Skip to main content
SpringerLink
Log in

The FSAP/NuSMV-SA Safety Analysis Platform

  • Regular Contributions
  • Published:
International Journal on Software Tools for Technology Transfer Aims and scope Submit manuscript

Abstract

Safety-critical systems are becoming more complex, both in the type of functionality they provide and in the way they are demanded to interact with the environment. Such a growing complexity requires an adequate increase in the capability of safety engineers to assess system safety, including analyzing the behavior of a system in degraded situations. Formal verification techniques, like symbolic model checking, have the potential of dealing with such a complexity and are now being used more often. However, existing techniques have little tool support and therefore their use for safety analysis remains limited. In this paper, we present FSAP/NuSMV-SA, a platform which aims to improve the development cycle of complex systems by providing a uniform environment that can be used both at design time and for safety assessment. The platform makes the modeling and safety assessment of complex systems easier by providing a facility for automatically augmenting a system model with failure modes, whose definitions are retrieved from a predefined library. In this way, it is possible to assess the system safety both in nominal conditions and in user-specified degraded situations, i.e., in the presence of faults. Furthermore, the platform provides a pattern-based definition of temporal logic formulas, which simplifies the definition of safety requirements. The platform consists of a graphical user interface (FSAP) and an engine (NuSMV-SA) which is based on the NuSMV model checker. The model checking engine provides a support for system simulation and standard model checking capabilities, like property verification and the generation of counterexamples. Furthermore, algorithms have been implemented to automate the generation of artifacts that are typical of reliability analysis, e.g., fault trees. The platform can derive fault trees automatically (for both monotonic and non-monotonic systems) from the definition of the system model and of the possible faults. The interface of the platform has been designed to improve usability for people who are not expert in formal verification. The platform has been evaluated in collaboration with an industrial partner and tested on some industrial case studies.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. Abdulla, P.A., Deneux, J., Stålmarck, G., Ågren, H., Åkerlund, O.: Designing safe, reliable systems using scade. In: Symposium on Leveraging Applications of Formal Methods ISoLA 2004 (2004)

  2. Åkerlund, O., Bieber, P., Böede, E., Bozzano, M., Bretschneider, M., Castel, C., Cavallo, A., Cifaldi, M., Gauthier, J., Griffault, A., Lisagor, O., Lüdtke, A., Metge, S., Papadopoulos, C., Peikenkamp, T., Sagaspe, L., Seguin, C., Trivedi, H., Valacca, L.: ISAAC, a framework for integrated safety analysis of functional, geometrical and human aspects. In: Proceedings of the European Congress on Embedded Real Time Software (ERTS 2006) (2006)

  3. Aldemir T. (1987). Computer-assisted Markov Failure Modeling of Process Control Systems. IEEE Trans. Reliab. R-36:133–144

    Article  Google Scholar 

  4. Arnold A., Griffault A., Point G., Rauzy A. (2000). The AltaRica formalism for describing concurrent systems. Fundam. Inform. 40:109–124

    MathSciNet  Google Scholar 

  5. Audemard G., Bertoli P., Cimatti A., Korniłowicz A., Sebastiani R. (2002). A SAT based approach for solving formulas over boolean and linear mathematical propositions. In: Voronkov A. (eds) Proceedings Conference on Automated Deduction (CADE-18), vol 2392 of LNAI. Springer, Berlin Heidelberg New York, pp. 195–210

    Google Scholar 

  6. Audemard G., Bozzano M., Cimatti A., Sebastiani R. (2005). Verifying Industrial Hybrid Systems with MathSAT. Electron. Notes Theor. Comp. Sci. 119(2):17–32

    Article  Google Scholar 

  7. Audemard, G., Cimatti, A., Korniłowicz, A., Sebastiani, R.: Bounded Model Checking for Timed Systems. In: Peled, D.A., Vardi, M.Y. (eds.) Proceedings Conference on Formal Techniques for Networked and Distributed Systems (FORTE 2002), vol. 2529 of LNCS, pp. 243–259. Springer, Berlin Heidelberg New York (2002)

  8. Bieber P., Castel C., Seguin C. (2002). Combination of fault tree analysis and model checking for safety assessment of complex system. In: Grandoni, F., Thévenod-Fosse, P. (eds.) Proceedings of the European Dependable Computing Conference (EDCC-4), vol 2485 LNCS. Springer, Berlin Heidelberg New York, pp. 19–31

