Safety-Critical System Modeling in Model-Based Testing with Hazard and Operability Analysis

Model-based testing (MBT) generates tests from behavioral models of systems. When applying MBT to safety-critical systems, one problem is that textual requirements from which the behavior model is generated focus on commonly used scenarios while missing other scenarios that may lead to hazards. We propose to combine MBT with a hazard analysis technique, Hazard and Operability analysis. We first derive guide phrases from original requirements, and use these phrases to extend original requirements by adding more alternative scenarios. Second, we create timed automata from the extended requirements. Third, we validate the automata with model checking. We report a case study where our approach was applied to train control system. We created two groups of automata from original and extended requirements, respectively. We found that the automata created from extended requirements are more likely to avoid problems such as deadlock. Furthermore, tests generated from such models cover more system behaviors.