- The document discusses Hi-Lite, a French research project that aims to combine unit testing and formal verification in Ada programs.
- It presents the translation from Ada to the Why3 verification language, including handling of types, contracts, loops, and other language features.
- The goal is to allow gradual adoption of formal verification while still leveraging existing tests, and apply verification to both new and legacy Ada code bases.
Insights demonstrate that more than 1.5 billion applications and recreations are downloaded each month. Think about this, each 100-200 individuals have an inclination and an application is right away worked for that. Presently it is reasonable why the requirement for Android application advancement is expanding so quickly Android training in Nagpur enables the understudies to learn Android programming and Android application improvement.
This presentation does a comparison between the IDL to C++ and the IDL to C++11 language mappings. By using several small IDL examples we show the user code you have to write and maintain when using one of the mappings.
Remedy IT provides various products that all support the IDL to C++11 language mapping. See http://www.remedy.nl/en/taox11 for TAOX11 and http://www.remedy.nl/en/axcioma for AXCIOMA
Learn more about C++Builder at http://www.embarcadero.com/products/cbuilder. John Thomas of Embarcadero Technologies presents C++ and its renewed usage in the high-growth mobile application development market with emphasis on the iOS and Android platforms. The presentation covers the brief history of C/C++, its renewed importance in modern application development with current frameworks, new C++11 language features, and vendor language extensions.
Insights demonstrate that more than 1.5 billion applications and recreations are downloaded each month. Think about this, each 100-200 individuals have an inclination and an application is right away worked for that. Presently it is reasonable why the requirement for Android application advancement is expanding so quickly Android training in Nagpur enables the understudies to learn Android programming and Android application improvement.
This presentation does a comparison between the IDL to C++ and the IDL to C++11 language mappings. By using several small IDL examples we show the user code you have to write and maintain when using one of the mappings.
Remedy IT provides various products that all support the IDL to C++11 language mapping. See http://www.remedy.nl/en/taox11 for TAOX11 and http://www.remedy.nl/en/axcioma for AXCIOMA
Learn more about C++Builder at http://www.embarcadero.com/products/cbuilder. John Thomas of Embarcadero Technologies presents C++ and its renewed usage in the high-growth mobile application development market with emphasis on the iOS and Android platforms. The presentation covers the brief history of C/C++, its renewed importance in modern application development with current frameworks, new C++11 language features, and vendor language extensions.
Yannick Moy's presentation on the Hi-Lite project at the ERTS 2012 event in Toulouse France. The paper "Integrating Formal Program Verification with Testing" can be found at http://www.erts2012.org/Site/0P2RUC89/7A-1.pdf
Learning c - An extensive guide to learn the C LanguageAbhishek Dwivedi
This document covers entire C language thoroughly. Its for all the students or professionals who would like to learn C or would like to brush up their knowledge with a quick recap.
CORBA Programming with TAOX11/C++11 tutorialRemedy IT
Remedy IT publishes this CORBA Programming with TAOX11/C++11 tutorial. This free tutorial gives an overview of TAOX11 and the IDL to C++11 language mapping and how it can be used to develop CORBA applications.
More information about TAOX11 is available at http://taox11.remedy.nl. Remedy IT provides free-of-charge TAOX11 evaluation licenses.
The tutorial is available for free from Remedy IT OSportal at http://osportal.remedy.nl. Additionally on the same website a set of example applications and header files can be found.
Remedy IT will extend the tutorial with more examples and information. Registered users on OSportal can configure email updates to get notified when the tutorial gets updated.
This Document about is C Programming language. You will learn Operators in C.
Types of operators-
Arithmetic Operators
Relational Operators
Increment Operator
Decrement Operator
Logical Operators
Conditional Operator
HDR Defence - Software Abstractions for Parallel ArchitecturesJoel Falcou
Performing large, intensive or non-trivial computing on array like data
structures is one of the most common task in scientific computing, video game
development and other fields. This matter of fact is backed up by the large number
of tools, languages and libraries to perform such tasks. If we restrict ourselves to
C++ based solutions, more than a dozen such libraries exists from BLAS/LAPACK
C++ binding to template meta-programming based Blitz++ or Eigen.
