Jingyi Wang,Jun Sun,Qixia Yuan,Jun Pang

DOI: https://doi.org/10.1007/978-3-662-54494-5_1

2017-01-01

Abstract:Many automated system analysis techniques e.g., model checking, model-based testing rely on first obtaining a model of the system under analysis. System modeling is often done manually, which is often considered as a hindrance to adopt model-based system analysis and development techniques. To overcome this problem, researchers have proposed to automatically \"learn\" models based on sample system executions and shown that the learned models can be useful sometimes. There are however many questions to be answered. For instance, how much shall we generalize from the observed samples and how fast would learning converge? Or, would the analysis result based on the learned model be more accurate than the estimation we could have obtained by sampling many system executions within the same amount of time? In this work, we investigate existing algorithms for learning probabilistic models for model checking, propose an evolution-based approach for better controlling the degree of generalization and conduct an empirical study in order to answer the questions. One of our findings is that the effectiveness of learning may sometimes be limited.

A. Dubey,X. Wu,H. Su,T. J. Koo

DOI: https://doi.org/10.1007/11562948_11

2005-01-01

Abstract:In this paper, we describe a computation platform called ReachLab, which enables automatic analysis of embedded software systems that interact with continuous environment. Algorithms are used to specify how the state space of the system model should be explored in order to perform analysis. In ReachLab, both system models and analysis algorithm models are specified in the same framework using Hybrid System Analysis and Design Language (HADL), which is a meta-model based language. The platform allows the models of algorithms to be constructed hierarchically and promotes their reuse in constructing more complex algorithms. Moreover, the platform is designed in such a way that the concerns of design and implementation of analysis algorithms are separated. On one hand, the models of analysis algorithms are abstract and therefore the design of algorithms can be made independent of implementation details. On the other hand, translators are provided to automatically generate implementations from the models for computing analysis results based on computation kernels. Multiple computation kernels, which are based on specific computation tools such as d/dt and the Level Set toolbox, are supported and can be chosen to enable hybrid state space exploration. An example is provided to illustrate the design and implementation process in ReachLab.

Ting Wang,Songzheng Song,Jun Sun,Yang Liu,Jin Song Dong,Xinyu Wang,Shanping Li

DOI: https://doi.org/10.1007/978-3-642-34281-3_26

2012-01-01

Abstract:Refinement checking plays an important role in system verification. It establishes properties of an implementation by showing a refinement relationship between the implementation and a specification. Recently, it has been shown that anti-chain based approaches increase the efficiency of trace refinement checking significantly. In this work, we study the problem of adopting anti-chain for stable failures refinement checking, failures-divergence refinement checking and probabilistic refine checking (i.e., a probabilistic implementation against a non-probabilistic specification). We show that the first two problems can be significantly improved, because the state space of the product model may be reduced dramatically. Though applying anti-chain for probabilistic refinement checking is more complicated, we manage to show improvements in some cases. We have integrated these techniques into the PAT model checking framework. Experiments are conducted to demonstrate the efficiency of our approach.

Lu Chen,Jian Jiao,Jiping Fan,Fuchun Ren

DOI: https://doi.org/10.1109/rams.2016.7447978

2016-01-01

Abstract:Fault propagation identification is an indispensable task in complex system safety analysis. With the growing of system scale and complexity, it is hard for the traditional safety analysis techniques, which depend mainly on analysts' personal skills and experiences, to keep completeness and timeliness; moreover, some failure modes may be neglected and failure effects misjudged during the analysis. Formal science provides a new way to solve this problem, where formal verification method such as model checking can automatically validate whether the system design satisfies the given safety requirements, which can reduce an analysts' repetitive work and design cost, and improve the efficiency and quality of safety analysis. However, there is lack of a deliberate and reasonable way to build system models because of the diversity and flexibility of languages used for model checking, which results in that it is difficult to specify and model system quickly and accurately, and leads to some deviation in model checking. In this paper, a system modeling and safety property specifying approach using symbolic language SMV is proposed, including guidance on the mapping relationships between the formal language elements and system functions, architecture and failure modes; moreover, how to define system specifications and safety requirements using temporal logic formulas is discussed as well. Finally, a case study about airborne system safety analysis is provided, in which the counter-examples that do not meet system specifications can be identified automatically using model checker NuSMV to find out fault events and their propagation that can result in accidents.

