Formal specification: a roadmap
Proceedings of the Conference on The Future of Software Engineering
The Infeasibility of Quantifying the Reliability of Life-Critical Real-Time Software
IEEE Transactions on Software Engineering
An Approach to Automatic Code Generation for Safety-Critical Systems
ASE '99 Proceedings of the 14th IEEE international conference on Automated software engineering
High Integrity Software: The SPARK Approach to Safety and Security
High Integrity Software: The SPARK Approach to Safety and Security
Assured Reconfiguration of Fail-Stop Systems
DSN '05 Proceedings of the 2005 International Conference on Dependable Systems and Networks
The spec# programming system: an overview
CASSIS'04 Proceedings of the 2004 international conference on Construction and Analysis of Safe, Secure, and Interoperable Smart Devices
The echo approach to formal verification
Proceedings of the 28th international conference on Software engineering
Formal Verification by Reverse Synthesis
SAFECOMP '08 Proceedings of the 27th international conference on Computer Safety, Reliability, and Security
White-box testing by combining deduction-based specification extraction and black-box testing
TAP'07 Proceedings of the 1st international conference on Tests and proofs
Hi-index | 0.00 |
Safe operation is crucial to safety-critical systems, and formal verification of implementations is a desirable means to increase confidence in safety. Traditional formal verification approaches follow the Floyd-Hoare style, setting up a direct compliance argument between an abstract formal specification and a concrete implementation. Such approaches require proofs of large numbers of verification conditions. Creation of both the conditions and their proofs can be difficult and time-consuming.In this paper, we introduce a general formal verification approach that closely models the Floyd-Hoare pattern, yet avoids the tedious direct compliance proof between the formal specification and the implementation. The approach moves the major proof step to a point between two abstract specifications.Our preliminary approach verifies SPARK Ada implementations against PVS specifications. We first use a human-guided refinement to manually generate Ada code along with appropriate SPARK annotations from a PVS specification. We then verify the annotations' compliance with the specification by (1) mechanically extracting a PVS specification from them, and (2) proving that properties of the generated specification imply all of the properties of the original. We rely on the existing SPARK toolset to verify the Ada code against the SPARK annotations. The process is largely automatic or computer-aided. We present an example of the approach using a hypothetical avionics system.