论文信息 - Applying formal methods in software development

Applying formal methods in software development

Using PVS (Prototype Verification System), we prove that an industry designed scheduler for a smartcard personalization machine is safe and optimal. This scheduler has previously been the subject of research in model checked scheduling synthesis and verification. These verification and synthesis efforts had only been done for a limited number of personalization stations. We have created an executable model and have proven the scheduling algorithm to be optimal and safe for any number of personalization stations. This result shows that theorem provers can be successfully used for industrial problems in cases where model checkers suffer from state explosion.

L. Lensink | L. Lensink

[1] Young-Joo Moon,et al. Stochastic models for quality of service of component connectors , 2011 .

[2] Tim Nieberg. On cyclic plans for scheduling a smart card personalisation system , 2004 .

[3] Wang Yi,et al. Uppaal in a nutshell , 1997, International Journal on Software Tools for Technology Transfer.

[4] Nancy G. Leveson,et al. Role of Software in Spacecraft Accidents , 2004 .

[5] A. Rodriguez Yakushev,et al. Towards Getting Generic Programming Ready for Prime Time , 2009 .

[6] David Harel,et al. Some Methodological Observations Resulting from Experience Using LSCs and the Play-In/Play-Out Approach , 2003, Scenarios: Models, Transformations and Tools.

[7] Mark Timmer,et al. Efficient modelling, generation and analysis of Markov automata , 2013 .

[8] EM Elena Bortnik,et al. Formal methods in support of SMC design , 2008 .

[9] Hugo Jonker,et al. Security matters : privacy in voting and fairness in digital exchange , 2009 .

[10] Tom Staijen,et al. Graph-based Specification and Verification for Aspect-Oriented Languages , 2010 .

[11] de A. Bruin,et al. Service-oriented discovery of knowledge : foundations, implementations and applications , 2010 .

[12] M.C.J.D. van Eekelen,et al. LaQuSo: Using Formal Meethods for Analysis, Verification and Improvement of Safety Critical Software , 2008 .

[13] M. T. de Berg,et al. Algorithms for Fat Objects: Decompositions and Applications , 2004 .

[14] Sander van der Burg,et al. A Reference Architecture for Distributed Software Deployment , 2013 .

[15] Robert Brijder,et al. Models of natural computation : gene assembly and membrane systems , 2008 .

[16] Trajce Dimkov,et al. Alignment of organizational security policies: Theory and Practice , 2012 .

[17] Kenneth L. McMillan,et al. Symbolic model checking , 1992 .

[18] M. Torabi Dashti,et al. Keeping Fairness Alive : Design and formal verification of optimistic fair exchange protocols , 2008 .

[19] Murali Rangarajan,et al. Feature-based decomposition of inductive proofs applied to real-time avionics software: an experience report , 2004, Proceedings. 26th International Conference on Software Engineering.

[20] Oscar H. Ibarra,et al. On spiking neural P systems , 2006, Natural Computing.

[21] Natarajan Shankar,et al. PVS: An Experience Report , 1998, FM-Trends.

[22] Mjm Marcel Roeloffzen. Kinetic data structures in the black-box model , 2013 .

[23] Gary T. Leavens,et al. Beyond Assertions: Advanced Specification and Verification with JML and ESC/Java2 , 2005, FMCO.

[24] M Muhammad Atif,et al. Formal modeling and verification of distributed failure detectors , 2011 .

[25] T. van der Storm. Component-based configuration, integration and delivery , 2003 .

[26] Kenneth L. McMillan,et al. The SMV System , 1993 .

[27] Georgeta Igna,et al. Performance analysis of real-time task systems using timed automata , 2013 .

[28] Adam Chlipala,et al. A verified compiler for an impure functional language , 2010, POPL '10.

[29] Damiano Bolzoni,et al. Revisiting Anomaly-based Network Intrusion Detection Systems , 2009 .

[30] Mohammad Ali Abam. New data structures and algorithms for mobile data , 2007 .

