Status of the SAS4A/SASSYS-1 Safety Analysis Code

ANL-ART-97

Status of the SAS4A/SASSYS-1 Safety Analysis Code Nuclear Engineering Division

About Argonne National Laboratory Argonne is a U.S. Department of Energy laboratory managed by UChicago Argonne, LLC under contract DE-AC02-06CH11357. The Laboratory’s main facility is outside Chicago, at 9700 South Cass Avenue, Argonne, Illinois 60439. For information about Argonne and its pioneering science and technology programs, see www.anl.gov. DOCUMENT AVAILABILITY Online Access: U.S. Department of Energy (DOE) reports produced after 1991 and a growing number of pre-1991 documents are available free via DOE’s SciTech Connect (http://www.osti.gov/scitech/) Reports not in digital format may be purchased by the public from the National Technical Information Service (NTIS): U.S. Department of Commerce National Technical Information Service 5301 Shawnee Rd Alexandria, VA 22312 www.ntis.gov Phone: (800) 553-NTIS (6847) or (703) 605-6000 Fax: (703) 605-6900 Email: [email protected] Reports not in digital format are available to DOE and DOE contractors from the Office of Scientific and Technical Information (OSTI): U.S. Department of Energy Office of Scientific and Technical Information P.O. Box 62 Oak Ridge, TN 37831-0062 www.osti.gov Phone: (865) 576-8401 Fax: (865) 576-5728 Email: [email protected] Disclaimer This report was prepared as an account of work sponsored by an agency of the United States Government. Neither the United States Government nor any agency thereof, nor UChicago Argonne, LLC, nor any of their employees or officers, makes any warranty, express or implied, or assumes any legal liability or responsibility for the accuracy, completeness, or usefulness of any information, apparatus, product, or process disclosed, or represents that its use would not infringe privately owned rights. Reference herein to any specific commercial product, process, or service by trade name, trademark, manufacturer, or otherwise, does not necessarily constitute or imply its endorsement, recommendation, or favoring by the United States Government or any agency thereof. The views and opinions of document authors expressed herein do not necessarily state or reflect those of the United States Government or any agency thereof, Argonne National Laboratory, or UChicago Argonne, LLC.

ANL-ART-97

Status of the SAS4A/SASSYS-1 Safety Analysis Code prepared by T. H. Fanning and A. J. Brunett Nuclear Engineering Division Argonne National Laboratory June 30, 2017

Status of the SAS4A/SASSYS-1 Safety Analysis Code June 30, 2017

i ANL-ART-97

ABSTRACT

SAS4A/SASSYS-1isasimulationtoolusedtoperformdeterministicanalysisofanticipatedeventsaswellasdesignbasisandbeyonddesignbasisaccidentsforadvancedreactors.ThisreportsummarizesthecurrentstatusofSAS4A/SASSYS-1,includingtheimplementationofsoftwarequalityassuranceproceduresforconfigurationmanagement,newlicenses,currentusers,andagapassessmentofthetestsuite.Theexistingcopyrighthasbeenextendedforanadditionalfiveyears,whichwasessentialsothatArgonnecancontinuedeveloping,distributing,andsupportingthesoftwareforbothdomesticuseandinternationalcollaborations.SAS4A/SASSYS-1Version5.2wascompletedinMarch2017andreleasedtousersinMay.

TheimportanceofSAS4A/SASSYS-1maintenancereflectsitsrelevancetoanumberofU.S.DepartmentofEnergyprogramsaswellasdomesticandinternationalcollaborations.ExternalcollaborationshavealsoproducedimprovementsintheSAS4A/SASSYS-1code,andthesearenotedinthisreport.SAS4A/SASSYS-1hasagrowinguserbasethatcontinuestostrengthenthepromotionofadvancednon-LWRreactorconcepts.AdditionaluserswillhelpsolidifyDOE’sleadershiproleinfastreactorsafetybothdomesticallyandininternationalcollaborations.


ANL-ART-97 ii


iii ANL-ART-97

TABLE OF CONTENTS

Abstract........................................................................................................................................................................iTableofContents...................................................................................................................................................iiiListofFigures..........................................................................................................................................................ivListofTables............................................................................................................................................................iv1 Introduction.......................................................................................................................................................12 CurrentStatus...................................................................................................................................................3

2.1 ReleaseofVersion5.2........................................................................................................................32.2 NewLicenseAgreements.................................................................................................................3

3 SoftwareLicensing.........................................................................................................................................43.1 CurrentUsers.........................................................................................................................................43.2 ExtensionofCopyright......................................................................................................................43.3 RevisionofLicensingTerms...........................................................................................................4

4 SoftwareQualityAssurance.......................................................................................................................64.1 ConfigurationManagement............................................................................................................64.2 ImplementationofProcedures.....................................................................................................84.3 AutomatedTesting..............................................................................................................................9

5 TestSuiteGapAssessment.........................................................................................................................95.1 Implementation....................................................................................................................................95.2 TestSuiteDescription....................................................................................................................105.3 GapAssessment.................................................................................................................................10

6 RelatedWork..................................................................................................................................................127 Summary..........................................................................................................................................................128 References.......................................................................................................................................................13


ANL-ART-97 iv

LIST OF FIGURES

Figure1:TicketWorkflowintheTracEnvironmentforSAS4A/SASSYS-1.......7

LIST OF TABLES

Table1:SASLicenseAgreementsEstablishedduringFY2017................................3Table2:LicensedUsersforSAS4A/SASSYS-1andMiniSAS.....................................5Table5.1:TestSuiteCoverageSummary.........................................................................11Table5.2:FractionalFunctionandBlockCoverageperModule..........................11


1 ANL-ART-97

1 Introduction SAS4A/SASSYS-1isasimulationtoolusedtoperformdeterministicanalysisofanticipatedeventsaswellasdesignbasisandbeyonddesignbasisaccidentsforadvancedliquid-metal-coolednuclearreactors.[1]WithitsoriginasSAS1Ainthelate1960s,theSASseriesofcodeshasbeenundercontinuoususeanddevelopmentfornearlyfiftyyearsandrepresentsacriticalinvestmentinsafetyanalysiscapabilitiesfortheU.S.DepartmentofEnergy.[2,3]Version5.2ofSAS4A/SASSYS-1wascompletedinMarch2017.

