Status of the SAS4A/SASSYS-1 Safety Analysis Code
Transcript of Status of the SAS4A/SASSYS-1 Safety Analysis Code
ANL-ART-97
Status of the SAS4A/SASSYS-1 Safety Analysis Code Nuclear Engineering Division
About Argonne National Laboratory Argonne is a U.S. Department of Energy laboratory managed by UChicago Argonne, LLC under contract DE-AC02-06CH11357. The Laboratory’s main facility is outside Chicago, at 9700 South Cass Avenue, Argonne, Illinois 60439. For information about Argonne and its pioneering science and technology programs, see www.anl.gov. DOCUMENT AVAILABILITY Online Access: U.S. Department of Energy (DOE) reports produced after 1991 and a growing number of pre-1991 documents are available free via DOE’s SciTech Connect (http://www.osti.gov/scitech/) Reports not in digital format may be purchased by the public from the National Technical Information Service (NTIS): U.S. Department of Commerce National Technical Information Service 5301 Shawnee Rd Alexandria, VA 22312 www.ntis.gov Phone: (800) 553-NTIS (6847) or (703) 605-6000 Fax: (703) 605-6900 Email: [email protected] Reports not in digital format are available to DOE and DOE contractors from the Office of Scientific and Technical Information (OSTI): U.S. Department of Energy Office of Scientific and Technical Information P.O. Box 62 Oak Ridge, TN 37831-0062 www.osti.gov Phone: (865) 576-8401 Fax: (865) 576-5728 Email: [email protected] Disclaimer This report was prepared as an account of work sponsored by an agency of the United States Government. Neither the United States Government nor any agency thereof, nor UChicago Argonne, LLC, nor any of their employees or officers, makes any warranty, express or implied, or assumes any legal liability or responsibility for the accuracy, completeness, or usefulness of any information, apparatus, product, or process disclosed, or represents that its use would not infringe privately owned rights. Reference herein to any specific commercial product, process, or service by trade name, trademark, manufacturer, or otherwise, does not necessarily constitute or imply its endorsement, recommendation, or favoring by the United States Government or any agency thereof. The views and opinions of document authors expressed herein do not necessarily state or reflect those of the United States Government or any agency thereof, Argonne National Laboratory, or UChicago Argonne, LLC.
ANL-ART-97
Status of the SAS4A/SASSYS-1 Safety Analysis Code prepared by T. H. Fanning and A. J. Brunett Nuclear Engineering Division Argonne National Laboratory June 30, 2017
Status of the SAS4A/SASSYS-1 Safety Analysis Code June 30, 2017
i ANL-ART-97
ABSTRACT
SAS4A/SASSYS-1isasimulationtoolusedtoperformdeterministicanalysisofanticipatedeventsaswellasdesignbasisandbeyonddesignbasisaccidentsforadvancedreactors.ThisreportsummarizesthecurrentstatusofSAS4A/SASSYS-1,includingtheimplementationofsoftwarequalityassuranceproceduresforconfigurationmanagement,newlicenses,currentusers,andagapassessmentofthetestsuite.Theexistingcopyrighthasbeenextendedforanadditionalfiveyears,whichwasessentialsothatArgonnecancontinuedeveloping,distributing,andsupportingthesoftwareforbothdomesticuseandinternationalcollaborations.SAS4A/SASSYS-1Version5.2wascompletedinMarch2017andreleasedtousersinMay.
TheimportanceofSAS4A/SASSYS-1maintenancereflectsitsrelevancetoanumberofU.S.DepartmentofEnergyprogramsaswellasdomesticandinternationalcollaborations.ExternalcollaborationshavealsoproducedimprovementsintheSAS4A/SASSYS-1code,andthesearenotedinthisreport.SAS4A/SASSYS-1hasagrowinguserbasethatcontinuestostrengthenthepromotionofadvancednon-LWRreactorconcepts.AdditionaluserswillhelpsolidifyDOE’sleadershiproleinfastreactorsafetybothdomesticallyandininternationalcollaborations.
Status of the SAS4A/SASSYS-1 Safety Analysis Code June 30, 2017
ANL-ART-97 ii
Status of the SAS4A/SASSYS-1 Safety Analysis Code June 30, 2017
iii ANL-ART-97
TABLE OF CONTENTS
Abstract........................................................................................................................................................................iTableofContents...................................................................................................................................................iiiListofFigures..........................................................................................................................................................ivListofTables............................................................................................................................................................iv1 Introduction.......................................................................................................................................................12 CurrentStatus...................................................................................................................................................3
2.1 ReleaseofVersion5.2........................................................................................................................32.2 NewLicenseAgreements.................................................................................................................3
3 SoftwareLicensing.........................................................................................................................................43.1 CurrentUsers.........................................................................................................................................43.2 ExtensionofCopyright......................................................................................................................43.3 RevisionofLicensingTerms...........................................................................................................4
4 SoftwareQualityAssurance.......................................................................................................................64.1 ConfigurationManagement............................................................................................................64.2 ImplementationofProcedures.....................................................................................................84.3 AutomatedTesting..............................................................................................................................9
5 TestSuiteGapAssessment.........................................................................................................................95.1 Implementation....................................................................................................................................95.2 TestSuiteDescription....................................................................................................................105.3 GapAssessment.................................................................................................................................10
6 RelatedWork..................................................................................................................................................127 Summary..........................................................................................................................................................128 References.......................................................................................................................................................13
Status of the SAS4A/SASSYS-1 Safety Analysis Code June 30, 2017
ANL-ART-97 iv
LIST OF FIGURES
Figure1:TicketWorkflowintheTracEnvironmentforSAS4A/SASSYS-1.......7
LIST OF TABLES
Table1:SASLicenseAgreementsEstablishedduringFY2017................................3Table2:LicensedUsersforSAS4A/SASSYS-1andMiniSAS.....................................5Table5.1:TestSuiteCoverageSummary.........................................................................11Table5.2:FractionalFunctionandBlockCoverageperModule..........................11
Status of the SAS4A/SASSYS-1 Safety Analysis Code June 30, 2017
1 ANL-ART-97
1 Introduction SAS4A/SASSYS-1isasimulationtoolusedtoperformdeterministicanalysisofanticipatedeventsaswellasdesignbasisandbeyonddesignbasisaccidentsforadvancedliquid-metal-coolednuclearreactors.[1]WithitsoriginasSAS1Ainthelate1960s,theSASseriesofcodeshasbeenundercontinuoususeanddevelopmentfornearlyfiftyyearsandrepresentsacriticalinvestmentinsafetyanalysiscapabilitiesfortheU.S.DepartmentofEnergy.[2,3]Version5.2ofSAS4A/SASSYS-1wascompletedinMarch2017.