    Google Scholar 

  9. Biere A., Cimatti A., Clarke E.M., Zhu Y. (1999). Symbolic Model Checking without BDDs. In: Cleaveland, R. (ed.) Proceedings Conference on Tools and Algorithms for Construction and Analysis of Systems (TACAS 1999), vol 1579 of LNCS. Springer, Berlin Heidelberg New York, pp. 193–207

    Google Scholar 

  10. Bozzano M., Bruttomesso R., Cimatti A., Junttila T., Ranise S., van Rossum P., Sebastiani R. (2005). Efficient satisfiability modulo theories via delayed theory combination. In: Etessami K., Rajamani S.K. (eds) Proceedings Conference on Computer Aided Verification (CAV 2005), vol 3576 of LNCS. Springer, Berlin Heidelberg New York, pp. 335–349

    Google Scholar 

  11. Bozzano, M., Bruttomesso, R., Cimatti, A., Junttila, T., Ranise, S., van Rossum, P., Sebastiani, R.: Efficient theory combination via boolean search. In: Information and Computation, Special Issue on Combining Logical Systems (2006) (in press)

  12. Bozzano M., Bruttomesso R., Cimatti A., Junttila T., van Rossum P., Schulz S., Sebastiani R. (2005). An incremental and Layered Procedure for the satisfiability of linear arithmetic logic. In: Halbwachs N., Zuck L.D. (eds) Proceedings Conference on Tools and Algorithms for the Construction and Analysis of Systems (TACAS 2005), vol 3440 of LNCS. Springer, Berlin Heidelberg New York, pp. 317–333

    Google Scholar 

  13. Bozzano, M., Bruttomesso, R., Cimatti, A., Junttila, T., van Rossum, P., Schulz, S., Sebastiani, R.: Mathsat: tight integration of SAT and mathematical decision procedures. J. Autom. Reasoning, Special Issue on SAT (2006) (in press)

  14. Bozzano, M., Cavallo, A., Cifaldi, M., Valacca, L., Villafiorita, A.: Improving safety assessment of complex systems: an industrial case study. In: Araki, K., Gnesi, S., Mandrioli, D. (eds.) Proceedings of the Formal Methods Europe Symposium (FM 2003), vol. 2805 of LNCS, pp. 208–222. Springer, Berlin Heidelbreg New York (2003)

  15. Bozzano, M., Villafiorita, A.: Integrating fault tree analysis with event ordering information. In: Proceedings of the European Safety and Reliability Conference (ESREL 2003), pp. 247–254. Balkema, Rotterdam (2003)

  16. Bozzano, M., Villafiorita, A., åkerlund, O., Bieber, P., Bougnol, C., Böde, E., Bretschneider, M., Cavallo, A., Castel, C., Cifaldi, M., Cimatti, A., Griffault, A., Kehren, C., Lawrence, B., Lüdtke, A., Metge, S., Papadopoulos, C., Passarello, R., Peikenkamp, T., Persson, P., Seguin, C., Trotta, L., Valacca, L., Zacco, G.: ESACS: an integrated methodology for design and safety analysis of complex systems. In: Proceedings of the European Safety and Reliability Conference (ESREL 2003), pp. 237–245. Balkema, Rotterdam (2003)

  17. Bryant R.E. (1992). Symbolic boolean manipulation with ordered binary decision diagrams. ACM Comput. Surv. 24(3):293–318

    Article  Google Scholar 

  18. Chiappini, A., Cimatti, A., Porzia, C., Rotondo, G., Sebastiani, R., Traverso, P., Villafiorita, A.: Formal specification and development of a safety-critical train management system. In: Felici, M., Kanoun, K., Pasquini, A. (eds.) Proceedings Conference on Computer Safety, Reliability and Security (SAFECOMP 1999), vol. 1698 of LNCS, pp. 410–419. Springer, Berlin Heidelberg New York (1999)

  19. Ciardo, G., Jones, R.L., Miner, A.S., Siminiceanu, R.: SMART: Stochastic model analyzer for reliability and timing. In: Proceedings of the Multiconference on Measurement, Modelling and Evaluation of Computer-Communication Systems, pp. 29–34 (2001)

