Formal hazard analysis of hybrid systems in cTLA

Hybrid systems like computer-controlled chemical plants are typical safety critical distributed systems. In present practice, the safety of hybrid systems is guaranteed by hazard analysis which is performed according to procedures (e.g., Ha/sub 2/Op) where experts discuss a series of informal argumentations. Each argumentation considers a specific required system property. Formal property proofs can increase the reliability. They, however have often to deal with very complex hybrid systems. Therefore, methods are needed which structure and decompose formal verification tasks into manageable subtasks. With respect to this, our approach achieves a relatively direct translation of informal argumentations into formal proofs. Since the informal argumentations mostly do not refer to the system as a whole but do only address specific parts and aspects, the formal proofs also can deal with partial, less complex system models. In result even very complex systems can be verified in well-manageable subtasks. The direct translation is supported by the characteristics of the specification technique applied. The temporal logic based technique cTLA supports the modular description of hybrid process systems. In particular one can model a system as a composition of behavior constraints. Properties which are implied by a subsystem of constraints also are properties of the system as a whole. Therefore a subsystem can correspond to the parts and aspects addressed by an informal argumentation. We outline cTLA and introduce the formalization of hazard analysis argumentations by means of a hybrid example system. Additionally, we sketch a framework of specification modules and theorems which supports the formal hazard analysis of hybrid systems.

[1]  Venkat Venkatasubramanian,et al.  Petri net-Digraph models for automating HAZOP analysis of batch process plants , 1996 .

[2]  Heiko Krumm,et al.  Compositional specification and structured verification of hybrid systems in cTLA , 1998, Proceedings First International Symposium on Object-Oriented Real-Time Distributed Computing (ISORC '98).

[3]  Thomas A. Henzinger,et al.  Hybrid Automata: An Algorithmic Approach to the Specification and Verification of Hybrid Systems , 1992, Hybrid Systems.

[4]  Marten van Sinderen,et al.  Architecture and Specification Style in Formal Descriptions of Distributed Systems , 1988 .

[5]  Anders P. Ravn,et al.  From Safety Analysis to Software Requirements , 1998, IEEE Trans. Software Eng..

[6]  A. Poucet,et al.  Computer tools for hazard identification, modelling and analysis , 1992 .

[7]  Reino Kurki-Suonio Fundamentals of Object-Oriented Specification and Modeling of Collective Behaviors , 1996 .

[8]  M Göring,et al.  HAZEXPERT â an integrated expert system to support hazard analysis in process plant design , 1993 .

[9]  Leslie Lamport,et al.  Hybrid Systems in TLA+ , 1992, Hybrid Systems.

[10]  H. G Lawley Operability Studies and Hazard Analysis , 1974 .

[11]  J. W. Ponton,et al.  Qualitative simulation and fault propagation in process plants , 1989 .

[12]  Kazuhiko Suzuki,et al.  Computer-aided operability study , 1996 .

[13]  M. H. GöRing,et al.  HAZEXPERT — an integrated expert system to support hazard analysis in process plant design , 1993 .

[14]  Lyle H. Ungar,et al.  Model‐based approach to automated hazard identification of chemical plants , 1995 .

[15]  Heiko Krumm,et al.  Compositional specification and verification of high-speed transfer protocols , 1994, PSTV.

[16]  Jozef Hooman,et al.  A Compositional Approach to the Design of Hybrid Systems , 1992, Hybrid Systems.

[17]  Venkat Venkatasubramanian,et al.  Experience with an expert system for automated HAZOP analysis , 1996 .

[18]  H.-M. Hanisch,et al.  Permissive control of Boolean condition/event systems: Synthesis and limits , 1994, Proceedings of 1994 9th IEEE International Symposium on Intelligent Control.

[19]  K. Mani Chandy,et al.  Parallel program design - a foundation , 1988 .

[20]  Olaf Stursberg,et al.  A CONCEPT FOR SAFETY ANALYSES OF CHEMICAL PLANTS BA SED ON DISCRETE MODELS WITH AN ADAPTED DEGREE OF ABSTRACTI ON , 1998 .

[21]  Leslie Lamport,et al.  The temporal logic of actions , 1994, TOPL.

[22]  Heiko Krumm,et al.  Specification of hybrid systems in cTLA+ , 1997, Proceedings of 5th International Workshop on Parallel and Distributed Real-Time Systems and 3rd Workshop on Object-Oriented Real-Time Systems.

[23]  Robert L. Grossman,et al.  Timed Automata , 1999, CAV.

[24]  Martín Abadi,et al.  An old-fashioned recipe for real time , 1994, TOPL.

[25]  Heiko Krumm,et al.  Modular specification and verification of XTP , 1998, Telecommun. Syst..