Cost effectiveness of formal methods in the development of avionics systems at Aerospatiale

Aerospatiale has been using formal methods since the early 80´s to develop part of the embedded systems, and more specifically most of the avionics systems. During the last two decades, such an approach has demonstrated significant cost savings. This paper presents some aspects of this approach and focuses more precisely on the way it has helped in reducing embedded system development and maintenance costs. This first section of this paper is devoted to a general description of the overall context and it gives some elements of history. Basically this section is focused on the tool SCADE and its predecessors (SAO) which implements the main, though not only, formal method used at Aerospatiale. The second section summarizes the benefits Aerospatiale has found in using SAO first, and now SCADE, and constitutes an attempt to synthesize the properties and characteristics that make a formal method efficient (at Aerospatiale). The third section summarizes some aspects of formal methods, which have not been extensively used yet but which are likely to induce extra cost reduction, namely proof techniques. As a conclusion it is recalled that formal methods have been demonstrated to be cost effective at Aerospatiale, especially SAO and now SCADE. In addition same extra cost saving is expected, thanks to the industrial maturity of proof techniques