Skip to main content
SpringerLink
Log in
Book cover

Formal Methods Teaching Workshop

FMTea 2019: Formal Methods Teaching pp 111–131Cite as

On Teaching Applied Formal Methods in Aerospace Engineering

  • Conference paper
  • First Online:

Part of the book series: Lecture Notes in Computer Science ((LNTCS,volume 11758))

Abstract

As formal methods come into broad industrial use for verification of safety-critical hardware, software, and cyber-physical systems, there is an increasing need to teach practical skills in applying formal methods at both the undergraduate and graduate levels. In the aerospace industry, flight certification requirements like the FAA’s DO-178B, DO-178C, DO-333, and DO-254, along with a series of high-profile accidents, have helped turn knowledge of formal methods into a desirable job skill for a wide range of engineering positions. We approach the question of verification from a safety-case perspective: the primary teaching goal is to impart students with the ability to look at a verification question and identify what formal methods are applicable, which tools are available, what the outputs from those tools will say about the system, and what they will not, e.g., what parts of the safety case need to be provided by other means. We overview the lectures, exercises, exams, and student projects in a mixed-level (undergraduate/graduate) Applied Formal Methods course (Additional materials are available on the course website: http://temporallogic.org/courses/AppliedFormalMethods/) taught in an Aerospace Engineering department. We highlight the approach, tools, and techniques aimed at imparting a good sense of both the state of the art and the state of the practice of formal methods in an effort to effectively prepare students headed for jobs in an increasingly formal world.

Thanks to NSF CAREER Award CNS-1552934 for supporting this work.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Notes

  1. 1.

    Note that the railway industry has comparable standards CENELEC EN 50126 [8], EN 50128 [9], and EN 50129 [11]; these govern applications of formal methods in industrial rail systems, such as the success in verifying Paris’ fully automatic, driverless Métro Line 14 (aka Météor-Metro est-ouest rapide) [3]. The course highlights railway, motor vehicle, medical, and other applications of industrial formal verification.

  2. 2.

    In the U.S., there is usually a one-week break in the second half of the semester, after the mid-term project report presentations (Thanksgiving Break or Spring Break).

  3. 3.

    For further reference on how exactly to define reproducibility, correctness, and buildability, please refer to: Rozier, Kristin Yvonne, and Rozier, Eric. “Reproducibility, Correctness, and Buildability: the Three Principles for Ethical Public Dissemination of Computer Science and Engineering Research,” In IEEE International Symposium on Ethics in Engineering, Science, and Technology, Ethics’2014, May 23–24, 2014 [26].

  4. 4.

    https://www.pm.inf.ethz.ch/research/verifythis.html.

References

  1. Ameur, Y.A., Boniol, F., Wiels, V.: Toward a wider use of formal methods for aerospace systems design and verification. Int. J. Softw. Tools Technol. Transf. 12(1), 1–7 (2010)

    Article  Google Scholar 

  2. Basir, N., Denney, E., Fischer, B.: Constructing a safety case for automatically generated code from formal program verification information. In: Harrison, M.D., Sujan, M.-A. (eds.) SAFECOMP 2008. LNCS, vol. 5219, pp. 249–262. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-87698-4_22

    Chapter  Google Scholar 

  3. Behm, P., Benoit, P., Faivre, A., Meynadier, J.-M.: Météor: a successful application of B in a large project. In: Wing, J.M., Woodcock, J., Davies, J. (eds.) FM 1999. LNCS, vol. 1708, pp. 369–387. Springer, Heidelberg (1999). https://doi.org/10.1007/3-540-48119-2_22

    Chapter  Google Scholar 

  4. Bérard, B., et al.: Systems and Software Verification: Model-checking Techniques and Tools. Springer, Heidelberg (2013). https://www.amazon.com/Systems-Software-Verification-Model-Checking-Techniques/dp/3642074782/ref=sr_1_1?ie=UTF8&qid=1483572091&sr=8-1&keywords=systems+and+software+verification

