Li Zhen,Liu Bin,Xiang Jianjun,Ma Ning,Li Haifeng

2009-01-01

Abstract:There have been many air crashes that caused huge losses of life and property. Safety is a key factor of large aircraft and DO-178B is the facto standard in this field. Correct requirement is critical to the software system safety. Formal methods have been widely accepted with its dependability and efficiency in software safety engineering. It's a very meaningful work to integrate the formal methods into the practical safety requirement verification. This paper presents an architecture and process to the formal verification of software safety requirement. In practice, we implement the verification in four aspects. Finally, a verification example of navigation software safety requirement is illustrated to express the effective result of our research.

Ji Wu,Tao Yue,Shaukat Ali,Huihui Zhang

DOI: https://doi.org/10.1002/spe.2281

2014-01-01

Software Practice and Experience

Abstract:SummaryEnsuring that avionics software meets safety requirements at each development stage is very important to warrant the safe operation of an avionics system. Many safety requirements are imposed by various standards and industrial regulations that must be met by avionics software. One of such standards is DO‐178B/C, which provides guidelines (e.g., development process and objectives to satisfy in development activities) for meeting safety requirements. This paper presents a modeling methodology including a UML profile for specifying safety requirements on a component‐based architecture model and a set of design guidelines on avionics software. These safety requirements were identified from both standards (mainly DO‐178B/C) and current engineering practices in the domain of avionics systems. The methodology automatically enforces these safety requirements. We have applied the methodology on an industrial autopilot system, and several previously uncaught faults were revealed. Copyright © 2014 John Wiley & Sons, Ltd.

CHEN Feng,LI Weihua,CHEN Hao,L(U) Zheng

2011-01-01

Abstract:In order to improve the analysis and design of software safety,on the basis of current researches on safety model and verification technology,a modeling and checking method is proposed for object-oriented software safety.Establishing non-formal UML models of software safety,safety extended deterministic finite automata and linear temporal logic are used to create the formal models and describe the safety properties separately.Through a model checker,we get the verification result.This approach realizes the combination of software safety model and verification technology.Experimental results show that the method can analyze and verify the safety properties effectively in the early stage of software design.

Huiyu Liu,Jing Liu,Wei Yin,Haiying Sun,Chenchen Yang

DOI: https://doi.org/10.1109/qrs57517.2022.00047

2022-01-01

Abstract:Establishing formal modeling and verification methods for requirements has become the key to enhancing avionics software’s safety and development efficiency. As the mainstream modeling language used in Model-Based Software Engineering (MBSE), SysML is often applied to software requirements specifications. However, due to the lack of systematic and rigorous semantic definitions, SysML can cause problems in terms of accuracy and consistency in system development, threatening the correctness of safety-critical avionics software. To address the problem, this paper defines Safety SysML State Machine, an extended SysML state machine for safety control functions. Stepwise, the authors illustrate the formal specification and the refinement rules of the Safety SysML State Machine to construct the avionics integration model. Furthermore, a tool is implemented integrating the modeling and verification of the Safety SysML State Machine. Our contribution has a profound potential to broaden the use of MBSE and its well-known advantages in safety-critical applications. A specific case study on the aircraft roll angle control system demonstrates the effectiveness of our approach and the tool.

Xiaoyan Du,Chenglie Du,Jinchao Chen,Yifan Liu,Pengcheng Han

DOI: https://doi.org/10.1109/imcec46724.2019.8983850

2019-01-01

Abstract:Avionics systems have to integrate and to manipulate numerous sensors, actuators and controllers while maintaining high quality of safety and reliability. Traditional chimney development method, which has shortages in the ability and efficiency, cannot be able to meet the increasing requirements of large scale avionics systems applications. In order to solve these problems, this paper proposes a FACE-based simulation and verification approach for avionics systems. First, by analysing the FACE standard, a FACE-based framework of avionics systems is designed to develop and deploy applications on different platforms. Then, based on the proposed framework, a simulation and verification approach for avionics systems designed by adopting the component packaging technology. Finally, the simulation and verification platform is established by integrating the component applications, exciter applications and display processing units in the avionics systems. Experimental results show that this approach not only guarantees the correctness and reliability of software applications, but also increases the flexibility, scalability and the cross-platform capability of avionics systems.

Xiaoyan Du,Chenglie Du,Jinchao Chen,Mei Yang,Wenquan Yu

DOI: https://doi.org/10.3390/app122211533

2022-01-01

Applied Sciences

Abstract:Avionics systems, which determine the performance, stability, and safety of aircraft, are a crucial part of aircraft. With the rapid development of the aviation industry, there are many serious problems in the process of the traditional simulation and verification of avionics systems, especially in the aspects of poor reusability of the hardware and software, poor real-time data interaction, and the high cost of development. In order to solve these problems, a simulation and verification platform for avionics systems based on the Future Airborne Capability Environment (FACE) architecture has been designed by using component and memory database technology. First, a general architecture is designed by referencing the FACE architecture, which allows flexible access to software and hardware resources of avionics systems. Second, the key technologies involved in the platform are described in detail, including scheduling management, communication management, and configuration management, which provide technical support for the simulation and verification of avionics systems. Finally, the simulation and verification environment of avionics systems is established, which realizes data interaction and management of various models, and improves the efficiency of the development and implementation of avionics systems.

