Abstract In the safety-critical systems domain, model-based safety analysis is an increasingly popular approach for failure assessment and verification, which utilizes model checking to verify whether there exist failures and their combinations in system that can lead to hazards. As a formal method, model checking explores the state space of a system model automatically to verify whether it meets safety requirements. Based on a highly-process description language called Promela, SPIN is an efficient model checker that can build system model to describe system's execution and perform random or interactive simulations to identify the failures hazards in system. Flight Control System (FCS) is one of the safety-critical systems in aircraft. This paper proposed a method that can be used to analyze through model checking whether there are potential failures and their combinations in FCS that can lead to hazards. The system model which is described by Promela is constructed in SPIN platform based on the control logic of FCS, and the subsystems in the FCS are abstracted for processes interacting with each other. The properties to be verified are defined by Linear Temporal Logic (LTL) formulas. The potential combinations of failures in FCS can be identified by analyzing the counter-examples produced by model checking, and the accident paths that lead to the hazard of FCS can be found as well. Results of SPIN model checker show that the proposed method can be effectively used to verify and find the combinations of failures that lead to the hazard in FCS.
Read full abstract