Miller, S. P. (1998), Specifying the mode logic of a flight guidance system in CoRE and SCR, in M. Ardis, ed., `Proceedings of FMSP'98: The Second Workshop on Formal Methods in Software Practice', ACM Press, pp. 44--53.  Home/Search   Document Not in Database   Summary   Related Articles   Check

....source specification. However, though specifications in the SE Linux policy language are independent of implementation details, the language is very lowlevel and detailed, making the high level properties of a policy difficult to check by inspection. Our experience as well as that of others (e.g. [10]) is that mechanized formal methods can uncover errors that humans miss in inspecting even the most carefully crafted specifications. For a user to analyze a typically intricate policy specification, mechanized tools are a practical necessity. Tools such as Apol from Tresys Technology and Tebrowse ....

S. Miller. Specifying the mode logic of a flight guidance system in CoRE and SCR. In Proc. 2nd Workshop on Formal Methods in Software Practice (FMSP'98), 1998.

.... the users intent [13] and a model checker to detect violations of critical application properties [3, 12] Recently, groups at NASA and Rockwell Aviation as well as our group at NRL have used the SCR techniques to detect serious errors in requirements specifications of real world systems [7, 21, 12]. By exposing defects in the requirements specification, such techniques help the user improve the specification s quality. This improved specification provides a solid foundation for the later phases of the software development process. While high quality requirements specifications are clearly ....

S. P. Miller. Specifying the mode logic of a flight guidance system in CoR]g and SCP. In Proc. 2nd ACM Workshop on Formal Methods in Software Practice (FMSP'98), 1998.

....is a correct statement of the required system behavior. The SCR method has been used successfully by many organizations in industry and in government (e.g. Bell Laboratories [20] Grumman [29] Lockheed [10] the Naval Research Laboratory [16, 25] Ontario Hydro [35] and Rockwell Aviation [30]) to develop and analyze specifications of practical systems, including flight control systems [10, 30] weapons systems [16] space systems [9] and cryptographic devices [25] Most recently, the SCR tools were used by Lockheed Martin, together with a test case generator, to detect a critical ....

.... by many organizations in industry and in government (e.g. Bell Laboratories [20] Grumman [29] Lockheed [10] the Naval Research Laboratory [16, 25] Ontario Hydro [35] and Rockwell Aviation [30] to develop and analyze specifications of practical systems, including flight control systems [10, 30], weapons systems [16] space systems [9] and cryptographic devices [25] Most recently, the SCR tools were used by Lockheed Martin, together with a test case generator, to detect a critical error described as the most likely cause of a 165M failure in the software controlling landing ....

Miller, S.: 1998, `Specifying the Mode Logic of a Flight Guidance System in CoRE and SCR'. In: Proc. 2nd ACM Workshop on Formal Methods in Software Practice (FMSP'98).

....CTL. A variety of extant case studies that use model checkers to analyze realistic systems lend plausibility to these assumptions. One example case study is TCAS[8] where the own aircraft logic of a traffic collision and avoidance system is specified in SMV. Another example case study is FGS[22], where the mode logic for a flight guidance system has been specified and analyzed in a variety of formal notations, including SMV[28] Our basic idea is that test engineers should endeavor to place a safety critical system in circumstances where it could plausibly violate its safety constraints ....

S. P. Miller. Specifying the mode logic of a flight guidance system in CoRE and SCR. In Second Workshop on Formal Methods in Software Practice, Clearwater Beach, FL, March 1998.

.... recent work, Miller et al. have specified the mode logic of a flight guidance system in CoRE and SCR (which are variants of Functional Documentation) and they have found that the requirements specification of the user interface should have been separated in quite a similar way as proposed here [33]. More results will become available later this year. The users interface is only one of the resources of a telecommunication system. Therefore, a telecommunication system architecture that avoids (at least many) feature interaction problems should encapsulate the details of other resources, ....

Steven P. Miller. Specifying the mode logic of a flight guidance system in CoRE and SCR. In "Second Workshop on Formal Methods in Software Practice", Clearwater Beach, Florida, USA (4--5 March 1998).

.... to detect missing assumptions and ambiguity in the requirements specification of the International Space Station [11] In a second project, engineers at Rockwell Aviation used the SCR tools to detect 28 errors, many of them serious, in the requirements specification of a flight guidance system [22]. Recently, NRL used the SCR tools to uncover numerous errors, including a safety violation, in a sizable contractor produced requirements specification of a weapons control panel for a safety critical U.S. military system [13] 2.2. Modes and Mode Invariants Three kinds of tables found in most ....

S. Miller. Specifying the mode logic of a flight guidance system in CoRE and SCR. In Proc. 2nd ACM Workshop on Formal Methods in Software Practice (FMSP'98), pp. 44--53, 1998.

