Model checking
Chaff: engineering an efficient SAT solver
Proceedings of the 38th annual Design Automation Conference
Alloy: a lightweight object modelling notation
ACM Transactions on Software Engineering and Methodology (TOSEM)
A Tutorial on Stålmarcks's Proof Procedure for Propositional Logic
FMCAD '98 Proceedings of the Second International Conference on Formal Methods in Computer-Aided Design
Towards an Integrated Model Checker for Railway Signalling Data
FME '02 Proceedings of the International Symposium of Formal Methods Europe on Formal Methods - Getting IT Right
SATO: An Efficient Propositional Prover
CADE-14 Proceedings of the 14th International Conference on Automated Deduction
The propositional formula checker HeerHugo
The propositional formula checker HeerHugo
Hi-index | 0.01 |
A suitable method supported by a toolset with a high degree of automation is a necessity for the successful employment of formal methods in industrial projects. The GTO toolset and method have been developed, and successfully applied, to formal methods in safety-critical control applications related to railway signalling since the mid 1990s. The toolset and method support the entire formal methods process from writing and validating formal specifications, through modelling of the implementation to formal verification and analysis of verification results. One goal the toolset and method was to make formal methods more competitive by streamlining the process so that - at least within an established application area - individual verification tasks could be done in an ''assembly line''-like fashion with minimum overhead. In line with this goal, the toolset is intended for use with configurable systems, where a generic specification is applicable to a family of systems and adapted to a specific system using configuration data. The functions carried out by the toolset include static checking and simulation of specifications, checking of configuration data, generation of implementation models from PLC program code or relay schematics, simulation of the implementation model, formal verification by refinement proof, and analysis of failed refinement proofs. Refinement proofs are automatically carried out by a satisfiability (SAT) solver of the user's choice, which is interfaced to the main tool. We will outline the method and functions of the toolset as well as the formal notation - a simple temporal predicate logic - used by the toolset.