Formal specification and verification of a fault-masking and transient-recovery model for digital flight-control systems

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

Volumn 571 LNCS, Issue , 1991, Pages 237-257

  Rushby, John ^a  

^a SRI INTERNATIONAL   (United States)

Author keywords

Digital flight control systems; Fault tolerance; Formal methods; Formal specification and verification; Majority voting; Modular redundancy; Proof checking; Transient faults

Indexed keywords

CONTROL SYSTEMS; FAULT TOLERANCE; FAULT TOLERANT COMPUTER SYSTEMS; FORMAL METHODS; FORMAL SPECIFICATION; FORMAL VERIFICATION; REAL TIME SYSTEMS; SPECIFICATIONS;

DIGITAL FLIGHT CONTROL SYSTEMS; FORMAL SPECIFICATION AND VERIFICATION; MAJORITY VOTING; MODULAR REDUNDANCY; PROOF CHECKING; TRANSIENT FAULTS;

FLIGHT CONTROL SYSTEMS;

EID: 84979548204     PISSN: 03029743     EISSN: 16113349     Source Type: Book Series    
DOI: 10.1007/3-540-55092-5_13     Document Type: Conference Paper

References (22)

1. W.R. Bevier and W.D. Young. Machine-checked proofs of a Byzantine agreement algorithm. Technical Report 55, Computational Logic Incorporated, Austin, TX, June 1990.
2. W.R. Bevier and W.D. Young. The design and proof of correctness of a fault-tolerant circuit. In 2nd. International Working Conference on Dependable Computing for Critical Applications, pages 107-114, Tucson, AZ, February 1991. IFIP WG. 10.4.
3. Ricky W. Butler and Sally C. Johnson. The art of fault-tolerant system reliability modeling. NASA Technical Memorandum 102623, NASA Langley Research Center, Hampton, VA, March 1990.
4. Ben L. Di Vito, Ricky W. Butler, and James L. Caldwell. Formal design and verification of a reliable computing platform for real-time control. NASA Technical Memorandum 102716, NASA Langley Research Center, Hampton, VA, October 1990.
5. Ben L. Di Vito, Ricky W. Butler, and James L. Caldwell. High level design proof of a reliable computing platform. In 2nd. International Working Conference on Dependable Computing for Critical Applications, pages 124-136, Tucson, AZ, February 1991. IFIP WG. 10.4.
6. Carl S. Droste and James E. Walker. The General Dynamics Case Study on the F16 Fly-by-Wire Flight Control System. AIAA Professional Study Series. American Institute of Aeronautics and Astronautics. Undated.
7. Richard E. Harper and Jaynarayan H. Lala. Fault-tolerant parallel processor. AIAA Journal of Guidance, Control, and Dynamics, 14(3): 554-563, May-June 1991.
8. Stephen D. Ishmael, Victoria A. Regenie, and Dale A. Mackall. Design implications from AFTI/F16 flight test. NASA Technical Memorandum 86026, NASA Ames Research Center, Dryden Flight Research Facility, Edwards, CA, 1984.
9. R.M. Kieckhafer, C. J. Walter, A.M. Finn, and P.M. Thambidurai. The MAFT architecture for distributed fault tolerance. IEEE Transactions on Computers, 37(4): 398-405, April 1988.
10. H. Kopetz, H. Kantz, G. Grünsteidl, P. Puschner, and J. Reisinger. Tolerating transient faults in MARS. In Digest of Papers, FTCS 20, pages 466-473, Newcastle upon Tyne, UK, June 1990. IEEE Computer Society.
11. Hermann Kopetz et al. Distributed fault-tolerant real-time systems: The Mars approach. IEEE Micro, 9(1): 25-40, February 1989.
12. Dale A. Mackall. Development and flight test experiences with a flight-crucial digital control system. NASA Technical Paper 2857, NASA Ames Research Center, Dryden Flight Research Facility, Edwards, CA, 1988.
13. M. Pease, R. Shostak, and L. Lamport. Reaching agreement in the presence of faults. Journal of the ACM, 27(2): 228-234, April 1980.
14. John Rushby. Design choices in specification languages and verification systems. In Phillip Windley, editor, Proceedings of the HOL Theorem Proving System and Applications Conference, Davis, CA, August 1991. IEEE Computer Society.
15. John Rushby. Formal specification and verification of a fault-masking and transientrecovery model for digital flight-control systems. Technical Report SRI-CSL-91-3, Computer Science Laboratory, SRI International, Menlo Park, CA, January 1991. Also available as NASA Contractor Report 4384.
16. John Rushby and Friedrich von Henke. Formal verification of the interactive convergence clock synchronization algorithm using Ehdm. Technical Report SRI-CSL-89-3R, Computer Science Laboratory, SRI International, Menlo Park, CA, February 1989 (Revised August 1991). Also available as NASA Contractor Report 4239.
17. John Rushby and Friedrich von Henke. Formal verification of algorithms for critical systems. In SIGSOFT '91: Software for Critical Systems, New Orleans, LA, December 1991.
18. John Rushby, Friedrich von Henke, and Sam Owre. An introduction to formal specification and verification using Ehdm. Technical Report SRI-CSL-91-2, Computer Science Laboratory, SRI International, Menlo Park, CA, February 1991.
19. Fred B. Schneider. Implementing fault-tolerant services using the state machine approach: A tutorial. ACM Computing Surveys, 22(4): 299-319, December 1990.
20. Natarajan Shankar. Mechanical verification of a schematic Byzantine fault-tolerant clock synchronization algorithm. Technical Report SRI-CSL-91-4, Computer Science Laboratory, SRI International, Menlo Park, CA, January 1991. Also available as NASA Contractor Report 4386.
21. Mandayam Srivas and Mark Bickford. Verification of the FtCayuga fault-tolerant microprocessor system, volume 1: A case-study in theorem prover-based verification. NASA Contractor Report 4381, July 1991.
22. John H. Wensley et al. SIFT: design and analysis of a fault-tolerant computer for aircraft control. Proceedings of the IEEE, 66(10): 1240-1255, October 1978.