Formal Methods for Industrial Critical Systems
About: Formal Methods for Industrial Critical Systems is an academic conference. The conference publishes majorly in the area(s): Model checking & Formal methods. Over the lifetime, 296 publications have been published by the conference receiving 5250 citations.
Papers published on a yearly basis
01 Jun 2005
TL;DR: An overview of the main ideas behind JML, details about JML’s wide range of tools, and a glimpse into existing applications of JML are given.
Abstract: The Java Modeling Language (JML) can be used to specify the detailed design of Java classes and interfaces by adding annotations to Java source files. The aim of JML is to provide a specification language that is easy to use for Java programmers and that is supported by a wide range of tools for specification typechecking, runtime debugging, static analysis, and verification.This paper gives an overview of the main ideas behind JML, details about JML’s wide range of tools, and a glimpse into existing applications of JML.
••01 Mar 2003
TL;DR: The logic is an extension of the alternation-free µ-calculus with ACTL-like action formulas and PDL- like regular expressions, allowing a concise and intuitive description of safety, liveness, and fairness properties over labeled transition systems.
Abstract: Model-checking is a successful technique for automatically verifying concurrent finite-state systems. When designing a model-checker, a good compromise must be made between the expressive power of the property description formalism, the complexity of the model-checking problem, and the user-friendliness of the interface. We present a temporal logic and an associated model-checking method that attempt to fulfill these criteria. The logic is an extension of the alternation-free µ-calculus with ACTL-like action formulas and PDL-like regular expressions, allowing a concise and intuitive description of safety, liveness, and fairness properties over labeled transition systems. The model-checking method is based upon a succinct translation of the verification problem into a boolean equation system, which is solved by means of an efficient local algorithm having a good average complexity. The algorithm also allows to generate full diagnostic information (examples and counterexamples) for temporal formulas. This method is at the heart of the EVALUATOR 3.0 model-checker that we implemented within the CADP toolbox using the generic OPEN/CAESAR environment for on-the-fly verification.
••01 Dec 2002
TL;DR: An ecient translation of liveness checking problems into safety checking problems is described, which handles fairness and thus extends to full LTL.
Abstract: Temporal logic is widely used for specifying hardware and software systems. Typically two types of properties are distinguished, safety and liveness properties. While safety can easily be checked by reachability analysis, and many ecient checkers for safety properties exist, more sophisticated algorithms have always been considered to be necessary for checking liveness. In this paper we describe an ecient translation of liveness checking problems into safety checking problems. A counter example is detected by saving a previously visited state in an additional state recording component and checking a loop closing condition. The approach handles fairness and thus extends to full LTL.
••04 Nov 2009
TL;DR: The IEEE 754 standard, the FLUCTUAT tool, the types of codes to be analyzed and the analysis methodology, together with code examples and analysis results are presented.
Abstract: Most modern safety-critical control programs, such as those embedded in fly-by-wire control systems, perform a lot of floating-point computations. The well-known pitfalls of IEEE 754 arithmetic make stability and accuracy analyses a requirement for this type of software. This need is traditionally addressed through a combination of testing and sophisticated intellectual analyses, but such a process is both costly and error-prone. FLUCTUAT is a static analyzer developed by CEA-LIST for studying the propagation of rounding errors in C programs. After a long time research collaboration with CEA-LIST on this tool, Airbus is now willing to use FLUCTUAT industrially, in order to automate part of the accuracy analyses of some control programs. In this paper, we present the IEEE 754 standard, the FLUCTUAT tool, the types of codes to be analyzed and the analysis methodology, together with code examples and analysis results.
••01 Mar 2003
TL;DR: This paper defines the language of mode-automata and its semantics, gives some ideas on the compilation process, illustrates the approach with the example of the production cell, and comment on the benefits of the approach, in general.
Abstract: Over the past ten years, the family of synchronous languages (Special Section of the Proc. IEEE 79 (9) (1991)) has been very successful in offering domain-specific, formally defined languages and programming environments for safety-critical systems. Among them, Lustre is well-suited for the development of regulation systems, which are first designed by control engineers, and can then be programmed as block-diagrams. Automatic generation of C code provides the embedded software.The success of Lustre showed that it is a good idea to offer domain-specific languages and constructs to reduce the gap between the first design of a system (for instance a control law) and the program written for it. When the structure of the first design has to be encoded into the available constructs of a general-purpose programming language, the interesting information is likely to be lost somewhere on the way from the original design to the actual implementation. This may have consequences on the efficiency of the code produced, or even on the correctness of the design.Working with the systems Lustre is well-suited for, we observed that they are often specified informally using the notion of running modes. However, there seemed to exist no language in which the mode-structure of a complex system could be expressed directly. Following the approach of domain-specific languages, we proposed to extend Lustre with a new construct, called mode-automaton, devoted to the description of these running modes of regulation systems.In this paper, we define the language of mode-automata and its semantics, give some ideas on the compilation process, illustrate the approach with the example of the production cell, and comment on the benefits of the approach, in general.