1,295 research outputs found
Rodin: an open toolset for modelling and reasoning in Event-B
Event-B is a formal method for system-level modelling and analysis. Key features of Event-B are the use of set theory as a modelling notation, the use of refinement to represent systems at different abstraction levels and the use of mathematical proof to verify consistency between refinement levels. In this article we present the Rodin modelling tool that seamlessly integrates modelling and proving. We outline how the Event-B language was designed to facilitate proof and how the tool has been designed to support changes to models while minimising the impact of changes on existing proofs. We outline the important features of the prover architecture and explain how well-definedness is treated. The tool is extensible and configurable so that it can be adapted more easily to different application domains and development methods
Automated Analysis of Concurrent and Real-Time Software
This paper surveys the current status of our work on automated anal-ysis of the logical and timing properties of concurrent software based on the constrained expression approach. It describes our analysis toolset, reports some extremely encouraging results of using the toolset to ana-lyze logical properties of nontrivial concurrent systems, and discusses the modifications we have made to the toolset to apply it to analyzing tim-ing properties. It then outlines ongoing and planned research directed at further improving these methods
Formal Modelling, Testing and Verification of HSA Memory Models using Event-B
The HSA Foundation has produced the HSA Platform System Architecture
Specification that goes a long way towards addressing the need for a clear and
consistent method for specifying weakly consistent memory. HSA is specified in
a natural language which makes it open to multiple ambiguous interpretations
and could render bugs in implementations of it in hardware and software. In
this paper we present a formal model of HSA which can be used in the
development and verification of both concurrent software applications as well
as in the development and verification of the HSA-compliant platform itself. We
use the Event-B language to build a provably correct hierarchy of models from
the most abstract to a detailed refinement of HSA close to implementation
level. Our memory models are general in that they represent an arbitrary number
of masters, programs and instruction interleavings. We reason about such
general models using refinements. Using Rodin tool we are able to model and
verify an entire hierarchy of models using proofs to establish that each
refinement is correct. We define an automated validation method that allows us
to test baseline compliance of the model against a suite of published HSA
litmus tests. Once we complete model validation we develop a coverage driven
method to extract a richer set of tests from the Event-B model and a user
specified coverage model. These tests are used for extensive regression testing
of hardware and software systems. Our method of refinement based formal
modelling, baseline compliance testing of the model and coverage driven test
extraction using the single language of Event-B is a new way to address a key
challenge facing the design and verification of multi-core systems.Comment: 9 pages, 10 figure
Rigorous Development of Composite Grid Services
CRESS (Communication Representation Employing Systematic Specification) is introduced as notation, a methodology and a toolset for service development. The article focuses on rigorous development of composite grid services, with particular emphasis on the principles behind the methodology. A straightforward graphical notation is used to describe grid services. These are then automatically specified, analysed and implemented. Analysis includes formal verification of desirable service properties, formal validation of test scenarios, testing of implementation functionality, and evaluation of implementation performance. The case study that illustrates the approach is document content analysis to compare two pieces of text. This involves two composite services supported by two partner services. The usability of the service design notation is assessed, and a comparison is made of the approach with similar ones. These show that the CRESS approach to developing services is usable and more complete than other comparable approaches
Conflict Detection for Edits on Extended Feature Models using Symbolic Graph Transformation
Feature models are used to specify variability of user-configurable systems
as appearing, e.g., in software product lines. Software product lines are
supposed to be long-living and, therefore, have to continuously evolve over
time to meet ever-changing requirements. Evolution imposes changes to feature
models in terms of edit operations. Ensuring consistency of concurrent edits
requires appropriate conflict detection techniques. However, recent approaches
fail to handle crucial subtleties of extended feature models, namely
constraints mixing feature-tree patterns with first-order logic formulas over
non-Boolean feature attributes with potentially infinite value domains. In this
paper, we propose a novel conflict detection approach based on symbolic graph
transformation to facilitate concurrent edits on extended feature models. We
describe extended feature models formally with symbolic graphs and edit
operations with symbolic graph transformation rules combining graph patterns
with first-order logic formulas. The approach is implemented by combining
eMoflon with an SMT solver, and evaluated with respect to applicability.Comment: In Proceedings FMSPLE 2016, arXiv:1603.0857
An integrated approach to high integrity software verification.
Computer software is developed through software engineering. At its most precise, software
engineering involves mathematical rigour as formal methods. High integrity software
is associated with safety critical and security critical applications, where failure
would bring significant costs. The development of high integrity software is subject to
stringent standards, prescribing best practises to increase quality. Typically, these standards
will strongly encourage or enforce the application of formal methods.
The application of formal methods can entail a significant amount of mathematical
reasoning. Thus, the development of automated techniques is an active area of research.
The trend is to deliver increased automation through two complementary approaches.
Firstly, lightweight formal methods are adopted, sacrificing expressive power, breadth of
coverage, or both in favour of tractability. Secondly, integrated solutions are sought,
exploiting the strengths of different technologies to increase automation.
The objective of this thesis is to support the production of high integrity software by
automating an aspect of formal methods. To develop tractable techniques we focus on
the niche activity of verifying exception freedom. To increase effectiveness, we integrate
the complementary technologies of proof planning and program analysis. Our approach
is investigated by enhancing the SPARK Approach, as developed by Altran Praxis Limited.
Our approach is implemented and evaluated as the SPADEase system. The key
contributions of the thesis are summarised below:
⢠Configurable and Sound - Present a configurable and justifiably sound approach
to software verification.
⢠Cooperative Integration - Demonstrate that more targeted and effective automation
can be achieved through the cooperative integration of distinct technologies.
⢠Proof Discovery - Present proof plans that support the verification of exception
freedom.
⢠Invariant Discovery - Present invariant discovery heuristics that support the verification
of exception freedom.
⢠Implementation as SPADEase - Implement our approach as SPADEase.
⢠Industrial Evaluation - Evaluate SPADEase against both textbook and industrial
subprograms
- âŚ