Formal Methods for Aerospace Systems

The size and complexity of control software in aerospace systems is rapidly increasing, and this development complicates its validation within the context of the overall spacecraft system. Classical validation methods are both labour intensive and error prone as they rely on manual analysis, review and inspection. Thus there is a growing trend to incorporate the use of automated formal methods. This chapter introduces the ESA-funded COMPASS project, which aims at an integrated system-software co-engineering approach focusing on a coherent set of specification and analysis techniques for evaluation of system-level correctness, safety, dependability and performability of on-board computer-based aerospace systems. Its modelling features and supporting toolset provide a unifying framework for system validation, employing state-of-the-art temporal-logic model checking techniques for infinite-state transition systems, both qualitative and probabilistic, with extensions to fault detection, identification and recovery (FDIR) and safety analysis. We provide an overview of the technology and of the results that have been achieved so far, and address several challenges for future developments. Current efforts of the project consortium concentrate on improving and advancing both process as well as technology of the COMPASS approach, with the goal of bringing the methods to higher levels of technology readiness.

[1]  Bernd Becker,et al.  Sigref- A Symbolic Bisimulation Tool Box , 2006, ATVA.

[2]  Eric Robinson The COMPASS Project , 2004 .

[3]  Marco Bozzano,et al.  MathSAT: Tight Integration of SAT and Mathematical Decision Procedures , 2005, Journal of Automated Reasoning.

[4]  Stefano Tonetta,et al.  Catalogue of System and Software Properties , 2016, SAFECOMP.

[5]  Julien Delange,et al.  TASTE: A Real-Time Software Engineering Tool-Chain Overview, Status, and Future , 2011, SDL Forum.

[6]  Marco Bozzano,et al.  Symbolic Synthesis of Observability Requirements for Diagnosability , 2012, AAAI.

[7]  Marco Bozzano,et al.  The xSAP Safety Analysis Platform , 2016, TACAS.

[8]  Marco Bozzano,et al.  Formal Design of Asynchronous Fault Detection and Identification Components using Temporal Epistemic Logic , 2015, Log. Methods Comput. Sci..

[9]  Joost-Pieter Katoen,et al.  Modelling, Reduction and Analysis of Markov Automata (extended version) , 2013, QEST.

[10]  Marco Bozzano,et al.  An Integrated Process for FDIR Design in Aerospace , 2014, IMBSA.

[11]  Joost-Pieter Katoen,et al.  The Ins and Outs of the Probabilistic Model Checker MRMC , 2009, 2009 Sixth International Conference on the Quantitative Evaluation of Systems.

[12]  Alessandro Cimatti,et al.  Contracts-refinement proof system for component-based embedded systems , 2015, Sci. Comput. Program..

[13]  Marco Bozzano,et al.  Formal Design of Fault Detection and Identification Components Using Temporal Epistemic Logic , 2014, TACAS.

[14]  Kishor S. Trivedi,et al.  An empirical investigation of fault repairs and mitigations in space mission system software , 2013, 2013 43rd Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN).

[15]  Joost-Pieter Katoen,et al.  Safety, Dependability and Performance Analysis of Extended AADL Models , 2011, Comput. J..

[16]  Sherif Abdelwahed,et al.  Practical Implementation of Diagnosis Systems Using Timed Failure Propagation Graph Models , 2009, IEEE Transactions on Instrumentation and Measurement.

[17]  Viktor Schuppan,et al.  Linear Encodings of Bounded LTL Model Checking , 2006, Log. Methods Comput. Sci..

[18]  Sebastian Junges,et al.  Fault trees on a diet: automated reduction by graph rewriting , 2015, Formal Aspects of Computing.

[19]  Joost-Pieter Katoen,et al.  Formal correctness, safety, dependability, and performance analysis of a satellite , 2012, 2012 34th International Conference on Software Engineering (ICSE).

[20]  Marco Bozzano,et al.  Symbolic Fault Tree Analysis for Reactive Systems , 2007, ATVA.

[21]  Holger Hermanns,et al.  Interactive Markov Chains , 2002, Lecture Notes in Computer Science.

[22]  Alessandro Cimatti,et al.  Tightening a Contract Refinement , 2016, SEFM.

[23]  Joost-Pieter Katoen,et al.  On the Satisfiability of Some Simple Probabilistic Logics , 2016, 2016 31st Annual ACM/IEEE Symposium on Logic in Computer Science (LICS).

[24]  Marco Bozzano,et al.  Formal Safety Assessment via Contract-Based Design , 2014, ATVA.

[25]  C. R. Ramakrishnan,et al.  Model Repair for Probabilistic Systems , 2011, TACAS.

[26]  Joost-Pieter Katoen,et al.  A Statistical Approach for Timed Reachability in AADL Models , 2015, 2015 45th Annual IEEE/IFIP International Conference on Dependable Systems and Networks.

[27]  Sebastian Junges,et al.  Advancing Dynamic Fault Tree Analysis - Get Succinct State Spaces Fast and Synthesise Failure Rates , 2016, SAFECOMP.

[28]  Marco Gario A Formal Foundation of FDI Design via Temporal Epistemic Logic , 2016 .

[29]  Kousha Etessami,et al.  Multi-Objective Model Checking of Markov Decision Processes , 2007, Log. Methods Comput. Sci..

