50 research outputs found
Advances in Usability of Formal Methods for Code Verification with Frama-C
Industrial usage of code analysis tools based on semantic analysis, such as the Frama-C platform, poses several challenges, from the setup of analyses to the exploitation of their results. In this paper, we discuss two of these challenges. First, such analyses require detailed information about the code structure and the build process, which are often not documented, being part of the implicit build chain used by the developers. Unlike heuristics-based tools, which can deal with incomplete information, semantics-based tools require stubs or specifications for external library functions, compiler builtins, non-standard extensions, etc. Setting up a new analysis has a high cost, which precludes industrial users from trying such tools, since the return on investment is not clear in advance: the analysis may reveal itself of little use w.r.t. the invested time. Improving the usability of this first step is essential for the widespread adoption of formal methods in software development. A second aspect that is essential for successful analyses is understanding the data and navigating it. Visualizing data and rendering it in an interactive manner allows users to considerably speed up the process of refining the analysis results. We present some approaches to both of these issues, derived from experience with code bases given by industrial partners
Strong Induction in Hardware Model Checking
Symbolic Model checking is a widely used technique for automated verification of both hardware and software systems. Unbounded SAT-based Symbolic Model Checking (SMC) algorithms are very popular in hardware verification. The principle of strong induction is one of the first techniques for SMC. While elegant and simple to apply, properties as such can rarely be proven using strong induction and when they can be strengthened, there is no effective strategy to guess the depth of induction. It has been mostly displaced by techniques that compute inductive strengthenings based on interpolation and property directed reachability (PDR). In this thesis, we prove that strong induction is more concise than induction. We then present kAvy, an SMC algorithm that effectively uses strong induction to guide interpolation and PDR-style incremental inductive invariant construction. Unlike pure strong induction, kAvy uses PDR-style generalization to compute and strengthen an inductive trace. Unlike pure PDR, kAvy uses relative strong induction to construct an inductive invariant. The depth of induction is adjusted dynamically by minimizing a proof of unsatisfiability. We have implemented kAvy within the Avy Model Checker and evaluated it on HWMCC instances. Our results show that kAvy is more effective than both Avy and PDR, and that using strong induction leads to faster running time and solving more instances. Further, on a class of benchmarks, called shift, kAvy is orders of magnitude faster than Avy, PDR and pure strong induction
Scalable reaction network modeling with automatic validation of consistency in Event-B
Constructing a large biological model is a difficult, error-prone process. Small errors in writing a part of the model cascade to the system level and their sources are difficult to trace back. In this paper we extend a recent approach based on Event-B, a state-based formal method with refinement as its central ingredient, allowing us to validate for model consistency step-by-step in an automated way. We demonstrate this approach on a model of the heat shock response in eukaryotes and its scalability on a model of the ErbB signaling pathway. All consistency properties of the model were proved automatically with computer support.</p
Get rid of inline assembly through verification-oriented lifting
Formal methods for software development have made great strides in the last
two decades, to the point that their application in safety-critical embedded
software is an undeniable success. Their extension to non-critical software is
one of the notable forthcoming challenges. For example, C programmers regularly
use inline assembly for low-level optimizations and system primitives. This
usually results in driving state-of-the-art formal analyzers developed for C
ineffective. We thus propose TInA, an automated, generic, trustable and
verification-oriented lifting technique turning inline assembly into
semantically equivalent C code, in order to take advantage of existing C
analyzers. Extensive experiments on real-world C code with inline assembly
(including GMP and ffmpeg) show the feasibility and benefits of TInA
Design patterns for models of interactive systems
Building models of safety-critical interactive systems (in healthcare, transport, avionics and finance, to name but a few) as part of the design process is essential. It is also advised for non-safety critical interactive systems if we want to be certain they will behave as intended in all circumstances. However, modelling interactive systems is also challenging. The levels of complexity in modern user interfaces and the wealth of interaction possibilities means that modelling at a suitable level of abstraction is crucial to ensure our models remain reasonably sized, readable, and therefore usable. The decisions we make about how to abstract the system to retain enough detail to be able to reason about it without running into known modelling problems (state-explosion, verbosity, unread ability) are complex, even for experienced modellers. We have identified a number of commonly seen problems in such models based on occurrences of common properties of interactive systems, and in order to help both experienced and novice modellers we propose model-patterns as a solution to this
Direct methods for deductive verification of temporal properties in continuous dynamical systems
This thesis is concerned with the problem of formal verification of correctness
specifications for continuous and hybrid dynamical systems. Our main focus will
be on developing and automating general proof principles for temporal properties
of systems described by non-linear ordinary differential equations (ODEs) under
evolution constraints. The proof methods we consider will work directly with the
differential equations and will not rely on the explicit knowledge of solutions,
which are in practice rarely available. Our ultimate goal is to increase the
scope of formal deductive verification tools for hybrid system designs. We
give a comprehensive survey and comparison of available methods for checking
set invariance in continuous systems, which provides a foundation for safety
verification using inductive invariants. Building on this, we present a technique
for constructing discrete abstractions of continuous systems in which spurious
transitions between discrete states are entirely eliminated, thereby extending
previous work. We develop a method for automatically generating inductive
invariants for continuous systems by efficiently extracting reachable sets from
their discrete abstractions. To reason about liveness properties in ODEs, we
introduce a new proof principle that extends and generalizes methods that have
been reported previously and is highly amenable to use as a rule of inference
in a deductive verification calculus for hybrid systems. We will conclude with a
summary of our contributions and directions for future work
Animating user interface prototypes with formal models
Dissertação de mestrado integrado em Informatics EngineeringThe User Interface (UI) provides the first impression of an interactive system and should,
thus, be intuitive, in order to guide users effectively and efficiently in performing their tasks.