ContinuedmaintenanceandimprovementoftheSAS4A/SASSYS-1codesystemismotivatedbytherelevanceofitssimulationcapabilitytoanumberofU.S.DepartmentofEnergyprogramsaswellasdomesticandinternationalcollaborations.ActiveprogramsandcollaborationsthatcurrentlyuseSAS4A/SASSYS-1includethefollowing:

• FFTFBenchmark:TheU.S.DOEispreparingbenchmarkspecificationsforthePassiveSafetyTests(PST)carriedoutattheFastFluxTestFacilitybetween1984and1986.Themostprominenttestswerethelossofflowwithoutscram(LOFWOS).IncollaborationwithPNNL,ArgonneisassessingthebenchmarkspecificationsandpreparingSAS4A/SASSYS-1modelsforverificationandvalidationpurposes.

• EBR-IIIAEABenchmark:TheU.S.DOEsupportedahigh-profileCoordinatedResearchProjectwiththeInternationalAtomicEnergyAgencybasedontheShutdownHeatRemovalTestsconductedatEBR-II.Bothprotected(SHRT-17)andunprotected(SHRT-45R)loss-of-flowtestswerepartofthebenchmarkactivity.

• TheU.S.DOEisidentifyingandaddressinggapsforthelicensingofSFRs.OnesuchgapistheregulatoryacceptabilityofSFRanalysistools.InitialeffortsareunderwaytoestablishmorerigoroussoftwarequalityassuranceforSAS4A/SASSYS-1.

• TheU.S.NuclearRegulatoryCommissionhaslicensedSAS4A/SASSYS-1toevaluateitsuseforadvancednon-LWRlicenseapplications,particularlyforliquidmetalcooledreactors.

• TerraPower,LLChaslicensedtheSAS4A/SASSYS-1sourcecodetoperformsafetyanalysisstudiesfortheirTWRconcept.TerraPoweralsofundscodedevelopmentactivitiesthatimprovethemodelingcapabilitiesofSAS4A/SASSYS-1.

• GE-HitachiNuclearEnergyhaslicensedMiniSAStosupportpre-applicationlicenseevaluationsoftheAdvancedReactorConceptsARC-100designandinteractionswiththeCanadianNuclearSafetyCommission.

• WestinghouseElectricCompanyhaslicensedMiniSAStosupportsafetyanalysisfortheirlead-cooledfastreactorconceptualdesignandhasinitiatedtheprocessforacquiringafulllicenseforSAS4A/SASSYS-1.

• Oklo,Inc.isinvestigatingavailabletoolsforfastreactoranalysisandhasacquiredalicenseforMiniSAStoevaluateitsapplicabilitytotheirdesign.

• TheUniversityofCaliforniaatBerkeleyisusingMiniSAStoevaluatesafetybenefitsthatmightbeachievedwithautonomousreactivitycontroldevices.

• KansasStateUniversityandtheUniversityofWisconsinarepreparingexperimentsthatcanimprovethemodelingofthermalstratificationinsodium-cooledfastreactors,whiletheirpartners,theUniversityofIllinoisandVirginiaCommonwealth


ANL-ART-97 2

University,respectively,willdevelopimprovedmodelsthatcouldbeincorporatedintoSAS4A/SASSYS-1.

• CEABilateralCollaboration:AnimplementationagreementhasbeenestablishedbetweentheU.S.DOEandtheCommissariatàl'énergieatomiqueetauxénergiesalternativesofFranceforcooperationinlowcarbonenergytechnologies.OnepurposeoftheagreementistoevaluatethesafetyperformanceoftheASTRIDreactordesign.DOEparticipatesinthiscollaborationusingtheSAS4A/SASSYS-1safetyanalysiscode.

• JAEABilateralCollaboration:TheCivilNuclearEnergyResearchandDevelopmentWorkingGroup(CNWG)wasestablishedbytheU.S.-JapanBilateralCommissiononCivilNuclearCooperationin2012toenhancecoordinationofjointcivilnuclearresearchanddevelopmentefforts.TheJapanAtomicEnergyAgencyandArgonnearecollaboratingundertheCNWGtoimprovetheoxidefuelsevereaccidentmodelingcapabilitiesinSAS4A/SASSYS-1.

• NRA:TheNuclearRegulationAuthorityofJapanhasacquiredalicenseforSAS4A/SASSYS-1.TheNRAplanstouseSAS4A/SASSYS-1tosupporttheSFRlicensingevaluationsinJapan.

• KAERIPG-SFR:TheKoreanAtomicEnergyResearchInstituteacquiredalicenseforSAS4A/SASSYS-1toperformsafetyanalysisandmodeldevelopmentforthe“PrototypeGeneration-IVSodiumFastReactor”.KAERIissupportingmetallicfuelsevereaccidentmodeldevelopmentsthatwillbeincorporatedintoafutureversionofSAS4A/SASSYS-1.

