Utah State University DigitalCommons@USU All Graduate Theses and Dissertations Graduate Studies 5-2007 A Formal Approach to Specifying and Verifying Spacecraft Behavior Allan I.S. McInnes Utah State University Follow this and additional works at: https://digitalcommons.usu.edu/etd Part of the Electrical and Computer Engineering Commons Recommended Citation McInnes, Allan I.S., "A Formal Approach to Specifying and Verifying Spacecraft Behavior" (2007). All Graduate Theses and Dissertations. 268. https://digitalcommons.usu.edu/etd/268 This Dissertation is brought to you for free and open access by the Graduate Studies at DigitalCommons@USU. It has been accepted for inclusion in All Graduate Theses and Dissertations by an authorized administrator of DigitalCommons@USU. For more information, please contact [email protected]. A FORMAL APPROACH TO SPECIFYING AND VERIFYING SPACECRAFT BEHAVIOR by Allan I. S. McInnes A dissertation submitted in partial fulfillment of the requirements for the degree of DOCTOR OF PHILOSOPHY in Electrical Engineering Approved: Dr. Charles M. Swenson Dr. Gardiner S. Stiles Major Professor Committee Member Dr. YangQuan Chen Dr. Rees R. Fullmer Committee Member Committee Member Dr. Brandom Eames Dr. Byron R. Burnham Committee Member Dean of Graduate Studies UTAH STATE UNIVERSITY Logan, Utah 2007 ii Copyright c Allan I. S. McInnes 2007 All Rights Reserved iii Abstract A Formal Approach to Specifying and Verifying Spacecraft Behavior by Allan I. S. McInnes, Doctor of Philosophy Utah State University, 2007 Major Professor: Dr. Charles M. Swenson Department: Electrical and Computer Engineering Process algebra can provide spacecraft designers with a mathematical formalism for specifying, understanding, analyzing, and verifying spacecraft system behavior. Although it is standard practice to mathematically model and analyze the subsystems of a spacecraft to ensure that they will function correctly when built, the system-level behavior of the spacecraft is generally understood in much less rigorous terms. This leaves the spacecraft system vulnerable to design errors which may not become apparent until the integration and test phase, when design changes are most expensive. In this dissertation, we develop a formal approach to engineering spacecraft behavior, based on mathematical models of behavior expressed using the process algebra Communicating Sequential Processes. This new approach to spacecraft behavior is intended to help spacecraft systems engineers to model and analyze proposed spacecraft system designs in a rigorous manner, and to detect subtle specification and design errors earlier in the design process than the errors would otherwise be found. (309 pages) iv To Mum and Dad. They've always believed I could do it, whatever the it was. v Acknowledgments Completing this dissertation has been a far more difficult, and yet rewarding, experience than I ever imagined it would be when I first set out to obtain a Ph.D. It's safe to say that I wouldn't have even come close to reaching that goal without the support and encouragement of a lot of different people (and several coffee-houses). First and foremost, I'd like to thank my advisor, Dr. Charles Swenson, for getting me started on this path in the first place, and for keeping me on it once I was there. Chuck has been willing to let me pursue my own wild ideas on spacecraft systems engineering (giving me enough rope to hang myself with?), for which I'm very grateful. The other members of my committee have also been an invaluable part of my graduate experience. Dr. Dyke Stiles introduced me to CSP, fielded my many questions on the finer points of CSP semantics, proof-read early drafts of some of the chapters contained herein, and helped to introduce me to the wider CSP community. This dissertation obviously could not exist without him. Dr. Brandon Eames has been a great collaborator (co-conspirator?), over the past year or so. I've enjoyed our wide-ranging discussions on modeling languages, embedded systems, and the joys of programming in Mozart/Oz. Dr. Rees Fullmer has been as much a friend as a committee member, and always good for an interesting conversation, or a discussion of the importance of coffee. Dr. YangQuan Chen has provided ongoing encouragement for me to finish my degree: I can't count the number of times I've run into Dr. Chen in the corridor, and had him express surprise that I was still there. I'd also like to thank Dr. Kevin Moore and Dr. Annette Bunker, both former members of my committee, for their influence on my graduate career. My Ph.D. studies from August 2003 through August 2006 were generously supported through a Space Dynamics Laboratory Tomorrow Ph.D. Fellowship. I am extremely grateful to SDL for awarding me the fellowship, and wish to extend special