231,459 research outputs found
Utilizing Event-B for Domain Engineering: A Critical Analysis
International audienceThis paper presents our experience of modeling land transportation domain in the formal framework of Event-B. Well-specified requirements are crucial for good software design; they depend on the understanding of the domain. Thus, domain engineering becomes an essential activity. The possibility to have a formal model of a domain, consistent with the use of formal methods for developing critical software working within it, is an important issue. Safety-critical domains, like transportation, exhibit interesting features, such as high levels of non-determinism, complex interactions, stringent safety properties, multifaceted timing attributes, etc. The formal representation of these features is a challenging task. We explore the possibility of utilizing Event-B as a domain engineering tool. We discuss the problems we faced during this exercise and how we tackled them. Special attention is devoted to the issue of the validation of the model, in particular with a technique based on the animation of specifications. Event-B is mature enough to be an effective tool to model domains except in some areas, temporal properties mainly, where more work is still needed
ViSpec: A graphical tool for elicitation of MTL requirements
One of the main barriers preventing widespread use of formal methods is the
elicitation of formal specifications. Formal specifications facilitate the
testing and verification process for safety critical robotic systems. However,
handling the intricacies of formal languages is difficult and requires a high
level of expertise in formal logics that many system developers do not have. In
this work, we present a graphical tool designed for the development and
visualization of formal specifications by people that do not have training in
formal logic. The tool enables users to develop specifications using a
graphical formalism which is then automatically translated to Metric Temporal
Logic (MTL). In order to evaluate the effectiveness of our tool, we have also
designed and conducted a usability study with cohorts from the academic student
community and industry. Our results indicate that both groups were able to
define formal requirements with high levels of accuracy. Finally, we present
applications of our tool for defining specifications for operation of robotic
surgery and autonomous quadcopter safe operation.Comment: Technical report for the paper to be published in the 2015 IEEE/RSJ
International Conference on Intelligent Robots and Systems held in Hamburg,
Germany. Includes 10 pages and 19 figure
The AutoProof Verifier: Usability by Non-Experts and on Standard Code
Formal verification tools are often developed by experts for experts; as a
result, their usability by programmers with little formal methods experience
may be severely limited. In this paper, we discuss this general phenomenon with
reference to AutoProof: a tool that can verify the full functional correctness
of object-oriented software. In particular, we present our experiences of using
AutoProof in two contrasting contexts representative of non-expert usage.
First, we discuss its usability by students in a graduate course on software
verification, who were tasked with verifying implementations of various sorting
algorithms. Second, we evaluate its usability in verifying code developed for
programming assignments of an undergraduate course. The first scenario
represents usability by serious non-experts; the second represents usability on
"standard code", developed without full functional verification in mind. We
report our experiences and lessons learnt, from which we derive some general
suggestions for furthering the development of verification tools with respect
to improving their usability.Comment: In Proceedings F-IDE 2015, arXiv:1508.0338
SPEEDY: An Eclipse-based IDE for invariant inference
SPEEDY is an Eclipse-based IDE for exploring techniques that assist users in
generating correct specifications, particularly including invariant inference
algorithms and tools. It integrates with several back-end tools that propose
invariants and will incorporate published algorithms for inferring object and
loop invariants. Though the architecture is language-neutral, current SPEEDY
targets C programs. Building and using SPEEDY has confirmed earlier experience
demonstrating the importance of showing and editing specifications in the IDEs
that developers customarily use, automating as much of the production and
checking of specifications as possible, and showing counterexample information
directly in the source code editing environment. As in previous work,
automation of specification checking is provided by back-end SMT solvers.
However, reducing the effort demanded of software developers using formal
methods also requires a GUI design that guides users in writing, reviewing, and
correcting specifications and automates specification inference.Comment: In Proceedings F-IDE 2014, arXiv:1404.578
An experimental Study using ACSL and Frama-C to formulate and verify Low-Level Requirements from a DO-178C compliant Avionics Project
Safety critical avionics software is a natural application area for formal
verification. This is reflected in the formal method's inclusion into the
certification guideline DO-178C and its formal methods supplement DO-333.
Airbus and Dassault-Aviation, for example, have conducted studies in using
formal verification. A large German national research project, Verisoft XT,
also examined the application of formal methods in the avionics domain.
However, formal methods are not yet mainstream, and it is questionable if
formal verification, especially formal deduction, can be integrated into the
software development processes of a resource constrained small or medium
enterprise (SME). ESG, a Munich based medium sized company, has conducted a
small experimental study on the application of formal verification on a small
portion of a real avionics project. The low level specification of a software
function was formalized with ACSL, and the corresponding source code was
partially verified using Frama-C and the WP plugin, with Alt-Ergo as automated
prover.
We established a couple of criteria which a method should meet to be fit for
purpose for industrial use in SME, and evaluated these criteria with the
experience gathered by using ACSL with Frama-C on a real world example. The
paper reports on the results of this study but also highlights some issues
regarding the method in general which, in our view, will typically arise when
using the method in the domain of embedded real-time programming.Comment: In Proceedings F-IDE 2015, arXiv:1508.0338
Having Fun in Learning Formal Specifications
There are many benefits in providing formal specifications for our software.
However, teaching students to do this is not always easy as courses on formal
methods are often experienced as dry by students. This paper presents a game
called FormalZ that teachers can use to introduce some variation in their
class. Students can have some fun in playing the game and, while doing so, also
learn the basics of writing formal specifications in the form of pre- and
post-conditions. Unlike existing software engineering themed education games
such as Pex and Code Defenders, FormalZ takes the deep gamification approach
where playing gets a more central role in order to generate more engagement.
This short paper presents our work in progress: the first implementation of
FormalZ along with the result of a preliminary users' evaluation. This
implementation is functionally complete and tested, but the polishing of its
user interface is still future work
Advances in Usability of Formal Methods for Code Verification with Frama-C
Industrial usage of code analysis tools based on semantic analysis, such as the Frama-C platform, poses several challenges, from the setup of analyses to the exploitation of their results. In this paper, we discuss two of these challenges. First, such analyses require detailed information about the code structure and the build process, which are often not documented, being part of the implicit build chain used by the developers. Unlike heuristics-based tools, which can deal with incomplete information, semantics-based tools require stubs or specifications for external library functions, compiler builtins, non-standard extensions, etc. Setting up a new analysis has a high cost, which precludes industrial users from trying such tools, since the return on investment is not clear in advance: the analysis may reveal itself of little use w.r.t. the invested time. Improving the usability of this first step is essential for the widespread adoption of formal methods in software development. A second aspect that is essential for successful analyses is understanding the data and navigating it. Visualizing data and rendering it in an interactive manner allows users to considerably speed up the process of refining the analysis results. We present some approaches to both of these issues, derived from experience with code bases given by industrial partners
- …