Xiaomin Wei,Yunwei Dong,Xuelin Li,W. Eric Wong

DOI: https://doi.org/10.1016/j.jss.2017.06.018

IF: 3.5

2018-01-01

Journal of Systems and Software

Abstract:Software systems are becoming increasingly important in safety-critical areas. Designing safe software requires a significant emphasis on hazards in the early design phase of software development. In this paper, we propose a hazard analysis approach based on Architecture Analysis and Design Language (AADL). First, to make up the deficiencies of Error Model Annex (EMV2), we create Hazard Model Annex (HMA) to specify the hazard sources, hazards, hazard trigger mechanisms, and mishaps. By using HMA, a safety model can be built by annotating an architecture model with the error model and hazard model. Then, an architecture-level hazard analysis approach is proposed to automatically generate the hazard analysis table. The approach contains the model transformation from a safety model to a Deterministic Stochastic Petri Nets (DSPNs) model for calculating the occurrence probability of hazards and mishaps. In addition, we present the formal semantics for each constituent part of the safety model, define the model mapping rules, and verify the semantic preservation of the transformation. Finally, HMA is implemented to build safety models and two Eclipse plug-ins of our methodology are also implemented. A case study on a flight control software system has been employed to demonstrate the feasibility of our proposed technique. (C) 2017 Elsevier Inc. All rights reserved.

Xiaomin Wei,Yunwei Dong,Pengpeng Sun,Mingrui Xiao

DOI: https://doi.org/10.3390/electronics8020212

IF: 2.9

2019-01-01

Electronics

Abstract:As safety-critical systems, grid cyber-physical systems (GCPSs) are required to ensure the safety of power-related systems. However, in many cases, GCPSs may be subject to uncertain and nondeterministic environmental hazards, as well as the variable quality of devices. They can cause failures and hazards in the whole system and may jeopardize system safety. Thus, it necessitates safety analysis for system safety assurance. This paper proposes an architecture-level safety analysis approach for GCPSs applying the probabilistic model-checking of stochastic games. GCPSs are modeled using Architecture Analysis and Design Language (AADL). Random errors and failures of a GCPS and nondeterministic environment behaviors are explicitly described with AADL annexes. A GCPS AADL model including the environment can be regarded as a game. To transform AADL models to stochastic multi-player games (SMGs) models, model transformation rules are proposed and the completeness and consistency of rules are proved. Property formulae are formulated for formal verification of GCPS SMG models, so that occurrence probabilities of failed states and hazards can be obtained for system-level safety analysis. Finally, a modified IEEE 9-bus system with grid elements that are power management systems is modeled and analyzed using the proposed approach.

Kangfeng Ye,Fang Yan,Simos Gerasimou

2024-03-01

Abstract:Probabilistic model checking is a widely used formal verification technique to automatically verify qualitative and quantitative properties for probabilistic models. However, capturing such systems, writing corresponding properties, and verifying them require domain knowledge. This makes it not accessible for researchers and engineers who may not have the required knowledge. Previous studies have extended UML activity diagrams (ADs), developed transformations, and implemented accompanying tools for automation. The research, however, is incomprehensive and not fully open, which makes it hard to be evaluated, extended, adapted, and accessed. In this paper, we propose a comprehensive verification framework for ADs, including a new profile for probability, time, and quality annotations, a semantics interpretation of ADs in three Markov models, and a set of transformation rules from activity diagrams to the PRISM language, supported by PRISM and Storm. Most importantly, we developed algorithms for transformation and implemented them in a tool, called QASCAD, using model-based techniques, for fully automated verification. We evaluated one case study where multiple robots are used for delivery in a hospital and further evaluated six other examples from the literature. With all these together, this work makes noteworthy contributions to the verification of ADs by improving evaluation, extensibility, adaptability, and accessibility.

Logic in Computer Science,Formal Languages and Automata Theory,Software Engineering

Deming Song,Yunwei Dong,Fan Zhang,Hong Huo,Bin Gu

DOI: https://doi.org/10.1109/sere-c.2012.36

2012-01-01

Abstract:This paper focuses on safety model of embedded system architecture using AADL (Architecture Analysis and Design Language). For further integration of safety analysis and system modeling, we propose a new approach to evaluate and assess the safety property of embedded systems quantitatively. We establish the safety model of embedded systems by extending AADL with fault model, identify causal relationships between elementary failure modes, put forward the formal method to transform this safety model to DSPN (Deterministic Stochastic Petri Net) model for quantitative analysis and made transforming rules to support safety assessment automatically. A fire alarm system is discussed for further explanation.

