Zhen Li,Zhengqi Jiang,Dongsheng Wang,Zhaobin Wang

DOI: https://doi.org/10.1109/access.2020.3022016

IF: 3.9

2020-01-01

IEEE Access

Abstract:With the increasing scale and complexity of system, it is very necessary to analyze the safety of complex system. Fault tree is an effective method to safety analysis. However, traditional fault tree relies on manual construction and analysis. When fault nodes and systems are complex, the efficiency and correctness of manual analysis can hardly be guaranteed. To the varied understanding of analysts, it is difficult to ensure the consistency of failure mode and system architecture due to the different understanding from safety analysts and system designers. The same node needs fault analysis again in different systems, which has poor reusability and low efficiency. AltaRica is a fault-oriented Safety Modeling Language. It takes the guard transformation system(GTS) as its core, describes nodes and faults with a style of reusable object-oriented language, and describes information of interaction between nodes and systems through interface connections between nodes and nested systems. Therefore, this paper proposed an automatic system modeling and fault analysis method and its detailed computer algorithm on single class node, multiple nodes and nodes with subsystems based on AltaRica. Finally we developed a software prototype and carry out the automatic modeling and fault analysis in a detailed example. The results showed that the proposed method, algorithm and software prototype can realize automatic graphical modeling of the system on AltaRica, the automatic fault analysis is correct and efficient, has reusability of modeling and fault analysis, and greatly improve the accuracy, objectivity and efficiency of fault modeling and analysis.

Kai Hu,Teng Zhang,Zhibin Yang,Wei-Tek Tsai

DOI: https://doi.org/10.1016/j.sysarc.2015.02.003

2015-01-01

Abstract:hitecture Analysis and Design Language (AADL) is often used to model safety-critical real-time systems. Model transformation is widely used to extract a formal specification so that AADL models can be verified and analyzed by existing tools. Timed Abstract State Machine (TASM) is a formalism not only able to specify behavior and communication but also timing and resource aspects of the system. To verify functional and nonfunctional properties of AADL models, this paper presents a methodology for translating AADL to TASM. Our main contribution is to formally define the translation rules from an adequate subset of AADL (including thread component, port communication, behavior annex and mode change) into TASM. Based on these rules, a tool called AADL2TASM is implemented using Atlas Transformation Language (ATL). Finally, a case study from an actual data processing unit of a satellite is provided to validate the transformation and illustrate the practicality of the approach.

Ying Wang,Dianfu Ma,Yongwang Zhao,Lu Zou,Xianqi Zhao

DOI: https://doi.org/10.1109/COMPSAC.2011.36

2011-01-01

Abstract:Avionics software is safe-critical embedded software and its architecture is evolving from traditional federated architectures to Integrated Modular Avionics (IMA) to improve resource usability. ARINC653, as a standard widely employed in the avionics industry, supports partitioning concepts in accordance with the IMA philosophy. To insure the development of the avionics software constructed on ARINC653 operating system with high reliability and efficiency, we propose a model-driven design methodology based on Architecture Analysis &Design Language (AADL) for ARINC653 system. This paper focus on the modeling parts of this methodology which main feature is separating the abstract application function logic represented by AADL Platform-Independent Model (AADL PIM) from the concrete execution architecture represented by AADL Model for ARINC653 (AADL653). Additionally, we provide a refined transformation framework with formally transformation rules to transform AADL PIM to AADL653 automatically and the transformation result model AADL653 can then be used for analysis, verification and code generation.

Miaosen Wang,Yuan Xue,Kang Wang

DOI: https://doi.org/10.1155/2022/6424057

2022-05-27

Abstract:Throughout the world, the reliability-based approach to safety design of aircraft systems is quite mature and widely used. However, there are still shortcomings in the reliability-based aircraft system safety analysis method. It cannot dynamically analyze the accident evolution process and lack consideration of the complex situation of multifactor coupling. On the basis of the original aircraft system safety analysis method, this paper innovatively proposes a functional hazard analysis (FHA) method based on the analytic hierarchy process (AHP) and multifactor fuzzy comprehensive assessment (FCA). The purpose is to improve the objectivity and quantification of the FHA method in the safety design of aircraft systems. At the same time, in the terminal airworthiness verification, this paper proposes a repeatable and controllable virtual test flight verification method, which aims to reduce the cost and cycle of the terminal airworthiness verification and expand the coverage of the envelope verification. Finally, combined with the clauses in MIL-HDBK-516B, a case calculation is carried out to verify the feasibility of the proposed method.

