News
Research, tooling, incidents, infrastructure shifts, and production lessons. Kept technical so the page stays useful.
Teams at three defense prime contractors report results from integrating TLA+ and Alloy with MBSE workflows. Formal specs caught interface ambiguities three times earlier than review-based approaches. Learning curves average six weeks per engineer.
A surge in TLA+ and Alloy adoption is being driven not by academic interest but by high-profile production failures. Engineers at AWS, Microsoft, and several aerospace primes have published post-mortems citing formal specification as the tool that would have caught their bugs.
A controlled study evaluates LLM-assisted FTA against expert-only FTA on 12 safety-critical systems. LLMs significantly accelerate initial tree construction and improve completeness for well-documented system classes, but produce overconfident assessments for novel failure modes.
A structured comparison of three major hazard analysis methods finds that STPA identifies significantly more control-related hazards in complex interactive systems, while HAZOP remains superior for well-understood process systems. Neither dominates across all system classes.
Traditional test coverage metrics (line, branch, MC/DC) are inadequate for AI-enabled system components. This paper proposes a multi-layer coverage framework addressing data coverage, behavioral coverage, and distributional robustness coverage for ML-based components.