This paper reports an industrial experiment of formal proof techniques applied to avionics software. This application became possible by using Caveat, a tool dedicated to assistance in comprehension and formal verification of safety critical applications written in C. With this approach it is possible to reduce significantly the actual verification effort (based on test) in achieving the verification objectives defined by the DO 178B [4]. 1.3. Proof of Property Property-or program-proof is a well known technique, based on Hoare's [1] or Dijkstra's [2] theories. An interesting characteristic of these theories is that they can be computer aided, i.e. a tool can be developed to help prove properties. In order to meet the objectives defined in section 1.1 the requirements for such a tool are listed below. Ability to prove avionics C code. This is the strongest requirement because formal verification is dedicated to real software products. Ease of learning and use. The main point, here, is the ability of the tool to be used by "standard" software developers, not only by a team of formal proof specialists. Early payback. Tool aided formal proof must be used in replacement (not in addition) of the most tedious and expensive phases of the testing process. Easy integration. The use of the tool should not break down the actual verification process and environment. A tool which meets this requirement is Caveat, developed by the French Commissariat à l'énergie atomique (CEA). This tool-evaluated by Aerospatiale during the European project LAW [3]-is a "verification assistant" able to perform proof of property. 1.4. Avionics Software Characteristics Functions. The different classes of functions of an avionics software product are numerical computation, hardware handling, communication protocols, security/protection mechanisms, fault-detection and recovery, Boolean computation. Properties. An avionics software must have the following types of property : functional, safety, robustness and temporal. Architecture and sizes. The design and coding rules of an avionics software lead to a modular architecture. They also limit the size and complexity of the individual modules. The size of an entire avionics software product may be up to 500,000 lines of code. Algorithms. From that point of view, avionics software is never very complicated. For instance, the loops are very simple (eg : array initialisation, search within an array). So one of the great difficulties of automatic property proof, i.e the analysis of loops, is simplified a lot.
A panoramic view of a popular platform for C program analysis and verification.
This experience report describes the choice of OCaml as the implementation language for Frama-C, a framework for the static analysis of C programs. OCaml became the implementation language for Frama-C because it is expressive. Most of the reasons listed in the remaining of this article are secondary reasons, features which are not specific to OCaml (modularity, availability of a C parser, control over the use of resources. . . ) but could have prevented the use of OCaml for this project if they had been missing.
No abstract
A detailed energy audit is carried outfor a complex of 6 for the newer buildings. The average natural gas consumption office buildings in Brussels representing over 30 000 m2 of for office buildings in Belgium is estimated at 150 occupied space. The results show very high energy consumption kWh/m2/yr. for both heating and electricity. Detailed computers models are As for the electricity, the building complex consumes on created of all 6 buildings and calibrated based on real ' consumption, monitoring results from Building Energy erage 1 kWhIm/yrc Management Systems, actual occupation profiles and real estlmated at 134 kWhim /yrs meteorological datafor Brussels.Although precaution must be taken in comparing these ratios, Based on the model, a series of measures to increase the energy they indicate a high potential of energy savings. efficiency of the buildings are then proposed. A technical and economic analysis which evaluates the environmental impact and Dynamic Building Simulations payback time of each measure is carried out. The objective of the study is to reduce energy consumption of existing buildings by Computer models for the six buildings are created using 30% while keeping improvement measures economically dynamic thermal simulation software Virtual Environment interesting. (Fig 1) Results show that energy savings of 27% are feasible with an ( overall payback time ofapproximately 3 years.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.
hi@scite.ai
10624 S. Eastern Ave., Ste. A-614
Henderson, NV 89052, USA
Copyright © 2024 scite LLC. All rights reserved.
Made with 💙 for researchers
Part of the Research Solutions Family.