Top

International Journal on Software Tools for Technology Transfer

Published in:

23-09-2015 | ABZ 2014

Environment-driven reachability for timed systems

Safety verification of an aircraft landing gear system

Authors: Ciprian Teodorov, Philippe Dhaussy, Luka Le Roux

Published in: International Journal on Software Tools for Technology Transfer | Issue 2/2017

Activate our intelligent search to find suitable subject content or patents.

search-config

AI-assisted search

Off

Abstract

With an ever increasing complexity, the verification of critical embedded systems is a challenging and expensive task. Among the available formal methods, model checking offers a high level of automation and would thus lower the cost of this process. But, the scalability of this technique is hindered by the state-space explosion problem, which fuelled the research community since its inception. To address this challenge, in the case of real size systems, the theoretical, the methodological and the algorithmic axes have to be integrated. The context-aware verification (CaV) strives to do this by focusing on the identification, the isolation and the reification of the environment surrounding the studied system. It enables the use of specific algorithms with a major, positive, impact on the scalability of model checking. In this paper, we apply this technique to study a Landing Gear System (LGS) in the presence of failures. The problem has been decomposed in 885 independent verification units (called contexts). The analysis of 163 of these contexts on a 64 GB computer unraveled a 20 TB state space with more than 2.2 billion states. Moreover, using this approach arbitrarily long scenarios have been analysed using less than 10 GB of memory.

previous article The landing gear system in multi-machine Hybrid Event-B

next article Rigorous development process of a safety-critical system: from ASM models to Java code

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

OBP Observation Engine website: http://www.obpcdl.org.

By “reification”, we mean the process of explicitly identifying something, which then is formulated and rendered accessible to conceptual/computational manipulation.

OBP Observation Engine website: http://www.obpcdl.org.

The alt operator was denoted + in the original syntax, in this study we have used [] to match the actual CDL grammar.

It should be noted that due to the use of a “log”-axis in Fig. 7 it is difficult to see that the state spaces for these two cases exceed the L64 threshold by 21 and 41 %, respectively.

the left/right door/gear failure cases are not include since they produce the same results as the front door/gear—ldF, lgF.

Alur, R., Dill, D.L.: A theory of timed automata. Theor. Comput. Sci. 126, 183–235 (1994)MathSciNetCrossRefMATH

André, C.: Syntax and Semantics of the Clock Constraint Specification Language (CCSL). Research Report RR-6925, INRIA, (2009)

Armbrust, M., Fox, A., Griffith, R., Joseph, A.D., Katz, R.H., Konwinski, A., Lee, G., Patterson, D.A., Rabkin, A., Stoica, I., Zaharia, M.: Above the clouds: a berkeley view of cloud computing. Technical Report UCB/EECS-2009-28, EECS Department, University of California, Berkeley (2009)

Bengtsson, J., Larsen, K.G., Larsson, F., Pettersson, P., Yi, W.: Uppaal—a tool suite for automatic verification of real–time systems. In: Proceedings of Workshop on Verification and Control of Hybrid Systems III, number 1066 in Lecture Notes in Computer Science, pp. 232–243. Springer–Verlag (1995)

Berthomieu, B., Ribet, P.-O., Verdanat, F.: The tool TINA—construction of abstract state spaces for petri nets and time petri nets. Int. J. Prod. Res. 42, 2741–2756 (2004)CrossRefMATH

Boniol, F., Dhaussy, P., Le Roux, L., Roger, J.-C.: Model-Based Analysis. In: Embedded Systems, pp. 157–183. Wiley, New Jersey (2013). doi:10.1002/9781118569535.ch8

Boniol, F., Wiels, V.: The landing gear system case study. In: Boniol, F., Wiels, V., Ait Ameur, Y., Schewe, K.-D. (eds.) ABZ 2014: The Landing Gear Case Study, volume 433 of Communications in Computer and Information Science, pp. 1–18. Springer International Publishing (2014)

Boniol, F., Wiels, V., Ledinot, E.: Experiences using model checking to verify real time properties of a landing gear control system. France, In: Embedded Real-Time Systems (ERTS), Toulouse (2006)

Burch, J.R., Clarke, E.M., McMillan, K.L., Dill, D.L., Hwang, L.J.: Symbolic model checking: \(10^{20}\) states and beyond. In: 5th IEEE Symposium on Logic in Computer Science, pp. 428–439 (1990)

10.