Lu Chen,Jian Jiao,Jiping Fan,Fuchun Ren

DOI: https://doi.org/10.1109/rams.2016.7447978

2016-01-01

Abstract:Fault propagation identification is an indispensable task in complex system safety analysis. With the growing of system scale and complexity, it is hard for the traditional safety analysis techniques, which depend mainly on analysts' personal skills and experiences, to keep completeness and timeliness; moreover, some failure modes may be neglected and failure effects misjudged during the analysis. Formal science provides a new way to solve this problem, where formal verification method such as model checking can automatically validate whether the system design satisfies the given safety requirements, which can reduce an analysts' repetitive work and design cost, and improve the efficiency and quality of safety analysis. However, there is lack of a deliberate and reasonable way to build system models because of the diversity and flexibility of languages used for model checking, which results in that it is difficult to specify and model system quickly and accurately, and leads to some deviation in model checking. In this paper, a system modeling and safety property specifying approach using symbolic language SMV is proposed, including guidance on the mapping relationships between the formal language elements and system functions, architecture and failure modes; moreover, how to define system specifications and safety requirements using temporal logic formulas is discussed as well. Finally, a case study about airborne system safety analysis is provided, in which the counter-examples that do not meet system specifications can be identified automatically using model checker NuSMV to find out fault events and their propagation that can result in accidents.

Qiong Song,Guoqiang Cai,Limin Jia

DOI: https://doi.org/10.1109/liss.2016.7854553

2016-01-01

Abstract:This paper based on the theory of reliability centered maintenance (RCM) techniques aimed to verify the analysis results obtained by GO-Bayes method. This paper addresses the problem of establishing Monte Carlo simulation model to simulate the braking system. Metro vehicle braking system has been selected as it is one of the most complex and high-technology systems among all devices of train vehicles with high requirement on safety. As a whole, GO-Bayes analytical method has the accurate results which are consistent with Monte Carlo simulation, with the increase of simulation, its results will be closer to analytical calculated value.

Jian-hua Zheng,Di Li,Su-hua Xiao,Fang Li

DOI: https://doi.org/10.3321/j.issn:1000-565X.2009.04.016

2009-01-01

Abstract:The traditional code-centered development methods of CNC systems have made the system testing lag behind. They cannot guarantee system performances and often result in an increase in the development cost. To solve this problem, a new approach, which transforms the domain model to another model discerned by a third-party verification tool (Matlab or UPPAAL), is proposed to guarantee the system reliability in the model layer. In this approach, several strategies including the rule definition based on the meta-model layer, the dynamic semantic attaching and the operation based on the design pattern are presented to meet the specific requirements for the semantic retentivity as well as the transformation consistency, terminability and extensibility of the model transformation. Then, a theoretical framework for the model transformation and two realization methods respectively with the point-to-point and the two-step transformations are described. An example of the model transformation from a CNC working mode model to a StateFlow model is finally presented to verify the feasibility and accuracy of the framework and its realization in terms of the modeling language construction, the mapping rule definition and the algorithm design.

Li Qiuyan,Tian Jie,Pei Qiuhong,Wu Ji

DOI: https://doi.org/10.1109/iccsn.2011.6014264

2011-01-01

Abstract:AADL supports standard accurate modeling of embedded systems and has been widely used in the embedded field. However, as a new modeling language, modeling and analysis tools of AADL are not mature enough. In the field of software engineering, the method and tool about UML model have been developed widely, so we consider designing a transformation method. This method define a complete meta-model for AADL error model and implement the automatic transformation from the AADL model to UML model. Our research makes the method and tool for UML model reused in the AADL model, expands the application scope of AADL model, and reduces the development cost of AADL modeling. Finally, the potential research directions are discussed.

