Steve King | University of York (original) (raw)

Papers by Steve King

Lecture Notes in Computer Science, 2000

Java is becoming increasingly popular in many application areas due to its rich programming seman... more Java is becoming increasingly popular in many application areas due to its rich programming semantics and portability. We believe that high-integrity real-time systems can also greatly benefit by adopting the Java technology, provided the unpredictable overheads and insecurity of the run-time system are conquered. We illustrate in this paper our ongoing work on a safe mobile code representation based on SSA form, and a run-time system that will enable us to examine program code in terms of safety, WCET, and schedulability. Some miscellaneous techniques for detecting race conditions and allocating registers are discussed along with examples.

Formal Aspects of Computing, 2013

Many tools can check if a test set provides control coverage; they are, however, of little or no ... more Many tools can check if a test set provides control coverage; they are, however, of little or no help when coverage is not achieved and the test set needs to be completed. In this paper, we describe how a formal characterisation of a coverage criterion can be used to generate test data; we present a procedure based on traditional programming techniques like normalisation, and weakest precondition calculation. It is a basis for automation using an algebraic theorem prover. In the worst situation, if automation fails to produce a specific test, we are left with a specification of the compliant test sets. Many approaches to model-based testing rely on formal models of a system under test. Our work, on the other hand, is not concerned with the use of abstract models for testing, but with coverage based on the text of programs.

The compliance notation provides a practical system where both formal and informal techniques can... more The compliance notation provides a practical system where both formal and informal techniques can be employed in software verification. The notation has been successfully applied in verifying some industrial safety-critical systems, but currently it has no support for verifying concurrent systems. This research aims to extend the compliance notation with appropriate support for verifying concurrent systems.

AbstractÐThis paper describes the use of formal development methods on an industrial safety-criti... more AbstractÐThis paper describes the use of formal development methods on an industrial safety-critical application. The Z notation was used for documenting the system specification and part of the design, and the SPARK1 subset of Ada was used for coding. However, perhaps the most distinctive nature of the project lies in the amount of proof that was carried out: proofs were carried out both at the Z levelÐapproximately 150 proofs in 500 pagesÐand at the SPARK code levelÐapproximately 9,000 verification conditions generated and discharged. The project was carried out under UK Interim Defence Standards 00-55 and 00-56, which require the use of formal methods on safety-critical applications. It is believed to be the first to be completed against the rigorous demands of the 1991 version of these standards. The paper includes comparisons of proof with the various types of testing employed, in terms of their efficiency at finding faults. The most striking result is that the Z proof appears ...

exactly where the semicolons should appear in a B abstract machine is much less important than wh... more exactly where the semicolons should appear in a B abstract machine is much less important than whether they understand the different clauses of a machine,and how they can be used. In the real world, if they were to use a formal method, then they would almost certainly have access to tools which would allow them to eliminate syntactical errors. The real skill which we should be teaching, and therefore which we should be assessing, is the ability to construct mathematical models of whatever systems are being built. Once learnt, that modelling skill should be transferable to formal notations other than the specific one being used in the course. However, experience shows that this facility for (abstract) modelling is perhaps the hardest part of FM to teach, and there are few texts that concentrate on this area. (The notable exception is Fitzgerald and Larsen's Modelling Systems: see references below.) Open or closed exams

Proceedings of the 24th International Conference on Software Engineering. ICSE 2002, 2002

Lecture Notes in Computer Science, 1990

Z has been developed as a formal specification notation, and, as such, has been used successfully... more Z has been developed as a formal specification notation, and, as such, has been used successfully for a number of years. Recently, other formal notations, the various flavours of refinement calculi, have emerged. They have been designed as wide spectrum languages ...

Lecture Notes in Computer Science, 2003

The Ravenscar profile is a subset of the Ada 95 tasking model: it is certifiable, deterministic, ... more The Ravenscar profile is a subset of the Ada 95 tasking model: it is certifiable, deterministic, supports schedulability analysis, and meets tight memory constraints and performance requirements. A central feature of Ravenscar is the use of protected objects to ensure mutually exclusive access to shared data. We give a semantics to protected objects using Circus, a combination of Z and CSP, and prove several important properties; this is the first time that these properties have been verified. Interestingly, all the proofs are conducted in Z, even the ones concerning reactive behaviour.

