Synthesis-Aided Reliability Assurance of Basic Block Models for Model Checking Purposes

In the Finnish nuclear industry, model checking, a formal verification technique, is used as an additional means of safety assurance for instrumentation and control (I&C) system design. Since the code of vendor-specific basic function blocks used in I&C is commonly closed, these blocks need to be modeled manually based on available specification. This modeling introduces an additional source of human factor into the verification process. To increase the reliability of the library of basic blocks used in nuclear I&C verification, we apply formal synthesis techniques, which can construct finite-state models of reactive systems from behavior examples and temporal properties. Since these techniques have computational limitations and synthesized models are hard to understand even by an analyst, we do not use them in the final verification process. Instead, in an iterative process, behavioral differences between a synthesized model and a manual model implementation are identified and used to create a list of features of manual implementations which either violate the specification or show that the specification is ambiguous.

[1]  Stephan Merz,et al.  Model Checking , 2000 .

[2]  Markus Hartikainen,et al.  Practical applications of model checking in the Finnish nuclear industry , 2017 .

[3]  Fausto Giunchiglia,et al.  NUSMV: a new symbolic model checker , 2000, International Journal on Software Tools for Technology Transfer.

[4]  Gerard J. Holzmann,et al.  The Model Checker SPIN , 1997, IEEE Trans. Software Eng..

[5]  Tommi Karhela,et al.  A toolset for model checking of PLC software , 2013, 2013 IEEE 18th Conference on Emerging Technologies & Factory Automation (ETFA).

[6]  Topi Tahvonen,et al.  Testing and Utilization of Loviisa Full Scope Apros Model in Engineering and Development Simulator , 2010 .

[7]  Bernd Finkbeiner,et al.  BoSy: An Experimentation Framework for Bounded Synthesis , 2017, CAV.

[8]  Igor Buzhinsky,et al.  Exact finite-state machine identification from scenarios and temporal properties , 2016, International Journal on Software Tools for Technology Transfer.

[9]  Kim Björkman,et al.  Model checking as a protective method against spurious actuation of industrial control systems , 2017 .

[10]  Rüdiger Ehlers,et al.  Unbeast: Symbolic Bounded Synthesis , 2011, TACAS.

[11]  Valeriy Vyatkin,et al.  Automatic Inference of Finite-State Plant Models From Traces and Temporal Properties , 2017, IEEE Transactions on Industrial Informatics.

[12]  Armin Biere,et al.  Bounded model checking , 2003, Adv. Comput..

[13]  Christel Baier,et al.  Principles of model checking , 2008 .

[14]  Ilan Beer,et al.  Explaining counterexamples using causality , 2009, Formal Methods in System Design.

[15]  Chung-Hao Huang,et al.  G4LTL-ST: Automatic Generation of PLC Programs , 2014, CAV.

[16]  Stavros Tripakis,et al.  Learning Moore machines from input–output traces , 2016, International Journal on Software Tools for Technology Transfer.

[17]  Tamás Bartha,et al.  Formal Verification of Safety Functions by Reinterpretation of Functional Block Based Specifications , 2008, FMICS.

[18]  Dániel Darvas,et al.  PLC Program Translation for Verification Purposes , 2017 .

[19]  Junbeom Yoo,et al.  VERIFICATION OF PLC PROGRAMS WRITTEN IN FBD WITH VIS , 2009 .