User interface prototyping is a common activity in UI development, as it supports early
exploration of the UI design by potential users.
UI quality plays a crucial role in safety-critical contexts, where design errors can poten tially lead to catastrophic events. Model-based analysis approaches aim to detect usability
and performance issues early in the design process by leveraging formal analysis. They
complement prototyping, which supports user involvement, but not an exhaustive analysis
of the designs.
The IVY Workbench emerges as a model-based analysis tool intended for non-expert
usage. The tool was originally focused on supporting modelling and verification, but more
recently an effort began to combine the formal model capabilities with UI mock-ups, to
produce more interactive prototypes than traditional mock-up editors support.
This work addresses the enhancement of the prototyping features of the IVY Workbench.
The improvements of such features include the creation of a dynamic widget library that
can vastly improve the quality of prototypes. Such a library, however, should be compatible
with several mock-up editors to attract a broader design community.
The results of this work include an analysis of alternative prototyping tools, identifying
potential features that can enhance the IVY Workbench, the creation of a dynamic widget
library that is compatible with several mock-up editors, and several improvements to IVY’s
prototyping plugin, including the addition of code exporting functionalities. Usability tests
were conducted to validate the new features of the tool, with positive results. Two mobile
applications were also created, allowing users to test prototypes in their mobile devices.A UI proporciona o primeiro contacto entre um utilizador e um sistema interativo. Assim,
a UI deverá ser capaz de guiar o utilizador na execução das suas tarefas, de um modo
eficiente e eficaz. A prototipagem de interfaces é uma atividade comum no processo de
desenvolvimento de UIs, já que permite a exploração antecipada do design de uma UI com
potenciais utilizadores.
A UI tem um papel bastante relevante no contexto de sistemas críticos, onde falhas no
design podem gerar eventos catastróficos. As metodologias de análise baseadas em modelos
procuram detetar potenciais falhas de usabilidade e desempenho, em fases iniciais do
processo de desenvolvimento, através de análise formal. Estas metodologias complementam
o processo de prototipagem, que suporta o envolvimento dos utilizadores mas não oferece
uma análise exaustiva do design.
A IVY Workbench surge como uma ferramenta de análise baseada em modelos que visa
suportar utilizadores sem grandes conhecimentos de análise formal. Embora originalmente
focada na modelação e verificação, surgiu recentemente um esforço para combinar as
capacidades da análise formal com mock-ups da UI. O objetivo é produzir protótipos com
maior nível de interação do que os produzidos pelos tradicionais editores de mock-ups.
O presente trabalho apresenta melhorias das capacidades de prototipagem da ferramenta
IVY Workbench. Estas melhorias incluem a criação de uma biblioteca de widgets dinâmicos,
que aperfeiçoa a qualidade dos protótipos desta ferramenta. Esta biblioteca deverá ser
compatível com múltiplos editores de mock-ups, de modo a atrair uma vasta comunidade de
designers.
Os resultados deste trabalho incluem uma análise de alternativas de ferramentas de
prototipagem, onde são identificadas funcionalidades que podem aprimorar a ferramenta
IVY Workbench; a criação de uma biblioteca de widgets dinâmicos, compatível com inúmeros
editores de mock-ups; assim como várias melhorias efetuadas no plugin de prototipagem
desta ferramenta, incluindo a adição de funcionalidades de exportação de código fonte.
Foram realizados testes de usabilidade para validar as novas funcionalidades da ferramenta
com utilizadores, onde foram obtidos resultados positivos. Finalmente, foram criadas
duas aplicações móveis que permitem que os utilizadores testem os protótipos nos seus
dispositivos móveis