In this course you will be introduced to best practices for the application of formal methods, a set of mathematically rigourous techniques for the formal specification, validation, and verification of safety- and security-critical cyberphysical systems, of which aircraft and spacecraft are the prime example. We will explore the tools, techniques, and applications of formal methods, focusing on the aerospace domain.
We will examine the latest research to gain an understanding of the current state of the art, including the capabilities and limitations of applying formal methods for systems analysis. Students will leave with a better understanding of real-world system specification, design, and verification, including why the FAA specifically calls out formal methods in certification requirements such as DO-178B, DO-178C, and DO-254, and why modern security teams from DARPA to AWS require formal methods for cloud security.
This course is intended to be a fun, interactive introduction to applying
formal analysis in the context of real-world systems. Hands-on learning, through the use of software tools
in homeworks and projects, will be emphasized. We will learn the real tools used at NASA, Boeing, Rockwell Collins, Honeywell, Airbus, Amazon, and others. Students from all
areas of aerospace engineering, electrical and computer engineering, computer science,
cybersecurity, mathematics, and other engineering disciplines, are
encouraged to enroll.
The prerequisite is mathematical maturity: Calculus II plus familiarity with discrete mathematics (or ability to learn them quickly from review material made available in the course). This prerequisite take the form of a disjunction; one of the following is required: AERE 361, COMS 311, or permission of the instructor.
You may either install these tools on your local machine or run them on ISU's remote linux servers. The tools can be run via a remote desktop connection (e.g., ssh -Y -X) to linuxremote1.engineering.iastate.edu thru linuxremote5.engineering.iastate.edu. There are also two aerospace linux servers that tend to have more free cycles: linuxremote-1.aere.iastate.edu and linuxremote-2.aere.iastate.edu. You must be on-campus or connected to the VPN from off-campus to reach these systems. For example, 'spin' and 'ispin' run from the command line. These applications are installed in /opt/Spin. All of the examples, documentation, etc. can be found there. PVS and nuXmv are also available on the linux remote servers.
Final Project: (in lieu of final exam)
Optional git classroom link:
Project Midterm Report:
11/19 (or 11/14) Give short mid-term presentations on this day!
Friday Progress Reports Due:
11/8, 11/15, 11/22, 11/29 (optional), 12/6
During exam period (9:45am-11:45am on Thursday, 12/19)
Homework 0 (Review of Version Control and LaTeX primer): distributed 8/26 from
Homework 1 (Propositional Logic Review): distributed 8/29 from
- There is an appendix with additional definitions here.
Homework 2 (Temporal Logic): distributed 9/5 from
Homework 3: distributed 9/17 from
Homework 4: distributed 10/3. Submit
Homework 5: distributed 10/10. Submit
Homework 6: distributed 10/17. Submit
Choice of research paper for presention due via email: 10/22
Professor evaluation form for in-class presentations is available HERE
Student evaluation form for in-class presentations is available HERE
Here is some great advice on How to Give a Good Research Presentation.
Here is some great advice on How to Read a Paper.
Paper Presentation Schedule:
Each presentation should be approximately 30 minutes, including time for questions.
|10/29|| Midterm Examination|
|10/31|| Guest Lecture: Dr. Yogananda Jeppu, Honeywell, India |
|11/5|| Evan & Zachary |
|11/7|| Spencer & Yen-Chen |
|11/12|| Kate & Esther |
|11/14||Midterm project report presentations|
|11/19||Midterm project report presentations|
|11/21|| Guest Lecture: Dr. Borzoo Bonakdarpour, ISU |
|12/3|| Ben |
|12/5|| Matt & Megan |
|12/10||Final project report presentations|
|12/12||Final project report presentations|
Homework 0 due 8/29
Homework 1 due 9/5
Homework 2 due 9/17
Homework 3 due 10/3
Homework 4 due 10/10
Homework 5 due 10/17
Homework 6 due 10/24
Choice of research paper for in-class presentation due 10/22
Use this for:
Be cautious that:
- good background on LTL: well-formed formulas, semantics, encoding English sentences, expressivity, normal forms, relationship to automata
- reactive system properties: safety, liveness, fairness
- specification and modeling of real systems
- deciding the truth of a temporal formula; related proof techniques including explicit model checking
- thorough chapter on Spin, including how to run it from the command line and a good Promela tutorial
- review of classical and propositional logic
- extensions including synthesizing software from specifications
- LTL is instead called PTL in this book; that is non-standard
- LTL2BA is not the best tool; SPOT is far superior now: https://spot.lrde.epita.fr/
- URLs provided are outdated (no longer active or superseded by the state of the art)
- Spin chapter refers to outdated xspin (though only briefly)
Use this for:
Be cautious that:
- supplemental material on temporal logics (LTL, CTL, CTL*)
- background on automata as system models
- review of explicit and symbolic model checking
- reachability, safety, liveness, deadlock-freeness, fairness
- overview of modeling abstraction methods
- out-of-date chapters on SPIN and SMV still have useful reviews of basic tool usage
- ideas for related formal methods, including timed automata models, additional tools
- This book is extremely out of date!
- LTL is the proper name for Linear Temporal Logic (book calls it PLTL)
- comparisons of LTL vs CTL/CTL* have been changed/been disproved
- SMV version described is no longer available; current tool is nuXmv
- Spin version described has been updated (xspin vs ispin)