Formal methods and testing are often considered as disjoint technologies. The Hi-Lite project wants to show that both are actually complementary. The central concept are subprogram contracts, part of the upcoming Ada 2012 standard. A contract, which consists of preand postcondition, describes the specification of a subprogram, in the same syntax as Ada expressions. These contracts can be seen either as additional assertions in the case of testing, or they can be used to prove the correctness of the subprogram, using modern proof technology such as SMT solvers. This mechanism allows an easy adoption of modern formal methods, on a per-function basis. Hi-Lite fits in well with the upcoming DO-178C avionics safety standard, a revision to DO-178B, which, among other things, accounts for technologies such as formal methods. A contract is additional information a programmer has to write, and errors are possible. Another focus of the Hi-Lite project is to help the programmer write meaningful and complete contracts. Current proposals include the detection of runtime errors contained in contracts, meaningless or too strong contracts, incomplete contracts that do not mention modified variables and code that does not contribute to the contract. The goal of project Hi-Lite is to produce a verification toolchain combining formal methods and testing, integrated with the usual project structure in the two IDEs developed by AdaCore.
[1]
K. Rustan M. Leino,et al.
The Spec# Programming System: An Overview
,
2004,
CASSIS.
[2]
Edmond Schonberg.
Towards Ada 2012: an interim report
,
2010,
SIGAda.
[3]
Hoyt Lougee,et al.
SOFTWARE CONSIDERATIONS IN AIRBORNE SYSTEMS AND EQUIPMENT CERTIFICATION
,
2001
.
[4]
Robert Dewar.
A Pragmatic View of Formal Methods: the Hi-Lite Project
,
2011,
SSS.
[5]
Virginie Wiels,et al.
Formal Verification of Avionics Software Products
,
2009,
FM.
[6]
Yannick Moy,et al.
Correct Code Containing Containers
,
2011,
TAP@TOOLS.
[7]
Michael D. Ernst,et al.
An overview of JML tools and applications
,
2003,
International Journal on Software Tools for Technology Transfer.
[8]
John G. P. Barnes,et al.
High Integrity Software - The SPARK Approach to Safety and Security
,
2003
.
[9]
Claude Marché,et al.
The Why/Krakatoa/Caduceus Platform for Deductive Program Verification
,
2007,
CAV.
[10]
Yannick Moy,et al.
Tokeneer: Beyond Formal Program Verification
,
2010
.
[11]
Patrice Chalin,et al.
Engineering a Sound Assertion Semantics for the Verifying Compiler
,
2010,
IEEE Transactions on Software Engineering.
[12]
簡聰富,et al.
物件導向軟體之架構(Object-Oriented Software Construction)探討
,
1989
.
[13]
Randy Johnson,et al.
Engineering the Tokeneer Enclave Protection Software
,
2006
.