Xiaomin Wei,Yunwei Dong,Mengmeng Yang,Ning Hu,Hong Ye

DOI: https://doi.org/10.1109/rtcsa.2014.6910512

2014-01-01

Abstract:Safety analysis is a significant aspect of safety critical embedded systems. In this paper, an architecture-based hazard analysis method is presented to support safety assessment for Architecture Analysis and Design Language (AADL) model of embedded systems during early development phases. For further improving the hazard analytical ability of AADL, Hazard Model Annex is created. In order to improve the quality of system and the software development process, a safety model can be established by extending AADL model with error model and hazard model to specify fault behavior and hazard behavior of system. Hazard factor can be identified in safety model through hazard analysis. Additionally, conversion rules and formal methods are formulated to transform safety model into Deterministic Stochastic Petri Net (DSPN) for quantitative analysis using an existing tool. Finally, a safety analysis table is generated for overall evaluation of hazards, including hazard risk acceptance level, to help engineers to eliminate or control component hazards in an acceptance level. A small case study, based on fire alarm system, is utilized to demonstrate the feasibility of hazard analysis method for AADL model.

Bin Gu,Yunwei Dong,Xiaomin Wei

DOI: https://doi.org/10.1109/SERE-C.2014.41

2014-01-01

Abstract:FMECA (Failure Modes, Effects and Criticality Analysis) is an effective systematic process to evaluate software safety. In this paper, the safety model of embedded systems is built by integrating the AADL (Architecture Analysis and Design Language) model with extension of Error Model Annex, and the FMECA is adopted as a qualitative safety analysis for AADL (Architecture Analysis and Design Language) model of embedded system based on AADL safety model. The traditional FMECA method is improved to be suitable for AADL model evaluation, and some safety properties are added into AADL error model annex in order to fill in FMECA check list automatically at AADL modeling design phase. On using the OVP (Over Voltage Protection) system, a case study is demonstrated the feasibility of modified FMECA for AADL model.

Jing Cheng,Yian Zhu,Huamin Qu,Wenbo Luo,Yechun Jiang,Tao Zhao

DOI: https://doi.org/10.3969/j.issn.1000-2758.2014.06.035

2014-01-01

Abstract:We propose a new model-based software safety analysis method, which can analyze software safety early in the software design phase.Firstly we define the rules for transforming the AADL error model into expanded Mark-ov chain;the probabilities of different level component′s safety states can be calculated with Markov model.AADL can define software system error behavior model in terms of the subcomponent error models, then safety of software system can be got directly in terms of subcomponent safeties.Finally an example is given to explain the use of the measurement method.

Hongbing Zhao,Deming Song,Yunwei Dong

DOI: https://doi.org/10.1109/qsic.2012.55

2012-01-01

Abstract:This paper focuses on safety model of embedded system architecture using AADL (Architecture Analysis and Design Language). It achieves both the foundation of fault model annex to specify safety requirements and the transformation from AADL safety model to DSPN (Deterministic Stochastic Petri Net) model. Then AADL architecture safety computation model can be accessed by the means of numerical simulation. To support safety assessment automatically, this paper designs and implements an AADL Safety Assessment Tool, shorted by ASAT. It is integrated into the OSATE (the Open Source AADL Tool Environment) and uses Time NET to achieve the safety assessment of DSPN model. Meanwhile, this paper presents a case study of OVP (Over Voltage Protection) system on the safety analysis and assessment to show the scenario of ASAT performance.

Kai Hu,Teng Zhang,Zhibin Yang,Wei-Tek Tsai

DOI: https://doi.org/10.1016/j.sysarc.2015.02.003

2015-01-01

Abstract:hitecture Analysis and Design Language (AADL) is often used to model safety-critical real-time systems. Model transformation is widely used to extract a formal specification so that AADL models can be verified and analyzed by existing tools. Timed Abstract State Machine (TASM) is a formalism not only able to specify behavior and communication but also timing and resource aspects of the system. To verify functional and nonfunctional properties of AADL models, this paper presents a methodology for translating AADL to TASM. Our main contribution is to formally define the translation rules from an adequate subset of AADL (including thread component, port communication, behavior annex and mode change) into TASM. Based on these rules, a tool called AADL2TASM is implemented using Atlas Transformation Language (ATL). Finally, a case study from an actual data processing unit of a satellite is provided to validate the transformation and illustrate the practicality of the approach.

