Proving Safety in Railway Signalling Algorithms
A case study on the application of model checking to the control software of a new signalling protocol, focusing on guaranteeing deadlock-free operation.
In-depth analyses and updates on formal verification and embedded software safety.
A case study on the application of model checking to the control software of a new signalling protocol, focusing on guaranteeing deadlock-free operation.
The process of translating embedded C-code into formal specifications in TLA+ for bridge control systems, and the challenges of tooling integration.
A comparison of methods for detecting race conditions and memory leaks in real-time control software, with quantitative results.
How we built a pipeline that automatically deduces invariants from ANSI-C code, reducing verification time for a module by 40%.
Answers to key questions about our SIL-4 certified verification of embedded software.
Formal verification is a mathematical method to prove the correctness of software. Instead of testing, we statically analyze the source code and logically prove that the program meets its specifications under all possible circumstances.
SIL-4 is the highest safety level according to standards such as IEC 61508 and EN 50128. It is required for systems where a failure could have catastrophic consequences, such as railway signals or bridge controls. Our verification methods are designed to meet these stringent requirements.
Our services are essential for safety-critical control software in the railway sector (signals, level crossings), infrastructure (bridges, locks), medical equipment, and industrial automation where reliability is absolutely required.
Traditional testing checks a limited number of scenarios. Formal verification analyzes the complete state space of the program. It provides a mathematical guarantee of correctness, not statistical confidence based on samples.
We specialize in verifying embedded code written in C, C++, and Ada, commonly used in real-time operating systems. Our tools analyze the code, including pointer arithmetic and concurrency.
The lead time depends on the complexity and size of the codebase. A typical project for a critical control algorithm ranges from a few weeks to several months. Please contact us for a detailed custom quote.
Formal verification is a mathematical method to prove the correctness of software. For embedded systems, such as in railway signals, we statically analyze the source code and use logical models to guarantee that the program functions exactly according to specification under all possible circumstances, without errors.
SIL-4 is the highest safety level according to standards such as IEC 61508. It means the probability of a dangerous failure of the control system must be extremely low (< 10⁻⁸ per hour). Our verification methods provide the evidence required to achieve this level for critical control algorithms.
We focus on safety-critical embedded systems where human lives are at stake. Typical applications are control software for railway signals, bridge operations, medical equipment, and industrial safety systems (e.g., emergency stop systems).
Traditional testing checks a limited number of scenarios. Formal verification, in contrast, mathematically analyzes *all* possible execution paths of the software. It proves the absence of entire classes of errors (such as race conditions, deadlocks) that often remain undetected through testing.
Our tools are specialized in languages common in embedded safety-critical domains, primarily C and Ada. We also support analysis of model-based code generated from tools such as Simulink/Stateflow, which is widely used for control algorithms.
The lead time is highly dependent on the complexity and size of the codebase. For a critical control algorithm of average complexity, the process, including specification analysis, verification, and reporting, can take several weeks to several months.