125,884 research outputs found
An experimental Study using ACSL and Frama-C to formulate and verify Low-Level Requirements from a DO-178C compliant Avionics Project
Safety critical avionics software is a natural application area for formal
verification. This is reflected in the formal method's inclusion into the
certification guideline DO-178C and its formal methods supplement DO-333.
Airbus and Dassault-Aviation, for example, have conducted studies in using
formal verification. A large German national research project, Verisoft XT,
also examined the application of formal methods in the avionics domain.
However, formal methods are not yet mainstream, and it is questionable if
formal verification, especially formal deduction, can be integrated into the
software development processes of a resource constrained small or medium
enterprise (SME). ESG, a Munich based medium sized company, has conducted a
small experimental study on the application of formal verification on a small
portion of a real avionics project. The low level specification of a software
function was formalized with ACSL, and the corresponding source code was
partially verified using Frama-C and the WP plugin, with Alt-Ergo as automated
prover.
We established a couple of criteria which a method should meet to be fit for
purpose for industrial use in SME, and evaluated these criteria with the
experience gathered by using ACSL with Frama-C on a real world example. The
paper reports on the results of this study but also highlights some issues
regarding the method in general which, in our view, will typically arise when
using the method in the domain of embedded real-time programming.Comment: In Proceedings F-IDE 2015, arXiv:1508.0338
Climbing the Software Assurance Ladder - Practical Formal Verification for Reliable Software
There is a strong link between software quality and software reliability. By decreasing the probability of imperfection in the software, we can augment its reliability guarantees. At one extreme, software with one unknown bug is not reliable. At the other extreme, perfect software is fully reliable. Formal verification with SPARK has been used for years to get as close as possible to zero-defect software. We present the well-established processes surrounding the use of SPARK at Altran UK, as well as the deployment experiments performed at Thales to finetune the gradual insertion of formal verification techniques in existing processes. Experience of both long-term and new users helped us define adoption and usage guidelines for SPARK based on five levels of increasing assurance that map well with industrial needs in practice
Formal methods for industrial critical systems, preface to the special section
[EN] This special issue contains improved versions of selected papers from the workshops
on Formal Methods for Industrial Critical Systems (FMICS) held in Eindhoven,
The Netherlands, in November 2009 and in Antwerp, Belgium, in September
2010. These were, respectively, the 14th and 15th of a series of international
workshops organized by an open working group supported by ERCIM (European
Research Consortium for Informatics and Mathematics) that promotes research in
all aspects of formal methods (see details in http://www.inrialpes.fr/vasy/fmics/).
The FMICS workshops that have produced this special issue considered papers
describing original, previously unpublished research and not simultaneously submitted
for publication elsewhere, and dealing with the following themes:
Design, specification, code generation and testing based on formal methods.
Methods, techniques and tools to support automated analysis, certification,
debugging, learning, optimization and transformation of complex, distributed, real-time and embedded systems.
Verification and validation methods that address shortcomings of existing
methods with respect to their industrial applicability (e.g., scalability and
usability issues).
Tools for the development of formal design descriptions.
Case studies and experience reports on industrial applications of formal
methods, focusing on lessons learned or new research directions.
Impact and costs of the adoption of formal methods.
Application of formal methods in standardization and industrial forums.
The selected papers are the result of several evaluation steps. In response to the
call for papers, FMICS 2009 received 24 papers and FMICS 2010 received 33
papers, with 10 and 14 accepted, respectively, which were published by Springer-
Verlag in the series Lecture Notes in Computer Science (volumes 5825 [1] and
6371 [2]). Each paper was reviewed by at least three anonymous referees which
provided full written evaluations. After the workshops, the authors of 10 papers
were invited to submit extended journal versions to this special issue. These papers
passed two review phases, and finally 7 were accepted to be included in the
journal.his work has been partially supported by the EU (FEDER) and the Spanish MEC TIN2010-21062-C02-02 project, MICINN INNCORPORA-PTQ program, and by Generalitat Valenciana, ref. PROMETEO2011/052.Alpuente Frasnedo, M.; Joubert ., C.; Kowalewski, S.; Roveri, M. (2013). Formal methods for industrial critical systems, preface to the special section. Science of Computer Programming. 78(7):775-777. doi:10.1016/j.scico.2012.05.005S77577778
Using ACL2 to Verify Loop Pipelining in Behavioral Synthesis
Behavioral synthesis involves compiling an Electronic System-Level (ESL)
design into its Register-Transfer Level (RTL) implementation. Loop pipelining
is one of the most critical and complex transformations employed in behavioral
synthesis. Certifying the loop pipelining algorithm is challenging because
there is a huge semantic gap between the input sequential design and the output
pipelined implementation making it infeasible to verify their equivalence with
automated sequential equivalence checking techniques. We discuss our ongoing
effort using ACL2 to certify loop pipelining transformation. The completion of
the proof is work in progress. However, some of the insights developed so far
may already be of value to the ACL2 community. In particular, we discuss the
key invariant we formalized, which is very different from that used in most
pipeline proofs. We discuss the needs for this invariant, its formalization in
ACL2, and our envisioned proof using the invariant. We also discuss some
trade-offs, challenges, and insights developed in course of the project.Comment: In Proceedings ACL2 2014, arXiv:1406.123
Developing a distributed electronic health-record store for India
The DIGHT project is addressing the problem of building a scalable and highly available information store for the Electronic Health Records (EHRs) of the over one billion citizens of India
- …