Formal Analysis of the Operational Concept for the Small Aircraft Transportation System

  • César Muñoz
  • Víctor Carreño
  • Gilles Dowek
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4157)


The Small Aircraft Transportation System (SATS) is a NASA project aimed at increasing access to small non-towered non-radar airports in the US. SATS is a radical new approach to air traffic management where pilots flying instrument flight rules are responsible for separation without air traffic control services. In this paper, the SATS project serves as a case study of an operational air traffic concept that has been designed and analyzed primarily using formal techniques. The SATS concept of operations is modeled using non-deterministic, asynchronous transition systems, which are then formally analyzed using state exploration techniques. The objective of the analysis is to show, in a mathematical framework, that the concept of operation complies with a set of safety requirements such as absence of dead-locks, maintaining aircraft separation, and robustness with respect to the occurrence of off-nominal events. The models also serve as design tools. Indeed, they were used to configure the nominal flight procedures and the geometry of the SATS airspace.


Model Checker Discrete Model Safety Property Reachable State Nominal Operation 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Abbott, T., Jones, K., Consiglio, M., Williams, D., Adams, C.: Small Aircraft Transportation System, High Volume Operation concept: Normal operations. Technical Report NASA/TM-2004-213022, NASA Langley Research Center, NASA LaRC Hampton VA 23681-2199, USA (2004)Google Scholar
  2. 2.
    Baxley, B., Williams, D., Consiglio, M., Adams, C., Abbott, T.: The Small Aircraft Transportation System (SATS), Higher Volume Operations (HVO) off-nominal operations. In: Proceedings of the AIAA 5th Aviation, Technology, Integration, and Operations Conference, AIAA-2005-7461, Arlington, Virginia (2005)Google Scholar
  3. 3.
    Chan, W., Anderson, R., Beame, P., Burns, S., Modugno, F., Notkin, D., Reese, J.: Model checking large software specifications. IEEE Transactions on Software Engineering 24(7), 498–520 (1998)CrossRefGoogle Scholar
  4. 4.
    Consiglio, M., Carreño, V., Williams, D., Muñoz, C.: Conflict prevention and separation assurance method in the Small Aircraft Transportation System. In: Proceedings of the AIAA 5th Aviation, Technology, Integration, and Operations Conference, AIAA-2005-7463, Arlington, Virginia (2005)Google Scholar
  5. 5.
    Dowek, G., Muñoz, C., Carreño, V.: Abstract model of the SATS concept of operations: Initial results and recommendations. Technical Report NASA/TM-2004-213006, NASA Langley Research Center, NASA LaRC,Hampton VA 23681-2199, USA (2004)Google Scholar
  6. 6.
    Henzinger, T., Ho, P.-H., Wong-Toi, H.: HyTech: A model checker for hybrid systems. Software Tools for Technology Transfer 1, 110–122 (1997)MATHCrossRefGoogle Scholar
  7. 7.
    Leveson, N., Heimdahl, M., Hildreth, H., Reese, J.: Requirements specification for process-control systems. IEEE Transactions on Software Engineering 20(9), 684–707 (1994)CrossRefGoogle Scholar
  8. 8.
    Maddalon, J., Butler, R., Geser, A., Muñoz, C.: Formal verification of a conflict resolution and recovery algorithm. Technical Report NASA/TP-2004-213015, NASA Langley Research Center, NASA LaRC,Hampton VA 23681-2199, USA (April 2004)Google Scholar
  9. 9.
    Massink, M., De Francesco, N.: Modelling free flight with collision avoidance. In: Proceedings 7th IEEE International Conference on Engineering of Complex Computer Systems, pp. 270–280 (2001)Google Scholar
  10. 10.
    Muñoz, C., Carreño, V., Dowek, G., Butler, R.W.: Formal verification of conflict detection algorithms. International Journal on Software Tools for Technology Transfer 4(3), 371–380 (2003)CrossRefGoogle Scholar
  11. 11.
    Muñoz, C., Dowek, G., Carreño, V.: Modeling and verification of an air traffic concept of operations. Software Engineering Notes 29(4), 175–182 (2004)CrossRefGoogle Scholar
  12. 12.
    Owre, S., Rushby, J.M., Shankar, N.: PVS: A prototype verification system. In: Kapur, D. (ed.) CADE 1992. LNCS, vol. 607, pp. 748–752. Springer, Heidelberg (1992)Google Scholar
  13. 13.
    Siminiceanu, R., Ciardo, G.: Formal verification of the NASA runway safety monitor. Electronic Notes Theoretical Computer Science 128(6), 179–194 (2005)CrossRefGoogle Scholar
  14. 14.
    Yates, R., Andrews, J., Gray, P.: Practical experience applying formal methods to air traffic management software. In: Proceedings of the 8th Annual International Symposium of the International Council on Systems Engineering, Vancouver, Canada (1998)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • César Muñoz
    • 1
  • Víctor Carreño
    • 2
  • Gilles Dowek
    • 3
  1. 1.National Institute of AerospaceHamptonUSA
  2. 2.NASA Langley Research CenterHamptonUSA
  3. 3.École polytechniquePalaiseauFrance

Personalised recommendations