支小莉,陆鑫达,戎璐

DOI: https://doi.org/10.3969/j.issn.1000-3428.2004.16.003

2004-01-01

Abstract:This paper proposes an automatic abstraction algorithm for constructing a trace equivalent abstract model from the detailed Promela model. The abstract model has a minimum of state variables and the smallest state space. It can be used in place of the detailed model when building environmental model or checking global property to improve the efficiency of model checking .

ZHANG Pin,LUO Gui-ming

2007-01-01

Journal of Computer Applications

Abstract:Unified Modeling Language(UML)is the most commonly used method in software system design and analysis,and how to verify that the UML model satisfies some properties is a very important issue.Model Checking is an efficient automatic technique for the improvement of system's reliability,and this paper is a research into how to check UML model through the Simple PROMELA Interpreter(SPIN)model-checker.After describing the UML model using formal method,we first used hierarchical automata to express statecharts diagram.In addition,we translated the statecharts and part of the class diagram into PROMELA based on the operational semantic of hierarchical automata,and verified the model by using Simple Promela Interpreter(SPIN)to test if it satisfied the LTL properties.We also verified the consistency between sequence diagram and statecharts diagram by using LTL formula to express sequence diagram.Finally,based on the method,we developed a model checker tool called UMLChecker.

Hamida Bouaziz,Samir Chouali,Ahmed Hammad,Hassan Mountassir

DOI: https://doi.org/10.1504/IJCAET.2019.098134

2019-10-07

International Journal of Computer Aided Engineering and Technology

Abstract:In the component paradigm, the system is seen as an assembly of heterogeneous components, where the system reliability depends on these components compatibility. In our approach, we focus on verifying compatibility of components modelled with SysML diagrams. Thus, we model component interactions with sequence diagrams (SDs) and components with SysML blocks. The SDs constitutes a good start point for compatibility verification. However, this verification is still inapplicable directly on SDs, because they are expressed in informal language. Thus, to apply a verification method, it is necessary to translate the SDs into formal models, and then verify the wanted properties. In this paper, we propose a high-level model-driven approach which consists of an ATL grammar that automates the transformation of SDs into interface automata. Also, to allow an easy use of Ptolemy tool to verify properties on automata, we have proposed some Acceleo templates, which generate the Ptolemy entry specification.

zhibin yang,kai hu,yongwang zhao,dianfu ma,jeanpaul bodeveix

DOI: https://doi.org/10.13328/j.cnki.jos.004776

2015-01-01

Abstract:This paper presents a formal verification method for AADL (architecture analysis and design language) models by TASM (timed abstract state machine) translation. The abstract syntax of the chosen subset of AADL and of TASM are given. The translation rules are defined clearly by the semantic functions expressed in a ML-like language. Furthermore, the translation is implemented in the model transformation tool AADL2TASM, which provides model checking and simulation for AADL models. Finally, a case study of space GNC (guidance, navigation and control) system is provided.

Fenye Bao,Li Zhang

DOI: https://doi.org/10.1109/AMIGE.2008.ECP.29

2008-01-01

Abstract:WS-BPEL Extension for People (BPEL4People) introduces human activity to Web Services Business Process Execution Language (WS-BPEL/BPEL). It's crucial to ensure the correctness and consistency of business process with constraints. Some works have been done on the verification of BPEL processes, but there are fewer works on the verification of BPELAPeople processes. In this paper, we propose a model checking method to verify BPEL4People processes. First, we translate BPEL4People processes into PROMELA. During the translation, Petri Net is used to model BPEL activities and the authorization step of TBAC is used to model the authorization of a human task. In practice, a tool, B2P, is developed to translate automatically. Then, by validating the generated PROMELA code in SPIN, some potential deadlocks and conflicts with user defined constraints in BPEL4People processes can be detected.