If all of these libraries provide good performance or good abstraction, none of
them seems to fit the need of so many different user types. Moreover, as parallel
system complexity grows, the need to maintain all those components quickly
become unwieldy. This thesis explores various software design techniques - like
Generative Programming, MetaProgramming and Generic Programming - and their
application to the implementation of various parallel computing libraries in such a
way that abstraction and expressiveness are maximized while efficiency overhead is
minimized.
Architecture DSLs are a useful tool to capture the cornerstones of platform or product line architectures. In addition, interesting analyses can be performed on the models, and much of the infrastructure and configuration code can be generated. On the flip side, these DSLs themselves must be architected consciously: while many architectural abstractions are specific to any given platform or product line, many other aspects are generic and hence can be reused for several architecture DSLs. In this talk I trace how my thinking on architecture modeling has changed over time, and how this is reflected in the architecture DSLs I have built (or helped to build), and how evolving tools have made these changes possible.
Yannick Moy's presentation on the Hi-Lite project at the ERTS 2012 event in Toulouse France. The paper "Integrating Formal Program Verification with Testing" can be found at http://www.erts2012.org/Site/0P2RUC89/7A-1.pdf
Learning c - An extensive guide to learn the C LanguageAbhishek Dwivedi
This document covers entire C language thoroughly. Its for all the students or professionals who would like to learn C or would like to brush up their knowledge with a quick recap.
CORBA Programming with TAOX11/C++11 tutorialRemedy IT
Remedy IT publishes this CORBA Programming with TAOX11/C++11 tutorial. This free tutorial gives an overview of TAOX11 and the IDL to C++11 language mapping and how it can be used to develop CORBA applications.
More information about TAOX11 is available at http://taox11.remedy.nl. Remedy IT provides free-of-charge TAOX11 evaluation licenses.
The tutorial is available for free from Remedy IT OSportal at http://osportal.remedy.nl. Additionally on the same website a set of example applications and header files can be found.
Remedy IT will extend the tutorial with more examples and information. Registered users on OSportal can configure email updates to get notified when the tutorial gets updated.
This Document about is C Programming language. You will learn Operators in C.
Types of operators-
Arithmetic Operators
Relational Operators
Increment Operator
Decrement Operator
Logical Operators
Conditional Operator
HDR Defence - Software Abstractions for Parallel ArchitecturesJoel Falcou
Performing large, intensive or non-trivial computing on array like data
structures is one of the most common task in scientific computing, video game
development and other fields. This matter of fact is backed up by the large number
of tools, languages and libraries to perform such tasks. If we restrict ourselves to
C++ based solutions, more than a dozen such libraries exists from BLAS/LAPACK
C++ binding to template meta-programming based Blitz++ or Eigen.
If all of these libraries provide good performance or good abstraction, none of
them seems to fit the need of so many different user types. Moreover, as parallel
system complexity grows, the need to maintain all those components quickly
become unwieldy. This thesis explores various software design techniques - like
Generative Programming, MetaProgramming and Generic Programming - and their
application to the implementation of various parallel computing libraries in such a
way that abstraction and expressiveness are maximized while efficiency overhead is
minimized.
Architecture DSLs are a useful tool to capture the cornerstones of platform or product line architectures. In addition, interesting analyses can be performed on the models, and much of the infrastructure and configuration code can be generated. On the flip side, these DSLs themselves must be architected consciously: while many architectural abstractions are specific to any given platform or product line, many other aspects are generic and hence can be reused for several architecture DSLs. In this talk I trace how my thinking on architecture modeling has changed over time, and how this is reflected in the architecture DSLs I have built (or helped to build), and how evolving tools have made these changes possible.
This presentation will introduce you to programming languages that support different programming paradigms and to give you the knowledge of basic concepts and techniques that will allow them to differentiate between various programming paradigms.
OOPs
The prime purpose of C++ programming was to add object orientation to the C programming language, which is in itself one of the most powerful programming languages.
The core of the pure object-oriented programming is to create an object, in code, that has certain properties and methods. While designing C++ modules, we try to see whole world in the form of objects. For example a car is an object which has certain properties such as color, number of doors, and the like. It also has certain methods such as accelerate, brake, and so on.
There are a few principle concepts that form the foundation of object-oriented programming:
Object
This is the basic unit of object oriented programming. That is both data and function that operate on data are bundled as a unit called as object.
