Model-Based Analysis of a Stepwise Shutdown Logic


Kim Björkman, Juho Frits, Janne Valkonen, Keijo Heljanko, and Ilkka Niemelä. Model-based analysis of a stepwise shutdown logic. VTT Working Papers 115, VTT Technical Research Centre of Finland, Espoo, 2009.


Modern digitalized Instrumentation & Control (I&C) systems set new challenges for safety evaluation. Model checking is a promising formal method that can be used for verifying the correctness of system designs. A number of efficient model checking systems are available offering analysis tools that are able to determine automatically whether a given state machine model satisfies the desired safety properties. Model checking can also handle delays and other time-related operations, which are crucial in safety I&C systems and are challenging to design and verify.

Two types of model checking approaches are studied to verify safety logic designs involving timing aspects. The first approach uses timed automata as the modelling framework and the other employs finite state machines typically used in verifying hardware. The approaches are compared using two similar designs of a safety logic demonstrating how small changes in the design can lead to unexpected errors that are hard to detect without using model checking techniques. A straightforward approach to modelling such designs using timed automata and finite state machines is developed and the performance of the model checking tools when verifying the safety requirements of the designs is studied.

A safety case is a way of presenting a clear, defensible argument that a system is adequately safe to operate in its intended environment. Two safety case notations are compared and an exploratory safety case structure developed to test the methodology in practice and see how it suits for documenting the results of model checking.


safety evaluation, model checking, automation system, I&C, safety case, failure, NuSMV, UPPAAL

Suggested BibTeX entry:

    address = {Espoo},
    author = {Kim Bj{\"o}rkman and Juho Frits and Janne Valkonen and Keijo Heljanko and Ilkka Niemel{\"a}},
    institution = {VTT Technical Research Centre of Finland},
    number = {115},
    title = {Model-Based Analysis of a Stepwise Shutdown Logic},
    type = {VTT Working Papers},
    year = {2009},

See ...