Yuliya Prokhorova

Patterns for Representing FMEA in Formal Specification of Control Systems

Failure Modes and Effects analysis (FMEA) is a widely used technique for inductive safety analysis. FMEA provides engineers with valuable information about failure modes of system components as well as procedures for error detection and recovery. In this paper we propose an approach that facilitates representation of FMEA results in formal Event-B specifications of control systems. We define a umber of patterns for representing requirements derived from FMEA in formal system model specified in Event-B. The patterns help the developers to trace the requirements from safety analysis to formal specification. Moreover, they allow them to increase automation of formal system development by refinement. Our approach is illustrated by an example - a sluice control system.

Facilitating construction of safety cases from formal models in Event-B

Abstract Context Certification of safety–critical software systems requires submission of safety assurance documents, e.g., in the form of safety cases. A safety case is a justification argument used to show that a system is safe for a particular application in a particular environment. Different argumentation strategies (informal and formal) are applied to determine the evidence for a safety case. For critical software systems, application of formal methods is often highly recommended for their safety assurance. Objective The objective of this paper is to propose a methodology that combines two activities: formalisation of system safety requirements of critical software systems for their further verification as well as derivation of structured safety cases from the associated formal specifications. Method We propose a classification of system safety requirements in order to facilitate the mapping of informally defined requirements into a formal model. Moreover, we propose a set of argument patterns that aim at enabling the construction of (a part of) a safety case from a formal model in Event-B. Results The results reveal that the proposed classification-based mapping of safety requirements into formal models facilitates requirements traceability. Moreover, the provided detailed guidelines on construction of safety cases aim to simplify the task of the argument pattern instantiation for different classes of system safety requirements. The proposed methodology is illustrated by numerous case studies. Conclusion Firstly, the proposed methodology allows us to map the given system safety requirements into elements of the formal model to be constructed, which is then used for verification of these requirements. Secondly, it guides the construction of a safety case, aiming to demonstrate that the safety requirements are indeed met. Consequently, the argumentation used in such a constructed safety case allows us to support it with formal proofs and model checking results used as the safety evidence.

Linking modelling in event-b with safety cases

Safety cases are adopted in the certification process of many safety-critical systems. They justify why a system is safe and whether the design adequately incorporates safety requirements defined in a system requirement specification. The use of formal methods facilitates modelling and verification of safety-critical systems. In our work, we aim at establishing a link between formal modelling in Event-B and constructing a safety case. We propose an approach to incorporating safety requirements in a formal specification in such a way that it allows the developers to derive a safety case sufficient to demonstrate safety. We present a small case study illustrating the proposed approach.

From Requirements Engineering to Safety Assurance: Refinement Approach

Formal modelling and verification are widely used in the development of safety-critical systems. They aim at providing a mathematically-grounded argument about system safety. In particular, this argument can facilitate construction of a safety case --- a structured safety assurance document required for certification of safety-critical systems. However, currently there is no adequate support for using the artefacts created during formal modelling in safety case development. In this paper, we present an approach and the corresponding tool support that tackles this problem in the Event-B modelling framework. Our approach establishes a link between safety requirements, Event-B models and corresponding fragments of a safety case. The supporting automated tool ensures traceability between requirements, models and safety cases.

A Case Study in Refinement-Based Modelling of a Resilient Control System

In this paper, we present a case study in modelling a resilient control system in Event-B. We demonstrate how to formally define the basic safety properties and fault tolerance mechanisms, as well as the system modes describing the system behaviour under different execution and fault conditions. Our formal development helps us to identify the diagnosability conditions for resilience, i.e., identify the limitations to be imposed on possible component changes to guarantee its controllability and hence dependability.

Derivation and Formal Verification of a Mode Logic for Layered Control Systems

Modes are widely used to structure the behaviour of control systems. For many such systems, derivation and verification of a mode logic is challenging due to a large number of modes and complex mode transitions. In this paper we propose an approach to deriving, formalising and verifying consistency of a mode logic for fault tolerant control systems. We demonstrate how to use Failure Modes and Effects Analysis (FMEA) to systematically derive the fault tolerance part of the mode logic. To tackle the problem of mode consistency, we propose a formalisation of the mode logic and mode consistency conditions for layered systems with reconfigurable components. We use our formalisation to develop and verify a mode-rich system by refinement in Event-B.

Dependable SoPC-Based On-board Ice Protection System: From Research Project to Implementation

Both dependability of computer on-board systems (CBS), and the size and the weight limitations are very important characteristics. Basic aviation and aerospace CBSs requirements and some development principles are considered. The multi-version lifecycle of FPGA-based CBS as system-on-programmable-chip (SoPC) is described. The several dependable SoPC architectures are researched and assessed: one-version two-channel, two-version two-channel and two-version four-channel systems. The method of the architectural adaptation is considered as the means for physical and design faults tolerating. Itpsilas based on composition of a few versions embedded to the chip. The checking and reconfiguration block as intellectual property core and elements ofice protection system development and implementation process are given as the practical example of application of proposed technique.

A survey of safety-oriented model-driven and formal development approaches

Numerous model-driven and formal approaches have been proposed to facilitate development of complex critical systems. To address safety concerns, these approaches incorporate safety analysis techniques at different stages of the system development process. In this paper, we overview the approaches that have been recently proposed to integrate safety analysis into model-driven and formal development of critical systems. Moreover, we identify several criteria for classifying and comparing these approaches. Our survey aims at guiding industry practitioners as well as identifying promising research directions in the area.

Deriving a mode logic using failure modes and effects analysis

Modes are widely used to structure the behaviour of control systems. However, derivation and verification of a mode logic for complex systems is challenging due to a large number of modes and intricate mode transitions. In this paper, we propose an approach to deriving, formalising and verifying consistency of a mode logic for fault-tolerant control systems. We propose to use failure modes and effects analysis (FMEA) to systematically derive the fault tolerance part of the mode logic. We formalise the mode logic and define mode consistency properties for layered systems with reconfigurable components. We use our formalisation to develop and verify a mode-rich system by refinement in Event-B.

Time and Space Partitioning Using On-Board Software Reference Architecture

In this paper, we present lessons learned from the EagleEye Time and Space Partitioning (TSP) project in which time and space partitioning was applied to the EagleEye reference mission of European Space Agency (ESA). We identify challenges in EagleEye TSP and categorise them according to the design problem to be related to 1) communication and data sharing and 2) timing dependencies between partitions and applications of the partitions. We also suggest improvements to the approach to tackle the challenges based on ESAs On-Board Software Reference Architecture (OSRA).