Adgs-2100 Adaptive Display and Guidance System Window Manager Analysis

Recent advances in modeling languages have made it feasible to formally specify and analyze the behavior of large system components. Synchronous data flow languages, such as Lustre, SCR, and RSML-e are particularly well suited to this task, and commercial versions of these tools such as SCADE and Simulink are growing in popularity among designers of safety critical systems, largely due to their ability to automatically generate code from the models. At the same time, advances in formal analysis tools have made it practical to formally verify important properties of these models to ensure that design defects are identified and corrected early in the lifecycle. This report describes how these tools have been applied to the ADGS-2100 Adaptive Display and Guidance Window Manager being developed by Rockwell Collins Inc. This work demonstrates how formal methods can be easily and cost-efficiently used to remove defects early in the design cycle.

[1]  Mats Per Erik Heimdahl,et al.  Specification-based prototyping for embedded systems , 1999, ESEC/FSE-7.

[2]  Edmund M. Clarke,et al.  Model Checking , 1999, Handbook of Automated Reasoning.

[3]  Mats Per Erik Heimdahl,et al.  Proving the Shalls , 2003, FME.

[4]  Natarajan Shankar,et al.  Formal Verification for Fault-Tolerant Architectures: Prolegomena to the Design of PVS , 1995, IEEE Trans. Software Eng..

[5]  John W. Brackett,et al.  The Core method for real-time requirements , 1992, IEEE Software.

[6]  César Muñoz,et al.  An Overview of SAL , 2000 .

[7]  Constance L. Heitmeyer,et al.  Automated consistency checking of requirements specifications , 1996, TSEM.

[8]  Marco Bozzano,et al.  Improving Safety Assessment of Complex Systems: An Industrial Case Study , 2003, FME.

[9]  Wolfgang Thomas,et al.  Handbook of Theoretical Computer Science, Volume B: Formal Models and Semantics , 1990 .

[10]  Steven P. Miller,et al.  FGS Partitioning Final Report , 2004 .

[11]  Pascal Raymond,et al.  The synchronous data flow programming language LUSTRE , 1991, Proc. IEEE.

[12]  S.P. Miller,et al.  Mode confusion analysis of a flight guidance system using formal methods , 2003, Digital Avionics Systems Conference, 2003. DASC '03. The 22nd.

[13]  Steven P. Miller,et al.  Software safety analysis of a flight guidance system , 2002, Proceedings. The 21st Digital Avionics Systems Conference.

[14]  Steven P. Miller,et al.  Applicability of modified condition/decision coverage to software testing , 1994, Softw. Eng. J..

[15]  Nancy G. Leveson,et al.  Requirements Specification for Process-Control Systems , 1994, IEEE Trans. Software Eng..

[16]  L HeitmeyerConstance,et al.  Automated consistency checking of requirements specifications , 1996 .

[17]  Michael W. Whalen,et al.  A formal semantics for RSML- e , 2000 .

[18]  Thomas L. Harman,et al.  Mastering Simulink , 2003 .

[19]  Steven P. Miller,et al.  Flight Guidance System Requirements Specification , 2003 .

[20]  James B. Dabney,et al.  Mastering Simulink 4 , 2001 .

[21]  Jan van Leeuwen,et al.  Formal models and semantics , 1990 .

[22]  Marco Bozzano,et al.  The NuSMV Model Checker , 2010 .

[23]  David Harel,et al.  Statecharts: A Visual Formalism for Complex Systems , 1987, Sci. Comput. Program..

[24]  Stephen A. Edwards,et al.  The synchronous languages 12 years later , 2003, Proc. IEEE.

[25]  Stavros Tripakis,et al.  Defining and translating a "safe" subset of simulink/stateflow into lustre , 2004, EMSOFT '04.

[26]  Marco Bozzano,et al.  Improving System Reliability via Model Checking: The FSAP/NuSMV-SA Safety Analysis Platform , 2003, SAFECOMP.

[27]  E. Allen Emerson,et al.  Temporal and Modal Logic , 1991, Handbook of Theoretical Computer Science, Volume B: Formal Models and Sematics.

[28]  R.W. Butler,et al.  A formal methods approach to the analysis of mode confusion , 1998, 17th DASC. AIAA/IEEE/SAE. Digital Avionics Systems Conference. Proceedings (Cat. No.98CH36267).