  20. Ciardo, G., Siminiceanu, R.: Structural symbolic CTL model checking of asynchronous systems. In: Hunt Jr, W.A., Somenzi, F. (eds.) Proceedings Conference on Computer Aided Verification (CAV 2003), vol. 2725 of LNCS, pp. 40–53. Springer, Berlin Heidelberg New York (2003)

  21. Cimatti, A.: Industrial applications of model checking. In: Cassez, F., Jard, C., Rozoy, B.. Ryan, M.D. (eds.) Proceedings of the Modeling and Verification of Parallel Processes (MOVEP 2000), vol. 2067 of LNCS, pp. 153–168. Springer, Berlin Heidelberg New York (2001)

  22. Cimatti, A., Clarke, E.M., Giunchiglia, E., Giunchiglia, F., Pistore, M., Roveri, M., Sebastiani, R., Tacchella, A.: NuSMV2: An openSource tool for symbolic model checking. In: Brinksma, E., Larsen, K.G. (eds.) Proceedings Conference on Computer Aided Verification (CAV 2002), vol. 2404 of LNCS, pp. 359–364. Springer, Berlin Heidelberg New York (2002)

  23. Cimatti A., Clarke E.M., Giunchiglia F., Roveri M. (2000). NuSMV: a new symbolic model checker. Softw. Tools Technol. Transf. 2(4):410–425

    Article  MATH  Google Scholar 

  24. Cimatti A., Pieraccini P.L., Sebastiani R., Traverso P., Villafiorita A. (1999). Formal specification and validation of a vital communication protocol. In: Wing J.M., Woodcock J., Davies J. (eds) Proceedings of the World Congress on Formal Methods, (FM 1999), Vol. II, vol. 1709 of LNCS. Springer, Berlin Heidelberg New York, pp. 1584–1604

    Google Scholar 

  25. Clarke E.M., Grumberg O., Peled D.A. (2000). Model Checking. MIT Press, Cambridge

    Google Scholar 

  26. Cojazzi, G., Izquierdo, J.M., Meléndez, E., Perea, M.S.: The Reliability and safety assessment of protection systems by the use of dynamic event trees. The DYLAM-TRETA Package. In: Proceedings of the XVIII Annual Meeting Spanish Nucl. Soc. (1992)

  27. Coudert, O., Madre, J.C.: Implicit and incremental computation of primes and essential primes of boolean functions. In: Proceedings of the Design Automation Conference (DAC 1992), pp. 36–39. IEEE Computer Society Press, (1992)

  28. Coudert, O., Madre, J.C.: Fault tree analysis: 1020 prime implicants and beyond. In: Proceedings of the Annual Reliability and Maintainability Symposium (RAMS 1993), (1993)

  29. Dabney J.B., Harman T.L. (2003). Mastering Simulink. Prentice Hall, Englewood Cliffs, NJ

    Google Scholar 

  30. Deneux, J., åkerlund, O.: A common framework for design and safety analyses using formal methods. In: Proceedings Conference on Probabilistic Safety Assessment and Management (PSAM7/ESREL’04), (2004)

  31. Devooght, J., Smidts, C.: Probabilistic dynamics: the mathematical and computing problems ahead. In: Aldemir, T., Siu, N.O., Mosleh, A., Cacciabue, P.C., Göktepe, B.G. (eds.) Reliability and Safety Assessment of Dynamic Process Systems, vol. 120 of NATO ASI Series F, pp. 85–100. Springer, Berlin Heidelberg New York (1994)

  32. Doyle, S.A., Dugan, J.B.: Dependability assessment using binary decision diagrams (BDDs). In: Proceedings Symposium on Fault-Tolerant Computing (FTCS 1995), pp. 249–258. IEEE Computer Society Press (1995)

  33. Dugan J.B., Trivedi K.S. (1989). Coverage modeling for dependability analysis of fault-tolerant systems. IEEE Trans. Comput. 38(6):775–787

    Article  Google Scholar 

  34. Dutertre, B., Sorea, M.: Modeling and verification of a fault-tolerant real-time startup protocol using calendar automata. In: Lakhnech, Y., Yovine, S. (eds.) Proceedings of the Joint Conference on Formal Modeling and Analysis of Timed Systems and Formal Techniques in Real-Time and Fault Tolerant System (FORMATS/FTRTFT 2004), vol. 3253 of LNCS, pp. 199–214. Springer, Berlin Heidelberg New York (2004)

