Software Validation via Model Animation

This paper explores a new approach to validating software implementations that have been produced from formally-verified algorithms. Although visual inspection gives some confidence that the implementations faithfully reflect the formal models, it does not provide complete assurance that the software is correct. The proposed approach, which is based on animation of formal specifications, compares the outputs computed by the software implementations on a given suite of input values to the outputs computed by the formal models on the same inputs, and determines if they are equal up to a given tolerance. The approach is illustrated on a prototype air traffic management system that computes simple kinematic trajectories for aircraft. Proofs for the mathematical models of the system’s algorithms are carried out in the Prototype Verification System (PVS). The animation tool PVSio is used to evaluate the formal models on a set of randomly generated test cases. Output values computed by PVSio are compared against output values computed by the actual software. This comparison improves the assurance that the translation from formal models to code is faithful and that, for example, floating point errors do not greatly affect correctness and safety properties.

[1]  Eric Barboni,et al.  High-Fidelity Prototyping of Interactive Systems Can Be Formal Too , 2009, HCI.

[2]  Tobias Nipkow,et al.  Random testing in Isabelle/HOL , 2004, Proceedings of the Second International Conference on Software Engineering and Formal Methods, 2004. SEFM 2004..

[3]  Claude Marché,et al.  Formal Verification of Numerical Programs: From C Annotated Programs to Mechanical Proofs , 2011, Math. Comput. Sci..

[4]  Sarfraz Khurshid,et al.  Symbolic execution for software testing in practice: preliminary assessment , 2011, 2011 33rd International Conference on Software Engineering (ICSE).

[5]  Harold W. Thimbleby,et al.  Using PVSio-web to Demonstrate Software Issues in Medical User Interfaces , 2014, FHIES/SEHC.

[6]  Jean-Pierre Jacquot,et al.  JeB: Safe Simulation of Event-B Models in JavaScript , 2013, 2013 20th Asia-Pacific Software Engineering Conference (APSEC).

[7]  Ricky W. Butler,et al.  Towards a Formal Semantics of Flight Plans and Trajectories , 2014 .

[8]  Koushik Sen,et al.  CUTE: a concolic unit testing engine for C , 2005, ESEC/FSE-13.

[9]  Ricky W. Butler Formalization of the Integral Calculus in the PVS Theorem Prover , 2009, J. Formaliz. Reason..

[10]  César A. Muñoz,et al.  Rapid Prototyping in PVS , 2013 .

[11]  Bernhard K. Aichernig,et al.  Formal specification techniques as a catalyst in validation , 2000, Proceedings. Fifth IEEE International Symposium on High Assurance Systems Engineering (HASE 2000).

[12]  Bertrand Meyer,et al.  Programs That Test Themselves , 2009, Computer.

[13]  Natarajan Shankar,et al.  PVS: A Prototype Verification System , 1992, CADE.

[14]  César Muñoz,et al.  State-Based Implicit Coordination and Applications , 2011 .

[15]  Marko C. J. D. van Eekelen,et al.  Generating Verifiable Java Code from Verified PVS Specifications , 2012, NASA Formal Methods.

[16]  Claude Marché,et al.  Verification of the functional behavior of a floating-point program: An industrial case study , 2014, Sci. Comput. Program..

[17]  Sylvie Boldo Deductive Formal Verification: How To Make Your Floating-Point Programs Behave , 2014 .

[18]  Natarajan Shankar,et al.  Evaluating, Testing, and Animating PVS Specications , 2001 .

[19]  Michael J. Butler,et al.  ProB: A Model Checker for B , 2003, FME.

[20]  Shigeru Kusakabe,et al.  Performance Evaluation of A Testing Framework Using QuickCheck and Hadoop , 2012, J. Inf. Process..

[21]  Ricky W. Butler,et al.  Stratway: A Modular Approach to Strategic Conflict Resolution , 2011 .

[22]  Koen Claessen,et al.  QuickCheck: a lightweight tool for random testing of Haskell programs , 2000, ICFP.

[23]  J Hayhurst Kelly,et al.  A Practical Tutorial on Modified Condition/Decision Coverage , 2001 .

[24]  Bertrand Meyer,et al.  Applying 'design by contract' , 1992, Computer.