Specification-based test oracles for reactive systems
ICSE '92 Proceedings of the 14th international conference on Software engineering
Design patterns: elements of reusable object-oriented software
Design patterns: elements of reusable object-oriented software
An Industrial Strength Theorem Prover for a Logic Based on Common Lisp
IEEE Transactions on Software Engineering
IEEE Transactions on Software Engineering - Special issue on formal methods in software practice
Proceedings of the 9th International Conference on Computer Aided Verification
CAV '97 Proceedings of the 9th International Conference on Computer Aided Verification
Verification and Validation of AI Systems that Control Deep-Space Spacecraft
ISMIS '97 Proceedings of the 10th International Symposium on Foundations of Intelligent Systems
Adaptive Fault Tolerance for Scalable Cluster Computing in Space
International Journal of High Performance Computing Applications
Formal analysis of an electronic voting system: An experience report
Journal of Systems and Software
Hi-index | 0.00 |
In the realm of space exploration, the biggest obstacle to widespread application of autonomy in flight software is not technical feasibility; it is doubt about its trustworthiness as a replacement for human-in-the-loop decision-making. Autonomous control systems raise difficult verification and validation issues because, unlike conventional sequencer-based open-loop systems that perform transactions visible through uplink and downlink communications, they close many control loops and arbitrate many resources onboard with specialized reasoning in multiple concurrent threads. V&V techniques are needed that significantly increase confidence in these decision-making control systems. This article shows two ways of applying analytic verification: at design time using model checking to guarantee that specific conditions are never violated, and at runtime using embedded behavior auditors to verify that the implemented integrated system respects similar conditions. This approach suggests two changes in software-development practice: modeling the high-level design formally enough to enable model checking through tools such as Spin, and codeveloping operational code along with auditor specifications.