Class
When you define a class, you define a blueprint for an object. This doesn't actually define any data, but it does define what the class name means, that is, what an object of the class will consist of and what operations can be performed on such an object.
Abstraction
Data abstraction refers to, providing only essential information to the outside world and hiding their background details, i.e., to represent the needed information in program without presenting the details.
For example, a database system hides certain details of how data is stored and created and maintained. Similar way, C++ classes provides different methods to the outside world without giving internal detail about those methods and data.
Encapsulation
Encapsulation is placing the data and the functions that work on that data in the same place. While working with procedural languages, it is not always clear which functions work on which variables but object-oriented programming provides you framework to place the data and the relevant functions together in the same object.
Inheritance
One of the most useful aspects of object-oriented programming is code reusability. As the name suggests Inheritance is the process of forming a new class from an existing class that is from the existing class called as base class, new class is formed called as derived class.
This is a very important concept of object-oriented programming since this feature helps to reduce the code size.
Polymorphism
The ability to use an operator or function in different ways in other words giving different meaning or functions to the operators or functions is called polymorphism. Poly refers to many. That is a single function or an operator functioning in many ways different upon the usage is called polymorphism.
Overloading
The concept of overloading is also a branch of polymorphism. When the exiting operator or function is made to operate on new data type, it is said to be overloaded.
(Costless) Software Abstractions for Parallel ArchitecturesJoel Falcou
Performing large, intensive or non-trivial computing on array like data structures is one of the most common task in scientific computing, video game development and other fields. This matter of fact is backed up by the large number of tools, languages and libraries to perform such tasks. If we restrict ourselves to C++ based solutions, more than a dozen such libraries exists from BLAS/LAPACK C++ binding to template meta-programming based Blitz++ or Eigen. If all of these libraries provide good performance or good abstraction, none of them seems to fit the need of so many different user types.
Moreover, as parallel system complexity grows, the need to maintain all those components quickly become unwieldy. This talk explores various software design techniques - like Generative Programming, MetaProgramming and Generic Programming - and their application to the implementation of a parallel computing librariy in such a way that:
- abstraction and expressiveness are maximized - cost over efficiency is minimized
We'll skim over various applications and see how they can benefit from such tools. We will conclude by discussing what lessons were learnt from this kind of implementation and how those lessons can translate into new directions for the language itself.
Intermediate languages are used in compiler construction to simplify retargeting compilers to multiple machine architectures. In the implementation of \emph{domain-specific languages} (DSLs), compilers typically generate high-level source code, rather than low-level machine instructions. DSL compilers target a software platform, i.e. a programming language with a set of libraries, deployable on one or more operating systems. DSLs enable targeting \emph{multiple} software platforms if its abstractions are platform independent. While transformations from DSL to each targeted platform are often conceptually very similar, there is little reuse between transformations due to syntactic and API differences of the target platforms, making supporting multiple platforms expensive. In this paper, we discuss the design and implementation of PIL, a Platform Independent Language, an intermediate language providing a layer of abstraction between DSL and target platform code, abstracting from syntactic and API differences between platforms, thereby removing the need for platform-specific transformations. We discuss the use of PIL in an implemementation of WebDSL, a DSL for building web applications.
Presented by: N.V.Rajasekhar Reddy
www.technolamp.co.in
Want more interesting...
Watch and Like us @ https://www.facebook.com/Technolamp.co.in
subscribe videos @ http://www.youtube.com/user/nvrajasekhar
NDC Sydney 2019 - Microservices for building an IDE – The innards of JetBrain...Maarten Balliauw
Ever wondered how IDE’s are built? In this talk, we’ll skip the marketing bit and dive into the architecture and implementation of JetBrains Rider.
We’ll look at how and why we have built (and open sourced) a reactive protocol, and how the IDE uses a “microservices” architecture to communicate with the debugger, Roslyn, a WPF renderer and even other tools like Unity3D. We’ll explore how things are wired together, both in-process and across those microservices. Let’s geek out!
RCA OCORA: Safe Computing Platform using open standardsAdaCore
The railway sector is facing a major transition as it moves towards more fully automated systems on both the train and infrastructure side. This in turn, requires the development of appropriate, future-proof connectivity and IT platforms.