ContinuedmaintenanceandimprovementoftheSAS4A/SASSYS-1codesystemismotivatedbytherelevanceofitssimulationcapabilitytoanumberofU.S.DepartmentofEnergyprogramsaswellasdomesticandinternationalcollaborations.ActiveprogramsandcollaborationsthatcurrentlyuseSAS4A/SASSYS-1includethefollowing:
• FFTFBenchmark:TheU.S.DOEispreparingbenchmarkspecificationsforthePassiveSafetyTests(PST)carriedoutattheFastFluxTestFacilitybetween1984and1986.Themostprominenttestswerethelossofflowwithoutscram(LOFWOS).IncollaborationwithPNNL,ArgonneisassessingthebenchmarkspecificationsandpreparingSAS4A/SASSYS-1modelsforverificationandvalidationpurposes.
• EBR-IIIAEABenchmark:TheU.S.DOEsupportedahigh-profileCoordinatedResearchProjectwiththeInternationalAtomicEnergyAgencybasedontheShutdownHeatRemovalTestsconductedatEBR-II.Bothprotected(SHRT-17)andunprotected(SHRT-45R)loss-of-flowtestswerepartofthebenchmarkactivity.
• TheU.S.DOEisidentifyingandaddressinggapsforthelicensingofSFRs.OnesuchgapistheregulatoryacceptabilityofSFRanalysistools.InitialeffortsareunderwaytoestablishmorerigoroussoftwarequalityassuranceforSAS4A/SASSYS-1.
• TheU.S.NuclearRegulatoryCommissionhaslicensedSAS4A/SASSYS-1toevaluateitsuseforadvancednon-LWRlicenseapplications,particularlyforliquidmetalcooledreactors.
• TerraPower,LLChaslicensedtheSAS4A/SASSYS-1sourcecodetoperformsafetyanalysisstudiesfortheirTWRconcept.TerraPoweralsofundscodedevelopmentactivitiesthatimprovethemodelingcapabilitiesofSAS4A/SASSYS-1.
• GE-HitachiNuclearEnergyhaslicensedMiniSAStosupportpre-applicationlicenseevaluationsoftheAdvancedReactorConceptsARC-100designandinteractionswiththeCanadianNuclearSafetyCommission.
• WestinghouseElectricCompanyhaslicensedMiniSAStosupportsafetyanalysisfortheirlead-cooledfastreactorconceptualdesignandhasinitiatedtheprocessforacquiringafulllicenseforSAS4A/SASSYS-1.
• Oklo,Inc.isinvestigatingavailabletoolsforfastreactoranalysisandhasacquiredalicenseforMiniSAStoevaluateitsapplicabilitytotheirdesign.
• TheUniversityofCaliforniaatBerkeleyisusingMiniSAStoevaluatesafetybenefitsthatmightbeachievedwithautonomousreactivitycontroldevices.
• KansasStateUniversityandtheUniversityofWisconsinarepreparingexperimentsthatcanimprovethemodelingofthermalstratificationinsodium-cooledfastreactors,whiletheirpartners,theUniversityofIllinoisandVirginiaCommonwealth
Status of the SAS4A/SASSYS-1 Safety Analysis Code June 30, 2017
ANL-ART-97 2
University,respectively,willdevelopimprovedmodelsthatcouldbeincorporatedintoSAS4A/SASSYS-1.
• CEABilateralCollaboration:AnimplementationagreementhasbeenestablishedbetweentheU.S.DOEandtheCommissariatàl'énergieatomiqueetauxénergiesalternativesofFranceforcooperationinlowcarbonenergytechnologies.OnepurposeoftheagreementistoevaluatethesafetyperformanceoftheASTRIDreactordesign.DOEparticipatesinthiscollaborationusingtheSAS4A/SASSYS-1safetyanalysiscode.
• JAEABilateralCollaboration:TheCivilNuclearEnergyResearchandDevelopmentWorkingGroup(CNWG)wasestablishedbytheU.S.-JapanBilateralCommissiononCivilNuclearCooperationin2012toenhancecoordinationofjointcivilnuclearresearchanddevelopmentefforts.TheJapanAtomicEnergyAgencyandArgonnearecollaboratingundertheCNWGtoimprovetheoxidefuelsevereaccidentmodelingcapabilitiesinSAS4A/SASSYS-1.
• NRA:TheNuclearRegulationAuthorityofJapanhasacquiredalicenseforSAS4A/SASSYS-1.TheNRAplanstouseSAS4A/SASSYS-1tosupporttheSFRlicensingevaluationsinJapan.
• KAERIPG-SFR:TheKoreanAtomicEnergyResearchInstituteacquiredalicenseforSAS4A/SASSYS-1toperformsafetyanalysisandmodeldevelopmentforthe“PrototypeGeneration-IVSodiumFastReactor”.KAERIissupportingmetallicfuelsevereaccidentmodeldevelopmentsthatwillbeincorporatedintoafutureversionofSAS4A/SASSYS-1.