[31] Gerhard de Koning Gans,et al. Outsmarting smart cards , 2013 .

[32] Laura Brandán Briones,et al. Theories for Model-based Testing: Real-time and Coverage , 2007 .

[33] Tobias Nipkow,et al. A Code Generator Framework for Isabelle / HOL , 2007 .

[34] Martin R. Neuhäußer,et al. Model checking nondeterministic and randomly timed systems , 2010 .

[35] Martin Bravenboer,et al. Exercises in Free Syntax. Syntax Definition, Parsing, and Assimilation of Language Conglomerates , 2003 .

[36] Jozef Hooman,et al. Process Algebra in PVS , 1999, TACAS.

[37] Marko C. J. D. van Eekelen,et al. A Proof Framework for Concurrent Programs , 2012, IFM.

[38] Bas Basten,et al. Ambiguity Detection for Programming Language Grammars , 2011 .

[39] Klaus Havelund,et al. Model checking JAVA programs using JAVA PathFinder , 2000, International Journal on Software Tools for Technology Transfer.

[40] van den,et al. Composition and synchronization of real-time components upon one processor , 2013 .

[41] Ncwm Niels Braspenning. Model-based integration and testing of high-tech multi-disciplinary systems , 2008 .

[42] van Pja Paul Tilburg. From computability to executability : a process-theoretic view on automata theory , 2011 .

[43] T. D. Vu,et al. Semantics and applications of process and program algebra , 2007 .

[44] S. Ray. Attaching Efficient Executability to Partial Functions in ACL 2 , 2004 .

[45] Natarajan Shankar,et al. Static Analysis for Safe Destructive Updates in a Functional Language , 2001, LOPSTR.

[46] Manish Mahajan,et al. Proof carrying code , 2015 .

[47] César Muñoz,et al. From Verified Models to Verifiable Code , 2009 .

[48] Hossein Rahmani,et al. Analysis of protein-protein interaction networks by means of annotated graph mining algorithms , 2012 .

[49] Flavio D. Garcia. Formal and Computational Cryptography: Protocols, Hashes and Commitments , 2008 .

[50] Ileana Buhan,et al. Cryptographic keys from noisy data, theory and applications , 2008 .

[51] Ali Mesbah,et al. Analysis and Testing of Ajax-based Single-page Web Applications , 2009 .

[52] Marius Adrian Marin,et al. An Integrated System to Manage Crosscutting Concerns in Source Code , 2008 .

[53] Marko C. J. D. van Eekelen,et al. Machine Checked Formal Proof of a Scheduling Protocol for Smartcard Personalization , 2007, FMICS.

[54] Hendrik Tews,et al. Nova Micro--Hypervisor Verification , 2008 .

[55] Neal Leavitt,et al. Internet Security under Attack: The Undermining of Digital Certificates , 2011, Computer.

[56] Ronald Middelkoop,et al. Capturing and exploiting abstract views of states in OO verification , 2011 .

[57] Lawrence Charles Paulson,et al. Isabelle/HOL: A Proof Assistant for Higher-Order Logic , 2002 .

[58] C. J. Boogerd,et al. Focusing Automatic Code Inspections , 2010 .

[59] Claude Marché,et al. Multi-prover Verification of C Programs , 2004, ICFEM.

[60] Bart Jacobs,et al. Code-carrying theories , 2006, Formal Aspects of Computing.

[61] Angelika Mader. Deriving schedules for a smart card personalisation system , 2004 .

[62] Yves Bertot,et al. Interactive Theorem Proving and Program Development: Coq'Art The Calculus of Inductive Constructions , 2010 .

[63] Xavier Leroy,et al. Formal verification of a realistic compiler , 2009, CACM.

[64] Jeroen Doumen,et al. Searching in encrypted data , 2004 .

[65] Jan Friso Groote,et al. The Formal Specification Language mCRL2 , 2006, MMOSS.

