integration of formal methods into design and
play

Integration of Formal Methods into Design and Implementation of - PowerPoint PPT Presentation

Successes Bottlenecks Need for a New Direction Future Challenges Integration of Formal Methods into Design and Implementation of Aerospace Systems Kristin Yvonne Rozier Rice University December 11, 2014 Kristin Yvonne Rozier Integration


  1. Successes Bottlenecks Need for a New Direction Future Challenges Integration of Formal Methods into Design and Implementation of Aerospace Systems Kristin Yvonne Rozier Rice University December 11, 2014 Kristin Yvonne Rozier Integration of FM into Design & Implementation of Aero Sys

  2. Successes Bottlenecks Need for a New Direction Future Challenges Formal Methods Have Greatly Impacted Aerospace Engineering Expected design-time component Recommended in DO-178B standard for certification Successfully applied in many aerospace contexts. . . Kristin Yvonne Rozier Integration of FM into Design & Implementation of Aero Sys

  3. Successes Bottlenecks Need for a New Direction Future Challenges Successes: Full-Scale and Real-Life Explicit Model Checking A. Groce, K. Havelund, G. Holzmann, R. Joshi, and R-G. Xu. “Establishing flight software reliability: testing, model checking, constraint-solving, monitoring and learning.” Annals of Mathematics and Artificial Intelligence 70, no. 4 (2014): 315-349. P. Mehlitz, “Trust Your Model - Verifying Aerospace System Models with Java Pathfinder,” Proc. IEEE Aerospace Conf. , Big Sky, MT, Mar. 1-8, 2008. A. Betin Can, T. Bultan, M. Lindvall, B. Lux, S. Topp, “Eliminating synchronization faults in air traffic control software via design for verification with concurrency controllers,” Automated Software Engineering 14 (2) (2007) 129178. C. Mu˜ noz, V. Carre˜ no, G. Dowek, “Formal analysis of the operational concept for the small aircraft transportation system,” in: Rigorous Engineering of Fault-Tolerant Systems , LNCS, vol. 4157, 2006, pp. 306325. Kristin Yvonne Rozier Integration of FM into Design & Implementation of Aero Sys

  4. Successes Bottlenecks Need for a New Direction Future Challenges Successes: Full-Scale and Real-Life Symbolic Model Checking A. Cimatti, M. Gario, C. Mattarei, K.Y. Rozier, and S. Tonetta.“Comparing Automated Air Traffic Control Designs via Formal Safety Assessment,” under submission as of December, 2014. Y. Zhao and K.Y. Rozier. “Formal specification and verification of a coordination protocol for an automated air traffic control system.” Science of Computer Programming Journal , volume 96, number 3, pages 337-353, Elsevier, December, 2014. M. Bozzano, A. Cimatti, J-P. Katoen, V.Y. Nguyen, T. Noll, and M. Roveri. “The COMPASS approach: Correctness, modeling and performability of aerospace systems.” In Computer Safety, Reliability, and Security , pp. 173-186. Springer, 2009. R. Anderson, P. Beame, S. Burns, W. Chan, F. Modugno, D. Notkin, J.D. Reese, “Model checking large software specifications,” IEEE TSE 24 (1996) 156166. T. Sreemani, J.M. Atlee, “Feasibility of model checking software requirements: a case study,” in: COMPASS, IEEE , 1996, pp. 7788. Kristin Yvonne Rozier Integration of FM into Design & Implementation of Aero Sys

  5. Successes Bottlenecks Need for a New Direction Future Challenges Successes: Full-Scale and Real-Life Probabilistic Model Checking Y. Zhao, and K.Y. Rozier. “Probabilistic Model Checking for Comparative Analysis of Automated Air Traffic Control Systems.” In IEEE/ACM 2014 International Conference on Computer-Aided Design (ICCAD) , IEEE/ACM, November, 2014. C. von Essen, and D. Giannakopoulou: “Analyzing the Next Generation Airborne Collision Avoidance System.” TACAS 2014. Z. Peng, Y. Lu, A. Miller, C. Johnson, and T. Zhao. “ A probabilistic model checking approach to analysing reliability, availability, and maintainability of a single satellite system.” In European Modeling Symposium (EMS) , pp. 611-616. IEEE, 2013. B. Dutertre. “Probabilistic Analysis of Distributed Fault-Tolerant Systems.” NASA /CR2011-217090 (2011). Kristin Yvonne Rozier Integration of FM into Design & Implementation of Aero Sys

