Advertisement

Developing Mode-Rich Satellite Software by Refinement in Event B

  • Alexei Iliasov
  • Elena Troubitsyna
  • Linas Laibinis
  • Alexander Romanovsky
  • Kimmo Varpaaniemi
  • Dubravka Ilic
  • Timo Latvala
Part of the Lecture Notes in Computer Science book series (LNCS, volume 6371)

Abstract

To ensure dependability of on-board satellite systems, the designers should, in particular, guarantee correct implementation of the mode transition scheme, i.e., ensure that the states of the system components are consistent with the global system mode. However, there is still a lack of scalable approaches to formal verification of correctness of complex mode transitions. In this paper we present a formal development of an Attitude and Orbit Control System (AOCS) undertaken within the ICT DEPLOY project. AOCS is a complex mode-rich system, which has an intricate mode-transition scheme. We show that refinement in Event B provides the engineers with a scalable formal technique that enables both development of mode-rich systems and proof-based verification of their mode consistency.

Keywords

Model Check Mode Logic Unit Manager Mode Transition Proof Obligation 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Abrial, J.-R.: The B-Book. Cambridge University Press, Cambridge (1996)CrossRefzbMATHGoogle Scholar
  2. 2.
    Abrial, J.-R.: Modelling in Event-B. Cambridge University Press, Cambridge (2010)CrossRefzbMATHGoogle Scholar
  3. 3.
    Back, R., Sere, K.: Superposition refinement of reactive systems. Formal Aspects of Computing 8(3), 1–23 (1996)CrossRefzbMATHGoogle Scholar
  4. 4.
    Buth, B.: Analysing mode confusion: An approach using fdr2. In: Heisel, M., Liggesmeyer, P., Wittmann, S. (eds.) SAFECOMP 2004. LNCS, vol. 3219, pp. 101–114. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  5. 5.
    Butler, R.W.: An introduction to requirements capture using PVS: Specification of a simple autopilot. Technical report, NASA TM-110255 (May 1996)Google Scholar
  6. 6.
    DEPLOY Deliverable D20 – Report on Pilot Deployment in the Space Sector. FP7 ICT DEPLOY Project (January 2010), http://www.deploy-project.eu/
  7. 7.
    Dotti, F., Iliasov, A., Ribeiro, L., Romanovsky, A.: Modal Systems: Specification, Refinement and Realisation. In: Breitman, K., Cavalcanti, A. (eds.) ICFEM 2009. LNCS, vol. 5885, pp. 601–619. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  8. 8.
    European Cooperation for Space Standardization. Software general requirements ECSS-E-ST-40C (2009)Google Scholar
  9. 9.
    Heimdahl, M., Leveson, N.: Completeness and Consistency in Hierarchical State-Based Requirements. IEEE Transactions on Software Engineering 22(6), 363–377 (1996)CrossRefGoogle Scholar
  10. 10.
    Iliasov, A., Laibinis, L., Troubitsyna, E.: An Event-B model of the Attitude and Orbit Control System, DEPLOY Publication Repository (2010), http://deploy-eprints.ecs.soton.ac.uk/
  11. 11.
    Iliasov, A., Troubitsyna, E., Laibinis, L., Romanovsky, A., Varpaaniemi, K., Ilic, D., Latvala, T.: Supporting Reuse in Event B Development: Modularisation Approach. In: Frappier, M., Glässer, U., Khurshid, S., Laleau, R., Reeves, S. (eds.) ABZ 2010. LNCS, vol. 5977, pp. 174–188. Springer, Heidelberg (2010)Google Scholar
  12. 12.
    Iliasov, A., Troubitsyna, E., Laibinis, L., Romanovsky, A., Varpaaniemi, K., Väisänen, P., Ilic, D., Latvala, T.: Verifying Mode Consistency for On-Board Satellite Software. In: SAFECOMP 2010, LNCS. Springer, Heidelberg (2010)Google Scholar
  13. 13.
    Industrial deployment of system engineering methods providing high dependability and productivity (DEPLOY). IST FP7 project, http://www.deploy-project.eu/
  14. 14.
    Leveson, N., Pinnel, L.D., Sandys, S.D., Koga, S., Reese, J.D.: Analyzing Software Specifications for Mode Confusion Potential. In: Johnson, C.W. (ed.) Proceedings of Workshop on Human Error and System Development, Glasgow, Scotland, pp. 132–146 (March 1997)Google Scholar
  15. 15.
    Lopatkin, I., Iliasov, A., Romanovsky, A.: On fault tolerance reuse during refinement. In: Proc. of 2nd International Workshop on Software Engineering for Resilient Systems (April 2010)Google Scholar
  16. 16.
    Rigorous Open Development Environment for Complex Systems (RODIN). Deliverable D7, Event B Language, http://rodin.cs.ncl.ac.uk/
  17. 17.
    RODIN modularisation plug-in. Documentation, http://wiki.event-b.org/index.php/Modularisation_Plug-in
  18. 18.
    Rugina, A.E., Blanquart, J.P., Soumagne, R.: Validating failure detection isolation and recovery strategies using timed automata. In: Proc. of 12th European Workshop on Dependable Computing, EWDC 2009, Toulouse (2009)Google Scholar
  19. 19.
    Rushby, J.: Using model checking to help discover mode confusion and other automation suprises. In: Reliability Engineering and System Safety, vol. 75, pp. 167–177 (2002)Google Scholar
  20. 20.
  21. 21.
    Varpaaniemi, K.: Event-B Project DepSatSpec015Model000. DEPLOY Publication Repository (January 2010), http://deploy-eprints.ecs.soton.ac.uk/168

Copyright information

© Springer-Verlag Berlin Heidelberg 2010

Authors and Affiliations

  • Alexei Iliasov
    • 1
  • Elena Troubitsyna
    • 2
  • Linas Laibinis
    • 2
  • Alexander Romanovsky
    • 1
  • Kimmo Varpaaniemi
    • 3
  • Dubravka Ilic
    • 3
  • Timo Latvala
    • 3
  1. 1.Newcastle UniversityUK
  2. 2.Åbo Akademi UniversityFinland
  3. 3.Space SystemsFinland

Personalised recommendations