Safety Correctness and Reliability Analysis using Formal Methods

Safety Correctness and Reliability Analysis using Formal Methods 2 SUMMARY The objective of this report was to further investigate and develop a methodology using formal methods for doing safety correctness and reliability analysis. In an earlier report some formal analysis methods were demonstrated. In this report, after an expansion of the possibility to express system functionality, further investigations and development of the methodology have been done. In both reports, the use of formal methods has been demonstrated using NP-Tools, a computer program with a graphical interface for modeling and an underlying theorem prover for analysis (automatic verification). The report starts with an overview of the development process to point out that the methodology described can be used iteratively within the process. The technique can be applied at early development phases, concentrating on the correctness of the specification (especially with regard to safety), and also later on when system functionality is closer to implementation. A theoretical part describes for example how to model a transition diagram using propositional logic and how an arithmetic expression is described using the arithmetic "tool-box" in NP-Tools. This is followed by techniques showing how to model failure modes for hardware components, which is necessary when doing fault tree analysis. There is also a description of different steps for doing safety correctness and reliability analysis including (1) sanity checks, mostly concerning the software part, (2) safety correctness, assuming all hardware is functioning as intended, and (3) reliability analysis, to investigate the influence of hardware failures on system functionality. The latter corresponds to the qualitative part of fault tree analysis and failure mode and effect analysis. In the next part the methodology is demonstrated using an example, a climatic chamber. This example starts from a specification written in English and then translated via a transition diagram to the NP-Tools formalism. The functionality of the climatic chamber includes changing of system modes, calculations and regulation. Some concluding remarks about the project: • This work has increased the competence of using formal methods for doing safety correctness and reliability analysis, e.g. it has already been used for analyzing some parts of the Gripen aircraft. • The inclusion of arithmetics has improved the industrial use of the technique. • The work has intensified the cooperation between the university, the tool supplier and Saab, which is valuable for further development of both the technology and methodology.