Trading-off is a familiar element in requirements practice, but it generally assumes a set of independent requirements competing for resources. Choosing a tram route depends inste...
This paper describes the formalisation of Java thread synchronisation in an extended Owicki-Gries theory, which facilitates the proof of safety and progress properties of multi-th...
Fault Tree Analysis (FTA) is a traditional deductive safety analysis technique that is applied during the system design stage. However, traditional FTA does not consider transitio...
We present a programming technique for implementing type safe covariance in C++. In a sense, we implement most of Bruce’s matching approach to the covariance dilemma in C++. The...
The method of Invisible Invariants was developed originally in order to verify safety properties of parameterized systems fully automatically. Roughly speaking, the method is based...
Yi Fang, Nir Piterman, Amir Pnueli, Lenore D. Zuck