Verification support for ARINC‐653‐based avionics software

Cámara, Pedro de la; Castro, J. Raúl; Gallardo, María del Mar Prados; Merino, Pedro

doi:10.1002/stvr.422

Cited by 16 publications

(9 citation statements)

References 32 publications

(51 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In [8], only an ARINC 653 hierarchical scheduler is modelled with AADL. Works in [7], [16] target not only the ARINC specification but also its verification, where ARINC 653 services are modelled in PROMELA and verified used the SPIN model checker to ensure the correctness of avionics software constructed on top of ARINC 653. Here, the ARINC and the application models, which are extracted from the application's C source code, comprise the complete formal model for verification.…”

Section: Related Workmentioning

confidence: 99%

“…No. Functionality / Invariant description Partition and process management (1) each process is in one partition (2) if a partition is not in N ORM AL mode, its processes should not in the state of Ready, or Running or Suspend (3) if there are processes of a partition in state of Ready, or Running or Suspend, the partition's mode should be N ORM AL (4) if a partition's mode is N ORM AL, it should have processes (5) if a partition's mode is IDLE, it should not have any process (6) there is at most one Running process in a single core system (7) when a partition is in the COLD ST ART or W ARM ST ART mode, the lock level should be larger than zero (8) if the lock level of a partition is larger than zero, there should be a process in this partition disabled the preemption (9) if there is a process that disabled the preemption of this partition, the lock level of the partition should be larger than zero (10) if the lock level of a partition is zero, the partition should be in the N ORM AL mode (11) if the current process and current partition are valid, the process should be in the partition (12) the validation of current partition implies that the partition's mode is not IDLE (13) the validation of current process implies that the process is running and its partition is in N ORM AL (14) if a process was delayed started, it has a delay time (15) the aperiodic process has the special (infinite) value of period (16) the periodic process has a finite value of period…”

Section: Framework Approachmentioning

confidence: 99%

See 1 more Smart Citation

Event-based formalization of safety-critical operating system standards: An experience report on ARINC 653 using Event-B

Zhao

Yang

Sanán

et al. 2015

2015 IEEE 26th International Symposium on Software Reliability Engineering (ISSRE)

View full text Add to dashboard Cite

Standards play the key role in safety-critical systems. Errors in standards could mislead system developer's understanding and introduce bugs into system implementations.In this paper, we present an Event-B formalization and verification for the ARINC 653 standard, which provides a standardized interface between safety-critical real-time operating systems and application software, as well as a set of functionalities aimed to improve the safety and certification process of such safety-critical systems. The formalization is a complete model of ARINC 653, and provides a necessary foundation for the formal development and verification of ARINC 653 compliant operating systems and applications. Three hidden errors and three cases of incomplete specification were discovered from the verification using the Event-B formal reasoning approach.

show abstract

Section: Related Workmentioning

confidence: 99%

Section: Framework Approachmentioning

confidence: 99%

Event-based formalization of safety-critical operating system standards: An experience report on ARINC 653 using Event-B

Zhao

Yang

Sanán

et al. 2015

2015 IEEE 26th International Symposium on Software Reliability Engineering (ISSRE)

View full text Add to dashboard Cite

show abstract

“…Therefore, most of them are synchronous, or the synchrony is loosened using a kind of inter-process buffer [ 23 ]. A good example is the verification of Avionic systems in Spin [ 24 ]. For communication, Promela channels are used.…”

Section: Related Workmentioning

confidence: 99%

Static and Dynamic Verification of Space Systems Using Asynchronous Observer Agents

Daszczuk

2021

Sensors

View full text Add to dashboard Cite

Formal verification of distributed systems is essential, especially in mission-critical systems that cannot be restarted. Such are space systems in which satellites read sensor values and autonomously make actuator decisions based on them, and ground services only set general patterns of behavior. The verification formalism should correspond to the essential characteristics of a distributed system, such as node autonomy and asynchrony of actions and communication, as in our Integrated Model of Distributed Systems (IMDS). It is also crucial that the formalism allows for finding partial deadlocks and checking partial termination, where only a subset of the system nodes is involved while the rest can perform their own tasks at the same time. This article presents the idea of using monitoring agents—observers prepared in the IMDS formalism. Observers check the state of individual system components by polling, allowing verification without knowing the global state of the system. Such an agent is an ideal prototype of a runtime observer that checks if the actual operation of the system corresponds to a design that has previously been proven correct.

show abstract

“…In order to investigate overflow effects in closed-loop dynamics, attitude dynamics should be simulated, considering FWL effects and the system output provided by DSVerifier. The plant employed to analyze impacts regarding overflow and LCO effects is described in (12), which represents roll (φ) and pitch (θ) angle dynamics.…”

Section: ) Lco and Overflow Effects In Closed-loop Dynamicsmentioning

confidence: 99%

“…Formal verification has been applied to avionics embedded software, since the 2000s, due to safety and reliability requirements [12]. Different tools (e.g., SPIN [13], SMV [14], and NuSMV [15]) were used for developing and validating flight control software, such as the NASA's missions Mars Science Laboratory [16] and Deep Space 1 [17], the flight control system FCS 5000 [18], and the military aircraft A-7 [19].…”

Section: Introductionmentioning

confidence: 99%

DSVerifier-Aided Verification Applied to Attitude Control Software in Unmanned Aerial Vehicles

et al. 2018

View full text Add to dashboard Cite

During the last decades, model checking techniques have been applied to improve overall system reliability, in unmanned aerial vehicle (UAV) approaches. Nonetheless, there is little effort focused on applying those methods to the controlsystem domain, especially when it comes to the investigation of low-level implementation errors, which are related to digital controllers and hardware compatibility. The present study addresses the mentioned problems and proposes the application of a bounded model checking tool, named as Digital System Verifier (DSVerifier), to the verification of digital-system implementation issues, in order to investigate problems that emerge in digital controllers designed for UAV attitude systems. A verification methodology to search for implementation errors related to finite word-length effects (e.g., arithmetic overflows and limit cycles), in UAV attitude controllers, is presented, along with its evaluation, which aims to ensure correct-by-design systems. Experimental results show that low-level failures in UAV attitude control software used in aerial surveillance are identified by DSVerifier, which can also be used for developing sound and correct implementations, through its integration into development processes. Finally, given that the proposed approach handles C code and takes into account hardware specifications, it is suitable for verifying final controller implementations, which is a more practical scenario.

show abstract

Verification support for ARINC‐653‐based avionics software

Cited by 16 publications

References 32 publications

Event-based formalization of safety-critical operating system standards: An experience report on ARINC 653 using Event-B

Event-based formalization of safety-critical operating system standards: An experience report on ARINC 653 using Event-B

Static and Dynamic Verification of Space Systems Using Asynchronous Observer Agents

DSVerifier-Aided Verification Applied to Attitude Control Software in Unmanned Aerial Vehicles

Contact Info

Product

Resources

About