....to construct the source document. The canonical reference on CoRE is the Consortium Requirements Engineering Guidebook [1] or CoRE Guidebook ) by Faulk, Finneran, Kirby and Moini. Chapter 3 is an introduction to the Flight Guidance System (FGS) that is specified in Miller and Hoech s report [5]. Chapter 4 is a discussion of some questions that arose from our investigations of the CoRE specification. Chapter 5 contains an outline of the Z specification language; for further reading, there are two books by Spivey: Understanding Z [10] and The Z Reference Manual [11] as well as Jacky s ....

....SPIN. Enhancements to Z EVES and added computational power would greatly increase the feasibility of performing more substantial verification on our specification. 34 Chapter 7 Conclusions 7. 1 The CoRE Specification The Flight Guidance System (FGS) specified in Miller and Hoech s document [5] is intended as an example for evaluating various requirements engineering methods. Miller and Hoech used the CoRE method [1] to specify the FGS. The CoRE method can be used with the constraints of the SCR discrete time formal model [3] but the authors chose not to use it. Unless the author one ....

Steven P. Miller and Karl F. Hoech, Specifying the Mode Logic of a Flight Guidance System in CoRE, Rockwell-Collins, April 1997.

....However, many realistic specifications are composed of a number of modules and contain dozens of variables. To verify scalability of the method and applicability of the experimental results to realistic specifications, we plan to use larger specifications, such as the Flight Guidance System [20] and other specifications from industry. By improving the mutation generator to handle the general SMV syntax, we will extend the pool of specifications available for our experiments. 4.3 How Does the Method Compare with Others We want to compare the coverage of specification mutation analysis ....

S. P. Miller. Specifying the mode logic of a flight guidance system in CoRE and SCR. In Second Workshop on Formal Methods in Software Practice, Clearwater Beach, FL, March 1998.

....in documentation is an old and obvious idea. Today, use cases [7] are probably the best known technique for software documentation based on examples. While use cases are usually informal and not executable, scenarios can be made executable, as research on SCR requirements specifications has shown [9]. Our test cases can be thought of as executable API use cases. Using test cases in documentation involves test case selection, a central topic in testing research [12, 11, 10] Our approach is also consistent with proposals for extreme programming [2, 1] where API test cases play a central ....

S. Miller. Specifying the mode logic of a flight guidance system in CoRE and SCR. In 2nd ACM Workshop on Formal Methods in Softwre Practice, 1998.

.... toolset s consistency checker to detect several errors in the requirements specification of the International Space Station [7] In a second project, Rockwell engineers used the SCR toolset to detect 28 errors, many of them serious, in the requirements specification of a flight guidance system [17]. In a third project, our group at NRL used the SCR toolset to expose several errors, including a safety violation, in a contractor produced specification of a US military system [9] In a fourth project, our group used the SCR toolset to specify the requirements of a cryptographic device (CD) ....

S. Miller. Specifying the mode logic of a flight guidance system in CoRE and SCR. In Proc. 2nd ACM Workshop on Formal Methods in Software Practice, 1998.

....variable system configurations and variable inputs to that system. Although the SPC guidebook discourages considering runtime variations in the decision model, it is impossible, as Weiss (1997) points out, to describe the required behavior without modeling those monitored variables. Finally, as Miller (1998) has pointed out, there is a need for more product family engineering to describe how to model the requirements for an entire family of products. The modeling decisions that have safety implications, such as how to handle nearcommonalities, specifying dependencies among variabilities, and ....

Miller, S. P., 1998. Specifying the Mode Logic of a Flight Guidance System in CoRE and SCR, 2nd Workshop on Formal Methods in Software Practice, Clearwater Beach, FL.

.... Space Station (Easterbrook and Callahan, 1997) In another project, engineers at Rockwell Collins used the specification editor, the consistency checker, and the simulator to detect 24 errors, many of them serious, in the requirements specification of an example flight guidance system (Miller, 1998). In a third project, researchers at JPL (Jet Propulsion Laboratory) used the SCR tools to analyze specifications of two components of NASA s Deep Space 1 spacecraft (Lutz and Shaw, 1997) these components are designed to reduce the likelihood that a single fault can lead to total or partial loss ....

Miller, S. 1998. Specifying the mode logic of a flight guidance system in CoRE and SCR. In Proc. 2nd Workshop on Formal Methods in Software Practice (FMSP'98).

....the importance of discovering and eliminating flaws in a system at the earliest possible stage of development: the requirements phase. The application of mechanized formal methods can expose many errors that humans miss in inspecting even the most carefully crafted requirements specifications [22]. A formal method is a mathematically based method for the precise specification and analysis of systems and devices. Associated with a formal method is a formal specification language with a well defined semantics. A mechanized formal method is one having, at the very least, computer support for ....

....The SCR Method The SCR method (Software Cost Reduction) is a formal method for specifying and analyzing the requirements of safety critical control systems. Since its introduction in 1978, the SCR requirements method has been applied successfully to a wide range of critical systems (see, e.g. [14, 23, 7, 6, 22, 18]) including avionics systems, space systems, telephone networks, and control systems for nuclear power plants. An SCR requirements specification describes both the system environment, which is nondeterministic, and the required system behavior, which is usually deterministic [13, 12] In the SCR ....

