Formal methods tools can be used to detect and prevent errors so researchers assume that industry will use them. We are often frustrated when we see industrial projects where tools could have been used to detect or prevent errors in the final product. Researchers often fail to realize that there is a significant gap between aa potentially useful tool and its use in a standards compliant, commer...

Given a target probability of functional failure on demand for a system, a corresponding dangerous failure rate for the system can be derived, provided that a proof-test interval for the function is known. IEC 61508, and related standards, requires that this calculation be performed, for certain kinds of systems that are required to provide safety functionality on demand. This paper explains wh...

Agile development is getting more and more used, also in the development of safety-critical software. For the sake of certification, it is necessary to comply with relevant standards – in this case IEC 61508 and EN 50128. In this paper we focus on two aspects of the need for configuration management and SafeScrum. First and foremost we need to adapt SafeScrum to the standards’ needs for configu...

This paper discusses the use of formal methods in the development of the control system for the Maeslant Kering. The Maeslant Kering is the movable dam which has to protect Rotterdam from floodings while, at (almost) the same time, not restricting ship traffic to the port of Rotterdam. The control system, called Bos, completely autonomously decides about closing and opening of the barrier and, ...

The IEC standards 61508/61511 require that reliability targets for safety instrumented functions are defined and verified. The reliability targets are given as one out of a possible four safety integrity levels. For each safety integrity level there are many design requirements, including requirements for the probability of failure on demand. Verification of the requirements for the probability...

Designers of dependable systems need to present assurance cases that support the claims made about the system’s dependability. Building this assurance case, incorporating different types of evidence and reasoning, can be daunting. In this paper we argue that, thanks to their flexibility and expressive capabilities, Bayesian Belief Networks are particularly suitable for building such assurance c...

Electronics continue to play an ever-increasing role in products whose operation is critical to the preservation of human life, whether on the factory floor, during your morning commute, in the operating theater or in a myriad other locations. Ensuring these products always operate in a “safe” manner and meet the stringent functional safety requirements of standards such as IEC 61508 or ISO 262...

Many systems used by the CERN accelerators and the technical infrastructure have to respect stringent requirements in terms of reliability, safety, availability and maintainability either for operation, security, or legal aspects such as the one required by French Regulatory Authority: the INB (Installations Nucléaires de Base ). The functional safety approach provides a structured method for a...