The Reference Control Command and Signalling Architecture (RCA) and Open Control Command and Signalling Onboard Reference Architecture (OCORA) have developed a functional architecture for future trackside and onboard functions. The RCA OCORA open Control Command Signalling (CCS) on-board reference architecture introduces a standardized separation of safety-relevant and non-safety-relevant railway applications and the underlying IT platforms. This allows rail operators to decouple the very distinct life cycles of the domains and aggregate multiple railway applications on common IT platforms.
Based on a Safe Computing Platform (SCP), the architecture accommodates a Platform Independent Application Programming Interface (PI API) between safety-relevant railway applications and IT platforms. This approach supports the portability of railway applications among IT platform realisations from different vendors.
Two of its authors will discuss the RCA OCORA architecture with emphasis on its safe computing framework. The talk will review the required operating system standards and the discuss the newly-released DDS Reference Implementation for Safe Computing Platform Messaging. While designed for rail, this architecture will have elements of interest for other industries.
Long-lived software is a challenge. This was seen very clearly a couple of years ago in the “US COBOL crisis”, but the reasons are less clearly understood, and are worth exploring. The speaker works in Computer Algebra, where “younger” systems are 30-40 years old, and the algorithmic kernel of SageMath, the newest major system, is actually 55 years old, and the people who can debug it are in single figures. More recently, very substantial retooling was required to enable Line 14, the driverless line, of the Paris Métro to be extended. Having reviewed these cases, the speaker will make some tentative suggestions for the management of long-lived software.
Rust and the coming age of high integrity languagesAdaCore
Rust is undeniably successful. In just over 7 year, it moved from a newly released language to one that is considered as a language for high integrity systems. This success did not happen in isolation - Rusts success is deeply rooted in a number of contributing environmental factors.
In this talk, I’d like to make the case why Rust success is due to a general ground shift in software development. What we are seeing is a resurging interest in software practices that were usually part of safety-critical environments being applied to non-safety related, mission-critical environments. On the other side, we are seeing the worlds of safety and security merging.
I’d like to take a step back and talk about coming opportunities, changes and chances not only for Rust, but also for other languages and products.
SPARKNaCl: A verified, fast cryptographic libraryAdaCore
SPARKNaCl https://github.com/rod-chapman/SPARKNaCl is a new, freely-available, verified and fast reference implementation of the NaCl cryptographic API, based on the TweetNaCl distribution. It has a fully automated, complete and sound proof of type-safety and several key correctness properties. In addition, the code is surprisingly fast - out-performing TweetNaCl's C implementation on an Ed25519 Sign operation by a factor of 3 at all optimisation levels on a 32-bit RISC-V bare-metal machine. This talk will concentrate on how "Proof Driven Optimisation" can result in code that is both correct and fast.
Developing Future High Integrity Processing SolutionsAdaCore
Rolls-Royce has been developing high integrity digital processing solutions for its safety critical aerospace engine controllers since the 1980s. By the turn of the century, the electronics industry experienced an inflection point. This resulted in a shift to a consumer driven market and a much-reduced focus on the harsh environment electronics and the extended life cycles required by the aerospace industry. As a result, Rolls-Royce took the decision to design its own microprocessor, and for the last 25 years, has been successfully developing harsh environment safety critical processing solutions for all its aerospace engines.
Alongside the ever-increasing performance expectations, the past few years have seen cyber-security become a major driver in new processor developments. This presents new and interesting development challenges that will need to be addressed.
Taming event-driven software via formal verificationAdaCore
Event-driven software can be found everywhere, from low-level drivers, to software that controls and coordinates complex subcomponents, and even in GUIs. Typically, event-driven software is characterised as consisting of a number of stateful components that communicate by sending messages to each other. Event-driven software is notoriously difficult to test. There are often many different sequences of events, and because the exact order of the events will affect the state of the system, it can be easy for bugs to lurk in obscure un-tested sequences of events. Even worse, reproducing these bugs can be difficult due to the need to reproduce the exact sequence of events that led to the issue.
Formal verification is one method of solving this: rather than writing tests to check each of the different possible sequences of events, automated formal verification could be used to verify that the software is correct no matter what sequence of events is observed. In this talk, we will look at what capabilities are required to ensure that this will be successful, including what it means for event-driven software to be correct, and how to ensure that the verification can scale to industrial-sized software projects.