YIN Wei,WANG Hui,SUN Haiying,DING Guohuan,KANG Jiexiang,LIU Jing

DOI: https://doi.org/10.16615/j.cnki.1674-8190.2023.04.19

2023-01-01

Abstract:The high integration of the civil aircraft avionics systems will lead to an exponential rise in the size of airborne safety-critical software, and cause the numerous and inconsistent sources of its requirements, the transfer of requirements at each level of the avionics system software has duality and other problems. Therefore, how to ensure the consistency of the avionics software has become one of the core issues to be solved during the development of the system. On the basis of the syntax of Safety_SysML state machine, the Safety_SysML consistency verifier is designed, including static data detection and dynamic data detection. The test cases are designed for unit and integration test of the core algorithm and system. Based on the error inference and boundaries, the functional tests are designed and executed to find the defects in the verifier. The results show that the Safety_SysML consistency verifier can effectively identify the problem of duality in avionics system software, and is of significant importance for improving the reliability of the avionics software.

Ji Wu,Tao Yue,Shaukat Ali,Huihui Zhang

DOI: https://doi.org/10.1109/QSIC.2013.41

2013-01-01

Abstract:Ensuring that avionics software meets safety requirements at each development stage is very important to warrant the safe operation of an avionics system. Many safety requirements are imposed by various standards and industrial regulations that must be met by avionics software. One of such standards is DO-178B/C, which provides guidelines (e.g. development process and the objectives to satisfy in development activities) for meeting the safety requirements. This paper presents a modeling methodology including a UML profile for specifying safety requirements on a component-based architecture model and a set of design guidelines on avionics software. These safety requirements were identified from both standards (mainly DO-178B/C) and current engineering practices in the domain of avionics system. The methodology enforces safety requirements automatically. We have applied the methodology on an industrial autopilot system and several previously uncaught faults were revealed.

Yongfeng Yin,Bin Liu,Duo Su

DOI: https://doi.org/10.4304/jcp.5.8.1152-1159

2010-01-01

Journal of Computers

Abstract:As an important part of airborne avionics system, aircraft safety critical software (ASCS) plays an essential role to the safety of the aircraft, and to ensure its quality and reliability is one of the key problems we are facing. Formal methods have become important means for modeling and verifying safety critical software. In this paper, formal method is introduced into the ASCS verification field and the real-time extended finite state machine model (RT-EFSM) is studied, which includes the detailed real-time extension schemes and its validation methods. The verification process of ASCS based on RT-EFSM is also proposed. Furthermore, combined with the verification of an aircraft inertial/satellite navigation systems, a timed unique input/output sequence (t_UIO) is presented and the automatic generation algorithm of sub-transfer sequences based on t_UIO is given. Finally, the test adequacy criteria are discussed and a time condition coverage criterion is proposed. The actual engineering project application shows that the method proposed in this paper is of great value for the ASCS, which can be generally and effectively used in engineering.

Zongyu Cao,Wanyou Lv,Yanhong Huang,Jianqi Shi,Qin Li

DOI: https://doi.org/10.3390/electronics9020327

IF: 2.9

2020-01-01

Electronics

Abstract:With rapid technological advances in airborne control systems, it has become imperative to ensure the reliability, robustness, and adaptability of airborne software since failure of these software could result in catastrophic loss of property and life. DO-333 is a supplement to the DO-178C standard, which is dedicated to guiding the application of formal methods in the review and analysis of airborne software development processes. However, DO-333 lacks theoretical guidance on how to choose appropriate formal methods and tools to achieve verification objectives at each stage of the verification process, thereby limiting their practical application. This paper is intended to illustrate the formal methods and tools available in the verification process to lay down a general guide for the formal development and verification of airborne software. We utilized the Air Data Computer (ADC) software as the research object and applied different formal methods to verify software lifecycle artifacts. This example explains how to apply formal methods in practical applications and proves the effectiveness of formal methods in the verification of airborne software.

Tao Zhang,Yechun Jiang,Junda Ye,Cheng Jing,Huamin Qu

DOI: https://doi.org/10.1109/CICN.2014.240

2014-01-01

Abstract:This paper proposes a model-based software safety analysis method for flight control software. Firstly, the AADL architecture model and error model of flight control software are constructed separately. Then we convert the AADL model of flight control software into extended Markov chain model. We can evaluate safety of software component by calculate the probability of component state in different hazardous levels with the extended Markov chain model. Finally, safety of entire flight control software system can be calculated according to AADL error states composition relation, which can avoid states explosion problem of Markov chain model.

