Automated Verification and Tightening of Failure Propagation Models

Timed Failure Propagation Graphs (TFPGs) are used in the design of safety-critical systems as a way of modeling failure propagation, and to evaluate and implement diagnostic systems. TFPGs are a very rich formalism: they allow to model Boolean combinations of faults and events, also dependent on the operational modes of the system and quantitative delays between them. TFPGs are often produced manually, from a given dynamic system of greater complexity, as abstract representations of the system behavior under specific faulty conditions. In this paper we tackle two key difficulties in this process: first, how to make sure that no important behavior of the sys- tem is overlooked in the TFPG, and that no spurious, non-existent behavior is introduced; second, how to devise the correct values for the delays between events. We propose a model checking approach to automatically validate the completeness and tightness of a TFPG for a given infinite-state dynamic system, and a procedure for the automated synthesis of the delay parameters. The proposed approach is evaluated on a number of synthetic and industrial benchmarks

COMPASTA: Integrating COMPASS Functionality into TASTE

TASTE is a tool chain dedicated to the design and implementation of embedded, real-time systems, developed under the initiative of the European Space Agency (ESA). It consists of various tools, which support model-based design of embedded systems, automatic code generation, deployment and simulation. TASTE is based on several specification languages, in particular it uses AADL for the architectural design, whereas the behavior of SW components can be specified in SDL and other languages. TASTE currently lacks a comprehensive support for performing early verification and assessment of the design models. COMPASTA is an ESA study that aims at filling this gap, by integrating into TASTE the formal verification functionality of COMPASS, a tool for model-based HWSW co-Engineering developed in a series of ESA studies. COMPASTA extends TASTE by providing the possibility to model the behavior of HW components using SLIM, a dialect of AADL supported by COMPASS. Moreover, it offers capabilities such as library-based specification of HW faults, automatic fault injection, contract-based design, functional verification and safety assessment, fault detection and identification analysis

Formal Design and Validation of an Automatic Train Operation Control System

In this paper, we report on the design of a complex control system, namely the Automatic Train Operation (ATO), which aims at enhancing the Grade of Automation in train operations (passenger transportation, infrastructure monitoring) in high-speed lines. The development of ATO is being conducted as an industrial project, with contributions from different research teams. The design of the system is complex in terms of architecture, functionality, safety and reliability requirements to be fulfilled, and geographical distribution of the development teams. Formal methods and model-based design are used to master the complexity of the design and of the system integration. Our approach is based on formal tools for system specification and validation, which support automatic code generation, early design validation, testing and simulation, and runtime verification. Moreover, we structured the development process in different phases and configurations, corresponding to increasing functionality of the system and different deployment configurations. The project is at an advanced stage of execution. In this paper, we demonstrate the effectiveness of the proposed approach and methodology, we discuss our experience and the lessons learned

Humusica 1, article 4 : Terrestrial humus systems and forms-Specific terms and diagnostic horizons

Knowledge of a little number of specific terms is necessary to investigate and describe humipedons. This "new vocabulary" allows individuating and circumscribing particular diagnostic horizons, which are the fundamental bricks of the humipedon. Few "components" defined by specific terms characterize a specific "humipedon horizon"; few "humipedon horizons" compose a given "humus form" and some similar "humus forms" are grouped in a functional "humus system". In this article, specific terms and humus horizons are listed and explained one by one. Field difficulties are illustrated and resolved. The aim of the article is to present in a manner as simple as possible how to distinguish in the field the soil structures allowing a morpho-functional classification of terrestrial (aerated, not submerged) humipedons

Humusica 1, article 5: Terrestrial humus systems and forms — Keys of classification of humus systems and forms

This article is an as simple as possible key of classification of terrestrial (aerobic, not submersed) topsoils (organic and organic-mineral series of soil horizons). Based on the introduction exposed in Humusica 1, article 1, and using vocabulary and definitions listed in article 4, a classification is proposed for better understanding the biological functioning of the soil, partially disclosing the process of litter digestion. Five types of terrestrial topsoils, called terrestrial humus systems, are described and illustrated with the help of photographs. Within each humus system, 3–4 humus forms are also revealed, corresponding to similar series of soil horizons generated in a relatively homogeneous environment whose range of ecological factors is not so large to overstep and cause the genesis of another different humus system. The article ends with a figure that shows the relationship between Tangel and Amphi humus systems, and a dichotomous key of classification that one can easily print and bring in the field for practicing humus classification