Abstract state machines and system theoretic process analysis for safety-critical systems

Abstract

The Abstract State Machine (ASM) method is a formal specification and modeling technique that allows us to specify computational systems at the required abstraction level and facilitates formal analysis and verification. System Theoretic Process Analysis (STPA) is a semi-formal hazard analysis method that aims to identify safety requirements emerging from the analysis of potential interactions among components and inadequate control in the system’s design. In this paper, we combine these two techniques to develop a methodology capturing both the formal representation of ASM with the ability to generate safety properties from the STPA hazard analysis. This has the advantages of verifying the STPA requirements in a formal way, and giving insights for the improvement of the ASM specification, depending on these requirements. We illustrate our methodology by applying it to an insulin pump control system case study, showing what safety issues it highlights.