Rigorous development process of a safety-critical system: from ASM models to Java code

The paper presents an approach for rigorous development of safety-critical systems based on the Abstract State Machine formal method. The development process starts from a high level formal view of the system and, through refinement, derives more detailed models till the desired level of specification. Along the process, different validation and verification activities are available, as simulation, model review, and model checking. Moreover, each refinement step can be proved correct using an SMT-based approach. As last step of the refinement process, a Java implementation can be developed and linked to the formal specification. The correctness of the implementation w.r.t. its formal specification can be proved by means of model-based testing and runtime verification. The process is exemplified by using a Landing Gear System as case study

System Architecture Virtual Integration: A Case Study

International audienceAerospace industry is experiencing exponential growth in the size and complexity of onboard software. It is also seeing a significant increase in errors and rework of that software. All of those factors contribute to greater cost; the current development process is reaching the limit of affordability of building safe aircraft. An international consortium of aerospace companies with government participation has initiated the System Architecture Virtual Integration (SAVI) program, whose goal is to achieve an affordable solution through a paradigm shift of―integrate then build. A key concept of this paradigm shift is an architecture- centric approach to analysis of virtually integrated system models with respect to multiple operational quality attributes such as performance, safety, and reliability. By doing so early and throughout the life cycle at different levels of fidelity, system-level faults are discovered earlier in the life cycle—reducing risk, cost, and development time. The first phase of this program demonstrated the feasibility of this new development process through a proof of concept demonstration and a return on investment analysis, which are the topics of this paper

Developing a distributed electronic health-record store for India

The DIGHT project is addressing the problem of building a scalable and highly available information store for the Electronic Health Records (EHRs) of the over one billion citizens of India

Validation and Verification of Safety-Critical Systems in Avionics

This research addresses the issues of safety-critical systems verification and validation. Safety-critical systems such as avionics systems are complex embedded systems. They are composed of several hardware and software components whose integration requires verification and testing in compliance with the Radio Technical Commission for Aeronautics standards and their supplements (RTCA DO-178C). Avionics software requires certification before its deployment into an aircraft system, and testing is mandatory for certification. Until now, the avionics industry has relied on expensive manual testing. The industry is searching for better (quicker and less costly) solutions. This research investigates formal verification and automatic test case generation approaches to enhance the quality of avionics software systems, ensure their conformity to the standard, and to provide artifacts that support their certification. The contributions of this thesis are in model-based automatic test case generations approaches that satisfy MC/DC criterion, and bidirectional requirement traceability between low-level requirements (LLRs) and test cases. In the first contribution, we integrate model-based verification of properties and automatic test case generation in a single framework. The system is modeled as an extended finite state machine model (EFSM) that supports both the verification of properties and automatic test case generation. The EFSM models the control and dataflow aspects of the system. For verification, we model the system and some properties and ensure that properties are correctly propagated to the implementation via mandatory testing. For testing, we extended an existing test case generation approach with MC/DC criterion to satisfy RTCA DO-178C requirements. Both local test cases for each component and global test cases for their integration are generated. The second contribution is a model checking-based approach for automatic test case generation. In the third contribution, we developed an EFSM-based approach that uses constraints solving to handle test case feasibility and addresses bidirectional requirements traceability between LLRs and test cases. Traceability elements are determined at a low-level of granularity, and then identified, linked to their source artifact, created, stored, and retrieved for several purposes. Requirements’ traceability has been extensively studied but not at the proposed low-level of granularity

Static analysis techniques to verify mutual exclusion situations within SysML models

AVATAR is a real-time extension of SysML supported by the TTool open-source toolkit. So far, formal verification of AVATAR models has relied on reachability techniques that face a state explosion problem. The paper explores a new avenue: applying structural analysis to AVATAR model, so as to identify mutual exclusion situations. In practice, TTool translates a subset of an AVATAR model into a Petri net and solves an equation system built upon the incidence matrix of the net. TTool implements a push-button approach and displays verification results at the AVATAR model level. The approach is not restricted to AVATAR and may be adapted to other UML profiles

Topics in Automotive Rollover Prevention: Robust and Adaptive Switching Strategies for Estimation and Control

