1,571 research outputs found
Formal Verification of Real-Time Function Blocks Using PVS
A critical step towards certifying safety-critical systems is to check their
conformance to hard real-time requirements. A promising way to achieve this is
by building the systems from pre-verified components and verifying their
correctness in a compositional manner. We previously reported a formal approach
to verifying function blocks (FBs) using tabular expressions and the PVS proof
assistant. By applying our approach to the IEC 61131-3 standard of Programmable
Logic Controllers (PLCs), we constructed a repository of precise specification
and reusable (proven) theorems of feasibility and correctness for FBs. However,
we previously did not apply our approach to verify FBs against timing
requirements, since IEC 61131-3 does not define composite FBs built from
timers. In this paper, based on our experience in the nuclear domain, we
conduct two realistic case studies, consisting of the software requirements and
the proposed FB implementations for two subsystems of an industrial control
system. The implementations are built from IEC 61131-3 FBs, including the
on-delay timer. We find issues during the verification process and suggest
solutions.Comment: In Proceedings ESSS 2015, arXiv:1506.0325
Workshop on Verification and Theorem Proving for Continuous Systems (NetCA Workshop 2005)
Oxford, UK, 26 August 200
An Exercise in Invariant-based Programming with Interactive and Automatic Theorem Prover Support
Invariant-Based Programming (IBP) is a diagram-based correct-by-construction
programming methodology in which the program is structured around the
invariants, which are additionally formulated before the actual code. Socos is
a program construction and verification environment built specifically to
support IBP. The front-end to Socos is a graphical diagram editor, allowing the
programmer to construct invariant-based programs and check their correctness.
The back-end component of Socos, the program checker, computes the verification
conditions of the program and tries to prove them automatically. It uses the
theorem prover PVS and the SMT solver Yices to discharge as many of the
verification conditions as possible without user interaction. In this paper, we
first describe the Socos environment from a user and systems level perspective;
we then exemplify the IBP workflow by building a verified implementation of
heapsort in Socos. The case study highlights the role of both automatic and
interactive theorem proving in three sequential stages of the IBP workflow:
developing the background theory, formulating the program specification and
invariants, and proving the correctness of the final implementation.Comment: In Proceedings THedu'11, arXiv:1202.453
A formal framework for modeling and validating Simulink diagrams
10.1007/s00165-009-0108-9Formal Aspects of Computing215451-483FACM
A PVS-Simulink Integrated Environment for Model-Based Analysis of Cyber-Physical Systems
This paper presents a methodology, with supporting tool, for formal modeling and analysis of software components in cyber-physical systems. Using our approach, developers can integrate a simulation of logic-based specifications of software components and Simulink models of continuous processes. The integrated simulation is useful to validate the characteristics of discrete system components early in the development process. The same logic-based specifications can also be formally verified using the Prototype Verification System (PVS), to gain additional confidence that the software design complies with specific safety requirements. Modeling patterns are defined for generating the logic-based specifications from the more familiar automata-based formalism. The ultimate aim of this work is to facilitate the introduction of formal verification technologies in the software development process of cyber-physical systems, which typically requires the integrated use of different formalisms and tools. A case study from the medical domain is used to illustrate the approach. A PVS model of a pacemaker is interfaced with a Simulink model of the human heart. The overall cyber-physical system is co-simulated to validate design requirements through exploration of relevant test scenarios. Formal verification with the PVS theorem prover is demonstrated for the pacemaker model for specific safety aspects of the pacemaker design
SPEEDY: An Eclipse-based IDE for invariant inference
SPEEDY is an Eclipse-based IDE for exploring techniques that assist users in
generating correct specifications, particularly including invariant inference
algorithms and tools. It integrates with several back-end tools that propose
invariants and will incorporate published algorithms for inferring object and
loop invariants. Though the architecture is language-neutral, current SPEEDY
targets C programs. Building and using SPEEDY has confirmed earlier experience
demonstrating the importance of showing and editing specifications in the IDEs
that developers customarily use, automating as much of the production and
checking of specifications as possible, and showing counterexample information
directly in the source code editing environment. As in previous work,
automation of specification checking is provided by back-end SMT solvers.
However, reducing the effort demanded of software developers using formal
methods also requires a GUI design that guides users in writing, reviewing, and
correcting specifications and automates specification inference.Comment: In Proceedings F-IDE 2014, arXiv:1404.578
A Static Analyzer for Large Safety-Critical Software
We show that abstract interpretation-based static program analysis can be
made efficient and precise enough to formally verify a class of properties for
a family of large programs with few or no false alarms. This is achieved by
refinement of a general purpose static analyzer and later adaptation to
particular programs of the family by the end-user through parametrization. This
is applied to the proof of soundness of data manipulation operations at the
machine level for periodic synchronous safety critical embedded software. The
main novelties are the design principle of static analyzers by refinement and
adaptation through parametrization, the symbolic manipulation of expressions to
improve the precision of abstract transfer functions, the octagon, ellipsoid,
and decision tree abstract domains, all with sound handling of rounding errors
in floating point computations, widening strategies (with thresholds, delayed)
and the automatic determination of the parameters (parametrized packing)
- …