Software engineering with formal methods: The development of a storm surge barrier control system - revisiting seven myths of formal methods

Jan Tretmans; Klaas Wijbrans; Michel Chaudron

doi:10.1023/A:1011236117591

Software engineering with formal methods: The development of a storm surge barrier control system - revisiting seven myths of formal methods

Jan Tretmans, Klaas Wijbrans, Michel Chaudron

Research output: Contribution to journal › Article › Academic › peer-review

24 Citations (Scopus)

72 Downloads (Pure)

Abstract

This paper discusses the use of formal methods in the development of the control system for the Maeslant Kering. The Maeslant Kering is the movable dam which has to protect Rotterdam from floodings while, at (almost) the same time, not restricting ship traffic to the port of Rotterdam. The control system, called BOS, completely autonomously decides about closing and opening of the barrier and, when necessary, also performs these tasks without human intervention. BOS is a safety-critical software system of the highest Safety Integrity Level according to IEC 61508. One of the reliability increasing techniques used during its development is formal methods. This paper reports experiences obtained from using formal methods in the development of BOS. These experiences are presented in the context of Hall's famous “Seven Myths of Formal Methods”.

Original language	English
Pages (from-to)	195-215
Number of pages	21
Journal	Formal methods in system design
Volume	19
Issue number	2
DOIs	https://doi.org/10.1023/A:1011236117591
Publication status	Published - 2001

Keywords

FMT-IA: INDUSTRIAL APPLICATION OF FORMAL METHODS
Industrial application of formal methods

Access to Document

10.1023/A:1011236117591

Cite this

@article{b432e49bafbd441db4f5eb7bbea11d81,

title = "Software engineering with formal methods: The development of a storm surge barrier control system - revisiting seven myths of formal methods",

abstract = "This paper discusses the use of formal methods in the development of the control system for the Maeslant Kering. The Maeslant Kering is the movable dam which has to protect Rotterdam from floodings while, at (almost) the same time, not restricting ship traffic to the port of Rotterdam. The control system, called BOS, completely autonomously decides about closing and opening of the barrier and, when necessary, also performs these tasks without human intervention. BOS is a safety-critical software system of the highest Safety Integrity Level according to IEC 61508. One of the reliability increasing techniques used during its development is formal methods. This paper reports experiences obtained from using formal methods in the development of BOS. These experiences are presented in the context of Hall's famous “Seven Myths of Formal Methods”.",

keywords = "FMT-IA: INDUSTRIAL APPLICATION OF FORMAL METHODS, Industrial application of formal methods",

author = "Jan Tretmans and Klaas Wijbrans and Michel Chaudron",

year = "2001",

doi = "10.1023/A:1011236117591",

language = "English",

volume = "19",

pages = "195--215",

journal = "Formal methods in system design",

issn = "0925-9856",

publisher = "Springer Netherlands",

number = "2",

}

TY - JOUR

T1 - Software engineering with formal methods

T2 - The development of a storm surge barrier control system - revisiting seven myths of formal methods

AU - Tretmans, Jan

AU - Wijbrans, Klaas

AU - Chaudron, Michel

PY - 2001

Y1 - 2001

N2 - This paper discusses the use of formal methods in the development of the control system for the Maeslant Kering. The Maeslant Kering is the movable dam which has to protect Rotterdam from floodings while, at (almost) the same time, not restricting ship traffic to the port of Rotterdam. The control system, called BOS, completely autonomously decides about closing and opening of the barrier and, when necessary, also performs these tasks without human intervention. BOS is a safety-critical software system of the highest Safety Integrity Level according to IEC 61508. One of the reliability increasing techniques used during its development is formal methods. This paper reports experiences obtained from using formal methods in the development of BOS. These experiences are presented in the context of Hall's famous “Seven Myths of Formal Methods”.

AB - This paper discusses the use of formal methods in the development of the control system for the Maeslant Kering. The Maeslant Kering is the movable dam which has to protect Rotterdam from floodings while, at (almost) the same time, not restricting ship traffic to the port of Rotterdam. The control system, called BOS, completely autonomously decides about closing and opening of the barrier and, when necessary, also performs these tasks without human intervention. BOS is a safety-critical software system of the highest Safety Integrity Level according to IEC 61508. One of the reliability increasing techniques used during its development is formal methods. This paper reports experiences obtained from using formal methods in the development of BOS. These experiences are presented in the context of Hall's famous “Seven Myths of Formal Methods”.

KW - FMT-IA: INDUSTRIAL APPLICATION OF FORMAL METHODS

KW - Industrial application of formal methods

U2 - 10.1023/A:1011236117591

DO - 10.1023/A:1011236117591

M3 - Article

SN - 0925-9856

VL - 19

SP - 195

EP - 215

JO - Formal methods in system design

JF - Formal methods in system design

IS - 2

ER -

Software engineering with formal methods: The development of a storm surge barrier control system - revisiting seven myths of formal methods

Abstract

Keywords

Access to Document

Fingerprint

Cite this