• Nuclear Engineering and Technology
• /
• v.31 no.1
• /
• pp.58-67
• /
• 1999

The purpose is to produce a model of nuclear reactor trip logic caused by the steam generator water level of Wolsong 2/3/4 unit through an activity chart and a statechart and to produce C language automatically using Statechart-based Formalism and Stalemate MAGNUM toolset suggested by David Harel Formalism. It was worth attempting auto-generation of C language though we manually made Software Requirement Specification(SRS) for safety-critical software using statechart-based formalism. Most of the phases of the software life-cycle except the software requirement specification of an analysis phase were generated automatically by Computer Aided Software Engineering (CASE) tools. It was verified that automatically produced C language has high productivity, portability, and quality through the simulation.

• The Transactions of the Korean Institute of Electrical Engineers P
• /
• v.57 no.2
• /
• pp.65-71
• /
• 2008

Recently, many critical control systems are developed using formal methods. When software applied to such systems is developed, the employment of formal methods in the software requirements specification and verification will provide increased. assurance for such applications. Earlier error of overlooked requirement specification can be detected using formal specification method. Also the testing and full verification to examine all reachable states using model checking to undertake formal verification are able to be completed. In this paper, we propose an eclectic approach to incorporate Z(Zed) formal language and 'Statemate MAGNUM' which is formal method tools using Statechart for applying to the railway signaling systems.

• Journal of KIISE:Computing Practices and Letters
• /
• v.5 no.4
• /
• pp.457-466
• /
• 1999

원자력 발전소 계측 제어 시스템, 의료 관련 시스템, 항공 관련 시스템 등 실생활과 밀접한 시스템에 소프트웨어의 사용이 점차 증가하고 있다. 이러한 시스템에서 소프트웨어의 오류는 예기치 않는 사고를 유발하여 인명, 재산상의 심각한 타격을 줄 수 있다. 그러므로 고신뢰도 소프트웨어의 개발 시에는 반드시 시스템의 안전성을 보장해 주어야 한다. 역방향 안전성 분석 방법은 시스템의 안전성을 분석하는 한가지 방법으로서 시스템의 위험 상태를 정의하고 그 위험의 원인들을 추적, 분석함으로써 안전성에 대한 효율적인 분석을 수행할 수 있는 장점을 갖는다. 이 논문에서는 소프트웨어 개발 초기 단계에서 안전성을 분석할 수 있는 방법으로 Colored Petri Nets(CPN)에 기반을 둔 역방향 안전성 분석 방법을 제시한다. 또한 CPN 역방향 안전성 분석 도구인 SAC(Safety Analyzer for CPN)의 설계 및 구현에 대해 언급한다. SAC은 기존의 상용 CPN 모델링 도구인 Design/CPN과 연계하여 사용될 수 있으므로 CPN으로 모델링된 시스템의 안전성을 분석할 수 있다는 장점이 있다. 이 논문에서는 예제로 자동 교통 제어 시스템의 일부를 CPN으로 모델링하고 SAC을 이용한 분석 과정을 기술한다.Abstract In safety-critical systems such as nuclear power plants, medical machines, and avionic systems which are closely related with our livings, the usage of software in the controlling part is growing rapidly. Since software errors in safety-critical systems may cause serious accidents leading to financial or human damages, system safety should be ensured during and after development of a system. A backward safety analysis technique defines system hazards and tries to trace their causes by analyzing system states backward. In this paper, we provide a backward safety analysis technique based on Colored Petri Nets(CPN), which is applicable to the early software development phase. Also Safety Analyzer for CPN(SAC), the supporting tool, is designed and implemented. Since SAC is compatible with Design/CPN, a commercial tool for supporting CPN, it can be applicable to analyze safety in practical problems. As an example, we model a part of the traffic light control system using CPN and analyze safety properties of the model using the SAC tool.

• Journal of Korea Multimedia Society
• /
• v.17 no.2
• /
• pp.170-179
• /
• 2014

Recently the U-Healthcare system has been rapidly advanced to manage emergence rescue for seniors. We can access emergency rescue systems with high quality services anytime, anywhere under ubiquitous healthcare systems. The more the various systems develop, the more software security systems become important. Therefore, the safety-critical system has been widely spread to the world by advancement of the information and communication technologies. There are a lot kind of fault analysis methods to evaluate software security systems. However due to characteristics of software that is not applied by human error, it can be prevented the enormous damages and losses from improving the safety of safety-critical system. So this paper proposes an integration method of FTA and Forward and Backward FMECA. This method has each strength of FTA and FMECA which is visual and numeric in normalization. First, by use of FTA, we can redraw FTA with Forward FMECA and Backward FMECA in consideration of occurrence, severity, detection, correctness, robustness, and security. Also according to value of NRVP at each event, we can modify FTA diagrams as shown critical paths given by severity and occurrence. Also, we propose the improved emergency rescue service platform of ubiquitous healthcare systems through identifying priorities of the criticality according to normalized risk priority values (NRPV).

