The ForeMoSt approach to building valid model-based safety arguments

Safety assurance cases (ACs) are structured arguments designed to comprehensively show that a system is safe. ACs are often model-based , meaning that a model of the system is a primary subject of the argument. ACs use reasoning steps called strategies to decompose high-level claims about system saf...

Full description

Saved in:
Bibliographic Details
Published inSoftware and systems modeling Vol. 22; no. 5; pp. 1473 - 1494
Main Authors Viger, Torin, Murphy, Logan, Di Sandro, Alessio, Menghi, Claudio, Shahin, Ramy, Chechik, Marsha
Format Journal Article
LanguageEnglish
Published Berlin/Heidelberg Springer Berlin Heidelberg 01.10.2023
Springer Nature B.V
Subjects
Case studies
Compilers
Computer Science
Decomposition
Engineers
Errors
Formal method
Information Systems Applications (incl.Internet)
Interpreters
IT in Business
Programming Languages
Programming Techniques
Reasoning
Safety
Software
Software Engineering
Software Engineering/Programming and Operating Systems
Special Section Paper
Theorem proving
Lean
Safety
Assurance cases
Theorem proving
Strategies
Online AccessGet full text
ISSN1619-1366
1619-1374
DOI10.1007/s10270-022-01063-4

Cover

More Information
Summary:Safety assurance cases (ACs) are structured arguments designed to comprehensively show that a system is safe. ACs are often model-based , meaning that a model of the system is a primary subject of the argument. ACs use reasoning steps called strategies to decompose high-level claims about system safety into refined subclaims that can be directly supported by evidence. Strategies are often informal and difficult to rigorously evaluate in practice, and consequently, AC arguments often contain reasoning errors. This has led to the deployment of unsafe systems, and caused severe real-world consequences. These errors can be mitigated by formalizing and verifying AC strategies using formal methods; however, these techniques are difficult to use without formal methods expertise. To mitigate potential challenges faced by engineers when developing and interpreting formal ACs, we present ForeMoSt, our tool-supported framework for rigorously validating AC strategies using the Lean theorem prover. The goal of the framework is to straddle the level of abstraction used by the theorem prover and by software engineers. We use case studies from the literature to demonstrate that ForeMoSt is able to (i) augment and validate ACs from the research literature, (ii) support AC development for systems with large models, and (iii) support different model types.
Bibliography:ObjectType-Article-1
SourceType-Scholarly Journals-1
ObjectType-Feature-2
content type line 14
ISSN:1619-1366
1619-1374
DOI:10.1007/s10270-022-01063-4