Skip to main content
SpringerLink
Log in

Formal Methods for Aerospace Systems

Achievements and Challenges

  • Chapter
  • First Online:
Book cover Cyber-Physical System Design from an Architecture Analysis Viewpoint

Abstract

The size and complexity of control software in aerospace systems is rapidly increasing, and this development complicates its validation within the context of the overall spacecraft system. Classical validation methods are both labour intensive and error prone as they rely on manual analysis, review and inspection. Thus there is a growing trend to incorporate the use of automated formal methods. This chapter introduces the ESA-funded COMPASS project, which aims at an integrated system-software co-engineering approach focusing on a coherent set of specification and analysis techniques for evaluation of system-level correctness, safety, dependability and performability of on-board computer-based aerospace systems. Its modelling features and supporting toolset provide a unifying framework for system validation, employing state-of-the-art temporal-logic model checking techniques for infinite-state transition systems, both qualitative and probabilistic, with extensions to fault detection, identification and recovery (FDIR) and safety analysis. We provide an overview of the technology and of the results that have been achieved so far, and address several challenges for future developments. Current efforts of the project consortium concentrate on improving and advancing both process as well as technology of the COMPASS approach, with the goal of bringing the methods to higher levels of technology readiness.

This work was supported by the European Space Agency through the COMPASS 3 project (ESTEC contract no. 4000115870).

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 84.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD 109.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. S. Abdelwahed, G. Karsai, N. Mahadevan, S. Ofsthun, Practical implementation of diagnosis systems using timed failure propagation graph models. IEEE Trans. Instrum. Meas. 58(2), 240–247 (2009)

    Article  Google Scholar 

  2. E. Alaña, H. Naranjo, Y. Yushtein, M. Bozzano, A. Cimatti, M. Gario, R. de Ferluc, G. Garcia, Automated generation of FDIR for the COMPASS integrated toolset (AUTOGEF), in Proceedings of DASIA 2012, vol. ESA SP 701 (2012)

    Google Scholar 

  3. J. Alonso, M. Grottke, A.P. Nikora, K.S. Trivedi, An empirical investigation of fault repairs and mitigations in space mission system software, in Proceedings of DSN 2013 (IEEE, 2013), pp. 1–8

    Google Scholar 

  4. P. Anderson, Detecting bugs in safety-critical code. Dr. Dobb’s J. 33(3), 22–27 (2008), http://www.drdobbs.com/tools/detecting-bugs-in-safety-critical-code/206104422

  5. M. Autili, L. Grunske, M. Lumpe, P. Pelliccione, A. Tang, Aligning qualitative, real-time, and probabilistic property specification patterns using a structured English grammar. IEEE Trans. Software Eng. 41(7), 620–638 (2015)

    Article  Google Scholar 

  6. C. Baier, B. Haverkort, H. Hermanns, J.P. Katoen, Model-checking algorithms for continuous-time Markov chains. IEEE Trans. Software Eng. 29(6), 524–541 (2003)

    Article  MATH  Google Scholar 

  7. C. Baier, B.R. Haverkort, H. Hermanns, J.P. Katoen, Model checking meets performance evaluation. SIGMETRICS Perform. Eval. Rev. 32(4), 10–15 (2005)

    Article  MATH  Google Scholar 

  8. C. Baier, J.P. Katoen, Principles of Model Checking (MIT Press, New York, 2008)

    MATH  Google Scholar 

  9. E. Bartocci, R. Grosu, P. Katsaros, C.R. Ramakrishnan, S.A. Smolka, Model repair for probabilistic systems, in Proceedings of TACAS 2011. LNCS, vol. 6605 (Springer, 2011), pp. 326–340

    Google Scholar 

  10. A. Biere, A. Cimatti, E. Clarke, Y. Zhu, Symbolic model checking without BDDs, in Proceedings of TACAS 1999. LNCS, vol. 1579 (Springer, 1999), pp. 193–207

    Google Scholar 

  11. A. Biere, K. Heljanko, T.A. Junttila, T. Latvala, V. Schuppan, Linear encodings of bounded LTL model checking. Logical Methods Comput. Sci. 2(5) (2006)

    Google Scholar 

  12. B. Bittner, Formal failure analyses for effective fault management: an aerospace perspective, Ph.D. thesis, University of Trento, 2016

    Google Scholar 

  13. B. Bittner, M. Bozzano, R. Cavada, A. Cimatti, M. Gario, A. Griggio, C. Mattarei, A. Micheli, G. Zampedri, The xSAP safety analysis platform, in Proceedings of TACAS 2016. LNCS, vol. 9636 (Springer, 2016), pp. 533–539