• KINS:TheKoreaInstituteofNuclearSafetyisanindependentregulatoryexpertorganizationthatsupportstheNuclearSafetyandSecurityCommission(NSSC)inKorea.KINSacquiredalicenseforSAS4A/SASSYS-1tosupporttheregulatoryobligationsoverthePG-SFRproject.

• CIAEBilateralCollaboration:TheDOE-NEOfficeofInternationalNuclearEnergyPolicyandCooperationhasestablishedtheU.S.–ChinaBilateralCivilNuclearEnergyCooperativeActionPlan(BCNECAP)withtheChinaInstituteofAtomicEnergy.JointactivitiesundertheactionplanincludemodeldevelopmentandsafetyanalysesoftheChinaExperimentalFastReactorusingSAS4A/SASSYS-1.

• TheRoyalInstituteofTechnology(KTH:KungligaTekniskaHögskolan)inStockholmSwedenhasalicenseforSAS4A/SASSYS-1toperformnaturalcirculationdesignperformancestudiesoftheirELECTRAlead-cooledfastreactorconcept.

• TheCenterofTechnologyandEngineeringforNuclearProjects(CITON)inRomaniahasalicenseforMiniSAStoperformanalysisfortheFalconconsortiumtosupporttheALFRED(LFR)demonstratorproject.

ThisreportprovidesanoverviewofthecurrentstatusofSAS4A/SASSYS-1,licensingactivitiestomakeitmoreaccessibletousers,implementationofnewsoftwarequalityassuranceprocedures,andresultsofcodecoveragetesting.Informationontechnicalupdatestothecodewillbesummarizedinafuturemilestonereport.ThisreportsatisfiesthedeliverablefortheLevel3milestoneM3AT-17AN1702031,“SAS4A/SASSYS-1CodeMaintenance”.


3 ANL-ART-97

2 Current Status

2.1 Release of Version 5.2

Version5.2ofSAS4A/SASSYS-1wascompletedinMarch2017andannouncedtousersinmid-Mayfollowingasoftwarequalityassurancereviewandclearanceoftheupdatedmanual.[1]Fifteenorganizationshaverequestedandobtainedlicensekeysforthenewversion.The5.2releaseintroducesanextensiontotheControlSystemmodulethatprovidesaccesstoanextensivesetofcoreandcorechannelstatevariablessuchasfuel,cladding,coolant,andstructuretemperatures;coolantflowratesandpressures;andseveralotherparameters.[4]DevelopmentofthismodelingupdatewasfundedbyTerraPower,LLC.Thereleaseof5.2alsointroducesanumberofinternalcodechangesandbugfixes.Internally,nearlyallobsoletecodeconstructshavebeenremovedtobringthecodeintocompliancewithFortran2003standards.Thiseffortincludedtherewriteof4141loopsandtheeliminationof254obsoletecomputedGOTOandarithmeticIFstatements.Inaddition,compileroptionsforWindowsbuildshavebeensignificantlyrevisedtoproduceidenticalresultswhencomparedwithmacOSandLinuxbuilds.

2.2 New License Agreements

DuringFY2017,sixnewlicenseagreementswereestablishedforMiniSASandSAS4A/SASSYS-1.ThesearesummarizedinTable1.Basedonnewaswellasexistinglicensingagreements,atrendhasbeenobservedthatrevealsthattheexistinglicensingstructurecreatesunintendedbarriersfordomesticuse.ThistopiciscoveredinmoredetailinSection3.3,andanewlicensingarrangementisbeingestablishedtoeliminatethesebarriers.

Table1:SASLicenseAgreementsEstablishedduringFY2017.

Organization Code Purpose

JapanAtomicEnergyAgency SAS4A/SASSYS-1 CNWGBilateralU.S.NuclearRegulatoryCommission SAS4A/SASSYS-1 GovernmentUseGE-HitachiNuclearEnergy MiniSAS ARC-100SupportWestinghouseElectricCompany MiniSAS LFRConceptUlsanNationalInstituteofScienceandTechnology(UNIST)

SAS4A/SASSYS-1 AcademicUse/PG-SFR

CITON—CenterofTechnologyandEngineeringforNuclearProjects

MiniSAS EUALFREDProject


ANL-ART-97 4

3 Software Licensing

3.1 Current Users

Globally,therearetwenty-fourlicensedusersforSAS4A/SASSYS-1orMiniSAS(seeTable2onthenextpage).Thelimitedversion,MiniSAS,ispopularbecauseitisofferedatnocost.However,itdoesnotincludethesevereaccidentmodelingcapabilitiesfoundinthefullversionanditsfidelityislimitedtoonlyfivecorechannels.Thisisoftenadequateformanystudies.Infact,MiniSASiscurrentlybeingusedinthreeNEUPprojects.

3.2 Extension of Copyright

ArgonneNationalLaboratoryassertedcopyrightoverSAS4A/SASSYS-1inMay2012.In2015,thecopyrightwasextendedtoincludeMiniSAS.TheDepartmentofEnergyoriginallyauthorizedcopyrightassertionforaperiodoffiveyears.InMay2017,ArgonnereceivedapprovalfromDOEtoextendthecopyrightforanadditionalfiveyears,throughMay2022.ThisextensionwasessentialsothatArgonnecancontinuedeveloping,distributing,andsupportingSAS4A/SASSYS-1forbothdomesticuseandinternationalcollaborations.

3.3 Revision of Licensing Terms

Anevaluationofexistinglicenseagreementsshowsthatatrendhasdeveloped.Ingeneral,licenseescanbegroupedintooneoffourcategories,althoughexceptionsdoexist.

