Efficient generation of counterexamples and witnesses in symbolic model checking
DAC '95 Proceedings of the 32nd annual ACM/IEEE Design Automation Conference
RuleBase: an industry-oriented formal verification tool
DAC '96 Proceedings of the 33rd annual Design Automation Conference
Symbolic Model Checking
Characterizing Correctness Properties of Parallel Programs Using Fixpoints
Proceedings of the 7th Colloquium on Automata, Languages and Programming
A Tutorial on Stålmarcks's Proof Procedure for Propositional Logic
FMCAD '98 Proceedings of the Second International Conference on Formal Methods in Computer-Aided Design
Symbolic Model Checking without BDDs
TACAS '99 Proceedings of the 5th International Conference on Tools and Algorithms for Construction and Analysis of Systems
Design and Synthesis of Synchronization Skeletons Using Branching-Time Temporal Logic
Logic of Programs, Workshop
Model-based variable and transition orderings for efficient symbolic model checking
FM'06 Proceedings of the 14th international conference on Formal Methods
Optimising ordering strategies for symbolic model checking of railway interlockings
ISoLA'12 Proceedings of the 5th international conference on Leveraging Applications of Formal Methods, Verification and Validation: applications and case studies - Volume Part II
| Hi-index | 0.00 |
Stålmarck's proof procedure is a method of tautology checking that has been used to verify railway interlocking software. Recently, it has been proposed [SS98] that the method has potential to increase the capacity of formal verification tools for hardware. In this paper, we examine this potential in light of an experiment in the opposite direction: the application of symbolic model checking to railway interlocking software previously verified with Stålmarck's method. We show that these railway systems share important characteristics which distinguish them from most hardware designs, and that these differences raise some doubts about the applicability of Stålmarck's method to hardware verification.