Integrating Formal Verification and Assurance: An Inspection Rover Case Study

Bourbouh, Hamza; Farrell, Marie; Mavridou, Anastasia; Šljivo, Irfan; Brat, Guillaume; Dennis, Louise A.; Fisher, Michael

doi:10.1007/978-3-030-76384-8_4

Cited by 23 publications

(26 citation statements)

References 28 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Related, Bourbouh et al [34] report on the combined use of several methods and tools in the development of an assurance case for an inspection rover, which is modelled in AADL [35], Simulink and Event-B [36]. Functional requirements are stated using the structured natural language accepted by FRET [37], with semantics given in Linear Temporal Logic (LTL) suitable for analysis with Lustre [38] models generated from Simulink via CoCoSim [39], a framework for design, code generation and analysis of discrete dataflow models.…”

Section: Related Workmentioning

confidence: 95%

Safety assurance of an industrial robotic control system using hardware/software co-verification

Murray,

Sirevåg,

Ribeiro

et al. 2021

Preprint

View full text Add to dashboard Cite

As a general trend in industrial robotics, an increasing number of safety functions are being developed or re-engineered to be handled in software rather than by physical hardware such as safety relays or interlock circuits. This trend reinforces the importance of supplementing traditional, input-based testing and quality procedures which are widely used in industry today, with formal verification and model-checking methods. To this end, this paper focuses on a representative safety-critical system in an ABB industrial paint robot, namely the High-Voltage electrostatic Control system (HVC). The practical convergence of the high-voltage produced by the HVC, essential for safe operation, is formally verified using a novel and general co-verification framework where hardware and software models are related via platform mappings. This approach enables the pragmatic combination of highly diverse and specialised tools. The paper's main contribution includes details on how hardware abstraction and verification results can be transferred between tools in order to verify system-level safety properties. It is noteworthy that the HVC application considered in this paper has a rather generic form of a feedback controller. Hence, the co-verification framework and experiences reported here are also highly relevant for any cyber-physical system tracking a setpoint reference.

show abstract

Section: Related Workmentioning

confidence: 95%

Safety assurance of an industrial robotic control system using hardware/software co-verification

Murray,

Sirevåg,

Ribeiro

et al. 2021

Preprint

View full text Add to dashboard Cite

show abstract

“…Each of these formal techniques outperformed testing when locating concurrency errors. Other rover verification research includes (Bourbouh et al, 2021) which uses FRET, CoCoSpec and Event-B to verify an 1 Available: https://github.com/autonomy-and-verification-uol/ROSMonitoring. autonomous rover use case.…”

Section: Related Workmentioning

confidence: 99%

Formal Modelling and Runtime Verification of Autonomous Grasping for Active Debris Removal

et al. 2022

Self Cite

View full text Add to dashboard Cite

Active debris removal in space has become a necessary activity to maintain and facilitate orbital operations. Current approaches tend to adopt autonomous robotic systems which are often furnished with a robotic arm to safely capture debris by identifying a suitable grasping point. These systems are controlled by mission-critical software, where a software failure can lead to mission failure which is difficult to recover from since the robotic systems are not easily accessible to humans. Therefore, verifying that these autonomous robotic systems function correctly is crucial. Formal verification methods enable us to analyse the software that is controlling these systems and to provide a proof of correctness that the software obeys its requirements. However, robotic systems tend not to be developed with verification in mind from the outset, which can often complicate the verification of the final algorithms and systems. In this paper, we describe the process that we used to verify a pre-existing system for autonomous grasping which is to be used for active debris removal in space. In particular, we formalise the requirements for this system using the Formal Requirements Elicitation Tool (FRET). We formally model specific software components of the system and formally verify that they adhere to their corresponding requirements using the Dafny program verifier. From the original FRET requirements, we synthesise runtime monitors using ROSMonitoring and show how these can provide runtime assurances for the system. We also describe our experimentation and analysis of the testbed and the associated simulation. We provide a detailed discussion of our approach and describe how the modularity of this particular autonomous system simplified the usually complex task of verifying a system post-development.

show abstract

“…FRET 2 is an open-source tool that enables developers to write and formalise system requirements in a structured natural-language called fretish [12]. Requirements in FRET take the form:…”

Section: Fretmentioning

confidence: 99%

“…To the best of our knowledge, this is the first set of fretish requirements that have been constructed alongside an industrial partner for a system that is still under development [8]. Related work generally present fretish requirements for pre-existing example applications or conceptual systems [2,13,17], apart from a set of fretish requirements for a robotic system [9] which was constructed alongside developers of an academic prototype.…”

Section: Technical View Of Extending Fretmentioning

confidence: 99%

Why just FRET when you can Refactor? Retuning FRETISH Requirements

Luckcuck¹,

Farrell²,

Sheridan³

2022

Preprint

Self Cite

View full text Add to dashboard Cite

Formal verification of a software system relies on formalising the requirements to which it should adhere, which can be challenging. While formalising requirements from natural-language, we have dependencies that lead to duplication of information across many requirements, meaning that a change to one requirement causes updates in several places. We propose to adapt code refactorings for NASA's Formal Requirements Elicitation Tool (FRET), our tool-of-choice. Refactoring is the process of reorganising software to improve its internal structure without altering its external behaviour; it can also be applied to requirements, to make them more manageable by reducing repetition. FRET automatically translates requirements (written in its input language fretish) into Temporal Logic, which enables us to formally verify that refactoring has preserved the requirements' underlying meaning. In this paper, we present four refactorings for fretish requirements and explain their utility. We describe the application of one of these refactorings to the requirements of a civilian aircraft engine software controller, to decouple the dependencies from the duplication, and analyse how this changes the number of requirements and the number of repetitions. We evaluate our approach using Spot, a tool for checking equivalence of Temporal Logic specifications.

show abstract

Integrating Formal Verification and Assurance: An Inspection Rover Case Study

Cited by 23 publications

References 28 publications

Safety assurance of an industrial robotic control system using hardware/software co-verification

Safety assurance of an industrial robotic control system using hardware/software co-verification

Formal Modelling and Runtime Verification of Autonomous Grasping for Active Debris Removal

Why just FRET when you can Refactor? Retuning FRETISH Requirements

Contact Info

Product

Resources

About