Using formal methods with SysML in aerospace design and engineering

Maintaining design consistency is a critical issue for macro-level aerospace development. The inability to maintain design consistency is a major contributor to cost and schedule overruns. By embedding The Systems Modeling Language (SysML) within a formal logic, formal methods can be used to maintain consistency as a design evolves. SysML, provided with a formal semantics, enables engineers to employ reasoning in the course of a typical model-based development process. Engineers can make use of formal methods within the context of current engineering practice and tools without needing to have special formal methods training. As component subsystems are introduced to refine a design, their assumptions are checked against current assumptions. If new assumptions do not introduce inconsistency, they are added to the model assumptions. If the assumptions render the design inconsistent, they are detected which minimizes potential rework. SysML has a demonstrated capability for top-to-bottom design refinement for large-scale aerospace systems. SysML does not have a formal logic-based semantics. The logical formalism within which SysML is embedded matches the informal semantic of SysML closely. The approach to integrating formal methods with SysML is illustrated with a typical macro-level aerospace design task. The design process produces a design solution which provably satisfies the top level requirements. The example provides evidence that coupling formal methods with SysML can realistically be applied to solve aerospace development problems. The approach results from a number of detailed design trades employing a model-based system development process which used SysML as the model integration framework.     

基于形式化方法的航空电子系统检测

随着航空型号的快速发展,航空电子系统的数字化程度越来越高,软件在其中所占的比例越来越大.对航空电子系统中的软件进行测试和检测是保证航空电子系统质量及可信运行的基础.通过分析航空电子系统软件体系结构,对航空电子系统进行形式化建模,并在此基础上,提出了一种形式化的系统级综合检测方法,从静态和动态两个方面对航空电子系统进行检测,最后通过设计并实现一个综合检测系统来验证该方法的有效性.     

Formal Methods in Designing Embedded Systems—the SACRES Experience

From automotive electronics to avionics, embedded systems are part of our everyday life, and developed societies are increasingly dependent on their reliability in operation. At the same time, current design practice is inadequate in coping with the challenge of constructing dependable embedded systems.SACRES is an experimental design environment aimed at the seamless development of embedded systems. It incorporates state-of-the-art industrial design tools and provides formal specification, model checking technology and validated code generation. These concepts have been integrated on the basis of the synchronous approach to reactive systems.As a result, synchronous compilation techniques have been enhanced, in particular as regards techniques for distributed code generation. Formal verification technology was advanced to increase efficiency, handle composed systems and cover some real-time aspects. The new approach of translation validation was developed and proven to work.Real bugs have been found even in well-tested models. It was demonstrated that a formal design including verification is often more efficient than testing. As a consequence, all user partners are committed to further introducing formal design and verification technology.This paper summarises the essential achievements of the project. It explains the results in terms of the basic ideas, the available tools and methodology, as well as the experience gained.     

可信系统性质的分类和形式化研究综述

计算机系统被应用于各种重要领域,这些系统的失效可能会带来重大灾难.不同应用领域的系统对于可信性具有不同的要求,如何建立高质量的可信计算机系统,是这些领域共同面临的巨大挑战.近年来,具有严格数学基础的形式化方法已经被公认为开发高可靠软硬件系统的有效方法.目标是对形式化方法在不同系统的应用进行不同维度的分类,以更好地支撑可信软硬件系统的设计.首先从系统的特征出发,考虑6种系统特征:顺序系统、反应式系统、并发与通信系统、实时系统、概率随机系统以及混成系统.同时,这些系统又运行在众多应用场景,分别具有各自的需求.考虑4种应用场景:硬件系统、通信协议、信息流以及人工智能系统.对于以上的每个类别,介绍和总结其形式建模、性质描述以及验证方法与工具.这将允许形式化方法的使用者对不同的系统和应用场景,能够更准确地选择恰当的建模、验证技术与工具,帮助设计人员开发更加可靠的系统.     

Automatic Deployment of an RPAS Mission Manager to an ARINC-653 Compliant System

The development process of avionics system requiring a high level of safety is subjected to rigorous development and verification standards. In order to accelerate and facilitate this process, we present a testbed that uses a suite of methods and tools to comply with aerospace standards for certification. To illustrate the proposed methodology, we designed a Mission Management System for Remotely Piloted Aircraft Systems (RPAS) that was deployed on a particular run-time execution platform called XtratuM, an ARINC-653 compliant system developed in our research group. The paper discusses the system requirements, the software architecture, the key issues for porting designs to XtratuM, and how to automatize this process. Results show that the proposed testbed is a good platform for designing and qualifying avionics applications.     

