The suspension footbridges are very flexible due to their geometrical structure; hence they may face severe vibration problems induced mainly by natural forces and pedestrians crossing. By exceeding a certain limit, these vibrations can disturb the serviceability of the bridge as well as health and safety of the structure and pedestrians. Therefore, standard design guidelines are sets of recomm...

Proof-carrying code is a framework for the mechanical verification of safety properties of machine language programs, but the problem arises of quis custodiat ipsos custodes—who will verify the verifier itself? Foundational proof-carrying code is verification from the smallest possible set of axioms, using the simplest possible verifier and the smallest possible runtime system. I will describe ...

In the Java Virtual Machine, the byte-code verifier checks low-level security properties that ensure that the downloaded code cannot bypass the virtual machine’s security mechanisms. One of the statically ensured properties is type safety. The type-inference phase is the overwhelming resource-consuming part of the verification process. This paper addresses the RAM bottleneck met while verifying...

To minimize the dangers of such systems, special development standards and processes have been designed for use in safety-critical applications. The established standard in automotive electronics is IEC61508. This is a generic safety standard that requires the defi nition of more detailed standards for specifi c industries and projects. Software engineering studies have shown that the RTCA DO-1...

Automated translation, or code generation, of a formal requirements model to production code can alleviate many of the problems associated with design and implementation. In this report we outline the requirements of such code generation to obtain a high level of conndence in the correctness of the translation process. We then describe a translator for a state-based modeling language called RSM...

Virtual Machine authors face a difficult choice between low performance, cheap interpreters, or specialized and costly compilers. A method able to bridge this wide gap is the existing code-copying technique that reuses chunks of the VM’s binary code to create a simple JIT. This technique is not reliable without a compiler guaranteeing that copied chunks are still functionally equivalent despite...

Although formal requirements specifications can provide a complete and consistent description of a safetycritical software system, designing and developing production quality code from high-level specifications can be a time-consuming and error-prone process. Automated translation, or code generation, of the specification to production code can alleviate many of the problems associated with des...

Code-coverage-based testing is a widely-used testing strategy with the aim of providing a meaningful decision criterion for the adequacy of a test suite. Code-coverage-based testing is also used for the development of safety-critical applications, as the modified condition/decision coverage (MCDC) is proposed by the DO178b document. One critical issue of code-coverage testing is that they are t...

This report summarizes the results of a feasibility study into the applicability of automated certification technology to auto-generated code, and presents a preliminary design for a software safety certification plug-in (working title, AUTOCERT) to the MathWorks RealTime Workshop (RTW) automated code generator. The proposed tool is an adaptation of a pattern-based annotation inference technolo...