Category Code(typical)DomesticVendors MiniSASDomesticAcademicInstitutions MiniSASInternationalBilateralCollaborations SAS4A/SASSYS-1(withsource)InternationalAcademicInstitutions SAS4A/SASSYS-1(executable)

TheoriginallicensingstructureforSAS4A/SASSYS-1wascreatedtoprovideapreferencefordomesticindustry.Instead,specialbilateralagreementsthatsupersedethelicensestructurehaveledtofullsourcecodeaccessforinternationalorganizationssuchastheJapanAtomicEnergyAgencyandtheKoreaAtomicEnergyResearchInstitute.WhiletheseagreementsareextremelyvaluabletosupportU.S.DOEcollaborationsinfastreactorsafety,theyputdomesticvendorsatadisadvantage.Bothestablishedcompaniesandnewstart-upventuresfacesignificantchallengesintheadvancedreactormarketplace.Afterextensivediscussionswithdomesticvendors,anew“limitedcommercial”licensecategoryisbeingestablishedthatwillprovidefullsource-codeaccessatnegligiblecostfordomesticusers.Thelicensecanbeusedduringtheentirephaseofpre-applicationresearchanddevelopment,includingdesigncertificationreviews.Thefree(MiniSAS)andacademic(SAS4A/SASSYS-1)licenseswillcontinuetobeoffered,butdonotincludesourcecodeaccess.IfadesignadvancestoaformalapplicationwiththeNRC,thenthetraditionalcommerciallicensewillapply.


5 ANL-ART-97

Table2:LicensedUsersforSAS4A/SASSYS-1andMiniSAS.1

Organization Code Version Purpose

PacificNorthwestNationalLaboratory

SAS4A/SASSYS-1 5.2 FFTFBenchmark

ChinaInstituteofAtomicEnergy SAS4A/SASSYS-1 5.2 BCNECAP/CEFRJapanAtomicEnergyAgency SAS4A/SASSYS-1 5.2 CNWGBilateralKoreaAtomicEnergyResearchInstitute

SAS4A/SASSYS-1 5.2 PG-SFR

KansasStateUniversity MiniSAS 5.1 NEUPProjectMassachusettsInstituteofTechnology

MiniSAS 5.1 NEUPProject

NorthCarolinaStateUniversity MiniSAS 5.2 UncertaintyQuantification

PurdueUniversity MiniSAS 5.2 AcademicUseTexasA&MUniversity MiniSAS 5.1 AcademicUseUniversityofCalifornia,Berkeley MiniSAS 5.1 NEUPProjectUniversityofIllinois MiniSAS 5.2 NEUPProjectUniversityofMichigan MiniSAS 5.1 AcademicUseVirginiaCommonwealthUniversity MiniSAS 5.2 NEUPProjectRoyalInstituteofTechnology SAS4A/SASSYS-1 5.2 LFRConceptsUlsanNationalInstituteofScienceandTechnology(UNIST)

SAS4A/SASSYS-1(prev.MiniSAS)

5.2 AcademicUse/PG-SFR

QvistAtomenergiAB MiniSAS 5.1 NEUPProjectGE-HitachiNuclearEnergy MiniSAS 5.2 ARC-100SupportOklo,Inc. MiniSAS 5.1 GAINVoucherTerraPower,LLC SAS4A/SASSYS-1 5.2 TWRConceptWestinghouseElectricCompany MiniSAS 5.2 LFRConceptCITON—CenterofTechnologyandEngineeringforNuclearProjects

MiniSAS 5.2 EUALFREDProject

KoreaInstituteofNuclearSafety SAS4A/SASSYS-1 5.1 LicensingReviewNuclearRegulatoryAuthority(Japan)

SAS4A/SASSYS-1 5.1 LicensingReview

U.S.NuclearRegulatoryCommission SAS4A/SASSYS-1 5.2 GovernmentUse

1ShadedcellsindicatenewlicensesandupgradesinFY2017.


ANL-ART-97 6

4 Software Quality Assurance Afundamentalgoalofsoftwarequalityassurance(SQA)istohelpensurethedevelopmentofhigh-qualitysoftware.Forverysmallprojects,requirementsspecifications,codedesign,implementation,testing,andreleasemayallbecarriedoutbyasingleperson.MoreformalSQAprogramsareoftenbasedonapprovedstandardsfromrecognizedorganizationssuchastheAmericanSocietyofMechanicalEngineers(ASME)[5,6]andtheInstituteofElectricalandElectronicsEngineers(IEEE).Formalprogramsfocusondocumentingthesoftwaredevelopmentactivitiesaccordingtoapprovedprocedurestoensuretraceabilityandaccountability.ThedevelopmentofanSQAProgramforSAS4A/SASSYS-1willbethesubjectofafuturemilestone.PreliminaryworkisdocumentedinReference7.SAS4A/SASSYS-1hasbeenundersomeformofsoftwarequalityassuranceoveritsentirelifetime.Duringmuchofitsdevelopment(1970-1990)alargeteamofengineerswasinvolvedincodeimprovements.Full-timestaffmembersweretaskedwithcodemanagement,recordkeeping,codeintegration,andverificationtesting.Withtheeliminationofadvancedreactorfundingin1994,thedevelopmentteameventuallycollapsedtoonlyoneortwopeople.Aroundthesametime,computinghardwareunderwentsignificanttransformations.Mainframeswerereplacedwithworkstations,andeventuallypersonalcomputers.Earliercodeversionsandmanyelectronicrecordsdidnotsurvivethetransition.Despitethisupheaval,SAS4A/SASSYS-1Version2.0anditsuccessorssurvivedalongwithahandfulofvalidationtestcases.However,priorrecordsofSASdevelopment(SAS1A[8],SAS2A[9],SAS3A[10],SAS3D,andSAS4A[11,12])areunavailableotherthanthroughpublishedreportsandrelatedcitations.Althoughawealthofinformationexists(e.g.experimentaldataandvalidationreports),itisnotinaneasilytraceableform.AlthoughthedevelopmentoftheSAS4A/SASSYS-1SQAProgramisthesubjectofadifferentworkscope,theimplementationisthedirectresponsibilityofthecodemaintainers.Inthefollowingsubsections,initialimplementationeffortsaredescribedfromtheviewpointsofsourcecodeconfigurationmanagement,implementingprocedures,andautomatedtesting.

