1、ANSI/ANS-10.7-2013non-real-time, high-integrity software for thenuclear industrydeveloper requirementsANSI/ANS-10.7-2013ANSI/ANS-10.7-2013American National StandardNon-Real-Time, High-Integrity Software for theNuclear IndustryDeveloper RequirementsSecretariatAmerican Nuclear SocietyPrepared by theAm
2、erican Nuclear SocietyStandards CommitteeWorking Group ANS-10.7Published by theAmerican Nuclear Society555 North Kensington AvenueLa Grange Park, Illinois 60526 USAApproved March 18, 2013by theAmerican National Standards Institute, Inc.AmericanNationalStandardDesignation of this document as an Ameri
3、can National Standard attests thatthe principles of openness and due process have been followed in the approvalprocedure and that a consensus of those directly and materially affected bythe standard has been achieved.This standard was developed under the procedures of the Standards Commit-tee of the
4、 American Nuclear Society; these procedures are accredited by theAmerican National Standards Institute, Inc., as meeting the criteria forAmer-ican National Standards. The consensus committee that approved the stan-dard was balanced to ensure that competent, concerned, and varied interestshave had an
5、 opportunity to participate.An American National Standard is intended to aid industry, consumers, gov-ernmental agencies, and general interest groups. Its use is entirely voluntary.The existence of an American National Standard, in and of itself, does notpreclude anyone from manufacturing, marketing
6、, purchasing, or using prod-ucts, processes, or procedures not conforming to the standard.By publication of this standard, the American Nuclear Society does not insureanyone utilizing the standard against liability allegedly arising from or afterits use. The content of this standard reflects accepta
7、ble practice at the time ofits approval and publication. Changes, if any, occurring through developmentsin the state of the art, may be considered at the time that the standard issubjected to periodic review. It may be reaffirmed, revised, or withdrawn atany time in accordance with established proce
8、dures. Users of this standardare cautioned to determine the validity of copies in their possession and toestablish that they are of the latest issue.The American Nuclear Society accepts no responsibility for interpretations ofthis standard made by any individual or by any ad hoc group of individuals
9、.Responses to inquiries about requirements, recommendations, and0or permis-sive statements i.e., “shall,” “should,” and “may,” respectively! should be sentto the Standards Department at Society Headquarters. Action will be taken toprovide appropriate response in accordance with established procedure
10、s thatensure consensus.Comments on this standard are encouraged and should be sent to SocietyHeadquarters.Published byAmerican Nuclear Society555 North Kensington AvenueLa Grange Park, Illinois 60526 USAThis document is copyright protected.Copyright 2013 by American Nuclear Society. All rights reser
11、ved.Any part of this standard may be quoted. Credit lines should read “Extractedfrom American National Standard ANSI0ANS-10.7-2013 with permission ofthe publisher, the American Nuclear Society.” Reproduction prohibited undercopyright convention unless written permission is granted by the AmericanNuc
12、lear Society.Printed in the United States of AmericaInquiryRequestsThe American Nuclear Society ANS! Standards Committee will provide re-sponses to inquiries about requirements, recommendations, and0or permissivestatementsi.e., “shall,” “should,” and “may,” respectively!in American NationalStandards
13、 that are developed and approved by ANS. Responses to inquiries willbe provided according to the Policy Manual for the ANS Standards Committee.Nonrelevant inquiries or those concerning unrelated subjects will be returnedwith appropriate explanation. ANS does not develop case interpretations ofrequir
14、ements in a standard that are applicable to a specific design, operation,facility, or other unique situation only, and therefore is not intended for genericapplication.Responses to inquiries on standards are published in ANSs magazine, NuclearNews, and are available publicly on the ANS Web site or b
15、y contacting the ANSstandards administrator.InquiryFormatInquiry requests must include the following:1! the name, company name if applicable, mailing address, and telephonenumber of the inquirer;2! reference to the applicable standard edition, section, paragraph, figure,and0or table;3! the purposes
16、of the inquiry;4! the inquiry stated in a clear, concise manner;5! a proposed reply, if the inquirer is in a position to offer one.Inquiries should be addressed toAmerican Nuclear SocietyATTN: Standards Administrator555 N. Kensington AvenueLa Grange Park, IL 60526or standardsans.orgForewordThis Fore
17、word is not a part of American National Standard “Non-Real-Time, High-Integrity Software for the Nuclear IndustryDeveloper Requirements,” ANSI0ANS-10.7-2013.!The purpose of this standard is to provide quality assurance requirements fornon-real-time, high-integrity software developed for nuclear indu
