1,614 research outputs found
AsmetaF: A Flattener for the ASMETA Framework
Abstract State Machines (ASMs) have shown to be a suitable high-level
specification method for complex, even industrial, systems; the ASMETA
framework, supporting several validation and verification activities on ASM
models, is an example of a formal integrated development environment. Although
ASMs allow modeling complex systems in a rather concise way -and this is
advantageous for specification purposes-, such concise notation is in general a
problem for verification activities as model checking and theorem proving that
rely on tools accepting simpler notations.
In this paper, we propose a flattener tool integrated in the ASMETA framework
that transforms a general ASM model in a flattened model constituted only of
update, parallel, and conditional rules; such model is easier to map to
notations of verification tools. Experiments show the effect of applying the
tool to some representative case studies of the ASMETA repository.Comment: In Proceedings F-IDE 2018, arXiv:1811.09014. The first two authors
are supported by ERATO HASUO Metamathematics for Systems Design Project (No.
JPMJER1603), JST. Funding Reference number: 10.13039/501100009024 ERAT
Get rid of inline assembly through verification-oriented lifting
Formal methods for software development have made great strides in the last
two decades, to the point that their application in safety-critical embedded
software is an undeniable success. Their extension to non-critical software is
one of the notable forthcoming challenges. For example, C programmers regularly
use inline assembly for low-level optimizations and system primitives. This
usually results in driving state-of-the-art formal analyzers developed for C
ineffective. We thus propose TInA, an automated, generic, trustable and
verification-oriented lifting technique turning inline assembly into
semantically equivalent C code, in order to take advantage of existing C
analyzers. Extensive experiments on real-world C code with inline assembly
(including GMP and ffmpeg) show the feasibility and benefits of TInA
Rigorous development process of a safety-critical system: from ASM models to Java code
The paper presents an approach for rigorous development of safety-critical systems based on the Abstract State Machine formal method. The development process starts from a high level formal view of the system and, through refinement, derives more detailed models till the desired level of specification. Along the process, different validation and verification activities are available, as simulation, model review, and model checking. Moreover, each refinement step can be proved correct using an SMT-based approach. As last step of the refinement process, a Java implementation can be developed and linked to the formal specification. The correctness of the implementation w.r.t. its formal specification can be proved by means of model-based testing and runtime verification. The process is exemplified by using a Landing Gear System as case study
Integrating formal methods into medical software development : the ASM approach
Medical devices are safety-critical systems since their malfunctions can seriously compromise human safety. Correct operation of a medical device depends upon the controlling software, whose development should adhere to certification standards. However, these standards provide general descriptions of common software engineering activities without any indication regarding particular methods and techniques to assure safety and reliability. This paper discusses how to integrate the use of a formal approach into the current normative for the medical software development. The rigorous process is based on the Abstract State Machine (ASM) formal method, its refinement principle, and model analysis approaches the method supports. The hemodialysis machine case study is used to show how the ASM-based design process covers most of the engineering activities required by the related standards, and provides rigorous approaches for medical software validation and verification
CryptOpt: Verified Compilation with Random Program Search for Cryptographic Primitives
Most software domains rely on compilers to translate high-level code to
multiple different machine languages, with performance not too much worse than
what developers would have the patience to write directly in assembly language.