• KINS:TheKoreaInstituteofNuclearSafetyisanindependentregulatoryexpertorganizationthatsupportstheNuclearSafetyandSecurityCommission(NSSC)inKorea.KINSacquiredalicenseforSAS4A/SASSYS-1tosupporttheregulatoryobligationsoverthePG-SFRproject.
• CIAEBilateralCollaboration:TheDOE-NEOfficeofInternationalNuclearEnergyPolicyandCooperationhasestablishedtheU.S.–ChinaBilateralCivilNuclearEnergyCooperativeActionPlan(BCNECAP)withtheChinaInstituteofAtomicEnergy.JointactivitiesundertheactionplanincludemodeldevelopmentandsafetyanalysesoftheChinaExperimentalFastReactorusingSAS4A/SASSYS-1.
• TheRoyalInstituteofTechnology(KTH:KungligaTekniskaHögskolan)inStockholmSwedenhasalicenseforSAS4A/SASSYS-1toperformnaturalcirculationdesignperformancestudiesoftheirELECTRAlead-cooledfastreactorconcept.
• TheCenterofTechnologyandEngineeringforNuclearProjects(CITON)inRomaniahasalicenseforMiniSAStoperformanalysisfortheFalconconsortiumtosupporttheALFRED(LFR)demonstratorproject.
ThisreportprovidesanoverviewofthecurrentstatusofSAS4A/SASSYS-1,licensingactivitiestomakeitmoreaccessibletousers,implementationofnewsoftwarequalityassuranceprocedures,andresultsofcodecoveragetesting.Informationontechnicalupdatestothecodewillbesummarizedinafuturemilestonereport.ThisreportsatisfiesthedeliverablefortheLevel3milestoneM3AT-17AN1702031,“SAS4A/SASSYS-1CodeMaintenance”.
Status of the SAS4A/SASSYS-1 Safety Analysis Code June 30, 2017
3 ANL-ART-97
2 Current Status
2.1 Release of Version 5.2
Version5.2ofSAS4A/SASSYS-1wascompletedinMarch2017andannouncedtousersinmid-Mayfollowingasoftwarequalityassurancereviewandclearanceoftheupdatedmanual.[1]Fifteenorganizationshaverequestedandobtainedlicensekeysforthenewversion.The5.2releaseintroducesanextensiontotheControlSystemmodulethatprovidesaccesstoanextensivesetofcoreandcorechannelstatevariablessuchasfuel,cladding,coolant,andstructuretemperatures;coolantflowratesandpressures;andseveralotherparameters.[4]DevelopmentofthismodelingupdatewasfundedbyTerraPower,LLC.Thereleaseof5.2alsointroducesanumberofinternalcodechangesandbugfixes.Internally,nearlyallobsoletecodeconstructshavebeenremovedtobringthecodeintocompliancewithFortran2003standards.Thiseffortincludedtherewriteof4141loopsandtheeliminationof254obsoletecomputedGOTOandarithmeticIFstatements.Inaddition,compileroptionsforWindowsbuildshavebeensignificantlyrevisedtoproduceidenticalresultswhencomparedwithmacOSandLinuxbuilds.
2.2 New License Agreements
DuringFY2017,sixnewlicenseagreementswereestablishedforMiniSASandSAS4A/SASSYS-1.ThesearesummarizedinTable1.Basedonnewaswellasexistinglicensingagreements,atrendhasbeenobservedthatrevealsthattheexistinglicensingstructurecreatesunintendedbarriersfordomesticuse.ThistopiciscoveredinmoredetailinSection3.3,andanewlicensingarrangementisbeingestablishedtoeliminatethesebarriers.
Table1:SASLicenseAgreementsEstablishedduringFY2017.
Organization Code Purpose
JapanAtomicEnergyAgency SAS4A/SASSYS-1 CNWGBilateralU.S.NuclearRegulatoryCommission SAS4A/SASSYS-1 GovernmentUseGE-HitachiNuclearEnergy MiniSAS ARC-100SupportWestinghouseElectricCompany MiniSAS LFRConceptUlsanNationalInstituteofScienceandTechnology(UNIST)
SAS4A/SASSYS-1 AcademicUse/PG-SFR
CITON—CenterofTechnologyandEngineeringforNuclearProjects
MiniSAS EUALFREDProject
Status of the SAS4A/SASSYS-1 Safety Analysis Code June 30, 2017
ANL-ART-97 4
3 Software Licensing
3.1 Current Users
Globally,therearetwenty-fourlicensedusersforSAS4A/SASSYS-1orMiniSAS(seeTable2onthenextpage).Thelimitedversion,MiniSAS,ispopularbecauseitisofferedatnocost.However,itdoesnotincludethesevereaccidentmodelingcapabilitiesfoundinthefullversionanditsfidelityislimitedtoonlyfivecorechannels.Thisisoftenadequateformanystudies.Infact,MiniSASiscurrentlybeingusedinthreeNEUPprojects.
3.2 Extension of Copyright
ArgonneNationalLaboratoryassertedcopyrightoverSAS4A/SASSYS-1inMay2012.In2015,thecopyrightwasextendedtoincludeMiniSAS.TheDepartmentofEnergyoriginallyauthorizedcopyrightassertionforaperiodoffiveyears.InMay2017,ArgonnereceivedapprovalfromDOEtoextendthecopyrightforanadditionalfiveyears,throughMay2022.ThisextensionwasessentialsothatArgonnecancontinuedeveloping,distributing,andsupportingSAS4A/SASSYS-1forbothdomesticuseandinternationalcollaborations.
