Results 1 
7 of
7
Safety verification of an aircraft landing protocol: A refinement approach. See Bemporad et al
 In HSCC
, 2007
"... Abstract. In this paper, we propose a new approach for formal verification of hybrid systems. To do so, we present a new refinement proof technique, a weak refinement using step invariants. As a case study of the approach, we conduct formal verification of the safety properties of NASA’s Small Aircr ..."
Abstract

Cited by 16 (4 self)
 Add to MetaCart
(Show Context)
Abstract. In this paper, we propose a new approach for formal verification of hybrid systems. To do so, we present a new refinement proof technique, a weak refinement using step invariants. As a case study of the approach, we conduct formal verification of the safety properties of NASA’s Small Aircraft Transportation System (SATS) landing protocol. A new model is presented using the timed I/O automata (TIOA) framework [1], and key safety properties are verified. Using the new refinement technique presented in the paper, we first carry over the safety verification results from the previous discrete model studied in [2] to the new model. We also present properties specific to the new model, such as lower bounds on the spacing of aircraft in specific areas of the airspace. 1
Proving safety properties of an aircraft landing protocol using I/O Automata and the PVS theorem prover: A case study
 In: Formal Methods, 14th International Symposium on Formal Methods. Volume 4085 of Lecture Notes in Computer Science
, 2006
"... Abstract. This paper presents an assertionalstyle verification of the aircraft landing protocol of NASA’s SATS (Small Aircraft Transportation System) concept [1] using the I/O automata framework and the PVS theorem prover. We reconstructed the mathematical model of the landing protocol presented in ..."
Abstract

Cited by 13 (3 self)
 Add to MetaCart
(Show Context)
Abstract. This paper presents an assertionalstyle verification of the aircraft landing protocol of NASA’s SATS (Small Aircraft Transportation System) concept [1] using the I/O automata framework and the PVS theorem prover. We reconstructed the mathematical model of the landing protocol presented in [2] as an I/O automaton. In addition, we translated the I/O automaton into a corresponding PVS specification, and conducted a verification of the safety properties of the protocol using the assertional proof technique and the PVS theorem prover. 1
Proof Assistants: history, ideas and future
"... In this paper we will discuss the fundamental ideas behind proof assistants: What are they and what is a proof anyway? We give a short history of the main ideas, emphasizing the way they ensure the correctness of the mathematics formalized. We will also briefly discuss the places where proof assista ..."
Abstract

Cited by 4 (0 self)
 Add to MetaCart
(Show Context)
In this paper we will discuss the fundamental ideas behind proof assistants: What are they and what is a proof anyway? We give a short history of the main ideas, emphasizing the way they ensure the correctness of the mathematics formalized. We will also briefly discuss the places where proof assistants are used and how we envision their extended use in the future. While being an introduction into the world of proof assistants and the main issues behind them, this paper is also a position paper that pushes the further use of proof assistants. We believe that these systems will become the future of mathematics, where definitions, statements, computations and proofs are all available in a computerized form. An important application is and will be in computer supported modelling and verification of systems. But their is still along road ahead and we will indicate what we believe is needed for the further proliferation of proof assistants.
proving and proof scripting in PVS
 NIANASA Langley, National Institute of Aerospace
, 2007
"... Abstract. The batch execution modes of PVS are powerful, but highly technical, features of the system that are mostly accessible to expert users. This paper presents a PVS tool, called ProofLite, that extends the theorem prover interface with a batch proving utility and a proof scripting notation. P ..."
Abstract

Cited by 2 (0 self)
 Add to MetaCart
(Show Context)
Abstract. The batch execution modes of PVS are powerful, but highly technical, features of the system that are mostly accessible to expert users. This paper presents a PVS tool, called ProofLite, that extends the theorem prover interface with a batch proving utility and a proof scripting notation. ProofLite enables a semiliterate proving style where specification and proof scripts reside in the same file. The goal of ProofLite is to provide batch proving and proof scripting capabilities to regular, nonexpert, users of PVS. 1
Safety Verification of the Small Aircraft Transportation System Concept of Operations
"... A critical factor in the adoption of any new aeronautical technology or concept of operation is safety. Traditionally, safety verification is accomplished through a rigorous process that involves human factors, low and high fidelity simulations, and flight experiments. As this process is usually per ..."
Abstract

Cited by 2 (0 self)
 Add to MetaCart
(Show Context)
A critical factor in the adoption of any new aeronautical technology or concept of operation is safety. Traditionally, safety verification is accomplished through a rigorous process that involves human factors, low and high fidelity simulations, and flight experiments. As this process is usually performed on final products or functional prototypes, concept modifications resulting from this process are very expensive to implement. This paper describes an approach to system safety that can take place at early stages of a concept design. It is based on a set of mathematical techniques and tools known as formal methods. In contrast to testing and simulation, formal methods provide the capability of exhaustive state exploration analysis. We present the safety analysis and verification performed for the Small Aircraft Transportation System (SATS) Concept of Operations (ConOps). The concept of operations is modeled using discrete and hybrid mathematical models. These models are then analyzed using formal methods. The objective of the analysis is to show, in a mathematical framework, that the concept of operation complies with a set of safety requirements. It is also shown that the ConOps has some desirable characteristic such as liveness and absence of deadlock. The analysis and verification is performed in the Prototype Verification System (PVS), which is a computer based specification language and a theorem proving assistant. I.
Parametrized Verification of Distributed CyberPhysical Systems: An Aircraft Landing Protocol Case Study
"... Abstract—In this paper, we present the formal modeling and automatic parameterized verification of a distributed air traffic control protocol called the Small Aircraft Transportation System (SATS). Each aircraft is modeled as a timed automaton with (possibly unbounded) counters. SATS is then describ ..."
Abstract
 Add to MetaCart
(Show Context)
Abstract—In this paper, we present the formal modeling and automatic parameterized verification of a distributed air traffic control protocol called the Small Aircraft Transportation System (SATS). Each aircraft is modeled as a timed automaton with (possibly unbounded) counters. SATS is then described as the composition of N such aircraft, where N is a parameter from the natural numbers. We verify several safety properties for arbitrary N, the most important of which is separation assurance, which ensures that no two aircraft may ever collide. The verification methodology relies on computing the set of backward reachable states from the set of unsafe states to a fixed point, and checking emptiness of the intersection of these reachable states and the initial set of states. We used the Model Checker Modulo Theories (MCMT) tool, which implements this technique. I.