Verification of safety logic designs by model checking

Kim Björkman, Juho Frits, Janne Valkonen, Jussi Lahtinen, Keijo Heljanko, Ilkka Niemelä, Jari Hämäläinen

Research output: Chapter in Book/Report/Conference proceedingConference article in proceedingsScientificpeer-review

7 Citations (Scopus)

Abstract

In nuclear power plants, novel digitalized I&C systems have brought out new needs for safety evaluation. The programmable digital logic controllers enable complicated control functionalities and, thus, their comprehensive verification is a difficult task. Model checking is a promising method that enables complete verification of the logic design when a finite state machine model of the control logic is available. The paper investigates the verification of a power plant related safety logic system which combines real-time aspects through the use of timers with control logic. Because of the involved combination a comprehensive and reliable analysis by manual inspection and testing is challenging. For analyzing the logic design of the system, we employed two model checking tools. The Uppaal model checker was selected for its good handling of real time aspects while the NuSMV model checker was selected because it is tailored for the analysis of large systems. The safety logic system was modeled using NuSMV and Uppaal and the model checking capabilities of the systems were studied by analyzing whether the key requirements for safety are satisfied. Then three increasingly challenging failure models were created for NuSMV to check the fulfillment of the single failure criterion. The analysis clearly demonstrates the benefits of model checking in the verification and licensing of digital automation. The analysis also demonstrates strengths and limitations of the two model checking tools.
Original languageEnglish
Title of host publicationProceedings of the Sixth American Nuclear Society International Topical Meeting on Nuclear Plant Instrumentation, Control, and Human-Machine Interface Technologies NPIC&HMIT 2009
PublisherAmerican Nuclear Society ANS
ISBN (Electronic)978-0-89448-067-6
Publication statusPublished - 2009
MoE publication typeA4 Article in a conference publication
Event6th American Nuclear Society International Topical Meeting on Nuclear Plant Instrumentation, Control, and Human-Machine Interface Technologies, NPIC&HMIT 2009 - Knoxville, United States
Duration: 5 Apr 20099 Apr 2009

Conference

Conference6th American Nuclear Society International Topical Meeting on Nuclear Plant Instrumentation, Control, and Human-Machine Interface Technologies, NPIC&HMIT 2009
Abbreviated titleNPIC&HMIT 2009
CountryUnited States
CityKnoxville
Period5/04/099/04/09

Fingerprint

Logic design
Model checking
Finite automata
Nuclear power plants
Power plants
Automation
Inspection
Controllers
Testing

Keywords

  • safety logic
  • digital I&C
  • model checking
  • verification
  • automation

Cite this

Björkman, K., Frits, J., Valkonen, J., Lahtinen, J., Heljanko, K., Niemelä, I., & Hämäläinen, J. (2009). Verification of safety logic designs by model checking. In Proceedings of the Sixth American Nuclear Society International Topical Meeting on Nuclear Plant Instrumentation, Control, and Human-Machine Interface Technologies NPIC&HMIT 2009 American Nuclear Society ANS.
Björkman, Kim ; Frits, Juho ; Valkonen, Janne ; Lahtinen, Jussi ; Heljanko, Keijo ; Niemelä, Ilkka ; Hämäläinen, Jari. / Verification of safety logic designs by model checking. Proceedings of the Sixth American Nuclear Society International Topical Meeting on Nuclear Plant Instrumentation, Control, and Human-Machine Interface Technologies NPIC&HMIT 2009. American Nuclear Society ANS, 2009.
@inproceedings{db23447bc3944e87bee7f440861e1066,
title = "Verification of safety logic designs by model checking",
abstract = "In nuclear power plants, novel digitalized I&C systems have brought out new needs for safety evaluation. The programmable digital logic controllers enable complicated control functionalities and, thus, their comprehensive verification is a difficult task. Model checking is a promising method that enables complete verification of the logic design when a finite state machine model of the control logic is available. The paper investigates the verification of a power plant related safety logic system which combines real-time aspects through the use of timers with control logic. Because of the involved combination a comprehensive and reliable analysis by manual inspection and testing is challenging. For analyzing the logic design of the system, we employed two model checking tools. The Uppaal model checker was selected for its good handling of real time aspects while the NuSMV model checker was selected because it is tailored for the analysis of large systems. The safety logic system was modeled using NuSMV and Uppaal and the model checking capabilities of the systems were studied by analyzing whether the key requirements for safety are satisfied. Then three increasingly challenging failure models were created for NuSMV to check the fulfillment of the single failure criterion. The analysis clearly demonstrates the benefits of model checking in the verification and licensing of digital automation. The analysis also demonstrates strengths and limitations of the two model checking tools.",
keywords = "safety logic, digital I&C, model checking, verification, automation",
author = "Kim Bj{\"o}rkman and Juho Frits and Janne Valkonen and Jussi Lahtinen and Keijo Heljanko and Ilkka Niemel{\"a} and Jari H{\"a}m{\"a}l{\"a}inen",
note = "Project code: 32527",
year = "2009",
language = "English",
booktitle = "Proceedings of the Sixth American Nuclear Society International Topical Meeting on Nuclear Plant Instrumentation, Control, and Human-Machine Interface Technologies NPIC&HMIT 2009",
publisher = "American Nuclear Society ANS",
address = "United States",

