• Journal of KIISE:Software and Applications
• /
• v.30 no.5_6
• /
• pp.587-597
• /
• 2003

The C language is widely adopted for safety-critical systems. However, it is known that the C language is an unsuitable choice for safety-critical system since the C language includes several bad language features such as heavy use of pointers. The aim of this work is to define safe subset of the C language and translate the subset into the SPARK Ada so that we can verify the program's safety using SPARK analysis tools. SPARK is a safe subset of Ada and has been successfully applied to high integrity system development. The C program translated into SPARK has the same integrity level as SPARK, and the program correctness can be verified by using Examiner which is a SPARK analysis tool. An elevator controller case study is presented and is used to demonstrate the potential use of our approach to implement a realistic system. We also developed a translator that automatically translates C code into SPARK in accordance with the translation rules.

• Journal of Nuclear Fuel Cycle and Waste Technology(JNFCWT)
• /
• v.21 no.4
• /
• pp.465-479
• /
• 2023

To ensure the safety of disposal facilities for radioactive waste, it is essential to quantitatively evaluate the performance of the waste disposal facilities by using safety assessment models. This paper addresses the development of the safety assessment model for the underground silo of Wolseong Low-and Immediate-Level Waste (LILW) disposal facility in Korea. As the simulated result, the nuclides diffused from the waste were kept inside the silo without the leakage of those while the integrity of the concrete is maintained. After the degradation of concrete, radionuclides migrate in the same direction as the groundwater flow by mainly advection mechanism. The release of radionuclides has a positive linear relationship with a half-life in the range of medium half-life. Additionally, the solidified waste form delays and reduces the migration of radionuclides through the interaction between the nuclides and the solidified medium. Herein, the phenomenon of this delay was implemented with the mass transfer coefficient of the flux node at numerical modeling. The solidification effects, which are delaying and reducing the leakage of nuclides, were maintained the integrity of the nuclides. This effect was decreased by increasing the half-life and the mass transfer coefficient of radionuclides.

• Journal of the Korean Institute of Gas
• /
• v.24 no.4
• /
• pp.32-38
• /
• 2020

Based on the cases of fire and explosion accident in the chemical reactor, thr problems of preventive measures installed in the chemical reactor were analyzed. The chemical reactors produce a variety of chemicals and install rupture disk to relieve the pressure that rises sharply in the event of a runaway reaction. In order to maintain the function of the rupture disk, the emissions was allowed to be discharged into the atmosphere, resulting in fire and explosion accidents. As a way to improve this, safety instrumented system based on the safety integrity level(SIL3) was applied as a preventive measures for chemical reactor. Two emergency shur-off valves are installed in series on pipe dropping raw materials for chemical reactor so that the supply of raw materials can be cut off even if only one of the two emergency shut-off valves is operated during the runaway reaction. The automatic on/off valve is installed in parallel in the supply pipe of the reaction inhibitor so that the reaction inhibitor can be injected even if only one valve is opened at the time of the runaway reaction.

• The Transactions of The Korean Institute of Electrical Engineers
• /
• v.63 no.11
• /
• pp.1526-1532
• /
• 2014

The Electronic Interlocking unit in railway signalling system is safety-related facilities to determine route and speed for train running. In particular, the SSI(Solid State Interlocking) is Electronic Interlocking unit for high-speed railway, and it performs safety-critical function by MPM(Micro-Processor Module). Meanwhile, MPM is composed of the PES(Programmable Electronic System)-based system, and the PES-based system in railway safety-related facilities should be implemented by complying with the safety requirements defined in IEC 62425 and IEC 61508. In this paper, we performed modeling of failure rate and reliability for MPM implemented by fault tolerance methods and analyzed functional safety for MPM. Moreover, we determined SIL(Safety Integrity Level) for MPM according to the safety requirements defined in IEC 61508 based on an analyzed functional safety.

• Journal of the Korean Society for Railway
• /
• v.9 no.3 s.34
• /
• pp.264-270
• /
• 2006

In this paper we present a safety plan to be applied to the development of the TCS(Train Control System). The safety plan that can be applied to the life cycle of a system, from the conceptual design to the dismantlement, shows the whole process of the paper work in detail through the establishment of a goal, analysis and assessment, the verification. In this paper we study about the making a plan, the preliminary hazard analysis, the hazard identification and analysis to guarantee the safety of the TCS. The process far the verification of the system safety is divided into several steps based on the target system and the approaching method. The guarantee of the system safety and the improvement of the system reliability is fellowed by the recommendation of the international standards.