However, cryptography has been an exception, where many performance-critical
routines have been written directly in assembly (sometimes through
metaprogramming layers). Some past work has shown how to do formal verification
of that assembly, and other work has shown how to generate C code automatically
along with formal proof, but with consequent performance penalties vs. the
best-known assembly. We present CryptOpt, the first compilation pipeline that
specializes high-level cryptographic functional programs into assembly code
significantly faster than what GCC or Clang produce, with mechanized proof (in
Coq) whose final theorem statement mentions little beyond the input functional
program and the operational semantics of x86-64 assembly. On the optimization
side, we apply randomized search through the space of assembly programs, with
repeated automatic benchmarking on target CPUs. On the formal-verification
side, we connect to the Fiat Cryptography framework (which translates
functional programs into C-like IR code) and extend it with a new formally
verified program-equivalence checker, incorporating a modest subset of known
features of SMT solvers and symbolic-execution engines. The overall prototype
is quite practical, e.g. producing new fastest-known implementations for the
relatively new Intel i9 12G, of finite-field arithmetic for both Curve25519
(part of the TLS standard) and the Bitcoin elliptic curve secp256k1
Formal verification of automotive embedded UML designs
Software applications are increasingly dominating safety critical domains. Safety critical domains are domains where the failure of any application could impact human lives. Software application safety has been overlooked for quite some time but more focus and attention is currently directed to this area due to the exponential growth of software embedded applications. Software systems have continuously faced challenges in managing complexity associated with functional growth, flexibility of systems so that they can be easily modified, scalability of solutions across several product lines, quality and reliability of systems, and finally the ability to detect defects early in design phases. AUTOSAR was established to develop open standards to address these challenges. ISO-26262, automotive functional safety standard, aims to ensure functional safety of automotive systems by providing requirements and processes to govern software lifecycle to ensure safety. Each functional system needs to be classified in terms of safety goals, risks and Automotive Safety Integrity Level (ASIL: A, B, C and D) with ASIL D denoting the most stringent safety level. As risk of the system increases, ASIL level increases and the standard mandates more stringent methods to ensure safety. ISO-26262 mandates that ASILs C and D classified systems utilize walkthrough, semi-formal verification, inspection, control flow analysis, data flow analysis, static code analysis and semantic code analysis techniques to verify software unit design and implementation. Ensuring software specification compliance via formal methods has remained an academic endeavor for quite some time. Several factors discourage formal methods adoption in the industry. One major factor is the complexity of using formal methods. Software specification compliance in automotive remains in the bulk heavily dependent on traceability matrix, human based reviews, and testing activities conducted on either actual production software level or simulation level. ISO26262 automotive safety standard recommends, although not strongly, using formal notations in automotive systems that exhibit high risk in case of failure yet the industry still heavily relies on semi-formal notations such as UML. The use of semi-formal notations makes specification compliance still heavily dependent on manual processes and testing efforts. In this research, we propose a framework where UML finite state machines are compiled into formal notations, specification requirements are mapped into formal model theorems and SAT/SMT solvers are utilized to validate implementation compliance to specification. The framework will allow semi-formal verification of AUTOSAR UML designs via an automated formal framework backbone. This semi-formal verification framework will allow automotive software to comply with ISO-26262 ASIL C and D unit design and implementation formal verification guideline. Semi-formal UML finite state machines are automatically compiled into formal notations based on Symbolic Analysis Laboratory formal notation. Requirements are captured in the UML design and compiled automatically into theorems. Model Checkers are run against the compiled formal model and theorems to detect counterexamples that violate the requirements in the UML model. Semi-formal verification of the design allows us to uncover issues that were previously detected in testing and production stages. The methodology is applied on several automotive systems to show how the framework automates the verification of UML based designs, the de-facto standard for automotive systems design, based on an implicit formal methodology while hiding the cons that discouraged the industry from using it. Additionally, the framework automates ISO-26262 system design verification guideline which would otherwise be verified via human error prone approaches
ACOTES project: Advanced compiler technologies for embedded streaming
Streaming applications are built of data-driven, computational components, consuming and producing unbounded data streams. Streaming oriented systems have become dominant in a wide range of domains, including embedded applications and DSPs. However, programming efficiently for streaming architectures is a challenging task, having to carefully partition the computation and map it to processes in a way that best matches the underlying streaming architecture, taking into account the distributed resources (memory, processing, real-time requirements) and communication overheads (processing and delay). These challenges have led to a number of suggested solutions, whose goal is to improve the programmer’s productivity in developing applications that process massive streams of data on programmable, parallel embedded architectures. StreamIt is one such example. Another more recent approach is that developed by the ACOTES project (Advanced Compiler Technologies for Embedded Streaming). The ACOTES approach for streaming applications consists of compiler-assisted mapping of streaming tasks to highly parallel systems in order to maximize cost-effectiveness, both in terms of energy and in terms of design effort. The analysis and transformation techniques automate large parts of the partitioning and mapping process, based on the properties of the application domain, on the quantitative information about the target systems, and on programmer directives. This paper presents the outcomes of the ACOTES project, a 3-year collaborative work of industrial (NXP, ST, IBM, Silicon Hive, NOKIA) and academic (UPC, INRIA, MINES ParisTech) partners, and advocates the use of Advanced Compiler Technologies that we developed to support Embedded Streaming.Peer ReviewedPostprint (published version
- …