Model-Based Analysis of a Stepwise Shutdown Logic.

MODSAFE 2008 Work Report

Kim Björkman, Juho Frits, Janne Valkonen, Keijo Heljanko, Ilkka Niemelä

Research output: Book/ReportReportProfessional

Abstract

Modern digitalized Instrumentation & Control (I&C) systems set new challenges for safety evaluation. Model checking is a promising formal method that can be used for verifying the correctness of system designs. A number of efficient model checking systems are available offering analysis tools that are able to determine automatically whether a given state machine model satisfies the desired safety properties. Model checking can also handle delays and other time-related operations, which are crucial in safety I&C systems and are challenging to design and verify. Two types of model checking approaches are studied to verify safety logic designs involving timing aspects. The first approach uses timed automata as the modelling framework and the other employs finite state machines typically used in verifying hardware. The approaches are compared using two similar designs of a safety logic demonstrating how small changes in the design can lead to unexpected errors that are hard to detect without using model checking techniques. A straightforward approach to modelling such designs using timed automata and finite state machines is developed and the performance of the model checking tools when verifying the safety requirements of the designs is studied. A safety case is a way of presenting a clear, defensible argument that a system is adequately safe to operate in its intended environment. Two safety case notations are compared and an exploratory safety case structure developed to test the methodology in practice and see how it suits for documenting the results of model checking.
Original languageEnglish
Place of PublicationEspoo
PublisherVTT Technical Research Centre of Finland
Number of pages41
ISBN (Electronic)978-951-38-7176-5
Publication statusPublished - 2009
MoE publication typeNot Eligible

Publication series

NameVTT Working Papers
PublisherVTT
No.115
ISSN (Electronic)1459-7683

Fingerprint

Model checking
Finite automata
Logic design
Formal methods
Systems analysis
Hardware

Keywords

  • safety evaluation
  • model checking
  • automation system
  • I&C
  • safety case
  • failure
  • NuSMV
  • UPPAAL

Cite this

Björkman, K., Frits, J., Valkonen, J., Heljanko, K., & Niemelä, I. (2009). Model-Based Analysis of a Stepwise Shutdown Logic. MODSAFE 2008 Work Report. Espoo: VTT Technical Research Centre of Finland. VTT Working Papers, No. 115
Björkman, Kim ; Frits, Juho ; Valkonen, Janne ; Heljanko, Keijo ; Niemelä, Ilkka. / Model-Based Analysis of a Stepwise Shutdown Logic. MODSAFE 2008 Work Report. Espoo : VTT Technical Research Centre of Finland, 2009. 41 p. (VTT Working Papers; No. 115).
@book{94ff762b28ae411c9ddbb1c983a191d5,
title = "Model-Based Analysis of a Stepwise Shutdown Logic.: MODSAFE 2008 Work Report",
abstract = "Modern digitalized Instrumentation & Control (I&C) systems set new challenges for safety evaluation. Model checking is a promising formal method that can be used for verifying the correctness of system designs. A number of efficient model checking systems are available offering analysis tools that are able to determine automatically whether a given state machine model satisfies the desired safety properties. Model checking can also handle delays and other time-related operations, which are crucial in safety I&C systems and are challenging to design and verify. Two types of model checking approaches are studied to verify safety logic designs involving timing aspects. The first approach uses timed automata as the modelling framework and the other employs finite state machines typically used in verifying hardware. The approaches are compared using two similar designs of a safety logic demonstrating how small changes in the design can lead to unexpected errors that are hard to detect without using model checking techniques. A straightforward approach to modelling such designs using timed automata and finite state machines is developed and the performance of the model checking tools when verifying the safety requirements of the designs is studied. A safety case is a way of presenting a clear, defensible argument that a system is adequately safe to operate in its intended environment. Two safety case notations are compared and an exploratory safety case structure developed to test the methodology in practice and see how it suits for documenting the results of model checking.",
keywords = "safety evaluation, model checking, automation system, I&C, safety case, failure, NuSMV, UPPAAL",
author = "Kim Bj{\"o}rkman and Juho Frits and Janne Valkonen and Keijo Heljanko and Ilkka Niemel{\"a}",
note = "Project code: 23743",
year = "2009",
language = "English",
series = "VTT Working Papers",
publisher = "VTT Technical Research Centre of Finland",
number = "115",
address = "Finland",

}

Björkman, K, Frits, J, Valkonen, J, Heljanko, K & Niemelä, I 2009, Model-Based Analysis of a Stepwise Shutdown Logic. MODSAFE 2008 Work Report. VTT Working Papers, no. 115, VTT Technical Research Centre of Finland, Espoo.

