25 November 2002 DeSIRE, Pisa Methods and Tools for Formal Design and Validation Michael Butler...
-
Upload
damian-allison -
Category
Documents
-
view
212 -
download
0
Transcript of 25 November 2002 DeSIRE, Pisa Methods and Tools for Formal Design and Validation Michael Butler...
![Page 1: 25 November 2002 DeSIRE, Pisa Methods and Tools for Formal Design and Validation Michael Butler University of Southampton mjb@ecs.soton.ac.uk.](https://reader035.fdocuments.us/reader035/viewer/2022072014/56649e915503460f94b970bb/html5/thumbnails/1.jpg)
25 November 2002 DeSIRE, Pisa
Methods and Tools for Formal Methods and Tools for Formal Design and ValidationDesign and Validation
Michael ButlerMichael Butler
University of SouthamptonUniversity of Southampton
[email protected]@ecs.soton.ac.uk
![Page 2: 25 November 2002 DeSIRE, Pisa Methods and Tools for Formal Design and Validation Michael Butler University of Southampton mjb@ecs.soton.ac.uk.](https://reader035.fdocuments.us/reader035/viewer/2022072014/56649e915503460f94b970bb/html5/thumbnails/2.jpg)
25 November 2002 DeSIRE, Pisa
Other ContributorsOther Contributors
Thierry Lecomte, ClearSy (FR)Thierry Lecomte, ClearSy (FR) Colin O’Halloran, QinetiQ (UK)Colin O’Halloran, QinetiQ (UK) Jerome Falampin, Siemens Transportation (FR)Jerome Falampin, Siemens Transportation (FR) Michael Goldsmith, Formal Systems (UK)Michael Goldsmith, Formal Systems (UK) Traian Muntean, CNRS (FR)Traian Muntean, CNRS (FR) Kaisa Sere, ÅKaisa Sere, Åbo Akademi (FIN)bo Akademi (FIN) Ursula Martin, University of St Andrews (UK)Ursula Martin, University of St Andrews (UK)
(Mostly MATISSE Partners)(Mostly MATISSE Partners)
![Page 3: 25 November 2002 DeSIRE, Pisa Methods and Tools for Formal Design and Validation Michael Butler University of Southampton mjb@ecs.soton.ac.uk.](https://reader035.fdocuments.us/reader035/viewer/2022072014/56649e915503460f94b970bb/html5/thumbnails/3.jpg)
25 November 2002 DeSIRE, Pisa
FMs and DependabilityFMs and Dependability
Fault Prevention (SW / HW)Fault Prevention (SW / HW) Code / design verification (MC / TP)Code / design verification (MC / TP)
Property languages (TL)Property languages (TL) Assertion languages (e.g. JML, Ada Compliance Notation)Assertion languages (e.g. JML, Ada Compliance Notation)
Correct by construction (e.g., VDM, B, Z)Correct by construction (e.g., VDM, B, Z) Stepwise design from system-level modelsStepwise design from system-level models Verification conditions at each step discharged using MC / TP Verification conditions at each step discharged using MC / TP Final step: automatic code generation Final step: automatic code generation
Fault RemovalFault Removal Code / design verification (MC / TP)Code / design verification (MC / TP) Model-based testingModel-based testing
![Page 4: 25 November 2002 DeSIRE, Pisa Methods and Tools for Formal Design and Validation Michael Butler University of Southampton mjb@ecs.soton.ac.uk.](https://reader035.fdocuments.us/reader035/viewer/2022072014/56649e915503460f94b970bb/html5/thumbnails/4.jpg)
25 November 2002 DeSIRE, Pisa
FMs and DependabilityFMs and Dependability
Fault ToleranceFault Tolerance Validation of fault tolerance mechanisms through Validation of fault tolerance mechanisms through
inclusion of faults in formal modelsinclusion of faults in formal modelsE.g., verify that a high-integrity system continues to satisfy E.g., verify that a high-integrity system continues to satisfy safety/security property in the presence of faults/attackssafety/security property in the presence of faults/attacks
Validation of failure modesValidation of failure modes
Fault EvaluationFault Evaluation Use of model checking to discover whether / how Use of model checking to discover whether / how
component faults can lead to system failurescomponent faults can lead to system failures Combine with risk analysis to target verification effortCombine with risk analysis to target verification effort
![Page 5: 25 November 2002 DeSIRE, Pisa Methods and Tools for Formal Design and Validation Michael Butler University of Southampton mjb@ecs.soton.ac.uk.](https://reader035.fdocuments.us/reader035/viewer/2022072014/56649e915503460f94b970bb/html5/thumbnails/5.jpg)