  35. Dwyer, M.B., Avrunin, G.S., Corbett, J.C.: Patterns in property specifications for finite-state verification. In: Proceedings Conference on Software Engineering (ICSE 1999), pp. 411–420. ACM Press (1999)

  36. Emerson E.A. (1990). Temporal and modal logic. In: van Leeuwen J. (eds) Handbook of Theoretical Computer Science, vol B. Elsevier, Amsterdam, pp. 995–1072

    Google Scholar 

  37. Emerson E.A., Mok A.K., Sistla A.P., Srinivasan J. (1992). Quantitative temporal reasoning. Real-Time Syst. 4(4):331–352

    Article  Google Scholar 

  38. Fenelon P., McDermid J.A., Nicholson M., Pumfrey D.J. (1994). Towards integrated integrated safety analysis and design. Appl. Comput. Rev. 2(1):21–32

    Article  Google Scholar 

  39. The VIS Group. VIS: a system for verification and synthesis. In: Alur, R., Henzinger, T.A. (eds.) Proceedings Conference on Computer Aided Verification (CAV 1996), vol. 1102 of LNCS, pp. 428–432. Springer, Berlin Heidelberg New York (1996)

  40. Henzinger, T.A.: The theory of hybrid automata. In: Proceedings Symposium on Logic in Computer Science (LICS 1996), pp. 278–292. IEEE Computer Society Press (1996)

  41. Henzinger T.A. (1997). HyTech: A model checker for hybrid systems. Softw. Tools Technol. Transf. 1:110–122

    Article  MATH  Google Scholar 

  42. Hinchey, M.G., Bowen, J.P.: (eds.) Industrial Strength Formal Methods in Practice. Formal Approaches to Computing and Information Technology. Springer, Berlin Heidelberg New York (1999).

  43. Holzmann G.J. (1997). The model checker SPIN. IEEE Trans. Softw. Eng. 23(5):279–295

    Article  MathSciNet  Google Scholar 

  44. Joshi, A., Heimdahl, M.P.E.: Model-based safety analysis of simulink models using SCADE design verifier. In: Winther, R., Gran, B.A., Dahll, G. (eds.) Proceedings Conference on Computer Safety, Reliability and Security (SAFECOMP 2005), vol. 3688 of LNCS, pp. 122–135. Springer, Berlin Heidelberg New York (2005)

  45. Joshi, A., Miller, S.P., Whalen, M., Heimdahl, M.P.E.: A Proposal for Model-Based Safety Analysis. In: Proceedings of the AIAA/IEEE Digital Avionics Systems Conference (2005)

  46. Larsen K.G., Pettersson P., Yi W. (1997). UPPAAL in a Nutshell. Softw. Tools Technol. Transf. 1(1-2):134–152

    Article  MATH  Google Scholar 

  47. Liggesmeyer, P., Rothfelder, M.: Improving System Reliability with Automatic Fault Tree Generation. In: Proceedings Symposium on Fault-Tolerant Computing (FTCS 1998), pp. 90–99. IEEE Computer Society Press (1998)

  48. Manian, R., Coppit, D.W., Sullivan, K.J., Dugan, J.B.: Bridging the gap between fault tree analysis modeling tools and the systems being modeled. In: Proceedings of the Annual Reliability and Maintainability Symposium (RAMS 1999), pp. 105–111 (1999)

  49. Manian, R., Dugan, J.B., Coppit, D., Sullivan, K.J.: Combining various solution techniques for dynamic fault tree analysis of computer systems. In: Proceedings of the High-Assurance Systems Engineering Symposium (HASE 1998), pp. 21–28. IEEE Computer Society Press (1998)

  50. Manquinho, V.M., Oliveira, A.L., Marques-Silva, J.P.: models and algorithms for computing minimum-size prime implicants. In: Proceedings of the International Workshop on Boolean Problems (IWBP 1998) (1998)

  51. Marseguerra M., Zio E., Devooght J., Labeau P.E. (1998). A concept paper on dynamic reliability via Monte Carlo simulation. Math. Comput. Simulat. 47:371–382

