Information-flow and data-flow analysis of while-programs
ACM Transactions on Programming Languages and Systems (TOPLAS)
The annotated Ada reference manual
The annotated Ada reference manual
The Z notation: a reference manual
The Z notation: a reference manual
Z in practice
CADiZ : an architecture for Z tools and its implementation
Software—Practice & Experience
Combining static worst-case timing analysis and program proof
Real-Time Systems
Using Z: specification, refinement, and proof
Using Z: specification, refinement, and proof
The way of Z: practical programming with formal methods
The way of Z: practical programming with formal methods
Applications of Formal Methods
Applications of Formal Methods
FME '96 Proceedings of the Third International Symposium of Formal Methods Europe on Industrial Benefit and Advances in Formal Methods
FME '97 Proceedings of the 4th International Symposium of Formal Methods Europe on Industrial Applications and Strengthened Foundations of Formal Methods
Breaking Through the V and V Bottleneck
Proceedings of the Second International Eurospace - Ada-Europe Symposium on Ada in Europe
More Powerful Z Data Refinement: Pushing the State of the Art in Industrial Refinement
ZUM '98 Proceedings of the 11th International Conference of Z Users on The Z Formal Specification Notation
On the Refinement and Simulation of Data Types and Processes
IFM '99 Proceedings of the 1st International Conference on Integrated Formal Methods
Re-engeneering a Safety-Critical Application Using SPARK 95 and GNORT
Ada-Europe '99 Proceedings of the 1999 Ada-Europe International Conference on Reliable Software Technologies
What Does Industry Need From Formal Specification Techniques?
WIFT '98 Proceedings of the Second IEEE Workshop on Industrial Strength Formal Specification Techniques
A search-based automated test-data generation framework for safety-critical systems
Systems engineering for business process change
| Hi-index | 0.00 |
This paper describes the use of formal development methods on an industrial safety-critical application. The Z notation was used for documenting the system specification and part of the design, and the SPARK subset of Ada was used for coding. However, perhaps the most distinctive nature of the project lies in the amount of proof which was carried out: proofs were carried out both at the Z level -- approximately 150 proofs in 500 pages--and at the SPARK code level--approximately 9000 verification conditions generated and discharged. The project was carried out under UK Interim Defence Standards 00-55 and 00-56, which require the use of formal methods on safety-critical applications. It is believed to be the first to be completed against the rigorous demands of the 1991 version of these standards. The paper includes a comparison of proof with the various types of testing employed, in terms of their efficiency at finding faults. The most striking result is that the Z proof was substantially more efficient at finding faults than the most efficient testing phase. Given the importance of early fault detection, this helps to demonstrate the significant benefit and practicality of large-scale proof on projects of this kind.