thanks to Dr. Steve Hansen and Dr. Pat Patterson for taking a continuing interest in my work and personal well-being. vi My friends around USU, Aroh, Dave, Todd, Mike, Mary, Justin, Laurie, Cynthia, Megan, and Jeff K, somehow managed to make Logan a fun place to be. I wish more of you could have stayed in Logan the whole 3 years I was there. But I'm thankful for every moment that you were around. Erin gave me endless moral support and encouragement through the majority of my work on this dissertation. I'm sorry that she wasn't able to see this through to the end with me, but grateful for the support she gave me. In Logan, Caffe Ibis was my home away from home. In Boulder, the cast and crew of the Folsom St. Coffee Co. have probably started to wonder if I'm bolted to the floor. Thanks to the staff and regulars at both coffee-houses. It's funny how Leland and I always seem to end up working on graduate degrees at the same time. I'm not sure why that happens. The important thing was that we both went through this at the same time, and could lean on each other when we needed to. Or just have a long-winded conversation about some esoteric aspect of software engineering, if that was more what we needed. Last, but by no means least, I want to thank Mum and Dad. For everything. You brought me into this world, made me who I am, and have supported me through everything I've ever done, or tried to do. I know just how lucky I am, and I'm eternally grateful that you are my parents. Thank you. Allan McInnes vii Contents Page Abstract ::::::::::::::::::::::::::::::::::::::::::::::::::::::: iii Acknowledgments ::::::::::::::::::::::::::::::::::::::::::::::: v List of Tables ::::::::::::::::::::::::::::::::::::::::::::::::::: x List of Figures :::::::::::::::::::::::::::::::::::::::::::::::::: xi Notation ::::::::::::::::::::::::::::::::::::::::::::::::::::::: xiv Acronyms ::::::::::::::::::::::::::::::::::::::::::::::::::::::xviii 1 Introduction ::::::::::::::::::::::::::::::::::::::::::::::::: 1 1.1 Motivation....................................2 1.2 State of the Art..................................3 1.3 Approach.....................................5 1.4 Plan of the Dissertation.............................7 2 Related Work :::::::::::::::::::::::::::::::::::::::::::::::: 9 2.1 Formal Methods.................................9 2.2 CSP........................................ 10 2.2.1 Recent Research............................. 11 2.2.2 Practical Applications.......................... 13 2.3 Formalizing Aspects of Spacecraft Behavior.................. 14 2.3.1 CSP.................................... 15 2.3.2 Promela/Spin ............................... 16 2.3.3 Other Formalisms............................ 17 2.4 Summary..................................... 18 3 The Process Algebra CSP :::::::::::::::::::::::::::::::::::::: 19 3.1 CSP Notation................................... 20 3.1.1 Events................................... 21 3.1.2 Prefixing and Recursion......................... 21 3.1.3 Parallel Composition........................... 22 3.1.4 Alternative Composition......................... 25 3.1.5 Channels................................. 26 3.1.6 Sequential Composition......................... 28 3.1.7 Hiding................................... 29 3.1.8 Scoping.................................. 30 3.2 CSP Theory.................................... 31 3.2.1 Denotational Models........................... 31 viii 3.2.2 Algebraic Laws.............................. 38 3.2.3 Operational Semantics.......................... 41 3.3 Specification and Verification with CSP.................... 43 3.3.1 Predicate Satisfaction.......................... 44 3.3.2 Process Refinement............................ 45 4 Specifying Spacecraft System Behavior ::::::::::::::::::::::::::: 47 4.1 Required Functions................................ 48 4.1.1 Defining Function............................ 48 4.1.2 Function vs. Behavior.......................... 50 4.1.3 Lifting Function to Behavior...................... 51 4.2 Components of Spacecraft Behavior...................... 56 4.2.1 Event Sequences............................. 56 4.2.2 State Transition Systems........................ 57 4.2.3 Event-Triggered Behaviors........................ 60 4.2.4 Defining Other Types of Behavior................... 61 4.3 Specifying Composite Spacecraft Behavior................... 63 4.3.1 Shared States............................... 64 4.3.2 Constraints................................ 70 4.3.3 Composite Behavior Specifications................... 81 4.3.4 Checking Composite Behavior...................... 86 4.4 Summary..................................... 89 5 Modeling Spacecraft Subsystem Interactions ::::::::::::::::::::::: 90 5.1 A Motivating Example.............................