Model-Based Analysis of a Stepwise Shutdown Logic. MODSAFE 2008 Work Report. / Björkman, Kim; Frits, Juho; Valkonen, Janne; Heljanko, Keijo; Niemelä, Ilkka.

Espoo : VTT Technical Research Centre of Finland, 2009. 41 p. (VTT Working Papers; No. 115).

Research output: Book/ReportReportProfessional

TY - BOOK

T1 - Model-Based Analysis of a Stepwise Shutdown Logic.

T2 - MODSAFE 2008 Work Report

AU - Björkman, Kim

AU - Frits, Juho

AU - Valkonen, Janne

AU - Heljanko, Keijo

AU - Niemelä, Ilkka

N1 - Project code: 23743

PY - 2009

Y1 - 2009

N2 - Modern digitalized Instrumentation & Control (I&C) systems set new challenges for safety evaluation. Model checking is a promising formal method that can be used for verifying the correctness of system designs. A number of efficient model checking systems are available offering analysis tools that are able to determine automatically whether a given state machine model satisfies the desired safety properties. Model checking can also handle delays and other time-related operations, which are crucial in safety I&C systems and are challenging to design and verify. Two types of model checking approaches are studied to verify safety logic designs involving timing aspects. The first approach uses timed automata as the modelling framework and the other employs finite state machines typically used in verifying hardware. The approaches are compared using two similar designs of a safety logic demonstrating how small changes in the design can lead to unexpected errors that are hard to detect without using model checking techniques. A straightforward approach to modelling such designs using timed automata and finite state machines is developed and the performance of the model checking tools when verifying the safety requirements of the designs is studied. A safety case is a way of presenting a clear, defensible argument that a system is adequately safe to operate in its intended environment. Two safety case notations are compared and an exploratory safety case structure developed to test the methodology in practice and see how it suits for documenting the results of model checking.

AB - Modern digitalized Instrumentation & Control (I&C) systems set new challenges for safety evaluation. Model checking is a promising formal method that can be used for verifying the correctness of system designs. A number of efficient model checking systems are available offering analysis tools that are able to determine automatically whether a given state machine model satisfies the desired safety properties. Model checking can also handle delays and other time-related operations, which are crucial in safety I&C systems and are challenging to design and verify. Two types of model checking approaches are studied to verify safety logic designs involving timing aspects. The first approach uses timed automata as the modelling framework and the other employs finite state machines typically used in verifying hardware. The approaches are compared using two similar designs of a safety logic demonstrating how small changes in the design can lead to unexpected errors that are hard to detect without using model checking techniques. A straightforward approach to modelling such designs using timed automata and finite state machines is developed and the performance of the model checking tools when verifying the safety requirements of the designs is studied. A safety case is a way of presenting a clear, defensible argument that a system is adequately safe to operate in its intended environment. Two safety case notations are compared and an exploratory safety case structure developed to test the methodology in practice and see how it suits for documenting the results of model checking.

KW - safety evaluation

KW - model checking

KW - automation system

KW - I&C

KW - safety case

KW - failure

KW - NuSMV

KW - UPPAAL

M3 - Report

T3 - VTT Working Papers

BT - Model-Based Analysis of a Stepwise Shutdown Logic.

PB - VTT Technical Research Centre of Finland

CY - Espoo

ER -

Björkman K, Frits J, Valkonen J, Heljanko K, Niemelä I. Model-Based Analysis of a Stepwise Shutdown Logic. MODSAFE 2008 Work Report. Espoo: VTT Technical Research Centre of Finland, 2009. 41 p. (VTT Working Papers; No. 115).