Clarke, E., Biere, A., Raimi, R., Zhu, Y.: Bounded model checking using satisfiability solving. Form. Methods Syst. Des. 19(1), 7–34 (2001)CrossRefMATH

11.

Clarke, E.M., Emerson, E.A., Sistla, A.P.: Automatic verification of finite-state concurrent systems using temporal logic specifications. ACM Trans. Program. Lang. Syst. 8(2), 244–263 (1986)CrossRefMATH

12.

Clarke, E.M., Enders, R., Filkorn, T., Jha, S.: Exploiting symmetry in temporal logic model checking. Form. Methods Syst. Des. 9(1–2), 77–104 (1996)CrossRef

13.

Cormen, T.H., Leiserson, C.E., Rivest, R.L., Stein, C.: Introduction to Algorithms, 3rd edn. The MIT Press (2009)

14.

Deantoni, J., Issa Diallo, P., Teodorov, C., Champeau, J., Combemale, B.: Towards a Meta-Language for the Concurrency Concern in DSLs. In: Design, Automation and Test in Europe Conference and Exhibition (DATE), Grenoble, France (2015)

15.

Dhaussy, P., Boniol, F., Roger, J.-C.: Reducing state explosion with context modeling for model-checking. In: 13th IEEE International High Assurance Systems Engineering Symposium (Hase’11), Boca Raton, USA (2011)

16.

Dhaussy, P., Boniol, F., Roger, J.-C., Le Roux, L.: Improving model checking with context modelling. Advances in Software Engineering, ID 547157:13 pages (2012)

17.

Dhaussy, P., Pillain, P.-Y., Creff, S., Raji, A., Le Traon, Y., Baudry, B.: Evaluating context descriptions and property definition patterns for software formal validation. In: Schuerr, Bran Selic Andy (ed.) 12th IEEE/ACM conf Model Driven Engineering Languages and Systems (Models’09), vol. 5795, pp. 438–452. Springer-Verlag, LNCS (2009)

18.

Dhaussy, P., Roger, J.-C., Boniol, F.: Context aware model-checking for embedded software. In: Embedded Systems—Theory and Design Methodology, pages ISBN: 978–953–51–0167–3 pages 167–184. InTech (2012)

19.

Dhaussy, P., Ciprian, T.: Context-aware verification of a landing gear system. In: Boniol, F., Wiels, V., Ait Ameur, Y., Schewe, K.-D. (eds.) ABZ 2014: The Landing Gear Case Study volume 433 of Communications in Computer and Information Science, pp. 52–65. Springer International Publishing (2014)

20.

Dwyer, M.B., Avrunin, G.S., Corbett, J.C.: Property specification patterns for finite-state verification. In: FMSP, pages 7–15 (1998)

21.

Edelkamp, S., Sanders, P., Šimeček, P.: Semi-external ltl model checking. In: Gupta, A., Malik, S. (eds.) Computer Aided Verification, volume 5123 of Lecture Notes in Computer Science, pp. 530–542. Springer, Berlin Heidelberg (2008)

22.

Farail, P., Gaufillet, P., Peres, F., Bodeveix, J.-P., Filali, M., Berthomieu, B., Rodrigo, S., Vernadat, F., Garavel, H., Lang, F.: Fiacre: an intermediate language for model verification in the TOPCASED environment. In: European Congress on Embedded Real-Time Software (ERTS), Toulouse. SEE (2008)

23.

Flanagan, C., Qadeer, S.: Thread-modular model checking. In: SPIN’03 (2003)

24.

Godefroid, P.: The Ulg partial-order package for SPIN. SPIN Workshop (1995)

25.

Holzmann, G.J.: State compression in SPIN: Recursive indexing and compression training runs. In: Proceedings of 3rd International SPIN Workshop (1997)

26.

Holzmann, G.J.: The model checker SPIN. Softw. Eng. 23(5), 279–295 (1997)CrossRef

27.

INCOSE: INCOSE Systems Engineering Handbook: A Guide for System Life Cycle Processes and Activities. Wiley (2015)

28.

Jouault, F., Delatour, J.: Towards fixing sketchy UML models by leveraging textual notations: Application to real-time embedded systems. In: Proceedings of the 14th International Workshop on OCL and Textual Modelling co-located with 17th International Conference on Model Driven Engineering Languages and Systems (MODELS 2014), Valencia, Spain, September 30, 2014., pages 73–82 (2014)

29.

Jouault, F., Teodorov, C., Delatour, J., Le Roux, L., Dhaussy, P.: Transformation de modèles UML vers Fiacre, via les langages intermédiaires tUML et ABCD. Génie logiciel, 109:xx (2014)

30.