  5. Bittner, B., et al.: An integrated process for FDIR design in aerospace. In: Ortmeier, F., Rauzy, A. (eds.) IMBSA 2014. LNCS, vol. 8822, pp. 82–95. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-12214-4_7

    Chapter  Google Scholar 

  6. Butler, R., et al.: NASA/NIA PVS Class 2012. NIA, Hampton, Virginia, USA, October 9–12 (2012). https://shemesh.larc.nasa.gov/PVSClass2012/online.html

  7. Butler, R., Maddalon, J., Geser, A., Muñoz, C.: Simulation and verification I: formal analysis of air traffic management systems: the case of conflict resolution and recovery. In: Proceedings of the 35th Conference on Winter Simulation: Driving Innovation, pp. 906–914. Winter Simulation Conference (2003)

    Google Scholar 

  8. CENELEC, EN50126: Railway applications-the specification and demonstration of reliability. Availability, Maintainability and Safety (RAMS) (2001). https://www.cenelec.eu/standardsdevelopment/ourproducts/europeanstandards.html

  9. CENELEC, EN50128: Railway applications-communication, signaling and processing systems-software for railway control and protection systems (2011). https://www.cenelec.eu/standardsdevelopment/ourproducts/europeanstandards.html

  10. Denney, E., Pai, G., Pohl, J.: Heterogeneous aviation safety cases: integrating the formal and the non-formal. In: 2012 IEEE 17th International Conference on Engineering of Complex Computer Systems, pp. 199–208. IEEE (2012)

    Google Scholar 

  11. EN50129, CENELEC: Railway applications-communication, signalling and processing systems-safety related electronic systems for signalling. British Standards Institution, United Kingdom. ISBN, pp. 0580–4181 (2003)

    Google Scholar 

  12. von Essen, C., Giannakopoulou, D.: Analyzing the next generation airborne collision avoidance system. In: Ábrahám, E., Havelund, K. (eds.) TACAS 2014. LNCS, vol. 8413, pp. 620–635. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-642-54862-8_54

    Chapter  Google Scholar 

  13. Fisher, M.: An introduction to practical formal methods using temporal logic, vol. 82. Wiley Online Library (2011). https://www.amazon.com/Introduction-Practical-Formal-Methods-Temporal-ebook/dp/B005E8AID2/ref=sr_1_1?ie=UTF8&qid=1483648485&sr=8-1&keywords=practical+formal+methods+using+temporal+logic

  14. Gario, M., Cimatti, A., Mattarei, C., Tonetta, S., Rozier, K.Y.: Model checking at scale: automated air traffic control design space exploration. In: Chaudhuri, S., Farzan, A. (eds.) CAV 2016. LNCS, vol. 9780, pp. 3–22. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-41540-6_1

    Chapter  Google Scholar 

  15. Geist, J., Rozier, K.Y., Schumann, J.: Runtime observer pairs and bayesian network reasoners on-board FPGAs: flight-certifiable system health management for embedded systems. In: Bonakdarpour, B., Smolka, S.A. (eds.) RV 2014. LNCS, vol. 8734, pp. 215–230. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-11164-3_18

    Chapter  Google Scholar 

  16. Guarro, S., et al.: Formal framework and models for validation and verification of software-intensive aerospace systems. In: AIAA Information Systems-AIAA Infotech@ Aerospace, p. 0418 (2017)

    Google Scholar 

  17. Kochenderfer, M.J., Chryssanthacopoulos, J.: Robust airborne collision avoidance through dynamic programming. Massachusetts Institute of Technology, Lincoln Laboratory, Project Report ATC-371 (2011)

    Google Scholar 

  18. Mattarei, C., Cimatti, A., Gario, M., Tonetta, S., Rozier, K.Y.: Comparing different functional allocations in automated air traffic control design. In: Proceedings of Formal Methods in Computer-Aided Design (FMCAD 2015), Austin, Texas, USA. IEEE/ACM, September 2015

    Google Scholar 

  19. Radio Technical Commission for Aeronautics: DO-333 – formal methods supplement to DO-178C and DO-278A (2011). https://www.rtca.org/content/standards-guidance-materials