3.3 Revision of Licensing Terms
Anevaluationofexistinglicenseagreementsshowsthatatrendhasdeveloped.Ingeneral,licenseescanbegroupedintooneoffourcategories,althoughexceptionsdoexist.
Category Code(typical)DomesticVendors MiniSASDomesticAcademicInstitutions MiniSASInternationalBilateralCollaborations SAS4A/SASSYS-1(withsource)InternationalAcademicInstitutions SAS4A/SASSYS-1(executable)
TheoriginallicensingstructureforSAS4A/SASSYS-1wascreatedtoprovideapreferencefordomesticindustry.Instead,specialbilateralagreementsthatsupersedethelicensestructurehaveledtofullsourcecodeaccessforinternationalorganizationssuchastheJapanAtomicEnergyAgencyandtheKoreaAtomicEnergyResearchInstitute.WhiletheseagreementsareextremelyvaluabletosupportU.S.DOEcollaborationsinfastreactorsafety,theyputdomesticvendorsatadisadvantage.Bothestablishedcompaniesandnewstart-upventuresfacesignificantchallengesintheadvancedreactormarketplace.Afterextensivediscussionswithdomesticvendors,anew“limitedcommercial”licensecategoryisbeingestablishedthatwillprovidefullsource-codeaccessatnegligiblecostfordomesticusers.Thelicensecanbeusedduringtheentirephaseofpre-applicationresearchanddevelopment,includingdesigncertificationreviews.Thefree(MiniSAS)andacademic(SAS4A/SASSYS-1)licenseswillcontinuetobeoffered,butdonotincludesourcecodeaccess.IfadesignadvancestoaformalapplicationwiththeNRC,thenthetraditionalcommerciallicensewillapply.
Status of the SAS4A/SASSYS-1 Safety Analysis Code June 30, 2017
5 ANL-ART-97
Table2:LicensedUsersforSAS4A/SASSYS-1andMiniSAS.1
Organization Code Version Purpose
PacificNorthwestNationalLaboratory
SAS4A/SASSYS-1 5.2 FFTFBenchmark
ChinaInstituteofAtomicEnergy SAS4A/SASSYS-1 5.2 BCNECAP/CEFRJapanAtomicEnergyAgency SAS4A/SASSYS-1 5.2 CNWGBilateralKoreaAtomicEnergyResearchInstitute
SAS4A/SASSYS-1 5.2 PG-SFR
KansasStateUniversity MiniSAS 5.1 NEUPProjectMassachusettsInstituteofTechnology
MiniSAS 5.1 NEUPProject
NorthCarolinaStateUniversity MiniSAS 5.2 UncertaintyQuantification
PurdueUniversity MiniSAS 5.2 AcademicUseTexasA&MUniversity MiniSAS 5.1 AcademicUseUniversityofCalifornia,Berkeley MiniSAS 5.1 NEUPProjectUniversityofIllinois MiniSAS 5.2 NEUPProjectUniversityofMichigan MiniSAS 5.1 AcademicUseVirginiaCommonwealthUniversity MiniSAS 5.2 NEUPProjectRoyalInstituteofTechnology SAS4A/SASSYS-1 5.2 LFRConceptsUlsanNationalInstituteofScienceandTechnology(UNIST)
SAS4A/SASSYS-1(prev.MiniSAS)
5.2 AcademicUse/PG-SFR
QvistAtomenergiAB MiniSAS 5.1 NEUPProjectGE-HitachiNuclearEnergy MiniSAS 5.2 ARC-100SupportOklo,Inc. MiniSAS 5.1 GAINVoucherTerraPower,LLC SAS4A/SASSYS-1 5.2 TWRConceptWestinghouseElectricCompany MiniSAS 5.2 LFRConceptCITON—CenterofTechnologyandEngineeringforNuclearProjects
MiniSAS 5.2 EUALFREDProject
KoreaInstituteofNuclearSafety SAS4A/SASSYS-1 5.1 LicensingReviewNuclearRegulatoryAuthority(Japan)
SAS4A/SASSYS-1 5.1 LicensingReview
U.S.NuclearRegulatoryCommission SAS4A/SASSYS-1 5.2 GovernmentUse
1ShadedcellsindicatenewlicensesandupgradesinFY2017.
Status of the SAS4A/SASSYS-1 Safety Analysis Code June 30, 2017
ANL-ART-97 6
4 Software Quality Assurance Afundamentalgoalofsoftwarequalityassurance(SQA)istohelpensurethedevelopmentofhigh-qualitysoftware.Forverysmallprojects,requirementsspecifications,codedesign,implementation,testing,andreleasemayallbecarriedoutbyasingleperson.MoreformalSQAprogramsareoftenbasedonapprovedstandardsfromrecognizedorganizationssuchastheAmericanSocietyofMechanicalEngineers(ASME)[5,6]andtheInstituteofElectricalandElectronicsEngineers(IEEE).Formalprogramsfocusondocumentingthesoftwaredevelopmentactivitiesaccordingtoapprovedprocedurestoensuretraceabilityandaccountability.ThedevelopmentofanSQAProgramforSAS4A/SASSYS-1willbethesubjectofafuturemilestone.PreliminaryworkisdocumentedinReference7.SAS4A/SASSYS-1hasbeenundersomeformofsoftwarequalityassuranceoveritsentirelifetime.Duringmuchofitsdevelopment(1970-1990)alargeteamofengineerswasinvolvedincodeimprovements.Full-timestaffmembersweretaskedwithcodemanagement,recordkeeping,codeintegration,andverificationtesting.Withtheeliminationofadvancedreactorfundingin1994,thedevelopmentteameventuallycollapsedtoonlyoneortwopeople.Aroundthesametime,computinghardwareunderwentsignificanttransformations.Mainframeswerereplacedwithworkstations,andeventuallypersonalcomputers.Earliercodeversionsandmanyelectronicrecordsdidnotsurvivethetransition.Despitethisupheaval,SAS4A/SASSYS-1Version2.0anditsuccessorssurvivedalongwithahandfulofvalidationtestcases.However,priorrecordsofSASdevelopment(SAS1A[8],SAS2A[9],SAS3A[10],SAS3D,andSAS4A[11,12])areunavailableotherthanthroughpublishedreportsandrelatedcitations.Althoughawealthofinformationexists(e.g.experimentaldataandvalidationreports),itisnotinaneasilytraceableform.AlthoughthedevelopmentoftheSAS4A/SASSYS-1SQAProgramisthesubjectofadifferentworkscope,theimplementationisthedirectresponsibilityofthecodemaintainers.Inthefollowingsubsections,initialimplementationeffortsaredescribedfromtheviewpointsofsourcecodeconfigurationmanagement,implementingprocedures,andautomatedtesting.
