Modeling for Safety in a Synthesis-Centric Systems Engineering Framework

  • Jasen Markovski
  • J. M. van de Mortel-Fronczak
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7613)


The ever-increasing complexity of safety-critical systems puts high demands on safety assurance and certification. We focus on the development of control software, where safety) requirements engineering plays a crucial and delicate role. Nowadays, most of the safety features are ensured by the (embedded) control software and, consequently, a great deal of the operational failures primarily originate from requirement errors. We apply formal methods to systematically specify, model, and validate safety (control) requirements, which we then employ to automatically synthesize a control design based on a formal model of the system at hand. The synthesized designs are correct by definition, provided that the models capture all safety aspects of the system. We structure the process in a synthesis-centric model-based systems engineering framework that we apply in an industrial case study involving safe coordination of movement of theme park vehicles. The framework provides rigorous means for modeling of safety requirements, and it supports evolvable product design, requirement reuse, and early integration with hardware prototypes for validation and testing.


Safety Requirement Control Software Supervisory Control Control Requirement Proximity Sensor 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    A systematic literature review to identify and classify software requirement errors. Information and Software Technology 51(7), 1087–1109 (2009)Google Scholar
  2. 2.
    Abrial, J.R.: Modeling in Event-B: System and Software Engineering. Cambridge University Press (2010)Google Scholar
  3. 3.
    Akesson, K., Fabian, M., Flordal, H., Malik, R.: Supremica - an integrated environment for verification, synthesis and simulation of discrete event systems. In: Proceedings of WODES 2006, pp. 384–385. IEEE (2006)Google Scholar
  4. 4.
    Anderson, S., Felici, M.: Safety, reliability and security of industrial computer systems. Reliability Engineering & System Safety 81(3), 235–238 (2003)CrossRefGoogle Scholar
  5. 5.
    Baeten, J.C.M., van de Mortel-Fronczak, J.M., Rooda, J.E.: Integration of Supervisory Control Synthesis in Model-Based Systems Engineering. In: Proceedings of ETAI/COSY 2011, pp. 167–178. IEEE (2011)Google Scholar
  6. 6.
    Baeten, J., van Beek, D., Cuijpers, P., Reniers, M., Rooda, J., Schiffelers, R., Theunissen, R.: Model-based engineering of embedded systems using the hybrid process algebra Chi. ENTCS 209, 21–53 (2008)Google Scholar
  7. 7.
    Braspenning, N., van de Mortel-Fronczak, J., Rooda, J.: A model-based integration and testing method to reduce system development effort. ENTCS 164(4), 13–28 (2006)Google Scholar
  8. 8.
    Cassandras, C., Lafortune, S.: Introduction to discrete event systems. Kluwer Academic Publishers (2004)Google Scholar
  9. 9.
    Cha, S., Son, H., Yoo, J., Jee, E., Seong, P.H.: Systematic evaluation of fault trees using real-time model checker UPPAAL. Reliability Engineering & System Safety 82(1), 11–20 (2003)CrossRefGoogle Scholar
  10. 10.
    Darondeau, P., Dubreil, J., Marchand, H.: Supervisory control for modal specifications of services. In: Proceedings of WODES 2010, pp. 428–435. IFAC (2010)Google Scholar
  11. 11.
    D’Ippolito, N.R., Braberman, V., Piterman, N., Uchitel, S.: Synthesis of live behaviour models. In: Proceedings of SIGSOFT 2010, pp. 77–86. ACM (2010)Google Scholar
  12. 12.
    Estefan, J.: Survey of Model-Based Systems Engineering (MBSE) methodologies. Tech. rep., INCOSE (2008),
  13. 13.
    Feng, L., Wonham, W.M.: TCT: A computation tool for supervisory control synthesis. In: Proceedings of WODES 2006, pp. 388–389. IEEE (2006)Google Scholar
  14. 14.
    Forschelen, S.T.J., Mortel-Fronczak, J.M., Su, R., Rooda, J.E.: Application of supervisory control theory to theme park vehicles. Discrete Event Dynamic Systems, 1–30 (to appear, 2012)Google Scholar
  15. 15.
    Groote, J.F., Mathijssen, A.H.J., Reniers, M.A., Usenko, Y.S., van Weerdenburg, M.J.: Analysis of distributed systems with mCRL2. In: Process Algebra for Parallel and Distributed Processing, pp. 99–128. Chapman & Hall (2009)Google Scholar
  16. 16.
    Hinchey, M., Bowen, J.: Applications of Formal Methods. International Series in Computer Science. Prentice Hall (1995)Google Scholar
  17. 17.
