| Popis: |
1.1 Problem of decreasing common cause failure probability for nuclear power plant instrumentation and control systems To guarantee required level of dependability, safety and security of computer-based systems for critical (safety-critical, mission-critical and business-critical) applications it is used diversity approach. This approach implies development, choice and implementation of a few diverse design options of redundant channels for created system. Probability of common cause failure (CCF) of safety-critical systems may be essentially decreased due to selection and deployment of different diversity types on the assumption of maximal independence of redundant channels realizing software-hardware versions. This circumstance calls forth that a lot of international and national standards and guides contain the requirements to use diversity in safety-critical systems, first of all, in nuclear power plant (NPP) instrumentation and control systems (IC Wood et al., 2009; Gorbenko et al., 2009; Kharchenko et al., 2010; Sommerville, 2011). Application of the modern information and electronic technologies and component-based approaches to development in critical areas, on the one hand, improve reliability, availability, maintainability and safety characteristics of digital I&Cs. On the other hand, these technologies cause additional risks or so-called safety deficits. Microprocessor (software)-based systems are typical example in that sense. Advantages of this technology are well-known, however a program realization may increase CCF probability of complex software-based I&Cs. Software faults and design faults as a whole are the most probable reason of CCFs. These faults are replicated in redundant channels and cause a fatal failure of computer-based systems. It allows to conclude that, “fault-tolerant” system with identical channels may be “non-tolerant” or “not enough tolerant” to design faults. For example, software design faults caused more than 80% failures of computer-based rocket-space systems which were fatal in 1990 years (Kharchenko et al., 2003) and caused 13% emergencies of space systems and 22% emergencies of carrier rockets (Tarasyuk et al., 2011). The CCF risks may be essential for diversity-oriented or so-called multi-version systems (MVSs) (Kharchenko, 1999) as well if choice of version redundancy type and development |
