Advertisement

A Formally Verified Floating-Point Implementation of the Compact Position Reporting Algorithm

  • Laura Titolo
  • Mariano M. Moscato
  • César A. Muñoz
  • Aaron Dutle
  • François Bobot
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10951)

Abstract

The Automatic Dependent Surveillance-Broadcast (ADS-B) system allows aircraft to communicate their current state, including position and velocity information, to other aircraft in their vicinity and to ground stations. The Compact Position Reporting (CPR) algorithm is the ADS-B module responsible for the encoding and decoding of aircraft positions. CPR is highly sensitive to computer arithmetic since it heavily relies on functions that are intrinsically unstable such as floor and modulo. In this paper, a formally-verified double-precision floating-point implementation of the CPR algorithm is presented. The verification proceeds in three steps. First, an alternative version of CPR, which reduces the floating-point rounding error is proposed. Then, the Prototype Verification System (PVS) is used to formally prove that the ideal real-number counterpart of the improved algorithm is mathematically equivalent to the standard CPR definition. Finally, the static analyzer Frama-C is used to verify that the double-precision implementation of the improved algorithm is correct with respect to its operational requirement. The alternative algorithm is currently being considered for inclusion in the revised version of the ADS-B standards document as the reference implementation of the CPR algorithm.

References

  1. 1.
    Barrett, C., Tinelli, C.: CVC3. In: Damm, W., Hermanns, H. (eds.) CAV 2007. LNCS, vol. 4590, pp. 298–302. Springer, Heidelberg (2007).  https://doi.org/10.1007/978-3-540-73368-3_34CrossRefGoogle Scholar
  2. 2.
    Baudin, P., Cuoq, P., Filliâtre, J.C., Marché, C., Monate, B., Moy, Y., Prevosto, V.: ACSL: ANSI/ISO C Specification Language, version 1.12 (2016)Google Scholar
  3. 3.
    Bertot, Y., Castéran, P.: Interactive Theorem Proving and Program Development - Coq’Art: The Calculus of Inductive Constructions. Texts in Theoretical Computer Science. An EATCS Series. Springer, Heidelberg (2004).  https://doi.org/10.1007/978-3-662-07964-5CrossRefzbMATHGoogle Scholar
  4. 4.
    Bertrane, J., Cousot, P., Cousot, R., Feret, J., Mauborgne, L., Miné, A., Rival, X.: Static analysis and verification of aerospace software by abstract interpretation. Found. Trends Program. Lang. 2(2–3), 71–190 (2015)CrossRefGoogle Scholar
  5. 5.
    Bobot, F., Filliâtre, J.C., Marché, C., Paskevich, A.: Let’s verify this with Why3. Int. J. Softw. Tools Technol. Transfer 17(6), 709–727 (2015)CrossRefGoogle Scholar
  6. 6.
    Boldo, S., Clément, F., Filliâtre, J.C., Mayero, M., Melquiond, G., Weis, P.: Wave equation numerical resolution: a comprehensive mechanized proof of a C program. J. Autom. Reasoning 50(4), 423–456 (2013)MathSciNetCrossRefGoogle Scholar
  7. 7.
    Boldo, S., Filliâtre, J.C.: Formal verification of floating-point programs. In: Proceedings of ARITH18 2007, pp. 187–194. IEEE Computer Society (2007)Google Scholar
  8. 8.
    Boldo, S., Marché, C.: Formal verification of numerical programs: from C annotated programs to mechanical proofs. Math. Comput. Sci. 5(4), 377–393 (2011)CrossRefGoogle Scholar
  9. 9.
    Bouissou, O., Conquet, E., Cousot, P., Cousot, R., Feret, J., Goubault, E., Ghorbal, K., Lesens, D., Mauborgne, L., Miné, A., Putot, S., Rival, X., Turin, M.: Space software validation using abstract interpretation. In: Proceedings of the International Space System Engineering Conference, Data Systems in Aerospace (DASIA 2009), pp. 1–7. ESA publications (2009)Google Scholar
  10. 10.
    Chen, L., Miné, A., Cousot, P.: A sound floating-point polyhedra abstract domain. In: Ramalingam, G. (ed.) APLAS 2008. LNCS, vol. 5356, pp. 3–18. Springer, Heidelberg (2008).  https://doi.org/10.1007/978-3-540-89330-1_2CrossRefGoogle Scholar
  11. 11.
    Code of Federal Regulations: Automatic Dependent Surveillance-Broadcast (ADS-B) Out, 91 c.f.r., section 225 (2015)Google Scholar
  12. 12.
