An automated software production system is provided, in which system requirements are captured, converted into a formal specification, and validated for correctness and completeness. In addition, a translator is provided to automatically generate a complete, robust software application based on the validated formal specification, including user-interface code and error handling code.

Automatic software production system

Hybrid systems are models for complex physical systems and are defined as dynamical systems with interacting discrete transitions and continuous evolutions along differential equations. With the goal of developing a theoretical and practical foundation for deductive verification of hybrid systems, we introduce a dynamic logic for hybrid programs, which is a program notation for hybrid systems. As a verification technique that is suitable for automation, we introduce a free variable proof calculus with a novel combination of real-valued free variables and Skolemisation for lifting quantifier elimination for real arithmetic to dynamic logic. The calculus is compositional, i.e., it reduces properties of hybrid programs to properties of their parts. Our main result proves that this calculus axiomatises the transition behaviour of hybrid systems completely relative to differential equations. In a case study with cooperating traffic agents of the European Train Control System, we further show that our calculus is well-suited for verifying realistic hybrid systems with parametric system dynamics.

/pdf/differential-dynamic-logic-for-hybrid-systems-405lu4xpyw.pdf

Differential Dynamic Logic for Hybrid Systems

KeY is a tool that provides facilities for formal specification and verification of programs within a commercial platform for UML based software development. Using the KeY tool, formal methods and object-oriented development techniques are applied in an integrated manner. Formal specification is performed using the Object Constraint Language (OCL), which is part of the UML standard. KeY provides support for the authoring and formal analysis of OCL constraints. The target language of KeY based development is Java Card DL, a proper subset of Java for smart card applications and embedded systems. KeY uses a dynamic logic for Java Card DL to express proof obligations, and provides a state-of-the-art theorem prover for interactive and automated verification. Apart from its integration into UML based software development, a characteristic feature of KeY is that formal specification and verification can be introduced incrementally.

The KeY tool

We present Iris, a concurrent separation logic with a simple premise: monoids and invariants are all you need. Partial commutative monoids enable us to express---and invariants enable us to enforce---user-defined *protocols* on shared state, which are at the conceptual core of most recent program logics for concurrency. Furthermore, through a novel extension of the concept of a *view shift*, Iris supports the encoding of *logically atomic specifications*, i.e., Hoare-style specs that permit the client of an operation to treat the operation essentially as if it were atomic, even if it is not.

/pdf/iris-monoids-and-invariants-as-an-orthogonal-basis-for-fpeli900g9.pdf

Iris: Monoids and Invariants as an Orthogonal Basis for Concurrent Reasoning

https://homepages.inf.ed.ac.uk/dts/pub/casl.pdf

CASL: the common algebraic specification language

The quest for modular concurrency reasoning has led to recent proposals that extend program assertions to include not just knowledge about the state, but rights to access the state. We argue that these rights are really just sugar for knowledge that certain updates preserve certain invariants.

/pdf/invariants-modularity-and-rights-1iqtkjupom.pdf

Invariants, modularity, and rights

The reliability of complex software systems is becoming increasingly important for the technical systems they are embedded in. In order to assure the highest levels of trustworthiness of software formal methods for the development of software are required. The VSE-tool was developed by a consortium of German universities and industry to make a tool available which supports this formal development process.

/pdf/deduction-in-the-verification-support-environment-vse-2p0jgl0dz1.pdf

Deduction in the Verification Support Environment (VSE)

PikeOS is an industrial operating system for safety and security critical applications in, for example, avionics and automotive contexts. A consortium of several European partners from industry and academia works on the certification of PikeOS up to at least Common Criteria EAL5+, with “+” being applying formal methods compliant up to EAL7. We have formalized the hardware independent security-relevant part of PikeOS that is to be used in a certification context. Over this model, intransitive noninterference has been proven. We present the model and the methodology used to create the model. All results have been formalized in the Isabelle/HOL theorem prover.

Formal API specification of the PikeOS separation kernel

The Verification Support Environment (VSE) is a tool to formally specify and verify complex systems. It provides the means to structure specifications and supports the development process from the specification of a system to the automatic generation of code. Formal developments following the VSE method are stored and maintained in an administration system that guides the user and maintains a consistent state of development. An integrated deduction system provides proof support for the deduction problems arising during the development process. We describe the application of VSE to an industrial case study and give an overview of the enhanced VSE system and the VSE methodology.

VSE: formal methods meet industrial needs

In this paper a survey of the VSE system, a CASE-tool for formal software development, is presented. Main emphasis is put on the underlying formal method and tool support, and that in particular from the deductive support perspective. In order to demonstrate its broad range of applicability and to give an impression on how to work with the system we make use of two (commercial) applications taken from the safety and the IT-security domain.

Bruno Langenstein

Papers

Invariants, modularity, and rights

Deduction in the Verification Support Environment (VSE)

Formal API specification of the PikeOS separation kernel

VSE: formal methods meet industrial needs

Formal software development in the Verification Support Environment (VSE)