Formal Design and Safety Analysis of AIR6110 Wheel Brake System

  • M. Bozzano
  • A. Cimatti
  • A. Fernandes PiresEmail author
  • D. Jones
  • G. Kimberly
  • T. Petri
  • R. RobinsonEmail author
  • S. Tonetta
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9206)


SAE Aerospace Information Report 6110, “Contiguous Aircraft/System Development Process Example,” follows the development of a complex wheel brake system (WBS) using processes in the industry standards Arp4754A, “Guidelines for Development of Civil Aircraft and Systems,” and Arp4761, “Guidelines and Methods for Conducting the Safety Assessment Process on Civil Airborne Systems and Equipment.”

Air6110 employs informal methods to examine several WBS architectures which meet the same requirements with different degrees of reliability.

In this case study, we analyze the Air6110 with formal methods. First, WBS architectures in Air6110 formerly using informal steps are recreated in a formal manner. Second, methods to automatically analyze and compare the behaviors of various architectures with additional, complementary information not included in the Air6110 are presented. Third, we provide an assessment of distinct formal methods ranging from contract-based design, to model checking, to model based safety analysis.


Aerospace recommended practices Case study Model checking Safety analysis Fault tree Contract-based design 


  1. 1.
    Bittner, B., Bozzano, M., Cavada, R., Cimatti, A., Gario, M., Griggio, A., Mattarei, C., Micheli, A., Zampedri, G.: The xSAP Safety Analysis Platform. ArXiv e-prints (2015)Google Scholar
  2. 2.
    Bozzano, M., Cimatti, A., Fernandes Pires, A., Jones, D., Kimberly, G., Petri, T., Robinson, R., Tonetta, S.: AIR6110 Wheel Brake System case study.
  3. 3.
    Bozzano, M., Cimatti, A., Mattarei, C., Tonetta, S.: Formal safety assessment via contract-based design. In: Cassez, F., Raskin, J.-F. (eds.) ATVA 2014. LNCS, vol. 8837, pp. 81–97. Springer, Heidelberg (2014) Google Scholar
  4. 4.
    Bozzano, M., Villafiorita, A.: Design and Safety Assessment of Critical Systems. CRC Press (Taylor and Francis), Boca Raton (2010). An Auerbach Book CrossRefGoogle Scholar
  5. 5.
    Bradley, A.R.: SAT-based model checking without unrolling. In: Jhala, R., Schmidt, D. (eds.) VMCAI 2011. LNCS, vol. 6538, pp. 70–87. Springer, Heidelberg (2011) CrossRefGoogle Scholar
  6. 6.
    Cavada, R., Cimatti, A., Dorigatti, M., Griggio, A., Mariotti, A., Micheli, A., Mover, S., Roveri, M., Tonetta, S.: The nuXmv symbolic model checker. In: Biere, A., Bloem, R. (eds.) CAV 2014. LNCS, vol. 8559, pp. 334–342. Springer, Heidelberg (2014) Google Scholar
  7. 7.
    Cimatti, A., Dorigatti, M., Tonetta, S.: OCRA: a tool for checking the refinement of temporal contracts. In: 28th IEEE/ACM International Conference on Automated Software Engineering (ASE), pp. 702–705 (2013)Google Scholar
  8. 8.
    Cimatti, A., Roveri, M., Tonetta, S.: Requirements validation for hybrid systems. In: Bouajjani, A., Maler, O. (eds.) CAV 2009. LNCS, vol. 5643, pp. 188–203. Springer, Heidelberg (2009) CrossRefGoogle Scholar
  9. 9.
    Cimatti, A., Tonetta, S.: A property-based proof system for contract-based design. In: 38th Euromicro Conference on Software Engineering and Advanced Applications (SEAA), pp. 21–28 (2012)Google Scholar
  10. 10.
    Cimatti, A., Tonetta, S.: Contracts-refinement proof system for component-based embedded systems. Sci. Comput. Program. 97, 333–348 (2014)CrossRefGoogle Scholar
  11. 11.
    Damm, W., Hungar, H., Josko, B., Peikenkamp, T., Stierand, I.: Using contract-based component specifications for virtual integration testing and architecture design. In: Design, Automation and Test in Europe (DATE), pp. 1023–1028 (2011)Google Scholar
  12. 12.
    ESACS: The ESACS Project. Accessed 20 May 2015
  13. 13.
  14. 14.
  15. 15.
  16. 16.
    FBK: nuXmv: a new eXtended model verifier.
  17. 17.
    FBK: OCRA: A tool for Contract-Based Analysis.
  18. 18.
    FBK: xSAP: eXtended Safety Analysis Platform.
  19. 19.
    ISAAC: The ISAAC Project. Accessed 20 May 2015
  20. 20.
    Joshi, A., Heimdahl, M.P.E.: Model-based safety analysis of simulink models using SCADE design verifier. In: Winther, R., Gran, B.A., Dahll, G. (eds.) SAFECOMP 2005. LNCS, vol. 3688, pp. 122–135. Springer, Heidelberg (2005) CrossRefGoogle Scholar
  21. 21.
    Joshi, A., Whalen, M., Heimdahl, M.: Model-based safety analysis final report. Technical Report, NASA/CR-2006-213953, NASA (2006)Google Scholar
  22. 22.
    MISSA: The MISSA Project. Accessed 20 May 2015
  23. 23.
    SAE: ARP4761: Guidelines and Methods for Conducting the Safety Assessment Process on Civil Airborne Systems and Equipment (1996)Google Scholar
  24. 24.
    SAE: ARP4754A: Guidelines for Development of Civil Aircraft and Systems (2010)Google Scholar
  25. 25.
    SAE: AIR6110: Contiguous Aircraft/System Development Process Example (2011)Google Scholar
  26. 26.
    Vesely, W., Stamatelatos, M., Dugan, J., Fragola, J., Minarick III, J., Railsback, J.: Fault tree handbook with aerospace applications. Technical report, NASA (2002)Google Scholar

Copyright information

© Springer International Publishing Switzerland 2015

Authors and Affiliations

  • M. Bozzano
    • 1
  • A. Cimatti
    • 1
  • A. Fernandes Pires
    • 1
    Email author
  • D. Jones
    • 2
  • G. Kimberly
    • 2
  • T. Petri
    • 2
  • R. Robinson
    • 2
    Email author
  • S. Tonetta
    • 1
  1. 1.Fondazione Bruno KesslerTrentoItaly
  2. 2.The Boeing CompanySeattleUSA

Personalised recommendations