Presentation is loading. Please wait.

Presentation is loading. Please wait.

Advanced Technology Center Slide 1 Formal Verification of Flight Critical Software Dr. Steven P. Miller Advanced Computing Systems Elise A. Anderson Commercial.

Published byWalter Carpenter Modified over 9 years ago

Similar presentations

Presentation on theme: "Advanced Technology Center Slide 1 Formal Verification of Flight Critical Software Dr. Steven P. Miller Advanced Computing Systems Elise A. Anderson Commercial."— Presentation transcript:

1 Advanced Technology Center Slide 1 Formal Verification of Flight Critical Software Dr. Steven P. Miller Advanced Computing Systems Elise A. Anderson Commercial Systems Flight Control Rockwell Collins 400 Collins Road NE, MS 108-206 Cedar Rapids, Iowa 52498 {spmiller,eaanders}@rockwellcollins.com

2 Advanced Technology Center Slide 2 Concept Overview FCS 50000 Flight Control System Mode Logic Specification Simulink Model Mode Logic Requirements The system shall be in Vertical Go Around only if it is also in Lateral Go Around Formal Properties AX AG(LGA -> VGA) NuSMV Model Checker Counter Example

3 Advanced Technology Center Slide 3 Outline of Presentation Introduction Model Checking Specification of the FCS 5000 Mode Logic Verification of the FCS 5000 Mode Logic Concluding Remarks

4 Advanced Technology Center Slide 4 Who Are We? Communications Automated Flight Control Displays / Surveillance Aviation Services In-Flight Entertainment Integrated Aviation Electronics Information Management Systems Navigation A World Leader In Aviation Electronics And Airborne/ Mobile Communications Systems For Commercial And Military Applications

5 Advanced Technology Center Slide 5 Automated Analysis Section AAMP5 Microcode Verification (PVS) AAMP-FV Microcode Verification (PVS) JEM Java Virtual Machine (PVS) FCP 2002 Microcode (ACL2) AAMP7 Separation Kernel (ACL2) FGS Mode Confusion Study (PVS) FGS Safety Analysis (RSML -e ) FGS Mode Confusion (RSML -e ) Displays Verification (NuSMV) FCS 5000 FGS Verification (NuSMV) SHADE (ACL2) GreenHills Integrity RTOS (ACL2) 1994 1996 1998 2000 2002 2004 2006 AAMP5 Partitioning (PVS) NASA NSA 1992 vFaat (ACL2, PVS) AFRL Tech Transfer NASA LaRC Funded NSA Funded AFRL Funded AvSSP

6 Advanced Technology Center Slide 6 Methods and Tools for Flight Critical Systems Project  Five Year Project Started in 2001  Part of NASA’s Aviation Safety Program (Contract NCC-01001)  Funded by the NASA Langley Research Center and Rockwell Collins  Practical Application of Formal Methods To Modern Avionics Systems

7 Advanced Technology Center Slide 7 Outline of Presentation Introduction Model Checking Specification of the FCS 5000 Mode Logic Verification of the FCS 5000 Mode Logic Concluding Remarks

8 Advanced Technology Center Slide 8 What Are Model Checkers?  Breakthrough Technology of the 1990’s  Widely Used in Hardware Verification (Intel, Motorola, IBM, …)  Several Different Types of Model Checkers – Explicit, Symbolic, Bounded, Infinite Bounded, …  Exhaustive Search of the Global State Space – Consider All Combinations of Inputs and States – Equivalent to Exhaustive Testing of the Model – Produces a Counter Example if a Property is Not True  Easy to Use – “Push Button” Formal Methods – Very Little Human Effort Unless You’re at the Tool’s Limits  Limitations – State Space Explosion (10 100 – 10 300 States)

9 Advanced Technology Center Slide 9 Advantage of Model Checking Testing Checks Only the Values We Select Even Small Systems Have Trillions (of Trillions) of Possible Tests!

10 Advanced Technology Center Slide 10 Advantage of Model Checking Model Checker Tries Every Possible Input and State!

11 Advanced Technology Center Slide 11 Translation Framework

12 Advanced Technology Center Slide 12 Example - ADGS-2100 Adaptive Display & Guidance System Requirement Drive the Maximum Number of Display Units Given the Available Graphics Processors Counterexample Found in 5 Seconds! Checking 373 Properties Found Over 60 Errors 883 Subsystems 9,772 Simulink Blocks 2.9 x 10 52 Reachable States

13 Advanced Technology Center Slide 13 Outline of Presentation Introduction Model Checking Specification of the FCS 5000 Mode Logic Verification of the FCS 5000 Mode Logic Concluding Remarks

14 Advanced Technology Center Slide 14 Flight Guidance System Overview

15 Advanced Technology Center Slide 15 Simple Mode Transition Diagram

16 Advanced Technology Center Slide 16 Synchronous Composition of Two Mode Transition Diagrams 1-z1-z 1-z1-z

17 Advanced Technology Center Slide 17 Outline of Presentation Introduction Model Checking Specification of the FCS 5000 Mode Logic Verification of the FCS 5000 Mode Logic Concluding Remarks

