Applying STAMP to Support the Synthesis of Controller Logic Considering Safety Concerns

Controllers are key components of safety-critical systems. They are responsible for ensuring many of the system requirements through monitoring and action over other components. The traditional approach for designing controllers encompasses careful understanding, analysis, and manual definition of the behavior of the controller. We propose a correct-by-construction method to synthesize the logic of controllers, based on supervisory control theory. In this paper, we focus on using STAMP to support the controller synthesis. STAMP is an accident causation model based on systems theory, which treats accidents and unacceptable losses as a dynamic control problem. Here STAMP aids to capture the system description, supporting the steps related to the definition of components and their interfaces, the specification of components' behavior, the identification of assumptions, and the determination of functional and safety properties. We provide an overview of the method, contextualizing the methods steps with the system of an automatic door. Later, we present a real system of a Nuclear Power Plant and discuss its outcomes.