4.1 Configuration Management
Sourcecoderepositoriesareessentialelementsofasoftwareconfigurationmanagement(SCM)system.MigrationoftheSAS4A/SASSYS-1sourcecodeintoaSCMrepositorybegannineyearsagowiththefirstcommitofSAS4A/SASSYS-1Version2.0,whichwasoriginallydevelopedapproximatelythirtyyearsago.Overthenextfewyears,thehistoryofSAS4A/SASSYS-1throughversions2.1,3.0,3.1,and3.1.2wasreconstructedintheSubversionrepository.Inparalleltotheseefforts,significantupdateswereincorporatedintothecodethatculminatedwiththereleaseofVersion5.0inlate2012.[13]Withthistransition,changestothesourcecodearenowtrackedinconsiderabledetailincludingtimestamp,author,rationale,affectedfiles,andlineschanged.Inaddition,onlyauthorizeduserscanmodifytherepositoryandonlythecodemanagercancreateofficialreleasesknownastags.
Status of the SAS4A/SASSYS-1 Safety Analysis Code June 30, 2017
7 ANL-ART-97
Figure1:TicketWorkflowintheTracEnvironmentforSAS4A/SASSYS-1.
AlongwiththeSubversionrepository,aTracenvironmentisusedtomaintainrecordsoncodereleases,codeordocumentationissues,andbuildconfigurations.Untilrecently,theTracenvironmentwasnotextensivelyusedotherthantobrowsecoderevisionhistories.WiththegradualintroductionofSQApractices,Tracismoreheavilyusedforitspowerfulticketsystem.Forexample,ticketsareusedtomaintainQArecordsfornewcodedevelopmentsandissuereporting.Throughtheserecords,traceabilityissubstantiallyimproved.Traccanbeconfiguredtorouteticketsthroughasetofstagesknownasaworkflow.InconjunctionwiththedevelopmentoftheSQAPlanandrelatedprocedures,aTracworkflowwasdevelopedandisshowninFigure1.FourkeyreviewstagesareintroducedthatarenotpartofthedefaultworkflowinTracbutthatarecriticalforsoftwaredevelopment:
reassign reassign
accept
reassign
closenew orreopened
reopen closed
ReviewRequirements
ReviewDesign
PerformQA Review
ReviewImplementation
reassign
closeaccepted
accept
closeassigned
RequirementsReview
DesignReview
TechnicalReview
Reject
QAReview
close
accept
Approved
close
accept
Rejected
Reassign Reassign Reassign Reassign
Approve
accept
Status of the SAS4A/SASSYS-1 Safety Analysis Code June 30, 2017
ANL-ART-97 8
• RequirementsReviewensuresthataSoftwareRequirementsSpecification(SRS)iswrittenthatclearlyidentifiesthepurposeandrequirementsoftheproposedsoftwaredevelopmentactivity.
• DesignReviewensuresthataSoftwareDesignDescription(SDD)iswrittenthatisconsistentwiththeSRSandthatcontainssufficientdetailtodefinetheproposedimplementation.
• TechnicalReviewensuresthattheactualsoftwareanddocumentationimplementationsareconsistentwiththeSDDandthattestingverifiesthattherequirementsdefinedintheSRSaresatisfied.
• QAReviewensurestraceabilitybyconfirmingthatallrelevantSQAPlanrequirementsandprocedureswerefollowedduringthedevelopmentactivity.
TheTracworkflowdoesnotenforceanyparticularsequenceamongthenewstages.Thisisintentionalsothatareviewercanrejectaticketandsetittoadifferentstage,ifnecessary.ItisimportanttomaintainflexibilityinordertominimizetheburdenofSQAproceduresandencouragetheiradoption.
4.2 Implementation of Procedures
Asdescribedabove,theTracworkflowprovidesreviewstagesforthedifferenttypesofticketsthatmaybesubmittedintothesystem.TheparticularpaththroughtheworkflowisdocumentedinformalproceduresthatarepartoftheSQAimplementation.Overtime,theformalprocedureswillevolvetomeetevolvingSQAgoals.Asofthiswriting,fourprocedureshavebeendraftedandarebeingadoptedaspartofSAS4A/SASSYS-1maintenance.Theseincludethefollowing:
• SoftwareDevelopmentandModificationestablishestheprocessfordevelopingandimplementingnewfunctionalcapabilitiesormodifyingorremovingexistingfunctionalcapabilitieswithintheSAS4A/SASSYS-1safetyanalysissoftware.
• ProblemReportingandCorrectiveActionestablishestheprocessforreportingproblemsassociatedwiththeSAS4A/SASSYS-1safetyanalysissoftware(includingdocumentation)andfortakingcorrectiveactionstoresolvethoseerrors.
• SoftwareTestingestablishestheprocessforevaluatingwhethertheSAS4A/SASSYS-1softwareadequatelyperformsallintendedfunctions,properlyhandlesabnormalconditionsandcrediblefailures,doesnotperformadverseunintendedfunctions,anddoesnotdegradethehostsystem.