  6. Successes Bottlenecks Need for a New Direction Future Challenges Successes: Full-Scale and Real-Life, By Project Theorem Proving ACAS-X (Airborne Collision Avoidance System X) J-B. Jeannin, K. Ghorbal, Y. Kouskoulas, R. Gardner, A. Schmidt, E. Zawadzki, and A. Platzer. “A Formally Verified Hybrid System for the Next-Generation Airborne Collision Avoidance System.” CMU-CS-14-138 (2014). ACCoRD (state-based conflict detection & resolution algorithms) A. Narkawicz, C. Mu˜ noz, and G. Dowek, “Provably Correct Conflict Prevention Bands Algorithms,” Science of Computer Programming 77, 2012. Chorus (tactical conflict & loss of separation detection & resolution) R.W. Butler, G. E. Hagen, and J. M. Maddalon. “The Chorus conflict and loss of separation resolution algorithms.” NASA/TM2013-218030 (2013). Stratway (strategic separation) G. Hagen, R. Butler, and J. Maddalon. “Stratway: A modular approach to strategic conflict resolution.” AIAA ATIO , 2011. KB3D (CD&R) C. Mu˜ noz, R. Siminiceanu, V. Carre˜ no, and G. Dowek. “KB3D reference manual-version 1.” NASA/TM-2005-213769 (2005). Kristin Yvonne Rozier Integration of FM into Design & Implementation of Aero Sys

  7. Successes Bottlenecks Need for a New Direction Future Challenges Successes: After the Design Phase . . . Static Analysis, Dynamic Analysis, and Symbolic Execution D. Giannakopoulou, F. Howar, M. Isberner, T. Lauderdale, Z. Rakamaric, V. Raman: “Taming Test Inputs for Separation Assurance.” ASE 2014. P. S. Duggirala, L. Wang, S. Mitra, M. Viswanathan, and C. Mu˜ noz. “Temporal Precedence Checking for Switched Models and Its Application to a Parallel Landing Protocol,” Proc. 19th Int’l Symposium on Formal Methods (FM 2014) , LNCS, Vol. 8442, pp. 215-229, 2014. SymbolicPathFinder (symbolic analysis) C. P˘ as˘ areanu, W. Visser, D. Bushnell, J. Geldenhuys, P. Mehlitz, and N. Rungta. “Symbolic PathFinder: integrating symbolic execution with model checking for Java bytecode analysis.” Automated Software Engineering 20, no. 3 (2013): 391-425. Kristin Yvonne Rozier Integration of FM into Design & Implementation of Aero Sys

  8. Successes Bottlenecks Need for a New Direction Future Challenges Successes: Mission Time Runtime Monitoring rt-R2U2 (system & safety health management) T. Reinbacher, K. Y. Rozier, and J. Schumann. “Temporal-Logic Based Runtime Observer Pairs for System Health Management of Real-Time Systems.” In TACAS , volume 8413 of LNCS, pages 357–372, Springer-Verlag, 5-13 April 2014. Copilot L. Pike, A. Goodloe, R. Morisset, and S. Niller. “Copilot: a hard real-time runtime monitor.” In Runtime Verification , pp. 345-359. Springer, 2010. Runtime Monitoring faces fewer challenges that design-time verification: less formal only specs needed specs inherited from design time Still not often adapted to flight-certifiable! Kristin Yvonne Rozier Integration of FM into Design & Implementation of Aero Sys

  9. Successes Bottlenecks Need for a New Direction Future Challenges Progress Impactful results Efficiency of analysis Coverage of analysis Adaptability to specific problems Scalability Recognition of the need for formal methods in aerospace system design and runtime In the design stage , where changes are cheapest, easiest, and most impactful is where we face the biggest bottlenecks. . . Kristin Yvonne Rozier Integration of FM into Design & Implementation of Aero Sys

  10. Successes Bottlenecks Need for a New Direction Future Challenges A Goal Aerospace System Design Process Model Model Validation Validation via Specification Model SPEC Checking DEBUGGING M = Formal System Model REVISE System Model NO Build Testing and NO ERROR ERROR ... Design Check Prototype Simulation SPEC DEBUGGING YES USE SPECIFICATIONS Model FOR RUNTIME Verification MONITORING Specification YES Kristin Yvonne Rozier Integration of FM into Design & Implementation of Aero Sys

  11. Successes Bottlenecks Need for a New Direction Future Challenges Bottlenecks Creating a system model/complete formalizable design Kristin Yvonne Rozier Integration of FM into Design & Implementation of Aero Sys

  12. Successes Bottlenecks Need for a New Direction Future Challenges Bottlenecks Creating a system model/complete formalizable design Writing formal specifications/getting precise requirements Kristin Yvonne Rozier Integration of FM into Design & Implementation of Aero Sys

  13. Successes Bottlenecks Need for a New Direction Future Challenges Bottlenecks Creating a system model/complete formalizable design Writing formal specifications/getting precise requirements Artifacts analyzable by one tool do not translate to any other Need to know from the beginning all features/expressability that will be needed and choose the right tool from the start Cannot change direction, translate between tools, or start again Kristin Yvonne Rozier Integration of FM into Design & Implementation of Aero Sys

  14. Successes Bottlenecks Need for a New Direction Future Challenges Bottlenecks Creating a system model/complete formalizable design Writing formal specifications/getting precise requirements Artifacts analyzable by one tool do not translate to any other Need to know from the beginning all features/expressability that will be needed and choose the right tool from the start Cannot change direction, translate between tools, or start again Constantly have to re-explain the model/specification context continuous vs discrete time level of abstraction types of system that can be reasoned about Kristin Yvonne Rozier Integration of FM into Design & Implementation of Aero Sys

Recommend


More recommend