Xiaohua Li,Gang Wang,Lin Xiao,Maosheng Ding

DOI: https://doi.org/10.1109/TDC.2005.1547134

2005-01-01

Abstract:This paper gives a new more practical software reliability model based on architectures of software components. This model uses semi-Markov chain and can give the quantitative evaluation about the digital protection's software. It analyzes the relation between the material architecture of software's modules and the reliability of software, then changes the model into a semi-Markov one based on the architecture of software's modules. Besides having the characters of the former model, this one have the ability to emulate the reliability in the situation which is the software having complex architecture or the system having the capability about paratactic calculating. Furthermore, the variable parameter method is used to study the sensitivity in order to find the vital factors of reliability. An example is given to demo the proposed techniques. The calculation results prove that the algorithm is viable. © 2005 IEEE.

Zhen Li,Zhengqi Jiang,Dongsheng Wang,Zhaobin Wang

DOI: https://doi.org/10.1109/access.2020.3022016

IF: 3.9

2020-01-01

IEEE Access

Abstract:With the increasing scale and complexity of system, it is very necessary to analyze the safety of complex system. Fault tree is an effective method to safety analysis. However, traditional fault tree relies on manual construction and analysis. When fault nodes and systems are complex, the efficiency and correctness of manual analysis can hardly be guaranteed. To the varied understanding of analysts, it is difficult to ensure the consistency of failure mode and system architecture due to the different understanding from safety analysts and system designers. The same node needs fault analysis again in different systems, which has poor reusability and low efficiency. AltaRica is a fault-oriented Safety Modeling Language. It takes the guard transformation system(GTS) as its core, describes nodes and faults with a style of reusable object-oriented language, and describes information of interaction between nodes and systems through interface connections between nodes and nested systems. Therefore, this paper proposed an automatic system modeling and fault analysis method and its detailed computer algorithm on single class node, multiple nodes and nodes with subsystems based on AltaRica. Finally we developed a software prototype and carry out the automatic modeling and fault analysis in a detailed example. The results showed that the proposed method, algorithm and software prototype can realize automatic graphical modeling of the system on AltaRica, the automatic fault analysis is correct and efficient, has reusability of modeling and fault analysis, and greatly improve the accuracy, objectivity and efficiency of fault modeling and analysis.

Yu Tan,Yongwang Zhao,Dianfu Ma,Xuejun Zhang

DOI: https://doi.org/10.1155/2022/2079880

2021-01-01

IOP Conference Series Earth and Environmental Science

Abstract:In safety-critical fields, architectural languages such as AADL (Architecture Analysis and Design Language) have been playing an important role, and the analysis of the languages and systems designed by them is a challenging research topic. At present, a formal method has become one of the main practices in software engineering for strict analysis, and it has been applied on the tools of formalization and analysis. The formal method can be used to find and resolve the problems early by describing the system with precise semantics and validating the system model. This article studies the comprehensive formal specification and verification of AADL with Behavior annex by the formal method. The presentation of this specification and semantics is the aim of this article, and the work is illustrated with an ARINC653 model case study in Isabelle/HOL.

Andrey Morozov,Thomas Mutzke,Kai Ding

DOI: https://doi.org/10.1115/1.4051781

2021-07-14

Abstract:Abstract Modern technical systems consist of heterogeneous components, including mechanical parts, hardware, and the extensive software part that allows the autonomous system operation. The heterogeneity and autonomy require appropriate models that can describe the mutual interaction of the components. UML and SysML are widely accepted candidates for system modeling and model-based analysis in early design phases, including the analysis of reliability properties. UML and SysML models are semi-formal. Thus, transformation methods to formal models are required. Recently, we introduced a stochastic Dual-graph Error Propagation Model (DEPM). This model captures control and data flow structures of a system and allows the computation of advanced risk metrics using probabilistic model checking techniques. This article presents a new automated transformation method of an annotated State Machine Diagram, extended with Activity Diagrams, to a hierarchical DEPM. This method will help reliability engineers to keep error propagation models up to date and ensure their consistency with the available system models. The capabilities and limitations of transformation algorithm is described in detail and demonstrated on a complete model-based error propagation analysis of an autonomous medical patient table.

