Kind 2 is an open-source, multi-engine, SMT-based model checker for safety properties of
finite-and infinite-state synchronous reactive systems. It takes as input models written in an …

Satisfiability Modulo Theories (SMT) is the problem of deciding the satisfiability of a first-
order formula with respect to some theory or combination of theories; Verification Modulo …

Contract-based software development has long been a leading methodology for the
construction of component-based reactive systems, embedded systems in particular …

Writing requirements is no easy task. Common problems include ambiguity in statements,
specifications at the wrong level of abstraction, statements with inconsistent references to …

SAFETY-CRITICAL software systems are part of our daily life and any error in these systems
can result in catastrophic consequences, with the worst-case scenario being loss of human …

Abstract Model checking invariant properties of designs, represented as transition systems,
with non-linear real arithmetic (NRA), is an important though very hard problem. On the one …

In this paper we detail our effort to formalize and prove requirements for the Quad-redundant
Flight Control System (QFCS) within NASA's Transport Class Model (TCM). We use a …

Novel methods for safety validation of autonomous vehicles are needed in order to enable a
successful release of self-driving cars to the public. Decomposition of safety validation is one …

Writing clear and unambiguous requirements that are conflict-free and complete is no easy
task. Incorrect requirements lead to errors being introduced early in the design process. The …

Exhaustive testing of complex and autonomous systems is intractable and cost prohibitive;
however, design analysis techniques such as formal methods and design methodologies …