Requirements validation of a voice communication system used in air traffic control. An industrial application of light-weight formal methods

During the last few years light-weight approaches to formal development methods have been proposed in order to facilitate the technological transfer of formal methods. “Light-weight” means that a precise and unambiguous formal specification language is used in order to raise the quality of a system´s description, without focusing on proofs (C.B. Jones, 1996). The article presents the results and experiences gained in an industrial project where VDM++, an object oriented extension of the Vienna Development Method, has been applied in such a light-weight manner. In the joint project of the Austrian company Frequentis and the Technical University Graz (J. Horl, 1999), a safety critical voice communication system (VCS) for air-traffic control has been specified and validated. It serves as the sole communication system between the pilots, the air-traffic control personnel at the tower, the ground personnel on the runways, other parties external to the airport and even other airports