• The Transactions of the Korean Institute of Electrical Engineers P
• /
• v.63 no.4
• /
• pp.226-235
• /
• 2014

Nowadays, railroads are considered the most efficient form of mass transportation. Furthermore, it is necessary that railroads be paired with state-of-the-art safety equipment. Unfortunately, it is impossible to prevent 100% of accidents that may be caused by system or human errors. In order to prevent future accidents, RAMS activity and Functional Safety Certification are required for new systems that are under development. In this paper we evaluate the necessity of the application of RAMS and the performance of RAMS in the system development process. We also explore the Safety Evaluation Procedure required for RAMS certification.

• Journal of the Korea Institute of Military Science and Technology
• /
• v.15 no.5
• /
• pp.543-549
• /
• 2012

Hybrid electric propulsion systems are expected as future primary combat platforms because the systems can supply enough electric power, easily locate components inside vehicles, and maneuver without undesired noise. However, increasing electric/electronic/software usage causes abnormal failure patterns which have not been noticeable in conventional automotive. Recently, the functional safety standard for road vehicles were enacted and vehicle manufacturers request their components which satisfy standardized quality. This research analyzes functional safety standards(IEC 61508 and ISO 26262) and compares the standards for road vehicles with military standards of system safety. Strategies to apply functional safety in the combat hybrid electric vehicle are scrutinized.

• Proceedings of the Korean Society of Disaster Information Conference
• /
• 2023.11a
• /
• pp.221-221
• /
• 2023

1969년에 발간된 API521 1st edition에서는 Flare Load 저감용으로 적용되는 HIPS (High Integrity Protection System)는 모두 Pressure Safety Valve의 고장확률보다 낮은 SIL 3 (Safety Integrity Level)등급을 적용할 것을 요구하고 있다. Flare Stack 저감용 HIPS는 주로 압축기 출력압력상승, Reboiler Steam 과다주입, 전력공급중단냉각펌프고장 등에 의한 Flare 발생을 예방하기 위한 기능을 가진 SIF (Safety Instrumented Function)로 구성된다. 하지만 2007년도 발간된 API521 5th edition에서는 LOPA (Layer Of Protection Analysis) 분석을 통해 Target SIL을 도출하는 것으로 요구사항을 변경했다. 이에 따라 이번 연구에서는 Flare Load에 가장 큰 영향을 미치는 시나리오 중 대표적인 시나리오를 대상으로 HAZOP(Hazard and Operability Study)과 LOPA분석을 실시해서 Target SIL이 어떻게 도출되는지를 연구했다. Flare Stack에서 Flare를 발생시키는 대표적인 시나리오들에 대해 LOPA분석을 실시한 결과 압축기 출력압력상승은 SIL 2, Reboiler Steam 과다주입은 SIL 3, 전력공급중단은 SIL 0, 냉각펌프고장은 SIL 0로 모두가 SIL 3 가 나오지는 않았다. SIF 설계 시 Target SIL을 만족시키는 것도 중요하지만 운전 시 SIL 등급이 계속 유지되게 하지 위해 인적오류, 시스템적 고장, 하드웨어고장 등에 의해 SIF 기능불능화가 되는 것을 예방하기 위한 기능안전관리시스템 (FSMS)를 적용하는 것도 중요하다.

• KIPS Transactions on Software and Data Engineering
• /
• v.6 no.4
• /
• pp.167-176
• /
• 2017

There are increasing policies and safeguards to prevent various human resource losses with the development of automotive industry. Currently ISO26262 $1^{st}$ edition has been released in 2011 to ensure functional safety of electrical and electronic systems and the $2^{nd}$ edition will be released in the second half of 2016 as part of a trend. The E/E (Electrical & Electronics) system requirements verification is required through walk-through, 인스펙션, semi-formal verification and formal verification in ISO 26262. This paper describe the efficiency of model checking for the E/E system requirements verification by applying the product development project of ASIL (Automotive Safety Integrity Level) D for the electrical parking brake system.

• Nuclear Engineering and Technology
• /
• v.46 no.3
• /
• pp.373-380
• /
• 2014

Safety-related parameters are very important for confirming the status of a nuclear power plant. In particular, the reactor vessel water level has a direct impact on the safety fortress by confirming reactor core cooling. In this study, the reactor vessel water level under the condition of a severe accident, where the water level could not be measured, was predicted using a fuzzy neural network (FNN). The prediction model was developed using training data, and validated using independent test data. The data was generated from simulations of the optimized power reactor 1000 (OPR1000) using MAAP4 code. The informative data for training the FNN model was selected using the subtractive clustering method. The prediction performance of the reactor vessel water level was quite satisfactory, but a few large errors were occasionally observed. To check the effect of instrument errors, the prediction model was verified using data containing artificially added errors. The developed FNN model was sufficiently accurate to be used to predict the reactor vessel water level in severe accident situations where the integrity of the reactor vessel water level sensor is compromised. Furthermore, if the developed FNN model can be optimized using a variety of data, it should be possible to predict the reactor vessel water level precisely.