• VersionReleaseestablishestheprocessfortheformalreleaseofanewversionoftheSAS4A/SASSYS-1safetyanalysissoftwaretoauthorizedusers.
Oftheaboveprocedures,onlythefirst,SoftwareDevelopmentandModification,requiresthatallfourreviewstagesintheworkflowbeapproved.TheProblemReportingandCorrectiveActionprocedureisinvokedwhenanissueisidentifiedthatconflictswithexpectedcodebehaviordefinedinexistingSRSorSDDdocumentation.Therefore,onlytheTechnicalReviewandQAReviewstagesneedtobeapprovedwhentheissueisresolved.
Status of the SAS4A/SASSYS-1 Safety Analysis Code June 30, 2017
9 ANL-ART-97
PreviousSAS4A/SASSYS-1maintenanceeffortsoftenmetthespiritoftheaboveprocedures,butnottherigorandformalityrequiredforamorerobustSQAprogram.Inthepast,bigfixeswereusuallyonlynotedincommitmessagesandnoticketwouldbecreated.Furthermore,anindependentreviewofthecorrectionwasnotconducted,andtestingwouldbedonewithlimitedornodocumentation.Whiletheendresultmaybethesame,thelackofformalityimpairstraceability,whichisacriticalelementofSQA.
4.3 Automated Testing
Currentregressiontestingisextremelystrict:successivecodeupdatesareexpectedtoproducebit-identicalresultsacrossallsupportedplatforms.WithrevitalizationofSAS4A/SASSYS-1maintenance,alargertestsuiteisemergingtosupportvalidationandregressiontesting.Section5summarizeshowwellthecurrenttestsuitecoverstheextensivecodebaseofSAS4A/SASSYS-1.Althoughregressiontestingisstilldonebyhand,atooltoautomatemuchoftherepetitiveworkisbeingdevelopedsothattestscanberunnightlyonanautomatedtestingserver.Currently,theautomatedtestingcodeisalsobeingmodifiedtosupportinteractivetesting,whichiscrucialfortechnicalreviewsofcodechangesunderSQAprocedures.
5 Test Suite Gap Assessment InanefforttoquantifytheneedforimprovedcoverageoftheSAS4A/SASSYS-1testsuite,agapanalysishasbeenperformedthatidentifiesandprioritizestheneedforadditionaltestproblems.Testsuitecoverageisanimportantcomponentofacceptanceandregressiontesting,andanextensivetestsuitewillhelpensurecontinuedcodeintegrity.WhilecontinuoustestsuiteimprovementsareexpectedthroughoutthelifetimeoftheSAS4A/SASSYS-1project,gapsrelevanttoregularly-exercisedmodelsneedtobeaddressedinthenearterm.Toaccomplishthistask,Intel’scodecoveragetoolwasutilizedtoassessthefileandlinecoverageofthecurrenttestsuite.ThetoolisanintegratedcomponentoftheIntelFortranComposerXEcompilerthatgeneratesweb-ortext-basedreportsofdynamicprofilestatisticsduringtheuseofanapplication.Partial,no,orfullsourcecoverageisreportedforbasicblocks,functions,andfiles.Thisinformationcanbeviewedbythedevelopersuchthatline-by-linecoveragecanbeassessedindetail.
5.1 Implementation
Generationofthecodecoveragereportentailedthefollowingsteps:1. Compiletheinstrumentedexecutable.Standardsourceisutilized,butthemakeprocess
isalteredbyspecifyingadditionalcompileroptions,includingenablingsourceprofilegeneration(viathe–prof-genoption)anddisablingoptimizationtoensurenosourceisomittedfromtheapplication.
2. Utilizetheinstrumentedexecutableforaspecifiedworkload,inthiscase,thetestsuitedescribedinSection5.2.ExecutionofthetestsuitewasaccomplishedviauseofasimpleshellscriptthatautomaticallygeneratesuniquedirectoriesforeachtestcaseandexecutesSAS4A/SASSYS-1inthatdirectory.Profileinformationcataloguingthe
Status of the SAS4A/SASSYS-1 Safety Analysis Code June 30, 2017
ANL-ART-97 10
blocksandfilesutilizedduringthesimulationisgeneratedforeachtestcaseduringthisstepandstoredinauniquedirectory.
3. MergetheprofileinformationgeneratedduringStep2intoasingleanalysisprofileusingthecompiler’sprofmergetool.
4. GeneratethecoveragereportfromthesingleanalysisprofilegeneratedinStep3usingthecodecovtool.ThisprocesscreatesHTML-baseddocumentationthatcanbebrowsedpersourcefiletoassessline-by-linecoverageindetail.
Atthispoint,thecoveragereportwasreviewedforgapsinthetestsuite.Twomaincategoriesofcoverageareidentifiedinthereportforeachsourcefile:partialandnone.Forfileswithpartialcoverage,thefractionalcoverageoffunctions(subroutines)andbasicblocksisidentifiedperfile.Partiallycoveredsourcefilesaremarkedperlineorblocktoreflectoneofthefollowingfiveconditions:covered,uncoveredbasicblock,uncoveredfunction,partially-coveredcode,orunknown(typicallyacomment,includedirective,orvariabledeclaration).Forfileswithnocoverage,onlythetotalnumberoffunctionsandblocksinthatfileareprovided.
