The practice of formal methods in safety-critical systems

Abstract By describing several industrial-scale applications of formal methods, we demonstrate that formal methods for software development and safety analysis are being increasingly adopted in the safety-critical systems sector. The benefits and limitations of formal methods are described, and the problems in developing software for safety-critical systems are analyzed.

[1]  John A. McDermid,et al.  Software fault trees and weakest preconditions: a comparison and analysis , 1993, Softw. Eng. J..

[2]  John A. McDermid,et al.  An integrated tool set for software safety analysis , 1993, J. Syst. Softw..

[3]  M. Gordon HOL: A Proof Generating System for Higher-Order Logic , 1988 .

[4]  Michael W. Godfrey,et al.  VDM '91 Formal Software Development Methods , 1991, Lecture Notes in Computer Science.

[5]  Stephen Bear Structuring for the VDM Specification Language , 1988, VDM Europe.

[6]  Dan Craigen,et al.  An International Survey of Industrial Applications of Formal Methods , 1992, Z User Workshop.

[7]  N. Dellsie,et al.  A formal specification of an oscilloscope , 1990, IEEE Software.

[8]  J. Michael Spivey,et al.  Understanding Z : A specification language and its formal semantics , 1985, Cambridge tracts in theoretical computer science.

[9]  Bev Littlewood,et al.  The Need for Evidence from Disparate Sources to Evaluate Software Safety , 1993 .

[10]  David R. Brownbridge Using Z to Develop a CASE Toolset , 1989, Z User Workshop.

[11]  Matthew K. O. Lee,et al.  The B-Method , 1991, VDM Europe.

[12]  Chris Higgins,et al.  SAM—A Tool to Support the Construction, Review and Evolution of Safety Arguments , 1993 .

[13]  Bishop C. Brock,et al.  Report on the formal specification and partial verification of the VIPER microprocessor , 1991, COMPASS '91, Proceedings of the Sixth Annual Conference on Computer Assurance.

[14]  C. A. R. Hoare,et al.  Communicating sequential processes , 1978, CACM.

[15]  Søren Prehn,et al.  From VDM to RAISE , 1987, VDM Europe.

[16]  W. J. Cullyer,et al.  Application of formal methods to the VIPER microprocessor , 1987 .

[17]  Stuart Anderson,et al.  Validating Safety Models with Fault Trees , 1993, SAFECOMP.

[18]  Jonathan P. Bowen,et al.  Safety-critical systems, formal methods and standards , 1993, Softw. Eng. J..

[19]  Victor R. Basili,et al.  Software Engineering Laboratory (SEL) cleanroom process model , 1991 .

[20]  Shaoying Liu A formal requirements specification method based on data flow analysis , 1993, J. Syst. Softw..

[21]  Cliff B. Jones,et al.  Systematic software development using VDM , 1986, Prentice Hall International Series in Computer Science.

[22]  Avra Cohn,et al.  A Proof of Correctness of the Viper Microprocessor: The First Level , 1988 .

[23]  Harlan D. Mills,et al.  A case study in cleanroom software engineering: the IBM COBOL Structuring Facility , 1988, Proceedings COMPSAC 88: The Twelfth Annual International Computer Software & Applications Conference.

[24]  James F. Dray,et al.  Formal specification and verification of control software for cryptographic equipment , 1990, [1990] Proceedings of the Sixth Annual Computer Security Applications Conference.

[25]  Martha E. Haykin,et al.  Smart Card Technology: New Methods for Computer Access Control , 1988 .

[26]  Michael Dyer The Cleanroom Approach to Quality Software Development , 1992, Int. CMG Conference.

[27]  Hans Toetenel,et al.  VDM'91 Formal Software Development Methods , 1991, Lecture Notes in Computer Science.

[28]  Steve King Z and the Refinement Calculus , 1990, VDM Europe.

[29]  A. Cohn The notion of proof in hardware verification , 1989 .

[30]  Eld Zierau,et al.  Experience from Applications of RAISE , 1993, FME.

[31]  C. Hennebert,et al.  SACEM software validation , 1990, [1990] Proceedings. 12th International Conference on Software Engineering.

[32]  Steve King,et al.  CICS Project Report: Experiences and Results from the use of Z in IBM , 1991, VDM Europe.

[33]  P. Robinson,et al.  The development of high reliability software-RRA's experience for safety critical systems , 1988 .

[34]  Nancy G. Leveson,et al.  Analyzing Software Safety , 1983, IEEE Transactions on Software Engineering.

[35]  Peter A. Lindsay,et al.  mural: A Formal Development Support System , 1991, Springer London.

[36]  David Garlan,et al.  Formal Specifications as Reusable Frameworks , 1990, VDM Europe.

[37]  B. P. Collins,et al.  Introducing formal methods, the CICS experience , 1989 .