SlideShare una empresa de Scribd logo

Hi-Lite erts2012

Descargar como PPTX, PDF
AdaCore
AdaCore

Yannick Moy's presentation on the Hi-Lite project at the ERTS 2012 event in Toulouse France. The paper "Integrating Formal Program Verification with Testing" can be found at http://www.erts2012.org/Site/0P2RUC89/7A-1.pdf

Tecnología
1 de 25
Integrating Formal Program Verification with Testing Cyrille Comar, Johannes Kanig and Yannick Moy
Integrating Formal Program with Testing Verification Cyrille Comar, Johannes Kanig and Yannick Moy
Integrating Formal Program with Verification Cyrille Comar, Johannes Kanig and Yannick Moy
Motivation
Cost of testing • Cost of testing greater than cost of development • 10% increase each year for avionics software (Boeing META Project) • Uneven repartition: 20%  80% of effort! 80% • Uneven quality: 80% of errors traced to 20% of code (NASA Software Safety Guidebook) • Need to reduce and focus the cost of testing
DO-178C: formal methods can replace testing Formal methods […] might be the primary source of evidence for the satisfaction of many of the objectives concerned with development and verification. 2011: Formal Methods Supplement (DO-333)
Myths of formal methods • Myth 4: Formal methods require highly trained mathematicians • Myth 5: Formal methods increase the cost of development • Myth 6: Formal methods are unacceptable to users • Myth 7: Formal methods are not used on real, large-scale software (Anthony Hall, Praxis Systems, 1990)
Practice of formal methods Since 2001, Airbus has been integrating several tool supported formal verification techniques into the development process of avionics software products. 2009: Formal Verification of Avionics Software Products (Souyris, Wiels, Delmas, Delseny)
Cost of verification 20%  80% of 20%  80% of 80% testing effort 80% formal effort Hi-Lite goal: using formal verification first, then testing… 4% 16% testing 80% formal … to reduce and focus the cost of verification
Proof + Test
Programming Contracts {P}C{Q} Hoare logic (1969) logic contracts executable contracts for proofs for tests SPARK (1987) Eiffel DbC (1986) Hi-Lite: executable annotation language???
Project
Ada 2012
Testing vs. Formal Verification prove pre of Q use Q code assume post of Q cover P constructs P calls Q P calls Q P P Q Q assume pre of Q actual body of Q prove post of Q or stub… local exhaustivity argument: global soundness argument: each function covered P all functions proved  enough behaviors  all assumptions justified explored Q R
Combining tests and proofs P is tested P calls Q How so we justify assumptions made P during proof? Q Q calls P Q is proved verification combining tests and proofs should be AT LEAST AS GOOD AS verification based on tests only
Caution: contracts are not only pre/post! strong typing parameters not aliased )… parameters initialized data dependences
Combination 1: tested calls proved P is tested P calls Q during testing: check that P precondition of Q Q is respected Q is proved assumption for proof: precondition of Q is respected
Combination 2: proved calls tested P is tested during testing: check that P postcondition of P Q is respected Q calls P Q is proved assumption for proof: postcondition of P is respected
Testing + Formal Verification tested P proved Q R proved local exhaustivity argument: global soundness argument: - test: function covered - proof: assumptions proved - proof: by nature of proof - test: assumptions tested Testing must check additional properties Done by compiler instrumentation
GNAT toolsuite executable GNAT GNATtest compiler unit testing aggregated verification results GNATprove unit proof
Conclusion
Airbus 5 “must-have” of formal methods • Soundness • Applicability to the code • Usability by normal engineers on normal computers • Improve on classical methods current work • Certifiability
Benefits of openness .org • announcements • public: • all code • meeting slides  meeting minutes • dev docs • articles / docs  technical work • user docs  69 members • private:  management  partner code  external collaborations with industry and academia
Project Partners
www.open-do.org/projects/hi-lite

Recomendados

Boogie 2011 Hi-Lite
Boogie 2011 Hi-LiteBoogie 2011 Hi-Lite
Boogie 2011 Hi-LiteAdaCore
 