Wenjuan Wu,Dianfu Ma,Yongwang Zhao,Xianqi Zhao

DOI: https://doi.org/10.1007/978-3-319-12096-6_23

2014-01-01

Abstract:Airborne airworthiness certification DO-178C software release proposes a higher safety and reliability demands of airborne software. This raises great challenges to airborne software modeling and verification. In order to achieve airborne software high-level requirements objectives, we propose a formal method of modeling high-level requirements based on knowledge graph. The method gives a formal language to describe knowledge graph and constructs knowledge graph collaboratively. Then we represents high-level requirements by causal model and formal modeling of high-level functional requirements and non-functional requirements by knowledge graph. These improve the requirement traceability, namely these are helpful to trace the high-level requirements to system requirements so as to achieve high-level requirements' traceability objective that DO-178C demands. Additionally, we provide the modeling tool for domain experts to construct knowledge graph collaboratively and realize their high-level requirements modeling. We also give some high-level requirements verification. These are significant to generate safe, reliable, accurate and high-quality airborne software.

Xiaomin Wei,Yunwei Dong,Xuelin Li,W. Eric Wong

DOI: https://doi.org/10.1016/j.jss.2017.06.018

IF: 3.5

2018-01-01

Journal of Systems and Software

Abstract:Software systems are becoming increasingly important in safety-critical areas. Designing safe software requires a significant emphasis on hazards in the early design phase of software development. In this paper, we propose a hazard analysis approach based on Architecture Analysis and Design Language (AADL). First, to make up the deficiencies of Error Model Annex (EMV2), we create Hazard Model Annex (HMA) to specify the hazard sources, hazards, hazard trigger mechanisms, and mishaps. By using HMA, a safety model can be built by annotating an architecture model with the error model and hazard model. Then, an architecture-level hazard analysis approach is proposed to automatically generate the hazard analysis table. The approach contains the model transformation from a safety model to a Deterministic Stochastic Petri Nets (DSPNs) model for calculating the occurrence probability of hazards and mishaps. In addition, we present the formal semantics for each constituent part of the safety model, define the model mapping rules, and verify the semantic preservation of the transformation. Finally, HMA is implemented to build safety models and two Eclipse plug-ins of our methodology are also implemented. A case study on a flight control software system has been employed to demonstrate the feasibility of our proposed technique. (C) 2017 Elsevier Inc. All rights reserved.

WU Hai-qiao,LIU Chao,GE Hong-juan,WANG Hua-wei

DOI: https://doi.org/10.3969/j.issn.1001-5590.2012.02.005

2012-01-01

Abstract:Traditional system safety analysis,influenced by the personal skills and experiences of analyzers,may cause the error of system failure states and failure effects.Model checking,by means of traversing algorithm,can search all system status in mathematical method without omitting.By using the verification tool,analysis process can be conducted automatically and the dependence of experiences can be reduced.Model checking is introduced into aircraft system safety analysis in this paper and its application process is presented as well.The wheel brake system in the appendix of SAE ARP 4761 is taken as an example.With verification tool NuSMV,the minimum failure combination which lead to the top event can be got automatically,the purpose of fault tree analysis can be achieved at the same time.

Weigang Ma,Xinhong Hei

DOI: https://doi.org/10.1109/ICCASM.2010.5620084

2010-01-01

Abstract:A modeling and verification methodology is presented for railway interlocking system which is regarded as a safety-critical system. The methodology utilizes UML (Unified Modeling Language) to model the function requirement and FSM (Finite State Machine) to verify the safety requirements of the specification. The device specifications of railway interlocking system are modeled with UML, and dynamic behaviors of the device and whole system are modeled with FSM, the safety specification is translated LTL (Linear Temporal Logic) and analyzed with NuSMV. We try to show the feasibility of improving the reliability and reducing revalidation efforts when designing and developing a decentralized railway signaling system.

CHEN Feng,LI Wei-hua

2011-01-01

JOURNAL OF NORTHWEST UNIVERSITY(NATURAL SCIENCE EDITION)

Abstract:Aim To analyze and verify the software safety models effectively in the early stage of software design and development.Methods The methods for software safety analysis,derification and fomal modeling prooide that.Results A safety extended deterministic finite automata,SEDFA,is introduced.On the base of establishing security-related non-formal model by UMLsec,the sequence diagram,which expresses the security interaction,can be depicted by SEDFA.Firstly,the automata of signal object are created.Secondly,the product automaton of objects is constructed,and the SEDFA which indicates the complete interaction of the system is obtained.Conclusion It provides the foundation for the system safety property verification and achieving software safety test sases is the fatare work.