Lecture Notes in Computer Science, 2005

The Ravenscar Profile is a restricted subset of the Ada tasking model, designed to meet the requi... more The Ravenscar Profile is a restricted subset of the Ada tasking model, designed to meet the requirements of producing analysable and deterministic code. A central feature of Ravenscar is the use of protected objects to ensure mutually exclusive access to shared data. This paper uses Ravenscar protected objects to implement CSP channels in Ada-the proposed implementation is formally verified using model checking. The advantage of these Ravenscar channels is transforming the data-oriented asynchronous tasking model of Ravenscar into the cleaner message-passing synchronous model of CSP. Thus, formal proofs and techniques for model-checking CSP specifications can be applied to Ravenscar programs. In turn, this increases confidence in these programs and their reliability. Indeed, elsewhere, we use the proposed Ravenscar channels as the basis for a cost-effective technique for verifying concurrent safety-critical system.

Electronic Notes in Theoretical Computer Science, 2005

Proofs about system specifications are difficult to conduct, particularly for large specification... more Proofs about system specifications are difficult to conduct, particularly for large specifications. Using abstraction and refinement, we propose a proof technique that simplifies these proofs. We apply the technique to Circus (a combination of Z and CSP) specifications of different complexities. Interestingly, all the proofs are conducted in Z, even those concerning reactive behaviour.

This monograph, which presents a grammar and an a.bstract syntax {or the Z specification language... more This monograph, which presents a grammar and an a.bstract syntax {or the Z specification language, is produced as part of a joint project between IBM United Kingdom Labo. ratories Limited a.t Hursley, England and the Programming Research Group of Oxford University Computing Laboratory, into the application of formal software specification techniques to industrial problems. The work WM sopported by a research contract be tween IBM and Oxford University and is published by pennission of the Company. [Abrial 811 provided the starting point in the development of the Z notation. The syntax for definitions, predicates and terms presented here was developed from Jea.n•Ra.ymond Abrial's paper. The notation has been further developed and described in [Sufrin 86]. The type roles and the semantics oCZ have been described in [Spivey 85]. The commen tary in this paper on the mea.ning of the language constructs is an informal description of what is formally described in [Spivey 85]. The schema concept is an extension to conventional set theory and preliminary descrip tions can be found in [Sumn 81], [Sfilirensen 82] and [Morgan 84]. A tutorial introduction to the present sta.te of the schema notation can be found in [Woodcock 88] Version 2.0 It is the authors' expectation (e.nd hope!) that this will be the 'final' version o{ this document, at least in its present form. It is presented 8.8 part of the PRG's (and IBM's) work towards the standardisation of Z. As such, it has two major aims: to capture the present state of the language, particularly those parts o{ the la.nguage whose syntax has become stable, and to snggest possible solutions to several problems which ha.ve to be resolved as part of the standardisation process. In this second category come such topics as the syntax for theoreIIUI (which is dependent, to some extent, on agreement on a logic for Z), mnemonic names {or the many non-ASCII symbOls used in Z, and the whole question of how to nse one Z document within another (ie imports, document qualifiers, versions etc). This last item can only be resolved when case studies ~ been completed, using {or instance a library o{ specifications. To repea.t: in these cases, what is presented in this document is merely a suggested solution-the definitive a.ns~r can only appear in due time!! 14 2.5 Predicates 15 2.6 Terms .. 18 2.7 Schema terms 24 Terminal symbols 29 3.1 Document punctuation. 29 3.2 Identifier lists and identifier symbols 29 3.3 Definitions and declarations 30 3.4 Theorem symbols. 30 3.5 Predicate symbols 31 3.6 Term symbols. . 31 3.7 Schema notation .

The INESS (INtegrated European Signalling System) Project is an effort, funded by the FP7 program... more The INESS (INtegrated European Signalling System) Project is an effort, funded by the FP7 programme of the European Union, to provide a common, integrated, railway signalling system within Europe. It comprises 30 partners, including 6 railway companies. INESS experts have been using the Executable UML (xUML) language to model the proposed integrated signalling system. Because of the safety-critical aspects of

The Mondex Case Study is being be used as an initial experiment for the Verified Software Reposit... more The Mondex Case Study is being be used as an initial experiment for the Verified Software Repository. A number of research groups will work on the same problem in parallel. We have chosen as our problem the Mondex electronic purse work, which was originally specified and refined in Z, and proved correct by hand. That work was some ten years ago and we use this reworking to see what more can be done now compared to then. The kind of questions we hope to address are: What the current state of the art is in mechanising the specification, refinement, and proof? Can we get a full automation of this example? How can we combine the best of each approach? From the previous work we know that the case study will raise some challenging issues and so we hope that this new work to contribute to setting a research agenda for the repository. This Work is the slides and other material from the first workshop.

Lecture Notes in Computer Science, 2000

Formal Aspects of Computing, 2013

Proceedings of the 24th International Conference on Software Engineering. ICSE 2002, 2002

Lecture Notes in Computer Science, 1990

Lecture Notes in Computer Science, 2003

Lecture Notes in Computer Science, 2005

Electronic Notes in Theoretical Computer Science, 2005