Practical applications of model checking in the Finnish nuclear industry

Antti Pakonen, Topi Tahvonen, Markus Hartikainen, Mikko Pihlanko

    Research output: Chapter in Book/Report/Conference proceedingConference article in proceedingsScientificpeer-review

    7 Citations (Scopus)

    Abstract

    Model checking is a powerful, formal, computer-assisted verification method that can be used to prove that a model of a (hardware or software) system fulfills stated properties. When used right, model checking can prove the correctness of instrumentation and control (I&C) system application logic, be it a software or a field-programmable gate array (FPGA) based design. The verified properties can also address unwanted functionality, making model checking a very effective method for analyzing spurious actuation. Despite the benefits, model checking is still not widely adopted in the verification of I&C systems, one exception being the Finnish nuclear industry. Since 2008, VTT has applied model checking in practical customer work related to the Olkiluoto 3 EPR, Loviisa 1&2 VVER-440, and Hanhikivi 1 AES-2006 nuclear power plants, on commission from either the regulator or the utilities. In this paper, we look at how the method has been used in each of these three projects. We also introduce a user-friendly, graphical modelling tool called MODCHK. We then present an overall view of the design issues detected during nine years of customer work, and one practical example. The 100% coverage means that the design errors that are found often relate to scenarios that are otherwise hard to account for (e.g., exact timing of events, or improper operator actions).
    Original languageEnglish
    Title of host publication10th International Topical Meeting on Nuclear Plant Instrumentation, Control, and Human-Machine Interface Technologies, NPIC and HMIT 2017
    PublisherAmerican Nuclear Society ANS
    Pages1342-1352
    Number of pages11
    Volume2
    ISBN (Electronic)978-0-89448-738-5
    ISBN (Print)978-0-89448-743-9
    Publication statusPublished - 1 Jan 2017
    MoE publication typeA4 Article in a conference publication
    Event10th International Topical Meeting on Nuclear Plant Instrumentation, Control and Human Machine Interface Technologies, NPIC & HMIT 2017 - San Francisco, United States
    Duration: 11 Jun 201715 Jun 2017

    Conference

    Conference10th International Topical Meeting on Nuclear Plant Instrumentation, Control and Human Machine Interface Technologies, NPIC & HMIT 2017
    Abbreviated titleNPIC & HMIT 2017
    CountryUnited States
    CitySan Francisco
    Period11/06/1715/06/17

    Fingerprint

    Nuclear industry
    Model checking
    Nuclear power plants
    Paramagnetic resonance
    Field programmable gate arrays (FPGA)
    Hardware

    Keywords

    • model checking
    • formal verification
    • I&C software
    • FPGA

    Cite this

    Pakonen, A., Tahvonen, T., Hartikainen, M., & Pihlanko, M. (2017). Practical applications of model checking in the Finnish nuclear industry. In 10th International Topical Meeting on Nuclear Plant Instrumentation, Control, and Human-Machine Interface Technologies, NPIC and HMIT 2017 (Vol. 2, pp. 1342-1352). American Nuclear Society ANS.
    Pakonen, Antti ; Tahvonen, Topi ; Hartikainen, Markus ; Pihlanko, Mikko. / Practical applications of model checking in the Finnish nuclear industry. 10th International Topical Meeting on Nuclear Plant Instrumentation, Control, and Human-Machine Interface Technologies, NPIC and HMIT 2017. Vol. 2 American Nuclear Society ANS, 2017. pp. 1342-1352
    @inproceedings{23d1ad393fed402ea171aee784f7f5c1,
    title = "Practical applications of model checking in the Finnish nuclear industry",
    abstract = "Model checking is a powerful, formal, computer-assisted verification method that can be used to prove that a model of a (hardware or software) system fulfills stated properties. When used right, model checking can prove the correctness of instrumentation and control (I&C) system application logic, be it a software or a field-programmable gate array (FPGA) based design. The verified properties can also address unwanted functionality, making model checking a very effective method for analyzing spurious actuation. Despite the benefits, model checking is still not widely adopted in the verification of I&C systems, one exception being the Finnish nuclear industry. Since 2008, VTT has applied model checking in practical customer work related to the Olkiluoto 3 EPR, Loviisa 1&2 VVER-440, and Hanhikivi 1 AES-2006 nuclear power plants, on commission from either the regulator or the utilities. In this paper, we look at how the method has been used in each of these three projects. We also introduce a user-friendly, graphical modelling tool called MODCHK. We then present an overall view of the design issues detected during nine years of customer work, and one practical example. The 100{\%} coverage means that the design errors that are found often relate to scenarios that are otherwise hard to account for (e.g., exact timing of events, or improper operator actions).",
    keywords = "model checking, formal verification, I&C software, FPGA",
    author = "Antti Pakonen and Topi Tahvonen and Markus Hartikainen and Mikko Pihlanko",
    note = "Project: 113347",
    year = "2017",
    month = "1",
    day = "1",
    language = "English",
    isbn = "978-0-89448-743-9",
    volume = "2",
    pages = "1342--1352",
    booktitle = "10th International Topical Meeting on Nuclear Plant Instrumentation, Control, and Human-Machine Interface Technologies, NPIC and HMIT 2017",
    publisher = "American Nuclear Society ANS",
    address = "United States",

