
Formally Verified Software in the Real World (2018) - icc97
https://cacm.acm.org/magazines/2018/10/231372-formally-verified-software-in-the-real-world/fulltext
======
tpaschalis
Second day in a row where HN frontpage features formally verified software!

If you're like me, and would like to get started, or just see what this is all
about, the TLA+ homepage and video course (narrated by Leslie Lamport
himself), is a nice resource [1].

In about half an hour you will have a brief understanding of what "formal
specification languages" are, write and 'prove' your first small program/spec.
If you have another hour to spend, keep the cheatsheet [2] near you and follow
through, you will write and 'prove' more complex specs, plus you'll start
thinking about systems in a more abstract way. Finishing up the video course
you'll be able to start reading complex specs others have written, or write a
spec for any algorithm you think is fun!

[1]
[https://lamport.azurewebsites.net/video/videos.html](https://lamport.azurewebsites.net/video/videos.html)
[2] [https://lamport.azurewebsites.net/tla/summary-
standalone.pdf](https://lamport.azurewebsites.net/tla/summary-standalone.pdf)

~~~
drharby
I really want this to be a sarcastic post demonstrating how thinly veiled some
pr efforts are

------
dahfizz
Kind of a dumb question: have any operating systems been formally verified?
Unless you are running an embedded application, verifying your software seems
kind of pointless if you are still at the mercy of "unverified" system calls,
memory manager, scheduler, etc etc.

~~~
kccqzy
Green Hills Software has the Integrity operating system rated to EAL6+, which
stands for "Semiformally Verified Design and Tested" so almost there but not
quite.

But honestly it's not something you would want to use in daily life.

~~~
heyjudy
Not to the rigor seL4 has, with multiple-levels of verification.

~~~
kccqzy
Yes I agree, but still with significantly more rigor than your typical
operating system (Linux, Windows, macOS).

------
jschwartzi
I have wanted to see a real-world use of seL4 in a safety-critical system
since I heard about it 2 years ago. This is really impressive, and I'm very
happy to see this here.

------
nestorD
The exemple I was given while studying the subject is that the sofware for the
driverless metro line 14 in Paris has been proven in Coq.

~~~
fuklief
Are you sure on that? It was B method they used afaik.

~~~
cpeterso
Wikipedia says B-Method. Parts of the train control system use OpenVMS!

[https://en.wikipedia.org/wiki/Paris_M%C3%A9tro_Line_14](https://en.wikipedia.org/wiki/Paris_M%C3%A9tro_Line_14)

[https://en.wikipedia.org/wiki/B-Method](https://en.wikipedia.org/wiki/B-Method)