25 November 2002 DeSIRE, Pisa
FMs and DependabilityFMs and Dependability
CertificationCertification Formal models of system-level behaviour to Formal models of system-level behaviour to
aid identification and analysis of hazardsaid identification and analysis of hazards Specification reviewsSpecification reviews Proofs of safety preservation in designProofs of safety preservation in design Stronger validation of SW control wrt control Stronger validation of SW control wrt control
lawslaws Fully verified code / more thorough testingFully verified code / more thorough testing
![Page 6: 25 November 2002 DeSIRE, Pisa Methods and Tools for Formal Design and Validation Michael Butler University of Southampton mjb@ecs.soton.ac.uk.](https://reader035.fdocuments.us/reader035/viewer/2022072014/56649e915503460f94b970bb/html5/thumbnails/6.jpg)
25 November 2002 DeSIRE, Pisa
MATISSE ExperienceMATISSE Experience
Based on B Method and Atelier-BBased on B Method and Atelier-B Previous formal experience varied Previous formal experience varied
RailwayRailway: Formal relationship between system-: Formal relationship between system-level model and SW modellevel model and SW model
Smart CardsSmart Cards: formally developed applet verifier: formally developed applet verifier Modest increase in effort – for significant decrease in Modest increase in effort – for significant decrease in
design / programming errorsdesign / programming errors HealthcareHealthcare: analysis of fault tolerance and : analysis of fault tolerance and
failure modes for diagnostic device (UML+B)failure modes for diagnostic device (UML+B)
![Page 7: 25 November 2002 DeSIRE, Pisa Methods and Tools for Formal Design and Validation Michael Butler University of Southampton mjb@ecs.soton.ac.uk.](https://reader035.fdocuments.us/reader035/viewer/2022072014/56649e915503460f94b970bb/html5/thumbnails/7.jpg)
25 November 2002 DeSIRE, Pisa
ChallengesChallenges
More complex fault models at system levelMore complex fault models at system level Stronger integration of hazard analysis with Stronger integration of hazard analysis with
formal modelling and verificationformal modelling and verification Integration of numerical analysis / simulation Integration of numerical analysis / simulation
tools with verification toolstools with verification tools More powerful verification toolsMore powerful verification tools Make formal modelling and verification more Make formal modelling and verification more
appealing to systems engineersappealing to systems engineers Develop domain-specific specialisations / toolsDevelop domain-specific specialisations / tools Gather domain-specific evidenceGather domain-specific evidence
![Page 8: 25 November 2002 DeSIRE, Pisa Methods and Tools for Formal Design and Validation Michael Butler University of Southampton mjb@ecs.soton.ac.uk.](https://reader035.fdocuments.us/reader035/viewer/2022072014/56649e915503460f94b970bb/html5/thumbnails/8.jpg)
25 November 2002 DeSIRE, Pisa
Application AreasApplication Areas
AerospaceAerospace DefenceDefence TransportationTransportation UtilitiesUtilities E-commerce - security, dependable transactionsE-commerce - security, dependable transactions Fault-tolerant communications infrastructuresFault-tolerant communications infrastructures Ubiquitous computing devices and infrastructuresUbiquitous computing devices and infrastructures
![Page 9: 25 November 2002 DeSIRE, Pisa Methods and Tools for Formal Design and Validation Michael Butler University of Southampton mjb@ecs.soton.ac.uk.](https://reader035.fdocuments.us/reader035/viewer/2022072014/56649e915503460f94b970bb/html5/thumbnails/9.jpg)
25 November 2002 DeSIRE, Pisa
IST Projects using FMsIST Projects using FMs MATISSE (rail, smart cards, healthcare)MATISSE (rail, smart cards, healthcare) RISE (automotive)RISE (automotive) SAFEAIR, DAEDALUS (aerospace)SAFEAIR, DAEDALUS (aerospace) ADVANCE (telecoms)ADVANCE (telecoms) MAFTIA (comms infrastructures)MAFTIA (comms infrastructures) DSoS (dependable systems)DSoS (dependable systems) PROTOCURE (healthcare)PROTOCURE (healthcare) VERIFICARD (smart cards)VERIFICARD (smart cards) SYMBAD, PUSSEE (embedded electronics)SYMBAD, PUSSEE (embedded electronics) ……