Pushing the Boundary of Mostly Automatic Program ProofAdaCore
With the large-scale verification of complex programs like compilers and microkernels, program proof has realised the grand challenge of creating a “verifying compiler” proposed by Sir Tony Hoare in 2003. Still, the effort and expertise required for developing the program and its proof to feed to the “verifying compiler” will exceed the V&V budget of most projects. Another approach gaining traction is to automate the proof as much as possible. More specifically, by tailoring the proof tool to the strengths of a target programming language, leveraging an array of automatic provers, and limiting the ambition of proof to those properties for which proof can be mostly automated. This is the approach we are following in SPARK. In this talk, we will survey what properties can be “mostly” proved automatically, and what this means in terms of effort and expertise.
RCA OCORA: Safe Computing Platform using open standardsAdaCore
The railway sector is facing a major transition as it moves towards more fully automated systems on both the train and infrastructure side. This in turn, requires the development of appropriate, future-proof connectivity and IT platforms.
The Reference Control Command and Signalling Architecture (RCA) and Open Control Command and Signalling Onboard Reference Architecture (OCORA) have developed a functional architecture for future trackside and onboard functions. The RCA OCORA open Control Command Signalling (CCS) on-board reference architecture introduces a standardized separation of safety-relevant and non-safety-relevant railway applications and the underlying IT platforms. This allows rail operators to decouple the very distinct life cycles of the domains and aggregate multiple railway applications on common IT platforms.
Based on a Safe Computing Platform (SCP), the architecture accommodates a Platform Independent Application Programming Interface (PI API) between safety-relevant railway applications and IT platforms. This approach supports the portability of railway applications among IT platform realisations from different vendors.
Two of its authors will discuss the RCA OCORA architecture with emphasis on its safe computing framework. The talk will review the required operating system standards and the discuss the newly-released DDS Reference Implementation for Safe Computing Platform Messaging. While designed for rail, this architecture will have elements of interest for other industries.
Product Lines and Ecosystems: from customization to configurationAdaCore
Digitalization is concerned with a fundamental shift in value delivery to customers from transactional to continuous. For R&D this requires adopting processes such as DevOps and continuous deployment. Systems engineering companies using platforms need to adjust their ways of working and be cognisant of the role of the ecosystem surrounding them to capitalize on this transformation. The keynote talk will discuss these developments and provide industrial examples from Software Center, a collaboration between 17 large, international companies and five universities with the intent of accelerating the digital transformation of the European software intensive industry.
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
Elevating Tactical DDD Patterns Through Object CalisthenicsDorra BARTAGUIZ
After immersing yourself in the blue book and its red counterpart, attending DDD-focused conferences, and applying tactical patterns, you're left with a crucial question: How do I ensure my design is effective? Tactical patterns within Domain-Driven Design (DDD) serve as guiding principles for creating clear and manageable domain models. However, achieving success with these patterns requires additional guidance. Interestingly, we've observed that a set of constraints initially designed for training purposes remarkably aligns with effective pattern implementation, offering a more ‘mechanical’ approach. Let's explore together how Object Calisthenics can elevate the design of your tactical DDD patterns, offering concrete help for those venturing into DDD for the first time!
Pushing the limits of ePRTC: 100ns holdover for 100 daysAdtran
At WSTS 2024, Alon Stern explored the topic of parametric holdover and explained how recent research findings can be implemented in real-world PNT networks to achieve 100 nanoseconds of accuracy for up to 100 days.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Dr. Sean Tan, Head of Data Science, Changi Airport Group
Discover how Changi Airport Group (CAG) leverages graph technologies and generative AI to revolutionize their search capabilities. This session delves into the unique search needs of CAG’s diverse passengers and customers, showcasing how graph data structures enhance the accuracy and relevance of AI-generated search results, mitigating the risk of “hallucinations” and improving the overall customer journey.
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024Neo4j
Neha Bajwa, Vice President of Product Marketing, Neo4j
Join us as we explore breakthrough innovations enabled by interconnected data and AI. Discover firsthand how organizations use relationships in data to uncover contextual insights and solve our most pressing challenges – from optimizing supply chains, detecting fraud, and improving customer experiences to accelerating drug discoveries.
