Safety Critical Software and Systems Research at General Electric

GE Global Research Safety Critical Software and Systems @ GE

Michael Durling Portfolio Leader, Validation & Verification Technology June 10, 2015 “I find out what the world needs, then I proceed to invent it.” -Thomas Edison

Power & Water Energy Management Oil & Gas GE Capital

Healthcare Aviation Transportation Home & Business Solutions Aligned for growth

• First U.S. industrial lab • ~2000 scientists/engineers, nearly two-thirds PhDs • 3,522 U.S. patents filed by GE in 2012 • One of the world’s most diversified industrial research organizations, providing innovative technology for all of GE’s businesses

Advanced Manufacturing and Russia Software Technology Center Japan Global Research Detroit, MI Global Research Europe Headquarters Munich, Germany Niskayuna, NY 2X Size + Customer O&G Tech Center Innovation Center Israel Oklahoma

Software CoE San Ramon, CA China Technology Center Shanghai, China + 3 Customer Welch Technology Center Innovation Centers Bangalore, India Brazil Technology Center Customer focused R&D Rio de Janeiro, Brazil

1879 1895 1920 1921 1941 1998 2002 2003 2009 2010 2012 Carbon World’s Portable The Entering Lightspeed™ Wind Power Evolution® Vscan™ WattStation™ Durathon™ Filament Largest X-Ray Magnetron the Jet Age CT Scanner Locomotive Battery Incandescent Electric Machine Lamp Locomotive

Electrical Engineers Physicists Energy Conversion Advanced Propulsion Sustainable Energy Software Engineers Material Innovation Scientists Biologists Mechanical Nanotechnology Engineers Organic Electronics

Molecular Medicine

Mathematicians Chemists

Governments Universities Companies

State of Bavaria

• Common language between Global Research & the businesses • Plan, manage projects vs. Technology Readiness Level (TRL) & Manufacturing Readiness Level (MRL) progression • Evaluate readiness for business transition

GE business programs ~$604 M • Next generation product technology • Short-term technical challenges 32%

GE corporate programs 14% • Advanced Technology programs • New ideas 54% • High-risk/high reward

External partnerships and gov’t. funded • Joint technology • Specific customer focus

• 20 year life • Level A Cert • Level A Cert • 10G shock • -55º to 125ºC • -55º to 125ºC • -50º to +130ºC • Coal dust, silica, • 10K hr MTBF • 200K hr MTBF

Salt Fog, SO2, H2S • 20G shock • 20G shock ...

Power Generation Power T&D

• 30,000+ I/O • 250K+ I/O points points • SONET Rings • Rad. Hard • -40 to 80° C 0-100 R/hr • Wide-area control • SIL III safety

• -40º to 80ºC • Hermetic • IEC60255-21-2 • 15 Kpsi Class 1 shock & • 25 year Life vibration • 3000m depth

Lighting Downhole O&G

• 10,000 Nodes • -20º to 200ºC • Wireless • Mesh Network • 15K psi • 500 Nodes/AP • Up to 6G (30 min)

Software Intensive Critical infrastructure Traditional Approach - Errors & Costs

Challenges: Key technologies:

• Critical systems are more distributed • Formal methods for requirements and growing in complexity capture, analysis & design verification • Partition between local and cloud • Hybrid systems analysis techniques • Transition of legacy systems • Automated test suite generation • Cybersecurity threats • Automated design space exploration

Typical Software Breakdown for Aviation Systems Problem: Effort to develop software intensive systems at GE is growing. In some cases, Validation & Verification (V&V) is 40-50% of total software activities.

Objective: Develop technology and process to satisfy software safety objectives and robustness while reducing errors and decreasing cycle time. The range of scope begins with system requirements and ends with approved software.

Technology: Specification, architecture and design modeling, formal analysis, and automated test generation. Impact: • Increased confidence in software requirements • Early error detection • Enable analysis and testing to be performed earlier in the lifecycle • Use of powerful technology in a user friendly package

19 GlobalFooter Research appears here 19 Date appears here © 2015, General Electric Company Our Approach Based on DO-178C & supplements DO-333 (FM) & DO-331 (MBD) Team Structure • GE Research • GE Aviation − Chief Engineers Office (CEO) − Product Line Engineers and Management − Certification Team − Tools Organization • Academia • Government Agencies

Execution Plan • Develop Technology & Tools • Pilot with Product Teams • Transition Process & Best Practices Through CEO • Transition Technology Through Tools Organization

Specification Modeling • Human & machine readable Requirements Acceptance Engineering Test • Acceptable to product teams • Analyzable with formal techniques • Aligned with DO-178C, DO-331 (MBD) System System Design Test Formal Validation & Verification High Level • Model checking, theorem proving, static analysis Integrated Software Test • Aligned with DO-178C, DO-333 (FM) Architecture • Automated requirements analysis • Reduce dependency on manual reviews & testing Detailed Unit • Requires formal specification model Software Test Design Automated test case generation & execution • Generate test cases from specification & design models Code • Apply to design models & code • Aligned with DO-178C, DO-331 (MBD) • Reduce dependency on manual test case generation and execution • Requires specification model

Develop & refine formal specification models early – leverage them throughout process

21 GlobalFooter Research appears here 21 Date appears here © 2015, General Electric Company Our Research Areas 1) Specification Modeling & Analysis 2) Automated Test Case Generation 3) Design Model Extraction from Legacy Software 4) Compositional Verification of Software/Systems 5) Formal Modeling and Analysis of Multi-Time Scale Systems 6) Architectural and Functional Synthesis 7) Composition and Verification of Autonomous Systems

2 1 5 3 6 7 4

Specification Modeling, Capture & Analysis Automated Test Generation for Specification and Design Models Modeling & Formal Analysis for Software

Modeling & Analysis for Real Time Scheduling

Business Programs Pilots: Flight Management, Common Core Computing, Engine Control, Remote IO Unit

Tool Transition: Specification Model Capture & Analysis, Auto Test Generation External Programs

NASA Fault Modeling & Analysis Program (Soteria)

EU Hybrid Systems Compositional Verification Program (UnCoVerCPS)

• Critical infrastructure systems dependency on software for reliability and efficiency continues to grow. • Continue to build team, program & tool portfolio • Transition capability to business unit teams • Demonstrate practical formal methods on programs with measurable benefits • Extend capability from software to systems • Extend application focus beyond aerospace