1、IEEE Standard Criteria for Programmable Digital Devices in Safety Systems of Nuclear Power Generating StationsIEEE Std 7-4.3.2-2016(Revision of IEEE Std 7-4.3.2-2010)IEEE Power and Energy SocietySponsored by the Nuclear Power Engineering CommitteeIEEE3 Park AvenueNew York, NY 10016-5997USAIEEE Std 7
2、-4.3.2-2016(Revision of IEEE Std 7-4.3.2-2010)IEEE Standard Criteria for Programmable Digital Devices in Safety Systems of Nuclear Power Generating StationsSponsorNuclear Power Engineering Committeeof theIEEE Power and Energy SocietyApproved 29 January 2016IEEE-SA Standards BoardAbstract: Additional
3、 specifi c requirements to supplement the criteria and requirements of IEEE Std 603 are specifi ed for programmable digital devices. Within the context of this standard, the term programmable digital device is any device that relies on software instructions or programmable logic to accomplish a func
4、tion. Examples include a computer, a programmable hard-ware device, or a device with fi rmware. Systems using these devices will also be referred to as digital safety systems in this standard. The criteria contained herein, in conjunction with criteria in IEEE Std 603, establish minimum functional a
5、nd design requirements for programmable digital devices used as components of a safety system.Keywords: commercial grade item, diversity, IEEE 7-4.3.2, programmable digital devices, safety systems, software, software tools, software verifi cation and validationThe Institute of Electrical and Electro
6、nics Engineers, Inc.3 Park Avenue, New York, NY 10016-5997, USACopyright 2016 by The Institute of Electrical and Electronics Engineers, Inc.All rights reserved. Published 25 August 2016. Printed in the United States of America.IEEE is a registered trademark in the US. Patent and Trademark Offi ce, o
7、wned by The Institute of Electrical and Electronics Engineers, Incorporated.PDF: ISBN 978-1-5044-0859-2 STD20898Print: ISBN 978-1-5044-0860-8 STDPD20898IEEE prohibits discrimination, harassment, and bullying.For more information, visit http:/www.ieee.org/web/aboutus/whatis/policies/p9-26.html.No par
8、t of this publication may be reproduced in any form, in an electronic retrieval system or otherwise, without the prior written permission of the publisher.3Copyright 2016 IEEE. All rights reserved.Important Notices and Disclaimers Concerning IEEE Standards DocumentsIEEE documents are made available
9、for use subject to important notices and legal disclaimers. These notices and disclaimers, or a reference to this page, appear in all standards and may be found under the heading “Important Notice” or “Important Notices and Disclaimers Concerning IEEE Standards Documents.”Notice and Disclaimer of Li
10、ability Concerning the Use of IEEE Standards DocumentsIEEE Standards documents (standards, recommended practices, and guides), both full-use and trial-use, are developed within IEEE Societies and the Standards Coordinating Committees of the IEEE Standards Association (“IEEE-SA”) Standards Board. IEE
11、E (“the Institute”) develops its standards through a consensus development process, approved by the American National Standards Institute (“ANSI”), which brings together volunteers representing varied viewpoints and interests to achieve the fi nal product. Volunteers are not necessarily members of t
12、he Institute and participate without compensation from IEEE. While IEEE administers the process and establishes rules to promote fairness in the consensus development process, IEEE does not independently evaluate, test, or verify the accuracy of any of the information or the soundness of any judgmen
13、ts contained in its standards.IEEE does not warrant or represent the accuracy or content of the material contained in its standards, and expressly disclaims all warranties (express, implied and statutory) not included in this or any other document relating to the standard, including, but not limited
14、 to, the warranties of: merchantability; fi tness for a particular purpose; non-infringement; and quality, accuracy, effectiveness, currency, or completeness of material. In addition, IEEE disclaims any and all conditions relating to: results; and workmanlike effort. IEEE standards documents are sup
15、plied “AS IS” and “WITH ALL FAULTS.”Use of an IEEE standard is wholly voluntary. The existence of an IEEE standard does not imply that there are no other ways to produce, test, measure, purchase, market, or provide other goods and services related to the scope of the IEEE standard. Furthermore, the
16、viewpoint expressed at the time a standard is approved and issued is subject to change brought about through developments in the state of the art and comments received from users of the standard.In publishing and making its standards available, IEEE is not suggesting or rendering professional or oth