Vlsi lab manual_new
Vlsi lab manual_newVlsi lab manual_new
Vlsi lab manual_newNaveen Gouda
 
Kanban by Mayur Gupta
Kanban by Mayur GuptaKanban by Mayur Gupta
Kanban by Mayur GuptaXebia IT Architects
 
Harton-Presentation
Harton-PresentationHarton-Presentation
Harton-PresentationHeather Harton
 
Parrot -- "one bytecode to rule them all"
Parrot -- "one bytecode to rule them all"Parrot -- "one bytecode to rule them all"
Parrot -- "one bytecode to rule them all"Nuno Carvalho
 
Open-DO Update
Open-DO UpdateOpen-DO Update
Open-DO UpdateAdaCore
 
At&t research at trecvid 2009
At&t research at trecvid 2009At&t research at trecvid 2009
At&t research at trecvid 2009Kirill Lazarev
 
SAP Offshore Delivery Services
SAP Offshore Delivery ServicesSAP Offshore Delivery Services
SAP Offshore Delivery ServicesJerome Le Gall
 

Recomendados

Boogie 2011 Hi-Lite
Boogie 2011 Hi-LiteBoogie 2011 Hi-Lite
Boogie 2011 Hi-LiteAdaCore
 
Vlsi lab manual_new
Vlsi lab manual_newVlsi lab manual_new
Vlsi lab manual_newNaveen Gouda
 
Kanban by Mayur Gupta
Kanban by Mayur GuptaKanban by Mayur Gupta
Kanban by Mayur GuptaXebia IT Architects
 
Harton-Presentation
Harton-PresentationHarton-Presentation
Harton-PresentationHeather Harton
 
Parrot -- "one bytecode to rule them all"
Parrot -- "one bytecode to rule them all"Parrot -- "one bytecode to rule them all"
Parrot -- "one bytecode to rule them all"Nuno Carvalho
 
Open-DO Update
Open-DO UpdateOpen-DO Update
Open-DO UpdateAdaCore
 
At&t research at trecvid 2009
At&t research at trecvid 2009At&t research at trecvid 2009
At&t research at trecvid 2009Kirill Lazarev
 
SAP Offshore Delivery Services
SAP Offshore Delivery ServicesSAP Offshore Delivery Services
SAP Offshore Delivery ServicesJerome Le Gall
 
santhosh popshetwar
santhosh popshetwarsanthosh popshetwar
santhosh popshetwarSanthosh Kumar Popshetwar
 
Avid_Venue
Avid_VenueAvid_Venue
Avid_VenueCole Bradley
 
Generazione Automatica di Test - S. Vuotto (Università di Sassari)
Generazione Automatica di Test - S. Vuotto (Università di Sassari)Generazione Automatica di Test - S. Vuotto (Università di Sassari)
Generazione Automatica di Test - S. Vuotto (Università di Sassari)Sardegna Ricerche
 
Elixir
ElixirElixir
ElixirChangwook Park
 
Lab3 s2
Lab3 s2Lab3 s2
Lab3 s2rajbabureliance
 
Lean and Kanban Principles for Software Developers
Lean and Kanban Principles for Software DevelopersLean and Kanban Principles for Software Developers
Lean and Kanban Principles for Software DevelopersCory Foy
 
Challenges in Debugging Bootstraps of Reflective Kernels
Challenges in Debugging Bootstraps of Reflective KernelsChallenges in Debugging Bootstraps of Reflective Kernels
Challenges in Debugging Bootstraps of Reflective KernelsESUG
 
Tail Call Elimination in Open Smalltalk
Tail Call Elimination in Open SmalltalkTail Call Elimination in Open Smalltalk
Tail Call Elimination in Open SmalltalkESUG
 
IPv6 Development and Testing Services
IPv6 Development and Testing ServicesIPv6 Development and Testing Services
IPv6 Development and Testing ServicesTMA Solutions
 
Funcargs & other fun with pytest
Funcargs & other fun with pytestFuncargs & other fun with pytest
Funcargs & other fun with pytestBrianna Laugher
 
WGDC QA Kapitanenko-Rebrov
WGDC QA Kapitanenko-RebrovWGDC QA Kapitanenko-Rebrov
WGDC QA Kapitanenko-RebrovAnton Kapitanenko
 
TMA Software Testing Competency
TMA Software Testing CompetencyTMA Software Testing Competency
TMA Software Testing CompetencyTMA Solutions
 
Test Automation and Keyword-driven testing af Brian Nielsen, CISS/AAU
Test Automation and Keyword-driven testing af Brian Nielsen, CISS/AAUTest Automation and Keyword-driven testing af Brian Nielsen, CISS/AAU
Test Automation and Keyword-driven testing af Brian Nielsen, CISS/AAUInfinIT - Innovationsnetværket for it
 
Test Driven Agile
Test Driven AgileTest Driven Agile
Test Driven AgileNigel Thurlow
 
Формальная верификация как средство тестирования (в Java)
Формальная верификация как средство тестирования (в Java)Формальная верификация как средство тестирования (в Java)
Формальная верификация как средство тестирования (в Java)SQALab
 
Benjamin q4 2008_bristol
Benjamin q4 2008_bristolBenjamin q4 2008_bristol
Benjamin q4 2008_bristolObsidian Software
 
Deploying Functional Qualification at STMicroelectronics
Deploying Functional Qualification at STMicroelectronicsDeploying Functional Qualification at STMicroelectronics
Deploying Functional Qualification at STMicroelectronicsDVClub
 
Sistemas operacionais 12
Sistemas operacionais 12Sistemas operacionais 12
Sistemas operacionais 12Nauber Gois
 
Software development practices in python
Software development practices in pythonSoftware development practices in python
Software development practices in pythonJimmy Lai
 
Agile testing principles and practices - Anil Karade
Agile testing principles and practices - Anil KaradeAgile testing principles and practices - Anil Karade
Agile testing principles and practices - Anil KaradeIndicThreads
 
Continuous deployment
Continuous deploymentContinuous deployment
Continuous deploymentDaniel
 
ITS-Fidel
ITS-FidelITS-Fidel
ITS-FidelFidel Softech P. Ltd
 

Más contenido relacionado

La actualidad más candente

Generazione Automatica di Test - S. Vuotto (Università di Sassari)
Generazione Automatica di Test - S. Vuotto (Università di Sassari)Generazione Automatica di Test - S. Vuotto (Università di Sassari)
Generazione Automatica di Test - S. Vuotto (Università di Sassari)Sardegna Ricerche
 
Lean and Kanban Principles for Software Developers
Lean and Kanban Principles for Software DevelopersLean and Kanban Principles for Software Developers
Lean and Kanban Principles for Software DevelopersCory Foy
 
Challenges in Debugging Bootstraps of Reflective Kernels
Challenges in Debugging Bootstraps of Reflective KernelsChallenges in Debugging Bootstraps of Reflective Kernels
Challenges in Debugging Bootstraps of Reflective KernelsESUG
 
Tail Call Elimination in Open Smalltalk
Tail Call Elimination in Open SmalltalkTail Call Elimination in Open Smalltalk
Tail Call Elimination in Open SmalltalkESUG
 

La actualidad más candente (8)

santhosh popshetwar
santhosh popshetwarsanthosh popshetwar
santhosh popshetwar
 
Avid_Venue
Avid_VenueAvid_Venue
Avid_Venue
 
Generazione Automatica di Test - S. Vuotto (Università di Sassari)
Generazione Automatica di Test - S. Vuotto (Università di Sassari)Generazione Automatica di Test - S. Vuotto (Università di Sassari)
Generazione Automatica di Test - S. Vuotto (Università di Sassari)
 
Elixir
ElixirElixir
Elixir
 
Lab3 s2
Lab3 s2Lab3 s2
Lab3 s2
 
Lean and Kanban Principles for Software Developers
Lean and Kanban Principles for Software DevelopersLean and Kanban Principles for Software Developers
Lean and Kanban Principles for Software Developers
 
Challenges in Debugging Bootstraps of Reflective Kernels
Challenges in Debugging Bootstraps of Reflective KernelsChallenges in Debugging Bootstraps of Reflective Kernels
Challenges in Debugging Bootstraps of Reflective Kernels
 
Tail Call Elimination in Open Smalltalk
Tail Call Elimination in Open SmalltalkTail Call Elimination in Open Smalltalk
Tail Call Elimination in Open Smalltalk
 

Similar a Hi-Lite erts2012

IPv6 Development and Testing Services
IPv6 Development and Testing ServicesIPv6 Development and Testing Services
IPv6 Development and Testing ServicesTMA Solutions
 
Funcargs & other fun with pytest
Funcargs & other fun with pytestFuncargs & other fun with pytest
Funcargs & other fun with pytestBrianna Laugher
 
TMA Software Testing Competency
TMA Software Testing CompetencyTMA Software Testing Competency
TMA Software Testing CompetencyTMA Solutions
 
Формальная верификация как средство тестирования (в Java)
Формальная верификация как средство тестирования (в Java)Формальная верификация как средство тестирования (в Java)
Формальная верификация как средство тестирования (в Java)SQALab
 
Deploying Functional Qualification at STMicroelectronics
Deploying Functional Qualification at STMicroelectronicsDeploying Functional Qualification at STMicroelectronics
Deploying Functional Qualification at STMicroelectronicsDVClub
 
Sistemas operacionais 12
Sistemas operacionais 12Sistemas operacionais 12
Sistemas operacionais 12Nauber Gois
 
Software development practices in python
Software development practices in pythonSoftware development practices in python
Software development practices in pythonJimmy Lai
 
Agile testing principles and practices - Anil Karade
Agile testing principles and practices - Anil KaradeAgile testing principles and practices - Anil Karade
Agile testing principles and practices - Anil KaradeIndicThreads
 
Continuous deployment
Continuous deploymentContinuous deployment
Continuous deploymentDaniel
 
Leveling Up With Unit Testing - LonghornPHP 2022
Leveling Up With Unit Testing - LonghornPHP 2022Leveling Up With Unit Testing - LonghornPHP 2022
Leveling Up With Unit Testing - LonghornPHP 2022Mark Niebergall
 
Signal and System - Convolution in Linear Time-Invariant System.pdf
Signal and System - Convolution in Linear Time-Invariant System.pdfSignal and System - Convolution in Linear Time-Invariant System.pdf
Signal and System - Convolution in Linear Time-Invariant System.pdf22004598
 
Pragmatic Introduction to Python Unit Testing (PyDays 2018)
Pragmatic Introduction to Python Unit Testing (PyDays 2018)Pragmatic Introduction to Python Unit Testing (PyDays 2018)
Pragmatic Introduction to Python Unit Testing (PyDays 2018)Peter Kofler
 
MUTANTS KILLER - PIT: state of the art of mutation testing system
MUTANTS KILLER - PIT: state of the art of mutation testing system MUTANTS KILLER - PIT: state of the art of mutation testing system
MUTANTS KILLER - PIT: state of the art of mutation testing system Tarin Gamberini
 
Releasing fast code - The DevOps approach
Releasing fast code - The DevOps approachReleasing fast code - The DevOps approach
Releasing fast code - The DevOps approachMichael Kopp
 

Similar a Hi-Lite erts2012 (20)

IPv6 Development and Testing Services
IPv6 Development and Testing ServicesIPv6 Development and Testing Services
IPv6 Development and Testing Services
 
Funcargs & other fun with pytest
Funcargs & other fun with pytestFuncargs & other fun with pytest
Funcargs & other fun with pytest
 
WGDC QA Kapitanenko-Rebrov
WGDC QA Kapitanenko-RebrovWGDC QA Kapitanenko-Rebrov
WGDC QA Kapitanenko-Rebrov
 
TMA Software Testing Competency
TMA Software Testing CompetencyTMA Software Testing Competency
TMA Software Testing Competency
 
Test Automation and Keyword-driven testing af Brian Nielsen, CISS/AAU
Test Automation and Keyword-driven testing af Brian Nielsen, CISS/AAUTest Automation and Keyword-driven testing af Brian Nielsen, CISS/AAU
Test Automation and Keyword-driven testing af Brian Nielsen, CISS/AAU
 
Test Driven Agile
Test Driven AgileTest Driven Agile
Test Driven Agile
 
Формальная верификация как средство тестирования (в Java)
Формальная верификация как средство тестирования (в Java)Формальная верификация как средство тестирования (в Java)
Формальная верификация как средство тестирования (в Java)
 
Benjamin q4 2008_bristol
Benjamin q4 2008_bristolBenjamin q4 2008_bristol
Benjamin q4 2008_bristol
 
Deploying Functional Qualification at STMicroelectronics
Deploying Functional Qualification at STMicroelectronicsDeploying Functional Qualification at STMicroelectronics
Deploying Functional Qualification at STMicroelectronics
 
Sistemas operacionais 12
Sistemas operacionais 12Sistemas operacionais 12
Sistemas operacionais 12
 
Software development practices in python
Software development practices in pythonSoftware development practices in python
Software development practices in python
 
Agile testing principles and practices - Anil Karade
Agile testing principles and practices - Anil KaradeAgile testing principles and practices - Anil Karade
Agile testing principles and practices - Anil Karade
 
Continuous deployment
Continuous deploymentContinuous deployment
Continuous deployment
 
ITS-Fidel
ITS-FidelITS-Fidel
ITS-Fidel
 
Leveling Up With Unit Testing - LonghornPHP 2022
Leveling Up With Unit Testing - LonghornPHP 2022Leveling Up With Unit Testing - LonghornPHP 2022
Leveling Up With Unit Testing - LonghornPHP 2022
 
Signal and System - Convolution in Linear Time-Invariant System.pdf
Signal and System - Convolution in Linear Time-Invariant System.pdfSignal and System - Convolution in Linear Time-Invariant System.pdf
Signal and System - Convolution in Linear Time-Invariant System.pdf
 
Pragmatic Introduction to Python Unit Testing (PyDays 2018)
Pragmatic Introduction to Python Unit Testing (PyDays 2018)Pragmatic Introduction to Python Unit Testing (PyDays 2018)
Pragmatic Introduction to Python Unit Testing (PyDays 2018)
 
TMA Brochure IPv6
TMA Brochure IPv6TMA Brochure IPv6
TMA Brochure IPv6
 
MUTANTS KILLER - PIT: state of the art of mutation testing system
MUTANTS KILLER - PIT: state of the art of mutation testing system MUTANTS KILLER - PIT: state of the art of mutation testing system
MUTANTS KILLER - PIT: state of the art of mutation testing system
 
Releasing fast code - The DevOps approach
Releasing fast code - The DevOps approachReleasing fast code - The DevOps approach
Releasing fast code - The DevOps approach
 

Más de AdaCore

RCA OCORA: Safe Computing Platform using open standards
RCA OCORA: Safe Computing Platform using open standardsRCA OCORA: Safe Computing Platform using open standards
RCA OCORA: Safe Computing Platform using open standardsAdaCore
 
Have we a Human Ecosystem?
Have we a Human Ecosystem?Have we a Human Ecosystem?
Have we a Human Ecosystem?AdaCore
 
Rust and the coming age of high integrity languages
Rust and the coming age of high integrity languagesRust and the coming age of high integrity languages
Rust and the coming age of high integrity languagesAdaCore
 
SPARKNaCl: A verified, fast cryptographic library
SPARKNaCl: A verified, fast cryptographic librarySPARKNaCl: A verified, fast cryptographic library
SPARKNaCl: A verified, fast cryptographic libraryAdaCore
 
Developing Future High Integrity Processing Solutions
Developing Future High Integrity Processing SolutionsDeveloping Future High Integrity Processing Solutions
Developing Future High Integrity Processing SolutionsAdaCore
 
Taming event-driven software via formal verification
Taming event-driven software via formal verificationTaming event-driven software via formal verification
Taming event-driven software via formal verificationAdaCore
 
Pushing the Boundary of Mostly Automatic Program Proof
Pushing the Boundary of Mostly Automatic Program ProofPushing the Boundary of Mostly Automatic Program Proof
Pushing the Boundary of Mostly Automatic Program ProofAdaCore
 
RCA OCORA: Safe Computing Platform using open standards
RCA OCORA: Safe Computing Platform using open standardsRCA OCORA: Safe Computing Platform using open standards
RCA OCORA: Safe Computing Platform using open standardsAdaCore
 
Product Lines and Ecosystems: from customization to configuration
Product Lines and Ecosystems: from customization to configurationProduct Lines and Ecosystems: from customization to configuration
Product Lines and Ecosystems: from customization to configurationAdaCore
 
Securing the Future of Safety and Security of Embedded Software
Securing the Future of Safety and Security of Embedded SoftwareSecuring the Future of Safety and Security of Embedded Software
Securing the Future of Safety and Security of Embedded SoftwareAdaCore
 
Spark / Ada for Safe and Secure Firmware Development
Spark / Ada for Safe and Secure Firmware DevelopmentSpark / Ada for Safe and Secure Firmware Development
Spark / Ada for Safe and Secure Firmware DevelopmentAdaCore
 
Introducing the HICLASS Research Programme - Enabling Development of Complex ...
Introducing the HICLASS Research Programme - Enabling Development of Complex ...Introducing the HICLASS Research Programme - Enabling Development of Complex ...
Introducing the HICLASS Research Programme - Enabling Development of Complex ...AdaCore
 
The Future of Aerospace – More Software Please!
The Future of Aerospace – More Software Please!The Future of Aerospace – More Software Please!
The Future of Aerospace – More Software Please!AdaCore
 
Adaptive AUTOSAR - The New AUTOSAR Architecture
Adaptive AUTOSAR - The New AUTOSAR ArchitectureAdaptive AUTOSAR - The New AUTOSAR Architecture
Adaptive AUTOSAR - The New AUTOSAR ArchitectureAdaCore
 
Using Tiers of Assurance Evidence to Reduce the Tears! Adopting the “Wheel of...
Using Tiers of Assurance Evidence to Reduce the Tears! Adopting the “Wheel of...Using Tiers of Assurance Evidence to Reduce the Tears! Adopting the “Wheel of...
Using Tiers of Assurance Evidence to Reduce the Tears! Adopting the “Wheel of...AdaCore
 
Software Engineering for Robotics - The RoboStar Technology
Software Engineering for Robotics - The RoboStar TechnologySoftware Engineering for Robotics - The RoboStar Technology
Software Engineering for Robotics - The RoboStar TechnologyAdaCore
 
MISRA C in an ISO 26262 context
MISRA C in an ISO 26262 contextMISRA C in an ISO 26262 context
MISRA C in an ISO 26262 contextAdaCore
 
Application of theorem proving for safety-critical vehicle software
Application of theorem proving for safety-critical vehicle softwareApplication of theorem proving for safety-critical vehicle software
Application of theorem proving for safety-critical vehicle softwareAdaCore
 
The Application of Formal Methods to Railway Signalling Software
The Application of Formal Methods to Railway Signalling SoftwareThe Application of Formal Methods to Railway Signalling Software
The Application of Formal Methods to Railway Signalling SoftwareAdaCore
 
Bounded Model Checking for C Programs in an Enterprise Environment
Bounded Model Checking for C Programs in an Enterprise EnvironmentBounded Model Checking for C Programs in an Enterprise Environment
Bounded Model Checking for C Programs in an Enterprise EnvironmentAdaCore
 

Más de AdaCore (20)

RCA OCORA: Safe Computing Platform using open standards
RCA OCORA: Safe Computing Platform using open standardsRCA OCORA: Safe Computing Platform using open standards
RCA OCORA: Safe Computing Platform using open standards
 
Have we a Human Ecosystem?
Have we a Human Ecosystem?Have we a Human Ecosystem?
Have we a Human Ecosystem?
 
Rust and the coming age of high integrity languages
Rust and the coming age of high integrity languagesRust and the coming age of high integrity languages
Rust and the coming age of high integrity languages
 
SPARKNaCl: A verified, fast cryptographic library
SPARKNaCl: A verified, fast cryptographic librarySPARKNaCl: A verified, fast cryptographic library
SPARKNaCl: A verified, fast cryptographic library
 
Developing Future High Integrity Processing Solutions
Developing Future High Integrity Processing SolutionsDeveloping Future High Integrity Processing Solutions
Developing Future High Integrity Processing Solutions
 
Taming event-driven software via formal verification
Taming event-driven software via formal verificationTaming event-driven software via formal verification
Taming event-driven software via formal verification
 
Pushing the Boundary of Mostly Automatic Program Proof
Pushing the Boundary of Mostly Automatic Program ProofPushing the Boundary of Mostly Automatic Program Proof
Pushing the Boundary of Mostly Automatic Program Proof
 
RCA OCORA: Safe Computing Platform using open standards
RCA OCORA: Safe Computing Platform using open standardsRCA OCORA: Safe Computing Platform using open standards
RCA OCORA: Safe Computing Platform using open standards
 
Product Lines and Ecosystems: from customization to configuration
Product Lines and Ecosystems: from customization to configurationProduct Lines and Ecosystems: from customization to configuration
Product Lines and Ecosystems: from customization to configuration
 
Securing the Future of Safety and Security of Embedded Software
Securing the Future of Safety and Security of Embedded SoftwareSecuring the Future of Safety and Security of Embedded Software
Securing the Future of Safety and Security of Embedded Software
 
Spark / Ada for Safe and Secure Firmware Development
Spark / Ada for Safe and Secure Firmware DevelopmentSpark / Ada for Safe and Secure Firmware Development
Spark / Ada for Safe and Secure Firmware Development
 
Introducing the HICLASS Research Programme - Enabling Development of Complex ...
Introducing the HICLASS Research Programme - Enabling Development of Complex ...Introducing the HICLASS Research Programme - Enabling Development of Complex ...
Introducing the HICLASS Research Programme - Enabling Development of Complex ...
 
The Future of Aerospace – More Software Please!
The Future of Aerospace – More Software Please!The Future of Aerospace – More Software Please!
The Future of Aerospace – More Software Please!
 
Adaptive AUTOSAR - The New AUTOSAR Architecture
Adaptive AUTOSAR - The New AUTOSAR ArchitectureAdaptive AUTOSAR - The New AUTOSAR Architecture
Adaptive AUTOSAR - The New AUTOSAR Architecture
 
Using Tiers of Assurance Evidence to Reduce the Tears! Adopting the “Wheel of...
Using Tiers of Assurance Evidence to Reduce the Tears! Adopting the “Wheel of...Using Tiers of Assurance Evidence to Reduce the Tears! Adopting the “Wheel of...
Using Tiers of Assurance Evidence to Reduce the Tears! Adopting the “Wheel of...
 
Software Engineering for Robotics - The RoboStar Technology
Software Engineering for Robotics - The RoboStar TechnologySoftware Engineering for Robotics - The RoboStar Technology
Software Engineering for Robotics - The RoboStar Technology
 
MISRA C in an ISO 26262 context
MISRA C in an ISO 26262 contextMISRA C in an ISO 26262 context
MISRA C in an ISO 26262 context
 
Application of theorem proving for safety-critical vehicle software
Application of theorem proving for safety-critical vehicle softwareApplication of theorem proving for safety-critical vehicle software
Application of theorem proving for safety-critical vehicle software
 
The Application of Formal Methods to Railway Signalling Software
The Application of Formal Methods to Railway Signalling SoftwareThe Application of Formal Methods to Railway Signalling Software
The Application of Formal Methods to Railway Signalling Software
 
