Verification of safety logic designs by model checking

Kim Björkman, Juho Frits, Janne Valkonen, Jussi Lahtinen, Keijo Heljanko, Ilkka Niemelä, Jari Hämäläinen

    Research output: Chapter in Book/Report/Conference proceedingConference article in proceedingsScientificpeer-review

    7 Citations (Scopus)

    Abstract

    In nuclear power plants, novel digitalized I&C systems have brought out new needs for safety evaluation. The programmable digital logic controllers enable complicated control functionalities and, thus, their comprehensive verification is a difficult task. Model checking is a promising method that enables complete verification of the logic design when a finite state machine model of the control logic is available. The paper investigates the verification of a power plant related safety logic system which combines real-time aspects through the use of timers with control logic. Because of the involved combination a comprehensive and reliable analysis by manual inspection and testing is challenging. For analyzing the logic design of the system, we employed two model checking tools. The Uppaal model checker was selected for its good handling of real time aspects while the NuSMV model checker was selected because it is tailored for the analysis of large systems. The safety logic system was modeled using NuSMV and Uppaal and the model checking capabilities of the systems were studied by analyzing whether the key requirements for safety are satisfied. Then three increasingly challenging failure models were created for NuSMV to check the fulfillment of the single failure criterion. The analysis clearly demonstrates the benefits of model checking in the verification and licensing of digital automation. The analysis also demonstrates strengths and limitations of the two model checking tools.
    Original languageEnglish
    Title of host publicationProceedings of the Sixth American Nuclear Society International Topical Meeting on Nuclear Plant Instrumentation, Control, and Human-Machine Interface Technologies NPIC&HMIT 2009
    PublisherAmerican Nuclear Society ANS
    ISBN (Electronic)978-0-89448-067-6
    Publication statusPublished - 2009
    MoE publication typeA4 Article in a conference publication
    Event6th American Nuclear Society International Topical Meeting on Nuclear Plant Instrumentation, Control, and Human-Machine Interface Technologies, NPIC&HMIT 2009 - Knoxville, United States
    Duration: 5 Apr 20099 Apr 2009

    Conference

    Conference6th American Nuclear Society International Topical Meeting on Nuclear Plant Instrumentation, Control, and Human-Machine Interface Technologies, NPIC&HMIT 2009
    Abbreviated titleNPIC&HMIT 2009
    CountryUnited States
    CityKnoxville
    Period5/04/099/04/09

    Fingerprint

    Logic design
    Model checking
    Finite automata
    Nuclear power plants
    Power plants
    Automation
    Inspection
    Controllers
    Testing

    Keywords

    • safety logic
    • digital I&C
    • model checking
    • verification
    • automation

    Cite this

    Björkman, K., Frits, J., Valkonen, J., Lahtinen, J., Heljanko, K., Niemelä, I., & Hämäläinen, J. (2009). Verification of safety logic designs by model checking. In Proceedings of the Sixth American Nuclear Society International Topical Meeting on Nuclear Plant Instrumentation, Control, and Human-Machine Interface Technologies NPIC&HMIT 2009 American Nuclear Society ANS.
    Björkman, Kim ; Frits, Juho ; Valkonen, Janne ; Lahtinen, Jussi ; Heljanko, Keijo ; Niemelä, Ilkka ; Hämäläinen, Jari. / Verification of safety logic designs by model checking. Proceedings of the Sixth American Nuclear Society International Topical Meeting on Nuclear Plant Instrumentation, Control, and Human-Machine Interface Technologies NPIC&HMIT 2009. American Nuclear Society ANS, 2009.
    @inproceedings{db23447bc3944e87bee7f440861e1066,
    title = "Verification of safety logic designs by model checking",
    abstract = "In nuclear power plants, novel digitalized I&C systems have brought out new needs for safety evaluation. The programmable digital logic controllers enable complicated control functionalities and, thus, their comprehensive verification is a difficult task. Model checking is a promising method that enables complete verification of the logic design when a finite state machine model of the control logic is available. The paper investigates the verification of a power plant related safety logic system which combines real-time aspects through the use of timers with control logic. Because of the involved combination a comprehensive and reliable analysis by manual inspection and testing is challenging. For analyzing the logic design of the system, we employed two model checking tools. The Uppaal model checker was selected for its good handling of real time aspects while the NuSMV model checker was selected because it is tailored for the analysis of large systems. The safety logic system was modeled using NuSMV and Uppaal and the model checking capabilities of the systems were studied by analyzing whether the key requirements for safety are satisfied. Then three increasingly challenging failure models were created for NuSMV to check the fulfillment of the single failure criterion. The analysis clearly demonstrates the benefits of model checking in the verification and licensing of digital automation. The analysis also demonstrates strengths and limitations of the two model checking tools.",
    keywords = "safety logic, digital I&C, model checking, verification, automation",
    author = "Kim Bj{\"o}rkman and Juho Frits and Janne Valkonen and Jussi Lahtinen and Keijo Heljanko and Ilkka Niemel{\"a} and Jari H{\"a}m{\"a}l{\"a}inen",
    note = "Project code: 32527",
    year = "2009",
    language = "English",
    booktitle = "Proceedings of the Sixth American Nuclear Society International Topical Meeting on Nuclear Plant Instrumentation, Control, and Human-Machine Interface Technologies NPIC&HMIT 2009",
    publisher = "American Nuclear Society ANS",
    address = "United States",