4.1 Configuration Management

Sourcecoderepositoriesareessentialelementsofasoftwareconfigurationmanagement(SCM)system.MigrationoftheSAS4A/SASSYS-1sourcecodeintoaSCMrepositorybegannineyearsagowiththefirstcommitofSAS4A/SASSYS-1Version2.0,whichwasoriginallydevelopedapproximatelythirtyyearsago.Overthenextfewyears,thehistoryofSAS4A/SASSYS-1throughversions2.1,3.0,3.1,and3.1.2wasreconstructedintheSubversionrepository.Inparalleltotheseefforts,significantupdateswereincorporatedintothecodethatculminatedwiththereleaseofVersion5.0inlate2012.[13]Withthistransition,changestothesourcecodearenowtrackedinconsiderabledetailincludingtimestamp,author,rationale,affectedfiles,andlineschanged.Inaddition,onlyauthorizeduserscanmodifytherepositoryandonlythecodemanagercancreateofficialreleasesknownastags.


7 ANL-ART-97

Figure1:TicketWorkflowintheTracEnvironmentforSAS4A/SASSYS-1.

AlongwiththeSubversionrepository,aTracenvironmentisusedtomaintainrecordsoncodereleases,codeordocumentationissues,andbuildconfigurations.Untilrecently,theTracenvironmentwasnotextensivelyusedotherthantobrowsecoderevisionhistories.WiththegradualintroductionofSQApractices,Tracismoreheavilyusedforitspowerfulticketsystem.Forexample,ticketsareusedtomaintainQArecordsfornewcodedevelopmentsandissuereporting.Throughtheserecords,traceabilityissubstantiallyimproved.Traccanbeconfiguredtorouteticketsthroughasetofstagesknownasaworkflow.InconjunctionwiththedevelopmentoftheSQAPlanandrelatedprocedures,aTracworkflowwasdevelopedandisshowninFigure1.FourkeyreviewstagesareintroducedthatarenotpartofthedefaultworkflowinTracbutthatarecriticalforsoftwaredevelopment:

reassign reassign

accept

reassign

closenew orreopened

reopen closed

ReviewRequirements

ReviewDesign

PerformQA Review

ReviewImplementation

reassign

closeaccepted

accept

closeassigned

RequirementsReview

DesignReview

TechnicalReview

Reject

QAReview

close

accept

Approved

close

accept

Rejected

Reassign Reassign Reassign Reassign

Approve

accept


ANL-ART-97 8

• RequirementsReviewensuresthataSoftwareRequirementsSpecification(SRS)iswrittenthatclearlyidentifiesthepurposeandrequirementsoftheproposedsoftwaredevelopmentactivity.

• DesignReviewensuresthataSoftwareDesignDescription(SDD)iswrittenthatisconsistentwiththeSRSandthatcontainssufficientdetailtodefinetheproposedimplementation.

• TechnicalReviewensuresthattheactualsoftwareanddocumentationimplementationsareconsistentwiththeSDDandthattestingverifiesthattherequirementsdefinedintheSRSaresatisfied.

• QAReviewensurestraceabilitybyconfirmingthatallrelevantSQAPlanrequirementsandprocedureswerefollowedduringthedevelopmentactivity.

TheTracworkflowdoesnotenforceanyparticularsequenceamongthenewstages.Thisisintentionalsothatareviewercanrejectaticketandsetittoadifferentstage,ifnecessary.ItisimportanttomaintainflexibilityinordertominimizetheburdenofSQAproceduresandencouragetheiradoption.

4.2 Implementation of Procedures

Asdescribedabove,theTracworkflowprovidesreviewstagesforthedifferenttypesofticketsthatmaybesubmittedintothesystem.TheparticularpaththroughtheworkflowisdocumentedinformalproceduresthatarepartoftheSQAimplementation.Overtime,theformalprocedureswillevolvetomeetevolvingSQAgoals.Asofthiswriting,fourprocedureshavebeendraftedandarebeingadoptedaspartofSAS4A/SASSYS-1maintenance.Theseincludethefollowing:

• SoftwareDevelopmentandModificationestablishestheprocessfordevelopingandimplementingnewfunctionalcapabilitiesormodifyingorremovingexistingfunctionalcapabilitieswithintheSAS4A/SASSYS-1safetyanalysissoftware.

• ProblemReportingandCorrectiveActionestablishestheprocessforreportingproblemsassociatedwiththeSAS4A/SASSYS-1safetyanalysissoftware(includingdocumentation)andfortakingcorrectiveactionstoresolvethoseerrors.

• SoftwareTestingestablishestheprocessforevaluatingwhethertheSAS4A/SASSYS-1softwareadequatelyperformsallintendedfunctions,properlyhandlesabnormalconditionsandcrediblefailures,doesnotperformadverseunintendedfunctions,anddoesnotdegradethehostsystem.

