Abstract State Machines and System Theoretic Process Analysis for Safety-Critical Systems

  • Farah Al-Shareefi
  • Alexei Lisitsa
  • Clare Dixon
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10623)


The Abstract State Machine (ASM) method is a formal specification and modeling technique that allows us to specify computational systems at the required abstraction level and facilitates formal analysis and verification. System Theoretic Process Analysis (STPA) is a semi-formal hazard analysis method that aims to identify safety requirements emerging from the analysis of potential interactions among components and inadequate control in the system’s design. In this paper, we combine these two techniques to develop a methodology capturing both the formal representation of ASM with the ability to generate safety properties from the STPA hazard analysis. This has the advantages of verifying the STPA requirements in a formal way, and giving insights for the improvement of the ASM specification, depending on these requirements. We illustrate our methodology by applying it to an insulin pump control system case study, showing what safety issues it highlights.


Abstract State Machines System Theoretic Process Analysis Temporal logic Validation Verification 



We gratefully acknowledge Dr. Paolo Arcaini for his advice on ASMETA framework.


  1. 1.
    Abdulkhaleq, A., Wagner, S.: Integrated safety analysis using systems-theoretic process analysis and software model checking. In: Koornneef, F., van Gulijk, C. (eds.) SAFECOMP 2015. LNCS, vol. 9337, pp. 121–134. Springer, Cham (2015). CrossRefGoogle Scholar
  2. 2.
    Abdulkhaleq, A., Wagner, S.: XSTAMPP: an extensible STAMP platform as tool support for safety engineering. In: 2015 STAMP Workshop. MIT, Boston. Stuttgart University (2015)Google Scholar
  3. 3.
    Abdulkhaleq, A., Wagner, S.: A systematic and semi-automatic safety-based test case generation approach based on systems-theoretic process analysis. arXiv preprint arXiv:1612.03103 (2016)
  4. 4.
    Allen, J.F.: Maintaining knowledge about temporal intervals. Commun. ACM 26(11), 832–843 (1983)CrossRefzbMATHGoogle Scholar
  5. 5.
    Arcaini, P., Bonfanti, S., Gargantini, A., Mashkoor, A., Riccobene, E.: Formal validation and verification of a medical software critical component. In: 2015 ACM/IEEE International Conference on Formal Methods and Models for Codesign (MEMOCODE), pp. 80–89. IEEE (2015)Google Scholar
  6. 6.
    Arcaini, P., Gargantini, A., Riccobene, E.: AsmetaSMV: a way to link high-level ASM models to low-level NuSMV specifications. In: Frappier, M., Glässer, U., Khurshid, S., Laleau, R., Reeves, S. (eds.) ABZ 2010. LNCS, vol. 5977, pp. 61–74. Springer, Heidelberg (2010). CrossRefGoogle Scholar
  7. 7.
    Arcaini, P., Gargantini, A., Riccobene, E.: Automatic review of abstract state machines by meta-property verification. In: NASA Formal Methods Symposium, pp. 4–13. NASA (2010)Google Scholar
  8. 8.
    Arcaini, P., Gargantini, A., Riccobene, E.: Modeling and analyzing using ASMs: the landing gear system case study. In: Boniol, F., Wiels, V., Ait Ameur, Y., Schewe, K.-D. (eds.) ABZ 2014. CCIS, vol. 433, pp. 36–51. Springer, Cham (2014). CrossRefGoogle Scholar
  9. 9.
    Arcaini, P., Gargantini, A., Riccobene, E., Scandurra, P.: A model-driven process for engineering a toolset for a formal method. Softw. Pract. Exp. 41(2), 155–166 (2011)CrossRefGoogle Scholar
  10. 10.
    Behrmann, G., David, A., Larsen, K.G.: A tutorial on Uppaal. In: Bernardo, M., Corradini, F. (eds.) SFM-RT 2004. LNCS, vol. 3185, pp. 200–236. Springer, Heidelberg (2004). CrossRefGoogle Scholar
  11. 11.
    Börger, E., Stärk, R.: Abstract State Machines: A Method for High-Level System Design and Analysis. Springer, Heidelberg (2003). CrossRefzbMATHGoogle Scholar
  12. 12.
    Carioni, A., Gargantini, A., Riccobene, E., Scandurra, P.: A scenario-based validation language for ASMs. In: Börger, E., Butler, M., Bowen, J.P., Boca, P. (eds.) ABZ 2008. LNCS, vol. 5238, pp. 71–84. Springer, Heidelberg (2008). CrossRefGoogle Scholar
  13. 13.
    Gargantini, A., Riccobene, E., Scandurra, P.: A metamodel-based language and a simulation engine for abstract state machines. J. UCS 14(12), 1949–1983 (2008)Google Scholar
  14. 14.
    Gerhart, S., Craigen, D., Ralston, T.: Experience with formal methods in critical systems. IEEE Softw. 11(1), 21–28 (1994)CrossRefGoogle Scholar
  15. 15.
    Gurevich, Y.: Evolving algebras 1993: Lipari guide. In: Börger, E. (ed.) Specification and Validation Methods, pp. 9–36. Oxford University Press, Inc. (1995)Google Scholar
  16. 16.
    Khan, U., Ahmad, J., Saeed, T., Mirza, S.H.: On the real time modeling of interlocking system of passenger lines of Rawalpindi Cantt train station. Complex Adapt. Syst. Model. 4(1), 17 (2016)CrossRefGoogle Scholar
  17. 17.
    Leveson, N.: A new accident model for engineering safer systems. Saf. Sci. 42(4), 237–270 (2004)CrossRefGoogle Scholar
  18. 18.
    Leveson, N., Thomas, J.: An STPA Primer, Cambridge (2013)Google Scholar
  19. 19.
    Leveson, N.G.: A new approach to hazard analysis for complex systems. In: International Conference of the System Safety Society (2003)Google Scholar
  20. 20.
    Ouimet, M., Berteau, G., Lundqvist, K.: Modeling an electronic throttle controller using the timed abstract state machine language and toolset. In: Kühne, T. (ed.) MODELS 2006. LNCS, vol. 4364, pp. 32–41. Springer, Heidelberg (2007). CrossRefGoogle Scholar
  21. 21.
    Santiago, I.B., Faure, J.M.: From fault tree analysis to model checking of logic controllers. IFAC Proc. 38(1), 86–91 (2005)CrossRefGoogle Scholar
  22. 22.
  23. 23.
    Sommerville, I.: Software Engineering, 9th edn. Addison Wesley, Boston (2010)zbMATHGoogle Scholar
  24. 24.
    Thomas, J.: Extending and Automating a Systems-Theoretic Hazard Analysis for Requirements Generation and Analysis. Ph.D. thesis, Massachusetts Institute of Technology (2013)Google Scholar
  25. 25.
    Troubitsyna, E.: Elicitation and Specification of Safety Requirements. In: Third International Conference on Systems (ICONS 2008), pp. 202–207. IEEE (2008)Google Scholar
  26. 26.
    Wang, J., Liu, S., Qi, Y., Hou, D.: Developing an insulin pump system using the SOFL method. In: 14th Asia-Pacific Software Engineering Conference (APSEC 2007), pp. 334–341. IEEE (2007)Google Scholar

Copyright information

© Springer International Publishing AG 2017

Authors and Affiliations

  • Farah Al-Shareefi
    • 1
  • Alexei Lisitsa
    • 1
  • Clare Dixon
    • 1
  1. 1.Department of Computer ScienceUniversity of LiverpoolLiverpoolUK

Personalised recommendations