Tian Zhang,Xuan Li,Atlas Team,Coloss Team

2009-01-01

Journal of Software

Abstract:This paper presents a representative case study of bridging UML/MARTE(unified modeling language/ modeling and analysis of real time and embedded systems) to FIACRE(intermediate format for the architectures of embedded distributed components),and discusses in detail two sub-problems of semantic mapping and syntactic transformation respectively.At the semantic level,the semantic mapping rules are developed using model transformation technology so as to implement the transformation between metamodels.At the syntactic level,the concrete syntax rules are built on the metamodels so that textual programs could be generated.Based on the case study,the general framework and corresponding key techniques are discussed.In addition,both the advantages and deficiencies of the work are concluded.

Gehan M. K. Selim,Shige Wang,James R. Cordy,Juergen Dingel

DOI: https://doi.org/10.1007/s10270-013-0365-1

2013-07-14

Abstract:Many companies in the automotive industry have adopted model-driven development in their vehicle software development. As a major automotive company, General Motors (GM) has been using a custom-built, domain-specific modeling language, implemented as an internal proprietary metamodel, to meet the modeling needs in its control software development. Since AUTomotive Open System ARchitecture (AUTOSAR) has been developed as a standard to ease the process of integrating components provided by different suppliers and manufacturers, there has been a growing demand to migrate these GM-specific, legacy models to AUTOSAR models. Given that AUTOSAR defines its own metamodel for various system artifacts in automotive software development, we explore applying model transformations to address the challenges in migrating GM-specific, legacy models to their AUTOSAR equivalents. As a case study, we have built and validated a model transformation using the MDWorkbench tool, the Atlas Transformation Language, and the Metamodel Coverage Checker tool. This paper reports on the case study, makes observations based on our experience to assist in the development of similar types of transformations, and provides recommendations for further research.

computer science, software engineering

Lisong Wang,Qin Zhang,Jun Hu

DOI: https://doi.org/10.1186/s13634-022-00853-8

2022-04-04

EURASIP Journal on Advances in Signal Processing

Abstract:Abstract The safety of automotive Adaptive Cruise Control (ACC) system is of great significance to prevent fatigue driving, improve driving comfort, reduce accident rate and promote the development of intelligent transportation and autonomous driving technology. However, the current safety analysis of ACC lacks consideration of the temporal dynamic property, so it is necessary to establish a set of safety analysis methods to consider the temporal characteristics. This paper proposes a new safety analysis method based on MBSA framework and introduces temporal features. Altarica3.0 is a high-level modeling language for safety analysis, and its basic mathematical form is Guardian Transformation System (GTS). In this paper, we outline an analysis approach that converts failure behavioral models (GTS) to temporal fault trees (TFTs), which can be analyzed using Pandora a recent technique for introducing temporal logic to fault trees. However, like classical fault tree analysis, TFT analysis requires a lot of manual effort, which makes it time consuming and expensive. In order to improve the safety of the system, the proposal extends Bayesian Networks with Pandora and results to dependability analysis with temporal relationships to provide more reliable basis for safety design. As a typical case study, the safety analysis method proposed in this paper is applied to the safety analysis of adaptive cruise system, and the results show the effectiveness of the proposed method. Furthermore, it also provides new technologies for the automation and intelligence of safety analysis for smart internet of vehicle.