Lu Chen,Jian Jiao,Jiping Fan,Fuchun Ren

DOI: https://doi.org/10.1109/rams.2016.7447978

2016-01-01

Abstract:Fault propagation identification is an indispensable task in complex system safety analysis. With the growing of system scale and complexity, it is hard for the traditional safety analysis techniques, which depend mainly on analysts' personal skills and experiences, to keep completeness and timeliness; moreover, some failure modes may be neglected and failure effects misjudged during the analysis. Formal science provides a new way to solve this problem, where formal verification method such as model checking can automatically validate whether the system design satisfies the given safety requirements, which can reduce an analysts' repetitive work and design cost, and improve the efficiency and quality of safety analysis. However, there is lack of a deliberate and reasonable way to build system models because of the diversity and flexibility of languages used for model checking, which results in that it is difficult to specify and model system quickly and accurately, and leads to some deviation in model checking. In this paper, a system modeling and safety property specifying approach using symbolic language SMV is proposed, including guidance on the mapping relationships between the formal language elements and system functions, architecture and failure modes; moreover, how to define system specifications and safety requirements using temporal logic formulas is discussed as well. Finally, a case study about airborne system safety analysis is provided, in which the counter-examples that do not meet system specifications can be identified automatically using model checker NuSMV to find out fault events and their propagation that can result in accidents.

Wei Dong,Zhenbang Chen,Ji Wang

DOI: https://doi.org/10.1016/j.entcs.2006.02.033

2007-01-01

Electronic Notes in Theoretical Computer Science

Abstract:Light-weight formal method has been regarded as an important approach to development of component-based safety critical systems. The paper proposes an approach which can formally specify and verify the contract of static structure, dynamic behavior and refinement of component systems based on UML 2.0 superstructure. As results, the correctness of static contract can be obtained via type checking of interfaces and connectors. Dynamic contract can be verified through determining the cooperativeness of integrated components, whose contracts are depicted with interface protocol state machines and their semantics models, namely contract automata. The refinement relation between high level component and its implementation will be guaranteed through defining the alternating simulation between contract automata of components at different levels.

Lu Chen,Jian Jiao,Qianxin Wei,Tingdi Zhao

DOI: https://doi.org/10.1016/j.engfailanal.2017.06.034

IF: 4

2017-01-01

Engineering Failure Analysis

Abstract:It is important to analyze the failure in safety-critical system because a disaster may occur once any type of failure mode and/or failure effect is neglected or misjudged. In order to conduct the failure analysis more effectively and efficiently, the concept of formal modeling is introduced. This paper improved the model-based safety analysis (MBSA) working process to optimize the formal failure analysis approach of safety-critical system. As the core works of MBSA process, the formal modeling and model extension aim to build an integrated system model which can be used for analyzing the failure behaviors in the system by model checking. However, in order to automatically check if there are any potential failures in the structured system model and whether the model satisfies the specified system properties and requirements using model checker, model transformation is normally needed, which can introduced potential errors during the transformation. Moreover, different model checkers generally require the system models to be expressed in a particular input language, which increases the difficulty of modeling as well. In order to avoid these problems and improve the efficiency of failure analysis work, this paper focused on how to build an unified model of safety-critical system quickly and accurately using symbolic language SMV, and conduct automatic verification using the corresponding open-source model checker NuSMV soon afterwards. After the model checking, the formal verification results such as counter-examples generated by model checking need to be transformed into traditional failure analysis artifacts, such as FMEA and/or FTA, to guide the iterative improvement of system development conveniently. Therefore, to solve the transformation from formal verification conclusions to traditional failure analysis results is another key point of this paper. Finally, a case study about airborne equipment is provided to validate the proposed method.

Jianyu Zhang,Long Zhang,Yixuan Wu,Linru Ma,Feng Yang

2024-06-13

Abstract:Unmanned Aerial Systems (UAS) are currently widely used in safety-critical fields such as industrial production, military operations, and disaster relief. Due to the diversity and complexity of application scenarios, UAS have become increasingly intricate. The challenge of designing and implementing highly reliable UAS while effectively controlling development costs and enhancing efficiency is a pressing issue faced by both academia and industry. Addressing this challenge, this paper aims to investigate an integrated approach to modeling, verification, and code generation for UAS. The paper begins by utilizing Architecture Analysis and Design Language (AADL) to model the UAS, proposing a set of generic UAS models. Based on these models, formal specifications are written to describe the system's safety properties and functions. Finally, the paper introduces a method for generating flight controller code for UAS based on the verified models. Experiments conducted with the proposed method demonstrate its effectiveness in identifying potential vulnerabilities in the UAS during the early design phase and in generating viable flight controller code from the verified models. This approach can enhance the efficiency of designing and verifying high-reliability UAS.

Software Engineering