    }

    Pakonen, A, Tahvonen, T, Hartikainen, M & Pihlanko, M 2017, Practical applications of model checking in the Finnish nuclear industry. in 10th International Topical Meeting on Nuclear Plant Instrumentation, Control, and Human-Machine Interface Technologies, NPIC and HMIT 2017. vol. 2, American Nuclear Society ANS, pp. 1342-1352, 10th International Topical Meeting on Nuclear Plant Instrumentation, Control and Human Machine Interface Technologies, NPIC & HMIT 2017, San Francisco, United States, 11/06/17.

    Practical applications of model checking in the Finnish nuclear industry. / Pakonen, Antti; Tahvonen, Topi; Hartikainen, Markus; Pihlanko, Mikko.

    10th International Topical Meeting on Nuclear Plant Instrumentation, Control, and Human-Machine Interface Technologies, NPIC and HMIT 2017. Vol. 2 American Nuclear Society ANS, 2017. p. 1342-1352.

    Research output: Chapter in Book/Report/Conference proceedingConference article in proceedingsScientificpeer-review

    TY - GEN

    T1 - Practical applications of model checking in the Finnish nuclear industry

    AU - Pakonen, Antti

    AU - Tahvonen, Topi

    AU - Hartikainen, Markus

    AU - Pihlanko, Mikko

    N1 - Project: 113347

    PY - 2017/1/1

    Y1 - 2017/1/1

    N2 - Model checking is a powerful, formal, computer-assisted verification method that can be used to prove that a model of a (hardware or software) system fulfills stated properties. When used right, model checking can prove the correctness of instrumentation and control (I&C) system application logic, be it a software or a field-programmable gate array (FPGA) based design. The verified properties can also address unwanted functionality, making model checking a very effective method for analyzing spurious actuation. Despite the benefits, model checking is still not widely adopted in the verification of I&C systems, one exception being the Finnish nuclear industry. Since 2008, VTT has applied model checking in practical customer work related to the Olkiluoto 3 EPR, Loviisa 1&2 VVER-440, and Hanhikivi 1 AES-2006 nuclear power plants, on commission from either the regulator or the utilities. In this paper, we look at how the method has been used in each of these three projects. We also introduce a user-friendly, graphical modelling tool called MODCHK. We then present an overall view of the design issues detected during nine years of customer work, and one practical example. The 100% coverage means that the design errors that are found often relate to scenarios that are otherwise hard to account for (e.g., exact timing of events, or improper operator actions).

    AB - Model checking is a powerful, formal, computer-assisted verification method that can be used to prove that a model of a (hardware or software) system fulfills stated properties. When used right, model checking can prove the correctness of instrumentation and control (I&C) system application logic, be it a software or a field-programmable gate array (FPGA) based design. The verified properties can also address unwanted functionality, making model checking a very effective method for analyzing spurious actuation. Despite the benefits, model checking is still not widely adopted in the verification of I&C systems, one exception being the Finnish nuclear industry. Since 2008, VTT has applied model checking in practical customer work related to the Olkiluoto 3 EPR, Loviisa 1&2 VVER-440, and Hanhikivi 1 AES-2006 nuclear power plants, on commission from either the regulator or the utilities. In this paper, we look at how the method has been used in each of these three projects. We also introduce a user-friendly, graphical modelling tool called MODCHK. We then present an overall view of the design issues detected during nine years of customer work, and one practical example. The 100% coverage means that the design errors that are found often relate to scenarios that are otherwise hard to account for (e.g., exact timing of events, or improper operator actions).

    KW - model checking

    KW - formal verification

    KW - I&C software

    KW - FPGA

    UR - http://www.scopus.com/inward/record.url?scp=85046699401&partnerID=8YFLogxK

    M3 - Conference article in proceedings

    SN - 978-0-89448-743-9

    VL - 2

    SP - 1342

    EP - 1352

    BT - 10th International Topical Meeting on Nuclear Plant Instrumentation, Control, and Human-Machine Interface Technologies, NPIC and HMIT 2017

    PB - American Nuclear Society ANS

    ER -

    Pakonen A, Tahvonen T, Hartikainen M, Pihlanko M. Practical applications of model checking in the Finnish nuclear industry. In 10th International Topical Meeting on Nuclear Plant Instrumentation, Control, and Human-Machine Interface Technologies, NPIC and HMIT 2017. Vol. 2. American Nuclear Society ANS. 2017. p. 1342-1352