Verification of correctness of control programs is an essential task in the development of space electronics; it is difficult and typically outweighs design and programming tasks in terms of development hours. This article presents a verification approach designed to help spacecraft engineers reduce the effort required for formal verification of low-level control programs executed on custom hardware. The verification approach is demonstrated on an industrial case study. We present a REDuced instruction set for Fixed-point and INteger arithmetic (REDFIN), a processing core used in space missions, and its formal semantics expressed using the proposed metalanguage for state transformers, followed by examples of verification of simple control programs.

中文翻译：

---

航天器控制程序的正式验证

验证控制程序的正确性是空间电子学发展的一项基本任务；就开发时间而言，这很困难并且通常超过设计和编程任务。本文介绍了一种验证方法，旨在帮助航天器工程师减少正式验证在定制硬件上执行的低级控制程序所需的工作量。验证方法在工业案例研究中得到证明。我们提出了一个用于定点和整数算术 (REDFIN) 的精简指令集，这是一种用于太空任务的处理核心，以及使用所提出的状态转换器元语言表达的形式语义，然后是简单控制程序的验证示例。