S. Miller. Specifying the mode logic of a flight guidance system in CoRE and SCR. In Proc. 2nd Workshop on Formal Methods in Software Practice (FMSP'98), 1998.

.... the SCR consistency checker to detect several errors in the requirements specification of the International Space Station [3] In a second project, Rockwell Collins engineers used the SCR tools to detect 24 errors, many of them serious, in the requirements specification of a flight guidance system [11]. In a third project, our group at NRL used the SCR tools to expose several errors, including a safety violation, in a contractor produced specification of a US military system [5] In a fourth project, our group used SCR to specify the requirements of a cryptographic device (CD) verifying that ....

Steve Miller. Specifying the mode logic of a flight guidance system in CoRE and SCR. In Proc. 2nd ACM Workshop on Formal Methods in Software Practice (FMSP'98), 1998.

....and simulation of a machine checkable formal model of requirements for flight guidance mode logic to find latent errors, many of them significant. One of the identified directions for future work at the end of the report was that engineers wanted a greater emphasis on graphical representation [Miller 1998]. Integrating graphical design analysis tools, such as fault trees, with formal methods can enhance safety analyses. Fault trees have been formalized as temporal formulas in interval logic [Hansen et al. 1998] More ambitiously, integration of visual programming environments with formal methods ....

Miller, S. P. 1998. Specifying the mode logic of a flight guidance system in CoRE and SCR. In Proc Formal Methods in Software Practice Workshop (1998), pp. 44--53.

....assumptions about the base system and thus cause feature interaction problems. This effect is known sufficiently from the Intelligent Network, of which the Detection Points together have about the same potential for modification. A variant of the Functional Documentation approach, called CoRE [Mil98, FBWK92] allows to partition a specification into classes where each class groups together portions that are logically related and likely to change together. The CoRE method requires that all restrictions on a controlled variable are specified within a single class. Therefore, it does not ....

Miller, S. P. Specifying the mode logic of a flight guidance system in CoRE and SCR. In "Second Workshop on Formal Methods in Software Practice", Clearwater Beach, Florida, USA (4--5 Mar. 1998).

....requirements of safety critical control systems. Since its introduction in 1978, the SCR requirements method has been applied successfully to a wide range of critical systems, including avionics systems, space systems, telephone networks, and control systems for nuclear power plants. See, e.g. [15, 23, 8, 7, 22, 19]. An SCR requirements specification describes both the system environment, which is nondeterministic, and the required system behavior, which is usually deterministic [12, 14] Quantities in the environment that the system monitors and controls are represented by monitored and controlled ....

S. Miller. Specifying the mode logic of a flight guidance system in CoRE and SCR. In Proc. 2nd Workshop on Formal Methods in Software Practice (FMSP'98), 1998.

.... an inference procedure for knowledge level modeling that can support prediction, explanation, and planning [35] Menzies et al. shows how abductive techniques can also be used to reason about inconsistent (multiperspective) requirements specifications to identify their consistent subsets [36]. Satoh has also proposed the use of abduction for handling the evolution of (requirements) specification, by showing that minimal revised specifications can efficiently be computed using logic programming abductive decision procedures [44] Finally, we have also explored the use of abduction for ....

Miller, S. (1998). Specifying the mode logic of a Flight Guidance System in CoRE and SCR. Proceedings of 2nd Workshop of Formal Methods in Software Practice

No context found.

Miller, S. P. (1998), Specifying the mode logic of a flight guidance system in CoRE and SCR, in M. Ardis, ed., `Proceedings of FMSP'98: The Second Workshop on Formal Methods in Software Practice', ACM Press, pp. 44--53.

No context found.

Miller, S. P., Specifying the mode logic of a flight guidance system in CoRE and SCR, Proceedings, 2nd Workshop on Formal Methods in Software Practice (FMSP'98), Clearwater Beach, FL, ACM Press (1998), 44--53.

No context found.

Steve Miller. Specifying the mode logic of a flight guidance system in CoRE and SCR. In Proc. 2nd ACM Workshop on Formal Methods in Software Practice (FMSP'98), 1998.

No context found.

Steven P. Miller and Karl F. Hoech. Specifying the mode logic of a flight guidance system in CoRE. Technical Report WP97-2011, Rockwell Collins, Inc., Avionics & Communications, Cedar Rapids, IA 52498 USA (November 1997).

No context found.

Steven P. Miller. Specifying the mode logic of a flight guidance system in CoRE and SCR. In "Second Workshop on Formal Methods in Software Practice", Clearwater Beach, Florida, USA (4--5 March 1998).

No context found.

S. Miller. Specifying the mode logic of a flight guidance system in CoRE and SCR. In Proc. 2nd Workshop on Formal Methods in Software Practice (FMSP'98), 1998.

No context found.

Miller, S. and K. F. Hoech, "Specifying the Mode Logic of a Flight Guidance System in CoRE," Rockwell Collins Avionics Report, August, 1997.

First 50 documents

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC