Skip to main content
SpringerLink
Log in

Formal Methods Technology Transfer: A View from NASA

  • Published:
Formal Methods in System Design Aims and scope Submit manuscript

Abstract

Since 1988 NASA Langley Research Center has supported a formal methods research program. From its inception, a primary goal of the program has been to transfer formal methods technology into aerospace industries focusing on applications in commercial air transport. The overall program has been described elsewhere. This paper gives an account of the technology transfer strategy and its evolution.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. W. R. Bevier and W. D. Young. Machine checked proofs of the design and implementation of a fault-tolerant circuit. NASA Contractor Report 182099, November 1990.

  2. W. R. Bevier and W. D. Young. The proof of correctness of a fault-tolerant circuit design. In Second IFIP Conference on Dependable Computing For Critical Applications, Tucson, Arizona, pages 107–114, February 1991.

  3. M. Bickford. A formal semantics for a subset of VHDL and its use in analysis of the ftpp scoreboard circuit. NASA Contractor Report 191577, April 1994.

  4. M. Bickford and D. Jamsek. Formal specification and verification of VHDL. In M. Srivas and A. Camilleri, editors, Formal Methods in Computer-Aided Design (FMCAD '96), volume 1166 of Lecture Notes in Computer Science, Palo Alto, CA, Springer-Verlag, pages 310–326, November 1996.

    Google Scholar 

  5. M. Bickford and M. Srivas. Verification of the FtCayuga fault-tolerant microprocessor system. Volume 2: Formal specification and correctness theorems. NASA Contractor Report 187574, July 1991.

  6. B. Brock and W. A. Hunt, Jr. Report on the formal specification and partial verification of the VIPER microprocessor. NASA Contractor Report 187540, July 1991.

  7. R. W. Butler. NASA Langley's research program in formal methods. In 6th Annual Conference on Computer Assurance (COMPASS 91), Gaithersburg, MD, June 1991.

  8. R. W. Butler, J. L. Caldwell, V. A. Carreno, C. Michael Holloway, P. S. Miner, and B. L. Di Vito. NASA Langley's research and technology transfer program in formal methods. In Tenth Annual Conference on Computer Assurance (COMPASS 95), Gaithersburg, MD, June 1995.

  9. R. W. Butler, J. L. Caldwell, and B. L. Di Vito. Design strategy for a formally verified reliable computing platform. In 6th Annual Conference on Computer Assurance (COMPASS 91), Gaithersburg, MD, June 1991.

  10. R. W. Butler and B. L. Di Vito. Formal design and verification of a reliable computing platform for real-time control (Phase 2 results). ASA Technical Memorandum 104196 January 1992.

  11. R. W. Butler, B. L. Di Vito, and C. Michael Holloway. Formal design and verification of a reliable computing platform for real-time control (Phase 3 results). NASA Technical Memorandum 109140, August 1994.

  12. R. W. Butler and G. B. Finelli. The infeasibility of quantifying the reliability of life-critical real-time software. IEEE Transactions on Software Engineering, 19:3–12, January 1993.

    Google Scholar 

  13. R. W. Butler and J. A. Sjogren. Hardware proofs using EHDM and the RSRE verification methodology. ASA Technical Memorandum 100669, December 1988.

  14. R. W. Butler, (ed.). NASA formal methods workshop 1990. ASA Conference Publication 10052, November 1990.

  15. V. A. Carreño. Interpretation of IEEE-854 floating-point standard and definition in the HOL system, September 1995.

  16. V. A. Carreño and P. S. Miner. Specification of the IEEE-854 floating-point standard in HOL and PVS. In 1995 International Workshop on Higher Order Logic Theorem Proving and its Applications(track B paper and included in supplemental proceedings), Aspen Grove, Utah, September 1995.

  17. Computer Resource Management Inc. In Digital Systems Validation Handbook — volume III, number DOT/FAA/CT-88/10. FAA.

  18. J. Crow and B. L. Di Vito. Formalizing space shuttle software requirements. In Workshop on Formal Methods in Software Practice (FMSP 96), San Diego, California, pages 40–48, January 1996.

  19. J. Crow. Finite-State Analysis of Space Shuttle Contingency Guidance Requirements. Technical Report SRI-CSL-95-17, Computer Science Laboratory, SRI International, Menlo Park, CA, December 1995. Also forthcoming as a NASA Contractor Report for Task NAS1-20334.

    Google Scholar 

  20. B. L. Di Vito. Formalizing new navigation requirements for NASA's space shuttle. In Formal Methods Europe (FME '96), volume 1051 of Lecture Notes in Computer Science, Oxford, England, Springer-Verlag, pages 160–178, March 1996.

    Google Scholar 

  21. B. L. DiVito and R. W. Butler. Provable transient recovery for frame-based, fault-tolerant computing systems. In Real-Time Systems Symposium, Phoenix, Az, December 1992.

