@inbook{62e0703b137145a0b1926452dbb6d1a2,
title = "Using Data Consistency Assumptions to Show System Safety",
abstract = "Systems cannot usually be proved safe unless some failure assumptions are made. Here we prove that the water level in a generic boiler system is always within its safe range by assuming that device failures result in inconsistent readings. Key parts of our approach are a failure-reporting strategy that determines failures from consistency conditions, and a level-calculation strategy that gives a best estimate of boiler level in light of the reported failures. These strategies are generic and could be used in other safety-critical applications.",
author = "Glenn Bruns and Stuart Anderson",
year = "1995",
doi = "10.1007/978-3-7091-9396-9_2",
language = "English",
isbn = "978-3-7091-9398-3",
volume = "9",
series = "Dependable Computing and Fault-Tolerant Systems",
publisher = "Springer",
pages = "15--27",
editor = "Flaviu Cristian and {Le Lann}, Gerard and Teresa Lunt",
booktitle = "Dependable Computing for Critical Applications 4",
address = "United Kingdom",
}