  20. Radio Technical Commission for Aeronautics: DO-178C/ED-12C – software considerations in airborne systems and equipment certification (2012). https://www.rtca.org/content/standards-guidance-materials

  21. Radio Technical Commission for Aeronautics (RTCA): DO-178B: Software considerations in airborne systems and equipment certification, December 1992

    Google Scholar 

  22. Radio Technical Commission for Aeronautics (RTCA): DO-254: Design assurance guidance for airborne electronic hardware, April 2000

    Google Scholar 

  23. Reinbacher, T., Rozier, K.Y., Schumann, J.: Temporal-logic based runtime observer pairs for system health management of real-time systems. In: Ábrahám, E., Havelund, K. (eds.) TACAS 2014. LNCS, vol. 8413, pp. 357–372. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-642-54862-8_24

    Chapter  Google Scholar 

  24. Rozier, K.Y., Schumann, J., Ippolito, C.: Intelligent hardware-enabled sensor and software safety and health management for autonomous UAS. Technical Memorandum NASA/TM-2015-218817, NASA, NASA Ames Research Center, Moffett Field, CA 94035, USA, May 2015

    Google Scholar 

  25. Rozier, K.: Linear temporal logic symbolic model checking. Comput. Sci. Rev. J. 5(2), 163–203 (2011). https://doi.org/10.1016/j.cosrev.2010.06.002

    Article  MATH  Google Scholar 

  26. Rozier, K., Rozier, E.: Reproducibility, correctness, and buildability: the three principles for ethical public dissemination of computer science and engineering research. In: IEEE International Symposium on Ethics in Engineering, Science, and Technology, Ethics 2014, pp. 1–13. IEEE, May 2014

    Google Scholar 

  27. Rozier, K.Y., Vardi, M.Y.: LTL satisfiability checking. In: Bošnački, D., Edelkamp, S. (eds.) SPIN 2007. LNCS, vol. 4595, pp. 149–167. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-73370-6_11

    Chapter  Google Scholar 

  28. Rozier, K.Y., Vardi, M.Y.: A multi-encoding approach for LTL symbolic satisfiability checking. In: Butler, M., Schulte, W. (eds.) FM 2011. LNCS, vol. 6664, pp. 417–431. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-21437-0_31

    Chapter  Google Scholar 

  29. Rozier, K.Y., Vardi, M.Y.: Deterministic compilation of temporal safety properties in explicit state model checking. In: Biere, A., Nahir, A., Vos, T. (eds.) HVC 2012. LNCS, vol. 7857, pp. 243–259. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-39611-3_23

    Chapter  Google Scholar 

  30. NASA UTM Research Transition Team (RTT): NASA UTM NextGen concept of operations v1.0, May 2018. https://utm.arc.nasa.gov/docs/2018-UTM-ConOps-v1.0.pdf

  31. Rushby, J.: A safety-case approach for certifying adaptive systems. In: AIAA Infotech@ Aerospace Conference and AIAA Unmanned... Unlimited Conference, pp. 1–16 (2009)

    Google Scholar 

  32. Rushby, J.: Logic and epistemology in safety cases. In: Bitsch, F., Guiochet, J., Kaâniche, M. (eds.) SAFECOMP 2013. LNCS, vol. 8153, pp. 1–7. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-40793-2_1

    Chapter  Google Scholar 

  33. Schumann, J., Moosbrugger, P., Rozier, K.Y.: R2U2: monitoring and diagnosis of security threats for unmanned aerial systems. In: Bartocci, E., Majumdar, R. (eds.) RV 2015. LNCS, vol. 9333, pp. 233–249. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-23820-3_15

    Chapter  Google Scholar 

  34. U.S. Department of Transportation Federal Aviation Administration: Introduction to TCAS II version 7.1, February 2011. hQ-111358. https://www.faa.gov/documentlibrary/media/advisory_circular/tcas%20ii%20v7.1%20intro%20booklet.pdf

