Correctness by construction: developing a commercial secure system

Hall, Anthony; Chapman, Roderick

doi:10.1109/52.976937

Cited by 201 publications

(81 citation statements)

References 4 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…FDR [GRABR16,GRABR14] is a model checker for CSP, allowing formal verification of freedom from deadlock and livelock, process refinement and equivalence-at least, for systems of finite (and sufficiently small) size. FDR has a long and successful history of use in the analysis of complex safety-critical systems [SD04,Bar95,HC02,BKPS97,BPS99,Low96,MS07].…”

Section: Formal Verificationmentioning

confidence: 99%

The symbiosis of concurrency and verification: teaching and case studies

Pedersen

Welch

2018

Form. Asp. Comput.

View full text Add to dashboard Cite

Abstract.Concurrency is beginning to be accepted as a core knowledge area in the undergraduate CS curriculum-no longer isolated, for example, as a support mechanism in a module on operating systems or reserved as an advanced discipline for later study. Formal verification of system properties is often considered a difficult subject area, requiring significant mathematical knowledge and generally restricted to smaller systems employing sequential logic only. This paper presents materials, methods and experiences of teaching concurrency and verification as a unified subject, as early as possible in the curriculum, so that they become fundamental elements of our software engineering tool kit-to be used together every day as a matter of course. Concurrency and verification should live in symbiosis. Verification is essential for concurrent systems as testing becomes especially inadequate in the face of complex non-deterministic (and, therefore, hard to repeat) behaviours. Concurrency should simplify the expression of most scales and forms of computer system by reflecting the concurrency of the worlds in which they operate (and, therefore, have to model); simplified expression leads to simplified reasoning and, hence, verification. Our approach lets these skills be developed without requiring students to be trained in the underlying formal mathematics. Instead, we build on the work of those who have engineered that necessary mathematics into the concurrency models we use (CSP, π -calculus), the model checker (FDR) that lets us explore and verify those systems, and the programming languages/libraries (occam-π , Go, JCSP, ProcessJ) that let us design and build efficient executable systems within these models. This paper introduces a workflow methodology for the development and verification of concurrent systems; it also presents and reflects on two open-ended case studies, using this workflow, developed at the authors' two universities. Concerns analysed include safety (don't do bad things), liveness (do good things) and low probability deadlock (that testing fails to discover). The necessary technical background is given to make this paper self-contained and its work simple to reproduce and extend.

show abstract

Section: Formal Verificationmentioning

confidence: 99%

The symbiosis of concurrency and verification: teaching and case studies

Pedersen

Welch

2018

Form. Asp. Comput.

View full text Add to dashboard Cite

show abstract

“…The benefits will extend also to the evolution and enhancement of legacy code, as well as the design and development of new code. Eventually programmers will prefer to confine their use of their programming language to those features and structured design patterns which facilitate automatic checks of correctness [4,5].…”

Section: The Verifying Compiler: Implementation and Applicationmentioning

confidence: 99%

The Verifying Compiler: A Grand Challenge for Computing Research

Hoare

2003

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Abstract. I propose a set of criteria which distinguish a grand challenge in science or engineering from the many other kinds of short-term or long-term research problems that engage the interest of scientists and engineers. As an example drawn from Computer Science, I revive an old challenge: the construction and application of a verifying compiler that guarantees correctness of a program before running it.

show abstract

“…Dijkstra and Hoare focussed on the construction of provably correct programs based on weakest precondition semantics [21,28], whereas Hall and Chapman focussed on an effective and economical software development process, from user requirements to implementation, based on zero tolerance of defects [26,27]. We consider another approach to correctness-by-construction, namely synthesis seen as the development of a supervisor (or supervisory controller) in order to coordinate an assembly of (local) components into a (global) system that functions correctly.…”

Section: Introductionmentioning

confidence: 99%

Supervisory Controller Synthesis for Product Lines Using CIF 3

Beek

Reniers

Vink

2016

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Abstract. Using the CIF 3 toolset, we illustrate the general idea of controller synthesis for product line engineering for a prototypical example of a family of coffee machines. The challenge is to integrate a number of given components into a family of products such that the resulting behaviour is guaranteed to respect an attributed feature model as well as additional behavioural requirements. The proposed correctness-byconstruction approach incrementally restricts the composed behaviour by subsequently incorporating feature constraints, attribute constraints and temporal constraints. The procedure as presented focusses on synthesis, but leaves ample opportunity to handle e.g. uncontrollable behaviour, dynamic reconfiguration, and product-and family-based analysis.

show abstract

Correctness by construction: developing a commercial secure system

Cited by 201 publications

References 4 publications

The symbiosis of concurrency and verification: teaching and case studies

The symbiosis of concurrency and verification: teaching and case studies

The Verifying Compiler: A Grand Challenge for Computing Research

Supervisory Controller Synthesis for Product Lines Using CIF 3

Contact Info

Product

Resources

About