Formal Verification of Graphical Properties of Interactive Systems

Abstract

Critical systems, particularly aeronautical systems, contain newly highly interactive devices: for example, the new generation cockpits use sophisticated electronics. They are driven by complex reactive software applications able to react to various kinds of inputs and to provide a representation of their internal state. In this context, the certification processes described in DO-178C and in DO-333 give an important place to formal verification of the requirements of these systems. Many formal methods have been proposed for this verification. However properties related to the graphical elements of these systems like position, overlapping, color, etc. have not received the same attention as others like safety, liveness, reachability or boundary ones. In this paper, we propose an original approach based on deductive verification to check graphically oriented requirements. On the basis of a semantic of reactive applications based on the weakest precondition calculus, we propose an algorithm for the verification of graphical requirements. This algorithm is developed in the context of Smala/Djnn: an environment for developing interactive systems. We illustrate our approach on the Traffic alert and Collision Avoidance System (TCAS), an aeronautical case study, and some of its graphical requirements.