NASA Formal Methods: 8th International Symposium, NFM 2016, by Sanjai Rayadurgam, Oksana Tkachuk

This publication constitutes the complaints of the eighth foreign Symposium on NASA Formal tools, NFM 2016, held in Minneapolis, MN, united states, in June 2016.
the nineteen complete and 10 brief papers offered during this quantity have been conscientiously reviewed and chosen from 70 submissions. The papers have been prepared in topical sections named: necessities and architectures; trying out and run-time enforcement; theorem proving and proofs; program of formal equipment; code iteration and synthesis; version checking and verification; and correctness and certification.

Example text

The launching may not be operated all the time and is only possible during a 2 h period each day of the first trimester of 2020. If the task manager decides anyhow to launch out of this time-slot, the launch is operated at the beginning of the next slot. If the order is initiated inside a nominal slot, the chaser is immediately launched. Weather and other external conditions aren’t considered here since they would have the same impact on the task for all studied configurations. For similar reasons, it is considered that, if the launch vehicle takes off, the probability of success of this functionality is 1.

D. thesis, stanford university (1991) On Implementing Real-Time Specification Patterns Using Observers 33 8. : Specifying real-time properties with metric temporal logic. Real-time Syst. 2, 255–299 (1990) 9. : A graphical environment for the design of concurrent real-time systems. ACM Trans. Softw. Eng. Methodol. (TOSEM) 6, 31–79 (1997) 10. : Real-time specification patterns and tools. , Pinger, R. ) FMICS 2012. LNCS, vol. 7437, pp. 1–15. Springer, Heidelberg (2012) 11. : The synchronous dataflow programming language LUSTRE.

JKind uses k-induction, property directed reachability, and invariant generation engines to prove properties of Lustre models. In the case of this experiment, it took about 8 h to prove all three properties. One of the properties was proved via k-induction, the other two were proved by the property directed reachability engine. JKind allows users to export the lemmas used to prove a property. These lemmas can be exported and used again in order to speed up solving for similar models and properties.

