LV Yun-hua,ZHANG San-yuan,YE Xiu-zi

DOI: https://doi.org/10.3969/j.issn.1002-6886.2006.03.012

2006-01-01

Abstract:Finite state machine is needed in nearly all the CAD system. switch,case clause are used to design the corresponding statechart diagrams in normal CAD systems. But it can easily cause logical confusion and it is difficult for developers to design and test the modules of the statemachine. To some extent,it will prevent us from synactic developing. A normal finite state machine can be designed just as draw a statechart diagrams with the machine class mentioned in the paper,and with lesslogical confusion. The nested state machine based on the normal state machine allows synatic developing and module testing, it can improve the efficiency of development.

Ying Liu,Dongqin Feng

DOI: https://doi.org/10.1109/iccasit48058.2019.8973161

2019-01-01

Abstract:Computer network technology has been increasingly infiltrated into the industrial control system and made the security problems more complex and changeable. Network security situation awareness technology can perceive the real-time threats that the network faced, and provide reliable basis for decision-making. This paper mainly focuses on the situation assessment and introduces finite state machine and fuzzy logic theory. Finite state machine can intuitively show the internal state transition of the industrial control system and detect the malicious packet attack's type and severity. Fuzzy logic balances the semantic fuzziness and event uncertainty in the process of situation assessment, fuses the output data of the state machine and obtains the threat level which is helpful for decision analysis. Proved, the method proposed in this paper can give a reasonable and accurate security assessment of industrial control system.

Zhe Chen,Gilles Motet

DOI: https://doi.org/10.1109/depend.2009.18

2009-06-01

Abstract:Safety is an important element of dependability. It is defined as the absence of accidents. Most accidents involving software-intensive systems have been system accidents, which are caused by unsafe inter-system or inter-component interactions. To validate the absence of system hazards concerning dysfunctional interactions, industrials call for approaches of modeling system safety requirements and interaction constraints among components. This paper proposes such a formalism, namely interface control systems (or shortly C-Systems). An interface C-System is composed of an interface automaton and a controlling automaton, which formalizes safe interactions and restricts system behavior at the meta level. This framework differs from the framework of traditional model checking. It explicitly separates the tasks of product engineers and safety engineers, and provides a top-down technique for modeling a system with safety constraints, and for automatically composing a safe system that conforms to safety requirements. The contributions of this work include formalizing safety requirements and a way of automatically ensuring system safety.

Weigang Ma,Xinhong Hei

DOI: https://doi.org/10.1109/ICCASM.2010.5620084

2010-01-01

Abstract:A modeling and verification methodology is presented for railway interlocking system which is regarded as a safety-critical system. The methodology utilizes UML (Unified Modeling Language) to model the function requirement and FSM (Finite State Machine) to verify the safety requirements of the specification. The device specifications of railway interlocking system are modeled with UML, and dynamic behaviors of the device and whole system are modeled with FSM, the safety specification is translated LTL (Linear Temporal Logic) and analyzed with NuSMV. We try to show the feasibility of improving the reliability and reducing revalidation efforts when designing and developing a decentralized railway signaling system.

Zhe Chen,Gilles Motet

DOI: https://doi.org/10.48550/arXiv.0905.2355

2009-05-14

Software Engineering

Abstract:Most recent software related accidents have been system accidents. To validate the absence of system hazards concerning dysfunctional interactions, industrials call for approaches of modeling system safety requirements and interaction constraints among components and with environments (e.g., between humans and machines). This paper proposes a framework based on input/output constraint meta-automata, which restricts system behavior at the meta level. This approach can formally model safe interactions between a system and its environment or among its components. This framework differs from the framework of the traditional model checking. It explicitly separates the tasks of product engineers and safety engineers, and provides a top-down technique for modeling a system with safety constraints, and for automatically composing a safe system that conforms to safety requirements. The contributions of this work include formalizing system safety requirements and a way of automatically ensuring system safety.