18、stry applica-tions. The standard does not recommend a specific approach to software devel-opment but does recommend that quality assurance activities be carried out inparallel with software development. For a specific project, the project sponsorshould determine the level of the verification and val
19、idation effort to be applied.Compliance with this standard does not automatically guarantee compliancewith any other standard.This standard complements the followingANS-10 standards relating to computerprogram development:ANSI0ANS-10.2-2000 R2009!, “Portability of Scientific and EngineeringSoftware”
20、;ANSI0ANS-10.3-1995 W2005!, “Documentation of Computer Software”;ANSI0ANS-10.4-2008, “Verification and Validation of Non-Safety-Related Sci-entific and Engineering Computer Programs for the Nuclear Industry”;ANSI0ANS-10.5-2006 R2011!, “Accommodating User Needs in Scientific andEngineering Computer S
21、oftware Development.”This standard builds upon NUREG0CR-6263, “High-Integrity Software for Nu-clear Power Plants: Candidate Guidelines, Technical Basis and Research Needs,”which was prepared for the U.S. Nuclear Regulatory Commission to assist withdevelopment of a technical basis for regulatory posi
22、tions related to the use ofhigh-integrity software in nuclear power plants. NUREG0CR-6263 was the re-sult of a comprehensive review of the present state of software engineeringprocesses and design attributes. While the focus of that effort was on real-time,high-integrity software, this standard focu
23、ses on non-real-time, high-integritysoftware, such as for design and analysis. Therefore, the requirements of thisstandard were carefully adapted from the former and new requirements devel-oped and added for model development and validation, which are key aspects ofanalytical, non-real-time software
24、computer codes!. NUREG0CR 6263 and NUREG0CR-5930, NIST SP 500-204, “High-Integrity Software Standards and Guide-lines,” were developed for application to nuclear power plants, and therfore, thisstandard is primarily applicable to nuclear power plants and other nuclearfacilities and operations with s
25、imilar high consequences and hazards.In addition, an effort has been made to maintain consistency in terminology andconcepts with various software standards being developed under the sponsorshipof the Institute of Electrical and Electronics Engineers and to identify areas ofdisagreement.This standar
26、d might reference documents and other standards that have beensuperseded or withdrawn at the time the standard is applied. A statement hasbeen included in the references section that provides guidance on the use ofreferences.This standard does not incorporate the concepts of generating risk-informed
27、insights, performance-based requirements, or a graded approach to quality as-surance. The user is advised that one or more of these techniques could enhancethe application of this standard. For example, the software requirements of thisstandard, which have been developed for high-consequence applica
28、tions, could beappropriately tailored or graded for applications of lower consequence.iThis standard has been written by Working Group ANS-10.7 of the AmericanNuclear Societys Standards Committee. The membership of this group duringthe preparation of the final drafts consisted of the following:C. R.
29、 Martin Chair!, Defense Nuclear Facilities Safety BoardM. Baird, Radiation Safety Information Computational CenterF. Brown, Los Alamos National LaboratoryP. Ellison, GE-HitachiP. Hulse, Sellafield, Ltd.K. A. Morrell, Savannah River Nuclear SolutionsV. S. Penkrot, Westinghouse Electric CompanyB. T. R
30、earden, Oak Ridge National LaboratoryW. J. Rider, Sandia National LaboratoriesS. S. Seth, U.S. Department of EnergyJ. R. Shultz, U.S. Department of EnergyA. O. Smetana, Savannah River National LaboratoryJ. Yan, Westinghouse Electric CompanyContributions toward the preparation and review of earlier d
31、rafts of this stan-dard have also been received from the following:T. Austin, U.S. Department of EnergyB. Dooies, GE-HitachiJ. Fawks, GE-HitachiA. Haidari, ANSYSS. Hardgrave, Y-12 Site Office, National Nuclear Security AdministrationE. Harvego, Idaho National LaboratoryH. S. Hopkins, Lawrence Liverm
32、ore National LaboratoryT. Jordan, GE-HitachiB. Kirk, Oak Ridge National LaboratoryT. M. Lloyd, BNFL Fuel SolutionsJ. Manneschmidt, Oak Ridge National LaboratoryY. Orechwa, U.S. Nuclear Regulatory CommissionJ. Pardo, Savannah River Technology CenterD. Peercy, Sandia National LaboratoriesG. M. Pope, L
33、awrence Livermore National LaboratoryR. C. Singleterry, National Aeronautics and Space AdministrationC. S. Sparrow, Mississippi State UniversitySubcommittee ANS-10, Mathematics and Computation, had the following mem-bership at the time of its approval of this standard:A. O. Smetana Chair!, Savannah
