[SystemSafety] systemsafety Digest, Vol 63, Issue 25
Roderick Chapman
roderick.chapman at googlemail.com
Mon Oct 30 12:32:35 CET 2017
On 30/10/2017 11:00, systemsafety-request at lists.techfak.uni-bielefeld.de
wrote:
> I think the discussion in this list illustrates the fact that FM (as
> normally defined) is not a panacea.
> It can be used for assuring correct implementation of functionality, but
> is not so good for other key features of real time embedded systems, e.g.
>
> - meeting timing requirements
> - meeting other resource constraints (like stack limits)
> - correctness of data
I think you're definition of "FM" is too narrow. OK - we go on alot
about formal verification of functional correctness of software, but
to take on two of your examples above:
For timing, we have WCET analysis (with tools from the likes of Rapita and
AbsInt), schedulability analysis, and real-time architectures like
Time-Triggered
Architecture.
For resources, we adopt a programming style that permits static worst-case
analysis of memory, including stack usage, using tools like GNATStack.
I consider both of these to be "formal methods", just in different
problem domains...
- Rod
More information about the systemsafety
mailing list