Formal methods for spacecraft control programs

Abstract

Software programs that govern various systems often contain subtle errors that slip through even the most rigorous testing and validation routines. One integer overflow error can cause a crash of a spacecraft or a devastating loss of funds in a financial application. Formal methods bring higher levels of correctness guarantees than traditional testing. The aerospace domain requires adherence to high quality standards for both hardware and software system components. Mission requirements motivate development of tailored hardware and software that needs to be rigorously tested to comply with industry quality standards. In this thesis, we apply formal methods and programming languages techniques to design a generic semantics-based verification framework for instruction-set architecture level programs. We instantiate the framework for a custom instruction-set architecture designed for space satellite subsystems and create a formal and executable semantics for the ISA. On top of the semantics, we build a tool set that facilitates simulation, testing, static analysis and formal verification of spacecraft control programs. Our tool aims to shift the main verification effort to an earlier stage in the project timeline, and reduce the costly and time-consuming setbacks caused by bugs discovered on the later stages of system development. We argue that our approach is ISA-generic, and can be applied to other instruction sets and bytecode-style languages.