Ensuring the correctness of computer systems used in life-critical applications is very difficult. The most commonly used verification methods, simulation and testing, are not exhaustive and can miss errors. This work describes an alternative verification technique based on symbolic model checking that can automatically and exhaustively search the state space of the system and verify if properties are satisfied or not. The method also provides useful quantitative timing information about the behavior of the system. We have applied this technique using the VERUS tool to a complex safety-critical system designed to control railway stations. We have identified some anomalous behaviors in the model with serious potential consequences in the actual implementation. The fact that errors can be identified before a safety-critical system is deployed in the field not only eliminates potential sources of serious problems, but also makes it significantly less expensive to debug the system
Verification of a Safety-Critical Railway Interlocking System with Real-Time Constraints
Cimatti, Alessandro;Giunchiglia, Fausto
2000-01-01
Abstract
Ensuring the correctness of computer systems used in life-critical applications is very difficult. The most commonly used verification methods, simulation and testing, are not exhaustive and can miss errors. This work describes an alternative verification technique based on symbolic model checking that can automatically and exhaustively search the state space of the system and verify if properties are satisfied or not. The method also provides useful quantitative timing information about the behavior of the system. We have applied this technique using the VERUS tool to a complex safety-critical system designed to control railway stations. We have identified some anomalous behaviors in the model with serious potential consequences in the actual implementation. The fact that errors can be identified before a safety-critical system is deployed in the field not only eliminates potential sources of serious problems, but also makes it significantly less expensive to debug the systemI documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.