17、-er services for, or on behalf of, any person or entity nor is IEEE undertaking to perform any duty owed by any other person or entity to another. Any person utilizing any IEEE Standards document, should rely upon his or her own independent judgment in the exercise of reasonable care in any given ci
18、rcumstances or, as appropriate, seek the advice of a competent professional in determining the appropriateness of a given IEEE standard.IN NO EVENT SHALL IEEE BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO: PROCUREMENT OF S
19、UBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROF-ITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABIL-ITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE PUBLICATION, USE OF, OR RELIANCE UPON ANY STANDARD,
20、EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE AND REGARDLESS OF WHETHER SUCH DAMAGE WAS FORESEEABLE.4Copyright 2016 IEEE. All rights reserved.TranslationsThe IEEE consensus development process involves the review of documents in English only. In the event that an IEEE standard is translated, onl
21、y the English version published by IEEE should be considered the approved IEEE standard.Offi cial statementsA statement, written or oral, that is not processed in accordance with the IEEE-SA Standards Board Operations Manual shall not be considered or inferred to be the offi cial position of IEEE or
22、 any of its committees and shall not be considered to be, or be relied upon as, a formal position of IEEE. At lectures, symposia, seminars, or educational courses, an individual presenting information on IEEE standards shall make it clear that his or her views should be considered the personal views
23、 of that individual rather than the formal position of IEEE.Comments on standardsComments for revision of IEEE Standards documents are welcome from any interested party, regardless of membership affi liation with IEEE. However, IEEE does not provide consulting information or advice per-taining to IE
24、EE Standards documents. Suggestions for changes in documents should be in the form of a pro-posed change of text, together with appropriate supporting comments. Since IEEE standards represent a con-sensus of concerned interests, it is important that any responses to comments and questions also recei
25、ve the concurrence of a balance of interests. For this reason, IEEE and the members of its societies and Standards Coordinating Committees are not able to provide an instant response to comments or questions except in those cases where the matter has previously been addressed. For the same reason, I
26、EEE does not respond to interpretation requests. Any person who would like to participate in revisions to an IEEE standard is welcome to join the relevant IEEE working group.Comments on standards should be submitted to the following address:Secretary, IEEE-SA Standards Board445 Hoes LanePiscataway,
27、NJ 08854 USALaws and regulationsUsers of IEEE Standards documents should consult all applicable laws and regulations. Compliance with the provisions of any IEEE Standards document does not imply compliance to any applicable regulatory require-ments. Implementers of the standard are responsible for o
28、bserving or referring to the applicable regulatory requirements. IEEE does not, by the publication of its standards, intend to urge action that is not in compliance with applicable laws, and these documents may not be construed as doing so.CopyrightsIEEE draft and approved standards are copyrighted
29、by IEEE under US and international copyright laws. They are made available by IEEE and are adopted for a wide variety of both public and private uses. These include both use, by reference, in laws and regulations, and use in private self-regulation, standardization, and the pro-motion of engineering
30、 practices and methods. By making these documents available for use and adoption by public authorities and private users, IEEE does not waive any rights in copyright to the documents.5Copyright 2016 IEEE. All rights reserved.Updating of IEEE Standards documentsUsers of IEEE Standards documents shoul
31、d be aware that these documents may be superseded at any time by the issuance of new editions or may be amended from time to time through the issuance of amendments, corri-genda, or errata. An official IEEE document at any point in time consists of the current edition of the document together with a
32、ny amendments, corrigenda, or errata then in effect.Every IEEE standard is subjected to review at least every 10 years. When a document is more than 10 years old and has not undergone a revision process, it is reasonable to conclude that its contents, although still of some value, do not wholly refl
33、ect the present state of the art. Users are cautioned to check to determine that they have the latest edition of any IEEE standard.In order to determine whether a given document is the current edition and whether it has been amended through the issuance of amendments, corrigenda, or errata, visit th
34、e IEEE-SA Website at http:/ieeexplore.ieee.org/Xplore/home.jsp or contact IEEE at the address listed previously. For more information about the IEEE SA or IEEEs standards development process, visit the IEEE-SA Website at http:/standards.ieee.org.ErrataErrata, if any, for all IEEE standards can be ac
35、cessed on the IEEE-SA Website at the following URL: http:/standards.ieee.org/findstds/errata/index.html. Users are encouraged to check this URL for errata periodically.PatentsAttention is called to the possibility that implementation of this standard may require use of subject matter covered by pate
36、nt rights. By publication of this standard, no position is taken by the IEEE with respect to the existence or validity of any patent rights in connection therewith. If a patent holder or patent applicant has filed a statement of assurance via an Accepted Letter of Assurance, then the statement is li
37、sted on the IEEE-SA Website at http:/standards.ieee.org/about/sasb/patcom/patents.html. Letters of Assurance may indicate whether the Submitter is willing or unwilling to grant licenses under patent rights without compensation or under reasonable rates, with reasonable terms and conditions that are
38、demonstrably free of any unfair discrim-ination to applicants desiring to obtain such licenses.Essential Patent Claims may exist for which a Letter of Assurance has not been received. The IEEE is not re-sponsible for identifying Essential Patent Claims for which a license may be required, for conduc
39、ting inquiries into the legal validity or scope of Patents Claims, or determining whether any licensing terms or conditions provided in connection with submission of a Letter of Assurance, if any, or in any licensing agreements are reasonable or non-discriminatory. Users of this standard are express
40、ly advised that determination of the valid-ity of any patent rights, and the risk of infringement of such rights, is entirely their own responsibility. Further information may be obtained from the IEEE Standards Association.6Copyright 2016 IEEE. All rights reserved.ParticipantsAt the time this stand
41、ard was completed, the Subcommittee Working Group 6.4 had the following membership:Warren Odess-Gillet, ChairAkira FukumotoDavid HerrellRonald JarretLee MeekKirklyn MelsonTy RogersRichard StattelMasafumi UtsumiDeanna ZhangThe following members of the individual balloting committee voted on this stan
42、dard. Balloters may have voted for approval, disapproval, or abstention.Satish K. AggarwalAngela AnuszewskiGeorge BallassiRoyce BeacomDaniel BrosnanNissen BursteinRobert CarruthSuresh ChannarasappaTom CrawfordPaul CrollJohn DisoswayNeal DowlingJohn ErincStephen FlegerJames GleasonRandall GrovesAjit
43、GwalDaryl HarmonHamidreza HeidarisafaRaymond HerbDavid HerrellWerner HoelzlDavid HorvathGreg HostetterRonald JarrettChad KigerG. LangWilliam LumpkinsJohn MacdonaldMichael MayKirklyn MelsonWarren Odess-GillettJan PirrongBartien SayogoRaymond SenechalJohn VergisMichael WatermanWhen the IEEE-SA Standar
44、ds Board approved this standard on 29 January 2016 it had the following membership:Jean-Philippe Faure, ChairVacant Position, Vice ChairJohn Kulick, Past ChairKonstantinos Karachalios, SecretaryChuck AdamsMasayuki AriyoshiTed BurseStephen DukesJianbin FanJ. Travis Griffi thGary HoffmanRonald W. Hotc
45、hkissMichael JanezikJoseph L. Koepfi nger*Hung LingKevin LuAnnette D. ReillyGary RobinsonMehmet UlemaYingli WenHoward WolfmanDon WrightYu YuanDaidi Zhong*Member Emeritus7Copyright 2016 IEEE. All rights reserved.IntroductionThis introduction is not part of IEEE Std 7-4.3.2, IEEE Standard Criteria for
46、 Programmable Digital Devices in Safety Systems of Nuclear Power Generating Stations.This standard evolved from IEEE Std 7-4.3.2-2010. It represents a continued effort by an IEEE working group to support the specifi cation, design, and implementation of digital programmable devices in safety systems
47、 of nuclear power generating stations.This standard specifi es additional digital system requirements to supplement the criteria and requirements of IEEE Std 603-2009.1 This standard should be used in conjunction with IEEE Std 603-2009 for completeness of the safety system design when a programmable
48、 digital device is to be used for a safety system function.This standard recognizes that development processes for programmable digital devices continue to evolve. As such, the information presented should not be viewed as the only possible solution. This is in keeping with the desire to use advance
49、s in digital technology, provided the criteria and requirements of IEEE Std 603-2009 and this standard are met. For example, while this standard does not address specifi cally artifi cial intelligence systems or fourth generation languages, their use is not precluded.Subclause 5.1 in IEEE Std 603-2009 defi nes the single-failure criterion. Guidance for the application of this criterion is provided in IEEE Std 379-2014 B15.2The approach stated in 5.5 of IEEE Std 379-2014 is also appropriate for potential common-cause failures associated with programmable digit