Ming-rui Xiao,Yun-wei Dong,Qian-wen Gou,Feng Xue,Yong-hua Chen

DOI: https://doi.org/10.1631/FITEE.2000428

IF: 2.526

2020-01-01

Frontiers of Information Technology & Electronic Engineering

Abstract:Cyber-physical systems (CPSs) are becoming increasingly important in safety-critical systems. Particular risk analysis (PRA) is an essential step in the safety assessment process to guarantee the quality of a system in the early phase of system development. Human factors like the physical environment are the most important part of particular risk assessment. Therefore, it is necessary to analyze the safety of the system considering human factor and physical factor. In this paper, we propose a new particular risk model (PRM) to improve the modeling ability of the Architecture Analysis and Design Language (AADL). An architecture-based PRA method is presented to support safety assessment for the AADL model of a cyber-physical system. To simulate the PRM with the proposed PRA method, model transformation from PRM to a deterministic and stochastic Petri net model is implemented. Finally, a case study on the power grid system of CPS is modeled and analyzed using the proposed method.

Abeer Saeed Abdo Hadad,Chunyan Ma,Adeeb Abdulwakeel Obadi Ahmed

DOI: https://doi.org/10.1109/access.2020.2987972

IF: 3.9

2020-01-01

IEEE Access

Abstract:AADL is widely used to depict the architecture and behavior of real-time safety-critical systems such as avionics and aerospace. The development of these systems has strict requirements for building fault-free systems. Formal verification is frequently applied to verify the critical properties of the systems, such as safety and liveness; however, the formal verification is not supported by AADL. Model transformation is commonly applied to provide formal semantics; hence, the AADL model can be verified by a language that supports formal verification in addition to the ability to cover all AADL model behavior. Event-B, with its proof obligation, is increasingly used to model and verify safety-critical systems. This paper presents the transformation of the AADL model into Event-B, which captures most AADL components and behavioral actions to be effective in the verification of current real-time systems models. Then, we define theorems and invariants of safety and liveness properties to be proven by using the RODIN platform. To demonstrate the efficacy of our method, we model the AADL of movement authority (MA) control of the Chinese Train Control System, transform the AADL model to Event-B and verify its crucial properties.

Yue Li,Yian Zhu,Chunyan Ma,Meng Xu

DOI: https://doi.org/10.1007/978-3-642-23496-5_18

2011-01-01

Abstract:System safety analysis based on fault tree has been widely used for providing assurance to the stringent safety requirement of safety-critical systems. Generating fault trees from models described in AADL, a promising standard language for modeling complicated embedded system, would realize the automation of system safety analysis which is traditionally performed manually. This paper proposes a whole method for constructing fault trees from AADL models, whose main idea is to extract fault information from AADL models by dynamically tracing the possible fault sources of the specified fault objective, store them into a proposed database structure, and then construct fault trees based on the extracted fault information in the database structure. Further, the challenge posed by the common problems of deadlock and fault tree sharing is resolved by one algorithm called Sharing_Label in our method. We prove the correctness of the whole method theoretically.

CHEN Feng,LI Weihua,CHEN Hao,L(U) Zheng

2011-01-01

Abstract:In order to improve the analysis and design of software safety,on the basis of current researches on safety model and verification technology,a modeling and checking method is proposed for object-oriented software safety.Establishing non-formal UML models of software safety,safety extended deterministic finite automata and linear temporal logic are used to create the formal models and describe the safety properties separately.Through a model checker,we get the verification result.This approach realizes the combination of software safety model and verification technology.Experimental results show that the method can analyze and verify the safety properties effectively in the early stage of software design.

CHEN Feng,LI Wei-hua

2011-01-01

JOURNAL OF NORTHWEST UNIVERSITY(NATURAL SCIENCE EDITION)

Abstract:Aim To analyze and verify the software safety models effectively in the early stage of software design and development.Methods The methods for software safety analysis,derification and fomal modeling prooide that.Results A safety extended deterministic finite automata,SEDFA,is introduced.On the base of establishing security-related non-formal model by UMLsec,the sequence diagram,which expresses the security interaction,can be depicted by SEDFA.Firstly,the automata of signal object are created.Secondly,the product automaton of objects is constructed,and the SEDFA which indicates the complete interaction of the system is obtained.Conclusion It provides the foundation for the system safety property verification and achieving software safety test sases is the fatare work.

Yang Cao,Yunwei Dong,Xiaomin Wei,Xiao Wu

DOI: https://doi.org/10.1109/QRS-C.2019.00080

2019-01-01

Abstract:In the system architecture design phase, there may be flaws introduced by the access control design. The flaws make the system design vulnerable. Vulnerabilities that are not detected during the design phase will be taken to the subsequent phases of the system development. This reduces system security and leads to more repair cost. In order to detect the access control flaws in the design phase as early as possible, we propose the security analysis method using Architecture Analysis and Design Language (AADL). This method analyzes the access control policies between components. It can analyze and detect the access control flaws in the AADL architecture model. For describing the access control policies, vulnerability model annex is created. We use a case study, based on a module from an aircraft intelligent information system, to introduce the application of modeling and analysis methods.