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
3. Outline
Introduction
Ada 2012 and Alfa
Ada and Why
The translation
4. Unit Proof - I
Motivation
Allow gradual replacement of tests by program verification
Provide other means of verification when formal verification
fails:
VCs too complex for automated tools
manual proofs too costly
program constructs out of scope
aspects to be proved out of scope (timing, memory,
termination)
Concept
Apply formal verification and tests on a per-function basis
Tests still available to complement program verification
Has been applied at Airbus to avionics software Level A
5. Unit Proof - II
Problems
Expertise: required for writing contracts and carrying proof
Duplication: contract not shared between testing and proof
Isolation: unit test and unit proof cannot be combined
Confusion: not the same semantics for testing and proof
Debugging: contracts and proof cannot be executed
6. Hi-Lite : Test and Proof
French research project started in May 2010, over 3 years
Motivation
Source language: Ada
Combine test and proof in a single contract based technology
Same language and semantics for test and proof
Application to existing projects should be possible
Ease of use: Automation
The upcoming avionics standard DO-178C
7. Outline
Introduction
Ada 2012 and Alfa
Ada and Why
The translation
8. New Forms of Expressions in Ada 2012
if-expressions:
( if X = 0 then 0 else 1 / X )
case-expressions:
type Week_Day is
( Mon , Tue , Wed , Thu , Fri , Sat , Sun ) ;
...
( case X is
when Mon .. Fri = > True
when others = > False )
quantified expressions:
( for all I in X ’ Range = > X ( I ) > 0)
( for some I in X ’ Range = > X ( I ) > 0)
9. Contracts
A function with pre- and postcondition
function Search ( S : String ; C : Character )
return Natural
with
Pre = > ( S /= " " ) ,
Post = >
(( if Search ’ Result /= 0 then
S ( Search ’ Result ) = C )
and
( for all X in
S ’ First .. Search ’ Result - 1 = >
S ( X ) /= C ) ) ;
10. The Alfa Subset of Ada
Definition
Includes all features suitable for program verification
Excludes pointers, concurrency, exceptions
No side effects in annotations
No ambiguous expressions
Classification of each function
Non-Alfa: only very light restrictions
Partially in Alfa: signature and contract of the function are in
Alfa, no restriction on the body
(Entirely) in Alfa: signature, contract and body of the
function are in Alfa, only functions at least partially in Alfa
are called
11. Alfa and Ada
Alfa and Non-Alfa code can be freely mixed
Automatic detection of functions that are (partially or fully) in
Alfa
Only those functions are translated to Why
Remaining code can be covered by testing
Rationale
You don’t need to write all your code in Alfa
Application to legacy code base
Allow packages with complex code (pointers, concurrency)
12. Outline
Introduction
Ada 2012 and Alfa
Ada and Why
The translation
14. Automatic Effects Computation
Procedure
First phase of GNATprove
Compute localized effects of each function (do not take into
account effects of called functions)
A few restrictions to Ada to maintain correctness
No function pointers
No implicit aliasing
These situations are recognized by the compiler (work in
progress)
15. An Ada Program
Spec for package A
types
global vars
function decls
contracts
Body for package A
local types
local vars
functions
16. An Ada Program
Spec for package A
types
Spec for package B
global vars
function decls
contracts
Body for package A
local types Body for package B
local vars
functions
17. An Ada Program
Spec for package A
types
Spec for package B
global vars
function decls
contracts
Body for package A
local types Body for package B
local vars
functions
18. An Ada Program
Spec for package A
types
Spec for package B
global vars
function decls
contracts
Body for package A
local types Body for package B
local vars
functions
19. A First Idea for Why Files
code for
spec of A
code for
body of A
20. A First Idea for Why Files
code for code for
spec of A spec of B
code for code for
body of A body of B
21. A First Idea for Why Files
code for code for
spec of A spec of B
code for code for
body of A body of B
22. A First Idea for Why Files
code for code for
spec of A spec of B
code for code for
body of A body of B
23. A First Idea for Why Files
code for code for
spec of A spec of B
Achieved
Ada visibility modeled
circular dependencies
avoided
code for code for (mutual) recursion even
body of A body of B across packages
24. A First Idea for Why Files
code for code for
spec of A spec of B
Achieved
Ada visibility modeled
circular dependencies
avoided
code for code for (mutual) recursion even
body of A body of B across packages
Problem
Effects on local variables introduce new dependencies
Example: function in B modifies indirectly local variable of A
25. A First Idea for Why Files
code for code for
spec of A spec of B
Achieved
Ada visibility modeled
circular dependencies
avoided
code for code for (mutual) recursion even
body of A body of B across packages
Problem
Effects on local variables introduce new dependencies
Example: function in B modifies indirectly local variable of A
circular dependency!
