Tales from the Front: Industrial Experience with Formal Validation

A gas turbine engine of a gas-coupled type suited for driving a vehicle has auxiliary devices such as an air conditioning compressor and a generator driven by the gas generator turbine. To facilitate acceleration of the gas generator and thus acceleration of the vehicle from idling or low power condition, these auxiliary devices are temporarily declutched from the engine during such acceleration.

[1]  W. J. Kubitz,et al.  Biting the silver bullet: toward a brighter future for system development , 1992 .

[2]  Doron A. Peled,et al.  Using partial-order methods in the formal validation of industrial concurrent programs , 1996, ISSTA '96.

[3]  Gerard J. Holzmann,et al.  Proving the value of formal methods , 1994, FORTE.

[4]  Bran Selic,et al.  Real-time object-oriented modeling , 1994, Wiley professional computing.

[5]  Mark G. Staskauskas,et al.  Formal validation of virtual finite state machines , 1995, Proceedings of 1995 IEEE Workshop on Industrial-Strength Formal Specification Techniques.

[6]  Doron A. Peled,et al.  Verification of distributed programs using representative interleaving sequences , 1992, Distributed Computing.

[7]  Raymond R. Devillers,et al.  Partial-order Methods for the Veriication of Concurrent Systems an Approach to the State-explosion Problem Th Ese Pr Esent Ee Par , 1995 .

[8]  Gerard J. Holzmann,et al.  An improved protocol reachability analysis technique , 1988, Softw. Pract. Exp..

[9]  F. Wagner VFSM executable specification , 1992, CompEuro 1992 Proceedings Computer Systems and Software Engineering.

[10]  Gerard J. Holzmann,et al.  The Theory and Practice of A Formal Method: NewCoRe , 1994, IFIP Congress.

[11]  A. Pnueli,et al.  STATEMATE: a working environment for the development of complex reactive systems , 1988, [1988] Proceedings. The Third Israel Conference on Computer Systems and Software Engineering.