  22. B. L. Di Vito and R. W. Butler. Formal techniques for synchronized fault-tolerant systems. In Dependable Computing for Critical Applications 3, Dependable Computing and Fault-Tolerant Systems, Springer Verlag, Wien New York, pages 279–306, 1993. Also presented at 3rd IFIP Working Conference on Dependable Computing for Critical Applications, Mondello, Sicily, Italy, Sept. 14-16, 1992.

    Google Scholar 

  23. B. L. Di Vito, R. W. Butler, and J. L. Caldwell. High level design proof of a reliable computing platform. In Dependable Computing for Critical Applications 2, Dependable Computing and Fault-Tolerant Systems, Springer Verlag, Wien New York, pages 279–306, 1992.

    Google Scholar 

  24. B. L. Di Vito, R. W. Butler, and J. L. Caldwell, II. Formal design and verification of a reliable computing platform for real-time control (Phase 1 results). ASA Technical Memorandum 102716, October 1990.

  25. B. L. Di Vito and Larry Roberts. Using Formal Methods to Assist in the Requirements Analysis of the Space Shuttle GPS Change Request. Contractor report, NASA Langley Research Center, Hampton, VA, 1996. To appear.

    Google Scholar 

  26. J. Kelly et. al. Formal Methods Demonstration Project for Space Applications-Phase I Case Study: Space Shuttle Orbit DAP Jet Select. Multi-Center NASA Team from Jet Propulsion Laboratory, Johnson Space Center, and Langley Research Center, December 1993. NASA Code Q Final Report (Unnumbered).

  27. FAA System Design and Analysis. Advisory Circular AC 25.1309-1A, U. S. Department of Transportation, June 1988.

  28. D. A. Fura, P. J. Windley, and G. C. Cohen. Formal design specification of a processor interface unit. ASA Contractor Report 189698, November 1992.

  29. J. Goldberg et al. Development and analysis of the software implemented fault-tolerance (SIFT) computer. NASA Contractor Report 172146, 1984.

  30. L. Gong, P. Lincoln, and J. Rushby. Byzantine agreement with authentication: Observations and applications in tolerating hybrid and link faults. In Dependable Computing for Critical Applications (DCCA-5), Champaign, IL, September 1995.

  31. D. Guaspari. Formally specifying the logic of an automatic guidance controller. In Ada-Europe Conference, Athens, Greece, May 1991.

  32. C. M. Holloway. Third NASA formal methods workshop 1995. NASA Conference Publication 10176, 1995.

  33. D. Hoover and Z. Chen. Tbell: A mathematical tool for analyzing decision tables. ASA Contractor Report 195027, November 1994. (Note: Tbell is now known as TableWise).

  34. D. N. Hoover. A mathematical model for railway control systems. ASA Contractor Report 198353, June 1996.

  35. S. C. Johnson, C. M. Holloway, and R. W. Butler. Second NASA formal methods workshop 1992. NASA Conference Publication 10110, November 1992.

  36. C. B. Jones. Systematic Software Development using VDM. International Series in Computer Science, 2nd edition. Prentice Hall, Hemel Hempstead, UK, 1992.

    Google Scholar 

  37. S. Kalvala, M. Archer, and K. Levitt. A methodology for integrating hardware design and verification. In ACM International Workshop on Formal Methods in VLSI Design, Miami, FL, January 1991.

  38. K. Levitt et. al. Formal verification of a microcoded VIPER microprocessor using HOL. NASA Contractor Report 4489, February 1993.

  39. P. Lincoln and J. Rushby. A formally verified algorithm for interactice consistency under a hybrid fault model. NASA Contractor Report 4527, July 1993.

  40. P. Lincoln and J. Rushby. Formal verification of an interactive consistency algorithm for the draper ftp architecture under a hybrid fault model. In 1994 Computer Assurance (COMPASS) Conference, June 1994.

  41. S. Miller and M. Srivas. Formal verification of the AAMP5 microprocessor: A case study in the industrial use of formal methods. In WIFT'95Workshop on Industrial-strength Formal Specification Techniques, Boca Raton, Florida, pages 30–43, April 1995.

  42. P. S. Miner. An extension to schneider's general paradigm for fault-tolerant clock synchronization. NASA Technical Memorandum 107634, Langley Research Center, Hampton, VA, 1992.

    Google Scholar 

  43. P. S. Miner. Verification of fault-tolerant clock synchronization systems. NASA Technical Paper 3349, November 1993.

  44. P. S. Miner. Defining the IEEE-854 floating-point standard in PVS. NASA Technical Memorandum 110167, NASA, Langley Research Center, Hampton, VA, June 1995.

    Google Scholar 

  45. P. S. Miner, P. A. Padilla, and W. Torres. A provably correct design of a fault-tolerant clock synchronization circuit. In 11th Digital Avionics Systems Conference, pages 341–346, Seattle, WA, October 1992.

  46. J. S. Moore. A formal model of asynchronous communication and its use in mechanically verifying a biphase mark protocol. NASA Contractor Report 4433, June 1992.

