Viewpoints : What can agile methods bring to high-integrity software development?

Considering the issues and opportunities raised by Agile practices in the development of high-integrity software

Viewpoints : What can agile methods bring to high-integrity software development?

Considering the issues and opportunities raised by Agile practices in the development of high-integrity software

Lightweight Interactive Proving inside an Automatic Program Verifier

International audienceAmong formal methods, the deductive verification approach allows establishing the strongest possible formal guarantees on critical software. The downside is the cost in terms of human effort required to design adequate formal specifications and to successfully discharge the required proof obligations. To popularize deductive verification in an industrial software development environment, it is essential to provide means to progressively transition from simple and automated approaches to deductive verification. The SPARK environment, for development of critical software written in Ada, goes towards this goal by providing automated tools for formally proving that some code fulfills the requirements expressed in Ada contracts. In a program verifier that makes use of automatic provers to discharge the proof obligations, a need for some additional user interaction with proof tasks shows up: either to help analyzing the reason of a proof failure or, ultimately, to discharge the verification conditions that are out-of-reach of state-of-the-art automatic provers. Adding interactive proof features in SPARK appears to be complicated by the fact that the proof toolchain makes use of the independent, intermediate verification tool Why3, which is generic enough to accept multiple front-ends for different input languages. This paper reports on our approach to extend Why3 with interactive proof features and also with a generic client-server infrastructure allowing integration of proof interaction into an external, front-end graph-ical user interface such as the one of SPARK

Putting the Semantics into Semantic Versioning

The long-standing aspiration for software reuse has made astonishing strides in the past few years. Many modern software development ecosystems now come with rich sets of publicly-available components contributed by the community. Downstream developers can leverage these upstream components, boosting their productivity. However, components evolve at their own pace. This imposes obligations on and yields benefits for downstream developers, especially since changes can be breaking, requiring additional downstream work to adapt to. Upgrading too late leaves downstream vulnerable to security issues and missing out on useful improvements; upgrading too early results in excess work. Semantic versioning has been proposed as an elegant mechanism to communicate levels of compatibility, enabling downstream developers to automate dependency upgrades. While it is questionable whether a version number can adequately characterize version compatibility in general, we argue that developers would greatly benefit from tools such as semantic version calculators to help them upgrade safely. The time is now for the research community to develop such tools: large component ecosystems exist and are accessible, component interactions have become observable through automated builds, and recent advances in program analysis make the development of relevant tools feasible. In particular, contracts (both traditional and lightweight) are a promising input to semantic versioning calculators, which can suggest whether an upgrade is likely to be safe.Comment: to be published as Onward! Essays 202

Continuous Reasoning: Scaling the impact of formal methods

This paper describes work in continuous reasoning, where formal reasoning about a (changing) codebase is done in a fashion which mirrors the iterative, continuous model of software development that is increasingly practiced in industry. We suggest that advances in continuous reasoning will allow formal reasoning to scale to more programs, and more programmers. The paper describes the rationale for continuous reasoning, outlines some success cases from within industry, and proposes directions for work by the scientific community

Verificação Formal de Programas com SPARK2014

A verificação formal de software é uma área da Ciência de Computadores com grande importância no desenvolvimento de projetos de alta integridade. Ao adotar a verificação formal como uma das componentes dos projetos de software, aumenta-se a compreensão da natureza e propósito do programa por parte do programador e faz com que este se foque na precisão e consistência. Por outro lado, obriga também o programador a optar por soluções mais simples e que respeitem os requisitos de implementação, pois quanto mais complexo for o código desenvolvido maior será o esforço de prova e a dificuldade da mesma ser obtida de forma automática. Uma consequência é a minimização do risco de introdução de erros e maior facilidade na manutenção do programa. A linguagem SPARK e o seu conjunto de ferramentas favorecem o desenvolvimento de programas da forma que é descrita no parágrafo anterior. Face às características da linguagem que impõe restrições, muitos erros de programação que são comuns noutras linguagens não acontecem. O objetivo desta dissertação é o de estudar a usabilidade do SPARK2014 na implementação de estruturas de dados e algoritmos simples que são tipicamente utilizados no desenvolvimento de sistemas críticos ou de elevada integridade. Serão desenvolvidas especificações formais para os algoritmos em estudo, bem como implementações destes que são consistentes com essas mesmas especificações. Por fim será feita uma análise a todo o processo, no sentido de obter indicadores do real valor do SPARK2014 no desenvolvimento de aplicações mais complexas.Formal verification of software is an area of Computer Science with increasing importance and especially relevant for high-integrity projects. By adopting formal verification, programmers are brought to know better the nature of the algorithms they are implementing which need to be accurate and consistent. These properties are usually not simple to verify and as result of such complexity programmers tend to choose simpler solutions to minimize verification costs. Simple solutions have clear advantages in terms of error detection and maintenance. The Spark language and its toolset have become a popular solution among high-integrity software production industry since it helps to produce correct software. The new Spark 2014 is a completely new version of the tool with a completely new approach to the verification process. The aim of this work is to study the usability of the new SPARK 2014 in implementing data structures and algorithms commonly used in the development of high integrity systems and understand the real advantages of the trade-off imposed by a new, more complex approach. This goal is achieved by developing specification and implementing a set of selected algorithms using Spark 2014