34、River National LaboratoryM. Baird, Radiation Safety Information Computational CenterP. Ellison, GE-HitachiB. Frank, Westinghouse Electric CompanyC. R. Martin, Defense Nuclear Facilities Safety BoardK. A. Morrell, Savannah River Nuclear SolutionsY. Orechwa, U.S. Nuclear Regulatory CommissionE. Quinn,
35、 Longenecker and AssociatesR. C. Singleterry, National Aeronautics and Space AdministrationC. S. Sparrow, Mississippi State UniversityConsensus Committee N17, Research Reactors, Reactor Physics, Radiation Shield-ing, and Computational Methods, had the following membership at the time itreviewed and
36、approved this standard:T. M. Raby Chair!, National Institute of Standards and TechnologyA. O. Smetana Interim Chair!, Savannah River National LaboratoryA. Weitzberg Vice Chair!, IndividualS. L. Anderson, Westinghouse Electric CompanyW. H. Bell, American Institute of Chemical EngineersAlt. R. D. Zimm
37、erman, American Institute of Chemical Engineers!R. R. Brey, Health Physics SocietyR. E. Carter, IndividualD. M. Cokinos, Brookhaven National LaboratoryM. L. Corradini, National Council on Radiation Protection and MeasurementiiB. K. Grimes, IndividualM. A. Hutmaker, Jr., U.S. Department of EnergyA. C
38、. Kadak, Massachusetts Institute of TechnologyL. I. Kopp, IndividualP. M. Madden, U.S. Nuclear Regulatory CommissionAlt. A. Adams, Jr., U.S. Nuclear Regulatory Commission!J. F. Miller, Institute of Electrical and Electronics EngineersT. J. Myers, National Institute of Standards and TechnologyAlt. S.
39、 H. Weiss, National Institute of Standards and Technology!D. S. OKelly, National Institute of Standards and TechnologyJ. E. Olhoeft, IndividualR. E. Pevey, University of TennesseeKnoxvilleC. T. Rombough, CTR Technical Services, Inc.C. E. Sanders, University of Nevada, Las VegasC. T. R. Schmidt, Sand
40、ia National LaboratoriesR. Tsukimura, Aerotest OperationsA. R. Veca, General Atomics iii ivContentsSection Page1 Scope and objective . 11.1 Scope . 11.2 Objective 11.3 Application of this standard 21.4 Disclaimer 22 Acronyms and definitions . 22.1 Listofacronyms . 22.2 Definitions 23 Introduction an
41、d overview 44 Model . 54.1 Model development 54.2 Model verification . 64.3 Model validation tests and experiments . 64.4 Uncertainty analysis both experimental and computational! 74.5 Usermanual 75 Overview of SQA in the software development life cycle . 76 Software planning and management . 87 Sof
42、tware requirements specification . 88 Softwaredesign 98.1 Modular design 98.2 Interfaceintegrity . 98.3 Dataintegrity . 98.4 Flowcontrol . 108.5 Errorhandling 109 Softwarecoding 1010 SoftwareV analysis of postulatedaccidents and assignment of safety classifica-tion levels to systems, structures, and
43、 compo-nents at nuclear facilities; computational fluiddynamics CFD!; thermal hydraulics; struc-tural mechanics; complex Monte Carlo simula-tions; radiation dosimetry; and nuclear medicalapplications.An important area covered in this standard ismodel development and verification includingphysics val
44、idation!, which are critically impor-tant tasks for high-integrity analysis and sim-ulation software. The requirements in thisstandard for model development and verifica-tion take into consideration several standardsfor the development of computational modelsand methods, including ANSI0ASME V AIAA G
45、-077-1998 2002!3#; U.S.Nuclear Regulatory Commission NRC! Stan-dard Review Plan, NUREG-0800, Sec. 15.0.24#; and NRC Regulatory Guide 1.203 5#. Thisstandard provides the requirements necessaryto validate the model by specifying require-ments for model development and validation,except that it does no
46、t address the actual plan-ning, design, and conduct of validation tests0experiments.Cybersecurity is another important aspect ofhigh-integrity software and is explicitly ad-dressed in this standard. The requirements inthis standard for security requirements wereprincipally derived from NRC Regulator
47、y Guide1.152 6#.1.2 ObjectiveThe objective of this standard is to identifyrequirements for software development and ver-ification and validation V the word “should”is used to denote a recommendation; and theword “may” is used to denote permission, nei-ther a requirement nor a recommendation.2!The mo
48、del includes computer software and other information necessary for application of the calculationframework to the specific problem, such as the conceptual, mathematical, and numerical models used;geometrical representations; boundary and initial conditions; spatial and temporal approximations; assum
49、p-tions included in the software; a procedure for treating the software input and output information; specifica-tion of those portions of the analysis not included in the software; values of parameters; uncertainties; andother information necessary to specify the calculation procedure.American National Standard ANSI0ANS-10.7-20133software development tools: Compliers,translators, editors, code generation tools, au-tomated testing tools, etc.also including CASEcomputer-aided software engineering#tools thatassist with software design, requiremen
