Software verification and system assurance

SEFM 2009 - 7th IEEE International Conference on Software Engineering and Formal Methods

Volumn , Issue , 2009, Pages 3-10

  Rushby, John ^a  

^a SRI INTERNATIONAL   (United States)

Author keywords

Assurance; Formal verification; Possible perfection; Probabilistic assessment; Reliability

Indexed keywords

FORMAL VERIFICATION; FORMAL VERIFICATIONS; PROBABILISTIC ASSESSMENTS; SOFTWARE VERIFICATION; SYSTEM ASSURANCE; SYSTEM LEVELS;

COMPUTER SOFTWARE SELECTION AND EVALUATION; QUALITY ASSURANCE; SOFTWARE RELIABILITY; VERIFICATION;

FORMAL METHODS;

EID: 77749264954     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/SEFM.2009.39     Document Type: Conference Paper

References (50)

1. B. Littlewood, "The use of proof in diversity arguments," IEEE Transactions on Software Engineering, vol. 26, no. 10, pp. 1022-1023, Oct. 2000.
2. B. Littlewood and J. Rushby, Reasoning about the Reliability of Fault-Tolerant Systems in Which One Component is "Possibly Perfect", City University UK and SRI International USA, 2009, in preparation.
3. System Design and Analysis, Federal Aviation Administration, Jun. 21, 1988, advisory Circular 25.1309-1A.
4. E. Lloyd and W. Tye, Systematic Safety: Safety Assessment of Aircraft Systems. London, England: Civil Aviation Authority, 1982, reprinted 1992.
5. B. Littlewood and L. Strigini, "Validation of ultrahigh dependability for software-based systems," Communications of the ACM, pp. 69-80, Nov. 1993.
6. R. W. Butler and G. B. Finelli, "The infeasibility of experimental quantification of life-critical software reliability," IEEE Transactions on Software Engineering, vol. 19, no. 1, pp. 3-12, Jan. 1993.
7. J. May, G. Hughes, and A. D. Lunn, "Reliability estimation from appropriate testing of plant protection software," IEE/BCS Software Engineering Journal, vol. 10, no. 6, pp. 206-218, Nov. 1995.
8. D. E. Eckhardt, A. K. Caglayan, J. C. Knight, L. D. Lee, D. F. McAllister, M. A. Vouk, and J. P. J. Kelly, "An experimental evaluation of software redundancy as a strategy for improving reliability," IEEE Transactions on Software Engineering, vol. 17, no. 7, pp. 692-702, Jul. 1991.
9. J. C. Knight and N. G. Leveson, "An experimental evaluation of the assumption of independence in multiversion programming," IEEE Transactions on Software Engineering, vol. SE-12, no. 1, pp. 96-109, Jan. 1986.
10. D. E. Eckhardt, Jr. and L. D. Lee, "A theoretical basis for the analysis of multiversion software subject to coincident errors," IEEE Transactions on Software Engineering, vol. SE-11, no. 12, pp. 1511-1517, Dec. 1985.
11. B. Littlewood and D. R. Miller, "Conceptual modeling of coincident failures in multiversion software," IEEE Transactions on Software Engineering, vol. 15, no. 12, pp. 1596-1614, Dec. 1989.
12. Aerospace Recommended Practice (ARP) 4761: Guidelines and Methods for Conducting the Safety Assessment Process on Civil Airborne Systems and Equipment, Society of Automotive Engineers, Dec. 1996.
13. Aerospace Recommended Practice (ARP) 4754: Certification Considerations for Highly-Integrated or Complex Aircraft Systems, Society of Automotive Engineers, Nov. 1996, also issued as EUROCAE ED-79.
14. DO-178B: Software Considerations in Airborne Systems and Equipment Certification, Requirements and Technical Concepts for Aviation, Washington, DC, Dec. 1992, this document is known as EUROCAE ED-12B in Europe.
15. J. J. Chilenski and S. P. Miller, "Applicability of modified condition/decision coverage to software testing," Issued for information under FAA memorandum ANM-106N:93-20, Aug. 1993.
16. W. L. Oberkampf and J. C. Helton, "Alternative representations of epistemic uncertainty," Reliability Engineering and System Safety, vol. 85, no. 1-3, pp. 1-10, 2004.
17. A. O'Hagan, C. E. Buck, A. Daneshkhah, J. R. Eiser, P. H. Garthwaite, D. J. Jenkinson, J. E. Oakley, and T. Rakow, Uncertain Judgements: Eliciting Experts' Probabilities. Wiley, 2006.
