Formal verification and validation is a fundamental step for the certification of railways critical systems. Many railways safety standards (e.g. the CENELEC EN-50126, EN-50128 and EN-50129 standards implement the mandatory safety requirements of IEC-61508-7 standard for Functional and Safety) currently mandate the use of formal methods in the design to certify correctness. In this paper we des...

ion Based Verification of a Parameterised Policy Controlled System Peter Ochsenschläger and Roland Rieke ? Fraunhofer Institute for Secure Information Technology SIT, Darmstadt, Germany {ochsenschlaeger,rieke}@sit.fraunhofer.de Abstract. Safety critical and business critical systems are usually controlled by policies with the objective to guarantee a variety of safety, liveness and security pro...

Safety-critical software systems call for effective analysis that ensures the correctness of the systems. HUME is a functional programming language, targeted at safety-critical systems, which supports such analysis for time and space, but does not support verification. This topic is explored by using an off-the-shelf design verification system called SPIN. The result is then empirically analysed.

We present Dsolve, a verification tool for OCaml. Dsolve automates verification by inferring “Liquid” refinement types that are expressive enough to verify a variety of complex safety properties.

Scalable and automatic formal verification for concurrent systems is always demanding, but yet to be developed. In this paper, we propose a verification framework to support automated compositional reasoning for concurrent programs with shared variables. Our framework models concurrent programs as succinct automata and supports the verification of multiple important properties. Safety verificat...

Certain important security policies such as information flow characterize system-wide behaviors and are not properties of individual executions. It is known that such security policies cannot be expressed in trace-based specification languages such as linear-time temporal logic (Ltl). However, formalisms such as hyperproperties and the associated logic HyperLTL allow us to specify such policies...

A barrier certificate is an inductive invariant function which can be used for the safety verification of a hybrid system. Safety verification based on barrier certificate has the benefit of avoiding explicit computation of the exact reachable set which is usually intractable for nonlinear hybrid systems. In this paper, we propose a new barrier certificate condition, called Exponential Conditio...

CIRCA is an architecture for real-time intelligent control. The CIRCA planner can generate plans that are guaranteed to maintain system safety, given certain timing constraints. To prove that its plans guarantee safety, CIRCA relies on formal verification methods. However, in many domains it is impossible to build 100% guaranteed safe plans, either because it requires more resources than availa...

This paper proposes an approach to the safety verification of the source code of a software-intensive system. This approach centers upon the production of a document intended to ensure the inspectability, maintainability and repeatability of the source code safety verification. This document, called a “safety verification case”, is intended to be a part of the overall system safety case. Althou...

An automotive operating system is a safety-critical system that has a critical impact on the safety of road vehicles. Safety verification is a must in each stage of software development in such a system, but most existing work focuses on specification-level or model-level safety verification. This work proposes a collaborative approach using model checking and testing for the efficient safety c...