A new hierarchical software architecture towards safety-critical aspects of a drone system

  • Xiao-rui ZhuEmail author
  • Chen Liang
  • Zhen-guo Yin
  • Zhong Shao
  • Meng-qi Liu
  • Hao Chen


A new hierarchical software architecture is proposed to improve the safety and reliability of a safety-critical drone system from the perspective of its source code. The proposed architecture uses formal verification methods to ensure that the implementation of each module satisfies its expected design specification, so that it prevents a drone from crashing due to unexpected software failures. This study builds on top of a formally verified operating system kernel, certified kit operating system (CertiKOS). Since device drivers are considered the most important parts affecting the safety of the drone system, we focus mainly on verifying bus drivers such as the serial peripheral interface and the inter-integrated circuit drivers in a drone system using a rigorous formal verification method. Experiments have been carried out to demonstrate the improvement in reliability in case of device anomalies.

Key words

Safety-critical Drone Software architecture Formal verification 

CLC number

V279 TP311.5 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. Barry R, 2003. The FreeRTOS™ Kernel. [Accessed on Feb. 12, 2019].
  2. Bohrer B, Tan YK, Mitsch S, et al., 2018. Veriphy: verified controller executables from verified cyber-physical system models. Proc 39th ACM SIGPLAN Conf on Programming Language Design and Implementation, p.617–630.
  3. Chen H, Wu XN, Shao Z, et al., 2016. Toward compositional verification of interruptible OS kernels and device drivers. Proc 37th ACM SIGPLAN Conf on Programming Language Design and Implementation, p.431–447.
  4. de Marina HG, Pereda FJ, Giron-Sierra JM, et al., 2012. UAV attitude estimation using unscented Kalman filter and TRIAD. IEEE Trans Ind Electron, 59(11):4465–4474. CrossRefGoogle Scholar
  5. Gu RH, Koenig J, Ramananandro T, et al., 2015. Deep specifications and certified abstraction layers. Proc 42nd Annual ACM SIGPLAN-SIGACT Symp on Principles of Programming Languages, p.595–608.
  6. Lee T, Leok M, McClamroch NH, 2010. Geometric tracking control of a quadrotor UAV on SE(3). 49th IEEE Conf on Decision and Control, p.5420–5425.
  7. Leishman JG, 2002. Principles of Helicopter Aerodynamics. Cambridge University Press, Cambridge, UK.Google Scholar
  8. Leroy X, 2009. Formal verification of a realistic compiler. Commun ACM, 52(7):107–115. CrossRefGoogle Scholar
  9. Madgwick SOH, Harrison AJL, Vaidyanathan R, 2011. Estimation of IMU and MARG orientation using a gradient descent algorithm. IEEE Int Conf on Rehabilitation Robotics, p.1–7.
  10. Malecha G, Ricketts D, Alvarez MM, et al., 2016. Towards foundational verification of cyber-physical systems. Science of Security for Cyber-Physical Systems Workshop, p. 1–5.
  11. Nutt G, 2007. Nuttx Real-Time Operating System. [Accessed on Feb. 12, 2019].
  12. Réti I, Lukátsi M, Vanek B, et al., 2013. Smart mini actuators for safety critical unmanned aerial vehicles. Conf on Control and Fault-Tolerant Systems, p.474–479.
  13. Ricketts D, Malecha G, Alvarez MM, et al., 2015. Towards verification of hybrid systems in a foundational proof assistant. ACM/IEEE Int Conf on Formal Methods and Models for Codesign, p.248–257.
  14. Simpson AJ, Stoker J, 2006. Safety challenges in flying UAVs (unmanned aerial vehicles) in non segregated airspace. IET Int Conf on System Safety, p.81–88.
  15. Wang KC, 2017. Embedded real-time operating systems. In: Wang KC (Ed.), Embedded and Real-Time Operating Systems. Springer, Cham, Germany, p.401–475. CrossRefGoogle Scholar

Copyright information

© Zhejiang University and Springer-Verlag GmbH Germany, part of Springer Nature 2019

Authors and Affiliations

  1. 1.Department of Mechanical Engineering and AutomationHarbin Institute of Technology (Shenzhen)ShenzhenChina
  2. 2.Department of Computer ScienceYale UniversityNew HavenUSA

Personalised recommendations