A safety-focused verification using software fault trees

Sungdeok Cha; Junbeom Yoo

doi:10.1016/j.future.2011.02.004

A safety-focused verification using software fault trees

Sungdeok Cha, Junbeom Yoo

Research output: Contribution to journal › Article › peer-review

11 Citations (Scopus)

Abstract

When developing safety-critical software such as reactor protection systems (RPS) in nuclear power plants, a demonstration of software trust (e.g., safety) is not only absolutely essential but also usually mandated by government authorities. While automated generation of fault trees has become possible with increased use of formal specifications, industrial use of fault trees has been limited primarily to safety demonstrations that the system is free from behavior captured in the root node. In this paper, we propose to extend the use of automated fault tree for verification purposes. As a fault tree represents an abstract and partial behavioral model of software on credible causes leading to a hazard, it must still satisfy various properties (e.g., fairness, correctness). Verification of a fault tree is useful when developing safety-critical software because (1) it strengthens a safety-focused software development process; (2) it provides an opportunity to detect potentially critical errors early; and (3) it is less likely to experience a state explosion problem. This paper demonstrates how to convert a fault tree into a semantically equivalent logic formula so that they can be subject to formal verification using tools like Verification Interacting with Synthesis (VIS). We evaluated the feasibility of FTA's applicability as a verification tool on a prototype model of a nuclear power reactor protection system (RPS) software to be deployed in plants under construction in Korea.

Original language	English
Pages (from-to)	1272-1282
Number of pages	11
Journal	Future Generation Computer Systems
Volume	28
Issue number	8
DOIs	https://doi.org/10.1016/j.future.2011.02.004
Publication status	Published - 2012 Oct

Bibliographical note

Funding Information:
This research was partially supported by the National IT Industry Promotion Agency (NIPA) under the program of Software Engineering Technologies Development and also by the MKE (The Ministry of Knowledge Economy), Korea , under the ITRC (Information Technology Research Center) support program supervised by the NIPA (National IT Industry Promotion Agency (NIPA-2010-(C1090-0903-0004) and NIPA-2010-(C1090-1031-0003)). This research was also supported by the Basic Science Research Program through the National Research Foundation of Korea (NRF) funded by the Ministry of Education, Science and Technology ( 2010-0002566 ).

Keywords

Combinational equivalence checking
Safety analysis
Software fault tree
Software verification

ASJC Scopus subject areas

Software
Hardware and Architecture
Computer Networks and Communications

Access to Document

10.1016/j.future.2011.02.004

Cite this

@article{3aa975ff94614d379caa854ca792e7ba,

title = "A safety-focused verification using software fault trees",

abstract = "When developing safety-critical software such as reactor protection systems (RPS) in nuclear power plants, a demonstration of software trust (e.g., safety) is not only absolutely essential but also usually mandated by government authorities. While automated generation of fault trees has become possible with increased use of formal specifications, industrial use of fault trees has been limited primarily to safety demonstrations that the system is free from behavior captured in the root node. In this paper, we propose to extend the use of automated fault tree for verification purposes. As a fault tree represents an abstract and partial behavioral model of software on credible causes leading to a hazard, it must still satisfy various properties (e.g., fairness, correctness). Verification of a fault tree is useful when developing safety-critical software because (1) it strengthens a safety-focused software development process; (2) it provides an opportunity to detect potentially critical errors early; and (3) it is less likely to experience a state explosion problem. This paper demonstrates how to convert a fault tree into a semantically equivalent logic formula so that they can be subject to formal verification using tools like Verification Interacting with Synthesis (VIS). We evaluated the feasibility of FTA's applicability as a verification tool on a prototype model of a nuclear power reactor protection system (RPS) software to be deployed in plants under construction in Korea.",

keywords = "Combinational equivalence checking, Safety analysis, Software fault tree, Software verification",

author = "Sungdeok Cha and Junbeom Yoo",

note = "Funding Information: This research was partially supported by the National IT Industry Promotion Agency (NIPA) under the program of Software Engineering Technologies Development and also by the MKE (The Ministry of Knowledge Economy), Korea , under the ITRC (Information Technology Research Center) support program supervised by the NIPA (National IT Industry Promotion Agency (NIPA-2010-(C1090-0903-0004) and NIPA-2010-(C1090-1031-0003)). This research was also supported by the Basic Science Research Program through the National Research Foundation of Korea (NRF) funded by the Ministry of Education, Science and Technology ( 2010-0002566 ). ",

