{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,12]],"date-time":"2026-02-12T11:36:26Z","timestamp":1770896186034,"version":"3.50.1"},"publisher-location":"Cham","reference-count":23,"publisher":"Springer International Publishing","isbn-type":[{"value":"9783030349677","type":"print"},{"value":"9783030349684","type":"electronic"}],"license":[{"start":{"date-parts":[[2019,1,1]],"date-time":"2019-01-01T00:00:00Z","timestamp":1546300800000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2019]]},"DOI":"10.1007\/978-3-030-34968-4_23","type":"book-chapter","created":{"date-parts":[[2019,11,22]],"date-time":"2019-11-22T00:14:54Z","timestamp":1574381694000},"page":"418-436","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":15,"title":["Formal Verification of an Industrial Safety-Critical Traffic Tunnel Control System"],"prefix":"10.1007","author":[{"given":"Wytse","family":"Oortwijn","sequence":"first","affiliation":[]},{"given":"Marieke","family":"Huisman","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2019,11,22]]},"reference":[{"key":"23_CR1","doi-asserted-by":"publisher","unstructured":"Beers, R.: Pre-RTL formal verification: an intel experience. In: DAC, pp. 806\u2013811 (2008). \nhttps:\/\/doi.org\/10.1145\/1391469.1391675","DOI":"10.1145\/1391469.1391675"},{"key":"23_CR2","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"15","DOI":"10.1007\/978-3-319-19458-5_2","volume-title":"Formal Methods for Industrial Critical Systems","author":"A Blanchard","year":"2015","unstructured":"Blanchard, A., Kosmatov, N., Lemerre, M., Loulergue, F.: A case study on formal verification of the anaxagoros hypervisor paging system with Frama-C. In: N\u00fa\u00f1ez, M., G\u00fcdemann, M. (eds.) FMICS 2015. LNCS, vol. 9128, pp. 15\u201330. Springer, Cham (2015). \nhttps:\/\/doi.org\/10.1007\/978-3-319-19458-5_2"},{"key":"23_CR3","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"102","DOI":"10.1007\/978-3-319-66845-1_7","volume-title":"Integrated Formal Methods","author":"S Blom","year":"2017","unstructured":"Blom, S., Darabi, S., Huisman, M., Oortwijn, W.: The VerCors tool set: verification of parallel and concurrent software. In: Polikarpova, N., Schneider, S. (eds.) IFM 2017. LNCS, vol. 10510, pp. 102\u2013110. Springer, Cham (2017). \nhttps:\/\/doi.org\/10.1007\/978-3-319-66845-1_7"},{"key":"23_CR4","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"21","DOI":"10.1007\/978-3-030-17465-1_2","volume-title":"Tools and Algorithms for the Construction and Analysis of Systems","author":"O Bunte","year":"2019","unstructured":"Bunte, O., et al.: The mCRL2 toolset for analysing concurrent systems. In: Vojnar, T., Zhang, L. (eds.) TACAS 2019. LNCS, vol. 11428, pp. 21\u201339. Springer, Cham (2019). \nhttps:\/\/doi.org\/10.1007\/978-3-030-17465-1_2"},{"key":"23_CR5","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"3","DOI":"10.1007\/978-3-319-17524-9_1","volume-title":"NASA Formal Methods","author":"C Calcagno","year":"2015","unstructured":"Calcagno, C., et al.: Moving fast with software verification. In: Havelund, K., Holzmann, G., Joshi, R. (eds.) NFM 2015. LNCS, vol. 9058, pp. 3\u201311. Springer, Cham (2015). \nhttps:\/\/doi.org\/10.1007\/978-3-319-17524-9_1"},{"key":"23_CR6","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1007\/978-3-540-69850-0_1","volume-title":"25 Years of Model Checking","author":"EM Clarke","year":"2008","unstructured":"Clarke, E.M.: The birth of model checking. In: Grumberg, O., Veith, H. (eds.) 25 Years of Model Checking. LNCS, vol. 5000, pp. 1\u201326. Springer, Heidelberg (2008). \nhttps:\/\/doi.org\/10.1007\/978-3-540-69850-0_1"},{"key":"23_CR7","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"176","DOI":"10.1007\/978-3-030-03427-6_16","volume-title":"Leveraging