Lu Chen,Jian Jiao,Jiping Fan,Fuchun Ren

DOI: https://doi.org/10.1109/rams.2016.7447978

2016-01-01

Abstract:Fault propagation identification is an indispensable task in complex system safety analysis. With the growing of system scale and complexity, it is hard for the traditional safety analysis techniques, which depend mainly on analysts' personal skills and experiences, to keep completeness and timeliness; moreover, some failure modes may be neglected and failure effects misjudged during the analysis. Formal science provides a new way to solve this problem, where formal verification method such as model checking can automatically validate whether the system design satisfies the given safety requirements, which can reduce an analysts' repetitive work and design cost, and improve the efficiency and quality of safety analysis. However, there is lack of a deliberate and reasonable way to build system models because of the diversity and flexibility of languages used for model checking, which results in that it is difficult to specify and model system quickly and accurately, and leads to some deviation in model checking. In this paper, a system modeling and safety property specifying approach using symbolic language SMV is proposed, including guidance on the mapping relationships between the formal language elements and system functions, architecture and failure modes; moreover, how to define system specifications and safety requirements using temporal logic formulas is discussed as well. Finally, a case study about airborne system safety analysis is provided, in which the counter-examples that do not meet system specifications can be identified automatically using model checker NuSMV to find out fault events and their propagation that can result in accidents.

Martin Kardos,Yuhong Zhao

DOI: https://doi.org/10.1007/1-4020-8149-9_3

2004-01-01

Abstract:System level design incorporating system modeling and formal specification in combination with formal verification can substantially contribute to the correctness and quality of the embedded systems and consequently help reduce the development costs. Ensuring the correctness of the designed system is, of course, a crucial design criterion especially when complex distributed (realtime) embedded systems are considered. Therefore, this paper aims at presenting a verification framework designated for formal verification and validation of UML-based design of embedded systems. It first introduces an approach of using the AsmL language for acquiring formal models of the UML semantics and consequently presents an on-the-fly model checking technique designed to run the formal verification directly over those semantic models.

Weigang Ma,Xinhong Hei

DOI: https://doi.org/10.2991/iccasm.2012.212

2012-01-01

Abstract:A verification methodology is presented for railway interlocking system which is regarded as a safety-critical system.The methodology utilizes UML to model the function requirement and LTL to verify the safety requirements of the specification.The device specifications of railway interlocking system are modeled with UML, then translate into FSM.The safety specification is translated LTL and analyzed with NuSMV.We try to show the feasibility of improving the reliability and reducing revalidation efforts when designing and developing a decentralized railway signaling system.

Bingfeng XU,Zhiqiu HUANG,Jun HU,Xiaofeng YU

DOI: https://doi.org/CNKI:11-1929/V.20120201.0941.002

2012-01-01

Abstract:Current research of airborne software focuses on providing airworthiness certification evidence in software development process. As modern complex airborne software architecture is component-based and distributed, this paper considers the issue of checking the safety dependence relationship of software components against objectives that the airworthiness certification standard stipulates, which is one of the key problems of airborne software development in the design phase. Firstly, the static structure of a system is specified by a systems modeling language (SysML) block definition diagram with the description of safety properties. Secondly, the SysML block definition diagram is transformed to a block dependence graph for precise formal description. Thirdly, a method for checking the consistency between the safety dependence relationship in the static system structure and objectives of the airworthiness certification standard is proposed. Finally, an example of an aircraft navigation system is provided to illustrate how to use the method in the airborne software development process. The integrated safety level of a system is promoted by applying this method, and it can be used to provide airworthiness certification evidence.

Étienne André,Shuang Liu,Yang Liu,Christine Choppy,Jun Sun,Jin Song Dong

DOI: https://doi.org/10.1145/3579821

2024-07-24

Abstract:The Unified Modeling Language (UML) is a standard for modeling dynamic systems. UML behavioral state machines are used for modeling the dynamic behavior of object-oriented designs. The UML specification, maintained by the Object Management Group (OMG), is documented in natural language (in contrast to formal language). The inherent ambiguity of natural languages may introduce inconsistencies in the resulting state machine model. Formalizing UML state machine specification aims at solving the ambiguity problem and at providing a uniform view to software designers and developers. Such a formalization also aims at providing a foundation for automatic verification of UML state machine models, which can help to find software design vulnerabilities at an early stage and reduce the development cost. We provide here a comprehensive survey of existing work from 1997 to 2021 related to formalizing UML state machine semantics for the purpose of conducting model checking at the design stage.

Software Engineering,Logic in Computer Science

Xiaohua Li,Gang Wang,Lin Xiao,Maosheng Ding

DOI: https://doi.org/10.1109/TDC.2005.1547134

2005-01-01

Abstract:This paper gives a new more practical software reliability model based on architectures of software components. This model uses semi-Markov chain and can give the quantitative evaluation about the digital protection's software. It analyzes the relation between the material architecture of software's modules and the reliability of software, then changes the model into a semi-Markov one based on the architecture of software's modules. Besides having the characters of the former model, this one have the ability to emulate the reliability in the situation which is the software having complex architecture or the system having the capability about paratactic calculating. Furthermore, the variable parameter method is used to study the sensitivity in order to find the vital factors of reliability. An example is given to demo the proposed techniques. The calculation results prove that the algorithm is viable. © 2005 IEEE.