• VersionReleaseestablishestheprocessfortheformalreleaseofanewversionoftheSAS4A/SASSYS-1safetyanalysissoftwaretoauthorizedusers.

Oftheaboveprocedures,onlythefirst,SoftwareDevelopmentandModification,requiresthatallfourreviewstagesintheworkflowbeapproved.TheProblemReportingandCorrectiveActionprocedureisinvokedwhenanissueisidentifiedthatconflictswithexpectedcodebehaviordefinedinexistingSRSorSDDdocumentation.Therefore,onlytheTechnicalReviewandQAReviewstagesneedtobeapprovedwhentheissueisresolved.


9 ANL-ART-97

PreviousSAS4A/SASSYS-1maintenanceeffortsoftenmetthespiritoftheaboveprocedures,butnottherigorandformalityrequiredforamorerobustSQAprogram.Inthepast,bigfixeswereusuallyonlynotedincommitmessagesandnoticketwouldbecreated.Furthermore,anindependentreviewofthecorrectionwasnotconducted,andtestingwouldbedonewithlimitedornodocumentation.Whiletheendresultmaybethesame,thelackofformalityimpairstraceability,whichisacriticalelementofSQA.

4.3 Automated Testing

Currentregressiontestingisextremelystrict:successivecodeupdatesareexpectedtoproducebit-identicalresultsacrossallsupportedplatforms.WithrevitalizationofSAS4A/SASSYS-1maintenance,alargertestsuiteisemergingtosupportvalidationandregressiontesting.Section5summarizeshowwellthecurrenttestsuitecoverstheextensivecodebaseofSAS4A/SASSYS-1.Althoughregressiontestingisstilldonebyhand,atooltoautomatemuchoftherepetitiveworkisbeingdevelopedsothattestscanberunnightlyonanautomatedtestingserver.Currently,theautomatedtestingcodeisalsobeingmodifiedtosupportinteractivetesting,whichiscrucialfortechnicalreviewsofcodechangesunderSQAprocedures.

5 Test Suite Gap Assessment InanefforttoquantifytheneedforimprovedcoverageoftheSAS4A/SASSYS-1testsuite,agapanalysishasbeenperformedthatidentifiesandprioritizestheneedforadditionaltestproblems.Testsuitecoverageisanimportantcomponentofacceptanceandregressiontesting,andanextensivetestsuitewillhelpensurecontinuedcodeintegrity.WhilecontinuoustestsuiteimprovementsareexpectedthroughoutthelifetimeoftheSAS4A/SASSYS-1project,gapsrelevanttoregularly-exercisedmodelsneedtobeaddressedinthenearterm.Toaccomplishthistask,Intel’scodecoveragetoolwasutilizedtoassessthefileandlinecoverageofthecurrenttestsuite.ThetoolisanintegratedcomponentoftheIntelFortranComposerXEcompilerthatgeneratesweb-ortext-basedreportsofdynamicprofilestatisticsduringtheuseofanapplication.Partial,no,orfullsourcecoverageisreportedforbasicblocks,functions,andfiles.Thisinformationcanbeviewedbythedevelopersuchthatline-by-linecoveragecanbeassessedindetail.

5.1 Implementation

Generationofthecodecoveragereportentailedthefollowingsteps:1. Compiletheinstrumentedexecutable.Standardsourceisutilized,butthemakeprocess

isalteredbyspecifyingadditionalcompileroptions,includingenablingsourceprofilegeneration(viathe–prof-genoption)anddisablingoptimizationtoensurenosourceisomittedfromtheapplication.

2. Utilizetheinstrumentedexecutableforaspecifiedworkload,inthiscase,thetestsuitedescribedinSection5.2.ExecutionofthetestsuitewasaccomplishedviauseofasimpleshellscriptthatautomaticallygeneratesuniquedirectoriesforeachtestcaseandexecutesSAS4A/SASSYS-1inthatdirectory.Profileinformationcataloguingthe


ANL-ART-97 10

blocksandfilesutilizedduringthesimulationisgeneratedforeachtestcaseduringthisstepandstoredinauniquedirectory.

3. MergetheprofileinformationgeneratedduringStep2intoasingleanalysisprofileusingthecompiler’sprofmergetool.

4. GeneratethecoveragereportfromthesingleanalysisprofilegeneratedinStep3usingthecodecovtool.ThisprocesscreatesHTML-baseddocumentationthatcanbebrowsedpersourcefiletoassessline-by-linecoverageindetail.

Atthispoint,thecoveragereportwasreviewedforgapsinthetestsuite.Twomaincategoriesofcoverageareidentifiedinthereportforeachsourcefile:partialandnone.Forfileswithpartialcoverage,thefractionalcoverageoffunctions(subroutines)andbasicblocksisidentifiedperfile.Partiallycoveredsourcefilesaremarkedperlineorblocktoreflectoneofthefollowingfiveconditions:covered,uncoveredbasicblock,uncoveredfunction,partially-coveredcode,orunknown(typicallyacomment,includedirective,orvariabledeclaration).Forfileswithnocoverage,onlythetotalnumberoffunctionsandblocksinthatfileareprovided.

5.2 Test Suite Description Thecurrenttestsuiteiscomprisedof95uniquetestcaseswhichrangefromsimplesteadystateteststovalidationofaselectionofsevereaccidentmodelsrepresentingphenomenathatoccurredduringtheTREATM-seriestests.Ofthesetests,83weredevelopedaspartoftheverificationandvalidation(V&V)testsuite(fundedbyTerraPower,LLC)whichexercisesabroadrangeofbasicmodelingcapabilitiesforgenericreactorcharacteristics,including:

• Simplesteadystate,• Simpletransients,• Alternativetreatmentofmaterialproperties,• Pointkineticsandreactivityfeedback,• Heatrejectionsystemthermalhydraulics,and• Controlsystemsignals.

