Antti Pakonen scite author profile

Model checking has been successfully used for detailed formal verification of instrumentation and control (I&C) systems, as long as the focus has been on the application logic alone. In safety-critical applications, fault tolerance is also an important aspect, but introducing I&C hardware failure modes to the formal models comes at a significant computational cost. Previous attempts have led to state space explosion and prohibitively long processing times. In this paper, we present an approach to model and formally verify protection functions allocated to one or several I&C systems, accounting for hardware component failures and delays in communication within and between the systems. Formal verification is done with model checking, whose feasibility on such complex systems is achieved by utilizing the symmetry of I&C systems: the components of the overall model that do not influence the checked requirements are eliminated, and the failing components are fixed. Generation of such abstracted models, as well as subsequent verification of their requirements and symmetry with the NuSMV symbolic model checker, is handled by a software tool. In addition, we explore how to specify formal requirements for systems of the considered class. Based on a case study built around a semi-fictitious nuclear power plant protection system that achieves reliability by means of redundancy, we demonstrate how failure tolerance of even detailed system designs can be formally verified. INDEX TERMS Formal verification, model checking, nuclear I&C systems, fault tolerance.

show abstract

A toolset for model checking of PLC software

Pakonen

Mätäsniemi

Lahtinen

et al. 2013

View full text Add to dashboard Cite

Model checking as a protective method against spurious actuation of industrial control systems

Pakonen

Björkman

2017

View full text Add to dashboard Cite

User-friendly formal specification languages - conclusions drawn from industrial experience on model checking

Pakonen

Pang

Buzhinsky

et al. 2016

View full text Add to dashboard Cite

Formal methods -such as model checking -have definite advantages over more commonplace verification techniques. By providing proof of the analyzed systems' correctness, they are especially useful in domains that are under regulatory supervision, like the nuclear industry. The foremost challenge for wider adoption of model checking is the effort and the expertise required for formalizing functional requirements into verifiable properties. A particular challenge in verifying the application software of industrial process control systems is taking into account the different sequencing and timing issues that arise from, e.g., the dynamic behavior of the plant processes being controlled. In this paper, we review specification languages that are aimed at making formal methods more accessible. We have collected 1079 sample formal properties from practical model checking projects in the nuclear industry, and identified repeatedly occurring property types. We present our findings, and based on the sample data, evaluate the applicability of different approaches on user-friendly property specification.

show abstract

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Antti Pakonen

Counterexample visualization and explanation for function block diagrams

Model-Checking Detailed Fault-Tolerant Nuclear Power Plant Safety Functions

A toolset for model checking of PLC software

Model checking as a protective method against spurious actuation of industrial control systems

User-friendly formal specification languages - conclusions drawn from industrial experience on model checking

Contact Info

Product

Resources

About