Skip to Main Content
Various well-established techniques exist for functional safety analysis of safety-critical avionics systems. Most of these techniques are based on informal models and due to this, analysis is often subjective and success is dependent on the skill of the practitioner. Various standards like DO-178B, IEC 61508 etc. that provide guidelines to perform safety analysis also propose formal verification methods as one of the techniques for functional safety analysis. This technique is based on formal models of the system under development and can be applied on requirements, design and code to get assurance of the respective artifact satisfying a wide variety of functional requirements. In this paper, we present a case study of applying formal verification methods for doing safety analysis of requirements of a generic aircraft flight control system. Flight control system is broadly specified in two parts: mode transition logic part specifies which mode the system is in and represents the function performed by the flight control system. In each mode, certain control laws are executed to implement the various flight control functions. We used a particular technique in formal verification namely that of model checking for analysis. The mode transition logic of a generic auto pilot was modeled and verified using three different open source model checking tools-SPIN, NuSMV and SAL.