Formal Verification of a Rover Anti-collision System

  • Ning GeEmail author
  • Eric Jenn
  • Nicolas Breton
  • Yoann Fonteneau
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9933)


In this paper, we integrate inductive proof, bounded model checking, test case generation and equivalence proof techniques to verify an embedded system. This approach is implemented using the Systerel Smart Solver (S3) toolset. It is applied to verify properties at system, software, and code levels. The verification process is illustrated on an anti-collision system (ARP for Automatic Rover Protection) implemented on-board a rover. Focus is placed on the verification of safety and functional properties and the proof of equivalence between the design model and the generated code.


SAT Safety critical system S3 Bounded model checking Inductive proof Equivalence proof Test case generation 


  1. 1.
    IEEE Standards Association. IEEE standard for floating-point arithmetic (2008)Google Scholar
  2. 2.
    Benveniste, A., Berry, G.: The synchronous approach to reactive and real-time systems. Proc. IEEE 79(9), 1270–1282 (1991)CrossRefGoogle Scholar
  3. 3.
    Kern, C., Ono-Tesfaye, T., Greenstreet, M.R.: Symbolic model checking without BDDs. In: Cleaveland, W.R. (ed.) TACAS 1999. LNCS, vol. 1579, pp. 193–207. Springer, Heidelberg (1999)CrossRefGoogle Scholar
  4. 4.
    Biere, A., Heule, M., van Maaren, H.: Handbook of Satisfiability, vol. 185. IOS Press, Amsterdam (2009)zbMATHGoogle Scholar
  5. 5.
    Birgmeier, J., Bradley, A.R., Weissenbacher, G.: Counterexample to induction-guided abstraction-refinement (CTIGAR). In: Biere, A., Bloem, R. (eds.) CAV 2014. LNCS, vol. 8559, pp. 831–848. Springer, Heidelberg (2014)Google Scholar
  6. 6.
    Bjesse, P., Claessen, K.: SAT-based verification without state space traversal. In: Johnson, S.D., Hunt Jr., W.A. (eds.) FMCAD 2000. LNCS, vol. 1954, pp. 372–389. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  7. 7.
    Caspi, P., Curic, A., Maignan, A., Sofronis, C., Tripakis, S., Niebert, P.: From simulink to scade, lustre to TTA: a layered approach for distributed embedded applications. In: ACM Sigplan Notices, vol. 38, pp. 153–162. ACM (2003)Google Scholar
  8. 8.
    Clabaut, M., Ge, N., Breton, N., Jenn, E., Delmas, R., Fonteneau, Y.: Industrial grade model checking - use cases, constraints, tools and applications. In: International Conference on Embedded Real Time Software and Systems (2016)Google Scholar
  9. 9.
    Cuenot, P., Jenn, E., Faure, E., Broueilh, N., Rouland, E.: An experiment on exploiting virtual platforms for the development of embedded equipments. In: International Conference on Embedded Real Time Software and Systems (2016)Google Scholar
  10. 10.
    RTCA DO. 178c. Software considerations in airborne systems and equipment certification (2011)Google Scholar
  11. 11.
    Halbwachs, N., Caspi, P., Raymond, P., Pilaud, D.: The synchronous data flow programming language LUSTRE. Proc. IEEE 79(9), 1305–1320 (1991)CrossRefGoogle Scholar
  12. 12.
    Dransfield, M.R., Marek, V.W., Truszczyński, M.: Satisfiability and computing van der Waerden numbers. In: Giunchiglia, E., Tacchella, A. (eds.) SAT 2003. LNCS, vol. 2919, pp. 1–13. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  13. 13.
    Meseguer, J., Ölveczky, P.C.: Formalization and correctness of the PALS architectural pattern for distributed real-time systems. In: Dong, J.S., Zhu, H. (eds.) ICFEM 2010. LNCS, vol. 6447, pp. 303–320. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  14. 14.
    Roux, P., Jobredeaux, R., Garoche, P.-L.: Closed loop analysis of control command software. In: Proceedings of the 18th International Conference on Hybrid Systems: Computation and Control, pp. 108–117. ACM (2015)Google Scholar
  15. 15.
    Rushby, J.: Integrated formal verification: using model checking with automated abstraction, invariant generation, and theorem proving. In: Dams, D.R., Gerth, R., Leue, S., Massink, M. (eds.) SPIN 1999. LNCS, vol. 1680, p. 1. Springer, Heidelberg (1999)CrossRefGoogle Scholar
  16. 16.
    Sheeran, M., Singh, S., Stålmarck, G.: Checking safety properties using induction and a SAT-solver. In: Johnson, S.D., Hunt, W.A. (eds.) FMCAD 2000. LNCS, vol. 1954, pp. 127–144. Springer, Heidelberg (2000)CrossRefGoogle Scholar

Copyright information

© Springer International Publishing AG 2016

Authors and Affiliations

  • Ning Ge
    • 1
    Email author
  • Eric Jenn
    • 1
  • Nicolas Breton
    • 2
  • Yoann Fonteneau
    • 2
  1. 1.IRT Saint-ExupéryToulouseFrance
  2. 2.SysterelToulouseFrance

Personalised recommendations