The main focus in this thesis is the analysis of alternative approaches for estimation and control of automotive vehicles based on sound theoretical principles. Of particular importance is the problem rollover prevention, which is an important problem plaguing vehicles with a high center of gravity (CG). Vehicle rollover is, statistically, the most dangerous accident type, and it is difficult to prevent it due to the time varying nature of the problem. Therefore, a major objective of the thesis is to develop the necessary theoretical and practical tools for the estimation and control of rollover based on robust and adaptive techniques that are stable with respect to parameter variations. Given this background, we first consider an implementation of the multiple model switching and tuning (MMST) algorithm for estimating the unknown parameters of automotive vehicles relevant to the roll and the lateral dynamics including the position of CG. This results in high performance estimation of the CG as well as other time varying parameters, which can be used in tuning of the active safety controllers in real time. We then look into automotive rollover prevention control based on a robust stable control design methodology. As part of this we introduce a dynamic version of the load transfer ratio (LTR) as a rollover detection criterion and then design robust controllers that take into account uncertainty in the CG position. As the next step we refine the controllers by integrating them with the multiple model switched CG position estimation algorithm. This results in adaptive controllers with higher performance than the robust counterparts. In the second half of the thesis we analyze extensions of certain theoretical results with important implications for switched systems. First we obtain a non-Lyapunov stability result for a certain class of linear discrete time switched systems. Based on this result, we suggest switched controller synthesis procedures for two roll dynamics enhancement control applications. One control design approach is related to modifying the dynamical response characteristics of the automotive vehicle while guaranteeing the switching stability under parametric variations. The other control synthesis method aims to obtain transient free reference tracking of vehicle roll dynamics subject to parametric switching. In a later discussion, we consider a particular decentralized control design procedure based on vector Lyapunov functions for simultaneous, and structurally robust model reference tracking of both the lateral and the roll dynamics of automotive vehicles. We show that this controller design approach guarantees the closed loop stability subject to certain types of structural uncertainty. Finally, assuming a purely theoretical pitch, and motivated by the problems considered during the course of the thesis, we give new stability results on common Lyapunov solution (CLS) existence for two classes of switching linear systems; one is concerned with switching pair of systems in companion form and with interval uncertainty, and the other is concerned with switching pair of companion matrices with general inertia. For both problems we give easily verifiable spectral conditions that are sufficient for the CLS existence. For proving the second result we also obtain a certain generalization of the classical Kalman-Yacubovic-Popov lemma for matrices with general inertia

Model-Checking Real-Time Properties of an Aircraft Landing Gear System Using Fiacre

International audienceWe describe our experience with modeling the landing gear system of an aircraft using the formal specification language Fiacre. Our model takes into account the behavior and timing properties of both the physical parts and the control software of this system. We use this formal model to check safety and real-time properties on the system but also to find a safe bound on the maximal time needed for all gears to be down and locked (assuming the absence of failures). Our approach ultimately relies on the model-checking tool Tina, that provides state-space generation and model-checking algorithms for an extension of Time Petri Nets with data and priorities

IKUWA6. Shared Heritage

Celebrating the theme ‘Shared heritage’, IKUWA6 (the 6th International Congress for Underwater Archaeology), was the first such major conference to be held in the Asia-Pacific region, and the first IKUWA meeting hosted outside Europe since the organisation’s inception in Germany in the 1990s. A primary objective of holding IKUWA6 in Australia was to give greater voice to practitioners and emerging researchers across the Asia and Pacific regions who are often not well represented in northern hemisphere scientific gatherings of this scale; and, to focus on the areas of overlap in our mutual heritage, techniques and technology. Drawing together peer-reviewed presentations by delegates from across the world who converged in Fremantle in 2016 to participate, this volume covers a stimulating diversity of themes and niche topics of value to maritime archaeology practitioners, researchers, students, historians and museum professionals across the world

Maritime expressions:a corpus based exploration of maritime metaphors

This study uses a purpose-built corpus to explore the linguistic legacy of Britain’s maritime history found in the form of hundreds of specialised ‘Maritime Expressions’ (MEs), such as TAKEN ABACK, ANCHOR and ALOOF, that permeate modern English. Selecting just those expressions commencing with ’A’, it analyses 61 MEs in detail and describes the processes by which these technical expressions, from a highly specialised occupational discourse community, have made their way into modern English. The Maritime Text Corpus (MTC) comprises 8.8 million words, encompassing a range of text types and registers, selected to provide a cross-section of ‘maritime’ writing. It is analysed using WordSmith analytical software (Scott, 2010), with the 100 million-word British National Corpus (BNC) as a reference corpus. Using the MTC, a list of keywords of specific salience within the maritime discourse has been compiled and, using frequency data, concordances and collocations, these MEs are described in detail and their use and form in the MTC and the BNC is compared. The study examines the transformation from ME to figurative use in the general discourse, in terms of form and metaphoricity. MEs are classified according to their metaphorical strength and their transference from maritime usage into new registers and domains such as those of business, politics, sports and reportage etc. A revised model of metaphoricity is developed and a new category of figurative expression, the ‘resonator’, is proposed. Additionally, developing the work of Lakov and Johnson, Kovesces and others on Conceptual Metaphor Theory (CMT), a number of Maritime Conceptual Metaphors are identified and their cultural significance is discussed