Model-checking in dense real-time
Information and Computation - Special issue: selections from 1990 IEEE symposium on logic in computer science
Theoretical Computer Science
Model checking
Using deductive cause-consequence analysis (DCCA) with SCADE
SAFECOMP'07 Proceedings of the 26th international conference on Computer Safety, Reliability, and Security
Minimal cut sequence generation for state/event fault trees
Proceedings of the 2013 Middleware Doctoral Symposium
Observations on formal safety analysis in practice
Science of Computer Programming
Hi-index | 0.00 |
We report on a comparative study on formal verification of two level crossing controllers that were developed using SCADE by a rail automation manufacturer. Deductive Cause-Consequence Analysis of Ortmeier et al. is applied for formal safety analysis and in addition, safety requirements are proven. Even with these medium size industrial case studies we observed intense complexity problems that could not be overcome by employing different heuristics like abstraction and compositional verification. In particular, we failed to prove a crucial liveness property within the SCADE framework stating that an unsafe state will not be persistent. We finally succeeded to prove this property by combining abstraction and model transformation from SCADE to UPPAAL timed automata. In addition, we found that the modeling style has a significant impact on the complexity of the verification task.