  35. Vardi, M.Y.: Branching vs. linear time: final showdown. In: Margaria, T., Yi, W. (eds.) TACAS 2001. LNCS, vol. 2031, pp. 1–22. Springer, Heidelberg (2001). https://doi.org/10.1007/3-540-45319-9_1

    Chapter  Google Scholar 

  36. Wei, P., Atkins, E., Schnell, T., Rozier, K.Y., Hunter, G.: NSF PFI:BIC: pre-departure dynamic geofencing, en-route traffic alerting, emergency landing and contingency management for intelligent low-altitude airspace UAS traffic management, July 2017. https://www.nsf.gov/awardsearch/showAward?AWD_ID=1718420

  37. Wiels, V., Delmas, R., Doose, D., Garoche, P.L., Cazin, J., Durrieu, G.: Formal verification of critical aerospace software. AerospaceLab (4), 1–8 (2012). https://hal.archives-ouvertes.fr/hal-01184099

  38. Zhao, Y., Rozier, K.Y.: Formal specification and verification of a coordination protocol for an automated air traffic control system. In: Proceedings of the 12th International Workshop on Automated Verification of Critical Systems (AVoCS 2012). Electronic Communications of the EASST, vol. 53. European Association of Software Science and Technology (2012)

    Google Scholar 

  39. Zhao, Y., Rozier, K.Y.: Formal specification and verification of a coordination protocol for an automated air traffic control system. Sci. Comput. Program. J. 96(3), 337–353 (2014)

    Article  Google Scholar 

  40. Zhao, Y., Rozier, K.Y.: Probabilistic model checking for comparative analysis of automated air traffic control systems. In: Proceedings of the 33rd IEEE/ACM International Conference On Computer-Aided Design (ICCAD 2014), San Jose, California, USA, pp. 690–695. IEEE/ACM, November 2014

    Google Scholar 

Download references

Acknowledgments

Information on our recent work can be found at: http://laboratory.temporallogic.org. Thanks to the Aerospace Engineering departments at Iowa State University and the University of Cincinnati for their forward thinking in recognizing the need to develop such a course. AERE/COMS 407/507 was developed over the Spring 2017, and Fall 2017 and 2018 semesters at ISU; parts of the class were first developed during the Spring 2015 and 2016 semesters at UC. Thanks to all of the students who actively participated in those courses, especially for coming up with such fantastic half-semester projects. Some course materials were inspired by or directly derived from The TeachLogic Project (https://www.cs.rice.edu/~tlogic/); special thanks goes to Ian Barland, John Greiner, and Moshe Vardi for their brilliant teaching tools. Thanks to the NASA Langley Formal Methods Group for providing an excellent PVS course both in-person [6] and online with a rich collection of regularly-updated teaching materials. (https://shemesh.larc.nasa.gov/PVSClass2012/). Thanks to the many guest speakers including: Nikolaj Bjørner, Jonathan Hoffman, Yogananda Jeppu, César Muñoz, Lucas Wagner.

Author information

Authors and Affiliations

  1. Iowa State University, Ames, IA, USA

    Kristin Yvonne Rozier

Authors
  1. Kristin Yvonne Rozier
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Kristin Yvonne Rozier .

Editor information

Editors and Affiliations

  1. University of Surrey, Guildford, UK

    Brijesh Dongol

  2. Åbo Akademi University, Turku, Finland

    Luigia Petre

  3. The University of Queensland, Brisbane, QLD, Australia

    Graeme Smith

Rights and permissions

Reprints and permissions

Copyright information

© 2019 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Rozier, K.Y. (2019). On Teaching Applied Formal Methods in Aerospace Engineering. In: Dongol, B., Petre, L., Smith, G. (eds) Formal Methods Teaching. FMTea 2019. Lecture Notes in Computer Science(), vol 11758. Springer, Cham. https://doi.org/10.1007/978-3-030-32441-4_8

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-32441-4_8

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-32440-7

  • Online ISBN: 978-3-030-32441-4

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation