Formal Verification of Flight Critical Software

Recent advances in modeling languages have made it feasible to formally specify and analyze the behavior of large system components. Synchronous data flow languages, such as Lustre, SCR, and RSML are well suited to this task, and commercial versions of these tools such as SCADE and Simulink are growing rapidly in popularity among designers of safety critical systems, largely due to their ability to automatically generate code from the models. At the same time, advances in formal analysis tools have made it practical to formally verify important properties of these models to ensure that design defects are identified and corrected early in the lifecycle. This report describes how such formal verification tools have been applied to the FCS 5000, a new family of Flight Control Systems being developed by Rockwell Collins Inc.

[1]  Constance L. Heitmeyer,et al.  Automated consistency checking of requirements specifications , 1996, TSEM.

[2]  Edmund M. Clarke,et al.  Model Checking , 1999, Handbook of Automated Reasoning.

[3]  Marco Bozzano,et al.  Improving Safety Assessment of Complex Systems: An Industrial Case Study , 2003, FME.

[4]  Marco Bozzano,et al.  Improving System Reliability via Model Checking: The FSAP/NuSMV-SA Safety Analysis Platform , 2003, SAFECOMP.

[5]  César Muñoz,et al.  An Overview of SAL , 2000 .

[6]  Natarajan Shankar,et al.  Formal Verification for Fault-Tolerant Architectures: Prolegomena to the Design of PVS , 1995, IEEE Trans. Software Eng..

[7]  Mats Per Erik Heimdahl,et al.  Specification-based prototyping for embedded systems , 1999, ESEC/FSE-7.

[8]  Mats Per Erik Heimdahl,et al.  Proving the Shalls , 2003, FME.

[9]  Gérard Berry,et al.  The Esterel Synchronous Programming Language: Design, Semantics, Implementation , 1992, Sci. Comput. Program..

[10]  Nancy G. Leveson,et al.  Requirements Specification for Process-Control Systems , 1994, IEEE Trans. Software Eng..

[11]  Steven P. Miller,et al.  Flight Guidance System Requirements Specification , 2003 .

[12]  John W. Brackett,et al.  The Core method for real-time requirements , 1992, IEEE Software.

[13]  S.P. Miller,et al.  Mode confusion analysis of a flight guidance system using formal methods , 2003, Digital Avionics Systems Conference, 2003. DASC '03. The 22nd.

[14]  A. Pnueli,et al.  Synchronous Languages , 1994 .

[15]  R.W. Butler,et al.  A formal methods approach to the analysis of mode confusion , 1998, 17th DASC. AIAA/IEEE/SAE. Digital Avionics Systems Conference. Proceedings (Cat. No.98CH36267).

[16]  Nicolas Halbwachs,et al.  Synchronous Modelling of Asynchronous Systems , 2002, EMSOFT.

[17]  Steven P. Miller,et al.  Software safety analysis of a flight guidance system , 2002, Proceedings. The 21st Digital Avionics Systems Conference.

[18]  E. Allen Emerson,et al.  Temporal and Modal Logic , 1991, Handbook of Theoretical Computer Science, Volume B: Formal Models and Sematics.

[19]  David Harel,et al.  Statecharts: A Visual Formalism for Complex Systems , 1987, Sci. Comput. Program..

[20]  Stephen A. Edwards,et al.  The synchronous languages 12 years later , 2003, Proc. IEEE.