Development and Verification of a Flight Stack for a High-Altitude Glider in Ada/SPARK 2014

SPARK 2014 is a modern programming language and a new state-of-the-art tool set for development and verification of high-integrity software. In this paper, we explore the capabilities and limitations of its latest version in the context of building a flight stack for a high-altitude unmanned glider. Towards that, we deliberately applied static analysis early and continuously during implementation, to give verification the possibility to steer the software design. In this process we have identified several limitations and pitfalls of software design and verification in SPARK, for which we give workarounds and protective actions to avoid them. Finally, we give design recommendations that have proven effective for verification, and summarize our experiences with this new language

A conceptual model for megaprogramming

Megaprogramming is component-based software engineering and life-cycle management. Magaprogramming and its relationship to other research initiatives (common prototyping system/common prototyping language, domain specific software architectures, and software understanding) are analyzed. The desirable attributes of megaprogramming software components are identified and a software development model and resulting prototype megaprogramming system (library interconnection language extended by annotated Ada) are described

Systems engineering and integration and management for manned space flight programs

This paper discusses the history of SE&I management of the overall program architecture, organizational structure and the relationship of SE&I to other program organizational elements. A brief discussion of the method of executing the SE&I process, a summary of some of the major lessons learned, and identification of things that have proven successful are included

A Dual-Engine for Early Analysis of Critical Systems

This paper presents a framework for modeling, simulating, and checking properties of critical systems based on the Alloy language -- a declarative, first-order, relational logic with a built-in transitive closure operator. The paper introduces a new dual-analysis engine that is capable of providing both counterexamples and proofs. Counterexamples are found fully automatically using an SMT solver, which provides a better support for numerical expressions than the existing Alloy Analyzer. Proofs, however, cannot always be found automatically since the Alloy language is undecidable. Our engine offers an economical approach by first trying to prove properties using a fully-automatic, SMT-based analysis, and switches to an interactive theorem prover only if the first attempt fails. This paper also reports on applying our framework to Microsoft's COM standard and the mark-and-sweep garbage collection algorithm.Comment: Workshop on Dependable Software for Critical Infrastructures (DSCI), Berlin 201

Formal change impact analyses for emulated control software

Processor emulators are a software tool for allowing legacy computer programs to be executed on a modern processor. In the past emulators have been used in trivial applications such as maintenance of video games. Now, however, processor emulation is being applied to safety-critical control systems, including military avionics. These applications demand utmost guarantees of correctness, but no verification techniques exist for proving that an emulated system preserves the original system’s functional and timing properties. Here we show how this can be done by combining concepts previously used for reasoning about real-time program compilation, coupled with an understanding of the new and old software architectures. In particular, we show how both the old and new systems can be given a common semantics, thus allowing their behaviours to be compared directly

Advanced Manned Launch System (AMLS) study

To assure national leadership in space operations and exploration in the future, NASA must be able to provide cost effective and operationally efficient space transportation. Several NASA studies and the joint NASA/DoD Space Transportation Architecture Studies (STAS) have shown the need for a multi-vehicle space transportation system with designs driven by enhanced operations and low costs. NASA is currently studying an advanced manned launch system (AMLS) approach to transport crew and cargo to the Space Station Freedom. Several single and multiple stage systems from air-breathing to all-rocket concepts are being examined in a series of studies potential replacements for the Space Shuttle launch system in the 2000-2010 time frame. Rockwell International Corporation, under contract to the NASA Langley Research Center, has analyzed a two-stage all-rocket concept to determine whether this class of vehicles is appropriate for the AMLS function. The results of the pre-phase A study are discussed

Advanced flight control system study

A fly by wire flight control system architecture designed for high reliability includes spare sensor and computer elements to permit safe dispatch with failed elements, thereby reducing unscheduled maintenance. A methodology capable of demonstrating that the architecture does achieve the predicted performance characteristics consists of a hierarchy of activities ranging from analytical calculations of system reliability and formal methods of software verification to iron bird testing followed by flight evaluation. Interfacing this architecture to the Lockheed S-3A aircraft for flight test is discussed. This testbed vehicle can be expanded to support flight experiments in advanced aerodynamics, electromechanical actuators, secondary power systems, flight management, new displays, and air traffic control concepts

Rewriteable optical disk recorder development

A NASA program to develop a high performance (high rate, high capability) rewriteable optical disk recorder for spaceflight applications is presented. An expandable, adaptable system concept is proposed based on disk Drive modules and a modular Controller. Drive performance goals are 10 gigabyte capacity are up to 1.8 gigabits per second rate with concurrent I/O, synchronous data transfer, and 2 to 5 years operating life in orbit. Technology developments, design concepts, current status, and future plans are presented