Verifying Mode Consistency for On-Board Satellite Software

Space satellites are examples of complex embedded systems. Dynamic behaviour of such systems is typically described in terms of operational modes that correspond to the different stages of a mission and states of the components. Components are susceptible to various faults that complicate the mode transition scheme. Yet the success of a mission depends on the correct implementation of mode changes. In this paper we propose a formal approach that ensures consistency of mode changes while developing a system architecture by refinement. The approach relies on recursive application of modelling and refinement patterns that enforce correctness while implementing the mode transition scheme. The proposed approach is exemplified by the development of an Attitude and Orbit Control System undertaken within the ICT DEPLOY project.

[1]  Kaisa Sere,et al.  Superposition refinement of reactive systems , 2005, Formal Aspects of Computing.

[2]  James O. Coplien,et al.  Pattern languages of program design , 1995 .

[3]  R W Butler,et al.  An Introduction to Requirements Capture Using PVS: Specification of a Simple Autopilot , 1996 .

[4]  Bettina Buth Analysing Mode Confusion: An Approach Using FDR2 , 2004, SAFECOMP.

[5]  Sarfraz Khurshid,et al.  Proceedings of the Third international conference on Abstract State Machines, Alloy, B, VDM, and Z , 2012 .

[6]  Barry Rubel,et al.  Patterns for generating a layered architecture , 1995 .

[7]  Ajitha Rajan,et al.  Requirements Coverage as an Adequacy Measure for Conformance Testing , 2008, ICFEM.

[8]  Nancy G. Leveson,et al.  Completeness and Consistency in Hierarchical State-Based Requirements , 1996, IEEE Trans. Software Eng..

[9]  David Clark,et al.  Safety and Security Analysis of Object-Oriented Models , 2002, SAFECOMP.

[10]  Michael Leuschel,et al.  Project DEPLOY Grant Agreement 214158 "Industrial deployment of advanced system engineering methods for high productivity and dependability" , 2011 .

[11]  Jon Damon Reese,et al.  Analyzing Software Specifications for Mode Confusion Potential , 1998 .

[12]  Frank Waters,et al.  The B Book , 1971 .

[13]  Elena Troubitsyna,et al.  Supporting Reuse in Event B Development: Modularisation Approach , 2010, ASM.

[14]  Alexei Iliasov,et al.  On fault tolerance reuse during refinement , 2010, SERENE.

[15]  Elena Troubitsyna,et al.  An Event-B model of the Attitude and Orbit Control System , 2010 .

[16]  Fernando Luís Dotti,et al.  Modal Systems: Specification, Refinement and Realisation , 2009, ICFEM.

[17]  John Rushby,et al.  Using model checking to help discover mode confusions and other automation surprises , 2002, Reliab. Eng. Syst. Saf..

[18]  Elena Troubitsyna,et al.  Fault tolerance in a layered architecture: a general specification pattern in B , 2004, Proceedings of the Second International Conference on Software Engineering and Formal Methods, 2004. SEFM 2004..