We present VeriPhy, a verified pipeline which automatically transforms verified high-level
models of safety-critical cyber-physical systems (CPSs) in differential dynamic logic (dL) to …

Most modern safety-critical control programs, such as those embedded in fly-by-wire control
systems, perform a lot of floating-point computations. The well-known pitfalls of IEEE 754 …

A set of validated numerical integration methods based on explicit and implicit Runge-Kutta
schemes is presented to solve, in a guaranteed way, initial value problems of ordinary …

Many industrial cyber-physical system (CPS) designs are too complex to formally verify
system-level properties. A practical approach for testing and debugging these system …

Complex software systems are becoming increasingly prevalent in aerospace applications:
in particular, to accomplish critical tasks. Ensuring the safety of these systems is crucial, as …

Software implementations of controllers for physical subsystems form the core of many
modern safety-critical systems such as aircraft flight control and automotive engine control. A …

This article describes an approach to documenting control programs, whereby the control
program code is annotated with logical expressions describing the set of reachable program …

This invited lecture is a survey of our work over the last 12 years or so, dealing with the
precise analysis of numerical programs, essentially control programs such as the ones …

Hybrid dynamical systems describe the mixed discrete dynamics and continuous dynamics
of cyber-physical systems such as aircraft, cars, trains, and robots. To justify correctness …

We report on our recent experience in applying formal methods to the verification of a
descent guidance control program of a lunar lander. The powered descent process of the …