Modeling and proving functional completeness in formal verification of counting heads

The demand for safety of electronic devices is high. Especially in safety-critical systems, e.g. electronic railway interlocking systems, safety is an important issue. Nowadays these systems are tested and simulated with a manually created set of test cases. But testing is a very cost-intensive procedure and can never reach a complete coverage for large designs. Hence, an efficient way to formally verify these systems is required. In this paper we present a formal verification flow, including the modeling, for counting heads (CHs) for railways, a real-time system that is used in most electronic railway interlocking systems from SIEMENS. 1 The approach shown here is based on SystemC, a powerful system description language. In this way efficient modeling and simulation-based verification of railway components and systems becomes possible. For the formal verification part bounded model checking algorithms are applied, i.e. a set of properties is formally proven to be correct. Additionally the completeness of this set is formally and efficiently determined.