year = "2012",

month = oct,

doi = "10.1016/j.future.2011.02.004",

language = "English",

volume = "28",

pages = "1272--1282",

journal = "Future Generation Computer Systems",

issn = "0167-739X",

publisher = "Elsevier B.V.",

number = "8",

}

TY - JOUR

T1 - A safety-focused verification using software fault trees

AU - Cha, Sungdeok

AU - Yoo, Junbeom

N1 - Funding Information: This research was partially supported by the National IT Industry Promotion Agency (NIPA) under the program of Software Engineering Technologies Development and also by the MKE (The Ministry of Knowledge Economy), Korea , under the ITRC (Information Technology Research Center) support program supervised by the NIPA (National IT Industry Promotion Agency (NIPA-2010-(C1090-0903-0004) and NIPA-2010-(C1090-1031-0003)). This research was also supported by the Basic Science Research Program through the National Research Foundation of Korea (NRF) funded by the Ministry of Education, Science and Technology ( 2010-0002566 ).

PY - 2012/10

Y1 - 2012/10

N2 - When developing safety-critical software such as reactor protection systems (RPS) in nuclear power plants, a demonstration of software trust (e.g., safety) is not only absolutely essential but also usually mandated by government authorities. While automated generation of fault trees has become possible with increased use of formal specifications, industrial use of fault trees has been limited primarily to safety demonstrations that the system is free from behavior captured in the root node. In this paper, we propose to extend the use of automated fault tree for verification purposes. As a fault tree represents an abstract and partial behavioral model of software on credible causes leading to a hazard, it must still satisfy various properties (e.g., fairness, correctness). Verification of a fault tree is useful when developing safety-critical software because (1) it strengthens a safety-focused software development process; (2) it provides an opportunity to detect potentially critical errors early; and (3) it is less likely to experience a state explosion problem. This paper demonstrates how to convert a fault tree into a semantically equivalent logic formula so that they can be subject to formal verification using tools like Verification Interacting with Synthesis (VIS). We evaluated the feasibility of FTA's applicability as a verification tool on a prototype model of a nuclear power reactor protection system (RPS) software to be deployed in plants under construction in Korea.

AB - When developing safety-critical software such as reactor protection systems (RPS) in nuclear power plants, a demonstration of software trust (e.g., safety) is not only absolutely essential but also usually mandated by government authorities. While automated generation of fault trees has become possible with increased use of formal specifications, industrial use of fault trees has been limited primarily to safety demonstrations that the system is free from behavior captured in the root node. In this paper, we propose to extend the use of automated fault tree for verification purposes. As a fault tree represents an abstract and partial behavioral model of software on credible causes leading to a hazard, it must still satisfy various properties (e.g., fairness, correctness). Verification of a fault tree is useful when developing safety-critical software because (1) it strengthens a safety-focused software development process; (2) it provides an opportunity to detect potentially critical errors early; and (3) it is less likely to experience a state explosion problem. This paper demonstrates how to convert a fault tree into a semantically equivalent logic formula so that they can be subject to formal verification using tools like Verification Interacting with Synthesis (VIS). We evaluated the feasibility of FTA's applicability as a verification tool on a prototype model of a nuclear power reactor protection system (RPS) software to be deployed in plants under construction in Korea.

KW - Combinational equivalence checking

KW - Safety analysis

KW - Software fault tree

KW - Software verification

UR - http://www.scopus.com/inward/record.url?scp=84862178720&partnerID=8YFLogxK

U2 - 10.1016/j.future.2011.02.004

DO - 10.1016/j.future.2011.02.004

M3 - Article

AN - SCOPUS:84862178720

SN - 0167-739X

VL - 28

SP - 1272

EP - 1282

JO - Future Generation Computer Systems

JF - Future Generation Computer Systems

IS - 8

ER -

A safety-focused verification using software fault trees

Abstract

Bibliographical note

Keywords

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Cite this