SlideShare une entreprise Scribd logo

Hi-Lite erts2012

Télécharger en tant que PPTX, PDF
AdaCore
AdaCore

Yannick Moy's presentation on the Hi-Lite project at the ERTS 2012 event in Toulouse France. The paper "Integrating Formal Program Verification with Testing" can be found at http://www.erts2012.org/Site/0P2RUC89/7A-1.pdf

Technologie
1  sur  25
Integrating Formal Program Verification with Testing Cyrille Comar, Johannes Kanig and Yannick Moy
Integrating Formal Program with Testing Verification Cyrille Comar, Johannes Kanig and Yannick Moy
Integrating Formal Program with Verification Cyrille Comar, Johannes Kanig and Yannick Moy
Motivation
Cost of testing • Cost of testing greater than cost of development • 10% increase each year for avionics software (Boeing META Project) • Uneven repartition: 20%  80% of effort! 80% • Uneven quality: 80% of errors traced to 20% of code (NASA Software Safety Guidebook) • Need to reduce and focus the cost of testing
DO-178C: formal methods can replace testing Formal methods […] might be the primary source of evidence for the satisfaction of many of the objectives concerned with development and verification. 2011: Formal Methods Supplement (DO-333)
Myths of formal methods • Myth 4: Formal methods require highly trained mathematicians • Myth 5: Formal methods increase the cost of development • Myth 6: Formal methods are unacceptable to users • Myth 7: Formal methods are not used on real, large-scale software (Anthony Hall, Praxis Systems, 1990)
Practice of formal methods Since 2001, Airbus has been integrating several tool supported formal verification techniques into the development process of avionics software products. 2009: Formal Verification of Avionics Software Products (Souyris, Wiels, Delmas, Delseny)
Cost of verification 20%  80% of 20%  80% of 80% testing effort 80% formal effort Hi-Lite goal: using formal verification first, then testing… 4% 16% testing 80% formal … to reduce and focus the cost of verification
Proof + Test
Programming Contracts {P}C{Q} Hoare logic (1969) logic contracts executable contracts for proofs for tests SPARK (1987) Eiffel DbC (1986) Hi-Lite: executable annotation language???
Project
Ada 2012
Testing vs. Formal Verification prove pre of Q use Q code assume post of Q cover P constructs P calls Q P calls Q P P Q Q assume pre of Q actual body of Q prove post of Q or stub… local exhaustivity argument: global soundness argument: each function covered P all functions proved  enough behaviors  all assumptions justified explored Q R
Combining tests and proofs P is tested P calls Q How so we justify assumptions made P during proof? Q Q calls P Q is proved verification combining tests and proofs should be AT LEAST AS GOOD AS verification based on tests only
Caution: contracts are not only pre/post! strong typing parameters not aliased )… parameters initialized data dependences
Combination 1: tested calls proved P is tested P calls Q during testing: check that P precondition of Q Q is respected Q is proved assumption for proof: precondition of Q is respected
Combination 2: proved calls tested P is tested during testing: check that P postcondition of P Q is respected Q calls P Q is proved assumption for proof: postcondition of P is respected
Testing + Formal Verification tested P proved Q R proved local exhaustivity argument: global soundness argument: - test: function covered - proof: assumptions proved - proof: by nature of proof - test: assumptions tested Testing must check additional properties Done by compiler instrumentation
GNAT toolsuite executable GNAT GNATtest compiler unit testing aggregated verification results GNATprove unit proof
Conclusion
Airbus 5 “must-have” of formal methods • Soundness • Applicability to the code • Usability by normal engineers on normal computers • Improve on classical methods current work • Certifiability
Benefits of openness .org • announcements • public: • all code • meeting slides  meeting minutes • dev docs • articles / docs  technical work • user docs  69 members • private:  management  partner code  external collaborations with industry and academia
Project Partners
www.open-do.org/projects/hi-lite

Recommandé

Boogie 2011 Hi-Lite
Boogie 2011 Hi-LiteBoogie 2011 Hi-Lite
Boogie 2011 Hi-LiteAdaCore
 
Vlsi lab manual_new
Vlsi lab manual_newVlsi lab manual_new
Vlsi lab manual_newNaveen Gouda
 
Kanban by Mayur Gupta
Kanban by Mayur GuptaKanban by Mayur Gupta
Kanban by Mayur GuptaXebia IT Architects
 
Harton-Presentation
Harton-PresentationHarton-Presentation
Harton-PresentationHeather Harton
 
Parrot -- "one bytecode to rule them all"
Parrot -- "one bytecode to rule them all"Parrot -- "one bytecode to rule them all"
Parrot -- "one bytecode to rule them all"Nuno Carvalho
 
Open-DO Update
Open-DO UpdateOpen-DO Update
Open-DO UpdateAdaCore
 
At&t research at trecvid 2009
At&t research at trecvid 2009At&t research at trecvid 2009
At&t research at trecvid 2009Kirill Lazarev
 
SAP Offshore Delivery Services
SAP Offshore Delivery ServicesSAP Offshore Delivery Services
SAP Offshore Delivery ServicesJerome Le Gall
 

Recommandé

Boogie 2011 Hi-Lite
Boogie 2011 Hi-LiteBoogie 2011 Hi-Lite
Boogie 2011 Hi-LiteAdaCore
 
Vlsi lab manual_new
Vlsi lab manual_newVlsi lab manual_new
Vlsi lab manual_newNaveen Gouda
 
Kanban by Mayur Gupta
Kanban by Mayur GuptaKanban by Mayur Gupta
Kanban by Mayur GuptaXebia IT Architects
 
Harton-Presentation
Harton-PresentationHarton-Presentation
Harton-PresentationHeather Harton
 
Parrot -- "one bytecode to rule them all"
Parrot -- "one bytecode to rule them all"Parrot -- "one bytecode to rule them all"
Parrot -- "one bytecode to rule them all"Nuno Carvalho
 
Open-DO Update
Open-DO UpdateOpen-DO Update
Open-DO UpdateAdaCore
 
At&t research at trecvid 2009
At&t research at trecvid 2009At&t research at trecvid 2009
At&t research at trecvid 2009Kirill Lazarev
 
SAP Offshore Delivery Services
SAP Offshore Delivery ServicesSAP Offshore Delivery Services
SAP Offshore Delivery ServicesJerome Le Gall
 
santhosh popshetwar
santhosh popshetwarsanthosh popshetwar
santhosh popshetwarSanthosh Kumar Popshetwar
 
Avid_Venue
Avid_VenueAvid_Venue
Avid_VenueCole Bradley
 
Generazione Automatica di Test - S. Vuotto (Università di Sassari)
Generazione Automatica di Test - S. Vuotto (Università di Sassari)Generazione Automatica di Test - S. Vuotto (Università di Sassari)
Generazione Automatica di Test - S. Vuotto (Università di Sassari)Sardegna Ricerche
 
Elixir
ElixirElixir
ElixirChangwook Park
 
Lab3 s2
Lab3 s2Lab3 s2
Lab3 s2rajbabureliance
 
Lean and Kanban Principles for Software Developers
Lean and Kanban Principles for Software DevelopersLean and Kanban Principles for Software Developers
Lean and Kanban Principles for Software DevelopersCory Foy
 
Challenges in Debugging Bootstraps of Reflective Kernels
Challenges in Debugging Bootstraps of Reflective KernelsChallenges in Debugging Bootstraps of Reflective Kernels
Challenges in Debugging Bootstraps of Reflective KernelsESUG
 
Tail Call Elimination in Open Smalltalk
Tail Call Elimination in Open SmalltalkTail Call Elimination in Open Smalltalk
Tail Call Elimination in Open SmalltalkESUG
 
IPv6 Development and Testing Services
IPv6 Development and Testing ServicesIPv6 Development and Testing Services
IPv6 Development and Testing ServicesTMA Solutions
 
Funcargs & other fun with pytest
Funcargs & other fun with pytestFuncargs & other fun with pytest
Funcargs & other fun with pytestBrianna Laugher
 
WGDC QA Kapitanenko-Rebrov
WGDC QA Kapitanenko-RebrovWGDC QA Kapitanenko-Rebrov
WGDC QA Kapitanenko-RebrovAnton Kapitanenko
 
TMA Software Testing Competency
TMA Software Testing CompetencyTMA Software Testing Competency
TMA Software Testing CompetencyTMA Solutions
 
Test Automation and Keyword-driven testing af Brian Nielsen, CISS/AAU
Test Automation and Keyword-driven testing af Brian Nielsen, CISS/AAUTest Automation and Keyword-driven testing af Brian Nielsen, CISS/AAU
Test Automation and Keyword-driven testing af Brian Nielsen, CISS/AAUInfinIT - Innovationsnetværket for it
 
Test Driven Agile
Test Driven AgileTest Driven Agile
Test Driven AgileNigel Thurlow
 
Формальная верификация как средство тестирования (в Java)
Формальная верификация как средство тестирования (в Java)Формальная верификация как средство тестирования (в Java)
Формальная верификация как средство тестирования (в Java)SQALab
 
Benjamin q4 2008_bristol
Benjamin q4 2008_bristolBenjamin q4 2008_bristol
Benjamin q4 2008_bristolObsidian Software
 
Deploying Functional Qualification at STMicroelectronics
Deploying Functional Qualification at STMicroelectronicsDeploying Functional Qualification at STMicroelectronics
Deploying Functional Qualification at STMicroelectronicsDVClub
 
Sistemas operacionais 12
Sistemas operacionais 12Sistemas operacionais 12
Sistemas operacionais 12Nauber Gois
 
Software development practices in python
Software development practices in pythonSoftware development practices in python
Software development practices in pythonJimmy Lai
 
Agile testing principles and practices - Anil Karade
Agile testing principles and practices - Anil KaradeAgile testing principles and practices - Anil Karade
Agile testing principles and practices - Anil KaradeIndicThreads
 
Continuous deployment
Continuous deploymentContinuous deployment
Continuous deploymentDaniel
 
ITS-Fidel
ITS-FidelITS-Fidel
ITS-FidelFidel Softech P. Ltd
 

Contenu connexe

Tendances

Generazione Automatica di Test - S. Vuotto (Università di Sassari)
Generazione Automatica di Test - S. Vuotto (Università di Sassari)Generazione Automatica di Test - S. Vuotto (Università di Sassari)
Generazione Automatica di Test - S. Vuotto (Università di Sassari)Sardegna Ricerche
 
Lean and Kanban Principles for Software Developers
Lean and Kanban Principles for Software DevelopersLean and Kanban Principles for Software Developers
Lean and Kanban Principles for Software DevelopersCory Foy
 
Challenges in Debugging Bootstraps of Reflective Kernels
Challenges in Debugging Bootstraps of Reflective KernelsChallenges in Debugging Bootstraps of Reflective Kernels
Challenges in Debugging Bootstraps of Reflective KernelsESUG
 
Tail Call Elimination in Open Smalltalk
Tail Call Elimination in Open SmalltalkTail Call Elimination in Open Smalltalk
Tail Call Elimination in Open SmalltalkESUG
 

Tendances (8)

santhosh popshetwar
santhosh popshetwarsanthosh popshetwar
santhosh popshetwar
 
Avid_Venue
Avid_VenueAvid_Venue
Avid_Venue
 
Generazione Automatica di Test - S. Vuotto (Università di Sassari)
Generazione Automatica di Test - S. Vuotto (Università di Sassari)Generazione Automatica di Test - S. Vuotto (Università di Sassari)
Generazione Automatica di Test - S. Vuotto (Università di Sassari)
 
Elixir
ElixirElixir
Elixir
 
Lab3 s2
Lab3 s2Lab3 s2
Lab3 s2
 
Lean and Kanban Principles for Software Developers
Lean and Kanban Principles for Software DevelopersLean and Kanban Principles for Software Developers
Lean and Kanban Principles for Software Developers
 
Challenges in Debugging Bootstraps of Reflective Kernels
Challenges in Debugging Bootstraps of Reflective KernelsChallenges in Debugging Bootstraps of Reflective Kernels
Challenges in Debugging Bootstraps of Reflective Kernels
 
Tail Call Elimination in Open Smalltalk
Tail Call Elimination in Open SmalltalkTail Call Elimination in Open Smalltalk
Tail Call Elimination in Open Smalltalk
 

Similaire à Hi-Lite erts2012

IPv6 Development and Testing Services
IPv6 Development and Testing ServicesIPv6 Development and Testing Services
IPv6 Development and Testing ServicesTMA Solutions
 
Funcargs & other fun with pytest
Funcargs & other fun with pytestFuncargs & other fun with pytest
Funcargs & other fun with pytestBrianna Laugher
 
TMA Software Testing Competency
TMA Software Testing CompetencyTMA Software Testing Competency
TMA Software Testing CompetencyTMA Solutions
 
Формальная верификация как средство тестирования (в Java)
Формальная верификация как средство тестирования (в Java)Формальная верификация как средство тестирования (в Java)
Формальная верификация как средство тестирования (в Java)SQALab
 
Deploying Functional Qualification at STMicroelectronics
Deploying Functional Qualification at STMicroelectronicsDeploying Functional Qualification at STMicroelectronics
Deploying Functional Qualification at STMicroelectronicsDVClub
 
Sistemas operacionais 12
Sistemas operacionais 12Sistemas operacionais 12
Sistemas operacionais 12Nauber Gois
 
Software development practices in python
Software development practices in pythonSoftware development practices in python
Software development practices in pythonJimmy Lai
 
Agile testing principles and practices - Anil Karade
Agile testing principles and practices - Anil KaradeAgile testing principles and practices - Anil Karade
Agile testing principles and practices - Anil KaradeIndicThreads
 
Continuous deployment
Continuous deploymentContinuous deployment
Continuous deploymentDaniel
 
Leveling Up With Unit Testing - LonghornPHP 2022
Leveling Up With Unit Testing - LonghornPHP 2022Leveling Up With Unit Testing - LonghornPHP 2022
Leveling Up With Unit Testing - LonghornPHP 2022Mark Niebergall
 
Signal and System - Convolution in Linear Time-Invariant System.pdf
Signal and System - Convolution in Linear Time-Invariant System.pdfSignal and System - Convolution in Linear Time-Invariant System.pdf
Signal and System - Convolution in Linear Time-Invariant System.pdf22004598
 
Pragmatic Introduction to Python Unit Testing (PyDays 2018)
Pragmatic Introduction to Python Unit Testing (PyDays 2018)Pragmatic Introduction to Python Unit Testing (PyDays 2018)
Pragmatic Introduction to Python Unit Testing (PyDays 2018)Peter Kofler
 
MUTANTS KILLER - PIT: state of the art of mutation testing system
MUTANTS KILLER - PIT: state of the art of mutation testing system MUTANTS KILLER - PIT: state of the art of mutation testing system
MUTANTS KILLER - PIT: state of the art of mutation testing system Tarin Gamberini
 
Releasing fast code - The DevOps approach
Releasing fast code - The DevOps approachReleasing fast code - The DevOps approach
Releasing fast code - The DevOps approachMichael Kopp
 

Similaire à Hi-Lite erts2012 (20)

IPv6 Development and Testing Services
IPv6 Development and Testing ServicesIPv6 Development and Testing Services
IPv6 Development and Testing Services
 
Funcargs & other fun with pytest
Funcargs & other fun with pytestFuncargs & other fun with pytest
Funcargs & other fun with pytest
 
WGDC QA Kapitanenko-Rebrov
WGDC QA Kapitanenko-RebrovWGDC QA Kapitanenko-Rebrov
WGDC QA Kapitanenko-Rebrov
 
TMA Software Testing Competency
TMA Software Testing CompetencyTMA Software Testing Competency
TMA Software Testing Competency
 
Test Automation and Keyword-driven testing af Brian Nielsen, CISS/AAU
Test Automation and Keyword-driven testing af Brian Nielsen, CISS/AAUTest Automation and Keyword-driven testing af Brian Nielsen, CISS/AAU
Test Automation and Keyword-driven testing af Brian Nielsen, CISS/AAU
 
Test Driven Agile
Test Driven AgileTest Driven Agile
Test Driven Agile
 
Формальная верификация как средство тестирования (в Java)
Формальная верификация как средство тестирования (в Java)Формальная верификация как средство тестирования (в Java)
Формальная верификация как средство тестирования (в Java)
 
Benjamin q4 2008_bristol
Benjamin q4 2008_bristolBenjamin q4 2008_bristol
Benjamin q4 2008_bristol
 
Deploying Functional Qualification at STMicroelectronics
Deploying Functional Qualification at STMicroelectronicsDeploying Functional Qualification at STMicroelectronics
Deploying Functional Qualification at STMicroelectronics
 
Sistemas operacionais 12
Sistemas operacionais 12Sistemas operacionais 12
Sistemas operacionais 12
 
Software development practices in python
Software development practices in pythonSoftware development practices in python
Software development practices in python
 
Agile testing principles and practices - Anil Karade
Agile testing principles and practices - Anil KaradeAgile testing principles and practices - Anil Karade
Agile testing principles and practices - Anil Karade
 
Continuous deployment
Continuous deploymentContinuous deployment
Continuous deployment
 
ITS-Fidel
ITS-FidelITS-Fidel
ITS-Fidel
 
Leveling Up With Unit Testing - LonghornPHP 2022
Leveling Up With Unit Testing - LonghornPHP 2022Leveling Up With Unit Testing - LonghornPHP 2022
Leveling Up With Unit Testing - LonghornPHP 2022
 
Signal and System - Convolution in Linear Time-Invariant System.pdf
Signal and System - Convolution in Linear Time-Invariant System.pdfSignal and System - Convolution in Linear Time-Invariant System.pdf
Signal and System - Convolution in Linear Time-Invariant System.pdf
 
Pragmatic Introduction to Python Unit Testing (PyDays 2018)
Pragmatic Introduction to Python Unit Testing (PyDays 2018)Pragmatic Introduction to Python Unit Testing (PyDays 2018)
Pragmatic Introduction to Python Unit Testing (PyDays 2018)
 
TMA Brochure IPv6
TMA Brochure IPv6TMA Brochure IPv6
TMA Brochure IPv6
 
MUTANTS KILLER - PIT: state of the art of mutation testing system
MUTANTS KILLER - PIT: state of the art of mutation testing system MUTANTS KILLER - PIT: state of the art of mutation testing system
MUTANTS KILLER - PIT: state of the art of mutation testing system
 
Releasing fast code - The DevOps approach
Releasing fast code - The DevOps approachReleasing fast code - The DevOps approach
Releasing fast code - The DevOps approach
 

Plus de AdaCore

RCA OCORA: Safe Computing Platform using open standards
RCA OCORA: Safe Computing Platform using open standardsRCA OCORA: Safe Computing Platform using open standards
RCA OCORA: Safe Computing Platform using open standardsAdaCore
 
Have we a Human Ecosystem?
Have we a Human Ecosystem?Have we a Human Ecosystem?
Have we a Human Ecosystem?AdaCore
 
Rust and the coming age of high integrity languages
Rust and the coming age of high integrity languagesRust and the coming age of high integrity languages
Rust and the coming age of high integrity languagesAdaCore
 
SPARKNaCl: A verified, fast cryptographic library
SPARKNaCl: A verified, fast cryptographic librarySPARKNaCl: A verified, fast cryptographic library
SPARKNaCl: A verified, fast cryptographic libraryAdaCore
 
Developing Future High Integrity Processing Solutions
Developing Future High Integrity Processing SolutionsDeveloping Future High Integrity Processing Solutions
Developing Future High Integrity Processing SolutionsAdaCore
 
Taming event-driven software via formal verification
Taming event-driven software via formal verificationTaming event-driven software via formal verification
Taming event-driven software via formal verificationAdaCore
 
Pushing the Boundary of Mostly Automatic Program Proof
Pushing the Boundary of Mostly Automatic Program ProofPushing the Boundary of Mostly Automatic Program Proof
Pushing the Boundary of Mostly Automatic Program ProofAdaCore
 
RCA OCORA: Safe Computing Platform using open standards
RCA OCORA: Safe Computing Platform using open standardsRCA OCORA: Safe Computing Platform using open standards
RCA OCORA: Safe Computing Platform using open standardsAdaCore
 
Product Lines and Ecosystems: from customization to configuration
Product Lines and Ecosystems: from customization to configurationProduct Lines and Ecosystems: from customization to configuration
Product Lines and Ecosystems: from customization to configurationAdaCore
 
Securing the Future of Safety and Security of Embedded Software
Securing the Future of Safety and Security of Embedded SoftwareSecuring the Future of Safety and Security of Embedded Software
Securing the Future of Safety and Security of Embedded SoftwareAdaCore
 
Spark / Ada for Safe and Secure Firmware Development
Spark / Ada for Safe and Secure Firmware DevelopmentSpark / Ada for Safe and Secure Firmware Development
Spark / Ada for Safe and Secure Firmware DevelopmentAdaCore
 
Introducing the HICLASS Research Programme - Enabling Development of Complex ...
Introducing the HICLASS Research Programme - Enabling Development of Complex ...Introducing the HICLASS Research Programme - Enabling Development of Complex ...
Introducing the HICLASS Research Programme - Enabling Development of Complex ...AdaCore
 
The Future of Aerospace – More Software Please!
The Future of Aerospace – More Software Please!The Future of Aerospace – More Software Please!
The Future of Aerospace – More Software Please!AdaCore
 
Adaptive AUTOSAR - The New AUTOSAR Architecture
Adaptive AUTOSAR - The New AUTOSAR ArchitectureAdaptive AUTOSAR - The New AUTOSAR Architecture
Adaptive AUTOSAR - The New AUTOSAR ArchitectureAdaCore
 
Using Tiers of Assurance Evidence to Reduce the Tears! Adopting the “Wheel of...
Using Tiers of Assurance Evidence to Reduce the Tears! Adopting the “Wheel of...Using Tiers of Assurance Evidence to Reduce the Tears! Adopting the “Wheel of...
Using Tiers of Assurance Evidence to Reduce the Tears! Adopting the “Wheel of...AdaCore
 
Software Engineering for Robotics - The RoboStar Technology
Software Engineering for Robotics - The RoboStar TechnologySoftware Engineering for Robotics - The RoboStar Technology
Software Engineering for Robotics - The RoboStar TechnologyAdaCore
 
MISRA C in an ISO 26262 context
MISRA C in an ISO 26262 contextMISRA C in an ISO 26262 context
MISRA C in an ISO 26262 contextAdaCore
 
Application of theorem proving for safety-critical vehicle software
Application of theorem proving for safety-critical vehicle softwareApplication of theorem proving for safety-critical vehicle software
Application of theorem proving for safety-critical vehicle softwareAdaCore
 
The Application of Formal Methods to Railway Signalling Software
The Application of Formal Methods to Railway Signalling SoftwareThe Application of Formal Methods to Railway Signalling Software
The Application of Formal Methods to Railway Signalling SoftwareAdaCore
 
Bounded Model Checking for C Programs in an Enterprise Environment
Bounded Model Checking for C Programs in an Enterprise EnvironmentBounded Model Checking for C Programs in an Enterprise Environment
Bounded Model Checking for C Programs in an Enterprise EnvironmentAdaCore
 

Plus de AdaCore (20)

RCA OCORA: Safe Computing Platform using open standards
RCA OCORA: Safe Computing Platform using open standardsRCA OCORA: Safe Computing Platform using open standards
RCA OCORA: Safe Computing Platform using open standards
 
Have we a Human Ecosystem?
Have we a Human Ecosystem?Have we a Human Ecosystem?
Have we a Human Ecosystem?
 
Rust and the coming age of high integrity languages
Rust and the coming age of high integrity languagesRust and the coming age of high integrity languages
Rust and the coming age of high integrity languages
 
SPARKNaCl: A verified, fast cryptographic library
SPARKNaCl: A verified, fast cryptographic librarySPARKNaCl: A verified, fast cryptographic library
SPARKNaCl: A verified, fast cryptographic library
 
Developing Future High Integrity Processing Solutions
Developing Future High Integrity Processing SolutionsDeveloping Future High Integrity Processing Solutions
Developing Future High Integrity Processing Solutions
 
Taming event-driven software via formal verification
Taming event-driven software via formal verificationTaming event-driven software via formal verification
Taming event-driven software via formal verification
 
Pushing the Boundary of Mostly Automatic Program Proof
Pushing the Boundary of Mostly Automatic Program ProofPushing the Boundary of Mostly Automatic Program Proof
Pushing the Boundary of Mostly Automatic Program Proof
 
RCA OCORA: Safe Computing Platform using open standards
RCA OCORA: Safe Computing Platform using open standardsRCA OCORA: Safe Computing Platform using open standards
RCA OCORA: Safe Computing Platform using open standards
 
Product Lines and Ecosystems: from customization to configuration
Product Lines and Ecosystems: from customization to configurationProduct Lines and Ecosystems: from customization to configuration
Product Lines and Ecosystems: from customization to configuration
 
Securing the Future of Safety and Security of Embedded Software
Securing the Future of Safety and Security of Embedded SoftwareSecuring the Future of Safety and Security of Embedded Software
Securing the Future of Safety and Security of Embedded Software
 
Spark / Ada for Safe and Secure Firmware Development
Spark / Ada for Safe and Secure Firmware DevelopmentSpark / Ada for Safe and Secure Firmware Development
Spark / Ada for Safe and Secure Firmware Development
 
Introducing the HICLASS Research Programme - Enabling Development of Complex ...
Introducing the HICLASS Research Programme - Enabling Development of Complex ...Introducing the HICLASS Research Programme - Enabling Development of Complex ...
Introducing the HICLASS Research Programme - Enabling Development of Complex ...
 
The Future of Aerospace – More Software Please!
The Future of Aerospace – More Software Please!The Future of Aerospace – More Software Please!
The Future of Aerospace – More Software Please!
 
Adaptive AUTOSAR - The New AUTOSAR Architecture
Adaptive AUTOSAR - The New AUTOSAR ArchitectureAdaptive AUTOSAR - The New AUTOSAR Architecture
Adaptive AUTOSAR - The New AUTOSAR Architecture
 
Using Tiers of Assurance Evidence to Reduce the Tears! Adopting the “Wheel of...
Using Tiers of Assurance Evidence to Reduce the Tears! Adopting the “Wheel of...Using Tiers of Assurance Evidence to Reduce the Tears! Adopting the “Wheel of...
Using Tiers of Assurance Evidence to Reduce the Tears! Adopting the “Wheel of...
 
Software Engineering for Robotics - The RoboStar Technology
Software Engineering for Robotics - The RoboStar TechnologySoftware Engineering for Robotics - The RoboStar Technology
Software Engineering for Robotics - The RoboStar Technology
 
MISRA C in an ISO 26262 context
MISRA C in an ISO 26262 contextMISRA C in an ISO 26262 context
MISRA C in an ISO 26262 context
 
Application of theorem proving for safety-critical vehicle software
Application of theorem proving for safety-critical vehicle softwareApplication of theorem proving for safety-critical vehicle software
Application of theorem proving for safety-critical vehicle software
 
The Application of Formal Methods to Railway Signalling Software
The Application of Formal Methods to Railway Signalling SoftwareThe Application of Formal Methods to Railway Signalling Software
The Application of Formal Methods to Railway Signalling Software
 
Bounded Model Checking for C Programs in an Enterprise Environment
Bounded Model Checking for C Programs in an Enterprise EnvironmentBounded Model Checking for C Programs in an Enterprise Environment
Bounded Model Checking for C Programs in an Enterprise Environment
 

Dernier

Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxLoriGlavin3
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfMounikaPolabathina
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxLoriGlavin3
 
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxunit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxBkGupta21
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxLoriGlavin3
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxLoriGlavin3
 

Dernier (20)

Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdf
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
 
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxunit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptx
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
 

Hi-Lite erts2012

  • 1. Integrating Formal Program Verification with Testing Cyrille Comar, Johannes Kanig and Yannick Moy
  • 2. Integrating Formal Program with Testing Verification Cyrille Comar, Johannes Kanig and Yannick Moy
  • 3. Integrating Formal Program with Verification Cyrille Comar, Johannes Kanig and Yannick Moy
  • 5. Cost of testing • Cost of testing greater than cost of development • 10% increase each year for avionics software (Boeing META Project) • Uneven repartition: 20%  80% of effort! 80% • Uneven quality: 80% of errors traced to 20% of code (NASA Software Safety Guidebook) • Need to reduce and focus the cost of testing
  • 6. DO-178C: formal methods can replace testing Formal methods […] might be the primary source of evidence for the satisfaction of many of the objectives concerned with development and verification. 2011: Formal Methods Supplement (DO-333)
  • 7. Myths of formal methods • Myth 4: Formal methods require highly trained mathematicians • Myth 5: Formal methods increase the cost of development • Myth 6: Formal methods are unacceptable to users • Myth 7: Formal methods are not used on real, large-scale software (Anthony Hall, Praxis Systems, 1990)
  • 8. Practice of formal methods Since 2001, Airbus has been integrating several tool supported formal verification techniques into the development process of avionics software products. 2009: Formal Verification of Avionics Software Products (Souyris, Wiels, Delmas, Delseny)
  • 9. Cost of verification 20%  80% of 20%  80% of 80% testing effort 80% formal effort Hi-Lite goal: using formal verification first, then testing… 4% 16% testing 80% formal … to reduce and focus the cost of verification
  • 11. Programming Contracts {P}C{Q} Hoare logic (1969) logic contracts executable contracts for proofs for tests SPARK (1987) Eiffel DbC (1986) Hi-Lite: executable annotation language???
  • 14. Testing vs. Formal Verification prove pre of Q use Q code assume post of Q cover P constructs P calls Q P calls Q P P Q Q assume pre of Q actual body of Q prove post of Q or stub… local exhaustivity argument: global soundness argument: each function covered P all functions proved  enough behaviors  all assumptions justified explored Q R
  • 15. Combining tests and proofs P is tested P calls Q How so we justify assumptions made P during proof? Q Q calls P Q is proved verification combining tests and proofs should be AT LEAST AS GOOD AS verification based on tests only
  • 16. Caution: contracts are not only pre/post! strong typing parameters not aliased )… parameters initialized data dependences
  • 17. Combination 1: tested calls proved P is tested P calls Q during testing: check that P precondition of Q Q is respected Q is proved assumption for proof: precondition of Q is respected
  • 18. Combination 2: proved calls tested P is tested during testing: check that P postcondition of P Q is respected Q calls P Q is proved assumption for proof: postcondition of P is respected
  • 19. Testing + Formal Verification tested P proved Q R proved local exhaustivity argument: global soundness argument: - test: function covered - proof: assumptions proved - proof: by nature of proof - test: assumptions tested Testing must check additional properties Done by compiler instrumentation
  • 20. GNAT toolsuite executable GNAT GNATtest compiler unit testing aggregated verification results GNATprove unit proof
  • 22. Airbus 5 “must-have” of formal methods • Soundness • Applicability to the code • Usability by normal engineers on normal computers • Improve on classical methods current work • Certifiability
  • 23. Benefits of openness .org • announcements • public: • all code • meeting slides  meeting minutes • dev docs • articles / docs  technical work • user docs  69 members • private:  management  partner code  external collaborations with industry and academia