Verification of automated changeover swithcing unit by model checking

    Research output: Chapter in Book/Report/Conference proceedingConference article in proceedingsScientificpeer-review

    2 Citations (Scopus)

    Abstract

    Along with new NPP designs and modernization projects of ageing NPPs there is an ongoing transition from analogue to digital technology in I&C systems. Programmable digital logic controllers enable more complicated control tasks and, thus, exhaustive verification of such systems by traditional methods is a difficult task. This difficulty is emphasized in cases where digitally implemented systems are combined with old analogue systems. Model checking is a computer-aided method developed for formal verification of correct functioning of a system design by examining all possible behaviors of a model of the system. This paper examines the use of model checking for the verification of a changeover switching unit for a busbar and also summarizes past experiences of utilizing model checking in verification of I&C logic designs. The switching unit is composed of an analogue control logic and a digital malfunction protection relay. The system was analyzed using the NuSMV model checking tool tailored for analysis of systems with a large number of inputs. The case study of this paper expands a series of studies on the applicability of model checking for the verification of NPP automation systems by introducing the problem of state space explosion caused by timing properties. Previous case studies have clearly demonstrated the benefits of model checking in the verification and licensing of digital automation. The analysis of the switching unit demonstrated that model checking is also useful in the verification of I&C systems combining analogue and digital technology, regardless some limitations of the NuSMV tool.
    Original languageEnglish
    Title of host publicationProceedings of 7th International Topical Meeting on Nuclear Plant Instrumentation, Control and Human-Machine Interface Technologies, NPIC & HMIT 2010
    Place of PublicationLaGrange, Park, Illinois
    PublisherAmerican Nuclear Society ANS
    Pages1719-1728
    Volume3
    ISBN (Electronic)978-0-8944-8084-3
    ISBN (Print)978-1-6178-2266-7
    Publication statusPublished - 2010
    MoE publication typeA4 Article in a conference publication
    Event7th International Topical Meeting on Nuclear Plant Instrumentation, Control and Human-Machine Interface Technologies, NPIC-HMIT 2010 - Las Vegas, Nevada, United States
    Duration: 7 Nov 201011 Nov 2010

    Conference

    Conference7th International Topical Meeting on Nuclear Plant Instrumentation, Control and Human-Machine Interface Technologies, NPIC-HMIT 2010
    Abbreviated titleNPIC-HMIT 2010
    CountryUnited States
    CityLas Vegas, Nevada
    Period7/11/1011/11/10

    Fingerprint

    Model checking
    Automation
    Busbars
    Logic design
    Relay protection
    Modernization
    Explosions
    Aging of materials
    Systems analysis
    Controllers

    Keywords

    • safety logic
    • model checking
    • verification
    • changeover switching unit

    Cite this

    Björkman, K., Valkonen, J., & Ranta, J. (2010). Verification of automated changeover swithcing unit by model checking. In Proceedings of 7th International Topical Meeting on Nuclear Plant Instrumentation, Control and Human-Machine Interface Technologies, NPIC & HMIT 2010 (Vol. 3, pp. 1719-1728). LaGrange, Park, Illinois: American Nuclear Society ANS.
    Björkman, Kim ; Valkonen, Janne ; Ranta, Jukka. / Verification of automated changeover swithcing unit by model checking. Proceedings of 7th International Topical Meeting on Nuclear Plant Instrumentation, Control and Human-Machine Interface Technologies, NPIC & HMIT 2010. Vol. 3 LaGrange, Park, Illinois : American Nuclear Society ANS, 2010. pp. 1719-1728
    @inproceedings{ab50412a55504ba8a62f4a90ff75cc86,
    title = "Verification of automated changeover swithcing unit by model checking",
    abstract = "Along with new NPP designs and modernization projects of ageing NPPs there is an ongoing transition from analogue to digital technology in I&C systems. Programmable digital logic controllers enable more complicated control tasks and, thus, exhaustive verification of such systems by traditional methods is a difficult task. This difficulty is emphasized in cases where digitally implemented systems are combined with old analogue systems. Model checking is a computer-aided method developed for formal verification of correct functioning of a system design by examining all possible behaviors of a model of the system. This paper examines the use of model checking for the verification of a changeover switching unit for a busbar and also summarizes past experiences of utilizing model checking in verification of I&C logic designs. The switching unit is composed of an analogue control logic and a digital malfunction protection relay. The system was analyzed using the NuSMV model checking tool tailored for analysis of systems with a large number of inputs. The case study of this paper expands a series of studies on the applicability of model checking for the verification of NPP automation systems by introducing the problem of state space explosion caused by timing properties. Previous case studies have clearly demonstrated the benefits of model checking in the verification and licensing of digital automation. The analysis of the switching unit demonstrated that model checking is also useful in the verification of I&C systems combining analogue and digital technology, regardless some limitations of the NuSMV tool.",
    keywords = "safety logic, model checking, verification, changeover switching unit",
    author = "Kim Bj{\"o}rkman and Janne Valkonen and Jukka Ranta",
    note = "Project code: 41251",
    year = "2010",
    language = "English",
    isbn = "978-1-6178-2266-7",
    volume = "3",
    pages = "1719--1728",
    booktitle = "Proceedings of 7th International Topical Meeting on Nuclear Plant Instrumentation, Control and Human-Machine Interface Technologies, NPIC & HMIT 2010",
    publisher = "American Nuclear Society ANS",
    address = "United States",

