The highs and lows of deploying Formal Methods in Industry

Electron. Commun. Eur. Assoc. Softw. Sci. Technol. Pub Date : 2014-11-18 DOI:10.14279/tuj.eceasst.70.976

G. Broadfoot

{"title":"The highs and lows of deploying Formal Methods in Industry","authors":"G. Broadfoot","doi":"10.14279/tuj.eceasst.70.976","DOIUrl":null,"url":null,"abstract":"I attended my first software conference in 1968; it was organised by NATO with the title “The Software Crisis.” Many of the papers presented then could have been written yesterday; the problems of the software industry in producing reliable, correct software in the face of increasing complexity and shrinking time to market pressures have not fundamentally changed that much. In the intervening years as a community we have developed various tactics for trying to minimise software errors. Advances in theorem proving and model checking are good examples of systematic efforts to improve software correctness. Nevertheless, it remains the case that such approaches are rarely if ever encountered in the industrial workplace, with the possible exception of some safety critical domains, such as the software controlling nuclear power plants. In spite advances in formal methods and supporting tools, the tools available to programmers for verifying assertions about program execution are complex and require knowledge and skills that most practicing programmers do not have. Formal proofs remain difficult to construct, especially for anything but the simplest of programs. Merely constructing assertions to characterise program correctness is a difficult challenge. In 1998, I conceived the idea of combing model checking, code generation and the specification approach of Sequence-based Specification together to form an integrated software design platform for developing software components whose design (implementation) would be formally verified for correctness with respect to its specification. Other general correctness properties such as freedom from deadlocks, non-determinism, incomplete cases, etc. would also be verified. Verification would be performed by automatically translating Sequence-based specifications into semanti- cally equivalent CSP process algebra and then applying the model-checking engine FDR2. After verification was completed, semantically equivalent source code would be generated in one of several supported high-level languages. These ideas were developed further together with Philippa Hopcroft and in 2003 a company was founded to develop a commercial implementation of a development platform based on these ideas. In this talk, I will present an overview of the develop-ment platform and the technologies used. I will then discuss the experience gained during 10 years of trying to introduce this approach into industry and the lessons learned along the way.","PeriodicalId":115235,"journal":{"name":"Electron. Commun. Eur. Assoc. Softw. Sci. Technol.","volume":"65 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2014-11-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Electron. Commun. Eur. Assoc. Softw. Sci. Technol.","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.14279/tuj.eceasst.70.976","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 0

Abstract

I attended my first software conference in 1968; it was organised by NATO with the title “The Software Crisis.” Many of the papers presented then could have been written yesterday; the problems of the software industry in producing reliable, correct software in the face of increasing complexity and shrinking time to market pressures have not fundamentally changed that much. In the intervening years as a community we have developed various tactics for trying to minimise software errors. Advances in theorem proving and model checking are good examples of systematic efforts to improve software correctness. Nevertheless, it remains the case that such approaches are rarely if ever encountered in the industrial workplace, with the possible exception of some safety critical domains, such as the software controlling nuclear power plants. In spite advances in formal methods and supporting tools, the tools available to programmers for verifying assertions about program execution are complex and require knowledge and skills that most practicing programmers do not have. Formal proofs remain difficult to construct, especially for anything but the simplest of programs. Merely constructing assertions to characterise program correctness is a difficult challenge. In 1998, I conceived the idea of combing model checking, code generation and the specification approach of Sequence-based Specification together to form an integrated software design platform for developing software components whose design (implementation) would be formally verified for correctness with respect to its specification. Other general correctness properties such as freedom from deadlocks, non-determinism, incomplete cases, etc. would also be verified. Verification would be performed by automatically translating Sequence-based specifications into semanti- cally equivalent CSP process algebra and then applying the model-checking engine FDR2. After verification was completed, semantically equivalent source code would be generated in one of several supported high-level languages. These ideas were developed further together with Philippa Hopcroft and in 2003 a company was founded to develop a commercial implementation of a development platform based on these ideas. In this talk, I will present an overview of the develop-ment platform and the technologies used. I will then discuss the experience gained during 10 years of trying to introduce this approach into industry and the lessons learned along the way.

查看原文本刊更多论文

在工业中部署形式化方法的高潮和低谷

1968年，我第一次参加了软件会议;它是由北约组织的，题目是“软件危机”。当时提交的许多论文可能是昨天写的;面对日益增加的复杂性和缩短的市场压力，软件行业在生产可靠、正确的软件方面的问题并没有从根本上改变多少。在此期间，作为一个社区，我们开发了各种策略来尽量减少软件错误。定理证明和模型检查方面的进展是系统努力提高软件正确性的好例子。然而，除了一些安全关键领域，例如控制核电站的软件，这种方法在工业工作场所很少遇到，如果有的话。尽管在形式化方法和支持工具方面取得了进步，但程序员用于验证关于程序执行的断言的工具是复杂的，并且需要大多数实践程序员所不具备的知识和技能。形式化的证明仍然很难构造，特别是对于除了最简单的程序之外的任何东西。仅仅构造断言来描述程序的正确性是一项艰巨的挑战。1998年，我提出了将模型检查、代码生成和基于序列的规范方法结合在一起，形成一个集成的软件设计平台，用于开发软件组件，其设计(实现)将根据其规范进行正式的正确性验证。其他一般正确性属性，如免于死锁、非确定性、不完整情况等，也将得到验证。验证将通过自动将基于序列的规范转换为语义等效的CSP过程代数，然后应用模型检查引擎FDR2来执行。验证完成后，将以几种受支持的高级语言之一生成语义等效的源代码。这些想法与Philippa Hopcroft一起进一步发展，并于2003年成立了一家公司，以开发基于这些想法的开发平台的商业实现。在这次演讲中，我将概述开发平台和使用的技术。然后，我将讨论在将这种方法引入行业的10年中所获得的经验以及在此过程中吸取的教训。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Electron. Commun. Eur. Assoc. Softw. Sci. Technol.

自引率

0.00%

发文量