Kai Hoefig,Andreas Joanni,Marc Zeller,Francesco Montrone,Martin Rothfelder,Rakshith Amarnath,Peter Munk,Arne Nordmann

DOI: https://doi.org/10.48550/arXiv.2105.15015

2021-05-31

Software Engineering

Abstract:The importance of mission or safety critical software systems in many application domains of embedded systems is continuously growing, and so is the effort and complexity for reliability and safety analysis. Model driven development is currently one of the key approaches to cope with increasing development complexity, in general. Applying similar concepts to reliability, availability, maintainability and safety (RAMS) analysis activities is a promising approach to extend the advantages of model driven development to safety engineering activities aiming at a reduction of development costs, a higher product quality and a shorter time-to-market. Nevertheless, many model-based safety or reliability engineering approaches aim at reducing the analysis complexity but applications or case studies are rare. Therefore we present here a large scale industrial case study which shows the benefits of the application of component fault trees when it comes to complex safety mechanisms. We compare the methodology of component fault trees against classic fault trees and summarize benefits and drawbacks of both modeling methodologies.

zhibin yang,kai hu,yongwang zhao,dianfu ma,jeanpaul bodeveix

DOI: https://doi.org/10.13328/j.cnki.jos.004776

2015-01-01

Abstract:This paper presents a formal verification method for AADL (architecture analysis and design language) models by TASM (timed abstract state machine) translation. The abstract syntax of the chosen subset of AADL and of TASM are given. The translation rules are defined clearly by the semantic functions expressed in a ML-like language. Furthermore, the translation is implemented in the model transformation tool AADL2TASM, which provides model checking and simulation for AADL models. Finally, a case study of space GNC (guidance, navigation and control) system is provided.

邵维忠,何啸,柳毅,麻志毅

DOI: https://doi.org/10.3724/SP.J.1001.2010.03792

2010-01-01

Journal of Software

Abstract:In the context of component-based software development, this paper proposes an approach to transforming UML diagrams of software architecture to Markov chain for the quantitative evaluation of reliability. Based on the component-based software architecture, it utilizes four types of UML diagrams: use case, sequence, activity and component diagrams, extending them and annotating them with reliability related attributes. Then, the diagrams are transformed into a Markov chain based analysis model by constructing an intermediate model called Component Transition Graph (CTG). Result of this transformation can be directly used in the existing analysis methods to predict software reliability, which facilitates the analysis task of software designer. © by Institute of Software, the Chinese Academy of Sciences. All rights reserved.

Ying Wang,Dianfu Ma,Yongwang Zhao,Lu Zou,Xianqi Zhao

DOI: https://doi.org/10.1109/COMPSAC.2011.36

2011-01-01

Abstract:Avionics software is safe-critical embedded software and its architecture is evolving from traditional federated architectures to Integrated Modular Avionics (IMA) to improve resource usability. ARINC653, as a standard widely employed in the avionics industry, supports partitioning concepts in accordance with the IMA philosophy. To insure the development of the avionics software constructed on ARINC653 operating system with high reliability and efficiency, we propose a model-driven design methodology based on Architecture Analysis &Design Language (AADL) for ARINC653 system. This paper focus on the modeling parts of this methodology which main feature is separating the abstract application function logic represented by AADL Platform-Independent Model (AADL PIM) from the concrete execution architecture represented by AADL Model for ARINC653 (AADL653). Additionally, we provide a refined transformation framework with formally transformation rules to transform AADL PIM to AADL653 automatically and the transformation result model AADL653 can then be used for analysis, verification and code generation.

