A realistic user interface is rigorously developed for the US Food and Drug Administration (FDA) Generic Patient Controlled Analgesia (GPCA) pump prototype. The GPCA pump prototype is intended as a realistic workbench for trialling development methods and techniques for improving the safety of such devices. A model-based approach based on the use of formal methods is illustrated and implemented...

Enzymes which hydrolyse ATP cause an exchange of 180 of labelled Pi in the presence of ADP. A theory for the evaluation of rate constants from an observation of the time dependence of the concentration of the various Pi species is presented. Application to the 180 exchange catalysed by myosin SI as observed by 31P-NMR shows excellent agreement with values o f the rate constants determined earlier.

This paper describes an experiment conducted to determine how effectively formal methods could be used to capture and validate the requirements of a typical embedded system. A model of the mode logic of a Flight Guidance System was specified in the RSML notation and translated into the NuSMV model checker and the PVS theorem prover. These tools were then used to verify several hundred propertie...

Several syntactic methods have been constructed to automate theorem proving in first-order logic. The positive (negative) hyper-resolution and the clause tableaux were combined in a single calculus called hyper tableaux in [1]. In this paper we propose a new calculus called hyperS tableaux which overcomes substantial drawbacks of hyper tableaux. Contrast to hyper tableaux, hyperS tableaux are e...

Properties like conndentiality, authentication and integrity are of increasing importance to communication protocols. Hence the development of formal methods for the veriication of security protocols. This paper proposes to represent the veriication of security properties as a (deductive or model-based) logical AI planning problem. The key intuition is that security attacks can be seen as plans...

A controversial issue in the formal methods community is the degree to which mathematical sophistication and theorem proving skills should be needed to apply a formal method and its support tools. This paper describes the SCR (Software Cost Reduction) tools, part of a \practical" formal method|a method with a solid mathematical foundation that software developers can apply without theorem provi...

Mechanization makes it feasible to calculate properties of formally speciied systems. This ability creates new opportunities for using formal methods as an exploratory tool in system design. Achieving enough eeciency to make this practical raises challenging problems in automated deduction. These challenges can be met only by approaches that integrate consideration of its mechanization into the...

A controversial issue in the formal methods community is the degree to which mathematical sophistication and theorem proving skills should be needed to apply a formal method and its support tools. This paper describes the SCR (Software Cost Reduction) tools, part of a \practical" formal method|a method with a solid mathematical foundation that software developers can apply without theorem provi...

As digital designs grow evermore complex and design cycles become ever shorter, traditional informal methods of design veriication are proving inadequate. Design teams are increasingly turning to formal techniques to address this \veriication crunch". The theorem prover, with its emphasis on establishing correctness, is arguably the dream design veriication tool; however, theorem provers are ra...

In Software Abstractions Daniel Jackson introduces an approach tosoftware design that draws on traditional formal methods but exploits automated tools to find flawsas early as possible. This approach--which Jackson calls "lightweight formal methods" or"agile modeling"--takes from formal specification the idea of a precise and expressivenotation based on a tiny core of simple and robust concepts...