Comments for open-DO http://www.open-do.org Toward a cooperative and open framework for the development of certifiable software Wed, 15 May 2013 13:26:15 +0000 hourly 1 Comment on Integrating Proof and Testing in Verification Strategies for Safety Critical Systems by Yannick Moy http://www.open-do.org/2013/02/23/integrating-proof-and-testing-in-verification-strategies-for-safety-critical-systems/comment-page-1/#comment-25642 Yannick Moy Wed, 15 May 2013 13:26:15 +0000 http://www.open-do.org/?p=2175#comment-25642 Ram, you're right that formal verification and testing are complementary, that's precisely this complementarity that we rely on in the next version of the SPARK technology. You mention PolySpace as a tool that can check for run-time errors in implementations. That's what static analyzers do indeed, like the one we develop at AdaCore: http://www.adacore.com/codepeer/ SPARK technology goes one step further, by also allowing you to prove that the intended functionality of pieces of your software is correctly implemented. This requires you to state the intended functionality in contracts (preconditions and postconditions) that the tool then attempts to prove wrt your implementation. Still, formal verification is not applicable to all the code, and to all the properties you want to check (in particular high-level properties, that cannot be easily expressed as contracts). This is why it is important to be able to combine testing and formal verification. Ram, you’re right that formal verification and testing are complementary, that’s precisely this complementarity that we rely on in the next version of the SPARK technology. You mention PolySpace as a tool that can check for run-time errors in implementations. That’s what static analyzers do indeed, like the one we develop at AdaCore:

http://www.adacore.com/codepeer/

SPARK technology goes one step further, by also allowing you to prove that the intended functionality of pieces of your software is correctly implemented. This requires you to state the intended functionality in contracts (preconditions and postconditions) that the tool then attempts to prove wrt your implementation.

Still, formal verification is not applicable to all the code, and to all the properties you want to check (in particular high-level properties, that cannot be easily expressed as contracts). This is why it is important to be able to combine testing and formal verification.

]]> Comment on Integrating Proof and Testing in Verification Strategies for Safety Critical Systems by Ram Cherukuri http://www.open-do.org/2013/02/23/integrating-proof-and-testing-in-verification-strategies-for-safety-critical-systems/comment-page-1/#comment-25088 Ram Cherukuri Fri, 26 Apr 2013 19:15:39 +0000 http://www.open-do.org/?p=2175#comment-25088 To my understanding, Formal verification and testing are complimentary solutions to the verification and validation process. Testing helps to validate that the software is functionally correct and the formal verification tools can check for errors in the implementation. Here is an example of how one such formal verification tool proves code correctness: http://www.mathworks.com/videos/proving-the-absence-of-run-time-errors-with-polyspace-71970.html To my understanding, Formal verification and testing are complimentary solutions to the verification and validation process. Testing helps to validate that the software is functionally correct and the formal verification tools can check for errors in the implementation. Here is an example of how one such formal verification tool proves code correctness:
http://www.mathworks.com/videos/proving-the-absence-of-run-time-errors-with-polyspace-71970.html

]]> Comment on GNATprove Takes the Train by Yannick Moy http://www.open-do.org/2013/04/11/gnatprove-takes-the-train/comment-page-1/#comment-24978 Yannick Moy Mon, 22 Apr 2013 22:01:26 +0000 http://www.open-do.org/?p=2182#comment-24978 Thanks David for the slides and nice comment. I see that you mention the "safety principles" that are missing, like in your report. Can you explain what are those? Can they be formalized? Thanks David for the slides and nice comment. I see that you mention the “safety principles” that are missing, like in your report. Can you explain what are those? Can they be formalized?

]]> Comment on GNATprove Takes the Train by David Mentré http://www.open-do.org/2013/04/11/gnatprove-takes-the-train/comment-page-1/#comment-24775 David Mentré Wed, 17 Apr 2013 15:39:11 +0000 http://www.open-do.org/?p=2182#comment-24775 The slides of the presentation are available here: https://github.com/openETCS/model-evaluation/blob/master/Munich_20130415/2013-04-15-GNATprove-ETCS-model.pdf?raw=true On openETCS benchmark, I was able to do most of activities, even if not all of this small model made has been fully proven. From our point of view, GNATprove is a very interesting technology. They are currently rough edges but it seems promising for safety critical embedded systems. The ability to mix tests and proofs is very interesting and useful in practice (e.g. help debug formal assertions). The slides of the presentation are available here: https://github.com/openETCS/model-evaluation/blob/master/Munich_20130415/2013-04-15-GNATprove-ETCS-model.pdf?raw=true

On openETCS benchmark, I was able to do most of activities, even if not all of this small model made has been fully proven.

