Multi-Version FPGA-Based Nuclear Power Plant I&C Systems: Evolution of Safety Ensuring

1.1 Problem of decreasing common cause failure probability for nuclear power plant instrumentation and control systems To guarantee required level of dependability, safety and security of computer-based systems for critical (safety-critical, mission-critical and business-critical) applications it is used diversity approach. This approach implies development, choice and implementation of a few diverse design options of redundant channels for created system. Probability of common cause failure (CCF) of safety-critical systems may be essentially decreased due to selection and deployment of different diversity types on the assumption of maximal independence of redundant channels realizing software-hardware versions. This circumstance calls forth that a lot of international and national standards and guides contain the requirements to use diversity in safety-critical systems, first of all, in nuclear power plant (NPP) instrumentation and control systems (I&Cs) (reactor trip systems), aerospace on-board equipment (automatic/robot pilot, flight control systems), railway automatics (signalling and blocking systems), service oriented architecture (SOA)-based web-systems (e-science) etc. (Pullum, 2001; Wood et al., 2009; Gorbenko et al., 2009; Kharchenko et al., 2010; Sommerville, 2011). Application of the modern information and electronic technologies and component-based approaches to development in critical areas, on the one hand, improve reliability, availability, maintainability and safety characteristics of digital I&Cs. On the other hand, these technologies cause additional risks or so-called safety deficits. Microprocessor (software)-based systems are typical example in that sense. Advantages of this technology are well-known, however a program realization may increase CCF probability of complex software-based I&Cs. Software faults and design faults as a whole are the most probable reason of CCFs. These faults are replicated in redundant channels and cause a fatal failure of computer-based systems. It allows to conclude that, “fault-tolerant” system with identical channels may be “non-tolerant” or “not enough tolerant” to design faults. For example, software design faults caused more than 80% failures of computer-based rocket-space systems which were fatal in 1990 years (Kharchenko et al., 2003) and caused 13% emergencies of space systems and 22% emergencies of carrier rockets (Tarasyuk et al., 2011). The CCF risks may be essential for diversity-oriented or so-called multi-version systems (MVSs) (Kharchenko, 1999) as well if choice of version redundancy type and development