Darlington Shutdown System Software Verification and Testing

Senior Candesco staff have been involved in the Formal Software Verification and Testing activities associated with the Darlington Shutdown Systems (SDS). Formal methods in software engineering were refined at Ontario Hydro and AECL through the Software Engineering Centre of Excellence (CofE). Candesco was involved in the development of the CofE Standards for Safety Critical Software, and applied them in the Darlington SDS Redesign Project. Candesco staff participated in the project, leading the verifier team, which applied the CofE processes and procedures in the restructuring and redesign of the SDS Software, thus successfully completing a significant regulatory commitment.

The verifier team role was to perform detailed review and verification of the forward going design documentation, ensuring consistency between each of the stages of software development from requirements definition to coding. The verifier team was also responsible for performing deterministic testing against the software requirements and the software design documents.

Subsequently, Candesco staff again led the verifier team in a major followup project, where a new trip parameter was added, and the Primary Heat Transport Low Flow trip parameter was significantly modified, to address trip parameter coverage issues. The changes to the software were key to the up-rating of the Darlington station units from 98% Full Power up to 100% Full Power, and also to the overall safety and operational improvement, with the assurance of dual trip parameter coverage for single pump trips.