From our point of view, GNATprove is a very interesting technology. They are currently rough edges but it seems promising for safety critical embedded systems. The ability to mix tests and proofs is very interesting and useful in practice (e.g. help debug formal assertions).

]]> Comment on Project Hi-Lite / GNATprove by GNATprove Takes the Train http://www.open-do.org/projects/hi-lite/gnatprove/comment-page-1/#comment-24575 GNATprove Takes the Train Thu, 11 Apr 2013 10:53:55 +0000 http://www.open-do.org/?page_id=2029#comment-24575 [...] Introduction to Hi-LiteHi-Lite ProgressHi-Lite News and EventsFormal ContainersSOCIS 2012 ProjectProject Hi-Lite / GNATproveXReqProject POpen-DO conferenceOpen-DO Conference AbstractsForgeWhite Paper: High-Integrity [...] [...] Introduction to Hi-LiteHi-Lite ProgressHi-Lite News and EventsFormal ContainersSOCIS 2012 ProjectProject Hi-Lite / GNATproveXReqProject POpen-DO conferenceOpen-DO Conference AbstractsForgeWhite Paper: High-Integrity [...]

]]> Comment on About Open-DO by Open source community best fit for new wave of industrial development – The most sensational news http://www.open-do.org/about/comment-page-1/#comment-24309 Open source community best fit for new wave of industrial development – The most sensational news Wed, 03 Apr 2013 09:32:20 +0000 https://www.open-do.org/?page_id=2#comment-24309 [...] Open-DO Initiative (as in “Open” and “DO-178C”, the recent revision of the avionics standard [...] [...] Open-DO Initiative (as in “Open” and “DO-178C”, the recent revision of the avionics standard [...]

]]> Comment on Project Hi-Lite by Future Version of SPARK Will Be Based on Ada 2012 http://www.open-do.org/projects/hi-lite/comment-page-1/#comment-21894 Future Version of SPARK Will Be Based on Ada 2012 Fri, 30 Nov 2012 18:39:06 +0000 http://www.open-do.org/?page_id=1116#comment-21894 [...] IP217AgileCouvertureGeneAuto/AdaProject Qualifying MachineQM - PresentationQM - DesignHiberSourceProject Hi-LiteA Database ExampleHi-Lite PartnersHi-Lite ResourcesA Lighter Introduction to Hi-LiteHi-Lite [...] [...] IP217AgileCouvertureGeneAuto/AdaProject Qualifying MachineQM - PresentationQM - DesignHiberSourceProject Hi-LiteA Database ExampleHi-Lite PartnersHi-Lite ResourcesA Lighter Introduction to Hi-LiteHi-Lite [...]

]]> Comment on Couverture by Couverture software | Seebaby http://www.open-do.org/projects/couverture/comment-page-1/#comment-20728 Couverture software | Seebaby Mon, 01 Oct 2012 00:39:44 +0000 http://www.open-do.org/?page_id=732#comment-20728 [...] CouvertureThe original Couverture project had the objectives to produce a Free Software coverage analysis toolset together with the ability to generate artifacts that allow … [...] [...] CouvertureThe original Couverture project had the objectives to produce a Free Software coverage analysis toolset together with the ability to generate artifacts that allow … [...]

]]> Comment on GNATprove Distinguished at VerifyThis Competition by Cyrille http://www.open-do.org/2012/09/03/gnatprove-distinguished-at-verifythis-competition/comment-page-1/#comment-20197 Cyrille Mon, 03 Sep 2012 10:56:53 +0000 http://www.open-do.org/?p=2075#comment-20197 Great to see the core ideas of hi-lite at work in this context! thanks Yannick Great to see the core ideas of hi-lite at work in this context! thanks Yannick

]]> Comment on Project Hi-Lite / GNATprove by GNATprove Distinguished at VerifyThis Competition http://www.open-do.org/projects/hi-lite/gnatprove/comment-page-1/#comment-20191 GNATprove Distinguished at VerifyThis Competition Mon, 03 Sep 2012 09:50:04 +0000 http://www.open-do.org/?page_id=2029#comment-20191 [...] Introduction to Hi-LiteHi-Lite ProgressHi-Lite News and EventsFormal ContainersSOCIS 2012 ProjectProject Hi-Lite / GNATproveXReqProject POpen-DO conferenceOpen-DO Conference AbstractsForgeWhite Paper: High-Integrity [...] [...] Introduction to Hi-LiteHi-Lite ProgressHi-Lite News and EventsFormal ContainersSOCIS 2012 ProjectProject Hi-Lite / GNATproveXReqProject POpen-DO conferenceOpen-DO Conference AbstractsForgeWhite Paper: High-Integrity [...]

]]>