Ten commandments of formal methods

Producing correct, reliable software in systems of ever increasing complexity is a problem with no immediate end in sight. The software industry suffers from a plague of bugs on a near-biblical scale. One promising technique in alleviating this problem is the application of formal methods that provide a rigorous mathematical basis to software development. When correctly applied, formal methods produce systems of the highest integrity and thus are especially recommended for security- and safety-critical systems. Unfortunately, although projects based on formal methods are proliferating, the use of these methods is still more the exception than the rule, which results from many misconceptions regarding their costs, difficulties, and payoffs. Surveys of formal methods applied to large problems in industry help dispel these misconceptions and show that formal methods projects can be completed on schedule and within budget. Moreover, these surveys show that formal methods projects produce correct software (and hardware) that is well structured, maintainable, and satisfies customer requirements. Through observations of many recently completed and in-progress projects we have come up with ten guidelines that, if adhered to, greatly increase a project's chances for success     

Formal specification – an analytic tool for (management) information systems

Abstract. There appears to be a general consensus within the information systems literature that formal specification of software systems is an inappropriate response to the perceived general failure of information systems to meet user requirements. Such views would seem to be based primarily on the difficulty of constructing formal specifications – and on the difficulty of understanding such specifications once constructed. Research into the applicability of formal methods has therefore tended to concentrate on the needs and the context of software developers specializing in critical and extremely complex software such as operating systems, transaction processing monitors, or nuclear reactor protection. More recently, however, formal methods have been applied successfully in more conventional and commercial areas, such as the development of a CASE tool, indicating that many of the perceived disadvantages of formal methods are merely myths.
This paper discusses the differing research directions of the information systems and software engineering disciplines and suggests that significant beneflts may result from a synthesis of the two approaches. We further suggest that there is a serious danger that approaches which have been shown to have value in one of the two domains are automatically being ignored in the other as being 'irrelevant'. While each of the two areas ignores the contribution of the other, software systems will continue to be sub-optimal (in terms of relevance, as well as quality). We argue the relevance of formal specifications to the information systems discipline, illustrating the argument with a case study based within the IS domain.     

形式化方法概貌

形式化方法是基于严格数学基础,对计算机硬件和软件系统进行描述、开发和验证的技术.其数学基础建立在形式语言、语义和推理证明三位一体的形式逻辑系统之上.形式化方法已经以不同程度和不同方式愈来愈多地应用在计算系统生命周期的各个阶段.介绍了形式化方法的发展历程和基本方法体系;以形式规约和形式验证为主线,综述了形式化方法的理论、方法、工具和应用的现状,展示了形式化方法与软件学科其他领域的交叉和融合;分析了形式化方法的启示,并展望了其面临的发展机遇和未来趋势.形式化方法的发展和研究现状表明：其应用已经取得了长足的进步,在提高计算系统的可靠性和安全性方面发挥了重要作用.在当今软件日益成为社会基础设施的时代,形式化方法将与人工智能、网络空间安全、量子计算、生物计算等领域和方向交叉融合,得到更加广阔的应用.研究和建立这种交叉融合的理论和方法不仅重要,而且具有挑战性.     

Foundations of a new software engineering method for real-time systems

The design of a fault-tolerant distributed, real-time, embedded system with safety-critical concerns requires the use of formal languages. In this paper, we present the foundations of a new software engineering method for real-time systems that enables the integration of semiformal and formal notations. This new software engineering method is mostly based upon the ”COntinuuM” co-modeling methodology that we have used to integrate architecture models of real-time systems (Perseil and Pautet in 12th International conference on engineering of complex computer systems, ICECCS, IEEE Computer Society, Auckland, pp 371–376, 2007) (so we call it “Method C”), and a model-driven development process (ISBN 978-0-387-39361-2 in: From model-driven design to resource management for distributed embedded systems, Springer, chap. MDE benefits for distributed, real time and embedded systems, 2006). The method will be tested in the design and development of integrated modular avionics (IMA) frameworks, with DO178, DO254, DO297, and MILS-CC requirements.     

Investigating the usability of real-time scheduling theory with the Cheddar project

This article deals with real-time critical systems modelling and verification. Real-time scheduling theory provides algebraic methods and algorithms in order to make timing constraints verifications of these systems. Nevertheless, many industrial projects do not perform analysis with real-time scheduling theory even if demand for use of this theory is large and the industrial application field is wide (avionics, aerospace, automotive, autonomous systems, …). The Cheddar project investigates why real-time scheduling theory is not used and how its usability can be increased. The project was launched at the University of Brest in 2002. In Lecture Notes on Computer Sciences, vol. 5026, pp. 240–253, 2008, we have presented a short overview of this project. This article is an extended presentation of the Cheddar project, its contributions and also its ongoing works.     