}

Björkman, K, Frits, J, Valkonen, J, Lahtinen, J, Heljanko, K, Niemelä, I & Hämäläinen, J 2009, Verification of safety logic designs by model checking. in Proceedings of the Sixth American Nuclear Society International Topical Meeting on Nuclear Plant Instrumentation, Control, and Human-Machine Interface Technologies NPIC&HMIT 2009. American Nuclear Society ANS, 6th American Nuclear Society International Topical Meeting on Nuclear Plant Instrumentation, Control, and Human-Machine Interface Technologies, NPIC&HMIT 2009, Knoxville, United States, 5/04/09.

Verification of safety logic designs by model checking. / Björkman, Kim; Frits, Juho; Valkonen, Janne; Lahtinen, Jussi; Heljanko, Keijo; Niemelä, Ilkka; Hämäläinen, Jari.

Proceedings of the Sixth American Nuclear Society International Topical Meeting on Nuclear Plant Instrumentation, Control, and Human-Machine Interface Technologies NPIC&HMIT 2009. American Nuclear Society ANS, 2009.

Research output: Chapter in Book/Report/Conference proceedingConference article in proceedingsScientificpeer-review

TY - GEN

T1 - Verification of safety logic designs by model checking

AU - Björkman, Kim

AU - Frits, Juho

AU - Valkonen, Janne

AU - Lahtinen, Jussi

AU - Heljanko, Keijo

AU - Niemelä, Ilkka

AU - Hämäläinen, Jari

N1 - Project code: 32527

PY - 2009

Y1 - 2009

N2 - In nuclear power plants, novel digitalized I&C systems have brought out new needs for safety evaluation. The programmable digital logic controllers enable complicated control functionalities and, thus, their comprehensive verification is a difficult task. Model checking is a promising method that enables complete verification of the logic design when a finite state machine model of the control logic is available. The paper investigates the verification of a power plant related safety logic system which combines real-time aspects through the use of timers with control logic. Because of the involved combination a comprehensive and reliable analysis by manual inspection and testing is challenging. For analyzing the logic design of the system, we employed two model checking tools. The Uppaal model checker was selected for its good handling of real time aspects while the NuSMV model checker was selected because it is tailored for the analysis of large systems. The safety logic system was modeled using NuSMV and Uppaal and the model checking capabilities of the systems were studied by analyzing whether the key requirements for safety are satisfied. Then three increasingly challenging failure models were created for NuSMV to check the fulfillment of the single failure criterion. The analysis clearly demonstrates the benefits of model checking in the verification and licensing of digital automation. The analysis also demonstrates strengths and limitations of the two model checking tools.

AB - In nuclear power plants, novel digitalized I&C systems have brought out new needs for safety evaluation. The programmable digital logic controllers enable complicated control functionalities and, thus, their comprehensive verification is a difficult task. Model checking is a promising method that enables complete verification of the logic design when a finite state machine model of the control logic is available. The paper investigates the verification of a power plant related safety logic system which combines real-time aspects through the use of timers with control logic. Because of the involved combination a comprehensive and reliable analysis by manual inspection and testing is challenging. For analyzing the logic design of the system, we employed two model checking tools. The Uppaal model checker was selected for its good handling of real time aspects while the NuSMV model checker was selected because it is tailored for the analysis of large systems. The safety logic system was modeled using NuSMV and Uppaal and the model checking capabilities of the systems were studied by analyzing whether the key requirements for safety are satisfied. Then three increasingly challenging failure models were created for NuSMV to check the fulfillment of the single failure criterion. The analysis clearly demonstrates the benefits of model checking in the verification and licensing of digital automation. The analysis also demonstrates strengths and limitations of the two model checking tools.

KW - safety logic

KW - digital I&C

KW - model checking

KW - verification

KW - automation

M3 - Conference article in proceedings

BT - Proceedings of the Sixth American Nuclear Society International Topical Meeting on Nuclear Plant Instrumentation, Control, and Human-Machine Interface Technologies NPIC&HMIT 2009

PB - American Nuclear Society ANS

ER -

Björkman K, Frits J, Valkonen J, Lahtinen J, Heljanko K, Niemelä I et al. Verification of safety logic designs by model checking. In Proceedings of the Sixth American Nuclear Society International Topical Meeting on Nuclear Plant Instrumentation, Control, and Human-Machine Interface Technologies NPIC&HMIT 2009. American Nuclear Society ANS. 2009