Guoqiang Cai

DOI: https://doi.org/10.18293/vlss2015-052

2015-01-01

Proceedings

Abstract:Safety analysis ensuring the normal operation of an engineering system is important. The existing safety analysis methods are limited to relatively simple fact description and statistical induction level. Besides, many of them enjoy poor generality, and fail to achieve comprehensive safety evaluation given a system structure and collected information. This work describes a new safety analysis method, called a GO-Bayes algorithm. It combines structural modeling of the GO method and probabilistic reasoning of the Bayes method. It can be widely used in system analysis. The work takes a metro vehicle braking system as an example to verify its usefulness and accuracy. Visual implementation by Extendsim software shows its feasibility and advantages in comparison with the Fault Tree Analysis (FTA) method.

Lu Chen,Jian Jiao,Qianxin Wei,Tingdi Zhao

DOI: https://doi.org/10.1016/j.engfailanal.2017.06.034

IF: 4

2017-01-01

Engineering Failure Analysis

Abstract:It is important to analyze the failure in safety-critical system because a disaster may occur once any type of failure mode and/or failure effect is neglected or misjudged. In order to conduct the failure analysis more effectively and efficiently, the concept of formal modeling is introduced. This paper improved the model-based safety analysis (MBSA) working process to optimize the formal failure analysis approach of safety-critical system. As the core works of MBSA process, the formal modeling and model extension aim to build an integrated system model which can be used for analyzing the failure behaviors in the system by model checking. However, in order to automatically check if there are any potential failures in the structured system model and whether the model satisfies the specified system properties and requirements using model checker, model transformation is normally needed, which can introduced potential errors during the transformation. Moreover, different model checkers generally require the system models to be expressed in a particular input language, which increases the difficulty of modeling as well. In order to avoid these problems and improve the efficiency of failure analysis work, this paper focused on how to build an unified model of safety-critical system quickly and accurately using symbolic language SMV, and conduct automatic verification using the corresponding open-source model checker NuSMV soon afterwards. After the model checking, the formal verification results such as counter-examples generated by model checking need to be transformed into traditional failure analysis artifacts, such as FMEA and/or FTA, to guide the iterative improvement of system development conveniently. Therefore, to solve the transformation from formal verification conclusions to traditional failure analysis results is another key point of this paper. Finally, a case study about airborne equipment is provided to validate the proposed method.

Bingfeng XU,Zhiqiu HUANG,Jun HU,Xiaofeng YU

DOI: https://doi.org/CNKI:11-1929/V.20120201.0941.002

2012-01-01

Abstract:Current research of airborne software focuses on providing airworthiness certification evidence in software development process. As modern complex airborne software architecture is component-based and distributed, this paper considers the issue of checking the safety dependence relationship of software components against objectives that the airworthiness certification standard stipulates, which is one of the key problems of airborne software development in the design phase. Firstly, the static structure of a system is specified by a systems modeling language (SysML) block definition diagram with the description of safety properties. Secondly, the SysML block definition diagram is transformed to a block dependence graph for precise formal description. Thirdly, a method for checking the consistency between the safety dependence relationship in the static system structure and objectives of the airworthiness certification standard is proposed. Finally, an example of an aircraft navigation system is provided to illustrate how to use the method in the airborne software development process. The integrated safety level of a system is promoted by applying this method, and it can be used to provide airworthiness certification evidence.

Haitao Guo,Xianhui Yang

DOI: https://doi.org/10.1016/j.ress.2007.03.029

IF: 7.247

2008-01-01

Reliability Engineering & System Safety

Abstract:After the release of new international functional safety standards like IEC 61508, people care more for the safety and availability of safety instrumented systems. Markov analysis is a powerful and flexible technique to assess the reliability measurements of safety instrumented systems, but it is fallible and time-consuming to create Markov models manually. This paper presents a new technique to automatically create Markov models for reliability assessment of safety instrumented systems. Many safety related factors, such as failure modes, self-diagnostic, restorations, common cause and voting, are included in Markov models. A framework is generated first based on voting, failure modes and self-diagnostic. Then, repairs and common-cause failures are incorporated into the framework to build a complete Markov model. Eventual simplification of Markov models can be done by state merging. Examples given in this paper show how explosively the size of Markov model increases as the system becomes a little more complicated as well as the advancement of automatic creation of Markov models.