    Conchon, S., Contejean, E., Kanig, J., Lescuyer, S.: CC(X): semantic combination of congruence closure with solvable theories. Electron. Notes Theor. Comput. Sci. 198(2), 51–69 (2008)MathSciNetCrossRefGoogle Scholar
  13. 13.
    Cousot, P., Cousot, R., Feret, J., Mauborgne, L., Miné, A., Monniaux, D., Rival, X.: The ASTREÉ analyzer. In: Sagiv, M. (ed.) ESOP 2005. LNCS, vol. 3444, pp. 21–30. Springer, Heidelberg (2005).  https://doi.org/10.1007/978-3-540-31987-0_3CrossRefzbMATHGoogle Scholar
  14. 14.
    Delmas, D., Souyris, J.: Astrée: from research to industry. In: Nielson, H.R., Filé, G. (eds.) SAS 2007. LNCS, vol. 4634, pp. 437–451. Springer, Heidelberg (2007).  https://doi.org/10.1007/978-3-540-74061-2_27CrossRefGoogle Scholar
  15. 15.
    de Dinechin, F., Lauter, C., Melquiond, G.: Certifying the floating-point implementation of an elementary function using Gappa. IEEE Trans. Comput. 60(2), 242–253 (2011)MathSciNetCrossRefGoogle Scholar
  16. 16.
    Dutle, A., Moscato, M., Titolo, L., Muñoz, C.: A formal analysis of the compact position reporting algorithm. In: Paskevich, A., Wies, T. (eds.) VSTTE 2017. LNCS, vol. 10712, pp. 19–34. Springer, Cham (2017).  https://doi.org/10.1007/978-3-319-72308-2_2CrossRefGoogle Scholar
  17. 17.
    European Commission: Commission Implementing Regulation (EU) 2017/386 of 6 March 2017 amending Implementing Regulation (EU) No 1207/2011, C/2017/1426 (2017)Google Scholar
  18. 18.
    Filliâtre, J.-C., Marché, C.: Multi-prover verification of C programs. In: Davies, J., Schulte, W., Barnett, M. (eds.) ICFEM 2004. LNCS, vol. 3308, pp. 15–29. Springer, Heidelberg (2004).  https://doi.org/10.1007/978-3-540-30482-1_10CrossRefGoogle Scholar
  19. 19.
    Goodloe, A.E., Muñoz, C., Kirchner, F., Correnson, L.: Verification of numerical programs: from real numbers to floating point numbers. In: Brat, G., Rungta, N., Venet, A. (eds.) NFM 2013. LNCS, vol. 7871, pp. 441–446. Springer, Heidelberg (2013).  https://doi.org/10.1007/978-3-642-38088-4_31CrossRefGoogle Scholar
  20. 20.
    Goubault, E., Putot, S.: Static analysis of numerical algorithms. In: Yi, K. (ed.) SAS 2006. LNCS, vol. 4134, pp. 18–34. Springer, Heidelberg (2006).  https://doi.org/10.1007/11823230_3CrossRefzbMATHGoogle Scholar
  21. 21.
    Kirchner, F., Kosmatov, N., Prevosto, V., Signoles, J., Yakobowski, B.: Frama-C: a software analysis perspective. Formal Aspects Comput. 27(3), 573–609 (2015)MathSciNetCrossRefGoogle Scholar
  22. 22.
    Marché, C.: Verification of the functional behavior of a floating-point program: an industrial case study. Sci. Comput. Program. 96, 279–296 (2014)CrossRefGoogle Scholar
  23. 23.
    Marché, C., Moy, Y.: The Jessie Plugin for Deductive Verification in Frama-C (2017)Google Scholar
  24. 24.
    Miné, A.: Relational abstract domains for the detection of floating-point run-time errors. In: Schmidt, D. (ed.) ESOP 2004. LNCS, vol. 2986, pp. 3–17. Springer, Heidelberg (2004).  https://doi.org/10.1007/978-3-540-24725-8_2CrossRefGoogle Scholar
  25. 25.
    de Moura, L., Bjørner, N.: Z3: an efficient SMT solver. In: Ramakrishnan, C.R., Rehof, J. (eds.) TACAS 2008. LNCS, vol. 4963, pp. 337–340. Springer, Heidelberg (2008).  https://doi.org/10.1007/978-3-540-78800-3_24CrossRefGoogle Scholar
  26. 26.
    Owre, S., Rushby, J.M., Shankar, N.: PVS: a prototype verification system. In: Kapur, D. (ed.) CADE 1992. LNCS, vol. 607, pp. 748–752. Springer, Heidelberg (1992).  https://doi.org/10.1007/3-540-55602-8_217CrossRefGoogle Scholar
  27. 27.
    RTCA SC-186: Minimum Operational Performance Standards for 1090 MHz extended squitter Automatic Dependent Surveillance - Broadcast (ADS-B) and Traffic Information Services - Broadcast (TIS-B) (2009)Google Scholar

Copyright information

© U.S. Government, as represented by the Administrator of the National Aeronautics and Space Administration. No copyright is claimed in the United States under Title 17, U.S. Code. All Other Rights Reserved. 2018

Authors and Affiliations

  1. 1.National Institute of AerospaceHamptonUSA
  2. 2.NASAHamptonUSA
  3. 3.CEA LIST, Software Security LabGif-sur-YvetteFrance

Personalised recommendations