Symbolic model checking: 1020 states and beyond
Information and Computation - Special issue: Selections from 1990 IEEE symposium on logic in computer science
Model checking and abstraction
ACM Transactions on Programming Languages and Systems (TOPLAS)
Model checking
Symbolic Model Checking without BDDs
TACAS '99 Proceedings of the 5th International Conference on Tools and Algorithms for Construction and Analysis of Systems
Lectures on Petri Nets I: Basic Models, Advances in Petri Nets, the volumes are based on the Advanced Course on Petri Nets
NuSMV 2: An OpenSource Tool for Symbolic Model Checking
CAV '02 Proceedings of the 14th International Conference on Computer Aided Verification
Efficient reduction of finite state model checking to reachability analysis
International Journal on Software Tools for Technology Transfer (STTT)
QEST '06 Proceedings of the 3rd international conference on the Quantitative Evaluation of Systems
Proving the Correctness of Multiprocess Programs
IEEE Transactions on Software Engineering
Principles of Model Checking (Representation and Mind Series)
Principles of Model Checking (Representation and Mind Series)
Verifying mode consistency for on-board satellite software
SAFECOMP'10 Proceedings of the 29th international conference on Computer safety, reliability, and security
Developing mode-rich satellite software by refinement in event B
FMICS'10 Proceedings of the 15th international conference on Formal methods for industrial critical systems
Incremental and complete bounded model checking for full PLTL
CAV'05 Proceedings of the 17th international conference on Computer Aided Verification
Hi-index | 0.00 |
This paper discusses the use of symbolic model checking technology to verify the design of an embedded satellite software control system called the attitude and orbit control system (AOCS). This system is mission critical because it is responsible for maintaining the attitude of the satellite and for performing fault detection, isolation, and recovery decisions. An executable AOCS implementation by Space Systems Finland has been provided in Ada source code form, and we use the input language of the symbolic model checker NuSMV 2 to model the implementation at a detailed level. We describe the modeling techniques and abstractions used to alleviate the state space explosion due to the handling of timers and the large number of system components controlled by the AOCS. The required behavior has been specified as extended state machine diagrams and translated to temporal logic properties. Besides well-known LTL and CTL model checking algorithms, we adapt a previously unexplored form of the liveness-to-safety approach to the problem. The latter new technique turns out to successfully prove all desired properties of the system, outperforming both the LTL and CTL implementations of NuSMV 2.