"Fly Me to the Moon": Verification of Aerospace Systems

The safety-critical nature of aerospace systems mandates the development of advanced formal verification techniques that provide desired correctness guarantees. In this paper, we present two inherently different approaches towards achieving this goal. The first approach aims at scaling exhaustive verification techniques by applying divide-and-conquer principles. It involves automated compositional verification algorithms for model checking both finite and infinite-state software components. The second approach does not perform exhaustive verification but it is more versatile. It uses a model checker to automatically generate tests for aerospace algorithms and only requires knowledge of the types of inputs that the algorithms process. We will discuss our experience with formal verification of aerospace systems and analyze the applicability of the two approaches in several settings.

[1]  Thomas Ball,et al.  The Static Driver Verifier Research Platform , 2010, CAV.

[2]  Sriram K. Rajamani,et al.  Compositional may-must program analysis: unleashing the power of alternation , 2010, POPL '10.

[3]  Patrice Godefroid,et al.  Compositional dynamic test generation , 2007, POPL '07.

[4]  Dana Angluin,et al.  Learning Regular Sets from Queries and Counterexamples , 1987, Inf. Comput..

[5]  Klaus Havelund,et al.  Model checking programs , 2000, Proceedings ASE 2000. Fifteenth IEEE International Conference on Automated Software Engineering.

[6]  Dimitra Giannakopoulou,et al.  Verification and validation of air traffic systems: Tactical separation assurance , 2009, 2009 IEEE Aerospace conference.

[7]  Corina S. Pasareanu,et al.  Assume-Guarantee Verification for Interface Automata , 2008, FM.

[8]  Amir Pnueli,et al.  In Transition From Global to Modular Temporal Reasoning about Programs , 1989, Logics and Models of Concurrent Systems.

[9]  Corina S. Pasareanu,et al.  Refining Interface Alphabets for Compositional Verification , 2007, TACAS.

[10]  Michael R. Lowry,et al.  Combining unit-level symbolic execution and system-level concrete execution for testing nasa software , 2008, ISSTA '08.

[11]  Robert E. Strom,et al.  Typestate: A programming language concept for enhancing software reliability , 1986, IEEE Transactions on Software Engineering.

[12]  Corina S. Pasareanu,et al.  Learning Assumptions for Compositional Verification , 2003, TACAS.

[13]  Jonathan Aldrich,et al.  Typestate-oriented programming , 2009, OOPSLA Companion.

[14]  Cliff B. Jones,et al.  Specification and Design of (Parallel) Programs , 1983, IFIP Congress.

[15]  Rishabh Singh,et al.  Learning Component Interfaces with May and Must Abstractions , 2010, CAV.

[16]  Hoyt Lougee,et al.  SOFTWARE CONSIDERATIONS IN AIRBORNE SYSTEMS AND EQUIPMENT CERTIFICATION , 2001 .

[17]  Corina S. Pasareanu,et al.  Interface Generation and Compositional Verification in JavaPathfinder , 2009, FASE.

[18]  Colin Blundell,et al.  Assume-guarantee testing for software components , 2008, IET Softw..

[19]  E. Denney,et al.  Verification of autonomous systems for space applications , 2006, 2006 IEEE Aerospace Conference.

[20]  Thomas A. Henzinger,et al.  Algorithms for Interface Synthesis , 2007, CAV.

[21]  James C. King,et al.  Symbolic execution and program testing , 1976, CACM.

[22]  Pavol Cerný,et al.  Synthesis of interface specifications for Java classes , 2005, POPL '05.

[23]  Johann Schumann,et al.  Formal testing for separation assurance , 2011, Annals of Mathematics and Artificial Intelligence.

[24]  Stephan Merz,et al.  Model Checking , 2000 .

[25]  Corina S. Pasareanu,et al.  Special issue on learning techniques for compositional reasoning , 2008, Formal Methods Syst. Des..

[26]  Heinz Erzberger,et al.  Algorithm and operational concept for resolving short-range conflicts , 2010 .

[27]  Thomas A. Henzinger,et al.  Permissive interfaces , 2005, ESEC/FSE-13.

[28]  Corina S. Pasareanu,et al.  Assume-guarantee verification of source code with design-level assumptions , 2004, Proceedings. 26th International Conference on Software Engineering.

[29]  Sarfraz Khurshid,et al.  Test generation through programming in UDITA , 2010, 2010 ACM/IEEE 32nd International Conference on Software Engineering.

[30]  Howard Barringer,et al.  Assumption generation for software component verification , 2002, Proceedings 17th IEEE International Conference on Automated Software Engineering,.