    Google Scholar 

  14. B. Bittner, M. Bozzano, A. Cimatti, Automated synthesis of timed failure propagation graphs, in Proceedings of IJCAI 2016 (AAAI Press, 2016), pp. 972–978

    Google Scholar 

  15. B. Bittner, M. Bozzano, A. Cimatti, R. de Ferluc, M. Gario, A. Guiotto, Y. Yushtein, An integrated process for FDIR design in aerospace, in Proceedings of IMBSA 2014. LNCS, vol. 8822 (Springer, 2014), pp. 82–95

    Google Scholar 

  16. B. Bittner, M. Bozzano, A. Cimatti, X. Olive, Symbolic synthesis of observability requirements for diagnosability, in Proceedings of AAAI-12 (2012)

    Google Scholar 

  17. B. Bittner, M. Bozzano, A. Cimatti, G. Zampedri, Automated verification and tightening of failure propagation models, in Proceedings of AAAI 2016 (2016), pp. 3724–3730

    Google Scholar 

  18. V. Bos, H. Bruintjes, S. Tonetta, Catalogue of system and software properties, in Proceedings of SAFECOMP 2016. LNCS, vol. 9922 (Springer, 2016), pp. 88–101

    Google Scholar 

  19. H. Boudali, P. Crouzen, M. Stoelinga, A rigorous, compositional, and extensible framework for dynamic fault tree analysis. IEEE Trans. Dependable Secure Comput. 7(2), 128–143 (2010)

    Article  Google Scholar 

  20. M. Bozzano, R. Bruttomesso, A. Cimatti, T. Junttila, P. van Rossum, S. Schulz, R. Sebastiani, Mathsat: tight integration of SAT and mathematical decision procedures. J. Autom. Reason. 35, 265–293 (2005)

    Article  MathSciNet  MATH  Google Scholar 

  21. M. Bozzano, A. Cimatti, M. Gario, A. Micheli, SMT-based validation of timed failure propagation graphs, in Proceedings of AAAI 2015 (2015), pp. 3724–3730

    Google Scholar 

  22. M. Bozzano, A. Cimatti, M. Gario, S. Tonetta, Formal design of fault detection and identification components using temporal epistemic logic, in Proceedings of TACAS 2014. LNCS, vol. 8413 (Springer, 2014), pp. 46–61

    Google Scholar 

  23. M. Bozzano, A. Cimatti, M. Gario, S. Tonetta, Formal design of asynchronous fault detection and identification components using temporal epistemic logic. Logical Methods Comput. Sci. 11(4), 1–33 (2015)

    Article  MathSciNet  MATH  Google Scholar 

  24. M. Bozzano, A. Cimatti, J.P. Katoen, P. Katsaros, K. Mokos, V.Y. Nguyen, T. Noll, B. Postma, M. Roveri, Spacecraft early design validation using formal methods. Reliab. Eng. Syst. Safety 132, 20–35 (2014)

    Article  Google Scholar 

  25. M. Bozzano, A. Cimatti, J.P. Katoen, V.Y. Nguyen, T. Noll, M. Roveri, Safety, dependability, and performance analysis of extended AADL models. Comput. J. 54(5), 754–775 (2011)

    Article  Google Scholar 

  26. M. Bozzano, A. Cimatti, C. Mattarei, A. Griggio, Efficient anytime techniques for model-based safety analysis, in Proceedings of CAV 2015. LNCS, vol. 9206 (Springer, 2015), pp. 603–621

    Google Scholar 

  27. M. Bozzano, A. Cimatti, C. Mattarei, S. Tonetta, Formal safety assessment via contract-based design, in Proceedings of ATVA 2014 (2014), pp. 81–97

    Google Scholar 

  28. M. Bozzano, A. Cimatti, F. Tapparo, Symbolic fault tree analysis for reactive systems, in Proceedings of ATVA 2007. LNCS, vol. 4762 (Springer, 2007), pp. 162–176

    Google Scholar 

  29. T. Brázdil, V. Forejt, J. Kretínský, A. Kucera, The satisfiability problem for Probabilistic CTL, in Proceedings of LICS 2008 (IEEE, 2008), pp. 391–402

    Google Scholar 

  30. M. Broy, B. Jonsson, J.P. Katoen, M. Leucker, A. Pretschner, (eds.), Model-Based Testing of Reactive Systems: Advanced Lectures. LNCS, Vol. 3472 (Springer, 2005)

    Google Scholar 

  31. H. Bruintjes, J.P. Katoen, D. Lesens, A statistical approach for timed reachability in AADL models, in Proceedings of DSN 2015 (IEEE CS Press, 2015), pp. 81–88