engineering, electrical & electronic

Lu Chen,Jian Jiao,Qianxin Wei,Tingdi Zhao

DOI: https://doi.org/10.1016/j.engfailanal.2017.06.034

IF: 4

2017-01-01

Engineering Failure Analysis

Abstract:It is important to analyze the failure in safety-critical system because a disaster may occur once any type of failure mode and/or failure effect is neglected or misjudged. In order to conduct the failure analysis more effectively and efficiently, the concept of formal modeling is introduced. This paper improved the model-based safety analysis (MBSA) working process to optimize the formal failure analysis approach of safety-critical system. As the core works of MBSA process, the formal modeling and model extension aim to build an integrated system model which can be used for analyzing the failure behaviors in the system by model checking. However, in order to automatically check if there are any potential failures in the structured system model and whether the model satisfies the specified system properties and requirements using model checker, model transformation is normally needed, which can introduced potential errors during the transformation. Moreover, different model checkers generally require the system models to be expressed in a particular input language, which increases the difficulty of modeling as well. In order to avoid these problems and improve the efficiency of failure analysis work, this paper focused on how to build an unified model of safety-critical system quickly and accurately using symbolic language SMV, and conduct automatic verification using the corresponding open-source model checker NuSMV soon afterwards. After the model checking, the formal verification results such as counter-examples generated by model checking need to be transformed into traditional failure analysis artifacts, such as FMEA and/or FTA, to guide the iterative improvement of system development conveniently. Therefore, to solve the transformation from formal verification conclusions to traditional failure analysis results is another key point of this paper. Finally, a case study about airborne equipment is provided to validate the proposed method.

Alexei P. Lisitsa,Andrei P. Nemytykh

DOI: https://doi.org/10.48550/arXiv.1512.03859

2015-12-12

Software Engineering

Abstract:Both automatic program verification and program transformation are based on program analysis. In the past decade a number of approaches using various automatic general-purpose program transformation techniques (partial deduction, specialization, supercompilation) for verification of unreachability properties of computing systems were introduced and demonstrated. On the other hand, the semantics based unfold-fold program transformation methods pose themselves diverse kinds of reachability tasks and try to solve them, aiming at improving the semantics tree of the program being transformed. That means some general-purpose verification methods may be used for strengthening program transformation techniques. This paper considers the question how finite countermodels for safety verification method might be used in Turchin's supercompilation method. We extract a number of supercompilation sub-algorithms trying to solve reachability problems and demonstrate use of an external countermodel finder for solving some of the problems.

Gastón Scilingo,María Marta Novaira,Renzo Degiovanni

DOI: https://doi.org/10.4204/EPTCS.139.8

2014-01-06

Abstract:Tabular notations, in particular SCR specifications, have proved to be a useful means for formally describing complex requirements. The SCR method offers a powerful family of analysis tools, known as the SCR Toolset, but its availability is restricted by the Naval Research Laboratory of the USA. This toolset applies different kinds of analysis considering the whole set of behaviours associated with a requirements specification. In this paper we present a tool for describing and analyzing SCR requirements descriptions, that complements the SCR Toolset in two aspects. First, its use is not limited by any institution, and resorts to a standard model checking tool for analysis; and second, it allows to concentrate the analysis to particular sets of behaviours (subsets of the whole specifications), that correspond to particular scenarios explicitly mentioned in the specification. We take an operational notation that allows the engineer to describe behavioural "scenarios" by means of programs, and provide a translation into Promela to perform the analysis via Spin, an efficient off-the-shelf model checker freely available. In addition, we apply the SCR method to a Pacemaker system and we use its tabular specification as a running example of this article.

Software Engineering,Systems and Control

Ying Wang,Dianfu Ma,Yongwang Zhao,Lu Zou,Xianqi Zhao

DOI: https://doi.org/10.1109/COMPSAC.2012.94

2012-01-01

Abstract:Modern avionics architecture is evolving from traditional federated architecture to Integrated Modular Avionics (IMA) architecture. ARINC653 standard, which is employed in the avionics industry, supports partitioning core concept in IMA. Furthermore, avionic software has very high safety and reliability requirements in safety- critical domains. Therefore, how to develop high-integrity avionics software constructed on ARINC653 architecture becomes a very significant problem nowadays. In this paper we propose an automatic RT-Java code generation approach based on the AADL model for ARINC653 (AADL653) to enable the development of RT-Java ARINC653-based avionics software more productive and trustworthy. Our main contribution in this paper includes: (1) a mapping from the AADL653 model to a high-integrity RT-Java programming model for ARINC653 (RT-Java653); (2) an ARINC653-compliant RT-Java code generation algorithm suitable for complex multi-task collaboration interaction situation. Accordingly, we implement this RT-Java class library and corresponding code generator. Moreover, a simplified multi-task flight application as a case study is given to illustrate our approach and the preliminary experiment results show the validity of our approach.