Formal methods: practical applications and foundations

Formal Analysis and Verification of Airborne Software Based on DO-333

Electronics ◽

10.3390/electronics9020327 ◽

2020 ◽

Vol 9 (2) ◽

pp. 327

Author(s):

Zongyu Cao ◽

Wanyou Lv ◽

Yanhong Huang ◽

Jianqi Shi ◽

Qin Li

Keyword(s):

Formal Methods ◽

Formal Analysis ◽

Practical Application ◽

Practical Applications ◽

Technological Advances ◽

Catastrophic Loss ◽

Development Processes ◽

General Guide ◽

Verification Process ◽

Software Lifecycle

With rapid technological advances in airborne control systems, it has become imperative to ensure the reliability, robustness, and adaptability of airborne software since failure of these software could result in catastrophic loss of property and life. DO-333 is a supplement to the DO-178C standard, which is dedicated to guiding the application of formal methods in the review and analysis of airborne software development processes. However, DO-333 lacks theoretical guidance on how to choose appropriate formal methods and tools to achieve verification objectives at each stage of the verification process, thereby limiting their practical application. This paper is intended to illustrate the formal methods and tools available in the verification process to lay down a general guide for the formal development and verification of airborne software. We utilized the Air Data Computer (ADC) software as the research object and applied different formal methods to verify software lifecycle artifacts. This example explains how to apply formal methods in practical applications and proves the effectiveness of formal methods in the verification of airborne software.

Download Full-text

PICASSOS – Practical Applications of Automated Formal Methods to Safety Related Automotive Systems

10.4271/2017-01-0063 ◽

2017 ◽

Cited By ~ 4

Author(s):

John Botham ◽

Gunwant Dhadyalla ◽

Antony Powell ◽

Peter Miller ◽

Olivier Haas ◽

...

Keyword(s):

Formal Methods ◽

Practical Applications ◽

Automotive Systems

Download Full-text

Formal Methods—A Need for Practical Applications

Formal Methods for Safety and Security ◽

10.1007/978-981-10-4121-1_1 ◽

2017 ◽

pp. 1-12 ◽

Cited By ~ 1

Author(s):

Manju Nanda ◽

J. Jayanthi ◽

Yogananda Jeppu

Keyword(s):

Formal Methods ◽

Practical Applications

Download Full-text

The HACMS program: using formal methods to eliminate exploitable bugs

Philosophical Transactions of The Royal Society A Mathematical Physical and Engineering Sciences ◽

10.1098/rsta.2015.0401 ◽

2017 ◽

Vol 375 (2104) ◽

pp. 20150401 ◽

Cited By ~ 10

Author(s):

Kathleen Fisher ◽

John Launchbury ◽

Raymond Richards

Keyword(s):

Formal Methods ◽

Assembly Language ◽

Software Systems ◽

Practical Applications ◽

C Programs ◽

Correctness Proofs ◽

Buffer Overflows ◽

Number Of Factors ◽

Wide Range ◽

High Assurance

For decades, formal methods have offered the promise of verified software that does not have exploitable bugs. Until recently, however, it has not been possible to verify software of sufficient complexity to be useful. Recently, that situation has changed. SeL4 is an open-source operating system microkernel efficient enough to be used in a wide range of practical applications. Its designers proved it to be fully functionally correct, ensuring the absence of buffer overflows, null pointer exceptions, use-after-free errors, etc., and guaranteeing integrity and confidentiality. The CompCert Verifying C Compiler maps source C programs to provably equivalent assembly language, ensuring the absence of exploitable bugs in the compiler. A number of factors have enabled this revolution, including faster processors, increased automation, more extensive infrastructure, specialized logics and the decision to co-develop code and correctness proofs rather than verify existing artefacts. In this paper, we explore the promise and limitations of current formal-methods techniques. We discuss these issues in the context of DARPA’s HACMS program, which had as its goal the creation of high-assurance software for vehicles, including quadcopters, helicopters and automobiles. This article is part of the themed issue ‘Verified trustworthy software systems’.

