State-based and process-based value passing

State-based and process-based formalisms each come with their own distinct set of assumptions and properties. To combine them in a useful way it is important to be sure of these assumptions in order that the formalisms are combined in ways which have, or which allow, the intended combined properties. Consequently we cannot necessarily expect to take on state-based formalism and one process-based formalism and combine them and get something sensible, especially since the act of combining can have subtle consequences. Here we concentrate on value-passing, how it is treated in each formalism, and how the formalisms can be combined so as to preserve certain properties. Specifically, the aim is to take from the many process-based formalisms definitions that will best fit with our chosen stat-based formalism, namely Z, so that the fit is simple, has no unintended consequences and is as elegant as possible

Towards Verification of UML Class Models using Formal Specification Methods: A Review

Abstract In today s world many elements of our lives are being affected by software and for that we are in greater need of high-quality software The Unified Modeling Language UML is considered the de facto standard for object-oriented software model development UML class diagram plays an important role in the design and specification of software systems A class diagram provides a static description of system component

Using formal methods to support testing

Formal methods and testing are two important approaches that assist in the development of high quality software. While traditionally these approaches have been seen as rivals, in recent years a new consensus has developed in which they are seen as complementary. This article reviews the state of the art regarding ways in which the presence of a formal specification can be used to assist testing

Action Systems, Determinism and the Development of Secure Systems

This thesis addresses issues arising in the specification and development of secure systems, focusing in particular on aspects of confidentiality. Various confidentiality properties based on limiting the allowed flows of information in a system have previously been proposed. These definitions axe reviewed here and some of the problems inherent in their use axe outlined. Recent work by Roscoe [106] has. provided information flow definitions based on restricting the allowed nondeterminism within the system. These properties axe described in detail, with a range of examples provided to illustrate their use.This thesis is concerned with providing a new, pragmatic approach to the development of secure systems. Action systems axe chosen as a notation which incorporates both direct representation of system state useful for effective system modelling and the succession of events in a system essential for representation of information flow properties. A definition of nondeterminism and formulations of the deterministic security properties axe developed for action systems. These axe shown to correspond to the original CSP event based definitions.The emphasis of this work is on the practical application of theoretical results. This is reflected in the case studies in which the preceding work is applied to realistic development situations. This allows the strengths and weaknesses of both the deterministic security conditions and the use of action systems to be assessed. The first study investigates security constraints applied to a distributed message-passing system. Ways of specifying security conditions and the effects of including them at different levels axe explored. The second case study follows through the specification and refinement of a distributed security kernel. A technique for the simplification of security proofs is introduced

CONJURE: automatic generation of constraint models from problem specifications

Funding: Engineering and Physical Sciences Research Council (EP/V027182/1, EP/P015638/1), Royal Society (URF/R/180015).When solving a combinatorial problem, the formulation or model of the problem is critical tothe efficiency of the solver. Automating the modelling process has long been of interest because of the expertise and time required to produce an effective model of a given problem. We describe a method to automatically produce constraint models from a problem specification written in the abstract constraint specification language Essence. Our approach is to incrementally refine the specification into a concrete model by applying a chosen refinement rule at each step. Any nontrivial specification may be refined in multiple ways, creating a space of models to choose from. The handling of symmetries is a particularly important aspect of automated modelling. Many combinatorial optimisation problems contain symmetry, which can lead to redundant search. If a partial assignment is shown to be invalid, we are wasting time if we ever consider a symmetric equivalent of it. A particularly important class of symmetries are those introduced by the constraint modelling process: modelling symmetries. We show how modelling symmetries may be broken automatically as they enter a model during refinement, obviating the need for an expensive symmetry detection step following model formulation. Our approach is implemented in a system called Conjure. We compare the models producedby Conjure to constraint models from the literature that are known to be effective. Our empirical results confirm that Conjure can reproduce successfully the kernels of the constraint models of 42 benchmark problems found in the literature.Publisher PDFPeer reviewe

Dependability engineering in Isabelle

In this paper, we introduce a process of formal system development supported by interactive theorem proving in a dedicated Isabelle framework. This Isabelle Infrastructure framework implements specification and verification in a cyclic process supported by attack tree analysis closely inter-connected with formal refinement of the specification. The process is cyclic: in a repeated iteration the refinement adds more detail to the system specification. It is a known hard problem how to find the next refinement step: this problem is addressed by the attack based analysis using Kripke structures and CTL logic. We call this cyclic process the Refinement-Risk cycle (RR-cycle). It has been developed for security and privacy of IoT healthcare systems initially but is more generally applicable for safety as well, that is, dependability in general. In this paper, we present the extensions to the Isabelle Infrastructure framework implementing a formal notion of property preserving refinement interleaved with attack tree analysis for the RR-cycle. The process is illustrated on the specification development and privacy analysis of the mobile Corona-virus warning app

Behavioural equivalences for timed systems

Timed transition systems are behavioural models that include an explicit treatment of time flow and are used to formalise the semantics of several foundational process calculi and automata. Despite their relevance, a general mathematical characterisation of timed transition systems and their behavioural theory is still missing. We introduce the first uniform framework for timed behavioural models that encompasses known behavioural equivalences such as timed bisimulations, timed language equivalences as well as their weak and time-abstract counterparts. All these notions of equivalences are naturally organised by their discriminating power in a spectrum. We prove that this result does not depend on the type of the systems under scrutiny: it holds for any generalisation of timed transition system. We instantiate our framework to timed transition systems and their quantitative extensions such as timed probabilistic systems

Proceedings of the First NASA Formal Methods Symposium

Topics covered include: Model Checking - My 27-Year Quest to Overcome the State Explosion Problem; Applying Formal Methods to NASA Projects: Transition from Research to Practice; TLA+: Whence, Wherefore, and Whither; Formal Methods Applications in Air Transportation; Theorem Proving in Intel Hardware Design; Building a Formal Model of a Human-Interactive System: Insights into the Integration of Formal Methods and Human Factors Engineering; Model Checking for Autonomic Systems Specified with ASSL; A Game-Theoretic Approach to Branching Time Abstract-Check-Refine Process; Software Model Checking Without Source Code; Generalized Abstract Symbolic Summaries; A Comparative Study of Randomized Constraint Solvers for Random-Symbolic Testing; Component-Oriented Behavior Extraction for Autonomic System Design; Automated Verification of Design Patterns with LePUS3; A Module Language for Typing by Contracts; From Goal-Oriented Requirements to Event-B Specifications; Introduction of Virtualization Technology to Multi-Process Model Checking; Comparing Techniques for Certified Static Analysis; Towards a Framework for Generating Tests to Satisfy Complex Code Coverage in Java Pathfinder; jFuzz: A Concolic Whitebox Fuzzer for Java; Machine-Checkable Timed CSP; Stochastic Formal Correctness of Numerical Algorithms; Deductive Verification of Cryptographic Software; Coloured Petri Net Refinement Specification and Correctness Proof with Coq; Modeling Guidelines for Code Generation in the Railway Signaling Context; Tactical Synthesis Of Efficient Global Search Algorithms; Towards Co-Engineering Communicating Autonomous Cyber-Physical Systems; and Formal Methods for Automated Diagnosis of Autosub 6000