Executable Formal Models for Validation and Specless Verification

Verification and certification of flight critical software and application-specific integrated circuits (ASICs) is currently a labor-intensive, manual process involving extensive testing, inspections, and process documentation. The complexity of these systems and devices will increase both because increases in cockpit automation and application integration offer important safety benefits and because astonishing improvements in digital computing technology can potentially improve performance and decrease cost. The current approach to verification and certification will be challenged by this increased complexity. In order to reap fully the benefits of these technological advances we must develop new methods for verification and certification of flight critical devices that provide higher degrees of assurance for increasingly complex systems while simultaneously streamlining the verification process. The development of executable formal models may offer higher degrees of assurance, address increased complexity, and streamline certain aspects of the verification process. Increased assurance can be obtained as a result of rigorous, mechanical, mathematically complete checks of consistency and completeness of system requirements as well as proofs of correctness of specific implementations. As vector-based testing becomes increasingly inadequate to assure correctness in the face of exponentially growing state space, formal proofs of correctness can encompass the entire design, demonstrating correctness once and for all. In addition, executing real world stimulus on a formal model helps allay concerns about inconsistencies between the model used to support reasoning and the actual implementation. Formal models representing specific implementations can also be used to support specless verification activities such as product family verification, symbolic simulation, and self-checking tool arrangements. 1. The Verification Challenge Technological advances in the commercial realm are driving electronics prices lower while providing improvements in performance. Mass production and economies of scale have allowed incredible price/performance ratios and the accelerated pace of technology development and deployment has led to ever greater time-to-market pressures on technology producers. These trends in the everyday consumer electronics arena create the expectation that, even in a safety critical market such as avionics, cost and time to market should decline and that performance and functionality should improve. As a result of these and other forces, avionics systems are becoming increasingly complex. These same trends, however, could have a negative impact on overall system safety. As complexity increases, the effort required to provide the same level of operational assurance increases as well. If left unchecked, simple state space arguments predict that a linear increase in complexity can result in an exponential increase in the effort required to provide a particular level of assurance. Even in the face of this additional complexity demand for improved safety continues to increase. The objective of NASA's current Aviation Safety Program, for example, is not simply to maintain current levels of safety, but to improve safety [6]. Obtaining such improvement in the face of increasing complexity and pressures to reduce overall costs will require advances on many fronts. While classical verification has served us well in the past, it appears that new verification approaches will be needed to control verification costs and to provide improved safety in the face of increasing complexity. The challenge, therefore, is to find new verification techniques whose