    Google Scholar 

  32. R. Cavada, A. Cimatti, M. Dorigatti, A. Griggio, A. Mariotti, A. Micheli, S. Mover, M. Roveri, S. Tonetta, The nuXmv symbolic model checker. CAV 2014, 334–342 (2014)

    Google Scholar 

  33. S. Chakraborty, J.P. Katoen, On the satisfiability of some simple probabilistic logics, in Proceedings of LICS 2016 (ACM, 2016), pp. 56–66

    Google Scholar 

  34. A. Cimatti, E. Clarke, E. Giunchiglia, F. Giunchiglia, M. Pistore, M. Roveri, R. Sebastiani, A. Tacchella, NuSMV 2: an open-source tool for symbolic model checking, in Proceedings of CAV 2002. LNCS, vol. 2404 (Springer, 2002), pp. 359–364

    Google Scholar 

  35. A. Cimatti, R. Demasi, S. Tonetta, Tightening a contract refinement, in Proceedings of SEFM 2016 (2016), pp. 386–402

    Google Scholar 

  36. A. Cimatti, M. Dorigatti, S. Tonetta, OCRA: a tool for checking the refinement of temporal contracts, in Proceedings of ASE 2013 (2013), pp. 702–705

    Google Scholar 

  37. A. Cimatti, C. Pecheur, R. Cavada, Formal verification of diagnosability via symbolic model checking, in Proceedings of IJCAI 2003 (Morgan Kaufmann, 2003), pp. 363–369

    Google Scholar 

  38. A. Cimatti, S. Tonetta, Contracts-refinement proof system for component-based embedded systems. Sci. Comput. Program. 97, 333–348 (2015)

    Article  Google Scholar 

  39. The COMPASS project, http://www.compass-toolset.org/

  40. COMPASS user manual. Technical Report. Version 3.0, COMPASS Consortium (2016), http://www.compass-toolset.org/docs/compass-manual.pdf

  41. COMPASS tutorial. Technical Report Version 3.0, COMPASS Consortium (2016), http://www.compass-toolset.org/docs/compass-tutorial.pdf

  42. C. Dehnert, S. Junges, N. Jansen, F. Corzilius, M. Volk, H. Bruintjes, J.P. Katoen, E. Abraham, PROPhESY: a probabilistic parameter synthesis tool, in Proceedings of CAV 2015, LNCS, vol. 9206 (Springer, 2015), pp. 214–231

    Google Scholar 

  43. S. Derisavi, H. Hermanns, W.H. Sanders, Optimal state-space lumping in Markov chains. Inf. Process. Lett. 87(6), 309–315 (2003)

    Article  MathSciNet  MATH  Google Scholar 

  44. Software considerations in airborne systems and equipment certification. Software Standard DO-178C/ED-12C, RTCA Inc. and EUROCAE (2011)

    Google Scholar 

  45. J.B. Dugan, S.J. Bavuso, M.A. Boyd, Dynamic fault-tree models for fault-tolerant computer systems. IEEE Trans. Reliab. 41(3), 363–377 (1992)

    Article  MATH  Google Scholar 

  46. M. Dwyer, G. Avrunin, J. Corbett, Patterns in property specifications for finite-state verification, in Proceedings of ICSE 1999 (IEEE CS Press, 1999), pp. 411–420

    Google Scholar 

  47. Space engineering: Verification. ECSS Standard E-ST-10-02C, European Cooperation for Space Standardization (2009)

    Google Scholar 

  48. Space engineering: System engineering general requirements. ECSS Standard E-ST-10C, European Cooperation for Space Standardization (2009)

    Google Scholar 

  49. Space product assurance: Failure modes, effects (and criticality) analysis (FMEA/FMECA). ECSS Standard Q-ST-30-02C, European Cooperation for Space Standardization (2009)

    Google Scholar 

  50. Space product assurance: Availability analysis. ECSS Standard Q-ST-30-09C, European Cooperation for Space Standardization (2008)

    Google Scholar 

  51. Space product assurance: Dependability. ECSS Standard Q-ST-30C, European Cooperation for Space Standardization (2009)

    Google Scholar 

  52. Space product assurance: Fault tree analysis—adoption notice ECSS/IEC 61025. ECSS Standard Q-ST-40-12C, European Cooperation for Space Standardization (2008)

    Google Scholar 

  53. Space product assurance: Safety. ECSS Standard Q-ST-40C, European Cooperation for Space Standardization (2009)

    Google Scholar 

  54. M.A. Esteve, J.P. Katoen, V.Y. Nguyen, B. Postma, Y. Yushtein, Formal correctness, safety, dependability and performance analysis of a satellite, in Proceedings of ICSE 2012 (ACM and IEEE CS Press, 2012), pp. 1022–1031

    Google Scholar 

  55. K. Etessami, M.Z. Kwiatkowska, M.Y. Vardi, M. Yannakakis, Multi-objective model checking of Markov decision processes. Logical Methods Comput. Sci. 4(4) (2008)

    Google Scholar 

  56. V. Forejt, M. Kwiatkowska, D. Parker, Pareto curves for probabilistic model checking, in Proceedings of ATVA 2012. LNCS, vol. 7561 (Springer, 2012), pp. 317–332

    Google Scholar 

  57. M. Gario, A formal foundation of FDI design via temporal epistemic logic. Ph.D. thesis, Trento University, Italy (2016), https://marco.gario.org/phd/gario_phd.pdf

  58. D. Guck, T. Han, J.P. Katoen, M.R. Neuhäußer, Quantitative timed analysis of interactive Markov chains, in Proceedings of NFM 2012. LNCS, vol. 7226 (Springer, 2012), pp. 8–23

    Google Scholar 

  59. D. Guck, H. Hatefi, H. Hermanns, J.P. Katoen, M. Timmer, Modelling, reduction and analysis of Markov automata, in Proceedings of QEST 2013. LNCS, vol. 8054 (Springer, 2013), pp. 55–71

    Google Scholar 

  60. K. Heljanko, T.A. Junttila, T. Latvala, Incremental and complete bounded model checking for full PLTL, in Proceedings of CAV 2005. LNCS, vol. 3576 (2005), pp. 98–111

    Google Scholar 

  61. H. Hermanns, Interactive Markov Chains: The Quest for Quantified Quality. LNCS, vol. 2428 (Springer, 2002)

    Google Scholar 

  62. G.J. Holzmann, The power of 10: rules for developing safety-critical code. Computer 39(6), 95–99 (2006)

    Article  Google Scholar 

  63. N. Jansen, F. Corzilius, M. Volk, R. Wimmer, E. Abraham, J.P. Katoen, B. Becker, Accelerating parametric probabilistic verification, in Proceedings of QEST 2014. LNCS, vol. 8657 (Springer, 2014), pp. 404–420

    Google Scholar 

  64. S. Junges, D. Guck, J.P. Katoen, A. Rensink, M. Stoelinga, Fault trees on a diet, in Proceedings of SETTA 2015. LNCS, vol. 9409 (Springer, 2015), pp. 3–18

    Google Scholar 

  65. J.P. Katoen, V.Y. Nguyen, T. Noll, Formal validation methods in model-based spacecraft systems engineering, in Modeling and Simulation-Based Systems Engineering Handbook, Chap. 14 (CRC Press, 2014), pp. 339–375

    Google Scholar 

  66. J.P. Katoen, L. Song, L. Zhang, Probably safe or live, in Proceedings of CSL-LICS 2014 (ACM, 2014), pp. 55:1–55:10

    Google Scholar 

  67. J.P. Katoen, I.S. Zapreev, E.M. Hahn, H. Hermanns, D.N. Jansen, The ins and outs of the probabilistic model checker MRMC. Perform. Eval. 68(2), 90–104 (2011)

    Article  Google Scholar 

  68. M. Kwiatkowska, G. Norman, D. Parker, H. Qu, Compositional probabilistic verification through multi-objective model checking. Inf. Comput. 232, 38–65 (2013)

    Article  MathSciNet  MATH  Google Scholar 

  69. MathSAT, http://mathsat.fbk.eu

  70. A. Misra, J. Sztipanovits, A. Underbrink, R. Carnes, B. Purves, Diagnosability of dynamical systems, in 3rd International Workshop on Principles of Diagnosis (1992), pp. 239–244

    Google Scholar 

  71. MRMC – Markov Reward Model Checker, http://www.mrmc-tool.org/

  72. T. Noll, Safety, dependability and performance analysis of aerospace systems, in Proceedings of FTSCS 2014. CCIS, vol. 476 (Springer, 2015), pp. 17–31

    Google Scholar 

  73. Nonelectronic parts reliability data (NPRD-2016). Technical Report, Quanterion Solutions Inc. (2015), https://www.quanterion.com/product/publications/nonelectronic-parts-reliability-data-publication-nprd-2016/

  74. The NuSMV model checker, http://nusmv.fbk.eu

  75. The nuXmv model checker, https://nuxmv.fbk.eu/

  76. S.C. Ofsthun, S. Abdelwahed, Practical applications of timed failure propagation graphs for vehicle diagnosis, in Proceedings of Autotestcon 2007 (IEEE, 2007), pp. 250–259

