Journal of KIISE:Software and Applications (한국정보과학회논문지:소프트웨어및응용)

Korean Institute of Information Scientists and Engineers (한국정보과학회)
권호 표지

Systematic Evaluation of Fault Trees using Real-Time Model Checker

실시간 모델 체커를 이용한 풀트 트리의 체계적 검증

  • 지은경 (한국과학기술원 전자전산학과) ;
  • 차성덕 (한국과학기술원 전자전산학과) ;
  • 손한성 (한국원자력연구소(KAERI), MMIS팀) ;
  • 유준범 (한국과학기술원 전자전산학과) ;
  • 구서룡 (한국과학기술원 원자력공학과) ;
  • 성풍현 (한국과학기술원 원자력 및 양자공학과)
  • Published : 2002.12.01
Download PDF
⟨ Previous Next ⟩

Abstract

Fault tree analysis is the most widely used saftly analysis technique in industry. However, the analysis is often applied manually, and there is no systematic and automated approach available to validate the analysis result. In this paper, we demonstrate that a real-time model checker UPPAAL is useful in formally specifying the required behavior of safety-critical software and to validate the accuracy of manually constructed fault trees. Functional requirements for emergency shutdown software for a nuclear power plant, named Wolsung SDS2, are used as an example. Fault trees were initially developed by a group of graduate students who possess detailed knowledge of Wolsung SDS2 and are familiar with safety analysis techniques including fault tree analysis. Functional requirements were manually translated in timed automata format accepted by UPPAAL, and the model checking was applied using property specifications to evaluate the correctness of the fault trees. Our application demonstrated that UPPAAL was able to detect subtle flaws or ambiguities present in fault trees. Therefore, we conclude that the proposed approach is useful in augmenting fault tree analysis.

폴트 트리 분석(Fault Tree Analysis)은 산업계에서 가장 널리 사용되는 안전성 분석 기법 중의 하나이다. 하지만, 이 기법은 보통 수작업으로 이루어지며, 분석 결과를 체계적이고 자동적으로 검증할 수 있는 방법이 없다는 약점을 지닌다. 본 논문에서는 실시간 모델 체커인 UPPAAL을 이용하여 안전성이 중요한 소프트웨어의 요구 사항들을 정형 명세하고, 수작업으로 찬성된 폴트 트리의 정확성을 검증하는 방법을 제안하고 있다. 제안된 방법을 유용성을 확인하기 위해서 월성 원자력 발전소의 비상 정지 소프트웨어(Wolsung SDS2)에서 사용된 기능 요구 사항들을 예제로서 사용하였다. 폴트 트리는 월성 SDS2에 대한 전문적인 지식을 지니고 폴트 트리를 이용한 안전성 분석을 여러 번 수행해 본 경험이 있는 대학원생들에 의해 작성되었다. 기능 요구 사항들은 UPPAAL의 입력으로서 사용되기 위해서 시제 오토마타의 형태로 수작업으로 변환되었으며, 이 폴트 트리의 정확성을 검증하기 위해서 모델 체킹을 사용하였다 본 논문에서 제안된 방법을 월성 SDS2 예제에 적용해 본 결과, 수작업으로 작성된 폴트 트리에 존재하는 오류를 찾을 수 있었으며, 이러한 작업을 통하여 제안된 방법이 폴트 트리 분석에 대한 신뢰도를 높이는데 유용함을 발견하였다.

