Integrated formal verification of safety-critical software

Ge, Ning; Jenn, Éric; Breton, Nicolas; Fonteneau, Yoann

doi:10.1007/s10009-017-0475-0

Cited by 8 publications

(5 citation statements)

References 30 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…TwIRTee's architecture, software, and hardware components are representative of a significant family of aeronautical, spatial, and automotive systems. It has been used to evaluate new methods and tools in the domain of hardware/software codesign, virtual integration, and application of formal methods for the development of equipment . In this paper, we give a brief description of the function and some statistics about the model and the verification effort.…”

Section: The Case Study: Automatic Rover Protectionmentioning

confidence: 99%

“…It has been used to evaluate new methods and tools in the domain of hardware/software codesign, virtual integration, 14 and application of formal methods for the development of equipment. 13,16,[19][20][21] In this paper, we give a brief description of the function and some statistics about the model and the verification effort.…”

Section: The Case Study: Automatic Rover Protectionmentioning

confidence: 99%

“…Exactly 1 binary operator or a single X on the right hand side of each definition. More details about HLL and S3 can be found in Ge et al S3 supports different activities of a software development process: property proof, equivalence proof, automatic test case generation, and simulation and provides necessary elements to comply with the software certification processes (eg, proof log). It has been used for the formal verification of railway signaling systems for years by various industrial companies in this field.…”

Section: Technological Backgroundmentioning

confidence: 99%

See 2 more Smart Citations

Correct‐by‐construction specification to verified code

Dieumegard

Jenn

et al. 2018

J Software Evolu Process

Self Cite

View full text Add to dashboard Cite

Event‐B is a formal notation and method for the systems development. The key feature of this method is to produce correct‐by‐construction system designs. Once the correct design is established, the remaining work is to generate or implement correct code from the design. Two main problems remain in the process from the correct‐by‐construction design to the correct software. First, the Event‐B design is “quasi‐correct” due to some technical limitations. For instance, it is still difficult to prove the liveness properties by the Rodin platform; it is not possible to construct the Event‐B design with floating‐point arithmetic, and sometimes, the Event‐B model is incomplete and must rely on the third‐party libraries. Therefore, a method is needed to complement these modeling and proof gaps. Secondly, proving the correctness of an automatic code generator is very difficult; therefore, a method is needed to guarantee the correctness of the produced code without proving the code generator. In this article, we address the above 2 problems by introducing an intermediate formal language called High‐Level Language (HLL) between the Event‐B models and the C code. The Event‐B model is translated to HLL with an additional schedule configuration, where Event‐B invariants and system invariants (here, deadlock‐freeness and liveness properties) are proved using a SAT‐based model checker called S3. This proof guarantees the correctness of the HLL model with respect to the Event‐B model. The C code is then automatically generated from the HLL model for most functions and is manually implemented for the third‐party ones according to the function contracts defined in Event‐B. The correctness of the generated C code is guaranteed using the equivalence proof, and the correctness of the implemented C code is guaranteed using the conformance proof. Through the article, we use a traffic light controller to illustrate the proposed method; then, we apply the method to an automatic protection function of a 3‐wheeled robot to evaluate its feasibility.

show abstract

Section: The Case Study: Automatic Rover Protectionmentioning

confidence: 99%

Section: The Case Study: Automatic Rover Protectionmentioning

confidence: 99%

Section: Technological Backgroundmentioning

confidence: 99%

See 1 more Smart Citation

Correct‐by‐construction specification to verified code

Dieumegard

Jenn

et al. 2018

J Software Evolu Process

Self Cite

View full text Add to dashboard Cite

show abstract

“…In the fourth paper of this special issue, Integrated formal verification of safety-critical software by Ge et al [18], a formal verification process based on the commercial Systerel Smart Solver (S3) toolset 1 [19] for the development of safety-critical embedded software systems is presented. The reader is guided through this process by means of an Automatic Rover Protection system implemented onboard a robot, which is a fitting example of a non-trivial safetycritical embedded system, with distributed components, some amount of central control and some amount of independence.…”

Section: Selected Papersmentioning

confidence: 99%

Formal methods and automated verification of critical systems

Beek

Gnesi

Knapp

2018

Int J Softw Tools Technol Transfer

View full text Add to dashboard Cite

Critical (software) systems are all around us. These systems are typically characterised by stringent dependability requirements and demand elevated levels of robustness and fault tolerance. To assure that they function as intended and provide a number of quality guarantees, formal methods and automated verification techniques and tools have been in use in the engineering of such critical systems for many years now. In this introduction to the special issue FMICS-AVoCS on "Formal Methods and Automated Verification of Critical Systems", we outline a number of recent achievements concerning the use of formal methods and automated verification techniques and tools for the specification and analysis of critical systems from a variety of application domains. These achievements are represented by six selected papers: five were selected from the joint 21st International Workshop on Formal Methods for Industrial Critical Systems and 16th International Workshop on Automated Verification of Critical Systems (FMICS-AVoCS 2016), while one of them was selected after an open call for papers.

show abstract

“…Model checking has been an effective technique for the verification of safetycritical systems. In particular, applications deployed in industrial settings such as nuclear facilities, increasingly utilise model checking to gain trust in the correctness of their designs [20,30,36]. In such ultra safety-critical applications the certification that the model checking results are in fact correct is crucial.…”

Section: Introductionmentioning

confidence: 99%

Progress in Certifying Hardware Model Checking Results

Biere

Heljanko

2021

Computer Aided Verification

View full text Add to dashboard Cite

We present a formal framework to certify k-induction-based model checking results. The key idea is the notion of a k-witness circuit which simulates the given circuit and has a simple inductive invariant serving as proof certificate. Our approach allows to check proofs with an independent proof checker by reducing the certification problem to pure SAT checks and checking a simple QBF with one quantifier alternation. We also present Certifaiger, the resulting certification toolkit, and evaluate it on instances from the hardware model checking competition. Our experiments show the practical use of our certification method.

show abstract

Integrated formal verification of safety-critical software

Cited by 8 publications

References 30 publications

Correct‐by‐construction specification to verified code

Correct‐by‐construction specification to verified code

Formal methods and automated verification of critical systems

Progress in Certifying Hardware Model Checking Results

Contact Info

Product

Resources

About