Menad, N., Dhaussy, P.: A transformation approach for multiform time requirements. In: Hierons, R.M., Merayo, M.G., Bravetti, M. (eds.) Software Engineering and Formal Methods, volume 8137 of Lecture Notes in Computer Science, pp. 16–30. Springer Berlin Heidelberg (2013)

31.

Park, S., Kwon, G.: Avoidance of state explosion using dependency analysis in model checking control flow model. In: Proceedings of the 5th International Conference on Computational Science and Its Applications (ICCSA ’06), vol. 3984, pp. 905–911. Springer-Verlag, LNCS (2006)

32.

Peled, D.: Combining Partial-Order Reductions with On-the-fly Model-Checking. In: CAV ’94: Proceedings of the 6th International Conference on Computer Aided Verification, pages 377–390, London, UK, Springer-Verlag (1994)

33.

Queille, J.-P., Sifakis, J.: Specification and verification of concurrent systems in cesar. In: Proceedings of the 5th Colloquium on International Symposium on Programming, pages 337–351, London, UK, Springer-Verlag (1982)

34.

Stern, U., Dill, D.L.: Using magnetic disk instead of main memory in the Mur\(\varphi \) verifier. In: Hu, A.J., Vardi, M.Y. (eds.) Computer Aided Verification, volume 1427 of Lecture Notes in Computer Science, pp. 172–183. Springer, Berlin Heidelberg (1998)

35.

Teodorov, C.: Embedding multiform time constraints in smalltalk. In: Proceedings of the International Workshop on Smalltalk Technologies, IWST ’14 (2014)

36.

Teodorov, C., Le Roux, L., Dhaussy, P.: Context-aware verification of a cruise-control system. In: Ait Ameur, Y., Bellatreche, L., Papadopoulos, G.A. (eds.) Model and Data Engineering, volume 8748 of Lecture Notes in Computer Science, pp. 53–64. Springer International Publishing (2014)

37.

Tkachuk, O., Dwyer, M.B., Pasareanu, C.S.: Automated environment generation for software model checking. In: Automated Software Engineering, 2003. In: Proceedings of 18th IEEE International Conference on, pages 116–127 (2003)

38.

Valmari, A.: Stubborn sets for reduced state space generation. In: Proceedings of the 10th International Conference on Applications and Theory of Petri Nets, pages 491–515, London, UK, Springer-Verlag (1991)

39.

Valmari, A.: The state explosion problem. In: Reisig, W., Rozenberg, G. (eds.) Lectures on Petri Nets I: Basic Models, volume 1491 of Lecture Notes in Computer Science, pp. 429–528. Springer, Berlin Heidelberg (1998)

40.

Whittle, J.: Specifying precise use cases with use case charts. In: 9th IEEE/ACM conf. Model Driven Engineering Languages and Systems (MoDELS’06), Satellite Events, pages 290–301, Genova, Italy (2006)

41.

Yatake, K., Aoki, T.: Automatic generation of model checking scripts based on environment modeling. In: Proceedings of the 17th International SPIN Conference on Model Checking Software, SPIN’10, pages 58–75, Berlin, Heidelberg, Springer-Verlag (2010)

42.

Yu, Y., Manolios, P., Lamport, L.: Model checking tla+ specifications. In: Proceedings of the 10th IFIP WG 10.5 Advanced Research Working Conference on Correct Hardware Design and Verification Methods, CHARME ’99, pages 54–66, London, UK, UK, Springer-Verlag (1999)

Title: Environment-driven reachability for timed systems
Safety verification of an aircraft landing gear system
Authors: Ciprian Teodorov
Philippe Dhaussy
Luka Le Roux
Publication date: 23-09-2015
Publisher: Springer Berlin Heidelberg
Published in: International Journal on Software Tools for Technology Transfer / Issue 2/2017
Print ISSN: 1433-2779
Electronic ISSN: 1433-2787
DOI: https://doi.org/10.1007/s10009-015-0401-2

Springer Professional

Abstract

Please log in to get access to your license.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Other articles of this Issue 2/2017

The landing gear system in multi-machine Hybrid Event-B

Validation of the ABZ landing gear system using ProB

The landing gear case study: challenges and experiments

Rigorous development process of a safety-critical system: from ASM models to Java code

Aircraft landing gear system: approaches with Event-B to the modeling of an industrial system

Modeling a landing gear system in Event-B

Premium Partner