TheremainingtestcasesincludevariantsofanunprotectedlossofflowtransientintheABTR;protectedandunprotectedtransientoverpowersimulationsinEBR-IIforanonspecificcoreloading;andaseriesofFPINvalidationtestsbasedontheTREATM5,M6,andM7tests.

5.3 Gap Assessment

TheprocessoutlinedinSection5.1wasappliedtothetestsuitedescribedinSection5.2todeterminethecoverageofthetestsuite.Table3providesasummaryofthefractionalcoverageofallsourcefiles,functions,andblocks.Thetableindicatesthatwhilemorethanhalfthesourcefilesareutilizedinatleastonetestcase,approximatelyhalfofthefunctionsarebeingexercised,andlessthanaquarterofthebasicblocksarebeingutilized,meaningtherearesignificantportionsofthecodewithoutcoverage.FunctionandblockcoveragearenotequivalentinSAS4A/SASSYS-1duetothemodularstructureofthecode.Additional


11 ANL-ART-97

detailsontestsuitecoveragepermoduleandalistingofprioritizedgapsaredescribedintheremainderofthissection.ResultsfortestsuitecoveragepermoduleareprovidedinTable4forfunctionsandblocks.Shadinginthistableindicatesrangesofblockcoverage:redcellsindicateblockcoverageof0-25%;orangecellsindicateblockcoverageof26-50%;yellowcellsindicateblockcoverageof51-75%;andgreencellsindicate76-100%blockcoverage.Moduleswiththelowestcoverageperblockincludethebalance-of-plant(BOP),DEFORM-4,andPLUTO2.ModuleswiththehighestcoverageincludethesevereaccidentmodulesDEFORM-5andPINACLE.WhiletheresultsinTable4areusefultoassistwithidentifyinggapsinthetestsuite,itisimportanttoconsiderotherfactorswhenprioritizingthesegaps.Factorsthatcanaffectgappriorityincludeinput/modelcomplexityorfrequencyofmoduleuse.Forthisexercise,gapsareprioritizedbasedontheirneedformainlogicpathcontrolormodelingoftypicaltransientbehavior,meaninggapsintheMAINandPRIMAR-4modulesareconsideredtobeofhighestpriority.

Table3:TestSuiteCoverageSummaryMetric Covered/Total PercentCoverageFiles 338/548 62%Functions 508/1,018 50%Blocks 32,133/146,277 23%

Table4:FractionalFunctionandBlockCoverageperModuleModule Description Function BlockBOIL Two-phasecoolantthermalhydraulics 0.81 0.35BOP Balance-of-plantsystemsandcomponents 0.00 0.00CNTL Reactorandplantcontrolsystems 0.53 0.33DATA Datamanagement 0.47 0.39DEFORM-4 Oxidefuel/claddingmechanics 0.21 0.10DEFORM-5 Metallicfuel/claddingmechanics 1.00 0.76FPIN2 Pre-cladding-failurefuelrelocation 0.51 0.34LEVITATE Post-cladding-failurefuelrelocation 0.85 0.44MAIN Mainprogram,logicpathcontrol,etc. 0.63 0.41PLUTO2 Post-cladding-failurefuel/coolantinteraction 0.38 0.18PRIMAR-4 Coolantloopsthermalhydraulics 0.77 0.43PINACLE Moltenfuelrelocation 0.91 0.68TSCL Coolantthermalhydraulics 0.73 0.38


ANL-ART-97 12

KeygapsinMAINincludelimitedornocoverageinthesubroutinesthatareresponsibleforcallingalternativelogicflowpaths,suchasCHCHFL,REINIT,SSCLM1,orSSNULL.Thesegapscanberesolvedbydevelopingadditionalteststhatincludearestartcalculation,nulltransient,andsubassembly-to-subassemblyheattransfercalculations.InthecaseofgapsofPRIMAR-4,asignificantportionofthesegapscanbeclosedwithadditionalteststhatincludealternativecompressiblevolumesoralternativeheatexchangermodels.Examplesincludeadditionofanannularelement,checkvalve,piperupturesource/sink,compressibleliquidvolumewithoutgas,stratifiedvolume,verticalinlet/outputplenum,detailedsteamgeneratormodel,asimplifiedIHXmodelusinganormalizedtemperaturedrop,andalternativepumptypes.

6 Related Work TwoareasofinternationalcollaborationwillhaveimportantimpactsonfutureSAS4A/SASSYS-1codemaintenanceactivities.InvestmentsincodedevelopmentbytheKoreaAtomicEnergyResearchInstituteandtheJapanAtomicEnergyAgencyhaveledtoimprovementsinfuelfailureandaccidentmodelsformetalandoxidefuel,respectively.ArgonnehasaccesstothesecodedevelopmentsandwillbeworkingtointegratemodelingimprovementsintoSAS4A/SASSYS-1.

ExpectationswerethatKAERIwouldsupporttheintegrationofthemetalfuelmodelingimprovements,whichareofparticularinteresttotheU.S.WiththerecentpolicyshiftinKoreaawayfromnuclearenergy,itisnotclearifthissupportwillmaterialize.

IntegrationoftheoxidefuelmodelingimprovementsisbeingpursuedundertheCivilNuclearEnergyResearchandDevelopmentWorkingGroup(CNWG).Atthetimeofthiswriting,theveryfirsttechnicalexchangesbetweenArgonneandJAEAaretakingplace.

