Scalability of formal methods for validation and verification of software control systems



Similar documents
TITLE: Control of Software

Introduction to Aircraft Design and Aviation Systems (ENG3005)

DMD 101 Introduction to DMD technology

Rotorcraft Health Management System (RHMS)

white paper Mitigate Risk in Handling ediscovery Data Subject to the U.S. Export Control Laws and Regulations

Electric Power in Airplane. Student: Maja Knezev Course ELEN 615, 31 st August 2006

WORKSHOP RC EVI Integração de Sistemas Junho de 2011 Eng. Nelson José Wilmers Júnior

Director of Logistics & Compliance James Hall

Applying 4+1 View Architecture with UML 2. White Paper

Automotive Software Engineering

T146 Electro Mechanical Engineering Technician MTCU Code Program Learning Outcomes

Propulsion Gas Path Health Management Task Overview. Donald L. Simon NASA Glenn Research Center

WEEKLY SCHEDULE. GROUPS (mark X) SPECIAL ROOM FOR SESSION (Computer class room, audio-visual class room)

Hardware safety integrity Guideline

asuresign Aero (NATEP Grant MA005)

ELECTRICAL DISTRIBUTION POWER SYSTEMS OF MODERN CIVIL AIRCRAFTS

NORTHPOINTE BANK. Northpointe Liquid High Yield Money Market Account

ELECTRICITY IS IN THE AIR

Scheduling Home Health Care with Separating Benders Cuts in Decision Diagrams

Application Technique. Safety Function: Magnetic Door Switch Monitoring

U.S. Department of Commerce Bureau of Industry and Security. How to Classify Your Item

System modeling. Budapest University of Technology and Economics Department of Measurement and Information Systems

Formal techniques for embedded safety critical systems

Software Test Plan (STP) Template

5SV Residual Current Protective Devices

Version: 1.0 Latest Edition: Guideline

Safety Analysis and Certification of Open Distributed Systems. P. M. Conmy; Department of Computer Science, University of York, York, YO10 5DD U.K.

PLEASE READ THIS AGREEMENT CAREFULLY. BY INSTALLING, DOWNLOADING OR OTHERWISE USING THE SOFTWARE, YOU AGREE TO THE TERMS OF THIS AGREEMENT.

SCADE System Technical Data Sheet. System Requirements Analysis. Technical Data Sheet SCADE System

Module 3 Licensed Software TABLE OF CONTENTS. Version 3.0

Parameters for Efficient Software Certification

Table of Contents INTRODUCTION (CCL) STRUCTURE

HECTOR a software model checker with cooperating analysis plugins. Nathaniel Charlton and Michael Huth Imperial College London

SAFETY MANUAL SIL RELAY MODULE


Flight Standards Handbook Bulletin for Airworthiness (HBAW)

Position Descriptions. Aerospace

The Model Checker SPIN

Five Essential Components for Highly Reliable Data Centers

UNITED STATES DEPARTMENT OF COMMERCE BUREAU OF INDUSTRY AND SECURITY WASHINGTON, D.C

IBM Business Monitor V8.0 Global monitoring context lab

Model Checking: An Introduction

3. Designed for installation by the user without further substantial support by the supplier; and

SUBSCRIPTION SERVICES.

Oracle Insurance Policy Administration. Version

Synthesis and Validation of Control Software For A. Vehicular Electric Power Distribution Testbed

ARINC 653. An Avionics Standard for Safe, Partitioned Systems

Formal verification of contracts for synchronous software components using NuSMV

UML TUTORIALS THE USE CASE MODEL

Extracting an S/MIME certificate from a digital signature

CA Endevor Software Change Manager Version 15.0

DEBIT CARD AGREEMENT AND DISCLOSURE

Multizone Application >3. MSR300 System. No Software configurable? GuardPLC. Enet RECOMMENDED PRODUCTS. Time Delay MSR138

Taming Big Data Storage with Crossroads Systems StrongBox

An Automation Approach Based on Workflows and Software Agents for IPS² by

Methods and Tools For Embedded Distributed System Scheduling and Schedulability Analysis

1. GRANT OF LICENSE. Formdocs LLC grants you the following rights provided that you comply with all terms and conditions of this EULA:

System- Level Reliability Analysis for Conceptual Design of Electrical Power Systems

Machine Safety Design: Safety Relays Versus a Single Safety Controller

Designing an efficient Programmable Logic Controller using Programmable System On Chip

InnoCaption TM Service Terms of Use

GEORGIA TECH RESEARCH CORPORATION SPECIALIZED TESTING SERVICES AGREEMENT. Project No.

