One of the primary concerns in developing computer embedded safety-critical systems is how to develop quality software. Software must fulll its functional requirements and must not contribute to the violation of safety properties of the entire system. To this end, capturing error free and satisfactory functional requirements is crucial before proceeding to the subsequent development phases. We describe an approach to specifying and verifying software for safety-critical systems with the practical formal method SOFL (Structured-Objectbased-Formal Language). Requirements specication focuses on the functionality of the software, but with the consideration of safety constraints and its interaction with the surrounding operational environment. The verication of specications can be carried out using three techniques: data ow reachability checking, specication testing, a n d rigorous proofs, respectively. W e apply this approach to a realistic railway crossing controller for a case study and analyzes its result.