[66] J. Kwisthout,et al. The Computational Complexity of Probabilistic Networks , 2009 .

[67] Frits W. Vaandrager,et al. Control Synthesis for a Smart Card Personalization System Using Symbolic Model Checking , 2003, FORMATS.

[68] Anton Wijs,et al. What to do next? Analysing and optimising system behaviour in time , 2007 .

[69] Aah Ammar Osaiweran. Formal development of control software in the medical systems domain , 2012 .

[70] W. Eric Wong,et al. Recent Catastrophic Accidents: Investigating How Software was Responsible , 2010, 2010 Fourth International Conference on Secure Software Integration and Reliability Improvement.

[71] RH Rudolf Mak,et al. Design and performance analysis of data-independent stream processing systems , 2008 .

[72] G. S. Graham. A New Solution of Dijkstra ' s Concurrent Programming Problem , 2022 .

[73] Lionel Mamane,et al. Interactive mathematical documents: creation and presentation , 2004 .

[74] César A. Muñoz,et al. Rapid Prototyping in PVS , 2013 .

[75] Tingting Han,et al. Diagnosis, Synthesis and Analysis of Probabilistic Models , 2009, Ausgezeichnete Informatikdissertationen.

[76] S Miner Paul,et al. Defining the IEEE-854 Floating-Point Standard in PVS , 1995 .

[77] Aad Mathssen,et al. Logical Calculi for Reasoning with Binding , 2008 .

[78] Natarajan Shankar,et al. Evaluating, Testing, and Animating PVS Specications , 2001 .

[79] Harald Ruess,et al. Case Studies in Meta-Level Theorem Proving , 1998, TPHOLs.

[80] Seyyed Hamed Hashemi,et al. Studies on verification of wireless sensor networks and abstraction learning for system inference , 2008 .

[81] Steve Sims,et al. TAME: A PVS Interface to Simplify Proofs for Automata Models , 1998 .

[82] R.S.S. O'Connor,et al. Incompleteness & completeness : formalizing logic and analysis in type theory , 2005 .

[83] Marko C. J. D. van Eekelen,et al. Deadlock and starvation free reentrant readers-writers: A case study combining model checking with theorem proving , 2011, Sci. Comput. Program..

[84] Kab Kevin Verbeek. Algorithms for cartographic visualization , 2012 .

[85] Ichiro Hasuo,et al. Tracing Anonymity with Coalgebras , 2008 .

[86] Edsger W. Dijkstra,et al. A Discipline of Programming , 1976 .

[87] Nikolay Kavaldjiev,et al. A run-time reconfigurable Network-on-Chip for streaming DSP applications , 2006 .

[88] Eduardo Zambon,et al. Abstract Graph Transformation - Theory and Practice , 2013 .

[89] Jens R. Calamé,et al. Testing reactive systems with data: enumerative methods and constraint solving , 2008 .

[90] Panagiotis Manolios,et al. Computer-Aided Reasoning: An Approach , 2011 .

[91] A Adam Koprowski,et al. Termination of rewriting and its certification , 2004 .

[92] Saeed Sedghi,et al. Towards Provably Secure Efficiently Searchable Encryption , 2012 .

[93] António Menezes Leitão. Migration of Common Lisp Programs to the Java Platform -The Linj Approach , 2007, 11th European Conference on Software Maintenance and Reengineering (CSMR'07).

[94] Yanjing Wang,et al. Epistemic Modelling and Protocol Dynamics , 2010 .

[95] Scw Bas Ploeger,et al. Improved verification methods for concurrent systems , 2009 .

[96] Bernhard Beckert,et al. KeY: A Formal Method for Object-Oriented Systems , 2007, FMOODS.

[97] David Lorge Parnas,et al. Concurrent control with “readers” and “writers” , 1971, CACM.

[98] Christian Krause,et al. Reconfigurable Component Connectors , 2011 .

[99] Hasan Sözer,et al. Architecting Fault-Tolerant Software Systems , 2009 .

[100] Gerard J. Holzmann,et al. The Model Checker SPIN , 1997, IEEE Trans. Software Eng..

[101] David Detlefs,et al. Simplify: a theorem prover for program checking , 2005, JACM.

[102] Marcel Verhoef,et al. Modeling and validating distributed embedded real-time control systems , 2009 .

[103] B. J. Arnoldus,et al. An illumination of the template enigma : software code generation with templates , 2011 .

[104] Pierre Letouzey,et al. A New Extraction for Coq , 2002, TYPES.

[105] Cfj Christian Lange,et al. Assessing and improving the quality of modeling : a series of empirical studies about the UML , 2007 .

[106] James C. Corbett,et al. Bandera: extracting finite-state models from Java source code , 2000, ICSE.

[107] J. K. Berendsen,et al. Abstraction, prices and probability in model checking timed automata , 2010 .

[108] Joseph Sifakis,et al. Specification and verification of concurrent systems in CESAR , 1982, Symposium on Programming.

[109] Bastiaan Stephan Graaf,et al. Model-Driven Evolution of Software Architectures , 2007, 11th European Conference on Software Maintenance and Reengineering (CSMR'07).

[110] M. D. Berg,et al. Optimal Geometric Data Structures , 2007 .

[111] E Elena Mumford,et al. Drawing graphs for cartographic applications , 2008 .

[112] Hendrik Michaël van der Bijl,et al. On changing models in model-based testing , 2011 .

[113] Harmen Kastenberg. Graph-based software specification and verification , 2008 .

[114] Ljp Luc Engelen. From napkin sketches to reliable software , 2012 .

[115] Mordechai Ben-Ari,et al. Principles of the spin model checker , 2008 .

[116] Mari Antonius Cornelis Dekker,et al. Flexible Access Control for Dynamic Collaborative Environments , 2009 .

[117] M. T. de Berg,et al. Multi-functional geometric data structures , 2003 .

[118] Mohammad Mahdi Jaghoori,et al. Time At Your Service: Schedulability Analysis of Real-Time and Distributed Services , 2010 .

[119] Natarajan Shankar,et al. Subtypes for Specifications: Predicate Subtyping in PVS , 1998, IEEE Trans. Software Eng..

[120] U Uzma Khadim,et al. Process algebras for hybrid systems : comparison and development , 2008 .

[121] Marko C. J. D. van Eekelen,et al. Generating Verifiable Java Code from Verified PVS Specifications , 2012, NASA Formal Methods.

[122] Thomas Bäck,et al. Mixed-integer evolution strategies for parameter optimization and their applications to medical image analysis , 2005 .

[123] Roger M. Bailey,et al. Experimental Validation: Subscale Aircraft Ground Facilities and Integrated Test Capability , 2005 .

[124] M. G. van der Horst,et al. Scalable block processing algorithms , 2008 .

[125] Bernhard Beckert,et al. The KeY tool , 2005, Software & Systems Modeling.

[126] Dmitri Jarnikov,et al. QoS framework for video streaming in home networks , 2007 .

[127] Pascal Durr,et al. Resource-based Verification for Robust Composition of Aspects , 2008 .

[128] Iris Loeb. Natural Deduction, Sharing By Presentation , 2007 .

[129] A. L. de Groot,et al. Practical Automaton proofs in PVS , 2000 .

[130] Natarajan Shankar,et al. An Integration of Model Checking with Automated Proof Checking , 1995, CAV.

[131] Myla Archer,et al. TAME: Using PVS strategies for special-purpose theorem proving , 2001, Annals of Mathematics and Artificial Intelligence.

[132] R. Bakhshi. Gossiping Models : Formal Analysis of Epidemic Protocols , 2011 .

[133] Tim K. Cocx,et al. Metrics and visualisation for crime analysis and genomics , 2005 .

[134] D. Costa. Formal models for component connectors , 2010 .