Applications of Formal Methods, Verification and Validation. Industrial Practice","author":"DR Cok","year":"2018","unstructured":"Cok, D.R.: Java automated deductive verification in practice: lessons from industrial proof-based projects. In: Margaria, T., Steffen, B. (eds.) ISoLA 2018. LNCS, vol. 11247, pp. 176\u2013193. Springer, Cham (2018). \nhttps:\/\/doi.org\/10.1007\/978-3-030-03427-6_16"},{"issue":"5","key":"23_CR8","doi-asserted-by":"publisher","first-page":"397","DOI":"10.1007\/s10009-011-0211-0","volume":"13","author":"J Filli\u00e2tre","year":"2011","unstructured":"Filli\u00e2tre, J.: Deductive software verification. STTT 13(5), 397\u2013403 (2011). \nhttps:\/\/doi.org\/10.1007\/s10009-011-0211-0","journal-title":"STTT"},{"issue":"4","key":"23_CR9","doi-asserted-by":"publisher","first-page":"279","DOI":"10.1007\/s00446-015-0262-7","volume":"29","author":"R Glabbeek van","year":"2016","unstructured":"van Glabbeek, R., H\u00f6fner, P., Portmann, M., Tan, W.: Modelling and verifying the AODV routing protocol. Distrib. Comput. 29(4), 279\u2013315 (2016). \nhttps:\/\/doi.org\/10.1007\/s00446-015-0262-7","journal-title":"Distrib. Comput."},{"key":"23_CR10","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"273","DOI":"10.1007\/978-3-319-21690-4_16","volume-title":"Computer Aided Verification","author":"S Gouw de","year":"2015","unstructured":"de Gouw, S., Rot, J., de Boer, F.S., Bubel, R., H\u00e4hnle, R.: OpenJDK\u2019s Java.utils.Collection.sort() is broken: the good, the bad and the worst case. In: Kroening, D., P\u0103s\u0103reanu, C.S. (eds.) CAV 2015. LNCS, vol. 9206, pp. 273\u2013289. Springer, Cham (2015). \nhttps:\/\/doi.org\/10.1007\/978-3-319-21690-4_16"},{"key":"23_CR11","doi-asserted-by":"publisher","DOI":"10.7551\/mitpress\/9946.001.0001","volume-title":"Modeling and Analysis of Communicating Systems","author":"JF Groote","year":"2014","unstructured":"Groote, J.F., Mousavi, M.R.: Modeling and Analysis of Communicating Systems. MIT Press, Cambridge (2014)"},{"key":"23_CR12","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"607","DOI":"10.1007\/978-3-662-49674-9_40","volume-title":"Tools and Algorithms for the Construction and Analysis of Systems","author":"JF Groote","year":"2016","unstructured":"Groote, J.F., Wijs, A.: An $$O(m\\log n)$$ algorithm for stuttering equivalence and branching bisimulation. In: Chechik, M., Raskin, J.-F. (eds.) TACAS 2016. LNCS, vol. 9636, pp. 607\u2013624. Springer, Heidelberg (2016). \nhttps:\/\/doi.org\/10.1007\/978-3-662-49674-9_40"},{"key":"23_CR13","doi-asserted-by":"publisher","first-page":"129","DOI":"10.1007\/978-3-319-98047-8_9","volume-title":"Principled Software Development","author":"M Huisman","year":"2018","unstructured":"Huisman, M., Joosten, S.J.C.: Towards reliable concurrent software. Principled Software Development, pp. 129\u2013146. Springer, Cham (2018). \nhttps:\/\/doi.org\/10.1007\/978-3-319-98047-8_9"},{"issue":"12","key":"23_CR14","doi-asserted-by":"publisher","first-page":"2435","DOI":"10.1007\/978-3-642-29320-7_12","volume":"78","author":"Y Hwong","year":"2013","unstructured":"Hwong, Y., Keiren, J., Kusters, V., Leemans, S., Willemse, T.: Formalising and analysing the control software of the compact muon solenoid experiment at the large hadron collider. SCP 78(12), 2435\u20132452 (2013). \nhttps:\/\/doi.org\/10.1007\/978-3-642-29320-7_12","journal-title":"SCP"},{"key":"23_CR15","unstructured":"mCRL2\u2014Showcases. \nhttps:\/\/www.mcrl2.org\/web\/user_manual\/showcases.html\n\n. Accessed July 2019"},{"key":"23_CR16","unstructured":"Landelijke Tunnelstandaard (National Tunnel