Section: Application Domains

Mission-Critical Software

The application domains we target involve safety-critical software, that is where a high-level guarantee of soundness of functional execution of the software is wanted. The domains of application include

• Transportation: aeronautics, railroad, space flight, automotive

• Communications: mobile phones, smart phones, Web applications

• Financial applications, banking

• Medicine: diagnostic devices, computer-assisted surgery

• Databases with confidentiality requirements (e.g. health records, electronic voting)

Currently our industrial collaborations mainly belong the first of these domains: transportation. These include, in the context of the ANR U3CAT project (Airbus France, Toulouse; Dassault Aviation, Saint-Cloud; Sagem Défense et Sécurité):

• proof of C programs via Frama-C/Jessie/Why;

• proof of floating-point programs;

• use of the Alt-Ergo prover via CAVEAT tool (CEA) or Frama-C/WP.

In the context of the FUI project Hi-Lite, the Adacore (Paris) uses Why3 and Alt-Ergo as back-end to GnatProve, an environment for verification of Ada programs. This is applied in the domain of aerospace (Thales, EADS Astrium).

In the context of ANR project BWare, we investigate the use of Why3 and Alt-Ergo as an alternative back-end for checking proof obligation generated by Atelier B, whose main applications are railroad-related software (http://www.methode-b.com/documentation_b/ClearSy-Industrial_Use_of_B.pdf , collaboration with Mitsubishi Electric R&D Centre Europe, Rennes; ClearSy, Aix-en-Provence)

Apart from the domain of transportation, the Cubicle model checker modulo theories based on the Alt-Ergo SMT prover (collaboration with Intel Strategic Cad Labs, Hillsboro, OR, USA) can be applied to verification of concurrent programs and protocols (http://cubicle.lri.fr/ ).