Information Notice No. 96-29: Requirements in 10 CFR Part 21 for Reporting and Evaluating Software Errors

                                 UNITED STATES
                         NUCLEAR REGULATORY COMMISSION
                         WASHINGTON, D.C.  20555-0001

                                 May 20, 1996

                               AND EVALUATING SOFTWARE ERRORS


All holders of operating licensees or construction permits for nuclear power


The U.S. Nuclear Regulatory Commission (NRC) is issuing this information
notice to alert addressees to the inability of a computer code supplier to
contact all of its customers regarding software errors that could be
significant to safety.  It is expected that recipients will review the
information for applicability to their facilities and consider actions, as
appropriate, to avoid potential problems.  However, suggestions contained in
this information notice are not NRC requirements; therefore, no specific
action or written response is required.

Description of Circumstances

Boeing Computer Services (BCS) has submitted numerous 10 CFR Part 21
notifications to the NRC identifying errors in the ANSYS and GTSTRUDL finite
element analysis computer programs supplied by BCS to the nuclear industry. 
BCS supplied these computer programs to architect-engineering firms,
consultants, and licensees of nuclear power plants, but was not aware of the
specific applications of the software or the potential safety significance of
the end results.  Because BCS was unable to evaluate the potential safety
significance of these errors, BCS forwarded the information to its customers
for evaluation in accordance with the notification requirements of 10 CFR
Part 21.  This information was also sent to the NRC.  Several examples of the
types of errors are described briefly in Attachment 1.

The notifications involved more than 150 errors accumulated since 1992.  The
NRC staff reviewed the information about the software errors and found that
many of them were minor and were limited to particular subroutines and
functions.  The staff also found, however, that some of the errors could be
significant to safety because of potentially inaccurate engineering analyses
and design computations (i.e., structural, piping, material, stress, thermal,
fluid, containment integrity, and other such engineering analyses and
computations).  The staff could not determine the actual safety significance
of the errors because it lacked sufficient information regarding (1) whether
any nuclear licensees actually used the computer programs containing the
errors, (2) which specific safety-related structures, systems, and components
were analyzed using the computer programs, and (3) to what extent licensee use

9605150209.                                                            IN 96-29
                                                            May 20, 1996
                                                            Page 2 of 3

of the affected programs would have contributed to incorrect analysis or
design outcomes that would have affected plant safety.

BCS could not reach several of its affected customers.  Therefore, those
customers could not evaluate the errors for safety significance as required by
10 CFR Part 21.  As a partial corrective measure, the NRC issued a letter on
December 16, 1993, (Accession Number 9401030217), to each of BCS' affected
customers requesting a summary of their evaluations and responses to the error
notices to assess their safety significance and potential generic
implications.  Twenty of BCS' customers responded and indicated, in general,
that their evaluations had concluded that there was no significant safety
impact on past or present work due to the software errors, thereby precluding
the need for Part 21 reporting to the NRC.  Their responsibilities under
Part 21 were, therefore, considered to be complete.

However, according to a March 5, 1996, letter from BCS to the NRC (Accession
Number 9603120351), six affected customers could not be contacted and the
concern remains that there may be some instances in which the errors have not
been evaluated for safety significance.  The six customers were

      . Echo Energy Consultants, Oakland, California
      . Tenera Engineering Services, Berkeley, California
      . Nuclear Applications and Systems Analysis Company, Tokyo, Japan
      . Nuclear Power Services, Secaucus, New Jersey
      . Reactor Controls, San Jose, California
      . Gibbs and Hill, Inc., New York, New York


Errors in computer codes used in safety-related applications are subject to
evaluation as deviations in basic components to determine their reportability
as defects pursuant to the provisions of 10 CFR Part 21.  Part 21 requires
that suppliers of basic components, or services associated with basic com-
ponents, evaluate deviations or notify the customers if the supplier does not
have the capability to perform the evaluation.  Deviations must be evaluated
for potential safety significance to determine whether the deviation could
create a substantial safety hazard and thus be classified as a defect.  In
many cases, suppliers of basic components do not have sufficient information
to perform an adequate evaluation because they do not know the particular use
or safety function as installed in nuclear plant applications.  The intent of
10 CFR Part 21 is to ensure that users of basic components are made aware of
any potential defects that could create a substantial safety hazard.  There-
fore, licensees that procured computer code services from the six BCS cus-
tomers that could not be contacted may wish to identify themselves to BCS for
placement on the BCS service list in order to receive future error notices
directly from BCS.

Information Notice 85-52:  "Errors in Dose Assessment Computer Codes and  
Reporting Requirements under 10 CFR Part 21" is a related generic
communication..                                                            IN 96-29
                                                            May 20, 1996
                                                            Page 3 of 3

This information notice requires no specific action or written response.  If
you have any questions about the information in this notice, please contact
one of the technical contacts listed below or the appropriate Office of
Nuclear Reactor Regulation (NRR) project manager.

                                       signed by

                                    Brian K. Grimes, Acting Director
                                    Division of Reactor Program Management
                                    Office of Nuclear Reactor Regulation

Technical contacts:  Walter P. Haass, NRR
                     (301) 415-3219

                     Egan Y. Wang, NRR
                     (301) 415-1076

1.  Examples of Error Notifications for 
      ANSYS and GTSTRUDL Computer Codes
2.  List of Recently Issued NRC Information Notices

.                                                            Attachment 1
                                                            IN 96-29
                                                            May 20, 1996
                                                            Page 1 of 1

                     Examples of Error Notifications for 
                       ANSYS and GTSTRUDL Computer Codes

1.  ANSYS Class 3 Error Report 95-11, March 30, 1995

    Description of error:

        In POST1, the reaction solution (PRRSOL command) will be incorrect for
        the master node of a coupled set unless all of the set's slave nodes
        are selected.

    First incorrect version(s):  Rev. 5.0
                                 Component products Rev. 5.0A
    Corrected in:  Rev. 5.2
                   Component product Rev. 5.2

2.  ANSYS Class 3 Error Report 95-01, February 6, 1995

    Description of error: 

    (1) The command "SBCDELE.APSF" deletes edge pressure from associated
        elements in addition to the expected normal pressures.

    (2) The command "SBCDELE.KT" deletes keypoint temperature specifications,
        but not fluences.

    (3) The command "SBCLIST.KT" does not list specified keypoint fluences
        where no keypoint temperature is specified.

3.  Georgia Institute of Technology GTICES Program Report Form No. 95.03,
    February 16, 1995

    Description of error: 

        GTModeler aborts when adding a FZ restraint using plane mode in Edit
        Joints following the creation of a PZ loading on an element in the XY

    Severity Level:  Urgent

    Affected version(s):  all previous and including 94.01

4.  Georgia Institute of Technology GTICES Program Report Form No. 95.04,
    February 27, 1995

    Description of error:

        The contents of a joint/member/load group are incorrectly altered when
        joint/member/loads contained in the group are deleted (DELETIONS mode)
        and new joint/members/loads are created.

Severity Level:    Minor


Page Last Reviewed/Updated Thursday, March 25, 2021