论文信息 - Experiences in the Industrial use of Formal Methods

Experiences in the Industrial use of Formal Methods

Altran Praxis has used formal methods within its high integrity development approach, Correctness by Construction (CbyC), for a number of years. The Tokeneer ID Station (TIS) developed for the US National Security Agency (NSA) is one example of a development using formal methods and the CbyC approach. This project used a number of rigorous techniques including formalisation of the specification using the Z Notation, refinement of the specification to a formal design, software development in SPARK with proof of absence of run-time errors of the software and proof of system properties. The project has stood up well to the intense scrutiny it has been subject to since it became available to the wider community in 2008, with only five errors being found. Despite the general success of the approach there are challenges to using formal methods in an industrial context. By looking at a number of key properties that affect the success of deployment of tools and techniques in industry we attempt to put the challenges of industrial deployment of formal methods into perspective.

Janet Elizabeth Barnes | Janet Barnes

[1] J. Michael Spivey,et al. The Z notation - a reference manual , 1992, Prentice Hall International Series in Computer Science.

[2] Jan Trobitius,et al. Anwendung der "Common Criteria for Information Technology Security Evaluation" (CC) / ISO 15408 auf ein SOA Registry-Repository , 2007, Informatiktage.

[3] Anthony Hall,et al. Integrating Z into Large Projects Tools and Techniques , 2008, ABZ.

[4] John G. P. Barnes,et al. High Integrity Software - The SPARK Approach to Safety and Security , 2003 .

[5] Anthony Hall,et al. Seven myths of formal methods , 1990, IEEE Software.

[6] 오준석,et al. Correctness by Construction 을 적용한 안전필수 시스템 개발 , 2009 .

[7] Anthony Hall,et al. Will It Work , 2001 .

[8] Yannick Moy,et al. Tokeneer: Beyond Formal Program Verification , 2010 .

[9] Anthony Hall. Using Formal Methods to Develop an ATC Information System , 1996, IEEE Softw..

[10] Jim Woodcock,et al. The Tokeneer Experiments , 2010, Reflections on the Work of C. A. R. Hoare.

[11] C. A. R. Hoare,et al. Communicating sequential processes , 1978, CACM.

[12] HallAnthony,et al. Correctness by Construction , 2002 .

[13] Steve King,et al. Is Proof More Cost-Effective Than Testing? , 2000, IEEE Trans. Software Eng..

[14] Anthony Hall,et al. Correctness by Construction: Developing a Commercial Secure System , 2002, IEEE Softw..