An experimental Study using ACSL and Frama-C to formulate and verify Low-Level Requirements from a DO-178C compliant Avionics Project

  title={An experimental Study using ACSL and Frama-C to formulate and verify Low-Level Requirements from a DO-178C compliant Avionics Project},
  author={Frank Dordowsky},
  • F. Dordowsky
  • Published in F-IDE 1 August 2015
  • Computer Science
Safety critical avionics software is a natural application area for formal verification. This is reflected in the formal method's inclusion into the certification guideline DO-178C and its formal methods supplement DO-333. Airbus and Dassault-Aviation, for example, have conducted studies in using formal verification. A large German national research project, Verisoft XT, also examined the application of formal methods in the avionics domain. However, formal methods are not yet mainstream, and… 

Figures and Tables from this paper

Deductive Functional Verification of Safety-Critical Embedded C-Code: An Experience Report

A formal requirements model that supports the way C-code requirements are currently written at Scania is proposed, and the automation of the specification and annotation effort as a prerequisite for integrating this technology into the embedded software design process is discussed.

Bringing SPARK to C developers

This paper will discuss one of these alternatives, the SPARK language, and describe a framework that allows to gain direct benefits from early investment phases and the supporting tools currently under development.

Runtime Verification of Hierarchical Decentralized Specifications

This work expands on the limitations of existing tools and approaches when meeting the challenges introduced by concurrency and ensure that concurrency needs to be taken into account by considering partial orders in traces.

Formal Requirement Models for Automotive Embedded Systems

Embedded systems are a crucial part of modern vehicles today and are used widely by the automotive industry to control safety-critical functions. To verify that the software will work correctly, fo

Verification of Functional Requirements of Embedded Automotive C Code

Today's vehicles are increasingly controlled by embedded computer systems. Such systems are of safety-critical nature, where an error in the computation could have dire consequences. A common way t



Better Avionics Software Reliability by Code Verification ? A Glance at Code Verification Methodology in the Verisoft XT Project

In the Verisoft XT subproject Avionics, the goal is to apply formal methods to a commercial embedded operating system, to use deductive techniques to verify functional correctness of the PikeOS microkernel.

DO-178C Compliance of Verisoft Formal Methods

The compliance of two of the formal methods and tools – VSE and VCC – that have been used in Verisoft XT may serve as a first step in the certification planning of a real avionics project that would use either one or both methods.

Formal Verification of Avionics Software Products

This paper relates an industrial experience in the field of formal verification of avionics software products from Airbus, a pioneer in this domain, which has been integrating several tool supported formal verification techniques into the development process of avionic software products.

Formal Methods and the Certification of Critical Systems

The technical basis for formal methods in computer science is outlined and some background on these systems is provided so that those concerned with critical computer systems in other contexts may be able to reinterpret the airplane-specific material to suit their own field.


In this article, reuse is defined simply as using previously existing software artifacts as part of the process of creating software systems from predefined software components.

Proving Memory Separation in a Microkernel by Code Level Verification

It is demonstrated how a proof of a non-functional system requirement can be conducted based on results from formal verification on the lowest possible level of human-written artefacts, that is the source code level.

ACSL: ANSI/ISO C Specification Language

The term t denotes the n-ary logic function which maps x1, . . . , xn to t, and the two ’>’ must be separated by a space, to avoid confusion with the shift operator.

The Z notation - a reference manual

  • J. M. Spivey
  • Linguistics
    Prentice Hall International Series in Computer Science
  • 1989
Tutorial introduction background the Z language the mathematical tool-kit sequential systems syntax summary and how to use it to solve sequential systems problems.

EASA Certification Memo CM-SWCEH-002 Software Aspects of Certification

  • EASA Certification Memo CM-SWCEH-002 Software Aspects of Certification
  • 2012

WP Plug-in Manual. Version 0.7 for Fluorine- 20130601

  • WP Plug-in Manual. Version 0.7 for Fluorine- 20130601
  • 2013