Model Checking Operator Procedures
نویسنده
چکیده
Operator procedures are documents telling operators what to do in various situations. They are widely used in process industries including the nuclear power industry. The correctness of such procedures is of great importance. We describe how model checking can be used to detect potential errors and to verify properties of operator procedures. As there could be problems with modelling and model checking large systems, incremental modelling and verification is proposed as a strategy to help overcome these problems. A case study is presented to show how model checking (with the model checker Spin [5]) and the incremental strategy work in practise.
منابع مشابه
A Temporal Logic of Nested Calls and Returns
Model checking of linear temporal logic (LTL) speci cations with respect to pushdown systems has been shown to be a useful tool for analysis of programs with potentially recursive procedures. LTL, however, can specify only regular properties, and properties such as correctness of procedures with respect to pre and post conditions, that require matching of calls and returns, are not regular. We ...
متن کاملModel Checking Human-automation Interaction with Enhanced Operator Function Model
ORIGIN AND UNDERLYING PRINCIPLES Engineers use task analytic behavior models to describe the normative human behaviors required to control a system [12]. These models represent the mental and physical activities operators use to achieve the goals that the system was designed to support. Enhanced Operator Function Model (EOFM) [9], an extension of the Operator Function Model [13], represents hum...
متن کاملModel Checking Spatial Logics for Closure Spaces
Spatial aspects of computation are becoming increasingly relevant in Computer Science, especially in the field of collective adaptive systems and when dealing with systems distributed in physical space. Traditional formal verification techniques are well suited to analyse the temporal evolution of programs; however, properties of space are typically not taken into account explicitly. We present...
متن کاملA Uniformization-Based Algorithm for Model Checking the CSL Until Operator on Labeled Queueing Networks
We present a model checking procedure for the CSL until operator on the CTMCs that underly Jackson queueing networks. The key issue lies in the fact that the underlying CTMC is infinite in as many dimensions as there are queues in the JQN. We need to compute the transient state probabilities for all goal states and for all possible starting states. However, for these transient probabilities no ...
متن کاملUsing model checking to help discover mode confusions and other automation surprises
Automation surprises occur when an automated system behaves differently than its operator expects. If the actual system behavior and the operator’s “mental model” are both described as finite state transition systems, then mechanized techniques known as “model checking” can be used automatically to discover any scenarios that cause the behaviors of the two descriptions to diverge from one anoth...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 1999