Software Engineering Institute

Deploying critical software with certification and frequent updates is a major challenge. Exhaustive testing of safety-critical systems is not possible due to the exponential growth of test cases; extensive but non-exhaustive testing is potentially unsafe; and while formal methods (FM) can provide full coverage, many FM tools have been found to be defective, producing the wrong output and leaving software practitioners understandably hesitant to trust FM tools.