The paper suggests a method for formal proof of safety for railway software systems which include... more The paper suggests a method for formal proof of safety for railway software systems which includes validation and verification stages and considers software and hardware as one integrated piece. The method is based on as experience of software correctness proof of railway devices as on the worldwide theory and practice for safety-critical systems. The method can do safety analysis of an arbitrary railway hardware-software complex, which has software size up to 10 KLOC. The method can be used to prove functional safety and information security.
In this paper there is an attempt to descript a logic basis and general way to design safe and de... more In this paper there is an attempt to descript a logic basis and general way to design safe and dependable systems. The notion ‘diverse axiomatic bases’ had been introduced. It is shown that the safe and dependable software and hardware development, which is based on diverse axiomatic bases, allow formalizing terms of diversity and common cause failure. Examples are given of such diverse axiomatic bases and ways how to use for proof of correctness for microprocessor systems. Finally, it is argued that possible important advantages, both theoretical and practical, which may follow from these topics.
Software features of microprocessor railway systems have been considered in a context of their af... more Software features of microprocessor railway systems have been considered in a context of their affect to a development and veri-fication of safety-critical systems. A list of considered features: distributed systems of hardware and software, 24/7 service, real-time systems, safe state, safety strategies, processing time work independence from any situation, redundancy systems, diversity, configura-tion, debugging and maintenance. Examples of using the features for the safety software development and verification have been included.
The verification properties of cyclic-executive real-time railway systems with formal methods hav... more The verification properties of cyclic-executive real-time railway systems with formal methods have been considered. It is shown that the proof of correctness separation into initialization and cyclic-executive phases allow to simplify the verification and provide an opportunity to use the model checking. The necessary conditions of proof with proof-theoretic approach has been formulated. Some ways of verification showed, which could check validation requirements and build a model based on the source code program.
The software verification methods for railway systems with formal methods have been considered. T... more The software verification methods for railway systems with formal methods have been considered. Those methods allow to reduce a complexity of the software proof for arbitrary computer appliances.
It is shown that a problem of creating a universal technique for the proof of correctness could be solved with the considered
methods. The methods are consecutive proof of properties which will be used at next verification steps, functional and object decomposition, predicate abstraction using, proof of start and loop processing, model verification.
Definition and formalization of safety function for software proof of correctness of microprocess... more Definition and formalization of safety function for software proof of correctness of microprocessor railway automation units has been considered. Are ways to select and search the safety function on the basis of terms of reference, limited resources, the strategy used to proof safety and general performance requirements of the system. It is shown that the definition of proving safety function affects both the ability to find bugs in software during verification, and the quality of system in general, in the case of functions in development.
The features of the software proof of correctness for multiprocessor railway systems on the examp... more The features of the software proof of correctness for multiprocessor railway systems on the example of remote control units 8Б and 16Б of the microprocessor railway signalling system "Iput" has been considered. Analysis of the experiences of the verification are proved possible to distinguish the category of safety functions for proof, determine the sequence of steps of the proof and to make criteria for assessing the amount of work for proof. It is shown that the determination of the invariant and the proof of it are necessary to avoid accumulation software errors.
Established the potential presence of the features for proof, which are difficult to formalize precisely before the proof of correctness take place, and the verification result must be checked by the end user, for showed instance, at the monitor diagnostic subsystem.
The verification method of assessing time parameters of microprocessor interface railway automati... more The verification method of assessing time parameters of microprocessor interface railway automation units and remote control de-vices by proving correctness basis with weakening conditions without logic checking has been proposed. It is shown that the method is fruitful when it use for strictly proved features of the system and can be used with minimal costs during the general proof of correctness. Results of the analysis of microelectronic railway devices using this approach has been published. It is shown that the verification of low-level software can assess the time specifications and can be quickly and efficiently carried out by using the provided method.
The verification results of the telecontrol unit 16-1 which is part of centralized dispatching co... more The verification results of the telecontrol unit 16-1 which is part of centralized dispatching control "Neman" are published. Veri-fication order and features are considered. It is shown that proof of correctness allows to find software bugs which are extremely diffi-cult to reveal by another methods.
The verification results of the the microprocessing light-optical LED railway mast traffic light ... more The verification results of the the microprocessing light-optical LED railway mast traffic light system are published. It is shown that proof of correctness is extremely difficult if the computer appliance has not been prepared to the verification. Testing of the emerging verification technique of developing safety and reliable software is performed.
The paper suggests a method for formal proof of safety for railway software systems which include... more The paper suggests a method for formal proof of safety for railway software systems which includes validation and verification stages and considers software and hardware as one integrated piece. The method is based on as experience of software correctness proof of railway devices as on the worldwide theory and practice for safety-critical systems. The method can do safety analysis of an arbitrary railway hardware-software complex, which has software size up to 10 KLOC. The method can be used to prove functional safety and information security.
In this paper there is an attempt to descript a logic basis and general way to design safe and de... more In this paper there is an attempt to descript a logic basis and general way to design safe and dependable systems. The notion ‘diverse axiomatic bases’ had been introduced. It is shown that the safe and dependable software and hardware development, which is based on diverse axiomatic bases, allow formalizing terms of diversity and common cause failure. Examples are given of such diverse axiomatic bases and ways how to use for proof of correctness for microprocessor systems. Finally, it is argued that possible important advantages, both theoretical and practical, which may follow from these topics.
Software features of microprocessor railway systems have been considered in a context of their af... more Software features of microprocessor railway systems have been considered in a context of their affect to a development and veri-fication of safety-critical systems. A list of considered features: distributed systems of hardware and software, 24/7 service, real-time systems, safe state, safety strategies, processing time work independence from any situation, redundancy systems, diversity, configura-tion, debugging and maintenance. Examples of using the features for the safety software development and verification have been included.
The verification properties of cyclic-executive real-time railway systems with formal methods hav... more The verification properties of cyclic-executive real-time railway systems with formal methods have been considered. It is shown that the proof of correctness separation into initialization and cyclic-executive phases allow to simplify the verification and provide an opportunity to use the model checking. The necessary conditions of proof with proof-theoretic approach has been formulated. Some ways of verification showed, which could check validation requirements and build a model based on the source code program.
The software verification methods for railway systems with formal methods have been considered. T... more The software verification methods for railway systems with formal methods have been considered. Those methods allow to reduce a complexity of the software proof for arbitrary computer appliances.
It is shown that a problem of creating a universal technique for the proof of correctness could be solved with the considered
methods. The methods are consecutive proof of properties which will be used at next verification steps, functional and object decomposition, predicate abstraction using, proof of start and loop processing, model verification.
Definition and formalization of safety function for software proof of correctness of microprocess... more Definition and formalization of safety function for software proof of correctness of microprocessor railway automation units has been considered. Are ways to select and search the safety function on the basis of terms of reference, limited resources, the strategy used to proof safety and general performance requirements of the system. It is shown that the definition of proving safety function affects both the ability to find bugs in software during verification, and the quality of system in general, in the case of functions in development.
The features of the software proof of correctness for multiprocessor railway systems on the examp... more The features of the software proof of correctness for multiprocessor railway systems on the example of remote control units 8Б and 16Б of the microprocessor railway signalling system "Iput" has been considered. Analysis of the experiences of the verification are proved possible to distinguish the category of safety functions for proof, determine the sequence of steps of the proof and to make criteria for assessing the amount of work for proof. It is shown that the determination of the invariant and the proof of it are necessary to avoid accumulation software errors.
Established the potential presence of the features for proof, which are difficult to formalize precisely before the proof of correctness take place, and the verification result must be checked by the end user, for showed instance, at the monitor diagnostic subsystem.
The verification method of assessing time parameters of microprocessor interface railway automati... more The verification method of assessing time parameters of microprocessor interface railway automation units and remote control de-vices by proving correctness basis with weakening conditions without logic checking has been proposed. It is shown that the method is fruitful when it use for strictly proved features of the system and can be used with minimal costs during the general proof of correctness. Results of the analysis of microelectronic railway devices using this approach has been published. It is shown that the verification of low-level software can assess the time specifications and can be quickly and efficiently carried out by using the provided method.
The verification results of the telecontrol unit 16-1 which is part of centralized dispatching co... more The verification results of the telecontrol unit 16-1 which is part of centralized dispatching control "Neman" are published. Veri-fication order and features are considered. It is shown that proof of correctness allows to find software bugs which are extremely diffi-cult to reveal by another methods.
The verification results of the the microprocessing light-optical LED railway mast traffic light ... more The verification results of the the microprocessing light-optical LED railway mast traffic light system are published. It is shown that proof of correctness is extremely difficult if the computer appliance has not been prepared to the verification. Testing of the emerging verification technique of developing safety and reliable software is performed.
Uploads
Examples of using the features for the safety software development and verification have been included.
It is shown that a problem of creating a universal technique for the proof of correctness could be solved with the considered
methods. The methods are consecutive proof of properties which will be used at next verification steps, functional and object decomposition, predicate abstraction using, proof of start and loop processing, model verification.
It is shown that the definition of proving safety function affects both the ability to find bugs in software during verification, and the quality of system in general, in the case of functions in development.
Established the potential presence of the features for proof, which are difficult to formalize precisely before the proof of correctness take place, and the verification result must be checked by the end user, for showed instance, at the monitor diagnostic subsystem.
Results of the analysis of microelectronic railway devices using this approach has been published. It is shown that the verification of low-level software can assess the time specifications and can be quickly and efficiently carried out by using the provided method.
Examples of using the features for the safety software development and verification have been included.
It is shown that a problem of creating a universal technique for the proof of correctness could be solved with the considered
methods. The methods are consecutive proof of properties which will be used at next verification steps, functional and object decomposition, predicate abstraction using, proof of start and loop processing, model verification.
It is shown that the definition of proving safety function affects both the ability to find bugs in software during verification, and the quality of system in general, in the case of functions in development.
Established the potential presence of the features for proof, which are difficult to formalize precisely before the proof of correctness take place, and the verification result must be checked by the end user, for showed instance, at the monitor diagnostic subsystem.
Results of the analysis of microelectronic railway devices using this approach has been published. It is shown that the verification of low-level software can assess the time specifications and can be quickly and efficiently carried out by using the provided method.