Model checking
Efficient Detection of Vacuity in Temporal Model Checking
Formal Methods in System Design - Special issue on CAV '97
Synchronous Observers and the Verification of Reactive Systems
AMAST '93 Proceedings of the Third International Conference on Methodology and Software Technology: Algebraic Methodology and Software Technology
Checking Safety Properties Using Induction and a SAT-Solver
FMCAD '00 Proceedings of the Third International Conference on Formal Methods in Computer-Aided Design
Symbolic Model Checking without BDDs
TACAS '99 Proceedings of the 5th International Conference on Tools and Algorithms for Construction and Analysis of Systems
Design and Synthesis of Synchronization Skeletons Using Branching-Time Temporal Logic
Logic of Programs, Workshop
Logic in Computer Science: Modelling and Reasoning about Systems
Logic in Computer Science: Modelling and Reasoning about Systems
Formal safety analysis in industrial practice
FMICS'11 Proceedings of the 16th international conference on Formal methods for industrial critical systems
Designing safe, reliable systems using scade
ISoLA'04 Proceedings of the First international conference on Leveraging Applications of Formal Methods
Using deductive cause-consequence analysis (DCCA) with SCADE
SAFECOMP'07 Proceedings of the 26th international conference on Computer Safety, Reliability, and Security
Hi-index | 0.00 |
We report on the application of formal verification in the safety analysis of two level crossing controllers that were industrially designed using Scade Suite. Although the theoretical grounds for formalizing safety analysis have been developed in recent years, we faced numerous and intense complexity problems even with these medium-sized industrial case studies. The complexity problems constricted formal verification and even remained after employing different heuristics based on abstraction and introducing environmental models. In addition, we found that the modeling style has a significant impact on the complexity of the verification tasks. We finally succeeded to formally classify all relevant fault combinations as either critical or uncritical by identifying a crucial, design-specific liveness property.