How To Get A License To Sell A Computer In Iran

Leverage Your Financial System to Enable Sarbanes-Oxley Compliance: An Evaluator s Guide

ADDITIONAL TERMS FOR HOSTED EXCHANGE SERVICES SCHEDULE 2Z

Rules and Regulations

ONLINE EXERCISE SYSTEM A Web-Based Tool for Administration and Automatic Correction of Exercises

SOFTWARE-IMPLEMENTED SAFETY LOGIC Angela E. Summers, Ph.D., P.E., President, SIS-TECH Solutions, LP

Section Disclosure or Use of Information by Preparers of Returns

Federated, Generic Configuration Management for Engineering Data

Human-Automation Interaction Design and Evaluation Tools. Michael Feary, PhD

EUROPASS DIPLOMA SUPPLEMENT

Opportunities to Overcome Key Challenges

INSIDE. Management Process. Symantec Corporation TM. Best Practices Roles & Responsibilities. Vulnerabilities versus Exposures.

Formal Verification by Model Checking

Learning Systems Software Simulation

A NOVEL RESOURCE EFFICIENT DMMS APPROACH

SIS Functional Design 15 minutes

Efficient Verification for Avionic Product Development

Safety Function: Door Monitoring

The Course.

Using Patterns and Composite Propositions to Automate the Generation of Complex LTL

Page 1. Outline of the Lecture. What is Software Configuration Management? Why Software Configuration Management?

Degree programme in Automation Engineering

Static Program Transformations for Efficient Software Model Checking

Block 3 Size 0 KB 0 KB 16KB 32KB. Start Address N/A N/A F4000H F0000H. Start Address FA000H F8000H F8000H F8000H. Block 2 Size 8KB 16KB 16KB 16KB

Office of Export Enforcement Bureau of Industry and Security (BIS) U.S. Department of Commerce

Learning Systems Modular Systems for Mechatronics Training

Introduction To Commerce Department. Export Controls U.S. DEPARTMENT OF COMMERCE BUREAU OF INDUSTRY AND SECURITY OFFICE OF EXPORTER SERVICES

Harvard Export Control Compliance Policy Statement

Advisory Circular. U.S. Department of Transportation Federal Aviation Administration

Installation Guide. Novell Storage Manager for Active Directory. Novell Storage Manager for Active Directory Installation Guide

Specification and Analysis of Contracts Lecture 1 Introduction

Model Based Software Development for DDG 1000 Advanced Gun System

ENGINEERING AUSTRALIAN COLLEGE OF KUWAIT - CORPORATE TRAINING

NXP Basestation Site Scanning proposal with AISG modems

GIORGI-FERMI vocational school. Knowledge and skills to be acquired by the student/trainee during his training

Data Migration Plan for MIRPS Data and Reference Table Data

Technical Training Module ( 30 Days)

Transcription:

Scalability of formal methods for validation and verification of software control systems COPYRIGHT 2012 HAMILTON SUNDSTRAND CORPORATION. THIS DOCUMENT IS THE PROPERTY OF HAMILTON SUNDSTRAND CORPORATION (HSC). YOU MAY NOT POSSESS, USE, COPY OR DISCLOSE THIS DOCUMENT OR ANY INFORMATION IN IT, FOR ANY PURPOSE, INCLUDING, WITHOUT LIMITATION, TO DESIGN, MANUFACTURE OR REPAIR PARTS, OR OBTAIN ANY GOVERNMENT APPROVAL TO DO SO, WITHOUT HSC S EXPRESS WRITTEN PERMISSION. NEITHER RECEIPT NOR POSSESSION OF THIS DOCUMENT ALONE, FROM ANY SOURCE, CONSTITUTES SUCH PERMISSION. POSSESSION, USE, COPYING OR DISCLOSURE BY ANYONE WITHOUT HSC S EXPRESS WRITTEN PERMISSION IS NOT AUTHORIZED AND MAY RESULT IN CRIMINAL AND/OR CIVIL LIABILITY. E. Scholte (Hamilton Sundstrand) A. Ferrari (ALES s.r.l.) Team: C. Liu, C. Pinello, R. Kumar (UTRC) L. Mangeruca, C. Sofronis (ALES s.r.l.) EAR STATEMENT WARNING -- This document or file contains technical data the export of which is, or may be, restricted by the Export Administration Act and the Export Administration Regulations (EAR), 15 C.F.R. parts 730-774. Diversion contrary to U.S. law is prohibited. The export, re-export, transfer or re-transfer of this technical data to any other company, entity, person, or destination, or for any use or purpose other than that for which the technical data was originally provided by Hamilton Sundstrand, is prohibited without prior written approval from Hamilton Sundstrand and authorization under applicable export control laws. EAR Export Classification: ECCN EAR99 June 11-12 Aerospace Decision and Control Workshop Georgia Institute of Technology Atlanta, GA

OUTLINE Systems at Hamilton Sundstrand System Integration and Control Integrated Modular Avionics, Software, 178C Formal Methods for Model Based Validation and Verification Scalability Challenges: Abstractions and Automatic Simplifications 1

HAMILTON SUNDSTRAND AEROSPACE SYSTEMS INDUSTRIAL Electric Systems Air Management Engine Systems Space Systems Compressors Fire Protection Propellers Systems Auxiliary Power Actuation Systems Specialty Pumps Hamilton Sundstrand is among the world s largest suppliers of technologically advanced aerospace and industrial products.