18. Safety Assessment Principles for Nuclear Facilities, 2006th ed., UK Health and Safety Executive, Bootle, UK, available at http://www.hse.gov.uk/ nuclear/saps/saps2006.pdf.
19. Licensing of Safety Critical Software for Nuclear Reactors: Common Position of Seven European Nuclear Regulators and Authorised Technical Support Organizations, AVN Belgium, BfS Germany, CSN Spain, ISTec Germany, NII United Kingdom, SKI Sweden, STUK Finland, 2007, available at http://www.bfs.de/de/kerntechnik/sicherheit/Licensing safety critical software.pdf.
20. Air Traffic Services Safety Requirements, CAP 670, Safety Regulation Group, UK Civil Aviation Authority, Jun. 2008, see Part B, Section 3, Systems Engineering SW01: Regulatory Objectives for Software Safety Assurance in ATS Equipment; Available at http://www.caa.co.uk/docs/33/cap670.pdf.
21. Defence Standard 00-56, Issue 4: Safety Management Requirements for Defence Systems. Part 1: Requirements, UK Ministry of Defence, Jun. 2007, available at http://www.dstan.mod.uk/data/00/056/01000400.pdf.
22. Engineering Safety Management (The Yellow Book), Volumes 1 and 2, Fundamentals and Guidance, Issue 4, Rail Safety and Standards Board, London, UK, 2007, available from http://www.yellowbook-rail.org.uk/site/the-yellow- book/the-yellow-book.html.
23. Health and Safety at Work etc. Act, UK Health and Safety Executive, 1974, available at http://www.hse.gov.uk/legislation/hswa.htm;
24. guidance suite at http://www.hse.gov.uk/risk/theory/alarp.htm.
25. J. Rushby, "A safety-case approach for certifying adaptive systems," in AIAA Infotech@Aerospace Conference. Seattle WA: American Institute of Aeronautics and Astronautics, Apr. 2009, aIAA paper 2009-1992; available at http://www.csl.sri.com/users/rushby/abstracts/aiaa09.
26. - , "Runtime certification," in Eighth Workshop on Runtime Verification: RV08, ser. Lecture Notes in Computer Science, M. Leucker, Ed., vol. 5289. Budapest, Hungary: Springer-Verlag, Apr. 2008, pp. 21-35.
27. - , "Harnessing disruptive innovation in formal verification," in Fourth International Conference on Software Engineering and Formal Methods (SEFM), D. V. Hung and P. Pandya, Eds. Pune, India: IEEE Computer Society, Sep. 2006, pp. 21-28.
28. - , "Using model checking to help discover mode confusions and other automation surprises," Reliability Engineering and System Safety, vol. 75, no. 2, pp. 167-177, Feb. 2002, available at http://www.csl.sri. com/users/rushby/abstracts/ress02.
29. Safety Recommendations A-07-65 though -69, National Transportation Safety Board, Washington, DC, Oct. 2007, available at http://www.ntsb.gov/recs/ letters/2007/A07-65-69.pdf.
30. Safety Recommendation A-07-70 though -86, National Transportation Safety Board, Washington, DC, Oct. 2007, available at http://www.ntsb.gov/Recs/ letters/2007/A07-70-86.pdf.
31. In-Flight Upset Event, 154 km West of Learmonth, WA, 7 October 2008, VH-QPA Airbus A330-303, Australian Transport Safety Bureau, Mar. 2009, reference number AO-2008-070 Interim Factual, available at http://www.atsb.gov. au/publications/investigation reports/2008/AAIR/pdf/AO2008070-interim.pdf.
32. In-Flight Upset Event, 240 km North-West of Perth, WA, Boeing Company 777-200, 9M-MRG, 1 August 2005, Australian Transport Safety Bureau, Mar. 2007, reference number Mar2007/DOTARS 50165, available at http://www.atsb.gov. au/publications/investigation reports/2005/AAIR/aair200503722.aspx.
33. Report on the incident to Airbus A340-642, registration G-VATL enroute from Hong Kong to London Heathrow on 8 February 2005, UK Air Investigations Branch, 2007, available at http://www.aaib.gov.uk/publications/formal-reports/ 4-2007-g-vatl.cfm.
34. J. R. Shoenfield, Mathematical Logic. Reading, MA: Addison-Wesley, 1967.
