Symbolic model checking: 1020 states and beyond
Information and Computation - Special issue: Selections from 1990 IEEE symposium on logic in computer science
Formal Verification for Fault-Tolerant Architectures: Prolegomena to the Design of PVS
IEEE Transactions on Software Engineering
Proceedings of the 17th Conference on Foundations of Software Technology and Theoretical Computer Science
SCR*: A Toolset for Specifying and Analyzing Software Requirements
CAV '98 Proceedings of the 10th International Conference on Computer Aided Verification
AMAST '00 Proceedings of the 8th International Conference on Algebraic Methodology and Software Technology
Software tools for safety-critical software development
International Journal on Software Tools for Technology Transfer (STTT) - A View from Formal Methods 2003 (pp 301-354); Special Section on Recent Advances in Hardware Verification (pp 355-447)
CAV'07 Proceedings of the 19th international conference on Computer aided verification
Structured Assurance Case Methodology for Assessing Software Trustworthiness
SSIRI-C '10 Proceedings of the 2010 Fourth International Conference on Secure Software Integration and Reliability Improvement Companion
A tabular expression toolbox for matlab/simulink
NFM'11 Proceedings of the Third international conference on NASA Formal methods
Software certification: is there a case against safety cases?
FOCS'10 Proceedings of the 16th Monterey conference on Foundations of computer software: modeling, development, and verification of adaptive systems
Hi-index | 0.00 |
The computer controlled shutdown systems for the Nuclear Power Generating Station at Darlington, Canada, have been subject to licensing scrutinization on a number of occasions. After the first licence was approved in 1990, the licensee, Ontario Hydro, was given a number of years by the regulator to redesign the shutdown systems so that they would be more maintainable. This paper briefly describes the original certification process, lessons learned, and the subsequent development and certification of the shutdown systems. The development, internal certification processes and the regulator's certification process are briefly described. Although twenty years has elapsed since this work started, and there are new analysis techniques and tools that could be applied today, the original process itself has withstood the test of time extraordinarily well. This paper describes principles that explain why it was so successful, and how we can develop more modern approaches from this experience.