18 Advanced Technology Center Slide 18 Summary of Errors Found  Model-Checking Detected the Majority of Errors  Model-Checking Detected the Most Serious Errors  Found Early in the Lifecycle during Requirements Analysis Dectected By Likelihood of Being Found by Traditional Methods TrivialLikelyPossibleUnlikelyTotal Inspection 123 Modeling 516 Simulation Model Checking 21 13117 Total 26 15326

19 Advanced Technology Center Slide 19 Verification of Individual Mode Transition Diagrams AX AG( LGA  AX( Event9  ROLL )) AX AG( LGA  AX( (Event4 & !Event6 & !Event9)  HDG)) AX AG( Event8  LGA )  False

20 Advanced Technology Center Slide 20 Errors Found Verifying Individual Mode Machines  Model-Checking Found Half the Errors  Tended to Find the Less Serious Errors  Counter Example Pinpoints Source of the Error Dectected By Likelihood of Being Found by Traditional Methods TrivialLikelyPossibleUnlikelyTotal Inspection 123 Modeling 516 Simulation Model Checking 21 69 Total 26 8218

21 Advanced Technology Center Slide 21 Verification of Composite Machines Requirement Mode A1 => Mode B1 5.1 x 10 27 Reachable States Mode Controller B Mode Controller A Counterexample Found in Less than Two Minutes! Found 8 More Errors

22 Advanced Technology Center Slide 22 Errors Found by Model-Checking Composite Mode Transition Diagrams  Errors Found Tended to Be More Serious Errors  Checking Relationships Between Mode Transition Diagrams  Difficult to Find by Inspections & Simulation Dectected By Likelihood of Being Found by Traditional Methods TrivialLikelyPossibleUnlikelyTotal Inspection Modeling Simulation Model Checking718 Total718

23 Advanced Technology Center Slide 23 Outline of Presentation Introduction Model Checking Specification of the FCS 5000 Mode Logic Verification of the FCS 5000 Mode Logic Concluding Remarks

24 Advanced Technology Center Slide 24Conclusions  Model-Based Development is the Industrial Use Formal Specification  Convergence of Model-Based Development and Formal Verification – Engineers are Producing Specifications that Can be Analyzed – Formal Verification Tools are Getting More Powerful  Model Checking is Very Cost Effective – Simple and Easy to Use – Finds All Exceptions to a Property – Used to Find Errors Early in the Lifecycle  Applied to Models with Only Boolean and Enumerated Types

25 Advanced Technology Center Slide 25 Future Directions  Numerically Intensive Systems – Infinite Bounded Model Checkers – Decision Procedures for Integers and Real Numbers  Non-linear Arithmetic – Automatic Extraction of Conservative Abstractions  Applications – Spacing & Trajectory – Required Navigation Performance (RNP) – Collision Avoidance – Advanced Flight Control Theorem Provers Arbitrary Models Labor Intensive Infinite Bounded Model Checkers Infinite State Models using k-Induction Implicit State < 10 200 Reachable States Model Checkers

26 Advanced Technology Center Slide 26 For More Information  Alan C. Tribble, Steven P. Miller, and David L. Lempia, Software Safety Analysis of a Flight Guidance System, NASA Contractor Report CR-2004-213004, March 2004, available at http://techreports.larc.nasa.gov/ltrs/dublincore/2004/cr/NASA-2004- cr213004.html.  Alan C. Tribble and Steven P. Miller, Safety Analysis of Software Intensive Systems, IEEE Aerospace and Electronic Systems, Vol. 19, No. 10, pp. 21 - 26, October 2004.  Steven P. Miller, Mats P.E. Heimdahl, and Alan C. Tribble, Proving the Shalls, in Proceedings of FM 2003: the 12th International FME Symposium, Pisa, Italy, Sept. 8-14, 2003.  Alan C. Tribble, David D. Lempia, and Steven P. Miller, Software Safety Analysis of a Flight Guidance System, in Proceedings of the 21st Digital Avionics Systems Conference (DASC'02), Irvine, California, Oct. 27-31, 2002.

27 Advanced Technology Center Slide 27 Backup Slides

28 Advanced Technology Center Slide 28 Model Checking Process Does the system have property X? Model Engineer SMV Automatic Translation SMV Properties Properties Automated Check Yes! Counter Example SMV Spec. Automatic Translation

Download ppt "Advanced Technology Center Slide 1 Formal Verification of Flight Critical Software Dr. Steven P. Miller Advanced Computing Systems Elise A. Anderson Commercial."

Similar presentations

1 Verification by Model Checking. 2 Part 1 : Motivation.

1 Verification by Model Checking. 2 Part 1 : Motivation.
Copyright 2000 Cadence Design Systems. Permission is granted to reproduce without modification. Introduction An overview of formal methods for hardware.