Bounded Model Checking for C Programs in an Enterprise Environment
Bounded Model Checking for C Programs in an Enterprise EnvironmentBounded Model Checking for C Programs in an Enterprise Environment
Bounded Model Checking for C Programs in an Enterprise Environment
 

Último

Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...gurkirankumar98700
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilV3cube
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 

Último (20)

Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of Brazil
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 

Hi-Lite erts2012

  • 1. Integrating Formal Program Verification with Testing Cyrille Comar, Johannes Kanig and Yannick Moy
  • 2. Integrating Formal Program with Testing Verification Cyrille Comar, Johannes Kanig and Yannick Moy
  • 3. Integrating Formal Program with Verification Cyrille Comar, Johannes Kanig and Yannick Moy
  • 5. Cost of testing • Cost of testing greater than cost of development • 10% increase each year for avionics software (Boeing META Project) • Uneven repartition: 20%  80% of effort! 80% • Uneven quality: 80% of errors traced to 20% of code (NASA Software Safety Guidebook) • Need to reduce and focus the cost of testing
  • 6. DO-178C: formal methods can replace testing Formal methods […] might be the primary source of evidence for the satisfaction of many of the objectives concerned with development and verification. 2011: Formal Methods Supplement (DO-333)
  • 7. Myths of formal methods • Myth 4: Formal methods require highly trained mathematicians • Myth 5: Formal methods increase the cost of development • Myth 6: Formal methods are unacceptable to users • Myth 7: Formal methods are not used on real, large-scale software (Anthony Hall, Praxis Systems, 1990)
  • 8. Practice of formal methods Since 2001, Airbus has been integrating several tool supported formal verification techniques into the development process of avionics software products. 2009: Formal Verification of Avionics Software Products (Souyris, Wiels, Delmas, Delseny)
  • 9. Cost of verification 20%  80% of 20%  80% of 80% testing effort 80% formal effort Hi-Lite goal: using formal verification first, then testing… 4% 16% testing 80% formal … to reduce and focus the cost of verification
  • 11. Programming Contracts {P}C{Q} Hoare logic (1969) logic contracts executable contracts for proofs for tests SPARK (1987) Eiffel DbC (1986) Hi-Lite: executable annotation language???
  • 14. Testing vs. Formal Verification prove pre of Q use Q code assume post of Q cover P constructs P calls Q P calls Q P P Q Q assume pre of Q actual body of Q prove post of Q or stub… local exhaustivity argument: global soundness argument: each function covered P all functions proved  enough behaviors  all assumptions justified explored Q R
  • 15. Combining tests and proofs P is tested P calls Q How so we justify assumptions made P during proof? Q Q calls P Q is proved verification combining tests and proofs should be AT LEAST AS GOOD AS verification based on tests only
  • 16. Caution: contracts are not only pre/post! strong typing parameters not aliased )… parameters initialized data dependences
  • 17. Combination 1: tested calls proved P is tested P calls Q during testing: check that P precondition of Q Q is respected Q is proved assumption for proof: precondition of Q is respected
  • 18. Combination 2: proved calls tested P is tested during testing: check that P postcondition of P Q is respected Q calls P Q is proved assumption for proof: postcondition of P is respected
  • 19. Testing + Formal Verification tested P proved Q R proved local exhaustivity argument: global soundness argument: - test: function covered - proof: assumptions proved - proof: by nature of proof - test: assumptions tested Testing must check additional properties Done by compiler instrumentation
  • 20. GNAT toolsuite executable GNAT GNATtest compiler unit testing aggregated verification results GNATprove unit proof
  • 22. Airbus 5 “must-have” of formal methods • Soundness • Applicability to the code • Usability by normal engineers on normal computers • Improve on classical methods current work • Certifiability
  • 23. Benefits of openness .org • announcements • public: • all code • meeting slides  meeting minutes • dev docs • articles / docs  technical work • user docs  69 members • private:  management  partner code  external collaborations with industry and academia