an optimizer for system parameters like costs vs. component reliability. Further, VECS implements a tool-chain enabling the integration of variety of model-based ...
A Verification Environment for Critical Systems: Integrating Formal Methods into the Safety Development Life-cycle Tim Gonschorek, Marco Filax, and Frank Ortmeier Chair of Software Engineering Faculty of Computer Science Otto-von-Guericke-University Magdeburg {tim.gonschorek, marco.filax, frank.ortmeier}@ovgu.de
Although, strongly recommended and helpful, formal verification is not widely used within the development of safety critical systems. This is, on the one hand, because it requires particular expert knowledge of a specific modeling formalism and corresponding verification tools. On the other hand integrating these approaches into the safety development life-cycle is complicated since the formal verification tools often require specific input models which must be modeled in addition to the other system artifacts. Further, ensuring the validity of the formal model and the system specification as well as the developed system can be difficult. Exactly these problems are tackled by VECS (Verification Environment for Critical Systems) [4], an eclipse-based development and verification environment for the tool-independent modeling language SAML (System Analysis and Modeling Language) [3]. VECS provides the following model-based assessment techniques (cf. fig. 1): – adapters for qualitative and quantitative model checkers as well as the integration of there generated output (proofs, counter examples, etc.) – a Monte Carlo based statistical Model Checker – Fault Tree Analysis and minimal cut set generation using Deductive CauseConsequence Analysis (DCCA) – a step-by-step model for analyzing the system behavior – a counter-example-based debugger for identifying hazardous behavior – an optimizer for system parameters like costs vs. component reliability Further, VECS implements a tool-chain enabling the integration of variety of model-based verification techniques within the development life-cycle. This is mainly based on an integration process developed in cooperation with the German Railroad authority, an independent safety assessor, and Friedeman Bitsch, a System Architect from Thales [2, 1]. It integrates the application of formal techniques and ensures the validity of the model by providing forward and backward traceability of the system requirements from the System Requirement Specification (SRS) to the definition of the static architecture and finally to the generated system model. Therefore, VECS implements connections to the requirement engineering tool Enterprise Architect as well as to common UML-tools. By using
2
Tim Gonschorek, Marco Filax, and Frank Ortmeier
Static System Architecture
model parameters
failure mode injection
UML Import
System Analysis and Modelling Language
Validity of Formal Model
SAML2Prism Transformer
SAML2SMV Transformer NuSMV/ nuXmv interface
Results
Code Generation
iimc interface
...
Model
Support Safety Cases
Results
Test Case Generation
...
Model
Requirement Traceability
Results
Import Static Architecture
Model
Integration into System Development
SAML2AIG Transformer
qualitative & quantitative Elements
PRISM interface
PRISM
Model-based Formal Analysis Backward ModelChecker
MonteCarlo ModelChecker
Fault Tree Analysis
Simulator CE-Analyzer
DCCA Min Cut Sets
Parameter Optimizer
Fig. 1. SAML between engineering languages and model checking tools.
these integrations and the provided requirement traceability, VECS strongly supports the system verification and the generation of safety cases but even the safety assessment. This, in particular, because all elements of the assessment, requirements, static system architecture, formal model and analysis results are accessible from one tool environment with one specific system model. Summarizing, VECS supports the usage of different verification engines by using one single model and implements a tool chain, based on an innovative safety development process. It is, therefore, a helpful tool for integrating formal model-based techniques into the everyday work of system developer for safety critical systems.
References 1. F. Bitsch, M. Filax, T. Gonschorek, F. Ortmeier, and R. Schumacher. Effiziente sicherheitsnachweisfhrung mithilfe modellbasierter systemanalyse. SIGNAL+DRAHT, 2017. 2. M. Filax, T. Gonschorek, and F. Ortmeier. Correct formalization of requirement specifications: A v-model for building formal models. In Proceedings of RSSRail, 2016. 3. M. G¨ udemann and F. Ortmeier. A Framework for Qualitative and Quantitative Model-Based Safety Analysis. In Proceedings of HASE, 2010. 4. M. Lipaczewski, S. Struck, and F. Ortmeier. Using Tool-Supported Model Based Safety Analysis - Progress and Experiences in SAML Development. In Proceeding of HASE, 2012.
