Practical applications of model checking in the Finnish nuclear industry

Antti Pakonen; Topi Tahvonen; Markus Hartikainen; Mikko Pihlanko

Practical applications of model checking in the Finnish nuclear industry

Antti Pakonen
, Topi Tahvonen
, Markus Hartikainen
, Mikko Pihlanko

Research output: Chapter in Book/Report/Conference proceeding › Conference article in proceedings › Scientific › peer-review

29 Citations (Scopus)

Abstract

Model checking is a powerful, formal, computer-assisted verification method that can be used to prove that a model of a (hardware or software) system fulfills stated properties. When used right, model checking can prove the correctness of instrumentation and control (I&C) system application logic, be it a software or a field-programmable gate array (FPGA) based design. The verified properties can also address unwanted functionality, making model checking a very effective method for analyzing spurious actuation. Despite the benefits, model checking is still not widely adopted in the verification of I&C systems, one exception being the Finnish nuclear industry. Since 2008, VTT has applied model checking in practical customer work related to the Olkiluoto 3 EPR, Loviisa 1&2 VVER-440, and Hanhikivi 1 AES-2006 nuclear power plants, on commission from either the regulator or the utilities. In this paper, we look at how the method has been used in each of these three projects. We also introduce a user-friendly, graphical modelling tool called MODCHK. We then present an overall view of the design issues detected during nine years of customer work, and one practical example. The 100% coverage means that the design errors that are found often relate to scenarios that are otherwise hard to account for (e.g., exact timing of events, or improper operator actions).

Original language	English
Title of host publication	10th International Topical Meeting on Nuclear Plant Instrumentation, Control, and Human-Machine Interface Technologies, NPIC and HMIT 2017
Publisher	American Nuclear Society (ANS)
Pages	1342-1352
Volume	2
ISBN (Electronic)	978-0-89448-738-5
ISBN (Print)	978-0-89448-743-9
Publication status	Published - 1 Jan 2017
MoE publication type	A4 Article in a conference publication
Event	10th International Topical Meeting on Nuclear Plant Instrumentation, Control and Human Machine Interface Technologies, NPIC & HMIT 2017 - San Francisco, United States Duration: 11 Jun 2017 → 15 Jun 2017

Conference

Conference	10th International Topical Meeting on Nuclear Plant Instrumentation, Control and Human Machine Interface Technologies, NPIC & HMIT 2017
Abbreviated title	NPIC & HMIT 2017
Country/Territory	United States
City	San Francisco
Period	11/06/17 → 15/06/17

Keywords

model checking
formal verification
I&C software
FPGA

Access to Document

https://publications.vtt.fi/julkaisut/muut/2017/OA-Practical_applications_of_model_checking.pdf

Cite this

Pakonen, A., Tahvonen, T., Hartikainen, M., & Pihlanko, M. (2017). Practical applications of model checking in the Finnish nuclear industry. In 10th International Topical Meeting on Nuclear Plant Instrumentation, Control, and Human-Machine Interface Technologies, NPIC and HMIT 2017 (Vol. 2, pp. 1342-1352). American Nuclear Society (ANS). https://publications.vtt.fi/julkaisut/muut/2017/OA-Practical_applications_of_model_checking.pdf

@inproceedings{23d1ad393fed402ea171aee784f7f5c1,

title = "Practical applications of model checking in the Finnish nuclear industry",

abstract = "Model checking is a powerful, formal, computer-assisted verification method that can be used to prove that a model of a (hardware or software) system fulfills stated properties. When used right, model checking can prove the correctness of instrumentation and control (I\&C) system application logic, be it a software or a field-programmable gate array (FPGA) based design. The verified properties can also address unwanted functionality, making model checking a very effective method for analyzing spurious actuation. Despite the benefits, model checking is still not widely adopted in the verification of I\&C systems, one exception being the Finnish nuclear industry. Since 2008, VTT has applied model checking in practical customer work related to the Olkiluoto 3 EPR, Loviisa 1\&2 VVER-440, and Hanhikivi 1 AES-2006 nuclear power plants, on commission from either the regulator or the utilities. In this paper, we look at how the method has been used in each of these three projects. We also introduce a user-friendly, graphical modelling tool called MODCHK. We then present an overall view of the design issues detected during nine years of customer work, and one practical example. The 100\% coverage means that the design errors that are found often relate to scenarios that are otherwise hard to account for (e.g., exact timing of events, or improper operator actions).",

