The University of Southampton
×
Filter your search:
University of Southampton Institutional Repository

Constructing a Safety Case for Automatically Generated Code from Formal Program Verification Information

Constructing a Safety Case for Automatically Generated Code from Formal Program Verification Information
Constructing a Safety Case for Automatically Generated Code from Formal Program Verification Information
Formal methods can in principle provide the highest levels of assurance of code safety by providing formal proofs as explicit evidence for the assurance claims. However, the proofs are often complex and difficult to relate to the code, in particular if it has been generated automatically. They may also be based on assumptions and reasoning principles that are not justified. This causes concerns about the trustworthiness of the proofs and thus the assurance claims. Here we present an approach to systematically construct safety cases from information collected during a formal verification of the code, in particular from the construction of the logical annotations necessary for a formal, Hoare-style safety certification. Our approach combines a generic argument that is instantiated with respect to the certified safety property (i.e., safety claims) with a detailed, program-specific argument that can be derived systematically because its structure directly follows the course the annotation construction takes through the code. The resulting safety cases make explicit the formal and informal reasoning principles, and reveal the top-level assumptions and external dependencies that must be taken into account. However, the evidence still comes from the formal safety proofs. Our approach is independent of the given safety property and program, and consequently also independent of the underlying code generator. Here, we illustrate it for the AutoFilter system developed at NASA Ames.
Automated code generation, formal program verification, Hoare logic, fault tree analysis, safety case, Goal Structuring Notation.
Basir, Nurlida
dffded1c-37fe-46c1-8e07-ebd474acf37a
Denney, Ewen
cce9ba14-a1fd-4a7b-8e90-fcb234b53e1d
Fischer, Bernd
0c9575e6-d099-47f1-b3a2-2dbc93c53d18
Harrison, M.D.
4da3c4da-1d38-45e6-abbd-6e0d644d8173
Sujan, M-A.
033f009a-7221-4953-95e5-86e3935fbee3
Basir, Nurlida
dffded1c-37fe-46c1-8e07-ebd474acf37a
Denney, Ewen
cce9ba14-a1fd-4a7b-8e90-fcb234b53e1d
Fischer, Bernd
0c9575e6-d099-47f1-b3a2-2dbc93c53d18
Harrison, M.D.
4da3c4da-1d38-45e6-abbd-6e0d644d8173
Sujan, M-A.
033f009a-7221-4953-95e5-86e3935fbee3

Basir, Nurlida, Denney, Ewen and Fischer, Bernd (2008) Constructing a Safety Case for Automatically Generated Code from Formal Program Verification Information. Harrison, M.D. and Sujan, M-A. (eds.) The 27th International Conference on Computer Safety, Reliability and Security (SAFECOMP'08), Newcastle, United Kingdom. 22 - 25 Sep 2008. (Submitted)

Record type: Conference or Workshop Item (Paper)

Abstract

Formal methods can in principle provide the highest levels of assurance of code safety by providing formal proofs as explicit evidence for the assurance claims. However, the proofs are often complex and difficult to relate to the code, in particular if it has been generated automatically. They may also be based on assumptions and reasoning principles that are not justified. This causes concerns about the trustworthiness of the proofs and thus the assurance claims. Here we present an approach to systematically construct safety cases from information collected during a formal verification of the code, in particular from the construction of the logical annotations necessary for a formal, Hoare-style safety certification. Our approach combines a generic argument that is instantiated with respect to the certified safety property (i.e., safety claims) with a detailed, program-specific argument that can be derived systematically because its structure directly follows the course the annotation construction takes through the code. The resulting safety cases make explicit the formal and informal reasoning principles, and reveal the top-level assumptions and external dependencies that must be taken into account. However, the evidence still comes from the formal safety proofs. Our approach is independent of the given safety property and program, and consequently also independent of the underlying code generator. Here, we illustrate it for the AutoFilter system developed at NASA Ames.

Text
safecomp.pdf - Accepted Manuscript
Download (162kB)

More information

Submitted date: 30 May 2008
Additional Information: Event Dates: 22-25 September 2008
Venue - Dates: The 27th International Conference on Computer Safety, Reliability and Security (SAFECOMP'08), Newcastle, United Kingdom, 2008-09-22 - 2008-09-25
Keywords: Automated code generation, formal program verification, Hoare logic, fault tree analysis, safety case, Goal Structuring Notation.
Organisations: Electronic & Software Systems
Learn more about Cyber Physical Systems research

Identifiers

Local EPrints ID: 266007
URI: http://eprints.soton.ac.uk/id/eprint/266007
PURE UUID: 0c871bae-771b-4199-b6c2-0ff6099d2283

Catalogue record

Date deposited: 27 Jun 2008 15:42
Last modified: 14 Mar 2024 08:19

Export record

Contributors

Author: Nurlida Basir
Author: Ewen Denney
Author: Bernd Fischer
Editor: M.D. Harrison
Editor: M-A. Sujan

Download statistics

Downloads from ePrints over the past year. Other digital versions may also be available to download e.g. from the publisher's website.

View more statistics

Library staff additional information
Atom RSS 1.0 RSS 2.0

Contact ePrints Soton: eprints@soton.ac.uk

ePrints Soton supports OAI 2.0 with a base URL of http://eprints.soton.ac.uk/cgi/oai2

This repository has been built using EPrints software, developed at the University of Southampton, but available to everyone to use.

We use cookies to ensure that we give you the best experience on our website. If you continue without changing your settings, we will assume that you are happy to receive cookies on the University of Southampton website.

×