EH-89-8 Errors in Commercial Software Increase Potential for Process Piping Failures


EH-89-8 Errors in Commercial Software Increase Potential for Process Piping Failures
                          ENVIRONMENT, SAFETY & HEALTH

                                   BULLETIN

Assistant Secretary for                              U.S. Department of Energy
Environment, Safety, & Health                        Washington, D.C. 20585

DOE/EH-0120                      Issue No. 89-8                  November 1989

Errors in Commercial Software Increase Potential for Process Piping Failures

Recent routine verification of computer calculated piping stresses revealed
significant errors inherent to one manufacturer's preverified computer
software.  The software, AutoPIPE, manufactured and sold by Engineering Design
Automation, EDA, was found to have omitted the gravitational components of
occasional piping stress in certain versions or revisions.  The error was
brought to the manufacturer's attention and within two weeks Errata were
prepared and distributed to users of the software who elected to acquire the
quality assurance option at the time of software purchase.

Background

In late July 1989, a series of routine hand calculations performed to verify
the results of a computer generated piping stress analysis revealed that the
occasional combined stresses, comprised of pressure, vibration, wind and
gravitational (dead weight of pipe and fluid) stresses, for a particular
piping system were understated.  Further investigation identified that all
gravitational stresses had been omitted from the analysis although adequate
information had been entered when initiating the program.

The manufacturer was notified immediately and subsequent analysis determined
that gravitational stress components had been omitted for all ANSI B31.3,
B31.4, and B31.8 piping in AutoPIPE software versions 4.10 through 4.15.
Errata were published and distributed by EDA in mid-August 1989 to those
software owners who elected to purchase the NQA-1 quality assurance option
along with their version of the program.  A new version of the software,
AutoPIPE version 4.25, has corrected this error.

Precautions

Although AutoPIPE 4.25 had been corrected for gravitational stresses, another
error was introduced in the response spectra analysis.  As a result of this
error finding, all systems that were design-aided by the noted versions of
AutoPIPE for the listed ANSI piping codes must be verified to be safe by
utilizing independent means.

Owners/users of AutoPIPE version 4.10 through 4.15 are urged to review piping
designs using the ANSI B31.3, B31.4 and B31.8 software applications.  Verify
that true occasional stresses in the piping do not exceed the limiting values
given in the respective piping codes.

Owners/users of AutoPIPE version 4.25 are urged to use caution in obtaining
and using the results of seismic analysis as computed by the software.  Refer
to the error data provided by EDA for specific recommendations.

Owners/users of AutoPIPE software should obtain copies of Errata for their
particular version of the program by contacting EDA, Berkeley, California at
the earliest possible date.

Recommendations

o  All users of manufacturer-verified computer software should perform several
   independent verification calculations when first utilizing new software to
   determine its accuracy. Independent calculations may be performed by hand
   or by utilizing other independent preverified (and checked) computer
   programs.

o  All buyers of preverified computer software should purchase or otherwise
   obtain agreement from the manufacturer to receive Errata as it becomes
   available.

o  If errors in software are found, all work performed with the software that
   could be affected must be thoroughly checked for error and the appropriate
   corrective action taken if error is found.

o  Notify the software manufacturer of errors.  Notify other software user
   groups within your department, any contractors you know who may use
   AutoPIPE and DOE Headquarters, Office of Environmental Health and Safety,
   that the software results may be invalid.

o  Maintain qualification records and Errata for software versions.  Allow
   only properly trained personnel who are thoroughly familiar with software
   program limitations to use the software to perform critical work and keep
   these users updated on changes and errors in the software.



------------------------------------------------------------------------------
This publication is one of several series of bulletins published so that DOE
program managers and contractors can share information about potential
occupational safety problems relevant to DOE operations.  For more information
or additional copies, contact Eleanor Crampton, Performance Evaluation
Division, Office of Safety Compliance, Assistant Secretary for Environment,
Safety & Health, U.S. Department of Energy, Washington, DC 20545; telephone
FTS 233-3294, Commercial (301) 353-3294.
------------------------------------------------------------------------------