    Google Scholar 

  77. S. Pathak, E. Abraham, N. Jansen, A. Tacchella, J.P. Katoen, A greedy approach for the efficient repair of stochastic models, in Proceedings of NFM 2015. LNCS, vol. 9058 (Springer, 2015), pp. 295–309

    Google Scholar 

  78. M. Perrotin, E. Conquet, J. Delange, A. Schiele, T. Tsiodras, TASTE: a real-time software engineering tool-chain overview, status, and future, in Proceedings of SDL 2011. LNCS, vol. 7083 (Springer, 2012), pp. 26–37

    Google Scholar 

  79. I. Pill, S. Semprini, R. Cavada, M. Roveri, R. Bloem, A. Cimatti, Formal analysis of hardware requirements, in Proceedings of DAC 2006 (2006), pp. 821–826

    Google Scholar 

  80. Reliability Prediction of Electronic Equipment. No. MIL-HDBK-217F in Military standardization handbook. Department of Defense, USA (1995), http://quicksearch.dla.mil/qsDocDetails.aspx?ident_number=53939

  81. Architecture Analysis & Design Language (AADL) Annex, Volume 1, Annex E: Error Model Annex. SAE Standard AS5506/1A (International Society of Automotive Engineers, 2015)

    Google Scholar 

  82. Architecture Analysis and Design Language (AADL) Annex, Volume 1, Annex A: Graphical AADL Notation. SAE Standard AS5506/1 (International Society of Automotive Engineers, 2006)

    Google Scholar 

  83. Architecture Analysis & Design Language (AADL). SAE Standard AS5506 (International Society of Automotive Engineers, 2004)

    Google Scholar 

  84. Architecture Analysis & Design Language (AADL) (rev. B). SAE Standard AS5506B (International Society of Automotive Engineers, 2012)

    Google Scholar 

  85. Solar Orbiter, http://sci.esa.int/solar-orbiter/

  86. A. Valmari, G. Franceschinis, Simple \(O(m \log n)\) time Markov chain lumping, in Proceedings of TACAS 2010. LNCS, vol. 6015 (Springer, 2010), pp. 38–52

    Google Scholar 

  87. M. Volk, S. Junges, J.P. Katoen, Advancing dynamic fault tree analysis – get succinct state spaces fast and synthesise failure rates, in Proceedings of SAFECOMP 2016. LNCS, vol. 9922 (Springer, 2016), pp. 253–265

    Google Scholar 

  88. R. Wimmer, M. Herbstritt, H. Hermanns, K. Strampp, B. Becker, Sigref – a symbolic bisimulation tool box, in Proceedings of ATVA 2006. LNCS, vol. 4218 (Springer, 2006), pp. 477–492

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Fondazione Bruno Kessler, Via Sommarive 18, 38123, Povo, Trento, Italy

    Marco Bozzano, Alessandro Cimatti & Stefano Tonetta

  2. Software Modeling and Verification Group, RWTH Aachen University, Ahornstraße 55, 52056, Aachen, Germany

    Harold Bruintjes, Joost-Pieter Katoen & Thomas Noll

Authors
  1. Marco Bozzano
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Harold Bruintjes
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Alessandro Cimatti
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Joost-Pieter Katoen
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Thomas Noll
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Stefano Tonetta
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Thomas Noll .

Editor information

Editors and Affiliations

  1. National Institute of Informatics, Tokyo, Japan

    Shin Nakajima

  2. Inria, Rennes, France

    Jean-Pierre Talpin

  3. DENSO Corporation, Kariya, Aichi, Japan

    Masumi Toyoshima

  4. Boeing Research & Technology, Huntsville, Alabama, USA

    Huafeng Yu

Rights and permissions

Reprints and permissions

Copyright information

© 2017 Springer Nature Singapore Pte Ltd.

About this chapter

Cite this chapter

Bozzano, M., Bruintjes, H., Cimatti, A., Katoen, JP., Noll, T., Tonetta, S. (2017). Formal Methods for Aerospace Systems. In: Nakajima, S., Talpin, JP., Toyoshima, M., Yu, H. (eds) Cyber-Physical System Design from an Architecture Analysis Viewpoint. Springer, Singapore. https://doi.org/10.1007/978-981-10-4436-6_6

Download citation

  • DOI: https://doi.org/10.1007/978-981-10-4436-6_6

  • Published:

  • Publisher Name: Springer, Singapore

  • Print ISBN: 978-981-10-4435-9

  • Online ISBN: 978-981-10-4436-6

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation