Formal Verification of an Industrial Safety-Critical Traffic Tunnel Control System

Oortwijn, Wytse; Huisman, Marieke

doi:10.1007/978-3-030-34968-4_23

Cited by 10 publications

(12 citation statements)

References 18 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…To reason effectively about realistic concurrent and distributed software, we have presented a verification technique that performs the reasoning at a suitable level of abstraction that hides irrelevant implementation details, is scalable to realistic programs by being modular and compositional, and is practical by being supported by automated tools. The approach is expressive enough to allow reasoning about realistic software as is demonstrated by the case study as well as by [15], and can be implemented as part of an automated deductive SMT-based program verifier, viz. VerCors.…”

Section: Discussionmentioning

confidence: 99%

“…Apart from the presented leader election case study, our approach has been applied in a larger, industrial case study covering the formal verification of a traffic tunnel emergency control system [15]. In this case study, we successfully verified a safety-critical component of an emergency control system…”

Section: Specification and Verification Detailsmentioning

confidence: 99%

“…With respect to (2); apart from the examples given in this article, more examples of our approach are given in [14], including the verification of a (reentrant) lock as well as a concurrent parallel GCD algorithm. Our technique has also been used in a real-world industrial case study [15]-on the formal verification of a safety-critical traffic tunnel control system. This article extends our earlier VMCAI'20 article [16].…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

An Abstraction Technique for Verifying Shared-Memory Concurrency

2020

Self Cite

View full text Add to dashboard Cite

Modern concurrent and distributed software is highly complex. Techniques to reason about the correct behaviour of such software are essential to ensure its reliability. To be able to reason about realistic programs, these techniques must be modular and compositional as well as practical by being supported by automated tools. However, many existing approaches for concurrency verification are theoretical and focus primarily on expressivity and generality. This paper contributes a technique for verifying behavioural properties of concurrent and distributed programs that balances expressivity and usability. The key idea of the approach is that program behaviour is abstractly modelled using process algebra, and analysed separately. The main difficulty is presented by the typical abstraction gap between program implementations and their models. Our approach bridges this gap by providing a deductive technique for formally linking programs with their process-algebraic models. Our verification technique is modular and compositional, is proven sound with Coq, and has been implemented in the automated concurrency verifier VerCors. Moreover, our technique is demonstrated on multiple case studies, including the verification of a leader election protocol.

show abstract

Section: Discussionmentioning

confidence: 99%

Section: Specification and Verification Detailsmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

An Abstraction Technique for Verifying Shared-Memory Concurrency

2020

Self Cite

View full text Add to dashboard Cite

show abstract

“…VerCors uses process-algebras in addition to separation logic to reason about fine-grained concurrent programs. This approach does lead to reduced expressivity, but has been shown to scale to interesting examples [70].…”

Section: Related Workmentioning

confidence: 99%

Diaframe: automated verification of fine-grained concurrent programs in Iris

Mulder

Krebbers

Geuvers

2022

Proceedings of the 43rd ACM SIGPLAN International Conference on Programming Language Design and Implementation

View full text Add to dashboard Cite

Fine-grained concurrent programs are difficult to get right, yet play an important role in modern-day computers. We want to prove strong specifications of such programs, with minimal user effort, in a trustworthy way. In this paper, we present DiaframeÐan automated and foundational verification tool for fine-grained concurrent programs.Diaframe is built on top of the Iris framework for higherorder concurrent separation logic in Coq, which already has a foundational soundness proof and the ability to give strong specifications, but lacks automation. Diaframe equips Iris with strong automation using a novel, extendable, goaldirected proof search strategy, using ideas from linear logic programming and bi-abduction. A benchmark of 24 examples from the literature shows that the proof burden of Diaframe is competitive with existing non-foundational tools, while its expressivity and soundness guarantees are stronger.

show abstract

“…We also recently successfully applied the techniques presented in this paper on an industrial case study, concerning the formal verification of a safety-critical traffic tunnel control system that is currently in use in Dutch traffic [36]. For this case study we made a process algebraic model of the control software that we analysed with mCRL2, and used the techniques presented in this paper to prove that this model is a sound abstraction of the program's behaviour.…”

Section: Introductionmentioning

confidence: 99%

Practical Abstractions for Automated Verification of Shared-Memory Concurrency

Oortwijn

Gurov

Huisman

2020

Lecture Notes in Computer Science

Self Cite

View full text Add to dashboard Cite

Modern concurrent and distributed software is highly complex. Techniques to reason about the correct behaviour of such software are essential to ensure its reliability. To be able to reason about realistic programs, these techniques must be modular and compositional as well as practical by being supported by automated tools. However, many existing approaches for concurrency verification are theoretical and focus on expressivity and generality. This paper contributes a technique for verifying behavioural properties of concurrent and distributed programs that makes a trade-off between expressivity and usability. The key idea of the approach is that program behaviour is abstractly modelled using process algebra, and analysed separately. The main difficulty is presented by the typical abstraction gap between program implementations and their models. Our approach bridges this gap by providing a deductive technique for formally linking programs with their process-algebraic models. Our verification technique is modular and compositional, is proven sound with Coq, and has been implemented in the automated concurrency verifier VerCors. Moreover, our technique is demonstrated on multiple case studies, including the verification of a leader election protocol.

show abstract

Formal Verification of an Industrial Safety-Critical Traffic Tunnel Control System

Cited by 10 publications

References 18 publications

An Abstraction Technique for Verifying Shared-Memory Concurrency

An Abstraction Technique for Verifying Shared-Memory Concurrency

Diaframe: automated verification of fine-grained concurrent programs in Iris

Practical Abstractions for Automated Verification of Shared-Memory Concurrency

Contact Info

Product

Resources

About