keywords = "model checking, formal verification, I\&C software, FPGA",

author = "Antti Pakonen and Topi Tahvonen and Markus Hartikainen and Mikko Pihlanko",

note = "Project: 113347 Funding Information: VTT{\textquoteright}s research on model checking has been funded by the Finnish Research Programme on Nuclear Power Plant Safety 2015-2018 (SAFIR2018). The MODCHK tool has been developed by Teemu M{\"a}t{\"a}sniemi of VTT and Janne Kauttio, formerly of VTT. We thank Mika Johansson of STUK for his feedback and comments. Funding Information: VTT's research on model checking has been funded by the Finnish Research Programme on Nuclear Power Plant Safety 2015-2018 (SAFIR2018). The MODCHK tool has been developed by Teemu M{\"a}t{\"a}sniemi of VTT and Janne Kauttio, formerly of VTT. We thank Mika Johansson of STUK for his feedback and comments. Publisher Copyright: {\textcopyright} 10th International Topical Meeting on Nuclear Plant Instrumentation, Control, and Human-Machine Interface Technologies, NPIC and HMIT 2017. All rights reserved. Copyright: Copyright 2018 Elsevier B.V., All rights reserved.; 10th International Topical Meeting on Nuclear Plant Instrumentation, Control and Human Machine Interface Technologies, NPIC \& HMIT 2017, NPIC \& HMIT 2017 ; Conference date: 11-06-2017 Through 15-06-2017",

year = "2017",

month = jan,

day = "1",

language = "English",

isbn = "978-0-89448-743-9",

volume = "2",

pages = "1342--1352",

booktitle = "10th International Topical Meeting on Nuclear Plant Instrumentation, Control, and Human-Machine Interface Technologies, NPIC and HMIT 2017",

publisher = "American Nuclear Society (ANS)",

address = "United States",

}

Pakonen, A, Tahvonen, T, Hartikainen, M & Pihlanko, M 2017, Practical applications of model checking in the Finnish nuclear industry. in 10th International Topical Meeting on Nuclear Plant Instrumentation, Control, and Human-Machine Interface Technologies, NPIC and HMIT 2017. vol. 2, American Nuclear Society (ANS), pp. 1342-1352, 10th International Topical Meeting on Nuclear Plant Instrumentation, Control and Human Machine Interface Technologies, NPIC & HMIT 2017, San Francisco, California, United States, 11/06/17. <https://publications.vtt.fi/julkaisut/muut/2017/OA-Practical_applications_of_model_checking.pdf>

Practical applications of model checking in the Finnish nuclear industry. / Pakonen, Antti; Tahvonen, Topi; Hartikainen, Markus et al.
10th International Topical Meeting on Nuclear Plant Instrumentation, Control, and Human-Machine Interface Technologies, NPIC and HMIT 2017. Vol. 2 American Nuclear Society (ANS), 2017. p. 1342-1352.

Research output: Chapter in Book/Report/Conference proceeding › Conference article in proceedings › Scientific › peer-review

