Improving System Reliability via Model Checking: The FSAP/NuSMV-SA Safety Analysis Platform

Safety critical systems are becoming more complex, both in the type of functionality they provide and in the way they are demanded to interact with their environment. Such growing complexity requires an adequate increase in the capability of safety engineers to assess system safety, including analyzing the bahaviour of a system in degraded situations. Formal verification techniques, like symbolic model checking, have the potential of dealing with such a complexity and are more often being used during system design. In this paper we present the FSAP/NuSMV-SA platform, based on the NuSMV2 model checker, that implements known and novel techniques to help safety engineers perform safety analysis. The main functionalities of FSAP/NuSMV-SA include: failure mode definition based on a library of failure modes, fault injection, automatic fault tree construction for monotonic and non-monotonic systems, failure ordering analysis. The goal is to provide an environment that can be used both by design engineers to formally verify a system and by safety engineers to automate certain phases of safety assessment. The platform is being developed within the ESACS project (Enhanced Safety Analysis for Complex Systems), an European-Union-sponsored project in the avionics sector, whose goal is to define a methodology to improve the safety analysis practice for complex systems development.

[1]  Thomas A. Henzinger,et al.  HYTECH: A Model Checker for Hybrid Systems , 1997, CAV.

[2]  David Coppit,et al.  The Galileo fault tree analysis tool , 1999, Digest of Papers. Twenty-Ninth Annual International Symposium on Fault-Tolerant Computing (Cat. No.99CB36352).

[3]  M. Bozzano,et al.  Integrating Fault Tree Analysis with Event Ordering Information ∗ , 2003 .

[4]  Paolo Traverso,et al.  Formal Specification and Development of a Safety-Critical Train Management System , 1999, SAFECOMP.

[5]  Alessandro Cimatti,et al.  Industrial Applications of Model Checking , 2000, MOVEP.

[6]  Claude Jard,et al.  Modeling and Verification of Parallel Processes , 2001, Lecture Notes in Computer Science.

[7]  Olivier Coudert,et al.  Fault Tree Analysis: 1020 Prime Implicants and Beyond , 1993 .

[8]  Olivier Coudert,et al.  Fault tree analysis: 10/sup 20/ prime implicants and beyond , 1993, Annual Reliability and Maintainability Symposium 1993 Proceedings.

[9]  Peter Liggesmeyer,et al.  Improving system reliability with automatic fault tree generation , 1998, Digest of Papers. Twenty-Eighth Annual International Symposium on Fault-Tolerant Computing (Cat. No.98CB36224).

[10]  Carol-Sophie Smidts,et al.  Probabilistic reactor dynamics. II: A Monte Carlo study of a fast reactor transient , 1992 .

[11]  Stefania Gnesi,et al.  FME 2003: Formal Methods: International Symposium of Formal Methods Europe, Pisa, Italy, September 8-14, 2003. Proceedings , 2003, Lecture Notes in Computer Science.

[12]  J. A. McDermid,et al.  Towards integrated safety analysis and design , 1994, SIAP.

[13]  Paolo Traverso,et al.  Formal Specification and Validation of a Vital Communication Protocol , 1999, World Congress on Formal Methods.

[14]  Marco Bozzano,et al.  Improving Safety Assessment of Complex Systems: An Industrial Case Study , 2003, FME.

[15]  Thomas A. Henzinger,et al.  The theory of hybrid automata , 1996, Proceedings 11th Annual IEEE Symposium on Logic in Computer Science.

[16]  Gerard J. Holzmann,et al.  The Model Checker SPIN , 1997, IEEE Trans. Software Eng..

[17]  M. Marseguerraa,et al.  A concept paper on dynamic reliability via Monte Carlo simulation , 1998 .

[18]  Wang Yi,et al.  Uppaal in a nutshell , 1997, International Journal on Software Tools for Technology Transfer.

[19]  Marco Bozzano,et al.  ESACS: an integrated methodology for design and safety analysis of complex systems , 2003 .

[20]  Jonathan P. Bowen,et al.  Industrial-Strength Formal Methods in Practice , 1999, Formal Approaches to Computing and Information Technology (FACIT).

[21]  Randal E. Bryant,et al.  Symbolic Boolean manipulation with ordered binary-decision diagrams , 1992, CSUR.

[22]  Tunc Aldemir,et al.  Computer-Assisted Markov Failure Modeling of Process Control Systems , 1987, IEEE Transactions on Reliability.

[23]  Sérgio Vale Aguiar Campos,et al.  Symbolic Model Checking , 1993, CAV.

[24]  Marco Pistore,et al.  NuSMV 2: An OpenSource Tool for Symbolic Model Checking , 2002, CAV.

[25]  David Coppit,et al.  Combining various solution techniques for dynamic fault tree analysis of computer systems , 1998, Proceedings Third IEEE International High-Assurance Systems Engineering Symposium (Cat. No.98EX231).

[26]  Fausto Giunchiglia,et al.  NUSMV: a new symbolic model checker , 2000, International Journal on Software Tools for Technology Transfer.

[27]  S. Anderson,et al.  Secure Synthesis of Code: A Process Improvement Experiment , 1999, World Congress on Formal Methods.

[28]  N. Siu,et al.  Risk assessment for dynamic systems: An overview , 1994 .

[29]  Piergiorgio Bertoli,et al.  A SAT Based Approach for Solving Formulas over Boolean and Linear Mathematical Propositions , 2002, CADE.

[30]  Ioannis A. Papazoglou Markovian Reliability Analysis of Dynamic Systems , 1994 .

[31]  W E Vesely,et al.  Fault Tree Handbook , 1987 .

[32]  Armin Biere,et al.  Symbolic Model Checking without BDDs , 1999, TACAS.

[33]  Stephan Merz,et al.  Model Checking , 2000 .

[34]  Andrei Voronkov,et al.  Automated Deduction—CADE-18 , 2002, Lecture Notes in Computer Science.

[35]  Jacques Devooght,et al.  Probabilistic Dynamics : The Mathematical and Computing Problems Ahead , 1994 .

[36]  David Clark,et al.  Safety and Security Analysis of Object-Oriented Models , 2002, SAFECOMP.

[37]  Jeannette M. Wing A specifier's introduction to formal methods , 1990, Computer.

[38]  Olivier Coudert,et al.  Implicit and incremental computation of primes and essential primes of Boolean functions , 1992, [1992] Proceedings 29th ACM/IEEE Design Automation Conference.