7 Summary Overthelastfewyears,theSAS4A/SASSYS-1safetyanalysiscodehasundergonesignificantrevisionstomodernizecodestructureanddatamanagement.[14,15,16,17]Withthecontinuedimportanceofadvancednon-LWRreactors,thereisalsogrowinginterestinapplyingSAS4A/SASSYS-1toanumberofSFRandLFRconcepts.Intotal,therearetwenty-fourlicenseagreementsinplace,withsixofthemestablishedinthecurrentfiscalyear.ThesafetyanalysiscodecontinuestobeofsignificantimportancetoDOEsponsoredactivitiesaswellastodomesticandinternationalcollaborations.SAS4A/SASSYS-1Version5.2wascompletedinMarch2017andreleasedinMay.

CodemaintenanceactivitiesaregraduallyshiftingintoamoreformalsoftwarequalityassuranceprogramthatisbeingdevelopedundertheRegulatoryTechnologyDevelopmentPlan.Aspartofthisprocess,sourcecodeanddocumentationaremaintainedwithinasoftwareconfigurationmanagementsystemandformalcodechangesaretrackedinanelectronicticketsystemaccordingtopreliminarySQAprocedures.Anevaluationofthecurrenttestsuiterevealsthatthereareimportantgapsthatneedtobeaddressed.AdherencetoanSQAprogramwillhelpensurethatsoftwaredevelopmentanddocumentationactivitiesarecarriedoutinawaythatensurestraceabilityandaccountability.


13 ANL-ART-97

8 References 1. T.H.Fanning,A.Brunett,andT.Sumner,eds.,TheSAS4A/SASSYS-1SafetyAnalysis

CodeSystem,ANL/NE-16/19,NuclearEngineeringDivision,ArgonneNationalLaboratory,March31,2017.

2. M.Denmanetal.,“SodiumFastReactorSafetyandLicensingResearchPlan–VolumeI,”SAND2012-4260,SandiaNationalLaboratories,2012.

3. IdahoNationalLaboratory,“AdvancedReactorTechnology–ReactorTechnologyDevelopmentPlan(RTDP),”INL/EXT-14-32837,2015.

4. T.H.Fanning,A.J.Brunett,andG.Zhang,SAS4A/SASSYS-1CodeImprovementsforFY2016,ANL-ART-75,ArgonneNationalLaboratory,September30,2016.

5. AmericanSocietyofMechanicalEngineers,QualityAssuranceRequirementsforNuclearFacilityApplications,ASMENQA-1-2008,2008.

6. AmericanSocietyofMechanicalEngineers,AddendatoASMENQA-1-2008:QualityAssuranceRequirementsforNuclearFacilityApplications,NQA-1a-2009,2009.

7. A.J.Brunett,L.L.Briggs,T.H.Fanning,StatusofSFRCodesandMethodsQAImplementation,ANL-ART-83,ArgonneNationalLaboratory,January31,2017.

8. J.C.Carteretal.,SAS1A,AComputerCodefortheAnalysisofFast-ReactorPowerandFlowTransients,ANL-7607,ArgonneNationalLaboratory,1970.

9. F.E.Dunnetal.,TheSAS2ALMFBRAccident-AnalysisComputerCode,ANL-8138,ArgonneNationalLaboratory,1974.

10. M.G.Stevensonetal.,"CurrentStatusandExperimentalBasisoftheSASLMFBRAccidentAnalysisCodeSystem,"Proc. of the Fast Reactor Safety Meeting,pp.1303–1321,BeverlyHills,CA,1974.

11. G.Birgersson,etal.,TheSAS4ALMFBRAccidentAnalysisCodeSystem,ANL/RAS83-38,Revision2,Volumes1and2,ArgonneNationalLaboratory,February,1988.

12. F.E.Dunn,etal.,TheSASSYS-1LMFBRSystemsAnalysisCode,ANL/RAS84-14,Revision1,ArgonneNationalLaboratory,March,1987.

13. T.H.Fanning,ed.,TheSAS4A/SASSYS-1SafetyAnalysisCodeSystem,ANL/NE-12/4,NuclearEngineeringDivision,ArgonneNationalLaboratory,January31,2012.

14. T.H.Fanning,F.E.Dunn,D.Grabaskas,T.Sumner,andJ.W.Thomas,SAS4A/SASSYS-1Modernization,ANL-ARC-265,ArgonneNationalLaboratory,September20,2013.

15. T.H.Fanning,A.Brunett,T.Sumner,andN.Stauff,SAS4A/SASSYS-1ModernizationandExtension,ANL-ARC-299,ArgonneNationalLaboratory,September26,2014.

16. T.H.Fanning,A.Brunett,T.Sumner,R.Hu,SAS4A/SASSYS-1ModernizationandExtension,ANL-ART-30,Argonne,IL,September30,2015.

17. T.H.Fanning,A.J.Brunett,andG.Zhang,SAS4A/SASSYS-1CodeImprovementsforFY2016,ANL-ART-75,Argonne,IL,September30,2016.


ANL-ART-97 14


15 ANL-ART-97

Argonne National Laboratory is a U.S. Department of Energy laboratory managed by UChicago Argonne, LLC

Nuclear Engineering Division Argonne National Laboratory 9700 South Cass Avenue, Bldg. 208 Argonne, IL 60439-4842 www.anl.gov

Status of the SAS4A/SASSYS-1 Safety Analysis Code

Documents

Transcript of Status of the SAS4A/SASSYS-1 Safety Analysis Code