Download Full-text

Ion Beam Induced Interfacial Reactions in Molybdenum Thin Films on Silicon

Proceedings, annual meeting, Electron Microscopy Society of America ◽

10.1017/s0424820100097466 ◽

1981 ◽

Vol 39 ◽

pp. 162-163

Author(s):

L. J. Chen ◽

L. S. Hung ◽

J. W. Mayer

Keyword(s):

Ion Beam ◽

Chemical Vapor ◽

Interfacial Reactions ◽

Practical Applications ◽

Microelectronic Devices ◽

Recent Emergence ◽

Chemical Vapor Deposited ◽

Atomic Mixing ◽

Silicon Interface ◽

Kinetics Of

When an energetic ion penetrates through an interface between a thin film (of species A) and a substrate (of species B), ion induced atomic mixing may result in an intermixed region (which contains A and B) near the interface. Most ion beam mixing experiments have been directed toward metal-silicon systems, silicide phases are generally obtained, and they are the same as those formed by thermal treatment.Recent emergence of silicide compound as contact material in silicon microelectronic devices is mainly due to the superiority of the silicide-silicon interface in terms of uniformity and thermal stability. It is of great interest to understand the kinetics of the interfacial reactions to provide insights into the nature of ion beam-solid interactions as well as to explore its practical applications in device technology.About 500 Å thick molybdenum was chemical vapor deposited in hydrogen ambient on (001) n-type silicon wafer with substrate temperature maintained at 650-700°C. Samples were supplied by D. M. Brown of General Electric Research & Development Laboratory, Schenectady, NY.

Download Full-text

1250-kilovolt scanning transmission electron microscope

Proceedings, annual meeting, Electron Microscopy Society of America ◽

10.1017/s0424820100113007 ◽

1984 ◽

Vol 42 ◽

pp. 624-625

Author(s):

T. Imura ◽

S. Maruse ◽

K. Mihama ◽

M. Iseki ◽

M. Hibino ◽

...

Keyword(s):

High Voltage ◽

Electron Probe ◽

Scanning Transmission Electron Microscope ◽

Pressure Vessels ◽

Practical Applications ◽

Voltage Generator ◽

Transmission Electron ◽

Scanning Transmission ◽

New Applications ◽

High Voltage Generator

Ultra high voltage STEM has many inherent technical advantages over CTEM. These advantages include better signal detectability and signal processing capability. It is hoped that it will explore some new applications which were previously not possible. Conventional STEM (including CTEM with STEM attachment), however, has been unable to provide these inherent advantages due to insufficient performance and engineering problems. Recently we have developed a new 1250 kV STEM and completed installation at Nagoya University in Japan. It has been designed to break through conventional engineering limitations and bring about theoretical advantage in practical applications.In the design of this instrument, we exercised maximum care in providing a stable electron probe. A high voltage generator and an accelerator are housed in two separate pressure vessels and they are connected with a high voltage resistor cable.(Fig. 1) This design minimized induction generated from the high voltage generator, which is a high frequency Cockcroft-Walton type, being transmitted to the electron probe.

Download Full-text

Characterization of intergranular cuprous oxide in polycrystalline YBa2Cu3O7-x

Proceedings, annual meeting, Electron Microscopy Society of America ◽

10.1017/s0424820100106466 ◽

1988 ◽

Vol 46 ◽

pp. 880-881

Author(s):

Bradley L. Thiel ◽

Chan Han R. P. ◽

Kurosky L. C. Hutter ◽

I. A. Aksay ◽

Mehmet Sarikaya

Keyword(s):

Grain Boundary ◽

Cuprous Oxide ◽

Room Temperature ◽

Boundary Phase ◽

Spectroscopic Techniques ◽

Transition Width ◽

Practical Applications ◽

Thin Foils ◽

Superconducting Oxides

The identification of extraneous phases is important in understanding of high Tc superconducting oxides. The spectroscopic techniques commonly used in determining the origin of superconductivity (such as RAMAN, XPS, AES, and EXAFS) are surface-sensitive. Hence a grain boundary phase several nanometers thick could produce irrelevant spectroscopic results and cause erroneous conclusions. The intergranular phases present a major technological consideration for practical applications. In this communication we report the identification of a Cu2O grain boundary phase which forms during the sintering of YBa2Cu3O7-x (1:2:3 compound).Samples are prepared using a mixture of Y2O3. CuO, and BaO2 powders dispersed in ethanol for complete mixing. The pellets pressed at 20,000 psi are heated to 950°C at a rate of 5°C per min, held for 1 hr, and cooled at 1°C per min to room temperature. The samples show a Tc of 91K with a transition width of 2K. In order to prevent damage, a low temperature stage is used in milling to prepare thin foils which are then observed, using a liquid nitrogen holder, in a Philips 430T at 300 kV.

