Formal Verification of Safety Functions by Reinterpretation of Functional Block Based Specifications
This paper presents the formal verification of a primary-to-secondary leaking (abbreviated as PRISE) safety procedure in a nuclear power plant (NPP). The software for the PRISE is defined by the Function Block Diagram specification method.
Our approach to the formal verification of the PRISE safety procedure is based on the coloured Petri net (CPN) representation. The CPN model of the checked software is derived by reinterpretation from the FBD diagram, using a pre-developed library of CPN subnets. This results in a high-level, hierarchical coloured Petri net, that has an almost identical structure to the FBD specification.
The state space of the CPN model was drastically reduced by “folding” equivalent states and trajectories into equivalence classes. Some of the safety properties could be proven based on the SCC (strongly connected components) graph of the reduced state space. Other properties were proven by CTL temporal logic based model checking.
Unable to display preview. Download preview PDF.
- 2.Design/CPN – Computer Tool for Coloured Petri Nets, CPN group at the University of Aarhus, Denmark (2002), http://www.daimi.au.dk/designCPN/
- 3.Jensen, K.: Coloured Petri Nets – Basic Concepts, Analysis Methods and Practical Use. In: Basic Concepts. Monographs in Theoretical Computer Science, vol. 1. Springer, Heidelberg (1992)Google Scholar
- 4.Jensen, K.: Coloured Petri Nets – Basic Concepts, Analysis Methods and Practical Use. In: Analysis Methods. Monographs in Theoretical Computer Science, vol. 2. Springer, Heidelberg (1997)Google Scholar
- 5.Mertke, T., Menzel, T.: Methods and tools to the verification of safety-related control software. In: Proc. of the IEEE Int. Conf. on Sys., Man and Cybernetics (SMC 2000), Nashville, USA, pp. 2455–2457 (2000)Google Scholar
- 6.Younis, M.B., Frey, G.: Formalization of existing PLC programs: A survey. In: Proc. of the IEEE/IMACS Multiconf. on Comp. Eng. in Sys. App. (CESA 2003), Lille, France, Paper No. S2–R–00–0239 (2003)Google Scholar
- 7.Heiner, M.: Verification and optimization of control programs by Petri nets without state explosion. In: Azéma, P., Balbo, G. (eds.) ICATPN 1997. LNCS, vol. 1248, pp. 69–84. Springer, Heidelberg (1997)Google Scholar
- 10.Baresi, L., Mauri, M., et al.: PLCTools: Design, Formal Validation, and Code Generation for Programmable Controllers. In: Proc. of the IEEE Conf. on Sys., Man, and Cybernetics (SMC 2000), Nashville, USA, pp. 2437–2442 (2000)Google Scholar
- 14.International Standard IEC 61131-3: Programmable Controllers - Part 3: Programming Languages. International Electrotechnical Commission, Geneva, Switzerland (1993)Google Scholar
- 15.Minas, M., Frey, G.: Visual PLC-Programming using Signal Interpreted Petri Nets. In: Proc. of the American Control Conference 2002 (ACC 2002), Anchorage, Alaska, pp. 5019–5024 (2002)Google Scholar
- 16.Rossi, O., Schnoebelen, P.: Formal Modelling of Timed Function Blocks for the Automatic Verification of Ladder Diagram Programs. In: Proc. 4th Int. Conf. Automation of Mixed Processes: Hybrid Dynamic Systems (ADPM), Dortmund, Germany, pp. 177–182. Shaker Verlag, Germany (2000)Google Scholar
- 17.Németh, E., Bartha, T.: Formal verification of function block based specifications of safety-critical software. In: Modern Information Technology in the Innovation Processes of the Industrial Enterprises (MITIP 2006), Budapest, Hungary, pp. 211–218 (2006)Google Scholar
- 18.Németh, E., Fazekas, C., Szederkényi, G., Hangos, K.M.: Modeling and simulation of the primary circuit of the Paks nuclear power plant for control and diagnosis. In: Proceedings of the EUROSIM 2007, Ljubljana, Slovenia (2007) (on CD)Google Scholar