Standard). \nhttp:\/\/publicaties.minienm.nl\/documenten\/landelijke-tunnelstandaard\n\n. Accessed June 2019"},{"key":"23_CR17","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"191","DOI":"10.1007\/978-3-319-72308-2_12","volume-title":"Verified Software. Theories, Tools, and Experiments","author":"W Oortwijn","year":"2017","unstructured":"Oortwijn, W., Blom, S., Gurov, D., Huisman, M., Zaharieva-Stojanovski, M.: An abstraction technique for describing concurrent program behaviour. In: Paskevich, A., Wies, T. (eds.) VSTTE 2017. LNCS, vol. 10712, pp. 191\u2013209. Springer, Cham (2017). \nhttps:\/\/doi.org\/10.1007\/978-3-319-72308-2_12"},{"key":"23_CR18","doi-asserted-by":"publisher","first-page":"65","DOI":"10.4204\/EPTCS.211.7","volume":"211","author":"Wytse Oortwijn","year":"2016","unstructured":"Oortwijn, W., Blom, S., Huisman, M.: Future-based static analysis of message passing programs. In: PLACES, pp. 65\u201372 (2016). \nhttps:\/\/doi.org\/10.4204\/EPTCS.211.7","journal-title":"Electronic Proceedings in Theoretical Computer Science"},{"key":"23_CR19","doi-asserted-by":"publisher","first-page":"77","DOI":"10.1016\/j.scico.2013.01.006","volume":"82","author":"P Philippaerts","year":"2014","unstructured":"Philippaerts, P., M\u00fchlberg, J., Penninckx, W., Smans, J., Jacobs, B., Piessens, F.: Software verification with verifast: industrial case studies. SCP 82, 77\u201397 (2014). \nhttps:\/\/doi.org\/10.1016\/j.scico.2013.01.006","journal-title":"SCP"},{"key":"23_CR20","doi-asserted-by":"publisher","unstructured":"Ruijters, E., Guck, D., van Noort, M., Stoelinga, M.: Reliability-centered maintenance of the electrically insulated railway joint via fault tree analysis: a practical experience report. In: DSN, pp. 662\u2013669. IEEE Computer Society (2016). \nhttps:\/\/doi.org\/10.1109\/DSN.2016.67","DOI":"10.1109\/DSN.2016.67"},{"key":"23_CR21","unstructured":"Silva, R., de Oliveira, J., Pinto, J.: A case study on model checking and deductive verification techniques of safety-critical software. In: SBMF, Federal University of Campina Grande (2012)"},{"key":"23_CR22","unstructured":"The Technolution. \nhttps:\/\/www.technolution.eu\n\n. Accessed June 2019"},{"key":"23_CR23","unstructured":"Wiggelinkhuizen, J.: Feasibility of formal model checking in the Vitatron environment. Master\u2019s thesis, Eindhoven University of Technology (2007)"}],"container-title":["Lecture Notes in Computer Science","Integrated Formal Methods"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-030-34968-4_23","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,11,22]],"date-time":"2019-11-22T00:18:59Z","timestamp":1574381939000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-030-34968-4_23"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2019]]},"ISBN":["9783030349677","9783030349684"],"references-count":23,"URL":"https:\/\/doi.org\/10.1007\/978-3-030-34968-4_23","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2019]]},"assertion":[{"value":"22 November 2019","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"IFM","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Conference on Integrated Formal Methods","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Bergen","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Norway","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2019","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2 December 2019","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"6 December 2019","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"15","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"ifm2019","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"http:\/\/ifm2019.hvl.no\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}}]}}