5.2 Test Suite Description Thecurrenttestsuiteiscomprisedof95uniquetestcaseswhichrangefromsimplesteadystateteststovalidationofaselectionofsevereaccidentmodelsrepresentingphenomenathatoccurredduringtheTREATM-seriestests.Ofthesetests,83weredevelopedaspartoftheverificationandvalidation(V&V)testsuite(fundedbyTerraPower,LLC)whichexercisesabroadrangeofbasicmodelingcapabilitiesforgenericreactorcharacteristics,including:
• Simplesteadystate,• Simpletransients,• Alternativetreatmentofmaterialproperties,• Pointkineticsandreactivityfeedback,• Heatrejectionsystemthermalhydraulics,and• Controlsystemsignals.
TheremainingtestcasesincludevariantsofanunprotectedlossofflowtransientintheABTR;protectedandunprotectedtransientoverpowersimulationsinEBR-IIforanonspecificcoreloading;andaseriesofFPINvalidationtestsbasedontheTREATM5,M6,andM7tests.
5.3 Gap Assessment
TheprocessoutlinedinSection5.1wasappliedtothetestsuitedescribedinSection5.2todeterminethecoverageofthetestsuite.Table3providesasummaryofthefractionalcoverageofallsourcefiles,functions,andblocks.Thetableindicatesthatwhilemorethanhalfthesourcefilesareutilizedinatleastonetestcase,approximatelyhalfofthefunctionsarebeingexercised,andlessthanaquarterofthebasicblocksarebeingutilized,meaningtherearesignificantportionsofthecodewithoutcoverage.FunctionandblockcoveragearenotequivalentinSAS4A/SASSYS-1duetothemodularstructureofthecode.Additional
Status of the SAS4A/SASSYS-1 Safety Analysis Code June 30, 2017
11 ANL-ART-97
detailsontestsuitecoveragepermoduleandalistingofprioritizedgapsaredescribedintheremainderofthissection.ResultsfortestsuitecoveragepermoduleareprovidedinTable4forfunctionsandblocks.Shadinginthistableindicatesrangesofblockcoverage:redcellsindicateblockcoverageof0-25%;orangecellsindicateblockcoverageof26-50%;yellowcellsindicateblockcoverageof51-75%;andgreencellsindicate76-100%blockcoverage.Moduleswiththelowestcoverageperblockincludethebalance-of-plant(BOP),DEFORM-4,andPLUTO2.ModuleswiththehighestcoverageincludethesevereaccidentmodulesDEFORM-5andPINACLE.WhiletheresultsinTable4areusefultoassistwithidentifyinggapsinthetestsuite,itisimportanttoconsiderotherfactorswhenprioritizingthesegaps.Factorsthatcanaffectgappriorityincludeinput/modelcomplexityorfrequencyofmoduleuse.Forthisexercise,gapsareprioritizedbasedontheirneedformainlogicpathcontrolormodelingoftypicaltransientbehavior,meaninggapsintheMAINandPRIMAR-4modulesareconsideredtobeofhighestpriority.
Table3:TestSuiteCoverageSummaryMetric Covered/Total PercentCoverageFiles 338/548 62%Functions 508/1,018 50%Blocks 32,133/146,277 23%
Table4:FractionalFunctionandBlockCoverageperModuleModule Description Function BlockBOIL Two-phasecoolantthermalhydraulics 0.81 0.35BOP Balance-of-plantsystemsandcomponents 0.00 0.00CNTL Reactorandplantcontrolsystems 0.53 0.33DATA Datamanagement 0.47 0.39DEFORM-4 Oxidefuel/claddingmechanics 0.21 0.10DEFORM-5 Metallicfuel/claddingmechanics 1.00 0.76FPIN2 Pre-cladding-failurefuelrelocation 0.51 0.34LEVITATE Post-cladding-failurefuelrelocation 0.85 0.44MAIN Mainprogram,logicpathcontrol,etc. 0.63 0.41PLUTO2 Post-cladding-failurefuel/coolantinteraction 0.38 0.18PRIMAR-4 Coolantloopsthermalhydraulics 0.77 0.43PINACLE Moltenfuelrelocation 0.91 0.68TSCL Coolantthermalhydraulics 0.73 0.38
Status of the SAS4A/SASSYS-1 Safety Analysis Code June 30, 2017
ANL-ART-97 12
KeygapsinMAINincludelimitedornocoverageinthesubroutinesthatareresponsibleforcallingalternativelogicflowpaths,suchasCHCHFL,REINIT,SSCLM1,orSSNULL.Thesegapscanberesolvedbydevelopingadditionalteststhatincludearestartcalculation,nulltransient,andsubassembly-to-subassemblyheattransfercalculations.InthecaseofgapsofPRIMAR-4,asignificantportionofthesegapscanbeclosedwithadditionalteststhatincludealternativecompressiblevolumesoralternativeheatexchangermodels.Examplesincludeadditionofanannularelement,checkvalve,piperupturesource/sink,compressibleliquidvolumewithoutgas,stratifiedvolume,verticalinlet/outputplenum,detailedsteamgeneratormodel,asimplifiedIHXmodelusinganormalizedtemperaturedrop,andalternativepumptypes.
6 Related Work TwoareasofinternationalcollaborationwillhaveimportantimpactsonfutureSAS4A/SASSYS-1codemaintenanceactivities.InvestmentsincodedevelopmentbytheKoreaAtomicEnergyResearchInstituteandtheJapanAtomicEnergyAgencyhaveledtoimprovementsinfuelfailureandaccidentmodelsformetalandoxidefuel,respectively.ArgonnehasaccesstothesecodedevelopmentsandwillbeworkingtointegratemodelingimprovementsintoSAS4A/SASSYS-1.
ExpectationswerethatKAERIwouldsupporttheintegrationofthemetalfuelmodelingimprovements,whichareofparticularinteresttotheU.S.WiththerecentpolicyshiftinKoreaawayfromnuclearenergy,itisnotclearifthissupportwillmaterialize.
