Formal Analysis of a Triplex Sensor Voter in an Industrial Context
For several years, Rockwell Collins has been developing and using a verification framework for MATLAB Simulink© and SCADE SuiteTMmodels that can generate input for different proof engines. Recently, we have used this framework to analyze aerospace domain models containing arithmetic computations. In particular, we investigated the properties of a triplex sensor voter, which is a redundancy management unit implemented using linear arithmetic operations as well as conditional expressions (such as saturation). The objective of this analysis was to analyze functional and non-functional properties, but also to parameterize certain parts of the model based on the analysis results of other parts. In this article, we focus on results about the reachable state space of the voter, which prove the bounded-input bounded-output stability of the system, and the absence of arithmetic overflows. We also consider implementations using floating point arithmetic.
KeywordsModel Check Fault Detection Abstract Interpretation Point Arithmetic Industrial Context
Unable to display preview. Download preview PDF.
- 1.Absint Angewandte Informatik GmbH, Astrée product description, http://www.absint.com/astree
- 2.Caspi, P., Pilaud, D., Halbwachs, N., Plaice, J.: Lustre: A declarative language for programming synchronous systems. In: POPL, pp. 178–188 (1987)Google Scholar
- 4.Dierkes, M.: Analysis of a triplex sensor voter at Rockwell Collins France. Oral presentation at the TAPAS workshop without article (2010), http://www.di.ens.fr/tapas2010/TAPAS_Michael_Dierkes.pdf
- 5.Hagen, G., Tinelli, C.: Scaling up the formal verification of lustre programs with smt-based techniques. In: Cimatti, A., Jones, R.B. (eds.) FMCAD, pp. 1–9. IEEE, Los Alamitos (2008)Google Scholar
- 6.Ivancic, F., Ganai, M.K., Sankaranarayanan, S., Gupta, A.: Numerical stability analysis of floating-point computations using software model checking. In: MEMOCODE, pp. 49–58. IEEE Computer Society, Los Alamitos (2010)Google Scholar
- 9.Prover Technology, Prover plug-in product description, http://www.prover.com
- 10.The Mathworks, Simulink product description, http://www.mathworks.com