ZHENG Zhong,QIU Xin-xi,CHEN Xiang-xian,HUANG Hai

DOI: https://doi.org/10.3969/j.issn.1000-3428.2013.03.007

2013-01-01

Abstract:In order to overcome the verification and test difficulties caused by the absence of sensors when developing safety computer systems,a model-based simulation system for safety computer system is presented.Modeling on real sensors to control real hardware,by the method of combination of hardware and software,the simulation system provides actual physical input and output signals for safety computer system.At the same time,by modifying the model parameters,it can provide no damage fault injection for safety computer systems.The test results show that the simulation system can effectively verify the security,reliability and availability of safety computer systems and can speed up the development process of safety computer systems.

Étienne André,Shuang Liu,Yang Liu,Christine Choppy,Jun Sun,Jin Song Dong

DOI: https://doi.org/10.1145/3579821

IF: 16.6

2023-01-17

ACM Computing Surveys

Abstract:The Unified Modeling Language (UML) is a standard for modeling dynamic systems. UML behavioral state machines are used for modeling the dynamic behavior of object-oriented designs. The UML specification, maintained by the Object Management Group (OMG), is documented in natural language (in contrast to formal language). The inherent ambiguity of natural languages may introduce inconsistencies in the resulting state machine model. Formalizing UML state machine specification aims at solving the ambiguity problem and at providing a uniform view to software designers and developers. Such a formalization also aims at providing a foundation for automatic verification of UML state machine models, which can help to find software design vulnerabilities at an early stage and reduce the development cost. We provide here a comprehensive survey of existing work from 1997 to 2021 related to formalizing UML state machine semantics for the purpose of conducting model checking at the design stage.

computer science, theory & methods

Andrey Morozov,Thomas Mutzke,Kai Ding

DOI: https://doi.org/10.1115/1.4051781

2021-07-14

Abstract:Abstract Modern technical systems consist of heterogeneous components, including mechanical parts, hardware, and the extensive software part that allows the autonomous system operation. The heterogeneity and autonomy require appropriate models that can describe the mutual interaction of the components. UML and SysML are widely accepted candidates for system modeling and model-based analysis in early design phases, including the analysis of reliability properties. UML and SysML models are semi-formal. Thus, transformation methods to formal models are required. Recently, we introduced a stochastic Dual-graph Error Propagation Model (DEPM). This model captures control and data flow structures of a system and allows the computation of advanced risk metrics using probabilistic model checking techniques. This article presents a new automated transformation method of an annotated State Machine Diagram, extended with Activity Diagrams, to a hierarchical DEPM. This method will help reliability engineers to keep error propagation models up to date and ensure their consistency with the available system models. The capabilities and limitations of transformation algorithm is described in detail and demonstrated on a complete model-based error propagation analysis of an autonomous medical patient table.

Hezhen Liu,Jiacheng Yin,Chengqiang Huang,Hao Lan,Zhi Jin,Zheng,Xun Zhang

DOI: https://doi.org/10.1109/issrew60843.2023.00045

2023-01-01

Abstract:Previous studies suggest that the combination of model-based fault injection and model checking can effectively detect the dependability bottlenecks and verify the fault-tolerance capability of systems at very early phases of their lifecycles. However, a challenge of applying such techniques in the industry is that semi-formal modeling languages like UML cannot easily support automated analysis and formal verification. To address this challenge, we propose a fault injection and verification framework based on UML sequence diagrams. The idea is to create formal models from sequence diagrams as well as predefined fault models, and then run a model checker to check if specific properties are violated. With an exhaustive exploration of a system’s states and fault space by the model checker, the approach ensures complete, automated reasoning on failure modes and effects. The framework also allows the designs of additional recovery actions to tolerate faults and then the verification of the updated models. The framework separates manual and automated activities, providing a guide to the practices of developers and the development of the support tool. We conduct a study on an industrial case and demonstrate that by the proposed approach, critical design flaws are revealed.

