Formal Safety Verification

Deliver 100% safe, compliant, and future-proof rail control systems without delays.

Why formal safety verification is now essential

Modern rail control systems are vastly more complex than ever before. A single interlocking or CBTC system may contain billions of possible states, far more than any traditional testing campaign could explore. Reviews and manual tests remain valuable, but they only show the presence of bugs, not their absence.

Take the first step toward improving your safety verification process

Fill out the form, and we’ll reach out shortly to schedule your personalized consultation.

Rail control systems evolve, making safety verification more challenging

As the industry moves toward digitalized, software-driven signaling, the limitations of conventional verification grow increasingly risky. Safety requirements must be proven exhaustively, not sampled. A missed hazard or late-stage discovery can lead to project delays, costly redesigns, or even operational incidents.

Formal Safety Verification (FSV) changes the paradigm. Using mathematical proof and automation, it verifies system safety across all possible scenarios, ensuring no unsafe behavior exists.

What is formal safety verification?

Formal Safety Verification is a mathematical approach to proving that a rail control system satisfies every safety requirement in every possible operating state.

Instead of developing test scenarios based on experience or intuition, engineers build formal models and digital twins of the control system and verify them automatically using advanced model checkers.

This process provides:

100% safety coverage — exhaustive mathematical proof
Early discovery of design issues — long before implementation or testing
Certified, objective safety evidence aligned with EN 50716, EN 50126, EN 50128, and EN 50129
Reduced review and testing load
Repeatable, maintainable verification workflows

Guide

Engineering safe rail control with formal verification

Learn why formal verification is the most reliable way to ensure safe rail control systems.

Read the guide

A safety process based on hazards — not just requirements

Traditional EN 50126-based safety processes start by identifying hazards and defining mitigations, often expressed as SIL levels. Verification then focuses on showing that the implemented requirements meet the assigned SIL through testing and reviews.

Formal safety verification reverses this logic.

Instead of checking whether requirements were implemented correctly, FSV verifies directly against the hazards themselves:

Hazards
Formal safety properties
Automated proof that the system design makes all hazardous states impossible.

This approach eliminates subjective interpretation, reduces expert dependency, and ensures that safety is validated where it matters most: in the system’s full behavioral logic.

Book a demo

Prover’s solution: Industrial-scale formal safety verification

Prover makes formal verification practical and scalable for real railway projects by combining proven methods with efficient industrial tooling.

Powered by Prover Diagnostic

At the core of the solution is Prover Diagnostic, a hazard-based formal verification solution that automates the generation of safety proofs.

It integrates:

Safety properties derived from hazards (e.g., collision, derailment, and fire
Environment models capturing real-world operational rules
Formal system models, imported or auto-generated from design data

This creates a complete digital twin in which:

Unsafe states are mathematically proven impossible, or
Detailed counterexamples show precisely where hazards could occur

The result is accurate, comprehensive, and reusable safety evidence.

Book a demo

Case studies

Proven across leading railway projects

Prover’s Formal Safety Verification is not experimental; it is field-proven in some of the world’s most demanding environments. Across these projects, formal methods have uncovered critical bugs missed by testing — demonstrating the necessity and practical value of FSV.

Stockholm Metro

System-level digital twins for both relay and computerized interlockings

RATP (Paris Metro)

Hazard-based formal verification for CBTC systems from multiple suppliers

Alstom

Global integration of Prover PSL and Prover Certifier to produce automatic, exhaustive safety demonstrations

View all

Key benefits

100% safety coverage — mathematically proven
Early detection of design issues — reducing rework and delays
Certified safety evidence — Tool-supported evidence
Tool-supported analysis — shorter verification cycles
Greater independence from safety reviewers — no influence on design decisions
Field-proven reliability — trusted by metros, railways, and global suppliers

Ready to deliver safety with certainty?

Formal Safety Verification empowers rail engineers to deliver fully safe and compliant systems faster with confidence backed by mathematical proof.
Watch the on-demand webinar to see how Prover’s solution works and how real projects use formal methods to ensure uncompromising safety.

Hackatons - producing innovative ideas for the railway industry

Our tools & process

Prover’s formal safety verification workflow starts by formalizing safety requirements, often derived from safety hazard analyses, in a language like HLL. System models are built, and automated model checking validates that all requirements are satisfied.

If an issue is found, the system generates counterexamples to aid debugging. The process concludes with formal safety evidence that supports certification efforts.

We support this with a powerful, integrated toolchain:

Book a demo