[135] Natarajan Shankar,et al. Combining Theorem Proving and Model Checking through Symbolic Analysis , 2000, CONCUR.

[136] W. Kuijper. Compositional Synthesis of Safety Controllers , 2012 .

[137] K. Tsirogiannis,et al. Analysis of flow and visibility on triangulated terrains , 2011 .

[138] Jakob Rehof,et al. Zing: A Model Checker for Concurrent Software , 2004, CAV.

[139] Anton Wijs,et al. Silent steps in transition systems and Markov chains , 2007 .

[140] H. Hansen. Coalgebraic Modelling : Applications in Automata theory and Modal logic , 2009 .

[141] Marko C. J. D. van Eekelen,et al. Reentrant Readers-Writers: A Case Study Combining Model Checking with Theorem Proving , 2009, FMICS.

[142] Cliff B. Jones,et al. Systematic software development using VDM , 1986, Prentice Hall International Series in Computer Science.

[143] Gürcan Gülesir,et al. Evolvable Behavior Specifications Using Context-Sensitive Wildcards , 2008 .

[144] Amir Pnueli,et al. Translation Validation , 1998, TACAS.

[145] Jean-Raymond Abrial,et al. The B-book - assigning programs to meanings , 1996 .

[146] Miguel E. Andrés,et al. Quantitative Analysis of Information Leakage in Probabilistic and Nondeterministic Systems , 2011, ArXiv.

[147] Eu-Jin Goh,et al. Searching on Encrypted Data , 2003 .

[148] Magiel Bruntink,et al. Renovation of idiomatic crosscutting concerns in embedded systems , 2005 .

[149] Sérgio Vale Aguiar Campos,et al. Symbolic Model Checking , 1993, CAV.

[150] R. Boumen,et al. Integration and test plans for complex manufacturing systems , 2007 .

[151] John Businge,et al. Co-evolution of the Eclipse SDK Framework and Its Third-Party Plug-Ins , 2013, 2013 17th European Conference on Software Maintenance and Reengineering.

[152] Emmanuele Zambon,et al. Towards optimal IT availability planning: methods and tools , 2011 .

[153] Natarajan Shankar,et al. PVS: A Prototype Verification System , 1992, CADE.

[154] Martijn van Veelen,et al. Considerations on modeling for early detection of abnormalities in locally autonomous distributed systems , 2007 .

[155] David Lorge Parnas,et al. Inspection of Concurrent Systems: Combining Tables, Theorem Proving and Model Checking , 2006, Software Engineering Research and Practice.

[156] J. Rushby,et al. Formal verification of algorithms for critical systems , 1991, SIGSOFT '91.

[157] José Proença,et al. Synchronous Coordination of Distributed Components , 2011 .

[158] Jja Jeroen Keiren,et al. Advanced reduction techniques for model checking , 2013 .

[159] Christine Paulin-Mohring,et al. Synthesis of ML Programs in the System Coq , 1993, J. Symb. Comput..

[160] Werner Heijstek,et al. Architecture design in global and model-centric software development , 2012 .

[161] Natarajan Shankar,et al. Experiments in Theorem Proving and Model Checking for Protocol Verification , 1996, FME.

[162] B. Lijnse,et al. TOP to the rescue. Task-oriented programming for incident response applications , 2005 .

[163] Jean-Christophe Filliâtre,et al. Verification of non-functional programs using interpretations in type theory , 2003, J. Funct. Program..

[164] Matthew B. Dwyer,et al. Checking JML specifications using an extensible software model checking framework , 2006, International Journal on Software Tools for Technology Transfer.

[165] Marko C. J. D. van Eekelen,et al. Analysis of a Session-Layer Protocol in mCRL2 , 2007, FMICS.

[166] Michael D. Ernst,et al. An overview of JML tools and applications , 2003, International Journal on Software Tools for Technology Transfer.

[167] Corina S. Pasareanu,et al. JPF-SE: A Symbolic Execution Extension to Java PathFinder , 2007, TACAS.