  47. J. S. Moore. Mechanically verified hardware implementing an 8-bit parallel io byzantine agreement processor. NASA Contractor Report 189588, April 1992.

  48. S. Owre, J. Rushby, N. Shankar, and F. von Henke. Formal verification for fault-tolerant architectures: Prolegomena to the design of pvs. IEEE Transactions on Software Engineering, 21(2):107–125, February 1995.

    Article  Google Scholar 

  49. J. Pan and K. Levitt. Towards a formal specification of the IEEE floating-point standard with application to the verification of floating-point coprocessors. In 24th Asilomar Conference on Signals, Systems & Computers, Monterrey, CA., November 1990.

  50. J. Rushby. Formal specification and verification of a fault-masking and transient-recovery model for digital flight-control systems. NASA Contractor Report 4384, July 1991.

  51. J. Rushby. Formal specification and verification of a fault-masking and transient-recovery model for digital flight-control systems. In Second International Symposium on Formal Techniques in Real Time and Fault Tolerant Systems, volume 571 of Lecture Notes in Computer Science, Springer Verlag, Nijmegen, The Netherlands, pages 237–258, January 1992.

    Google Scholar 

  52. J. Rushby. Formal verification of an oral messages algorithm for interactive consistency. NASA Contractor Report 189704, October 1992.

  53. J. Rushby. Formal methods and digital systems validation for airborne systems. NASA Contractor Report 4551, December 1993.

  54. J. Rushby. A formally verified algorithm clock sychronization under a hybrid fault model. In ACM Principles of Distributed Computing '94, August 1994.

  55. J. Rushby. Improvements in the formally verified analysis of the interactive convergence clock synchronization algorithm and its extension to a hybrid fault model. NASA Contractor Report 194970, 1994.

  56. J. Rushby. Formal methods and their role in digital systems validation for airborne systems. NASA Contractor Report 4673, August 1995.

  57. J. Rushby and F. von Henke. Formal verification of a fault-tolerant clock synchronization algorithm. NASA Contractor Report 4239, June 1989.

  58. T. Schubert and Karl Levitt. Verification of memory management units. In Second IFIP Conference on Dependable Computing For Critical Applications, Tucson, Arizona, pages 115–123, February 1991.

  59. T. Schubert, K. Levitt, and G. C. Cohen. Towards composition of verified hardware devices. NASA Contractor Report 187504, November 1991.

  60. T. Schubert, K. Levitt, and G. C. Cohen. Formal verification of a set of memory management units. NASA Contractor Report 189566, 1992.

  61. N. Shankar. Mechanical verification of a schematic Byzantine clock synchronization algorithm. NASA Contractor Report 4386, July 1991.

  62. J. M. Spivey, editor, The Z Notation: A Reference Manual. Prentice Hall International Series in Computer Science. Prentice Hall, Hemel Hempstead, UK, 1989.

    Google Scholar 

  63. M. Srivas and M. Bickford. Verification of the FtCayuga fault-tolerant microprocessor system, Volume 1: A case study in theorem prover-based verification. NASA Contractor Report 4381, July 1991.

  64. M. Srivas and M. Bickford. Moving formal methods into practice: Verifying the FTPP scoreboard: Phase 1 results. NASA Contractor Report 189607, May 1992.

  65. M. Srivas and M. Bickford. Verification of a fault-tolerant property of a multiprocessor system. In Theorem Provers in Circuit Design: Theory, Practice and Experience, Nijmegen, The Netherlands, June 1992.

    Google Scholar 

  66. M. Srivas and S. Miller. Formal verification of an avionics microprocessor. NASA Contractor Report 4682, July 1995.

  67. P. J. Windley. Abstract hardware. In ACM International Workshop on Formal Methods in VLSI Design, Miami, FL, January 1991.

  68. P. J. Windley, K. Levitt, and G. C. Cohen. Formal proof of the AVM-1 microprocessor using the concept of generic interpreters. NASA Contractor Report 187491, March 1991.

  69. P. J. Windley, K. Levitt, and G. C. Cohen. The formal verification of generic interpreters. NASA Contractor Report 4403, October 1991.

  70. W. D. Young. Verifying the Interactive Convergence Clock Synchronization Algorithm using the Boyer-Moore theorem prover. NASA Contractor Report 189649, April 1992.

Download references

Author information

Authors and Affiliations

  1. Flight Electronics Technology Division, NASA Langley Research Center, Hampton, Virginia, 23681.

    James L. Caldwell

Authors
  1. James L. Caldwell
    View author publications

    You can also search for this author in PubMed Google Scholar

Rights and permissions

Reprints and permissions

About this article

Cite this article

Caldwell, J.L. Formal Methods Technology Transfer: A View from NASA. Formal Methods in System Design 12, 125–137 (1998). https://doi.org/10.1023/A:1008693709419

Download citation

  • Issue Date:

  • DOI: https://doi.org/10.1023/A:1008693709419

Search

Navigation