Lu Chen,Jian Jiao,Qianxin Wei,Tingdi Zhao

DOI: https://doi.org/10.1016/j.engfailanal.2017.06.034

IF: 4

2017-01-01

Engineering Failure Analysis

Abstract:It is important to analyze the failure in safety-critical system because a disaster may occur once any type of failure mode and/or failure effect is neglected or misjudged. In order to conduct the failure analysis more effectively and efficiently, the concept of formal modeling is introduced. This paper improved the model-based safety analysis (MBSA) working process to optimize the formal failure analysis approach of safety-critical system. As the core works of MBSA process, the formal modeling and model extension aim to build an integrated system model which can be used for analyzing the failure behaviors in the system by model checking. However, in order to automatically check if there are any potential failures in the structured system model and whether the model satisfies the specified system properties and requirements using model checker, model transformation is normally needed, which can introduced potential errors during the transformation. Moreover, different model checkers generally require the system models to be expressed in a particular input language, which increases the difficulty of modeling as well. In order to avoid these problems and improve the efficiency of failure analysis work, this paper focused on how to build an unified model of safety-critical system quickly and accurately using symbolic language SMV, and conduct automatic verification using the corresponding open-source model checker NuSMV soon afterwards. After the model checking, the formal verification results such as counter-examples generated by model checking need to be transformed into traditional failure analysis artifacts, such as FMEA and/or FTA, to guide the iterative improvement of system development conveniently. Therefore, to solve the transformation from formal verification conclusions to traditional failure analysis results is another key point of this paper. Finally, a case study about airborne equipment is provided to validate the proposed method.

WEI Zhen,LU Yang,TANG Jun,BAO Hong-jie

DOI: https://doi.org/10.3321/j.issn:0372-2112.2009.05.019

2009-01-01

Abstract:Flat shunting is a type of discrete event systems in the process of railway dispatching.It is very important that software of any flat shunting system have high reliability and high testability for ensuring transportation safety.For that goal,it is necessary to build a kind of regular design methods for software of flat shunting systems.In this paper,the complexity of event driving in the process of flat shunting and the limitation of description with natural language are analyzed.Therefore new descriptions of some processes in a flat shunting system with automaton models are proposed.In detail,the relationships between a flat shunting system and timed automata(TA),pushdown automata(PDA) and the structure of layered automata are discussed.On the basis of explaining the partition of states,the data structure and the flow of state transition,a design method of flat shunting systems based on automaton models is built.

Katja Tuma,Sven Peldszus,Daniel Strüber,Riccardo Scandariato,Jan Jürjens

DOI: https://doi.org/10.1007/s10270-022-00991-5

2022-03-18

Abstract:Abstract It is challenging to verify that the planned security mechanisms are actually implemented in the software. In the context of model-based development, the implemented security mechanisms must capture all intended security properties that were considered in the design models. Assuring this compliance manually is labor intensive and can be error-prone. This work introduces the first semi-automatic technique for secure data flow compliance checks between design models and code. We develop heuristic-based automated mappings between a design-level model (SecDFD, provided by humans) and a code-level representation (Program Model, automatically extracted from the implementation) in order to guide users in discovering compliance violations, and hence, potential security flaws in the code. These mappings enable an automated , and project-specific static analysis of the implementation with respect to the desired security properties of the design model. We developed two types of security compliance checks and evaluated the entire approach on open source Java projects.

computer science, software engineering

ZHOU Ying,ZHENG Guo-liang,LI Xuan-dong

DOI: https://doi.org/10.3321/j.issn:0372-2112.2003.z1.034

2003-01-01

Abstract:The state machine formalism in UML is used for modeling discrete behavior of various system elements.Its rich notation provides a powerful description mechanism which meanwhile decreases modality of its structure and increases verifying complexity.Model checking is a technique for automatically verifying finite-state concurrent systems.By model checking the behavior of various system elements described by SM,we can find design errors as soon as possible.This paper defines an operational semantics for SM using Kripke structure in order to model checking SM.Different from existing SM semantics definitions,this paper takes undetermined factors in SM into consideration .SM is translated into kripke structure that describes all possible evolving traces on which model checker checks.

Lei CHEN,Jian JIAO,Tingdi ZHAO

DOI: https://doi.org/10.3969/j.issn.1001-506X.2017.06.16

2017-01-01

Abstract:The ultimate goal of model-based safety analysis (MBSA) is to implement the automated safety analysis based on semi-formal and formal models of the complex safety-critical system.There are many MBSA methods which contain all the relevant theory, techniques, tools and language used for modelling, safety verification and analysis.Implementation approaches of MBSA could be divided into two categories according to different models used in the safety analysis which means the different relationship between safety models and system models.One of the MBSA approach is based on the extended system model (ESM) and the other one is based on the failure logic modelling (FLM).The implementation of each approach is described.Advantages and boundedness of each approach are analyzed and indicated.Finally, the improvements for each way which could be carried out in the future are proposed.