[30]  Timo Latvala,et al.  Incremental and Complete Bounded Model Checking for Full PLTL , 2005, CAV.

[31]  Armin Biere,et al.  Symbolic Model Checking without BDDs , 1999, TACAS.

[32]  Christel Baier,et al.  Model-Checking Algorithms for Continuous-Time Markov Chains , 2002, IEEE Trans. Software Eng..

[33]  Lijun Zhang,et al.  Probably safe or live , 2014, CSL-LICS.

[34]  Joost-Pieter Katoen,et al.  Spacecraft early design validation using formal methods , 2014, Reliab. Eng. Syst. Saf..

[35]  Lars Grunske,et al.  Aligning Qualitative, Real-Time, and Probabilistic Property Specification Patterns Using a Structured English Grammar , 2015, IEEE Transactions on Software Engineering.

[36]  Joost-Pieter Katoen,et al.  Formal validation methods in model-based spacecraft systems engineering , 2014 .

[37]  Marco Bozzano,et al.  Automated Synthesis of Timed Failure Propagation Graphs , 2016, IJCAI.

[38]  Joost-Pieter Katoen,et al.  A Markov reward model checker , 2005, Second International Conference on the Quantitative Evaluation of Systems (QEST'05).

[39]  Gerard J. Holzmann,et al.  The power of 10: rules for developing safety-critical code , 2006, Computer.

[40]  Marco Bozzano,et al.  The NuSMV Model Checker , 2010 .

[41]  Christel Baier,et al.  Model checking meets performance evaluation , 2005, PERV.

[42]  Mariëlle Stoelinga,et al.  A Rigorous, Compositional, and Extensible Framework for Dynamic Fault Tree Analysis , 2010, IEEE Transactions on Dependable and Secure Computing.

[43]  Joost-Pieter Katoen,et al.  Quantitative Timed Analysis of Interactive Markov Chains , 2012, NASA Formal Methods.

[44]  Marco Bozzano,et al.  SMT-Based Validation of Timed Failure Propagation Graphs , 2015, AAAI.

[45]  Sebastian Junges,et al.  PROPhESY: A PRObabilistic ParamEter SYnthesis Tool , 2015, CAV.

[46]  Jan Kretínský,et al.  The Satisfiability Problem for Probabilistic CTL , 2008, 2008 23rd Annual IEEE Symposium on Logic in Computer Science.

[47]  S. Abdelwahed,et al.  Practical applications of timed failure propagation graphs for vehicle diagnosis , 2007, 2007 IEEE Autotestcon.

[48]  Hongyang Qu,et al.  Compositional probabilistic verification through multi-objective model checking , 2013, Inf. Comput..

[49]  Nils Jansen,et al.  Accelerating Parametric Probabilistic Verification , 2014, QEST.

[50]  Christel Baier,et al.  Principles of model checking , 2008 .

[51]  George S. Avrunin,et al.  Patterns in property specifications for finite-state verification , 1999, Proceedings of the 1999 International Conference on Software Engineering (IEEE Cat. No.99CB37002).

[52]  Salvatore J. Bavuso,et al.  Dynamic fault-tree models for fault-tolerant computer systems , 1992 .

[53]  Benjamin Bittner,et al.  Formal failure analyses for effective fault management: an aerospace perspective , 2016 .

[54]  Marco Roveri,et al.  Formal analysis of hardware requirements , 2006, 2006 43rd ACM/IEEE Design Automation Conference.

[55]  Marco Bozzano,et al.  Efficient Anytime Techniques for Model-Based Safety Analysis , 2015, CAV.

[56]  Marta Z. Kwiatkowska,et al.  Pareto Curves for Probabilistic Model Checking , 2012, ATVA.

[57]  William H. Sanders,et al.  Optimal state-space lumping in Markov chains , 2003, Inf. Process. Lett..

[58]  Peter H. Feiler,et al.  The SAE AADL Standard: an Architecture Analysis & Design Language for Embedded Real-time Systems, Part 2 , 2004 .

[59]  Thomas Noll Safety, Dependability and Performance Analysis of Aerospace Systems , 2014, FTSCS.

[60]  Marco Roveri,et al.  The nuXmv Symbolic Model Checker , 2014, CAV.

[61]  Manfred Broy,et al.  Model-Based Testing of Reactive Systems, Advanced Lectures [The volume is the outcome of a research seminar that was held in Schloss Dagstuhl in January 2004] , 2005, Model-Based Testing of Reactive Systems.

[62]  Marco Pistore,et al.  NuSMV 2: An OpenSource Tool for Symbolic Model Checking , 2002, CAV.

[63]  Giuliana Franceschinis,et al.  Simple O(m logn) Time Markov Chain Lumping , 2010, TACAS.

[64]  Alessandro Cimatti,et al.  Formal verification of diagnosability via symbolic model checking , 2003, IJCAI 2003.

[65]  Nils Jansen,et al.  A Greedy Approach for the Efficient Repair of Stochastic Models , 2015, NFM.

[66]  Alessandro Cimatti,et al.  OCRA: A tool for checking the refinement of temporal contracts , 2013, 2013 28th IEEE/ACM International Conference on Automated Software Engineering (ASE).

[67]  Marco Bozzano,et al.  Automated Verification and Tightening of Failure Propagation Models , 2016, AAAI.