Abstract
Digital flight control systems utilize redundant hardware to meet high reliability requirements. In this study we use the SMV model checker to assess the design correctness of a sensor voter algorithm used to manage three redundant sensors. The sensor voter design is captured as a Simulink diagram. The requirements verified include normal operation, transient conditions, and fault handling.
The sensor voter algorithm is a realistic example of flight citical embedded software used to manage redundant air data or inertial reference sensors. We are using it to evaluate different design methods, languages, and tools currently available for formal verification. Key issues are 1) integration of formal verification into existing development processes and tools, and 2) synthesis of the correct environment (world abstraction) needed for analysis of normal and off-normal operation conditions.
This work has been supported in part by NASA contract NAS1-00079.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
P. Kurzhals, et al, “Integrity in Electronic Flight Control Systems”, AGARDo-graph No. 224, April 1977. (available through National Technical Information Service, Springfield, VA)
T. Cunningham, et al, “Fault Tolerance Design and Redundancy Management Techniques”, NATO AGARD Lecture Series No. 109. Sept 1980. (available through National Technical Information Service, Spring field, VA) see especially Chapter 3: Computer Based In-flight Monitoring; Chapter 7: Failure Management for Saab Viggen JA-37 Aircraft; Chapter 8: Flight Experience with Flight Control Redundancy Management
G. Belcher, D. McIver and K. Szalai, “Validation of Flight Critical Control Systems”, AGARD Advisory Report No. 274, Dec 1991. (available through National Technical Information Service, Springfield, VA)
S. Osder, “Practical View of Redundancy Management Application and Theory”, Journal of Guidance and Control, Vol. 22 No. 1, Jan–Feb 1999.
R. P. G. Collinson, Introduction to Avionics, Chapman & Hall, London, 1998.
K. McMillan, Symbolic Model Checking, Kluwer Academic Publishers, Boston, Dordrecht, London, 1993.
Micheal R A Huth and Mark D Ryan, Logic in Computer Science Modelling and reasoning about systems, University Press, Cambridge, United Kingdom, 2000.
SMV web page: http://www-2.cs.cmu.edu/modelcheck
sf2smv web page: http://www.ece.cmu.edu/webk/sf2smv
Checkmate web page: http://www.ece.cmu.edu/webk/checkmate
Simulink weg page: http://www.mathworks.com/products/simulink
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2003 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Dajani-Brown, S., Cofer, D., Hartmann, G., Pratt, S. (2003). Formal Modeling and Analysis of an Avionics Triplex Sensor Voter. In: Ball, T., Rajamani, S.K. (eds) Model Checking Software. SPIN 2003. Lecture Notes in Computer Science, vol 2648. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-44829-2_3
Download citation
DOI: https://doi.org/10.1007/3-540-44829-2_3
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-40117-9
Online ISBN: 978-3-540-44829-7
eBook Packages: Springer Book Archive