Safety, Dependability and Performance Analysis of Aerospace Systems

  • Thomas NollEmail author
Conference paper
Part of the Communications in Computer and Information Science book series (CCIS, volume 476)


The size and complexity of software in spacecraft is increasing exponentially, and this trend complicates its validation within the context of the overall spacecraft system. Current validation methods are labour-intensive as they rely on manual analysis, review and inspection. In this paper we give an overview of an integrated system-software co-engineering approach focusing on a coherent set of specification and analysis techniques for evaluation of system-level correctness, safety, dependability and performability of on-board computer-based aerospace systems. It features both a tailored modelling language and toolset for supporting (semi-)automated validation activities. Our modelling language is a dialect of the Architecture Analysis and Design Language, AADL, and enables engineers to specify the system, the software, and their reliability aspects. The COMPASS toolset employs state-of-the-art model checking techniques, both qualitative and probabilistic, for the analysis of requirements related to functional correctness, safety, dependability and performance.


Architecture Analysis & Design Language (AADL) Fault Detection, Isolation And Recovery (FDIR) AADL Models FMEA Tables Fault Injection 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    Baier, C., Haverkort, B., Hermanns, H., Katoen, J.P.: Model-checking algorithms for continuous-time Markov chains. IEEE Trans. Softw. Eng. 29(6), 524–541 (2003)CrossRefGoogle Scholar
  2. 2.
    Baier, C., Katoen, J.P.: Principles of Model Checking. MIT Press, Cambridge (2008)zbMATHGoogle Scholar
  3. 3.
    Biere, A., Cimatti, A., Clarke, E., Zhu, Y.: Symbolic model checking without BDDs. In: Cleaveland, W.R. (ed.) TACAS 1999. LNCS, vol. 1579, pp. 193–207. Springer, Heidelberg (1999) CrossRefGoogle Scholar
  4. 4.
    Biere, A., Heljanko, K., Junttila, T.A., Latvala, T., Schuppan, V.: Linear encodings of bounded LTL model checking. Log. Methods Comput. Sci. 2(5), 1–64 (2006)CrossRefMathSciNetGoogle Scholar
  5. 5.
    Bittner, B., Bozzano, M., Cimatti, A., Olive, X.: Symbolic synthesis of observability requirements for diagnosability. In: Proceedings of 11th Symposium on Advanced Space Technologies in Robotics and Automation (ASTRA 2011), ESA/ESTEC (2011)
  6. 6.
    Boudali, H., Crouzen, P., Stoelinga, M.: A rigorous, compositional and extensible framework for dynamic fault tree analysis. In: Dependable and Secure Computing, pp. 128–143. IEEE (2010)Google Scholar
  7. 7.
    Bozzano, M., Bruttomesso, R., Cimatti, A., Junttila, T., van Rossum, P., Schulz, S., Sebastiani, R.: Mathsat: tight integration of SAT and mathematical decision procedures. J. Autom. Reasoning 35, 265–293 (2005)CrossRefzbMATHGoogle Scholar
  8. 8.
    Bozzano, M., Cimatti, A., Katoen, J.-P., Nguyen, V.Y., Noll, T., Roveri, M.: The COMPASS approach: correctness, modelling and performability of aerospace systems. In: Buth, B., Rabe, G., Seyfarth, T. (eds.) SAFECOMP 2009. LNCS, vol. 5775, pp. 173–186. Springer, Heidelberg (2009) CrossRefGoogle Scholar
  9. 9.
    Bozzano, M., Cimatti, A., Tapparo, F.: Symbolic fault tree analysis for reactive systems. In: Namjoshi, K.S., Yoneda, T., Higashino, T., Okamura, Y. (eds.) ATVA 2007. LNCS, vol. 4762, pp. 162–176. Springer, Heidelberg (2007) CrossRefGoogle Scholar
  10. 10.
    Bozzano, M., Cavada, R., Cimatti, A., Katoen, J.P., Nguyen, V.Y., Noll, T., Olive, X.: Formal verification and validation of aadl models. In: Embedded Real Time Software and Systems Conference, AAAF & SEE (2010)Google Scholar
  11. 11.
    Bozzano, M., Cimatti, A., Katoen, J.P., Katsaros, P., Mokos, K., Nguyen, V.Y., Noll, T., Postma, B., Roveri, M.: Spacecraft early design validation using formal methods. Reliab. Eng. Syst. Saf. 132, 20–35 (2014)CrossRefGoogle Scholar
  12. 12.
    Bozzano, M., Cimatti, A., Katoen, J.P., Nguyen, V.Y., Noll, T., Roveri, M.: Safety, dependability, and performance analysis of extended AADL models. Comput. J. 54(5), 754–775 (2011)CrossRefGoogle Scholar
  13. 13.
    Cimatti, A., Pecheur, C., Cavada, R.: Formal verification of diagnosability via symbolic model checking. In: International Joint Conference on Artificial Intelligence (IJCAI), pp. 363–369. Morgan Kaufmann (2003)Google Scholar
  14. 14.
    Cimatti, A., Clarke, E., Giunchiglia, E., Giunchiglia, F., Pistore, M., Roveri, M., Sebastiani, R., Tacchella, A.: NuSMV 2: an opensource tool for symbolic model checking. In: Brinksma, E., Larsen, K.G. (eds.) CAV 2002. LNCS, vol. 2404, pp. 359–364. Springer, Heidelberg (2002) CrossRefGoogle Scholar