• Journal of KIISE:Software and Applications
• /
• v.30 no.5_6
• /
• pp.587-597
• /
• 2003

The C language is widely adopted for safety-critical systems. However, it is known that the C language is an unsuitable choice for safety-critical system since the C language includes several bad language features such as heavy use of pointers. The aim of this work is to define safe subset of the C language and translate the subset into the SPARK Ada so that we can verify the program's safety using SPARK analysis tools. SPARK is a safe subset of Ada and has been successfully applied to high integrity system development. The C program translated into SPARK has the same integrity level as SPARK, and the program correctness can be verified by using Examiner which is a SPARK analysis tool. An elevator controller case study is presented and is used to demonstrate the potential use of our approach to implement a realistic system. We also developed a translator that automatically translates C code into SPARK in accordance with the translation rules.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.34 no.7B
• /
• pp.744-750
• /
• 2009

In this paper, the unified Markov modeling of hardware and software for AVTMR(AlI Voting Triple Modular Redundancy) system is proposed and the dependability is analyzed. In hardware case, a failure rate is fixed to no time varying parameter. But, in software case, failure rate is applied with time varying parameter. Especially, the dependability(Reliability, Availability, Maintainability, Safety) of software is analyzed with G-O/NHPP for Markov modeling. The dependability of single and AVTMR system is analyzed and simulated with a unified Markov modeling method, and the characteristic of each system is compared accroding to failure rate. This kind of fault tolerat system can be applied to an airplane and life critical system to meet the requirement for a specific requirement.

• Journal of KIISE:Computing Practices and Letters
• /
• v.8 no.1
• /
• pp.46-61
• /
• 2002

Among the many phases involved in software development, requirements analysis phase in generally considered to play a crucial role in determining the overall software quality. Therefore, many software development companies manages the phase as one of the important phase. Especially, safety assurance through requirements analysis for safety-critical systems is quite demanding, and national and international bodies routinely require safety demonstration. Among various approaches, inspection and formal methods are generally shown to be effective. In this paper, we propose a formal verification procedure for SCR(Software Cost Reduction)-style SRS(Software Requirements Specification) using the PVS specification and verification procedure and applied this procedure to an industrial system such that a shutdown system for Wolsung nuclear power plant. This system had been verified through inspection not formal verification. The application of formal methods is rare in Korea, so it is very important to experiment about formal verification to industrial systems.

• Journal of Korean Critical Care Nursing
• /
• v.12 no.2
• /
• pp.85-96
• /
• 2019

Purpose : The purpose of this study was to examine the mediating effect of perceptions regarding the importance of patient safety management in the relationship between incident reporting attitudes and patient safety care activities for nurses in small-and medium-sized general hospitals. The objective was to provide a basis for planning tailored training programs aimed at improving patient safety care activities. Methods : This study was conducted with 187 participants in small- and medium-sized general hospitals in K city in South Korea from March 15 to March 31, 2019. The data collected from participants were analyzed using descriptive statistics, a t-test, ANOVA, Pearson's correlation coefficients, and a multiple regression using IBM SPSS/WIN 21.0 software. Results : Patient safety care activities were found to be correlated with incident reporting attitudes (r=.27, p < .001) and perceptions of the importance of patient safety management (r=.59, p < .001). Further, perceptions of the importance of patient safety management had a complete mediating effect (${\beta}=.409$, p < .001) on the relationship between incident reporting attitudes and patient safety care activities. Conclusion : Based on the findings of this study, tailored training programs regarding patient safety care activities focused on boosting perceptions of the importance of patient safety management are highly recommended to improve nurses' patient safety care activities in small- and medium-sized general hospitals.

• Proceedings of the Korean Society of Precision Engineering Conference
• /
• 2004.10a
• /
• pp.1105-1108
• /
• 2004

This paper describes the structural analysis result and load test result of accident EMU(Electric Multiple Units). Structural analysis and load test of EMU were performed for the criteria of safety assessment. Structural analysis using commercial I-DEAS software provided important information on the stress distribution and load transfer mechanisms as well as the amount of damages during rolling stock crash. The purpose of the load test is to evaluate a safety which carbody structure shall be considered fully sufficient rigidity so as to satisfy proper system function under maximum load and operating condition. The results have been used to provide the critical information for the criteria of safety assessment.

• Structural Monitoring and Maintenance
• /
• v.5 no.3
• /
• pp.363-377
• /
• 2018

The proper functioning of critical points on transport infrastructure is decisive for the entire network. Tunnels and bridges certainly belong to the critical points of the surface transport network, both road and rail. Risk management should be a holistic and dynamic process throughout the entire life cycle. However, the level of risk is usually determined only during the design stage mainly due to the fact that it is a time-consuming and costly process. This paper presents a simplified quantitative risk analysis method that can be used any time during the decades of a tunnel's lifetime and can estimate the changing risks on a continuous basis and thus uncover hidden safety threats. The presented method is a decision support system for tunnel managers designed to preserve or even increase tunnel safety. The CAPITA method is a deterministic scenario-oriented risk analysis approach for assessment of mortality risks in road tunnels in case of the most dangerous situation - a fire. It is implemented through an advanced risk analysis CAPITA SW. Both, the method as well as the resulting software were developed by the authors' team. Unlike existing analyzes requiring specialized microsimulation tools for traffic flow, smoke propagation and evacuation modeling, the CAPITA contains comprehensive database with the results of thousands of simulations performed in advance for various combinations of variables. This approach significantly simplifies the overall complexity and thus enhances the usability of the resulting risk analysis. Additionally, it provides the decision makers with holistic view by providing not only on the expected risk but also on the risk's sensitivity to different variables. This allows the tunnel manager or another decision maker to estimate the primary change of risk whenever traffic conditions in the tunnel change and to see the dependencies to particular input variables.