Evaluating the effect of a lightweight formal technique in industry

Contains fulltext : 151782.pdf (preprint version ) (Open Access) Contains fulltext : 151782.pdf (publisher's version ) (Open Access

Formal verification of unreliable failure detectors in partially synchronous systems

We formally verify four algorithms proposed in [M. Larrea, S. Arévalo and A. Fernández, Efficient Algorithms to Implement Unreliable Failure Detectors in Partially Synchronous Systems, 1999]. Each algorithm is specified as a network of timed automata a

Experience report on developing the Front-end Client unit under the control of formal methods

Abstract. Formal methods are extensively being applied to the development of control software units, of highly sophisticated X-ray machines, at Philips Healthcare. One of the early units incorporating formal methods is the Front-end client (FEClient), which was developed under the control of formal technologies, supported by the Analytical Software Design (ASD) method. As a result, only eleven coding errors were detected during the construction of 28 thousands lines of code. Team members attribute the ultimate quality of the software to the rigor of the formal technologies supplied by the ASD method. In this paper we report about the experience of applying ASD to the development of the FEClient, and we show how formal methods substantially enhanced its quality. We also discuss the nature of the errors found during the construction of the unit. Key words: Formal methods in industrial applications; Analytical Software Design; component-based software; Software quality

Formal Verification of Unreliable Failure Detectors in Partially Synchronous Systems

We formally verify four algorithms proposed in [M. Larrea, S. Arévalo and A. Fernández, Efficient Algorithms to Implement Unreliable Failure Detectors in Partially Synchronous Systems, 1999]. Each algorithm is specified as a network of timed automata and is verified with respect to completeness and accuracy properties. Using the model-checking tool UP-PAAL, we detect and report the occurrences of deadlock (for all algorithms) between each pair of non-faulty nodes due to buffer overflow in communication channels with arbitrarily large buffers and we propose a solution. Moreover, we use one of the algorithms as a measure to compare three modelchecking tools, namely, UPPAAL, mCRL2 and FDR2

Benefits of applying formal methods to industrial control software. CS-Report 11-04

Formal methods are being applied to the development of software of various applications at Philips Healthcare. In particular, the Analytical Software Design (ASD) method is being used as a formal technology for developing defect-free control software of highly sophisticated X-ray machines. In this paper we analyze the effects of applying ASD in the development of various control software units. We compare the quality of these units with other units developed in traditional development methods. The results indicate that applying ASD as a formal technology for developing control software results in better quality code

Analyzing a Controller of a Power Distribution Unit Using Formal Methods

This paper reports on the steps to formally verify the behavior of a controller of a power distribution unit (PDU) using the Analytical Software Design (ASD) method. The controller of the underlying PDU mainly controls the distribution of power and related network messages to a number of attached PCs and devices of X-ray systems. The behavioral correctness of the controller is critical in order to provide the clinical users the expected behavior of the system. As a result of the behavioral verification, two previously unrevealed errors were identified within the design of the PDU controller. According to the development team of the PDU the work has had a major benefit, locating errors that would have been hard to find otherwise by traditional testing.

Specification Guidelines to avoid the State Space Explosion Problem

During the last two decades we modelled the behaviour of a large number of systems. We noted that different styles of modelling had quite an effect on the size of the state spaces of the modelled system. The differences were so substantial that some specification styles led to far too many states to verify the correctness of the model, whereas with other styles the number of states was so small that verification was a straightforward activity. In this article we summarise our experience by providing seven specification guidelines. For each guideline we provide an application from the realm of traffic light controllers for which we provide a ‘bad ’ model with a large state space, and a ‘good ’ model with a small state space.

Verifying system-wide properties of industrial component-based software

\u3cp\u3eAnalytical Software Design (ASD) enables model-based development of component software systems. Until now, functional verification of ASD systems is only possible on a per-component basis. There is no functional verification engine for ASD itself, so this verification relies on a translation of individual components to mCRL2, a process-algebraic model checker. We show how to extend the ASD-mCRL2 translation to support multiple components in order to enable checking of system wide functional properties. With our extended translation, we perform a case-study on a newly developed industrial system consisting of 26 communicating components. The results indicate that it is feasible to model check functional properties on this scale.\u3c/p\u3