HAMILTON SUNDSTRAND Experience 1900 s today Curtiss T-32 1915 1920 1925 1930 1935 1940 1945 1950 1955 1960 1965 1970 1975 1980 1985 1990 1995 2000 2005 2010

HAMILTON SUNDSTRAND Electric Systems Electric Systems Platforms Integrated Drive Generator Variable Frequency Generator Power Control / Conversion ERJ170/190 Boeing 737 F-35 JSF A320 A350 Boeing 787 C919 CSeries Power Distribution / Management Emergency Power Electric Systems has 22 active development programs

SYSTEM INTEGRATION AND SOFTWARE System integration encompassing mechanical, electrical, and software control systems. Increased use of networks and software to implement functionality 178C: Model Based Development and Formal Methods How to leverage existing model based techniques for validation and verification of highly integrated cyber physical systems? (How to reuse existing models created during development?) 5

MODEL BASED VERIFICATION TECHNIQUES Need to manage complexity growth in cost/schedule effective manners Augment testing with formal methods Develop models at the different abstraction layers to enable early and consistent guidance Use analysis (formal analysis) to verify correct behavior at different layers Customer specification Aircraft System Model Validation/Verification techniques System Requirement Document System Behavioral Model Formal analysis Formal analysis of discrete systems (finite state) using model checkers Simulation Derived Requirement Document Component Model Physical testing Software Implementation Model

ELECTRIC SYSTEM CONTROL INTEGRATION Generation and Primary Power Distribution Typical 6-9 main power sources S = {on, off, failed} LGEN ExtPwr APU RGEN Typical 20-40 contactors (actuators) C = {on, off, failed open, failed closed} AC Bus L TRU AC Bus R TRU Order of nominal physical configurations: ~2^43 = 8,796,093,022,208 DC Bus L DC Bus R (Physical system constraints will reduce this number) Batt Bus L Batt Batt Bus R

SYSTEM SIZE AND INCREASED INTEGRATION Increase reliance on electric power in aircraft raises complexity of system due to integration Increased use of software and networks to provide system functionality Use Finite State Models and model checking to evaluate system control design System Fault No fault 1 Single contactor fault (Stuck Open) ~12 Single contactor fault (Stuck Open and Stuck Close) Single component fault (i.e. contactor, TRU, Bus, BPCU, GCU failure) Number of Configurations ~26 ~40 Dual failure operation ~1,000 Typical conventional system (Single cruise mode system configuration)

MODEL CHECKING Use Formal Model of the controller/software and determine whether properties (i.e. requirements) are met for all possible input sequences Looks at all possible behaviors of the system Automated procedure if the system is Finite State Model (system requirements/ functionality) Model Checker Tool OR YES NO and a counterexample (sequence of inputs) is given System/function modeled as Finite State Machine Specification (System property) Requirement formalized using (temporal) logic

SYSTEM REQUIREMENT MODELING Formulate system requirements as invariants or use Linear Temporal Logic S1 S2 C1 C2 ACBUS

SCALABILITY OF MODEL CHECKING Methods for increasing checkable system size: Binary Decision Diagram ordering NP-hard to find best ordering, use heuristics Automatic simplifications Automatic abstractions Example Test System Counter limit Baseline [s] BDD Ordering [s] 5 2 0.4 50 7 1.7 100 23 3.1 200 96 6 400 475 13 1,000 1000 71 10,000-1920 1,000,000 - - 11

SIMPLIFICATION AND ABSTRACTION Constant Propagation and simplification Simplifies expressions by propagating constant values through operators Substitute variables with their values Range Reduction By propagating range information through the model Reduce variable data types while still supporting the computed ranges Typical tested system: Originally > 40,000 Boolean Variables Reduce to ~ 6,000 Boolean Variables Automated Subsystem Abstraction Using Cone of Influence automatically remove subsystems Conservative Abstraction Substitute part of the system with one or more input variables Dynamics of substituted part is lost conservative approximation 12

SUMMARY Current aircraft systems are increasing in complexity Increased reliance on software control systems for electric power distribution Use of automated techniques enabler for increasing scalability of existing verification engines Questions? eelco.scholte@hs.utc.com

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information