  15. 15.
    COMPASS Consortium: The COMPASS project web site.
  16. 16.
    Derisavi, S., Hermanns, H., Sanders, W.H.: Optimal state-space lumping in Markov chains. Inf. Process. Lett. 87(6), 309–315 (2003)CrossRefzbMATHMathSciNetGoogle Scholar
  17. 17.
    Dwyer, M., Avrunin, G., Corbett, J.: Patterns in property specifications for finite-state verification. In: International Conference on Software Engineering (ICSE), pp. 411–420. IEEE CS Press (1999)Google Scholar
  18. 18.
    ECSS: Space product assurance: Fault tree analysis - adoption notice ECSS/IEC 61025. ECSS Standard Q-ST-40-12C, European Cooperation for Space Standardization, July 2008Google Scholar
  19. 19.
    ECSS: Space product assurance: Failure modes, effects (and criticality) analysis (FMEA/FMECA). ECSS Standard Q-ST-30-02C, European Cooperation for Space Standardization, March 2009Google Scholar
  20. 20.
    Esteve, M.A., Katoen, J.P., Nguyen, V.Y., Postma, B., Yushtein, Y.: Formal correctness, safety, dependability and performance analysis of a satellite. In: 34th International Conference on Software Engineering (ICSE 2012), pp. 1022–1031. ACM and IEEE CS Press (2012)Google Scholar
  21. 21.
    FBK: FSAP: The formal safety analysis platform.
  22. 22.
    FBK: MathSAT.
  23. 23.
    FBK: NuSMV: A new symbolic model checker.
  24. 24.
    Feiler, P.H., Gluch, D.P.: Model-Based Engineering with AADL: an introduction to the sae architecture analysis & design language. Addison-Wesley Professional, Boston (2012) Google Scholar
  25. 25.
    Grunske, L.: Specification patterns for probabilistic quality properties. In: International Conference on Software Engineering (ICSE), pp. 31–40. ACM (2008)Google Scholar
  26. 26.
    Guck, D., Han, T., Katoen, J.-P., Neuhäußer, M.R.: Quantitative timed analysis of interactive Markov chains. In: Goodloe, A.E., Person, S. (eds.) NFM 2012. LNCS, vol. 7226, pp. 8–23. Springer, Heidelberg (2012) CrossRefGoogle Scholar
  27. 27.
    Heljanko, K., Junttila, T.A., Latvala, T.: Incremental and complete bounded model checking for full PLTL. In: Etessami, K., Rajamani, S.K. (eds.) CAV 2005. LNCS, vol. 3576, pp. 98–111. Springer, Heidelberg (2005) CrossRefGoogle Scholar
  28. 28.
    Henzinger, T.: The theory of hybrid automata. In: IEEE Symposium on Logic in Computer Science (LICS), pp. 278–292. IEEE CS Press (1996)Google Scholar
  29. 29.
    Hermanns, H.: Interactive Markov chains in practice. In: Hermanns, H. (ed.) Interactive Markov Chains. LNCS, vol. 2428, p. 129. Springer, Heidelberg (2002) CrossRefGoogle Scholar
  30. 30.
    Katoen, J.P., Zapreev, I.S., Hahn, E.M., Hermanns, H., Jansen, D.N.: The ins and outs of the probabilistic model checker MRMC. Perform. Eval. 68(2), 90–104 (2011)CrossRefGoogle Scholar
  31. 31.
    MRMC Consortium: MRMC – The Markov Reward Model Checker.
  32. 32.
    SAE: Architecture Analysis and Design Language (AADL). SAE Standard AS5506, International Society of Automotive Engineers, May 2004Google Scholar
  33. 33.
    SAE: Architecture Analysis and Design Language (AADL) Annex, Volume 1, Annex A: Graphical AADL Notation. SAE Standard AS5506/1, International Society of Automotive Engineers, June 2006Google Scholar
  34. 34.
    SAE: Architecture Analysis and Design Language Annex (AADL), Volume 1, Annex E: Error Model Annex. SAE Standard AS5506/1, International Society of Automotive Engineers, June 2006Google Scholar
  35. 35.
    SAE: Architecture Analysis and Design Language (AADL) Rev. B. SAE Standard AS5506B, International Society of Automotive Engineers, September 2012Google Scholar
  36. 36.
    Valmari, A., Franceschinis, G.: Simple O(m logn) time Markov chain lumping. In: Esparza, J., Majumdar, R. (eds.) TACAS 2010. LNCS, vol. 6015, pp. 38–52. Springer, Heidelberg (2010) CrossRefGoogle Scholar
  37. 37.
    Wimmer, R., Herbstritt, M., Hermanns, H., Strampp, K., Becker, B.: Sigref – a symbolic bisimulation tool box. In: Graf, S., Zhang, W. (eds.) ATVA 2006. LNCS, vol. 4218, pp. 477–492. Springer, Heidelberg (2006) CrossRefGoogle Scholar
  38. 38.
    Yushtein, Y., Bozzano, M., Cimatti, A., Katoen, J.P., Nguyen, V., Noll, T., Olive, X., Roveri, M.: System-software co-engineering: dependability and safety perspective. In: Proceedings of the 4th IEEE International Conference on Space Mission Challenges for Information Technology (SMC-IT 2011), pp. 18–25. IEEE CS Press (2011)Google Scholar

Copyright information

© Springer International Publishing Switzerland 2015

Authors and Affiliations

  1. 1.Software Modeling and Verification GroupRWTH Aachen UniversityAachenGermany

Personalised recommendations