Section: Application Domains

Mission-Critical Software

The application domains we target involve safety-critical software, that is where a high-level guarantee of soundness of functional execution of the software is wanted. The domains of application include the following. For each of them we refer to our past or current actions, in particular in relations with projects, contracts and industrial partners. Currently our industrial collaborations mainly belong to the first of these domains, transportation.

• Transportation including aeronautics, railroad, space flight, automotive.

  These domains were considered in the context of the ANR U3CAT project, led by CEA, in partnership with Airbus France, Dassault Aviation, Sagem Défense et Sécurité. It included proof of C programs via Frama-C/Jessie/Why, proof of floating-point programs, the use of the Alt-Ergo prover via CAVEAT tool (CEA) or Frama-C/WP. This action is continued in the new project Soprano.

  Aeronautics is the main target of the Verasco project, leaded by Verimag, on the development of certified static analyzers, in partnership with Airbus.

  The former FUI project Hi-Lite, led by Adacore company, uses Why3 and Alt-Ergo as back-end to SPARK2014, an environment for verification of Ada programs. This is applied to the domain of aerospace (Thales, EADS Astrium). This action is continued in the new joint laboratory ProofInUse. A recent paper [71] provides an extensive list of applications of SPARK, a major one being the British air control management.

  In the current ANR project BWare, we investigate the use of Why3 and Alt-Ergo as an alternative back-end for checking proof obligations generated by Atelier B, whose main applications are railroad-related software (http://www.methode-b.com/documentation_b/ClearSy-Industrial_Use_of_B.pdf ), a collaboration with Mitsubishi Electric R&D Centre Europe (Rennes) and ClearSy (Aix-en-Provence).

• Energy is naturally an application in particular with our long-term partner CEA, in the context of U3CAT and Soprano projects.

• Communications and Data in particular in contexts with a particular need for security or confidentiality: smart phones, Web applications, health records, electronic voting, etc.

  Part of the applications of SPARK [71] include verification of security-related properties, including cryptographic algorithms.

  Our new AJACS project addresses issues related to security and privacy in web applications written in Javascript, also including correctness properties.

  The Cubicle model checker modulo theories based on the Alt-Ergo SMT prover, in collaboration with Intel Strategic Cad Labs (Hillsboro, OR, USA) is particularly targeted to the verification of concurrent programs and protocols (http://cubicle.lri.fr/ ).

• Medicine, including diagnostic devices, computer-assisted surgery

  Such applications involve techniques for control and command close to what is done in transportation. Moreover, in this context, there is a need for modeling using differential equations, finite elements, hybrid systems, which are considered in other projects of us: FastRelax, ELFIC, Cafein.

• Financial applications, banking

  We add projects in the past about safety and security of smart cards, in collaboration with Gemalto (European project VerifiCard, two CIFRE theses). Banking is naturally a domain of application of techniques dealing with security and confidentiality already mentioned above.