Model Checking Techniques Applied to Satellite Operational Mode Management

Satellites are nowadays complex systems and can be considered as components of larger mission-level systems of systems. The increasing complexity of space mission objectives is actually complicating the requirement engineering process. It is generally understood that space system engineers should translate system-level requirements (elaborated in natural language) into verifiable models, which can expose the design issues before the satellite manufacturing phase. This paper shows how the verification of complex system requirements can be performed via model checking. More specifically, a methodology is proposed which exploits the flexibility provided by the calculus of communicating systems to model complex system concurrent parts and their mutual interactions for verifying analytically their correctness, completeness, and consistency as prescribed by the system requirements. The proposed methodology is applied to the verification of a real satellite operational mode management specification. An abstraction reduction technique based on the selective mu-calculus logic is used to address the computational issues in model checking. It allows capturing and analyzing the parts of a satellite involved in the verification of a specific set of its system-level properties.