Model-Checking of Safety-Critical Software for Avionics by Darren Cofer, Michael Whalen and Steven Miller The adoption of model-based development tools is changing the cost-benefit equation for the industrial use of formal methods. The integration of formal methods such as model checking into software development environments makes it possible to fight increasing cost and complexity with automation and rigour. By any measure, the size and the complexity of the safety-critical software deployed in commercial and military aircraft are rising exponentially. Current verification methods will not be able to cope effectively with the software being developed for next-generation aircraft. New verification processes are being developed that augment testing with analysis techniques such as formal methods. These processes will help ensure that the advanced functionality needed in modern aircraft can be delivered at a reasonable cost and with the required level of safety. In the past, formal methods have not been widely used in industry due to a number of barriers:  the cost of building separate analysis models  the difficulty of keeping these models consistent with the software design  the use of unfamiliar notations for modeling and analysis  the inadequacy of tools for industrial-sized problems. The widespread use of model-based development (MBD) tools is eliminating the first three barriers. MBD refers to the use of domain-specific (usually graphical) modelling languages that can be executed in simulation before the actual system is built. The use of such modelling languages allows engineers to create a model of the system, execute it on their desktop, and automatically generate code and test cases. Furthermore, tools are now being developed to translate these design models into analysis models that can be verified by formal methods tools, with the results translated back into the original modelling notation. This process leverages the original modeling effort and allows engineers to work in familiar notations for their domain. The fourth barrier is being removed through dramatic improvements in analysis algorithms and the steady increase in computing power readily available to engineers due to Moore's Law. The combined forces of faster algorithms and cheap hardware mean that systems that were out of reach a decade ago can now be analyzed in a matter of seconds.