Symbolic Model Checking and Safety Assessment of Altarica models

Altarica is a language used to describe critical systems. In this paper we present a novel approach to the analysis of Altarica models, based on a translation into an extended version of NuSMV. This approach opens up the possibility to carry out functional verification and safety assessment with symbolic techniques. An experimental evaluation on a set of industrial case studies demonstrates the advantages of the approach over currently available tools.

Failure logic modelling: a pragmatic approach

The research discipline of model-based system safety assessment, which has emerged in the last two decades, has attracted a significant amount of interest from academia, industry and government agencies. However, the discipline remains largely unorganised with various individual, often conceptually dissimilar, techniques being only categorised and related in an ad hoc fashion. This Thesis identifies a coherent family of model-based safety assessment methods – failure logic modelling – and unifies existing techniques through a single well-defined Metamodel. This Failure Logic Metamodel (FLMM) identifies the key safety engineering concepts captured by failure logic modelling techniques, together with their inter-relationships. Whilst maintaining independence from any individual technique, notation or specification language, the abstract Metamodel has been shown to be instantiable in a third party-specification language (AltaRica Dataflow). The Thesis demonstrates that existing failure logic modelling techniques cannot, without modification, adequately address key pragmatic challenges posed by extant characteristics of modern large-scale and complex safety-critical systems. To address such challenges two key contributions are made through extensions to the metamodel. Firstly, these extensions enable the modelling of reconfigurable systems (including those employing fault accommodation). Secondly, they enable the composition of independently defined models in a variety of settings, such as the composition of models of the same system defined from different viewpoints and composition of models of different systems with un-harmonised interfaces. In addition to these contributions, the general metamodel-based approach adopted by the thesis and proposed has helped identify some significant ‘emergent’ characteristics and limitations of failure logic modelling that, to date, have not been reported. The overall contributions of the Thesis have been evaluated through case studies, peer reviews and direct metamodelling experiments. The findings of these evaluations are presented

Safety Assessment of AltaRica Models via Symbolic Model Checking

AltaRica is a language used to describe safety critical systems that has become a de-facto European industrial standard for Model-Based Safety Assessment (MBSA). However, even the most mature tool for the support for MBSA of AltaRica models, i.e. Dassault’s OCAS, has several limitations. The most important ones are its inability to perform many analyses exhaustively, severe scalability issues, and the lack of model checking techniques for temporal properties. In this paper we present a novel approach for the analysis of AltaRica models, based on a translation into an extended version of the model checker NuSMV. The translation relies on a novel formal characterization of the Dataflow dialect of AltaRica used in OCAS. The translation is formally defined, and its correctness is proved. Based on this formal characterization, a toolset has been developed and integrated within OCAS, thus enabling functional verification and safety assessment with the state of the art techniques of NuSMV. The whole approach is validated by an experimental evaluation on a set of industrial case studies, which demonstrates the advantages of the proposed technique over the currently available tools