Formal correctness, safety, dependability, and performance analysis of a satellite

This paper reports on the usage of a broad palette of formal modeling and analysis techniques on a regular industrial-size design of an ultra-modern satellite platform. These efforts were carried out in parallel with the conventional software development of the satellite platform. The model itself i...

Full description

Saved in:
Bibliographic Details
Published in2012 34th International Conference on Software Engineering (ICSE) pp. 1022 - 1031
Main Authors Esteve, M., Katoen, J-P, Viet Yen Nguyen, Postma, B., Yushtein, Y.
Format Conference Proceeding
LanguageEnglish
Published IEEE 01.06.2012
Subjects
AADL
Analytical models
Compass
dependability
fault management
FDIR
formal methods
model checking
modelling
Safety
satellite
Satellite broadcasting
Satellites
Software
Space vehicles
Online AccessGet full text

Cover

More Information
Summary:This paper reports on the usage of a broad palette of formal modeling and analysis techniques on a regular industrial-size design of an ultra-modern satellite platform. These efforts were carried out in parallel with the conventional software development of the satellite platform. The model itself is expressed in a formalized dialect of AADL. Its formal nature enables rigorous and automated analysis, for which the recently developed COMPASS toolset was used. The whole effort revealed numerous inconsistencies in the early design documents, and the use of formal analyses provided additional insight on discrete system behavior (comprising nearly 50 million states), on hybrid system behavior involving discrete and continuous variables, and enabled the automated generation of large fault trees (66 nodes) for safety analysis that typically are constructed by hand. The model's size pushed the computational tractability of the algorithms underlying the formal analyses, and revealed bottlenecks for future theoretical research. Additionally, the effort led to newly learned practices from which subsequent formal modeling and analysis efforts shall benefit, especially when they are injected in the conventional software development lifecycle. The case demonstrates the feasibility of fully capturing a system-level design as a single comprehensive formal model and analyze it automatically using a toolset based on (probabilistic) model checkers.
ISBN:9781467310666
1467310662
ISSN:0270-5257
1558-1225
DOI:10.1109/ICSE.2012.6227118