    Iwu, F., Galloway, A., McDermid, J., Toyn, I.: Integrating safety and formal analyses using UML and PFS. Reliability Engineering & System Safety 92(2), 156–170 (2007)CrossRefGoogle Scholar
  18. 18.
    Jiang, S., Kumar, R.: Supervisory control of discrete event systems with CTL* temporal logic specifications. SIAM Journal on Control and Optimization 44(6), 2079–2103 (2006)MathSciNetzbMATHCrossRefGoogle Scholar
  19. 19.
    Kelly, T., Wang, Y., Lafortune, S., Mahlke, S.: Eliminating concurrency bugs with control engineering. Computer 42(12), 52–60 (2009)CrossRefGoogle Scholar
  20. 20.
    Kim, T., Stringer-Calvert, D., Cha, S.: Formal verification of functional properties of a SCR-style software requirements specification using PVS. Reliability Engineering & System Safety 87(3), 351–363 (2005)CrossRefGoogle Scholar
  21. 21.
    Lahtinen, J., Valkonen, J., Bjorkman, K., Frits, J., Niemela, I., Heljanko, K.: Model checking of safety-critical software in the nuclear engineering domain. Reliability Engineering & System Safety (to appear, 2012)Google Scholar
  22. 22.
    Larsen, K.G., Pettersson, P., Yi, W.: Uppaal in a Nutshell. International Journal on Software Tools for Technology Transfer 1(1-2), 134–152 (1997)zbMATHCrossRefGoogle Scholar
  23. 23.
    Leveson, N.: The challenge of building process-control software. IEEE Software 7(6), 55–62 (1990)CrossRefGoogle Scholar
  24. 24.
    Ma, C., Wonham, W.M.: Nonblocking Supervisory Control of State Tree Structures. LNCIS, vol. 317. Springer (2005)Google Scholar
  25. 25.
    Markovski, J.: Towards supervisory control of Interactive Markov chains: Controllability. In: Proceedings of ACSD 2011, pp. 108–117. IEEE (2011)Google Scholar
  26. 26.
    Markovski, J., van Beek, D.A., Theunissen, R.J.M., Jacobs, K.G.M., Rooda, J.E.: A state-based framework for supervisory control synthesis and verification. In: Proceedings of CDC 2010, pp. 3481–3486. IEEE (2010)Google Scholar
  27. 27.
    Markovski, J., Jacobs, K.G.M., van Beek, D.A., Somers, L.J.A.M., Rooda, J.E.: Coordination of resources using generalized state-based requirements. In: Proceedings of WODES 2010, pp. 300–305. IFAC (2010)Google Scholar
  28. 28.
    Markovski, J., Reniers, M.A.: Verifying performance of supervised plants. In: Proceedings of ACSD 2012. IEEE (to appear, 2012)Google Scholar
  29. 29.
    Mertke, T., Menzel, T.: Methods and tools to the verification of safety-related control software. In: Proceedings of SMC 2000, vol. 4, pp. 2455–2457 (2000)Google Scholar
  30. 30.
    Miremadi, S., Akesson, K., Lennartson, B.: Extraction and representation of a supervisor using guards in extended finite automata. In: Proceedings of WODES 2008, pp. 193–199. IEEE (2008)Google Scholar
  31. 31.
    Ramadge, P.J., Wonham, W.M.: Supervisory control of a class of discrete-event processes. SIAM Journal on Control and Optimization 25(1), 206–230 (1987)MathSciNetzbMATHCrossRefGoogle Scholar
  32. 32.
    RTCA Inc. and EUROCAE: DO-178B: Software considerations in airborne systems and equipments certification (1992)Google Scholar
  33. 33.
    Schauf, A.: Safety implications of software in safety-critical devices. Journal of System Safety 47(6), 1–5 (2011)Google Scholar
  34. 34.
    Schiffelers, R.R.H., Theunissen, R.J.M., van Beek, D.A., Rooda, J.E.: Model-based engineering of supervisory controllers using CIF. Electronic Communications of the EASST 21, 1–10 (2009)Google Scholar
  35. 35.
    Seow, K.T.: Integrating temporal logic as a state-based specification language for discrete-event control design in finite automata. IEEE Transactions on Automation Science and Engineering 4(3), 451–464 (2007)CrossRefGoogle Scholar
  36. 36.
    Su, R., van Schuppen, J.H., Rooda, J.: Aggregative synthesis of distributed supervisors based on automaton abstraction. IEEE Transactions on Automatic Control 55(7), 1627–1640 (2010)CrossRefGoogle Scholar
  37. 37.
    Theunissen, R.J.M., Schiffelers, R.R.H., van Beek, D.A., Rooda, J.R.: Supervisory control synthesis for a patient support system. In: Proceedings of ECC 2009, pp. 1–6. EUCA (2009)Google Scholar
  38. 38.
    UK Ministry of Defence: Defence standard 00-55 – The procurement of safety critical software in defence equipment (1997)Google Scholar
  39. 39.
    Ziller, R., Schneider, K.: Combining supervisor synthesis and model checking. ACM Transactions on Embedded Computing Systems 4(2), 331–362 (2005)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2012

Authors and Affiliations

  • Jasen Markovski
    • 1
  • J. M. van de Mortel-Fronczak
    • 1
  1. 1.Eindhoven University of TechnologyEindhovenThe Netherlands

Personalised recommendations