NUREG/CR-6463, "Review Guidelines on Software Languages for Use in Nuclear Power Plant Safety Systems. Final Report."
Total Page:16
File Type:pdf, Size:1020Kb
NUREG/CR-6463 Review Guidelines on Software Languages for Use in Nuclear Power Plant Safety Systems Final Report Prepared by H. Hecht, M. Hecht, S. Graff, W Green, D. Lin, S. Koch, A. Tai, D. Wendelboe SoHar Incorporated Prepared for U.S. Nuclear Regulatory Commission AVAILABILITY NOTICE Availability of Reference Materials Cited in NRC Publications Most documents cited In NRC publications will be available from one of the following sources: 1. The NRC Public Document Room, 2120 L Street, NW., Lower Level, Washington, DC 20555-0001 2. The Superintendent of Documents, U.S. Government Printing Office, P. 0. Box 37082, Washington, DC 20402-9328 3. The National Technical Information Service, Springfield, VA 22161-0002 Although the listing that follows represents the majority of documents cited in NRC publications, it is not in- tended to be exhaustive. Referenced documents available for inspection and copying for a fee from the NRC Public Document Room include NRC correspondence and internal NRC memoranda; NRC bulletins, circulars, information notices, in- spection and investigation notices; licensee event reports; vendor reports and correspondence; Commission papers; and applicant and licensee documents and correspondence. The following documents In the NUREG series are available for purchase from the Government Printing Office: formal NRC staff and contractor reports, NRC-sponsored conference proceedings, international agreement reports, grantee reports, and NRC booklets and brochures. Also available are regulatory guides, NRC regula- tions In the Code of Federal Regulations, and Nuclear Regulatory Commission Issuances. Documents available from the National Technical Information Service include NUREG-series reports and tech- nical reports prepared by other Federal agencies and reports prepared by the Atomic Energy Commission, forerunner agency to the Nuclear Regulatory Commission. Documents available from public and special technical libraries include all open literature items, such as books, journal articles, and transactions. FederalRegister notices, Federal and State legislation, and congressional reports can usually be obtained from these libraries. Documents such as theses, dissertations, foreign reports and translations, and non-NRC conference pro- ceedings are available for purchase from the organization sponsoring the publication cited. Single copies of NRC draft reports are available free, to the extent of supply, upon written request to the Office of Administration, Distribution and Mail Services Section, U.S. Nuclear Regulatory Commission, Washington, DC 20555-0001. Copies of industry codes and standards used in a substantive manner in the NRC regulatory process are main- tained at the NRC Library, Two White Flint North, 11545 Rockville Pike, Rockville. MD 20852-2738, for use by the public. Codes and standards are usually copyrighted and may be purchased from the originating organiza- tion or, if they are American National Standards, from the American National Standards Institute, 1430 Broad- way, New York, NY 10018-3308. DISCLAIMER NOTICE This report was prepared as an account of work sponsored by an agency of the United States Government. Neitherthe United States Government nor any agency thereof, nor any of their employees, makes any warranty, expressed or implied, or assumes any legal liability or responsibility for any third party's use, or the results of such use, of any information, apparatus, product, or process disclosed in this report, or represents that its use by such third party would not infringe privately owned rights. NUREG/CR-6463 Review Guidelines on Software Languages for Use in Nuclear Power Plant Safety Systems Final Report Manuscript Completed: June 1996 Date Published: June 1996 Prepared by H. Hecht, M. Hecht, S. Graff, W. Green, D. Lin, S. Koch, A. 'Thi, D. Wendelboe SoHar Incorporated 8421 Wilshire Boulevard Beverly Hills, CA 90211 R. Brill, NRC Project Manager Prepared for Division of Systems Technology Office of Nuclear Regulatory Research U.S. Nuclear Regulatory Commission Washington, DC 20555-0001 NRC Job Code W6208 Abstract Guidelines for the programming and auditing of software written in high level languages for safety systems are presented. The guidelines are derived from a framework of issues significant to software safety which was gathered from relevant standards and research literature. Language-specific adaptations of these guidelines are provided for the following high level languages: Ada, C/C++, Programmable Logic Controller (PLC) Ladder Logic, International Electrotechnical Commission (IEC) Standard 1131-3 Sequential Function Charts, Pascal, and PL/M. Appendices to the report include a tabular summary of the guidelines and additional information on selected languages. iii NUREG/CR-6463 Table of Contents List of Figures ........................................ ................. x L ist of Tables ................................................................ xi Executive Summary .................................................... xii A cknow ledgem ents .......................................................... xiv List of A cronym s ............................................................. xv Introduction .......................................................... 1-1 1.1 Scope ......................................................... 1-1 1.2 M ethodology ................................................... 1-3 1.2.1 Task 1 M ethodology ....................................... 1-3 1.2.2 Task 2 M ethodology ....................................... 1-6 1.2.3 Task 3 M ethodology ........................................ 1-6 1.2.4 Tasks 4 and 5 M ethodology ................................. 1-6 1.3 Technical basis .................................................. 1-7 1.4 Contents Overview ............................................... 1-8 R eferences .......................................................... 1-10 2 Generic Safe Programming Attributes ...................................... 2-1 2.1 R eliability ...................................................... 2-2 2.1.1 Predictability of Memory Utilization .......................... 2-4 2.1.2 Predictability of Control Flow ............................... 2-5 2.1.3 Predictability of Timing ................................... 2-11 2.2 R obustness .................................................... 2-12 2.2.1 Controlling Use of Diversity ............................... 2-12 2.2.2 Controlling Use of Exception Handling ....................... 2-14 2.2.3 Checking Input and Output ................................ 2-15 2.3 Traceability ................................................... 2-16 2.3.1 Controlling Use of Built-In Functions ........................ 2-16 2.3.2 Controlling Use of Compiled Libraries ....................... 2-17 2.4 M aintainability ................................................. 2-17 2.4.1 Readability ............................................. 2-19 2.4.2 Data Abstraction ........................................ 2-23 2.4.3 Functional Cohesiveness .................................. 2-24 2.4.4 M alleability ............................................ 2-25 2.4.5 Portability .............................................. 2-25 R eferences .......................................................... 2-27 3 A d a . .. .. .. .. 3 -1 3.1 R eliability ...................................................... 3-1 3.1.1 Predictability of Memory Utilization .......................... 3-1 3.1.2 Predictability of Control Flow ............................... 3-6 v NUREG/CR-6463 3.1.3 Predictability of Timing ................................... 3-22 3.2 R obustness .................................................... 3-26 3.2.1 Controlled Use of Software Diversity ........................ 3-27 3.2.2 Controlled Use of Exception Handling ....................... 3-27 3.2.3 Input and Output Data Checking ............................ 3-31 3.3 Traceability ................................................... 3-31 3.3.1 Use of Built-In Functions .................................. 3-32 3.3.2 Use of Compiled Libraries ................................. 3-32 3.3.3 Ada Run-time Environment ................................ 3-33 3.3.4 Maintaining Traceability Between Source Code and Compiled Code 3-33 3.3.5 Minimizing Use of Generic Units ........................... 3-34 3.4 M aintainability ................................................. 3-34 3.4.1 R eadability ............................................. 3-34 3.4.2 Data Abstraction ............................. .......... 3-41 3.4.3 Functional Cohesiveness .................................. 3-42 3.4.4 M alleability ............................................ 3-42 3.4.5 Portability .............................................. 3-42 R eferences .......................................................... 3-45 4 C and C++ ........................................................... 4-1 4.1 R eliability ...................................................... 4-1 4.1.1 Predictability of Memory Utilization ........................... 4-1 4.1.2 Predictability of Control Flow ............................... 4-11 4.1.3 Predictability of Timing .................................... 4-39 4.2 R obustness .................................................... 4-42 4.2.1 Controlled Use of Software Diversity ......................... 4-43 4.2.2 Controlled Use of Exception Handling ........................ 4-43 4.2.3 Input and Output Checking ................................. 4-46 4.3 Traceability