35. M. Kaufmann and J. S. Moore, "An industrial strength theorem prover for a logic based on Common Lisp," IEEE Transactions on Software Engineering, vol. 23, no. 4, pp. 203-213, Apr. 1997, aCL2 home page: http://www.cs.utexas.edu/users/moore/acl2/.
36. C. Cornes, J. Courant, J. Filliâtre, G. Huet, P. Manoury, C. Paulin-Mohring, C. Muñoz, C. Murthy, C. Parent, A. Saibi, and B. Werner, "The Coq proof assistant reference manual, version 5.10," INRIA, Rocquencourt, France, Tech. Rep., Feb. 1995, coq home page: http:///coq.inria. fr.
37. M. J. C. Gordon and T. F. Melham, Eds., Introduction to HOL: A Theorem Proving Environment for Higher-Order Logic. Cambridge, UK: Cambridge University Press, 1993, hOL home page: http://www.cl.cam.ac.uk/Research/HVG/HOL/ .
38. L. C. Paulson, Isabelle: A Generic Theorem Prover, ser. Lecture Notes in Computer Science. Springer-Verlag, 1994, vol. 828, isabelle home page: http://www.cl.cam.ac.uk/research/hvg/Isabelle/.
39. S. Owre, J. Rushby, N. Shankar, and F. von Henke, "Formal verification for fault-tolerant architectures: Prolegomena to the design of PVS," IEEE Transactions on Software Engineering, vol. 21, no. 2, pp. 107-125, Feb. 1995, pVS home page: http://pvs.csl.sri.com.
40. S. Owre and N. Shankar, "Theory interpretations in PVS," Computer Science Laboratory, SRI International, Menlo Park, CA, Tech. Rep. SRI-CSL-01-01, Apr. 2001.
41. M. Saaltink, "Domain checking Z specifications," in LFM' 97: Fourth NASA Langley Formal Methods Workshop, ser. NASA Conference Publication 3356, C. M. Holloway and K. J. Hayhurst, Eds. Hampton, VA: NASA Langley Research Center, Sep. 1997, pp. 185-192, available at http://atb-www.larc.nasa.gov/Lfm97/proceedings/.
42. J. Crow, S. Owre, J. Rushby, N. Shankar, and D. Stringer-Calvert, "Evaluating, testing, and animating PVS specifications," Computer Science Laboratory, SRI International, Menlo Park, CA, Tech. Rep., Mar. 2001, available from http://www.csl.sri.com/users/rushby/abstracts/attachments.
43. L. Pike, "A note on inconsistent axioms in Rushby's "Systematic formal verification for fault-tolerant time-triggered algorithms"," IEEE Transactions on Software Engineering, vol. 32, no. 5, pp. 347-348, May 2006.
44. G. Hamon, L. de Moura, and J. Rushby, "Automated test generation with SAL," Computer Science Laboratory, SRI International, Menlo Park, CA, Technical Note, Sep. 2005, available at http://www.csl.sri.com/users/rushby/ abstracts/sal-atg.
45. M. Utting and B. Legeard, Practical Model-Based Testing. Morgan Kaufmann, 2006.
46. S. Rayadurgam and M. Heimdahl, "Coverage based test-case generation using model checkers," in Eighth International Conference and Workshop on the Engineering of Computer Based Systems (ECBS). Washington DC: IEEE Computer Society, Apr. 2001, pp. 83-91.
47. J. S. Moore, "A grand challenge proposal for formal methods: A verified stack," in Formal Methods at the Crossroads: From Panacea to Foundational Support, ser. Lecture Notes in Computer Science, vol. 2757. Lisbon, Portugal: Springer-Verlag, 2003, pp. 161-172, 10th Anniversary Colloquium of UNU/IIST the International Institute for Software Technology of The United Nations University.
48. M. Gordon, R. Milner, and C. Wadsworth, Edinburgh LCF: A Mechanized Logic of Computation, ser. Lecture Notes in Computer Science. Springer-Verlag, 1979, vol. 78.
49. J. Harrison, "Towards self-verification of HOL Light," in Automated Reasoning, Third International Joint Conference, IJCAR 2006, Seattle, WA, USA, August 17-20, 2006, Proceedings, ser. Lecture Notes in Computer Science, U. Furbach and N. Shankar, Eds., vol. 4130. Springer, 2006, pp. 177-191. [Online]. Available: http://dx.doi.org/10.1007/11814771-17
50. N. Shankar, "Trust and automation in verification tools," in 6th International Symposium on Automated Technology for Verification and Analysis (ATVA), ser. Lecture Notes in Computer Science, S. S. Cha, J.-Y. Choi, M. Kim, I. Lee, and M. Viswanathan, Eds., vol. 5311. Springer-Verlag, Oct. 2008, pp. 4-17.