Echo: a practical approach to formal verification

  • Authors:

  • Elisabeth A. Strunk;Xiang Yin;John C. Knight

  • Affiliations:

  • University of Virginia, Charlottesville, VA;University of Virginia, Charlottesville, VA;University of Virginia, Charlottesville, VA

  • Venue:
  • Proceedings of the 10th international workshop on Formal methods for industrial critical systems
  • Year:
  • 2005

Quantified Score

Hi-index 0.00

Visualization

Abstract

Safe operation is crucial to safety-critical systems, and formal verification of implementations is a desirable means to increase confidence in safety. Traditional formal verification approaches follow the Floyd-Hoare style, setting up a direct compliance argument between an abstract formal specification and a concrete implementation. Such approaches require proofs of large numbers of verification conditions. Creation of both the conditions and their proofs can be difficult and time-consuming.In this paper, we introduce a general formal verification approach that closely models the Floyd-Hoare pattern, yet avoids the tedious direct compliance proof between the formal specification and the implementation. The approach moves the major proof step to a point between two abstract specifications.Our preliminary approach verifies SPARK Ada implementations against PVS specifications. We first use a human-guided refinement to manually generate Ada code along with appropriate SPARK annotations from a PVS specification. We then verify the annotations' compliance with the specification by (1) mechanically extracting a PVS specification from them, and (2) proving that properties of the generated specification imply all of the properties of the original. We rely on the existing SPARK toolset to verify the Ada code against the SPARK annotations. The process is largely automatic or computer-aided. We present an example of the approach using a hypothetical avionics system.