Download Full-text

Resolution and measurement in the scanning electron microscope

Proceedings, annual meeting, Electron Microscopy Society of America ◽

10.1017/s0424820100127256 ◽

1987 ◽

Vol 45 ◽

pp. 534-537 ◽

Cited By ~ 2

Author(s):

Michael T. Postek

Keyword(s):

Electron Microscope ◽

Scanning Electron Microscope ◽

Engineering Design ◽

Resolving Power ◽

Practical Applications ◽

Instrument Resolution ◽

Accurate Definition ◽

Definition Of ◽

Scanning Electron ◽

Better Than

The term ultimate resolution or resolving power is the very best performance that can be obtained from a scanning electron microscope (SEM) given the optimum instrumental conditions and sample. However, as it relates to SEM users, the conventional definitions of this figure are ambiguous. The numbers quoted for the resolution of an instrument are not only theoretically derived, but are also verified through the direct measurement of images on micrographs. However, the samples commonly used for this purpose are specifically optimized for the measurement of instrument resolution and are most often not typical of the sample used in practical applications.SEM RESOLUTION. Some instruments resolve better than others either due to engineering design or other reasons. There is no definitively accurate definition of how to quantify instrument resolution and its measurement in the SEM.

Download Full-text

In situ TEM Studies of agglomeration of sub-nanometer Ru layers in Ru/C multilayers

Proceedings, annual meeting, Electron Microscopy Society of America ◽

10.1017/s0424820100121685 ◽

1992 ◽

Vol 50 (1) ◽

pp. 256-257

Author(s):

Tai D. Nguyen ◽

Ronald Gronsky ◽

Jeffrey B. Kortright

Keyword(s):

Layered Structure ◽

Driving Force ◽

High Energy ◽

Superior Performance ◽

In Situ Tem ◽

Rayleigh Instability ◽

Practical Applications ◽

Transmission Electron ◽

Diffraction Patterns

Nanometer period Ru/C multilayers are one of the prime candidates for normal incident reflecting mirrors at wavelengths < 10 nm. Superior performance, which requires uniform layers and smooth interfaces, and high stability of the layered structure under thermal loadings are some of the demands in practical applications. Previous studies however show that the Ru layers in the 2 nm period Ru/C multilayer agglomerate upon moderate annealing, and the layered structure is no longer retained. This agglomeration and crystallization of the Ru layers upon annealing to form almost spherical crystallites is a result of the reduction of surface or interfacial energy from die amorphous high energy non-equilibrium state of the as-prepared sample dirough diffusive arrangements of the atoms. Proposed models for mechanism of thin film agglomeration include one analogous to Rayleigh instability, and grain boundary grooving in polycrystalline films. These models however are not necessarily appropriate to explain for the agglomeration in the sub-nanometer amorphous Ru layers in Ru/C multilayers. The Ru-C phase diagram shows a wide miscible gap, which indicates the preference of phase separation between these two materials and provides an additional driving force for agglomeration. In this paper, we study the evolution of the microstructures and layered structure via in-situ Transmission Electron Microscopy (TEM), and attempt to determine the order of occurence of agglomeration and crystallization in the Ru layers by observing the diffraction patterns.

Download Full-text

A New Detector System For The HB5 Stem Instrument

Proceedings, annual meeting, Electron Microscopy Society of America ◽

10.1017/s0424820100117674 ◽

1985 ◽

Vol 43 ◽

pp. 134-135

Author(s):

J.M. Cowley

Keyword(s):

Dark Field ◽

Detector System ◽

Electron Holography ◽

Small Specimen ◽

Bright Field ◽

Multiple Images ◽

Practical Applications ◽

Wide Range ◽

Diffraction Patterns ◽

Operational Modes

The HB5 STEM instrument at ASU has been modified previously to include an efficient two-dimensional detector incorporating an optical analyser device and also a digital system for the recording of multiple images. The detector system was built to explore a wide range of possibilities including in-line electron holography, the observation and recording of diffraction patterns from very small specimen regions (having diameters as small as 3Å) and the formation of both bright field and dark field images by detection of various portions of the diffraction pattern. Experience in the use of this system has shown that sane of its capabilities are unique and valuable. For other purposes it appears that, while the principles of the operational modes may be verified, the practical applications are limited by the details of the initial design.

Download Full-text