Learn More
This paper describes technology developed for the Am-phion/NAV synthesis system. Building on previous work in Amphion/NAIF, this system synthesizes graduate-level textbook examples of single-mode geometric state estimation software. Amphion/NAV includes explanation technology for mapping the internal representations of a proof (generated through deductive(More)
The ARINC-653 standard defines a common interface for Integrated Modular Avionics (IMA) code. In particular, ARINC-653 Part 1 specifies a process-and partition-management API that is analogous to POSIX threads, but with certain extensions and restrictions intended to support the implementation of high reliability flight code. MCP is a software model(More)
1 Motivation Model checking is seldom applied to implementation programs. Furthermore, when it is applied, the usual approach is to extract relevant portions of the code, create a model of its behavior in a diierent notation, and then check the latter. This approach has the drawback that it requires expertise in the use of the model checking tools and hence(More)
In this paper we describe the design and implementation of a static array-bound checker for a family of embedded programs: the flight control software of recent Mars missions. These codes are large (up to 280 KLOC), pointer intensive, heavily multithreaded and written in an object-oriented style, which makes their analysis very challenging. We designed a(More)
We report on a study to determine the maturity of different verification and validation technologies (V&V) on a representative example of NASA flight software. The study consisted of a controlled experiment where three technologies (static analysis, runtime analysis and model checking) were compared to traditional testing with respect to their ability to(More)
This paper describes an analysis approach based on a of static and dynamic techniques to ?nd run-time errors in Java code. It uses symbolic execution to ?nd constraints under which an error (<i>e.g.</i> a null pointer dereference, array out of bounds access, or assertion violation) may occur and then solves these constraints to ?nd test inputs that may(More)
We present a methodology and a tool for the problem of testing and verifying that a PDDL planning domain satisfies a set of requirements, a need that arises for instance in space missions. We first review and analyse coverage conditions for requirement-based testing, and present how test cases can be derived automatically from requirements. Additionally, we(More)