Verification Guided Refinement of Flight Safety Assessment and Management System for Takeoff

Systems that make safety-critical decisions must undergo a rigorous verification and validation process to ensure automation decisions do not jeopardize the nominal safe state of operation. Flight safety assessment and management is a high-level decision-making system to reduce loss of control risk. This paper demonstrates how tools from formal verification can be used to guide the design of a takeoff flight safety assessment and management system implemented as a deterministic Moore machine. Finite state abstractions of simplified takeoff dynamics under different control authorities (i.e., pilot vs safety controller) are computed and composed with the Moore machine. By construction, the composition captures all behaviors of simplified takeoff dynamics. Then, a model checking tool analyzes whether this composition satisfies the takeoff safety requirements specified by federal aviation regulations. The results of model checking together with the abstraction are used to refine the Moore machine to ensure sa...

[1]  Ufuk Topcu,et al.  Synthesis of Reactive Switching Protocols From Temporal Logic Specifications , 2013, IEEE Transactions on Automatic Control.

[2]  Calin Belta,et al.  Reachability analysis of multi-affine systems , 2006, HSCC.

[3]  Christel Baier,et al.  Principles of model checking , 2008 .

[4]  David R. Downing,et al.  Development of a takeoff performance monitoring system , 1987 .

[5]  Antoine Girard,et al.  Reachability of Uncertain Linear Systems Using Zonotopes , 2005, HSCC.

[6]  Gerard J. Holzmann,et al.  The Model Checker SPIN , 1997, IEEE Trans. Software Eng..

[7]  Ella M. Atkins,et al.  Flight Safety Assessment and Management for Takeoff Using Deterministic Moore Machines , 2015, J. Aerosp. Inf. Syst..

[8]  Olivier Bournez,et al.  Approximate Reachability Analysis of Piecewise-Linear Dynamical Systems , 2000, HSCC.

[9]  Edward Y. Chang,et al.  STeP: Deductive-Algorithmic Verification of Reactive and Real-Time Systems , 1996, CAV.

[10]  John Lygeros,et al.  On reachability and minimum cost optimal control , 2004, Autom..

[11]  C. Edward Lan,et al.  Airplane Aerodynamics and Performance , 2016 .

[12]  Jan H. van Schuppen,et al.  Reachability and control synthesis for piecewise-affine hybrid systems on simplices , 2006, IEEE Transactions on Automatic Control.

[13]  Max Mulder,et al.  Design and Evaluation of a Safety Augmentation System for Aircraft , 2014 .

[14]  Joël Ouaknine,et al.  Abstraction and Counterexample-Guided Refinement in Model Checking of Hybrid Systems , 2003, Int. J. Found. Comput. Sci..

[15]  Edward F. Moore,et al.  Gedanken-Experiments on Sequential Machines , 1956 .

[16]  Antoine Girard,et al.  Reachability Analysis of Nonlinear Systems Using Conservative Approximation , 2003, HSCC.

[17]  Rajeev Alur,et al.  A Theory of Timed Automata , 1994, Theor. Comput. Sci..

[18]  Antoine Girard,et al.  Synthesis for Constrained Nonlinear Systems Using Hybridization and Robust Controllers on Simplices , 2012, IEEE Transactions on Automatic Control.

[19]  Ali Jadbabaie,et al.  Safety Verification of Hybrid Systems Using Barrier Certificates , 2004, HSCC.

[20]  Ellen J. Bass,et al.  A Systematic Approach to Model Checking Human–Automation Interaction Using Task Analytic Models , 2011, IEEE Transactions on Systems, Man, and Cybernetics - Part A: Systems and Humans.

[21]  Helmut Veith,et al.  Counterexample-guided abstraction refinement for symbolic model checking , 2003, JACM.

[22]  John A. Sokolowski,et al.  Principles of Modeling and Simulation: A Multidisciplinary Approach , 2009 .

[23]  Asaf Degani,et al.  Formal Verification of Human-Automation Interaction , 2002, Hum. Factors.

[24]  S. Shankar Sastry,et al.  Conflict resolution for air traffic management: a study in multiagent hybrid systems , 1998, IEEE Trans. Autom. Control..

[25]  A.C. Tribble,et al.  Software intensive systems safety analysis , 2004, IEEE Aerospace and Electronic Systems Magazine.

[26]  Ronald A. Hess,et al.  Unified Theory for Aircraft Handl!ng Qualities and Adverse Aircraft-Pilot Coupling , 2022 .

[27]  George J. Pappas,et al.  Discrete abstractions of hybrid systems , 2000, Proceedings of the IEEE.