Checking models based on an iterative co-specification process of a critical system

Recurrent incident reports indicate that critical systems such as power plants exhibit unintended emergent behaviors outside of acceptable limits, despite of the increasing development of dependable automation technologies as well as of a lot of techniques related to dependability issues. Among many causes, the role of human for operating technical artefacts is of importance, but also for designing them from the early stages of specification in order to check the basic property of wholeness of any system. A mean is to ensure a continuum of compliant models to component integration through an iterative process between all the disciplines involved to engineer these systems as whole all along their life cycle. However, a human-based process to check the “right-system requirements-right” remains not fully adequate at the scale of real systems engineering projects and in any case to critical issues. This paper explores the formal checking compliance of architecting models with dependability requirements. These models are refined iteratively by specialist and specialty engineers interoperating with a system engineer through a co-specification process on a particular case study of a critical power-plant sub-system.