[168] David Holmes,et al. Java Concurrency in Practice , 2006 .

[169] Andrew P. Tolmach,et al. From ML to Ada: Strongly-typed language interoperability via source translation , 1998, Journal of Functional Programming.

[170] Z Zvezdan Protic,et al. Configuration management for models : generic methods for model comparison and model co-evolution , 2011 .

[171] van Mpwj Michiel Osch. Model-based testing of hybrid systems , 2007 .

[172] Alfons Geser,et al. Abstractions for Fault-Tolerant Distributed System Verification , 2004, TPHOLs.

[173] Shamim Ripon,et al. Verification of Symmetry Detection using PVS , 2010, Electron. Commun. Eur. Assoc. Softw. Sci. Technol..

[174] Ivan S. Zapreev. Model checking Markov chains : techniques and tools , 2008 .

[175] Dhp Dirk Gerrits. Pushing and pulling : computing push plans for disk-shaped robots, and dynamic labelings for moving points , 2013 .

[176] Tobias Nipkow,et al. Executing Higher Order Logic , 2000, TYPES.

[177] Arthur I. Baars,et al. Embedded Compilers , 2009 .

[178] Stephanie Kemper,et al. Modelling and analysis of real-time coordination patterns , 2011 .

[179] Adriaan Middelkoop,et al. Inference of Program Properties with Attribute Grammars, Revisited , 2012 .

[180] Gerard J. Holzmann,et al. The SPIN Model Checker - primer and reference manual , 2003 .

[181] D. E. Nadales Agut,et al. A Compositional Interchange Format for Hybrid Systems: Design and Implementation , 2012 .

[182] Christel Baier,et al. Principles of model checking , 2008 .

[183] César Muñoz,et al. Design and Verification of a Distributed Communication Protocol , 2009 .

[184] Fpm Frank Stappers. Bridging formal models : an engineering perspective , 2012 .

[185] van Mf Marcel Amstel,et al. Assessing and improving the quality of model transformations , 2012 .

[186] Jasen Markovski,et al. Real and stochastic time in process algebras for performance evaluation , 2008 .

[187] Raluca Marin-Perianu,et al. Wireless Sensor Networks in Motion - Clustering Algorithms for Service Discovery and Provisioning , 2008 .

[188] Marcin Czenko,et al. TuLiP : reshaping trust management , 2009 .

[189] Somayeh Malakuti Khah Olun Abadi. Event composition model: achieving naturalness in runtime enforcement , 2011 .

[190] Farhad Arbab,et al. Model Checking of Component Connectors , 2007, 31st Annual International Computer Software and Applications Conference (COMPSAC 2007).

[191] A. Prasad Sistla,et al. Automatic verification of finite state concurrent system using temporal logic specifications: a practical approach , 1983, POPL '83.

[192] M. S. Greiler,et al. Test Suite Comprehension for Modular and Dynamic Systems , 2013 .

[193] Marco Antonio Barbosa. A refinement calculus for software components and architectures , 2005, ESEC/FSE-13.

[194] de Ism Ivo Jong. Integration and test strategies for complex manufacturing machines , 2008 .

[195] A. Morali,et al. IT architecture-based confidentiality risk assessment in networks of organizations , 2011 .

[196] S. Georgievska. Probability and Hiding in Concurrent Processes ( thesis abstract ) , 2011 .

[197] Shmuel Katz,et al. Faithful Translations among Models and Specifications , 2001, FME.

[198] Mohammed G. Khatib. MEMS-Based Storage Devices : Integration in Energy-Constrained Mobile Systems , 2009 .

[199] V. Laz. Faculty of Mathematics and Computer Science , 2011 .

[200] Lacramioara Astefanoaei,et al. An executable theory of multi-agent systems refinement , 2011 .

[201] Arjen van Weelden,et al. Putting Types To Good Use , 2007 .

[202] Karina R. Olmos Joffré. Strategies for Context Sensitive Program Transformation , 2009 .