Keywords

References

  1. W. E. Vesely. 'Fault Tree Handbook,' Technical Report NUREG-0492 [0942?], us Nuclear Regulatory Commission, 1981
  2. E. M. Clarke, Jr., O. Grumberg and D. A. Peled, 'Model Checking,' MIT Press, 1999
  3. R. Alur, C. Courcoubetis, and D. L. Dill. 'Model-Checking in Dense Real-time,' Information and Computation, 104(1), 1993. preliminary version appeared in Proc. 5th LICS, 1990 https://doi.org/10.1006/inco.1993.1024
  4. A. Pnueli. 'The temporal logic of programs,' In In Proceedings of the 18th IEEE Symposium on Foundations of Computer Science, pages 46-77, 1977
  5. S. Owicki, and L. Lamport. 'Proving liveness properties of concurrent programs,' ACM Transactions on Programming Languages and Systems, 4(3), 1982 https://doi.org/10.1145/357172.357178
  6. E. A. Emerson and E. M. Clarke. 'Using branching-time temporal logic to synthesize synchronization skeletons,' Science of Computer Programming, 2, 1982 https://doi.org/10.1016/0167-6423(83)90017-5
  7. Z. Manna, and A. Pnueli. 'The anchored version of the temporal framework,' In In Linear Time, Branching Time, and Partial Order in Logics and Models for Concurrency, Lecture Notes In Computer Science 354. Springer-Verlag, 1989 https://doi.org/10.1007/BFb0013024
  8. T. A. Henzinger, X. Nicollin, J Sifakis, and S. Yovine. 'Symbolic Model Checking for Real-Time Systems,' Information and Computation. 111(2), 1994 https://doi.org/10.1006/inco.1994.1045
  9. K. G. Larsen, P. Petterson and W. Yi. 'Model-Checking for Real-Time Systems,' In Invited paper. In Proceedings of 10th International Funderamentals of Computing Theory, Dresden, Germany, August 1995. LNCS 965, pages 62-88, Horst Reichel(Ed.) https://doi.org/10.1007/3-540-60249-6_41
  10. S. Yovine. 'Model-Checking Timed Automata,' In G. Rozenberg and F. Vaandrager, editors, In In Embedded Systems, Lecture Notes in Computer Science, 1998. invited paper
  11. T. A. Henzinger, O. Kupferman, and M. Y. Vardi. 'A space-efficient on -the-fly algorithm for real-time model checking,' In Proceedings of the Seventh International Conference on Concurreny Theory (CONCUR 1996), 1996. LNCS 1119, Springer-Verlag, 1996, pp. 514-529 https://doi.org/10.1007/3-540-61604-7_73
  12. J. Bengtsson, K. G. Larsen, F. Larsson, P. Pettersson and W. Yi. 'UPPAAL - a Tool Suite for Automatic Verification of Real-Time Systems,' In In Proceedings of the 4th DIMACS Workshop on Verification and Control of Hybrid Systems, New Brunswick, New Jersey, October 1995 https://doi.org/10.1007/BFb0020949
  13. K. Havelund, A. Skou, K. G. Larsen and K. Lund. 'Formal Modelling and Analysis of an Audio/Video Protocol: An Industrial Case Study Using UPPAAL,' In In Proceedings of the 18th IEEE Real-Time Systems Symposium, San Francisco, California, USA, December 1997 https://doi.org/10.1109/REAL.1997.641264
  14. H. E. Jensen, K. G. Larsen and A. Skou. 'Modelling and Analysis of a Collision Avoidance Protocol using SPIN and UPPAAL,' In In Proceedings of the 2nd SPIN Workshop, Rutgers University, New Jersey, USA, August 1996
  15. L. Acetoa, A. Bergueno and K. G. Larsen. 'Model Checking via Reachability Testing for Timed Automata,' In In Proceedings of the 4th International Workshop on Tools and Algorithms for the Construction and Analysis of Systems, Gulbenkian Foundation, Lisbon , Portugal 1998. LNCS 1384, pages 263-280, Bernhard Steffen (Ed.) https://doi.org/10.1007/BFb0054177
  16. M. Lindahl, P. Pettersson and W. Yi. 'Formal Design and Analysis of a Gear-Box Controller,' In Proc. of the 4th Workshop on Tools and Algorithms for the Construction and Analysis of Systems, number 1384 in Lecture Notes in Computer Science, pages 281-297. Springer-Verlag, March 1998 https://doi.org/10.1007/BFb0054178
  17. H. Lorin and P. Pettersson. 'Formal Verification of a TDMA Protocol Startup Mechanism,' In Proc. of the Pacific Rim Int. Symp. on Fault-Tolerant Systems, pages 235-242. December 1997 https://doi.org/10.1109/PRFTS.1997.640153
  18. K. G. Larsen, P. Pettersson and W. Yi. 'Diagnostic Model-Checking for Real-Time Systems,' In Proc. of Workshop on Verification and Control of Hybrid Systems III, number 1066 in LNCS, pages 575-586. Springer-Verlag, October 1995 https://doi.org/10.1007/BFb0020977
  19. Kirsten M. Hansen, Anders P. Ravn, and Victoria Stavridou. 'From Safety Analysis to Software Requirements,' IEEE Transactions on Software Engineering, 24(7):573-584, July 1998 https://doi.org/10.1109/32.708570
  20. Program Functional Specification, SDS2 Programmable Digital Comparators, Wolsong NPP 2,3,4,' Technical Report 86-68300-PFS-000 Rev.4, AECL CANDU, May 1994