Abstract.
This paper describes the lessons we learned over a thirteen year period while helping to develop the shutdown systems for the nuclear generating station at Darlington, Ontario, Canada. We begin with a brief description of the project and then show how we modified processes and notations developed in the academic community so that they are acceptable for use in industry. We highlight some of the topics that proved to be particularly challenging and that would benefit from more in-depth study without the pressure of project deadlines.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsReferences
Saiedian, H. (ed.): An invitation to formal methods. IEEE Computer, 16–30 (April 1996)
Heninger, K.L.: Specifying software requirements for complex systems: New techniques and their applications. IEEE Transactions on Software Engineering 6, 2–13 (1980)
Heitmeyer, C., Kirby, J., Labaw, B., Bharadwaj, R.: SCR*: A toolset for specifying and analyzing software requirements. In: Y. Vardi, M. (ed.) CAV 1998. LNCS, vol. 1427, pp. 526–531. Springer, Heidelberg (1998)
Parnas, D.L.: Software design. In: Hoffman, D., Weiss, D. (eds.) Software Fundamentals: Collected Papers by David L. Parnas, pp. 137–142. Addison-Wesley, Reading (2001)
Archinoff, G.H., Hohendorf, R.J., Wassyng, A., Quigley, B., Borsch, M.R.: Verification of the shutdown system software at the Darlington nuclear generating station. In: International Conference on Control and Instrumentation in Nuclear Installations, Glasgow, UK, The Institution of Nuclear Engineers (1990)
Parnas, D.: On the criteria to be used in decomposing systems into modules. Communications of the ACM 15, 1053–1058 (1972)
Joannou, P., et al.: Standard for Software Engineering of Safety Critical Software. CANDU Computer Systems Engineering Centre of Excellence Standard CE-1001- STD Rev. 1 (1995)
McDougall, J., Lee, J.: Procedure for the Software Design Description for Safety Critical Software. CANDU Computer Systems Engineering Centre of Excellence Procedure CE-1002-PROC Rev. 1 (1995)
Moum, G.: Procedure for the Systematic Design Verification of Safety Critical Software. CANDU Computer Systems Engineering Centre of Excellence Procedure CE-1003-PROC Rev. 1 (1997)
Wassyng, A.: Darlington NGD Shutdown System Trip Computer Software Redesign Project, SDS1, Trip Computer Design Requirements Procedure. Technical Report NK38-MAN-68200-003, Rev. 04, Ontario Hydro (2001)
Wassyng, A.: Darlington NGD Shutdown System Trip Computer Software Redesign Project, SDS1, Trip Computer Design Description Procedure. Technical Report NK38-MAN-68200-001, Rev. 03, Ontario Hydro (2001)
Mills, H.D.: Stepwise refinement and verification in box-structured systems. Computer 21, 23–36 (1988)
Janicki, R., Parnas, D.L., Zucker, J.: Tabular representations in relational documents. In: Brink, C., Kahl, W., Schmidt, G. (eds.) Relational Methods in Computer Science, pp. 184–196. Springer, New York (1997)
Parnas, D.L., Madey, J.: Functional documents for computer systems. Science of Computer Programming 25, 41–61 (1995)
Lawford, M., McDougall, J., Froebel, P., Moum, G.: Practical application of functional and relational methods for the specification and verification of safety critical software. In: Rus, T. (ed.) AMAST 2000. LNCS, vol. 1816, pp. 73–88. Springer, Heidelberg (2000)
Viola, M.: Ontario Hydro’s experience with new methods for engineering safety critical software. In: SAFECOMP 1995: The 14th International Conference on Computer Safety, Reliability and Security, Belgirate, Italy, pp. 283–298. Springer, Heidelberg (1995)
Owre, S., Rushby, J., Shankar, N., von Henke, F.: Formal verification for faulttolerant architectures: Prolegomena to the design of PVS. IEEE Transactions on Software Engineering 21, 107–125 (1995)
Lawford, M., Froebel, P., Moum, G.: Application of tabular methods to the specification and verification of a nuclear reactor shutdown system. Accepted for publication in (May 2002) (to appear), http://www.cas.mcmaster.ca/~lawford/papers/
Knight, J.C., Hanks, K.S., Travis, S.R.: Tool support for production use of formal techniques. In: 12th International Symposium on Software Reliability Engineering (ISSRE 2001), Hong Kong, China. IEEE Computer Society, Los Alamitos (2001)
Heitmeyer, C., Kirby Jr., J., Labaw, B., Archer, M., Bharadwaj, R.: Using abstraction and model checking to detect safety violations in requirements specifications. IEEE Transactions on Software Engineering 24, 927–948 (1998)
Crow, J., Di Vito, B.L.: Formalizing Space Shuttle software requirements: Four case studies. ACM Transactions on Software Engineering and Methodology 7, 296–332 (1998)
Hall, A., Chapman, R.: Correctness by construction: Developing a commercial secure system. IEEE Software, 18–25 (January/February 2002)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2003 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Wassyng, A., Lawford, M. (2003). Lessons Learned from a Successful Implementation of Formal Methods in an Industrial Project. In: Araki, K., Gnesi, S., Mandrioli, D. (eds) FME 2003: Formal Methods. FME 2003. Lecture Notes in Computer Science, vol 2805. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-45236-2_9
Download citation
DOI: https://doi.org/10.1007/978-3-540-45236-2_9
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-40828-4
Online ISBN: 978-3-540-45236-2
eBook Packages: Springer Book Archive