IntegrationoftheoxidefuelmodelingimprovementsisbeingpursuedundertheCivilNuclearEnergyResearchandDevelopmentWorkingGroup(CNWG).Atthetimeofthiswriting,theveryfirsttechnicalexchangesbetweenArgonneandJAEAaretakingplace.
7 Summary Overthelastfewyears,theSAS4A/SASSYS-1safetyanalysiscodehasundergonesignificantrevisionstomodernizecodestructureanddatamanagement.[14,15,16,17]Withthecontinuedimportanceofadvancednon-LWRreactors,thereisalsogrowinginterestinapplyingSAS4A/SASSYS-1toanumberofSFRandLFRconcepts.Intotal,therearetwenty-fourlicenseagreementsinplace,withsixofthemestablishedinthecurrentfiscalyear.ThesafetyanalysiscodecontinuestobeofsignificantimportancetoDOEsponsoredactivitiesaswellastodomesticandinternationalcollaborations.SAS4A/SASSYS-1Version5.2wascompletedinMarch2017andreleasedinMay.
CodemaintenanceactivitiesaregraduallyshiftingintoamoreformalsoftwarequalityassuranceprogramthatisbeingdevelopedundertheRegulatoryTechnologyDevelopmentPlan.Aspartofthisprocess,sourcecodeanddocumentationaremaintainedwithinasoftwareconfigurationmanagementsystemandformalcodechangesaretrackedinanelectronicticketsystemaccordingtopreliminarySQAprocedures.Anevaluationofthecurrenttestsuiterevealsthatthereareimportantgapsthatneedtobeaddressed.AdherencetoanSQAprogramwillhelpensurethatsoftwaredevelopmentanddocumentationactivitiesarecarriedoutinawaythatensurestraceabilityandaccountability.
Status of the SAS4A/SASSYS-1 Safety Analysis Code June 30, 2017
13 ANL-ART-97
8 References 1. T.H.Fanning,A.Brunett,andT.Sumner,eds.,TheSAS4A/SASSYS-1SafetyAnalysis
CodeSystem,ANL/NE-16/19,NuclearEngineeringDivision,ArgonneNationalLaboratory,March31,2017.
2. M.Denmanetal.,“SodiumFastReactorSafetyandLicensingResearchPlan–VolumeI,”SAND2012-4260,SandiaNationalLaboratories,2012.
3. IdahoNationalLaboratory,“AdvancedReactorTechnology–ReactorTechnologyDevelopmentPlan(RTDP),”INL/EXT-14-32837,2015.
4. T.H.Fanning,A.J.Brunett,andG.Zhang,SAS4A/SASSYS-1CodeImprovementsforFY2016,ANL-ART-75,ArgonneNationalLaboratory,September30,2016.
5. AmericanSocietyofMechanicalEngineers,QualityAssuranceRequirementsforNuclearFacilityApplications,ASMENQA-1-2008,2008.
6. AmericanSocietyofMechanicalEngineers,AddendatoASMENQA-1-2008:QualityAssuranceRequirementsforNuclearFacilityApplications,NQA-1a-2009,2009.
7. A.J.Brunett,L.L.Briggs,T.H.Fanning,StatusofSFRCodesandMethodsQAImplementation,ANL-ART-83,ArgonneNationalLaboratory,January31,2017.
8. J.C.Carteretal.,SAS1A,AComputerCodefortheAnalysisofFast-ReactorPowerandFlowTransients,ANL-7607,ArgonneNationalLaboratory,1970.
9. F.E.Dunnetal.,TheSAS2ALMFBRAccident-AnalysisComputerCode,ANL-8138,ArgonneNationalLaboratory,1974.
10. M.G.Stevensonetal.,"CurrentStatusandExperimentalBasisoftheSASLMFBRAccidentAnalysisCodeSystem,"Proc. of the Fast Reactor Safety Meeting,pp.1303–1321,BeverlyHills,CA,1974.
11. G.Birgersson,etal.,TheSAS4ALMFBRAccidentAnalysisCodeSystem,ANL/RAS83-38,Revision2,Volumes1and2,ArgonneNationalLaboratory,February,1988.
12. F.E.Dunn,etal.,TheSASSYS-1LMFBRSystemsAnalysisCode,ANL/RAS84-14,Revision1,ArgonneNationalLaboratory,March,1987.
13. T.H.Fanning,ed.,TheSAS4A/SASSYS-1SafetyAnalysisCodeSystem,ANL/NE-12/4,NuclearEngineeringDivision,ArgonneNationalLaboratory,January31,2012.
14. T.H.Fanning,F.E.Dunn,D.Grabaskas,T.Sumner,andJ.W.Thomas,SAS4A/SASSYS-1Modernization,ANL-ARC-265,ArgonneNationalLaboratory,September20,2013.
15. T.H.Fanning,A.Brunett,T.Sumner,andN.Stauff,SAS4A/SASSYS-1ModernizationandExtension,ANL-ARC-299,ArgonneNationalLaboratory,September26,2014.
16. T.H.Fanning,A.Brunett,T.Sumner,R.Hu,SAS4A/SASSYS-1ModernizationandExtension,ANL-ART-30,Argonne,IL,September30,2015.
17. T.H.Fanning,A.J.Brunett,andG.Zhang,SAS4A/SASSYS-1CodeImprovementsforFY2016,ANL-ART-75,Argonne,IL,September30,2016.
Status of the SAS4A/SASSYS-1 Safety Analysis Code June 30, 2017
ANL-ART-97 14
Status of the SAS4A/SASSYS-1 Safety Analysis Code June 30, 2017
15 ANL-ART-97
Argonne National Laboratory is a U.S. Department of Energy laboratory managed by UChicago Argonne, LLC
Nuclear Engineering Division Argonne National Laboratory 9700 South Cass Avenue, Bldg. 208 Argonne, IL 60439-4842 www.anl.gov