from 1990 IEEE symposium on logic in computer science
Formal Verification for Fault-Tolerant Architectures: Prolegomena to the Design of PVS

IEEE Transactions on Software Engineering
Model Cheking

Proceedings of the 17th Conference on Foundations of Software Technology and Theoretical Computer Science
SCR*: A Toolset for Specifying and Analyzing Software Requirements

CAV '98 Proceedings of the 10th International Conference on Computer Aided Verification
Practical Application of Functional and Relational Methods for the Specification and Verification of Safety Critical Software

AMAST '00 Proceedings of the 8th International Conference on Algebraic Methodology and Software Technology
Software tools for safety-critical software development

International Journal on Software Tools for Technology Transfer (STTT) - A View from Formal Methods 2003 (pp 301-354); Special Section on Recent Advances in Hardware Verification (pp 355-447)
CVC3

CAV'07 Proceedings of the 19th international conference on Computer aided verification
Structured Assurance Case Methodology for Assessing Software Trustworthiness

SSIRI-C '10 Proceedings of the 2010 Fourth International Conference on Secure Software Integration and Reliability Improvement Companion
A tabular expression toolbox for matlab/simulink

NFM'11 Proceedings of the Third international conference on NASA Formal methods
Software certification: is there a case against safety cases?

FOCS'10 Proceedings of the 16th Monterey conference on Foundations of computer software: modeling, development, and verification of adaptive systems

Quantified Score

Hi-index	0.00

Visualization

Abstract

The computer controlled shutdown systems for the Nuclear Power Generating Station at Darlington, Canada, have been subject to licensing scrutinization on a number of occasions. After the first licence was approved in 1990, the licensee, Ontario Hydro, was given a number of years by the regulator to redesign the shutdown systems so that they would be more maintainable. This paper briefly describes the original certification process, lessons learned, and the subsequent development and certification of the shutdown systems. The development, internal certification processes and the regulator's certification process are briefly described. Although twenty years has elapsed since this work started, and there are new analysis techniques and tools that could be applied today, the original process itself has withstood the test of time extraordinarily well. This paper describes principles that explain why it was so successful, and how we can develop more modern approaches from this experience.