    Article  Google Scholar 

  52. McMillan K.L. (1993). Symbolic Model Checking. Kluwer, Netherlands

    MATH  Google Scholar 

  53. Miller, S.P., Tribble, A.C., Heimdahl, M.P.E.: Proving the Shalls. In: Proceedings of the Formal Methods Europe (FM 2003), vol. 2805 of LNCS, pp. 75–93. Springer, Berlin Heidelberg New York (2003)

  54. Papazoglou, I.A.: Markovian reliability analysis of dynamic systems. In: Aldemir, T., Siu, N.O., Mosleh, A., Cacciabue, P.C., Göktepe, B.G. (eds.) Reliability and Safety Assessment of Dynamic Process Systems, vol. 120 of NATO ASI Series F, pp. 24–43. Springer, Berlin Heidelberg New York (1994)

  55. Peikenkamp, T., Böede, E., Brückner, I., Spenke, H., Bretschneider, M., Holberg, H.-J.:Model-based safety analysis of a flap control system. In: Proceedings of the International Symposium INCOSE 2004 (2004)

  56. Rae, A.:Automatic fault tree generation - missile defence system case study. Technical Report 00-36, Software Verification Research Centre, University of Queensland (2000)

  57. Rauzy A. (1993). New algorithms for fault trees analysis. Reliab. Eng. Syst. Safe. 40(3):203–211

    Article  Google Scholar 

  58. Rauzy A., Dutuit Y. (1997). Exact and truncated computations of prime implicants of coherent and non-coherent fault trees within Aralia. Reliab. Eng. Syst. Safe. 58(2):127–144

    Article  Google Scholar 

  59. Schäfer, A.: Combining real-time model-checking and fault tree analysis. In: Proceedings of the Formal Methods Europe (FM 2003), vol. 2805 of LNCS, pp. 522–541. Springer, Berlin Heidelberg New York (2003)

  60. Siu N.O. (1994). Risk assessment for dynamic systems: an overview. Reliab. Eng. Syst. Safe. 43:43–74

    Article  Google Scholar 

  61. Smidts C., Devooght J. (1992). Probabilistic reactor dynamics II. A Monte-Carlo study of a fast reactor transient. Nucl. Sci. Eng. 111(3):241–256

    Google Scholar 

  62. Sullivan, K.J., Dugan, J.B., Coppit, D.: The Galileo fault tree analysis tool. In: Proceedings Symposium on Fault-Tolerant Computing (FTCS 1999), pp. 232–235. IEEE Computer Society Press (1999)

  63. Tang, Z., Dugan, J.B.: An integrated method for incorporating common cause failures in system analysis. In: Proceedings of the Annual Reliability and Maintainability Symposium (2004)

  64. Thums, A., Schellhorn, G.: Model checking FTA. In: Proceedings of the Formal Methods Europe (FM 2003), vol. 2805 of LNCS, pp. 739–757. Springer, Berlin Heidelberg New York (2003)

  65. Tribble, A.C., Lempia, D.L., Miller, S.P.: Software safety analysis of a flight guidance system. In: Proceedings AIAA/IEEE Digital Avionics Systems Conference (2002)

  66. Tribble, A.C., Miller, S.P.: Software safety analysis of a flight management system vertical navigation function—a status report. In: Proceedings AIAA/IEEE Digital Avionics Systems Conference (2003)

  67. Vesely, W.E., Goldberg, F.F., Roberts, N.H., Haasl, D.F.: Fault Tree Handbook. Technical Report NUREG-0492, Systems and Reliability Research Office of Nuclear Regulatory Research U.S. Nuclear Regulatory Commission (1981)

  68. Wing J.M. (1990). A specifier’s introduction to formal methods. IEEE Comput. 23(9):8–24

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. ITC-IRST, Via Sommarive 18, 38050, Trento, Italy

    Marco Bozzano & Adolfo Villafiorita

Authors
  1. Marco Bozzano
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Adolfo Villafiorita
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Marco Bozzano.

Additional information

This work has been developed within the European-sponsored projects ESACS, contract no. G4RD-CT-2000-00361, and ISAAC, contract no. AST3-CT-2003-501848.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Bozzano, M., Villafiorita, A. The FSAP/NuSMV-SA Safety Analysis Platform. Int J Softw Tools Technol Transfer 9, 5–24 (2007). https://doi.org/10.1007/s10009-006-0001-2

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10009-006-0001-2

Keywords

Search

Navigation