2021

Ovsiannikova, Polina; Buzhinsky, Igor; Pakonen, Antti; Vyatkin, Valeriy

<p>Thorough verification is a part of the design process of instrumentation and control systems if they must comply with crucial safety requirements. Model checking can be applied to the formal model of such a system to reason about its correctness based on the specification provided. When a violation occurs, the model checking tool outputs the proof of the violation in the form of a failure trace, which represents a state sequence of system model transitions where the requirement does not hold. This sequence, however, even for modular systems, is a mere table of values. Due to the lack of any insights into the inner model processes and structures that caused a problem, the debugging process of the formal model becomes time and effort consuming. The tool presented in this paper, Oeritte, is aimed at assisting the analyst in this challenge. It implements a method for automatic visual counterexample explanation which includes reasoning both over the falsified LTL formula and over the NuSMV function block diagram of the formal model of the system. The tool is applied to an industrial-sized safety control system of a nuclear power plant.</p>