Formal Methods for the International Space Station ISS

This article summarises and evaluates the results and experiences obtained from a verification, simulation and test suite for a fault-tolerant computer system designed and developed by DaimlerChrysler Aerospace for the International Space Station ISS. Verification and testing focused on various aspects of system correctness which together ensure a high degree of trustworthiness for the system. The verification and test approach is based on CSP specifications, the model-checking tool FDR and the test automation tool RT-Tester. Furthermore, Generalised Stochastic Petri Nets (GSPN) have been used with the tools DSPN-Express and TimeNet to perform a statistical throughput analysis by means of simulation. The objective of this article is to present, motivate and evaluate our approach that strongly relied on the combination of different methods, techniques and tools in order to increase the overall efficiency of the verification, simulation and test suite. The isolated techniques applied are illustrated by small examples; for details, references to other publications are given.

[1]  Leslie Lamport,et al.  The Byzantine generals , 1987 .

[2]  A. Lankenau,et al.  Safety in robotics: the Bremen Autonomous Wheelchair , 1998, AMC'98 - Coimbra. 1998 5th International Workshop on Advanced Motion Control. Proceedings (Cat. No.98TH8354).

[3]  Robin Milner,et al.  Communication and concurrency , 1989, PHI Series in computer science.

[4]  Bettina Buth,et al.  Deadlock Analysis for a Fault-Tolerant System , 1997, AMAST.

[5]  Jan Peleska,et al.  A survivable avionics system for space applications , 1998, Digest of Papers. Twenty-Eighth Annual International Symposium on Fault-Tolerant Computing (Cat. No.98CB36224).

[6]  Andrew William Roscoe,et al.  The Theory and Practice of Concurrency , 1997 .

[7]  Steve A. Schneider,et al.  An Operational Semantics for Timed CSP , 1995, Inf. Comput..

[8]  Ivar Jacobson,et al.  The Unified Modeling Language User Guide , 1998, J. Database Manag..

[9]  Ivar Jacobson,et al.  The unified modeling language reference manual , 2010 .

[10]  J. Michael Spivey,et al.  The Z notation - a reference manual , 1992, Prentice Hall International Series in Computer Science.

[11]  Bettina Buth,et al.  Combining Methods for the Livelock Analysis of a Fault-Tolerant System , 1999, AMAST.

[12]  Jan Peleska,et al.  Combining methods for the analysis of a fault-tolerant system , 1999, Proceedings 1999 Pacific Rim International Symposium on Dependable Computing.

[13]  Michael Z. Spivey,et al.  The Z notation , 1989 .

[14]  Leslie Lamport,et al.  The Byzantine Generals Problem , 1982, TOPL.

[15]  Henning Dierks,et al.  PLC-automata: a new class of implementable real-time automata , 1997, Theor. Comput. Sci..

[16]  Amir Pnueli,et al.  On the Formal Semantics of Statecharts (Extended Abstract) , 1987, LICS.

[17]  Jan Peleska,et al.  Test automation of safety-critical reactive systems , 1997 .

[18]  Helena Szczerbicka,et al.  Performability analysis of an avionics-interface , 1998, SMC'98 Conference Proceedings. 1998 IEEE International Conference on Systems, Man, and Cybernetics (Cat. No.98CH36218).

[19]  Jim Woodcock,et al.  FME'96: Industrial Benefit and Advances in Formal Methods , 1996, Lecture Notes in Computer Science.

[20]  Jan Peleska,et al.  Test Automation for Safety-Critical Systems: Industrial Application and Future Developments , 1996, FME.

[21]  Ralph Johnson,et al.  design patterns elements of reusable object oriented software , 2019 .

[22]  C. A. R. Hoare,et al.  Communicating sequential processes , 1978, CACM.

[23]  Neil R. Storey,et al.  Safety-critical computer systems , 1996 .