26. Our Proposed Solution
code for types and
vars in spec of A
code for types and
vars in body of A
code for funcs
in spec of A
code for funcs
in body of A
27. Our Proposed Solution
code for types and
vars in spec of A
code for types and
vars in body of A
code for funcs
in spec of A
code for funcs
in body of A
28. Our Proposed Solution
code for types and code for types and
vars in spec of A vars in spec of B
code for types and code for types and
vars in body of A vars in body of B
code for funcs code for funcs
in spec of A in spec of B
code for funcs code for funcs
in body of A in body of B
29. Our Proposed Solution
code for types and code for types and
vars in spec of A vars in spec of B
code for types and code for types and
vars in body of A vars in body of B
code for funcs code for funcs
in spec of A in spec of B
code for funcs code for funcs
in body of A in body of B
30. Our Proposed Solution
code for types and code for types and
vars in spec of A vars in spec of B
code for types and code for types and
vars in body of A vars in body of B
code for funcs code for funcs
in spec of A in spec of B
code for funcs code for funcs
in body of A in body of B
31. Outline
Introduction
Ada 2012 and Alfa
Ada and Why
The translation
32. Ada Integer Types
New type definition:
type One_Ten is range 1 .. 10;
Subtype (inherits base range):
subtype One_Ten_Integer is
Integer range 1 .. 10;
Inserted checks
Range check on assignment (or parameter passing)
Overflow check on intermediate operations on the base type
33. Ada Integer Types in Why
type t
predicate t_in_range (x : int) = -128 <= x <= 127
logic t_to_int : t -> int
logic t_of_int : int -> t
parameter t_of_int_ :
n : int ->
{ t_in_range (n) } t { t_to_int (result) = n }
parameter t_in_range_ :
n : int ->
{ t_in_range (n) } int { result = n }
axiom t_range :
forall x : t. t_in_range (t_to_int (x))
...
34. Execution Semantics for Assertions - I
Objective
Same semantics for test and proof
Assertions should be runtime error free
Possibilities
Consider assertions with runtime errors as false
Implicit assumptions in the case of preconditions
Consider assertions with runtime errors as incorrect
Additional VCs to prove absence of runtime errors in specs
No implicit assumptions
Hi-Lite: second possibility has been chosen for clarity
35. Execution Semantics for Assertions - II
Example in Ada
function Add (X , Y : One_Ten ) return One_Ten
with Pre = > ( X + Y < 10) ;
Translation to Why
let add (x : one_ten) (y : one_ten) =
{ true }
ignore
(one_ten_range_
(one_ten_to_int (x) + one_ten_to_int (y)) < 10);
assume
{ one_ten_to_int (x) + one_ten_to_int (y) < 10 };
... (* translated body of function Add *)
36. Loop Assertions - I
The trivial translation:
Ada loop Why translation
while C loop
pragma Assert ( P ) ; while C do
... { P }
end loop ; ...
done
Does not reflect runtime behavior:
Assertion not executed when C is always false
Assertion not executed after end of loop
37. Loop Assertions - II
Our translation
if c then
try
while true do (* infinite loop *)
{ invariant c and p}
...
if not c then raise Exit
done
with Exit -> ();
38. Quantified Expressions
A pathological example
( for all J in 1 .. 10 = >
( if J = 5 then J /= 1 / 0 else False ) )
A simple approach
∀ 1 ≤ j ≤ 10. if j = 5 then 0 = 0 else true
Proposed by an anonymous referee
∀ 1 ≤ j ≤ 10.
(∀ 1 ≤ j ≤ j − 1. if j = 5 then 0 = 0 else true) and
(∀ 1 ≤ j ≤ j − 1. if j = 5 then j = 1/0 else false)
⇒ if j = 5 then 0 = 0 else true
39. Conclusion
Hi-Lite
Allow combining test and proof
Easy adoption of formal verification, applied to new and
existing projects
Future Work
Migration to Why3
Verification of consistency of contracts