Yu Tan,Yongwang Zhao,Dianfu Ma,Xuejun Zhang

DOI: https://doi.org/10.1155/2022/2079880

2021-01-01

IOP Conference Series Earth and Environmental Science

Abstract:In safety-critical fields, architectural languages such as AADL (Architecture Analysis and Design Language) have been playing an important role, and the analysis of the languages and systems designed by them is a challenging research topic. At present, a formal method has become one of the main practices in software engineering for strict analysis, and it has been applied on the tools of formalization and analysis. The formal method can be used to find and resolve the problems early by describing the system with precise semantics and validating the system model. This article studies the comprehensive formal specification and verification of AADL with Behavior annex by the formal method. The presentation of this specification and semantics is the aim of this article, and the work is illustrated with an ARINC653 model case study in Isabelle/HOL.

Luxi Chen,Linpeng Huang,Chen Li,Linzhu Wu,Weichao Luo

DOI: https://doi.org/10.1109/compsac.2014.35

2014-01-01

Abstract:Architectural design modeling has emerged as a discipline in a complex system development. To implement early safety analysis, techniques for architectural design have been extended to concern the safety property. Various safety standard profiles, quantitative and qualitative analysis methods are proposed for assessment. However, few of them focuses on the feedback of the safety properties or analysis results on the adjustment to improve original architecture. In this paper, we present an approach to combine safety analysis with architecture modeling. First, we extend the meta-model of our architecture description language - Breeze/ADL with safety elements for design. Second, safety specifications are generated from Breeze/ADL, and then to be converted into Open FTA for FTA (Fault Tree Analysis). Our Breeze/ADL also supports rule definitions to adjust the architecture, to cope with safety problems. Moreover, model checking will be applied to verify the correctness of the adjustment. Finally, the tool Breeze/SA demonstrates the feasibility of our approach.

Mingsong Chen

DOI: https://doi.org/10.1109/TCAD.2017.2681076

IF: 2.9

2017-01-01

IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems

Abstract:The hybrid architecture analysis and design language (AADL) has been proposed to model the interactions between embedded control systems and continuous physical environment. However, the worst-case performance analysis of hybrid AADL designs often leads to overly pessimistic estimations, and is not suitable for accurate reasoning about overall system performance, in particular when the system clos...

Nan Jiang,Guoqi Li,Bin Liu

DOI: https://doi.org/10.1109/ICSESS.2016.7883097

2016-01-01

Abstract:As the complexity of the safety-critical system grows, the difficulty for safety engineers to validate and ensure system safety increases too. Formal languages have been introduced as an alternative to natural language (NL) requirement descriptions. Sometimes, the safety requirements are put forward in natural language such as requirements from stakeholders and nonexperts. The transformation and verification work of the requirements are completed manually. A tool called DODT can semi-automatically transforms NL requirements into semi-formal boilerplate requirements which reduce the manual work of transformation largely. Alloy is a formal modeling language which is amenable to automatic analyses. We use it as a tool to make safety analysis taking benefit from the model-based aspect of Alloy and its expressiveness for the specification of the properties to check. In this paper, we combine DDOT with Alloy. The attributes we use in boilerplates can be transformed into Alloy sentences easily. Hence, the formal requirements can be expressed in Alloy easily and checked by Alloy Analyzer, reducing manual work largely. Last, we illustrate our method with a fire detection system.

Zhibin Yang,Kai Hu,Dianfu Ma,Jean-Paul Bodeveix,Lei Pi,Jean-Pierre Talpin

DOI: https://doi.org/10.1016/j.jss.2014.02.058

IF: 3.5

2014-01-01

Journal of Systems and Software

Abstract:Architecture Analysis and Design Language (AADL) is an architecture description language standard for embedded real-time systems widely used in the avionics and aerospace industry to model safety-critical applications. To verify and analyze the AADL models, model transformation technologies are often used to automatically extract a formal specification suitable for analysis and verification. In this process, it remains a challenge to prove that the model transformation preserves the semantics of the initial AADL model or, at least, some of the specific properties or requirements it needs to satisfy. This paper presents a machine checked semantics-preserving transformation of a subset of AADL (including periodic threads, data port communications, mode changes, and the AADL behavior annex) into Timed Abstract State Machines (TASM). The AADL standard itself lacks at present a formal semantics to make this translation validation possible. Our contribution is to bridge this gap by providing two formal semantics for the subset of AADL. The execution semantics provided by the AADL standard is formalized as Timed Transition Systems (ITS). This formalization gives a reference expression of AADL semantics which can be compared with the TASM-based translation (for verification purpose). Finally, the verified transformation is mechanized in the theorem prover Coq. (C) 2014 Elsevier Inc. All rights reserved.