Challenges in the specification of full contracts

Partially supported by the Nordunet3 project “COSoDIS”.The complete specification of full contracts - contracts which include tolerated exceptions, and which enable reasoning about the contracts themselves, can be achieved using a combination of temporal and deontic concepts. In this paper we discuss the challenges in combining deontic and other relevant logics, in particular focusing on operators for choice, obligations over sequences, contrary-to-duty obligations, and how internal and external decisions may be incorporated in an action-based language for specifying contracts. We provide different viable interpretations and approaches for the development of such a sound logic and outline challenges for the future.peer-reviewe

An experimental Study using ACSL and Frama-C to formulate and verify Low-Level Requirements from a DO-178C compliant Avionics Project

Safety critical avionics software is a natural application area for formal verification. This is reflected in the formal method's inclusion into the certification guideline DO-178C and its formal methods supplement DO-333. Airbus and Dassault-Aviation, for example, have conducted studies in using formal verification. A large German national research project, Verisoft XT, also examined the application of formal methods in the avionics domain. However, formal methods are not yet mainstream, and it is questionable if formal verification, especially formal deduction, can be integrated into the software development processes of a resource constrained small or medium enterprise (SME). ESG, a Munich based medium sized company, has conducted a small experimental study on the application of formal verification on a small portion of a real avionics project. The low level specification of a software function was formalized with ACSL, and the corresponding source code was partially verified using Frama-C and the WP plugin, with Alt-Ergo as automated prover. We established a couple of criteria which a method should meet to be fit for purpose for industrial use in SME, and evaluated these criteria with the experience gathered by using ACSL with Frama-C on a real world example. The paper reports on the results of this study but also highlights some issues regarding the method in general which, in our view, will typically arise when using the method in the domain of embedded real-time programming.Comment: In Proceedings F-IDE 2015, arXiv:1508.0338

Systems development methods and usability in Norway: An industrial perspective

This is the post-print version of the Article. The official published version can be accessed from the link below - Copyright @ 2007 Springer Berlin HeidelbergThis paper investigates the relationship between traditional systems development methodologies and usability, through a survey of 78 Norwegian IT companies. Building on previous research we proposed two hypotheses; (1) that software companies will generally pay lip service to usability, but do not prioritize it in industrial projects, and (2) that systems development methods and usability are perceived as not being integrated. We find support for both hypotheses. Thus, the use of systems development methods is fairly stable, confirming earlier research. Most companies do not use a formal method, and of those who do, the majority use their own method. Generally, the use of methods is rather pragmatic: Companies that do not use formal methods report that they use elements from such methods. Further, companies that use their own method import elements from standardised methods into their own

Formal verification and testing: An integrated approach to validating Ada programs

An integrated set of tools called a validation environment is proposed to support the validation of Ada programs by a combination of methods. A Modular Ada Validation Environment (MAVEN) is described which proposes a context in which formal verification can fit into the industrial development of Ada software

New Opportunities for Integrated Formal Methods

Formal methods have provided approaches for investigating software engineering fundamentals and also have high potential to improve current practices in dependability assurance. In this article, we summarise known strengths and weaknesses of formal methods. From the perspective of the assurance of robots and autonomous systems~(RAS), we highlight new opportunities for integrated formal methods and identify threats to their adoption to be mitigated. Based on these opportunities and threats, we develop an agenda for fundamental and empirical research on integrated formal methods and for successful transfer of validated research to RAS assurance. Furthermore, we outline our expectations on useful outcomes of such an agenda

An open extensible tool environment for Event-B

Abstract. We consider modelling indispensable for the development of complex systems. Modelling must be carried out in a formal notation to reason and make meaningful conjectures about a model. But formal modelling of complex systems is a difficult task. Even when theorem provers improve further and get more powerful, modelling will remain difficult. The reason for this that modelling is an exploratory activity that requires ingenuity in order to arrive at a meaningful model. We are aware that automated theorem provers can discharge most of the onerous trivial proof obligations that appear when modelling systems. In this article we present a modelling tool that seamlessly integrates modelling and proving similar to what is offered today in modern integrated development environments for programming. The tool is extensible and configurable so that it can be adapted more easily to different application domains and development methods.

A method of hardware qualification for flight by analyses, similarity and integrated testing

The results are described of a study on four pieces of flight hardware from the Saturn 1U and S-4B stages to determine whether the objectives of the formal qualification tests on that hardware could have been obtained within that program by methods other than performing the qualification tests. These methods include qualification by analyses, similarity and integrated testing, i.e., distribution of the objectives among the other tests in the program. It was found that it is feasible to delete the requirements for formal qualification testing provided that it is accomplished early in the program to allow adequate planning for accomplishing the qualification objectives by other means. Additionally, a scorekeeping system was defined that is simple, straightforward, easy to implement. This scorekeeping system provides complete visibility of equivalent qualification status at any point during the program. A set of groundrules for implementing this study was established as a result of findings on the specific items of hardware studied

Agent Based Approaches to Engineering Autonomous Space Software

Current approaches to the engineering of space software such as satellite control systems are based around the development of feedback controllers using packages such as MatLab's Simulink toolbox. These provide powerful tools for engineering real time systems that adapt to changes in the environment but are limited when the controller itself needs to be adapted. We are investigating ways in which ideas from temporal logics and agent programming can be integrated with the use of such control systems to provide a more powerful layer of autonomous decision making. This paper will discuss our initial approaches to the engineering of such systems.Comment: 3 pages, 1 Figure, Formal Methods in Aerospac