Validation of mission critical software design and implementation using model checking [spacecraft]

Pingree, Paula J.; Mikk, Erich; Holzmann, Gerard J.; Smith, Margaret; Dams, Dennis

doi:10.1109/dasc.2002.1067982

Cited by 14 publications

(5 citation statements)

References 3 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Note that all mentioned translations interpret Simulink and Stateflow charts by synchronous language. An attempt to validate Stateflow designs with explicit-state SPIN has been described [16], however, the extension to SPIN is not publicly available.…”

Section: Preliminaries and Related Workmentioning

confidence: 99%

Executing Model Checking Counterexamples in Simulink

Barnat

Brim

et al. 2012

2012 Sixth International Symposium on Theoretical Aspects of Software Engineering

View full text Add to dashboard Cite

Verification of embedded systems has become increasingly important in many industrial domains. Safetycritical embedded systems, such as those developed in aerospace industry, are regularly subject to automated formal verification process. In this paper we extend our tool integration chain of parallel, explicit-state LTL model checker DIVINE and Matlab Simulink tool suit with an improved support of counterexample simulation. In particular, we show how to provide the verification engineer with a direct connection between the error discovered by the model checker and the simulation in Matlab Simulink. This work has been conducted within the Artemis project industrial Framework for Embedded Systems Tools (iFEST).

show abstract

Section: Preliminaries and Related Workmentioning

confidence: 99%

Executing Model Checking Counterexamples in Simulink

Barnat

Brim

et al. 2012

2012 Sixth International Symposium on Theoretical Aspects of Software Engineering

View full text Add to dashboard Cite

show abstract

“…The use of autonomous UAVs has led researchers to develop model checking applications for UAV software with different purposes, e.g., obstacle detection and avoidance [30], ensure the reachability of mission plan for single- [31], [32] and multi-UAVs [5], [33], and evaluate the reliability of fault protection software [17].…”

Section: A Formal Verification Of Avionics Softwarementioning

confidence: 99%

“…Formal verification has been applied to avionics embedded software, since the 2000s, due to safety and reliability requirements [12]. Different tools (e.g., SPIN [13], SMV [14], and NuSMV [15]) were used for developing and validating flight control software, such as the NASA's missions Mars Science Laboratory [16] and Deep Space 1 [17], the flight control system FCS 5000 [18], and the military aircraft A-7 [19].…”

Section: Introductionmentioning

confidence: 99%

DSVerifier-Aided Verification Applied to Attitude Control Software in Unmanned Aerial Vehicles

et al. 2018

View full text Add to dashboard Cite

During the last decades, model checking techniques have been applied to improve overall system reliability, in unmanned aerial vehicle (UAV) approaches. Nonetheless, there is little effort focused on applying those methods to the controlsystem domain, especially when it comes to the investigation of low-level implementation errors, which are related to digital controllers and hardware compatibility. The present study addresses the mentioned problems and proposes the application of a bounded model checking tool, named as Digital System Verifier (DSVerifier), to the verification of digital-system implementation issues, in order to investigate problems that emerge in digital controllers designed for UAV attitude systems. A verification methodology to search for implementation errors related to finite word-length effects (e.g., arithmetic overflows and limit cycles), in UAV attitude controllers, is presented, along with its evaluation, which aims to ensure correct-by-design systems. Experimental results show that low-level failures in UAV attitude control software used in aerial surveillance are identified by DSVerifier, which can also be used for developing sound and correct implementations, through its integration into development processes. Finally, given that the proposed approach handles C code and takes into account hardware specifications, it is suitable for verifying final controller implementations, which is a more practical scenario.

show abstract

“…The full capability of the SPIN model checker may be used to verify models generated by HiVy because they yield valid Promela code. The development of our approach for verification of NASA Spacecraft Fault Protection designs has been presented previously [7], [8]. The validity of HiVy generated models for SPIN model checking has been prototyped.…”

Section: In Conclusionmentioning

confidence: 99%

The HiVy Tool Set

Pingree

Mikk²

2004

Computer Aided Verification

View full text Add to dashboard Cite

Our aim is to validate mission-specific components of spacecraft flight software designs that are specified using state-charts and translated automatically to the final flight code for the mission. We established an automatic translation tool set from state-charts to the input language of SPIN for the validation of such mission-specific components. To guarantee compliance with autogenerated flight code, our translation tool set preserves the StateFlow ® semantics. We are now able to specify and validate portions of mission-critical software design and implementation using the exhaustive exploration techniques of model checking.

show abstract

Validation of mission critical software design and implementation using model checking [spacecraft]

Cited by 14 publications

References 3 publications

Executing Model Checking Counterexamples in Simulink

Executing Model Checking Counterexamples in Simulink

DSVerifier-Aided Verification Applied to Attitude Control Software in Unmanned Aerial Vehicles

The HiVy Tool Set

Contact Info

Product

Resources

About