信令寻径式高速光纤传输交换机研究与设计

针对未来航电系统需求,研究一种新型的以“信令寻径式交换技术”为核心的高速光纤传输交换网络。该文设计了信令寻径式交换网络通信协议,并在此基础上详细论述了高速光纤传输交换机设计方案。目前,16端口的信令寻径式高速光纤传输交换机已初步调试成功,性能稳定,运行状况良好,可应用于航电和中尺度天气预报等高速网络通信系统中。     

On Using B in the Design of Secure Micro-controllers: An Experience Report

The stepwise formal development of safety critical software is now a well established engineering practice, noticeably in railway systems. However, it has not been applied as successfully to hardware development, where formal methods are mainly used for verification and gate level transformations and optimizations. In this paper, we report our recent experience in the stepwise formal development of a real macro-cell, that opens the way to the design of synchronous digital circuits with zero functional bugs. We propose a development flow suited for obtaining proven correct-by-construction circuits that further possess additional robustness properties desirable for secure chips. The reported work is prospective and is meant to show the feasibility of such a technique for high confidence trustful devices.     

面向航天嵌入式软件的形式化建模方法

航天嵌入式软件是航天型号任务成败的关键之一.航天嵌入式软件是一种周期性、多模式的软件.软件的每个模式表示系统处于一定的状态,并进行相应的复杂计算.因此,提出了一种名为SPARDL的形式化建模方法.为了满足型号应用的需求,对这一方法进行了若干改进.为了表达航天器的时序性质,提出了一种基于区间逻辑的性质规范语言.为了支持工业应用,还设计了代码生成方法.这一建模方法已在航天工业领域得到了应用.     

基于ICD配置的航电总线测试软件自动生成方法研究

为了提高航空电子总线数据采集软件的开发效率和可靠性,降低测试和仿真工作的复杂度,对当前主要的软件自动生成方法进行了分析比较和研究,并将其应用到航电总线数据采集软件中.设计了接口控制文档(ICD,interface control document)数据库、知识库、类型库和词法分析器,采用XML模板生成、XSD模板验证和...     

Toward a theory and method for cooperative systems, with application to auditing

Cooperative distributed knowledge-base systems—sometime termed distributed artificial Intelligence (DAI)—offer computer methods for coordinating group expertise in the solving of problems. Much of the research to the present has been empirical testing of informal methods. There is a need for more formal methods to guide the design and development of DAI. At the same time, object-oriented programming methods provide a natural means or representing real-world objects in a way that facilitates communication among those objects. In this paper we propose a methodology for integrating formal methods of knowledge theory with object-oriented methods in a way that may facilitate the development of more robust DAI systems. Our exposition takes the reader from conceptual development to fundamentals of an application in auditing.     

ASM-based formal design of an adaptivity component for a Cloud system

The request of formal methods for the specification and analysis of distributed systems is nowadays increasing, especially when considering the development of Cloud systems and Web applications. This is due to the fact that modeling languages currently used in these areas have informal definitions and ambiguous semantics, and therefore their use may be unreliable. Thanks to their mathematical foundation, formal methods can guarantee rigorous system design, leading to precise models where requirements can be validated and properties can be assured, already at the early stages of the system development. In this paper, we present a rigorous engineering process for distributed systems, based on the Abstract State Machines (ASM) formal method. We rely on the foundational notions of ASM ground model and model refinement to obtain a precise model for a client-server application for Cloud systems. This application has been proposed to tackle the problem of making Cloud services usable to different end-devices by adapting on-the-fly the content coming from the Cloud to the different devices contexts. The ASM-based modeling process is supported by a number of validation and verification activities that have been exploited on the component under development to guarantee consistency, correctness, and reliability properties.     

Formal Methods Technology Transfer: A View from NASA

Since 1988 NASA Langley Research Center has supported a formal methods research program. From its inception, a primary goal of the program has been to transfer formal methods technology into aerospace industries focusing on applications in commercial air transport. The overall program has been described elsewhere. This paper gives an account of the technology transfer strategy and its evolution.     

电子设备BIT状态的神经网络预测

首先对基于ＬＭ 算法的神经网络预测性能进行研究。相对快速ＢＰ网络而言,其预测精度高、收敛速度快。然后提出将该方法应用于电子设备ＢＩＴ输出及相关量的状态预测,对存在于航空电子设备中的压力、温度等环境应力的典型变化曲线进行了预测,并在环境应力影响下的ＢＩＴ状态综合预测中得到验证。结果表明,利用时空两方面信息进行状态预测和综合分析是一条提高ＢＩＴ诊断能力、降低虚警的重要思路。