Using symbolic execution for verifying safety-critical systems
Proceedings of the 8th European software engineering conference held jointly with 9th ACM SIGSOFT international symposium on Foundations of software engineering
HSCC '01 Proceedings of the 4th International Workshop on Hybrid Systems: Computation and Control
Information and Computation
Timed I/O Automata: A Mathematical Framework for Modeling and Analyzing Real-Time Systems
RTSS '03 Proceedings of the 24th IEEE International Real-Time Systems Symposium
Causal analysis of the ACAS/TCAS sociotechnical system
SCS '04 Proceedings of the 9th Australian workshop on Safety critical systems and software - Volume 47
Spatial Networks of Hybrid I/O Automata for Modeling Excitable Tissue
Electronic Notes in Theoretical Computer Science (ENTCS)
Verifying average dwell time of hybrid systems
ACM Transactions on Embedded Computing Systems (TECS)
Modeling and simulation of cardiac tissue using hybrid I/O automata
Theoretical Computer Science
Formal Verification of the NASA Runway Safety Monitor
Electronic Notes in Theoretical Computer Science (ENTCS)
Safety verification of model helicopter controller using hybrid input/output automata
HSCC'03 Proceedings of the 6th international conference on Hybrid systems: computation and control
Symbolic reachability analysis of lazy linear hybrid automata
FORMATS'07 Proceedings of the 5th international conference on Formal modeling and analysis of timed systems
Verifying average dwell time by solving optimization problems
HSCC'06 Proceedings of the 9th international conference on Hybrid Systems: computation and control
| Hi-index | 0.00 |
In this paper, we demonstrate a high-level approach to modeling and analyzing complex safety-critical systems through a case study in the area of air traffic management. In particular, we focus our attention on the Traffic Alert and Collision Avoidance System (TCAS); an on-board conflict detection and resolution system which alerts pilots to the presence of nearby aircraft that pose a mid-air collision threat and issues conflict resolution advisories. Due to the complexity of the TCAS software and the hybrid nature of the closed-loop system, the traditional testing techniques through simulation do not constitute a viable verification approach. To aid people in analyzing and designing such systems, we advocate defining high-level mathematical system models that capture the behavior not only of the software, but also of the airplanes, sensors, and pilots---that is, high-level hybrid system models. In particular, we show how the core components of this complex system can be captured by relatively simple Hybrid I/O Automata (HIOA) which are amenable to formal analysis. We then outline a methodology for establishing conditions under which the conflict resolution advisories issued by TCAS guarantee sufficient separation in altitude for aircraft involved in mid-air collision threats. Although our results are intended only as illustrations of high-level modeling and analysis techniques, the TCAS system models provide a foundation for study of a wide range of properties of the system's behavior.