    }

    Björkman, K, Valkonen, J & Ranta, J 2010, Verification of automated changeover swithcing unit by model checking. in Proceedings of 7th International Topical Meeting on Nuclear Plant Instrumentation, Control and Human-Machine Interface Technologies, NPIC & HMIT 2010. vol. 3, American Nuclear Society ANS, LaGrange, Park, Illinois, pp. 1719-1728, 7th International Topical Meeting on Nuclear Plant Instrumentation, Control and Human-Machine Interface Technologies, NPIC-HMIT 2010, Las Vegas, Nevada, United States, 7/11/10.

    Verification of automated changeover swithcing unit by model checking. / Björkman, Kim; Valkonen, Janne; Ranta, Jukka.

    Proceedings of 7th International Topical Meeting on Nuclear Plant Instrumentation, Control and Human-Machine Interface Technologies, NPIC & HMIT 2010. Vol. 3 LaGrange, Park, Illinois : American Nuclear Society ANS, 2010. p. 1719-1728.

    Research output: Chapter in Book/Report/Conference proceedingConference article in proceedingsScientificpeer-review

    TY - GEN

    T1 - Verification of automated changeover swithcing unit by model checking

    AU - Björkman, Kim

    AU - Valkonen, Janne

    AU - Ranta, Jukka

    N1 - Project code: 41251

    PY - 2010

    Y1 - 2010

    N2 - Along with new NPP designs and modernization projects of ageing NPPs there is an ongoing transition from analogue to digital technology in I&C systems. Programmable digital logic controllers enable more complicated control tasks and, thus, exhaustive verification of such systems by traditional methods is a difficult task. This difficulty is emphasized in cases where digitally implemented systems are combined with old analogue systems. Model checking is a computer-aided method developed for formal verification of correct functioning of a system design by examining all possible behaviors of a model of the system. This paper examines the use of model checking for the verification of a changeover switching unit for a busbar and also summarizes past experiences of utilizing model checking in verification of I&C logic designs. The switching unit is composed of an analogue control logic and a digital malfunction protection relay. The system was analyzed using the NuSMV model checking tool tailored for analysis of systems with a large number of inputs. The case study of this paper expands a series of studies on the applicability of model checking for the verification of NPP automation systems by introducing the problem of state space explosion caused by timing properties. Previous case studies have clearly demonstrated the benefits of model checking in the verification and licensing of digital automation. The analysis of the switching unit demonstrated that model checking is also useful in the verification of I&C systems combining analogue and digital technology, regardless some limitations of the NuSMV tool.

    AB - Along with new NPP designs and modernization projects of ageing NPPs there is an ongoing transition from analogue to digital technology in I&C systems. Programmable digital logic controllers enable more complicated control tasks and, thus, exhaustive verification of such systems by traditional methods is a difficult task. This difficulty is emphasized in cases where digitally implemented systems are combined with old analogue systems. Model checking is a computer-aided method developed for formal verification of correct functioning of a system design by examining all possible behaviors of a model of the system. This paper examines the use of model checking for the verification of a changeover switching unit for a busbar and also summarizes past experiences of utilizing model checking in verification of I&C logic designs. The switching unit is composed of an analogue control logic and a digital malfunction protection relay. The system was analyzed using the NuSMV model checking tool tailored for analysis of systems with a large number of inputs. The case study of this paper expands a series of studies on the applicability of model checking for the verification of NPP automation systems by introducing the problem of state space explosion caused by timing properties. Previous case studies have clearly demonstrated the benefits of model checking in the verification and licensing of digital automation. The analysis of the switching unit demonstrated that model checking is also useful in the verification of I&C systems combining analogue and digital technology, regardless some limitations of the NuSMV tool.

    KW - safety logic

    KW - model checking

    KW - verification

    KW - changeover switching unit

    M3 - Conference article in proceedings

    SN - 978-1-6178-2266-7

    VL - 3

    SP - 1719

    EP - 1728

    BT - Proceedings of 7th International Topical Meeting on Nuclear Plant Instrumentation, Control and Human-Machine Interface Technologies, NPIC & HMIT 2010

    PB - American Nuclear Society ANS

    CY - LaGrange, Park, Illinois

    ER -

    Björkman K, Valkonen J, Ranta J. Verification of automated changeover swithcing unit by model checking. In Proceedings of 7th International Topical Meeting on Nuclear Plant Instrumentation, Control and Human-Machine Interface Technologies, NPIC & HMIT 2010. Vol. 3. LaGrange, Park, Illinois: American Nuclear Society ANS. 2010. p. 1719-1728