Abstract
Inaccuracies, or deviations, in the measurements of monitored variables in a control system are facts of life that control software must accommodate. Deviation analysis can be used to determine how a software specification will behave in the face of such deviations. Deviation analysis is intended to answer questions such as “What is the effect on output O if input I is off by 0 to 100?”. This property is best checked with some form of symbolic execution approach. In this report we wish to propose a new approach to deviation analysis using model checking techniques. The key observation that allows us to use model checkers is that the property can be restated as “Will there be an effect on output O if input I is off by 0 to 100?”—this restatement of the property changes the analysis from an exploratory analysis to a verification task suitable for model checking.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
References
Ait-Ameur, Y., Bel, G., Boniol, F., Pairault, S., and Wiels, V. 2003. Robustness analysis of avionics embedded systems. In Proceedings of the 2003 ACM SIGPLAN Conference on Language, Compiler, and Tool for Embedded Systems. New York, NY, USA, ACM Press, pp. 123–132.
Biere, A., Cimatti, A., Clarke, E.M., and Zhu, Y. 1999. Symbolic model checking without BDDs. In Tools and Algorithms for the Analysis and Construction of Systems, pp. 193–207.
Choi, Y. 2003. Toward automated verifiaction of software specifications with numeric constraints. Ph.D. thesis, University of Minnesota. Draft.
Choi, Y. and Heimdahl, M. 2002. Model checking RSML-e requirements. In Proceedings of the 7th IEEE/IEICE International Symposium on High Assurance Systems Engineering. Tokyo, Japan, pp. 109–118.
Choi, Y., Rayadurgam, S., and Heimdahl, M. 2001. ‘Automatic abstraction for model checking software systems with interrelated numeric constraints’. In Proceedings of the 9th ACM SIGSOFT Symposium on the Foundations of Software Engineering (ESEC/FSE-9), pp. 164–174.
Choi, Y., Rayadurgam, S., and Heimdahl, M.P. 2002. Toward automation for model checking requirement specifications with numeric constraints. Requirements Engineering Journal, 7(4):225–242.
CISHEC. 1977. A Guide to Hazard and Operability Studies. The Chemical Industry Safety and Health Council of the Chemical Industries Association Ltd.
Clarke, E., Grumberg, O., Jha, S., Lu, Y., and Veith, H. 2000. Counterexample-guided abstraction refinement. In Proceedings of the 12th International Conference on Computer Aided Verification, pp. 154–169.
Clarke, E.M., Grumberg, O., and Peled, D. 1999. Model Checking. MIT Press.
Halbwachs, N., Caspi, P., Raymond, P., and Pilaud, D. 1991. The synchronous dataflow programming language lustre. Proceedings of the IEEE, 79(9):1305–1320.
Jaffe, M.S., Leveson, N.G., Heimdahl, M.P., and Melhart, B.E. 1991. Software requirements analysis for real-time process-control systems. IEEE Transactions on Software Engineering, 17(3):241–258.
Kletz, T. 1992. Hazop and Hazan: Identifying and Assessing Process Industry Standards. Institution of Chemical Engineers.
Leveson, N., Reese, J., Koga, S., Pinnel, L., and Sandys, S. 1997. Analyzing Requirements Specifications for Mode Confusion Errors. In Proceedings of the Workshop on Human Error and System Development.
Leveson, N.G. and Palmer, E. 1997. Designing automation to reduce operator errors. In Proceedings of the IEEE Systems, Man, and Cybernetics Conference.
McDermid, J. and Pumfrey, D.J. 1994. A development of hazard analysis to aid software design. In COMPASS ‘94: Proceedings of the Ninth Annual Conference on Computer Assurance. IEEE/NIST, pp. 17–25.
Miller, S.P. and Potts, J.N. 1999. Detecting mode confusion through formalanalysis and modeling. In NASA Contractor Report NASA/CR-1999-208971.
Miller, S.P. and Tribble, A.C. 2001. Extending the Four-Variable Model to Bridge the System-Software Gap. In Proceedings of the Twentith IEEE/AIAA Digital Avionics Systems Conference (DASC’01).
NuSMV, NuSMV: A New Symbolic Model Checking. Available at http://nusmv.irst.itc.it/.
Cousot, P. and Cousot, R. 1977. Abstract interpretation: A Unified Lattice Model for Static Analysis of Programs by Construction or Approximation of Fixpoints. In Proceedings of 4th ACM Symposium on Principles of Programming Languages, pp. 238–252.
Reese, J. and Leveson, N. 1997a. Software deviation analysis. In International Conference on Software Engineering.
Reese, J. and Leveson, N. 1997b. Software deviation analysis: A “Safeware” Technique. In: AIChe 31st Annual Loss Prevention Symposium.
Reese, J.D. 1996. Software deviation analysis. Ph.D. thesis, University of California, Irvine.
Thompson, J.M., Heimdahl, M.P., and Miller, S.P. 1999. Specification based prototyping for embedded systems. In Seventh ACM SIGSOFT Symposium on the Foundations on Software Engineering, pp. 163–179.
Whalen, M.W. 2000. A formal semantics for RSML−e. Master’s thesis, University of Minnesota.
Whalen, M.W. 2005. Trustworthy translation for the requirements state machine language without events, University of Minnesota.
Author information
Authors and Affiliations
Rights and permissions
About this article
Cite this article
Heimdahl, M.P.E., Choi, Y. & Whalen, M.W. Deviation Analysis: A New Use of Model Checking. Autom Software Eng 12, 321–347 (2005). https://doi.org/10.1007/s10515-005-2642-x
Issue Date:
DOI: https://doi.org/10.1007/s10515-005-2642-x