TY - GEN

T1 - Practical applications of model checking in the Finnish nuclear industry

AU - Pakonen, Antti

AU - Tahvonen, Topi

AU - Hartikainen, Markus

AU - Pihlanko, Mikko

N1 - Project: 113347 Funding Information: VTT’s research on model checking has been funded by the Finnish Research Programme on Nuclear Power Plant Safety 2015-2018 (SAFIR2018). The MODCHK tool has been developed by Teemu Mätäsniemi of VTT and Janne Kauttio, formerly of VTT. We thank Mika Johansson of STUK for his feedback and comments. Funding Information: VTT's research on model checking has been funded by the Finnish Research Programme on Nuclear Power Plant Safety 2015-2018 (SAFIR2018). The MODCHK tool has been developed by Teemu Mätäsniemi of VTT and Janne Kauttio, formerly of VTT. We thank Mika Johansson of STUK for his feedback and comments. Publisher Copyright: © 10th International Topical Meeting on Nuclear Plant Instrumentation, Control, and Human-Machine Interface Technologies, NPIC and HMIT 2017. All rights reserved. Copyright: Copyright 2018 Elsevier B.V., All rights reserved.

PY - 2017/1/1

Y1 - 2017/1/1

N2 - Model checking is a powerful, formal, computer-assisted verification method that can be used to prove that a model of a (hardware or software) system fulfills stated properties. When used right, model checking can prove the correctness of instrumentation and control (I&C) system application logic, be it a software or a field-programmable gate array (FPGA) based design. The verified properties can also address unwanted functionality, making model checking a very effective method for analyzing spurious actuation. Despite the benefits, model checking is still not widely adopted in the verification of I&C systems, one exception being the Finnish nuclear industry. Since 2008, VTT has applied model checking in practical customer work related to the Olkiluoto 3 EPR, Loviisa 1&2 VVER-440, and Hanhikivi 1 AES-2006 nuclear power plants, on commission from either the regulator or the utilities. In this paper, we look at how the method has been used in each of these three projects. We also introduce a user-friendly, graphical modelling tool called MODCHK. We then present an overall view of the design issues detected during nine years of customer work, and one practical example. The 100% coverage means that the design errors that are found often relate to scenarios that are otherwise hard to account for (e.g., exact timing of events, or improper operator actions).

AB - Model checking is a powerful, formal, computer-assisted verification method that can be used to prove that a model of a (hardware or software) system fulfills stated properties. When used right, model checking can prove the correctness of instrumentation and control (I&C) system application logic, be it a software or a field-programmable gate array (FPGA) based design. The verified properties can also address unwanted functionality, making model checking a very effective method for analyzing spurious actuation. Despite the benefits, model checking is still not widely adopted in the verification of I&C systems, one exception being the Finnish nuclear industry. Since 2008, VTT has applied model checking in practical customer work related to the Olkiluoto 3 EPR, Loviisa 1&2 VVER-440, and Hanhikivi 1 AES-2006 nuclear power plants, on commission from either the regulator or the utilities. In this paper, we look at how the method has been used in each of these three projects. We also introduce a user-friendly, graphical modelling tool called MODCHK. We then present an overall view of the design issues detected during nine years of customer work, and one practical example. The 100% coverage means that the design errors that are found often relate to scenarios that are otherwise hard to account for (e.g., exact timing of events, or improper operator actions).

KW - model checking

KW - formal verification

KW - I&C software

KW - FPGA

UR - https://www.scopus.com/pages/publications/85046699401

M3 - Conference article in proceedings

SN - 978-0-89448-743-9

VL - 2

SP - 1342

EP - 1352

BT - 10th International Topical Meeting on Nuclear Plant Instrumentation, Control, and Human-Machine Interface Technologies, NPIC and HMIT 2017

PB - American Nuclear Society (ANS)

T2 - 10th International Topical Meeting on Nuclear Plant Instrumentation, Control and Human Machine Interface Technologies, NPIC & HMIT 2017

Y2 - 11 June 2017 through 15 June 2017

ER -

Practical applications of model checking in the Finnish nuclear industry

Abstract

Conference

Keywords

Access to Document

Other files and links

Fingerprint

SAUNA: Integrated safety assessment and justification of nuclear power plant automation

Cite this

Practical applications of model checking in the Finnish nuclear industry

Abstract

Conference

Keywords

Access to Document

Other files and links

Fingerprint

Projects

SAUNA: Integrated safety assessment and justification of nuclear power plant automation

Cite this