Copyright 2000 Cadence Design Systems. Permission is granted to reproduce without modification. Introduction An overview of formal methods for hardware.
Copyright 2000 Cadence Design Systems. Permission is granted to reproduce without modification. Conclusion Summary Research trends Resources.

Copyright 2000 Cadence Design Systems. Permission is granted to reproduce without modification. Conclusion Summary Research trends Resources.
M ODEL CHECKING -Vasvi Kakkad University of Sydney.

M ODEL CHECKING -Vasvi Kakkad University of Sydney.
Introducing Formal Methods, Module 1, Version 1.1, Oct., 1998 1 Formal Specification and Analytical Verification L 5.

Introducing Formal Methods, Module 1, Version 1.1, Oct., Formal Specification and Analytical Verification L 5.
An Introduction to the Model Verifier verds Wenhui Zhang September 15 th, 2010.

An Introduction to the Model Verifier verds Wenhui Zhang September 15 th, 2010.
Abstraction and Modular Reasoning for the Verification of Software Corina Pasareanu NASA Ames Research Center.

Abstraction and Modular Reasoning for the Verification of Software Corina Pasareanu NASA Ames Research Center.
© Copyright 2013 Rockwell Collins All rights reserved. Company Official and Proprietary Rockwell Collins and Formal Methods September 20, 2013.

© Copyright 2013 Rockwell Collins All rights reserved. Company Official and Proprietary Rockwell Collins and Formal Methods September 20, 2013.
Model Checker In-The-Loop Flavio Lerda, Edmund M. Clarke Computer Science Department Jim Kapinski, Bruce H. Krogh Electrical & Computer Engineering MURI.

Model Checker In-The-Loop Flavio Lerda, Edmund M. Clarke Computer Science Department Jim Kapinski, Bruce H. Krogh Electrical & Computer Engineering MURI.
SAS_08_Model_Val_Tech_Heimdahl MAC-T IVV-08-152 Model-Validation in Model-Based Development Kurt Woodham L-3 Communications Ajitha Rajan, Mats Heimdahl.

SAS_08_Model_Val_Tech_Heimdahl MAC-T IVV Model-Validation in Model-Based Development Kurt Woodham L-3 Communications Ajitha Rajan, Mats Heimdahl.
Dagstuhl Intro Mike Whalen. 2 Mike Whalen My main goal is to reduce software verification and validation (V&V) cost and increasing.

Dagstuhl Intro Mike Whalen. 2 Mike Whalen My main goal is to reduce software verification and validation (V&V) cost and increasing.
Efficient Reachability Analysis for Verification of Asynchronous Systems Nishant Sinha.

Efficient Reachability Analysis for Verification of Asynchronous Systems Nishant Sinha.
Verification of Hybrid Systems An Assessment of Current Techniques Holly Bowen.

Verification of Hybrid Systems An Assessment of Current Techniques Holly Bowen.
1 Mechanical Verification of Timed Automata Myla Archer and Constance Heitmeyer Presented by Rasa Bonyadlou 24 October 2002.

1 Mechanical Verification of Timed Automata Myla Archer and Constance Heitmeyer Presented by Rasa Bonyadlou 24 October 2002.
6/14/991 Symbolic verification of systems with state machines David L. Dill Jeffrey Su Jens Skakkebaek Computer System Laboratory Stanford University.

6/14/991 Symbolic verification of systems with state machines David L. Dill Jeffrey Su Jens Skakkebaek Computer System Laboratory Stanford University.
© Copyright 2009 Rockwell Collins, Inc. All rights reserved. Formal Methods for Critical Systems Dr. Steven P. Miller Midwest Verification Day September.

© Copyright 2009 Rockwell Collins, Inc. All rights reserved. Formal Methods for Critical Systems Dr. Steven P. Miller Midwest Verification Day September.
Automated creation of verification models for C-programs Yury Yusupov Saint-Petersburg State Polytechnic University The Second Spring Young Researchers.

Automated creation of verification models for C-programs Yury Yusupov Saint-Petersburg State Polytechnic University The Second Spring Young Researchers.
Advanced Technology Center Slide 1 Formal Methods in Safety-Critical Systems Dr. Steven P. Miller Advanced Computing Systems Rockwell Collins 400 Collins.

Advanced Technology Center Slide 1 Formal Methods in Safety-Critical Systems Dr. Steven P. Miller Advanced Computing Systems Rockwell Collins 400 Collins.
Formal Model-Based Development in Aerospace Systems: Challenges to Adoption Mats P. E. Heimdahl University of Minnesota Software Engineering Center Critical.

Formal Model-Based Development in Aerospace Systems: Challenges to Adoption Mats P. E. Heimdahl University of Minnesota Software Engineering Center Critical.
CSEP590 – Model Checking and Software Verification University of Washington Department of Computer Science and Engineering Summer 2003.

CSEP590 – Model Checking and Software Verification University of Washington Department of Computer Science and Engineering Summer 2003.

Similar presentations

Ads by Google