Lei CHEN,Jian JIAO,Tingdi ZHAO

DOI: https://doi.org/10.3969/j.issn.1001-506X.2017.06.16

2017-01-01

Abstract:The ultimate goal of model-based safety analysis (MBSA) is to implement the automated safety analysis based on semi-formal and formal models of the complex safety-critical system.There are many MBSA methods which contain all the relevant theory, techniques, tools and language used for modelling, safety verification and analysis.Implementation approaches of MBSA could be divided into two categories according to different models used in the safety analysis which means the different relationship between safety models and system models.One of the MBSA approach is based on the extended system model (ESM) and the other one is based on the failure logic modelling (FLM).The implementation of each approach is described.Advantages and boundedness of each approach are analyzed and indicated.Finally, the improvements for each way which could be carried out in the future are proposed.

Feng Zhang,Yongwang Zhao,Dianfu Ma,Wensheng Niu

DOI: https://doi.org/10.1109/access.2017.2770323

IF: 3.9

2017-01-01

IEEE Access

Abstract:AADL along with its Behavior Annex is an architecture and behavior description language for safety-critical domains, e.g. avionics, aerospace, and defence. In order to formally analyze behavior properties of AADL models, it is necessary to transform the AADL language into formal languages supported by formal verification tools. Moreover, comprehensive formal verification of AADL models highly requires that the transformation supports larger subset of the AADL language, as well as verification tools are able to capture various behavior of AADL, such as concurrency and timing. As an extended communicating sequential process (CSP), stateful timed CSP with its model checker-PAT provide an strongly expressive language and verification tool for real-time systems, distributed systems, and concurrent systems. This paper introduces a model transformation approach from a comparatively complete subset of AADL to stateful timed CSP, in particular supporting major components of AADL Behavior Annex. We propose a comprehensive set of transformation rules for AADL to stateful timed CSP. Then, we perform formal verification in PAT to analyze concurrent behavior properties of AADL models, such as safety, liveness, and trace refinement with various fairness assumptions, in which we consider time capacities, deadlines, periods of AADL threads and durations of AADL processes. As a study case, we develop an AADL model of F-16 “Auto Pilot Controller”and transform the model into Stateful Timed CSP. We specify a set of critical properties of the model and perform formal verification in PAT.

Zhe Chen,Gilles Motet

DOI: https://doi.org/10.48550/arXiv.0905.2355

2009-05-14

Software Engineering

Abstract:Most recent software related accidents have been system accidents. To validate the absence of system hazards concerning dysfunctional interactions, industrials call for approaches of modeling system safety requirements and interaction constraints among components and with environments (e.g., between humans and machines). This paper proposes a framework based on input/output constraint meta-automata, which restricts system behavior at the meta level. This approach can formally model safe interactions between a system and its environment or among its components. This framework differs from the framework of the traditional model checking. It explicitly separates the tasks of product engineers and safety engineers, and provides a top-down technique for modeling a system with safety constraints, and for automatically composing a safe system that conforms to safety requirements. The contributions of this work include formalizing system safety requirements and a way of automatically ensuring system safety.

Ana-Elena Rugina,Peter H. Feiler,Karama Kanoun,Mohamed Kaaniche

DOI: https://doi.org/10.48550/arXiv.0809.4109

2008-09-24

Abstract:Performing dependability evaluation along with other analyses at architectural level allows both making architectural tradeoffs and predicting the effects of architectural decisions on the dependability of an application. This paper gives guidelines for building architectural dependability models for software systems using the AADL (Architecture Analysis and Design Language). It presents reusable modeling patterns for fault-tolerant applications and shows how the presented patterns can be used in the context of a subsystem of a real-life application.

Software Engineering