Formal Analysis of a Triplex Sensor Voter in an Industrial Context

  • Michael Dierkes
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 6959)

Abstract

For several years, Rockwell Collins has been developing and using a verification framework for MATLAB Simulink© and SCADE SuiteTMmodels that can generate input for different proof engines. Recently, we have used this framework to analyze aerospace domain models containing arithmetic computations. In particular, we investigated the properties of a triplex sensor voter, which is a redundancy management unit implemented using linear arithmetic operations as well as conditional expressions (such as saturation). The objective of this analysis was to analyze functional and non-functional properties, but also to parameterize certain parts of the model based on the analysis results of other parts. In this article, we focus on results about the reachable state space of the voter, which prove the bounded-input bounded-output stability of the system, and the absence of arithmetic overflows. We also consider implementations using floating point arithmetic.

Keywords

Model Check Fault Detection Abstract Interpretation Point Arithmetic Industrial Context 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
This is a preview of subscription content, log in to check access.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Absint Angewandte Informatik GmbH, Astrée product description, http://www.absint.com/astree
  2. 2.
    Caspi, P., Pilaud, D., Halbwachs, N., Plaice, J.: Lustre: A declarative language for programming synchronous systems. In: POPL, pp. 178–188 (1987)Google Scholar
  3. 3.
    Dajani-Brown, S., Cofer, D.D., Hartmann, G., Pratt, S.: Formal modeling and analysis of an avionics triplex sensor voter. In: Ball, T., Rajamani, S.K. (eds.) SPIN 2003. LNCS, vol. 2648, pp. 34–48. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  4. 4.
    Dierkes, M.: Analysis of a triplex sensor voter at Rockwell Collins France. Oral presentation at the TAPAS workshop without article (2010), http://www.di.ens.fr/tapas2010/TAPAS_Michael_Dierkes.pdf
  5. 5.
    Hagen, G., Tinelli, C.: Scaling up the formal verification of lustre programs with smt-based techniques. In: Cimatti, A., Jones, R.B. (eds.) FMCAD, pp. 1–9. IEEE, Los Alamitos (2008)Google Scholar
  6. 6.
    Ivancic, F., Ganai, M.K., Sankaranarayanan, S., Gupta, A.: Numerical stability analysis of floating-point computations using software model checking. In: MEMOCODE, pp. 49–58. IEEE Computer Society, Los Alamitos (2010)Google Scholar
  7. 7.
    Miller, S.P., Whalen, M.W., Cofer, D.D.: Software model checking takes off. Commun. ACM 53(2), 58–64 (2010)CrossRefGoogle Scholar
  8. 8.
    Osder, S.: Practical view of redundancy management application and theory. Journal of Guidance Control and Dynamics 22(1), 12–21 (1999)CrossRefGoogle Scholar
  9. 9.
    Prover Technology, Prover plug-in product description, http://www.prover.com
  10. 10.
    The Mathworks, Simulink product description, http://www.mathworks.com

Copyright information

© Springer-Verlag Berlin Heidelberg 2011

Authors and Affiliations

  • Michael Dierkes
    • 1
  1. 1.Rockwell Collins FranceBlagnacFrance

Personalised recommendations