    }

    Björkman, K, Frits, J, Valkonen, J, Lahtinen, J, Heljanko, K, Niemelä, I & Hämäläinen, J 2009, Verification of safety logic designs by model checking. in Proceedings of the Sixth American Nuclear Society International Topical Meeting on Nuclear Plant Instrumentation, Control, and Human-Machine Interface Technologies NPIC&HMIT 2009. American Nuclear Society ANS, 6th American Nuclear Society International Topical Meeting on Nuclear Plant Instrumentation, Control, and Human-Machine Interface Technologies, NPIC&HMIT 2009, Knoxville, United States, 5/04/09.

    Verification of safety logic designs by model checking. / Björkman, Kim; Frits, Juho; Valkonen, Janne; Lahtinen, Jussi; Heljanko, Keijo; Niemelä, Ilkka; Hämäläinen, Jari.

    Proceedings of the Sixth American Nuclear Society International Topical Meeting on Nuclear Plant Instrumentation, Control, and Human-Machine Interface Technologies NPIC&HMIT 2009. American Nuclear Society ANS, 2009.

    Research output: Chapter in Book/Report/Conference proceedingConference article in proceedingsScientificpeer-review

    TY - GEN

    T1 - Verification of safety logic designs by model checking

    AU - Björkman, Kim

    AU - Frits, Juho

    AU - Valkonen, Janne

    AU - Lahtinen, Jussi

    AU - Heljanko, Keijo

    AU - Niemelä, Ilkka

    AU - Hämäläinen, Jari

    N1 - Project code: 32527

    PY - 2009

    Y1 - 2009

    N2 - In nuclear power plants, novel digitalized I&C systems have brought out new needs for safety evaluation. The programmable digital logic controllers enable complicated control functionalities and, thus, their comprehensive verification is a difficult task. Model checking is a promising method that enables complete verification of the logic design when a finite state machine model of the control logic is available. The paper investigates the verification of a power plant related safety logic system which combines real-time aspects through the use of timers with control logic. Because of the involved combination a comprehensive and reliable analysis by manual inspection and testing is challenging. For analyzing the logic design of the system, we employed two model checking tools. The Uppaal model checker was selected for its good handling of real time aspects while the NuSMV model checker was selected because it is tailored for the analysis of large systems. The safety logic system was modeled using NuSMV and Uppaal and the model checking capabilities of the systems were studied by analyzing whether the key requirements for safety are satisfied. Then three increasingly challenging failure models were created for NuSMV to check the fulfillment of the single failure criterion. The analysis clearly demonstrates the benefits of model checking in the verification and licensing of digital automation. The analysis also demonstrates strengths and limitations of the two model checking tools.

    AB - In nuclear power plants, novel digitalized I&C systems have brought out new needs for safety evaluation. The programmable digital logic controllers enable complicated control functionalities and, thus, their comprehensive verification is a difficult task. Model checking is a promising method that enables complete verification of the logic design when a finite state machine model of the control logic is available. The paper investigates the verification of a power plant related safety logic system which combines real-time aspects through the use of timers with control logic. Because of the involved combination a comprehensive and reliable analysis by manual inspection and testing is challenging. For analyzing the logic design of the system, we employed two model checking tools. The Uppaal model checker was selected for its good handling of real time aspects while the NuSMV model checker was selected because it is tailored for the analysis of large systems. The safety logic system was modeled using NuSMV and Uppaal and the model checking capabilities of the systems were studied by analyzing whether the key requirements for safety are satisfied. Then three increasingly challenging failure models were created for NuSMV to check the fulfillment of the single failure criterion. The analysis clearly demonstrates the benefits of model checking in the verification and licensing of digital automation. The analysis also demonstrates strengths and limitations of the two model checking tools.

    KW - safety logic

    KW - digital I&C

    KW - model checking

    KW - verification

    KW - automation

    M3 - Conference article in proceedings

    BT - Proceedings of the Sixth American Nuclear Society International Topical Meeting on Nuclear Plant Instrumentation, Control, and Human-Machine Interface Technologies NPIC&HMIT 2009

    PB - American Nuclear Society ANS

    ER -

    Björkman K, Frits J, Valkonen J, Lahtinen J, Heljanko K, Niemelä I et al. Verification of safety logic designs by model checking. In Proceedings of the Sixth American Nuclear Society International Topical Meeting on Nuclear Plant Instrumentation, Control, and Human-Machine Interface Technologies NPIC&HMIT 2009. American Nuclear Society ANS. 2009