Technical Insights

In-depth analyses and updates on formal verification and embedded software safety.

Formal Verification SIL-4 Level Embedded Systems Static Analysis
Thom Lijn 15 May 2024 12 comments

Proving Safety in Railway Signalling Algorithms

A case study on the application of model checking to the control software of a new signalling protocol, focusing on guaranteeing deadlock-free operation.

Frequently Asked Questions about Formal Verification

Answers to key questions about our SIL-4 certified verification of embedded software.

What is formal software verification?

Formal verification is a mathematical method to prove the correctness of software. Instead of testing, we statically analyze the source code and logically prove that the program meets its specifications under all possible circumstances.

What does Safety Integrity Level 4 (SIL-4) mean?

SIL-4 is the highest safety level according to standards such as IEC 61508 and EN 50128. It is required for systems where a failure could have catastrophic consequences, such as railway signals or bridge controls. Our verification methods are designed to meet these stringent requirements.

For which embedded systems is this relevant?

Our services are essential for safety-critical control software in the railway sector (signals, level crossings), infrastructure (bridges, locks), medical equipment, and industrial automation where reliability is absolutely required.

How does this differ from traditional testing?

Traditional testing checks a limited number of scenarios. Formal verification analyzes the complete state space of the program. It provides a mathematical guarantee of correctness, not statistical confidence based on samples.

Which programming languages do you support?

We specialize in verifying embedded code written in C, C++, and Ada, commonly used in real-time operating systems. Our tools analyze the code, including pointer arithmetic and concurrency.

What is the lead time for a verification project?

The lead time depends on the complexity and size of the codebase. A typical project for a critical control algorithm ranges from a few weeks to several months. Please contact us for a detailed custom quote.

What is formal verification of embedded software?

Formal verification is a mathematical method to prove the correctness of software. For embedded systems, such as in railway signals, we statically analyze the source code and use logical models to guarantee that the program functions exactly according to specification under all possible circumstances, without errors.

What does Safety Integrity Level (SIL) 4 mean?

SIL-4 is the highest safety level according to standards such as IEC 61508. It means the probability of a dangerous failure of the control system must be extremely low (< 10⁻⁸ per hour). Our verification methods provide the evidence required to achieve this level for critical control algorithms.

For which types of systems is your service intended?

We focus on safety-critical embedded systems where human lives are at stake. Typical applications are control software for railway signals, bridge operations, medical equipment, and industrial safety systems (e.g., emergency stop systems).

How does formal verification differ from traditional testing?

Traditional testing checks a limited number of scenarios. Formal verification, in contrast, mathematically analyzes *all* possible execution paths of the software. It proves the absence of entire classes of errors (such as race conditions, deadlocks) that often remain undetected through testing.

Which programming languages do you support for analysis?

Our tools are specialized in languages common in embedded safety-critical domains, primarily C and Ada. We also support analysis of model-based code generated from tools such as Simulink/Stateflow, which is widely used for control algorithms.

What is the typical lead time for a verification project?

The lead time is highly dependent on the complexity and size of the codebase. For a critical control algorithm of average complexity, the process, including specification analysis, verification, and reporting, can take several weeks to several months.

Cookie Preference

This website uses cookies to improve the user experience and ensure functionality. By continuing, you consent to the use of these cookies. You can manage your preferences at any time.

🌐 Language
NL EN