Formal Model-Based Assurance Cases in Isabelle/SACM, supporting materials

Abstract

Isabelle/SACM is a tool for automated construction of model-based assurance cases with integrated formal methods, based on the Isabelle proof assistant. Assurance cases show how a system is safe to operate, through a human comprehensible argument demonstrating that the requirements are satisfied, using evidence of various provenances. They are usually required for certification of critical systems, often with evidence that originates from formal methods. Automating assurance cases increases rigour, and helps with maintenance and evolution. In this paper we apply Isabelle/SACM to a fragment of the assurance case for an autonomous underwater vehicle demonstrator. We encode the metric unit system (SI) in Isabelle, to allow modelling requirements and state spaces using physical units. We develop a behavioural model in the graphical RoboChart state machine language, embed the artifacts into Isabelle/SACM, and use it to demonstrate satisfaction of the requirements.

Isabelle Formalisation

This archive accompanies the FormaliSE 2020 paper "Formal Model-Based Assurance Cases in Isabelle/SACM: An Autonomous Underwater Vehicle Case Study". The larger of the two files contains a Linux distribution of Isabelle2019 with all the additional files needed to start Isabelle/SACM and see the results presented in the paper. The archive also Isabelle/DOF 1.0 (from Prof. Achim Brucker and Prof. Burkhart Wolff), Isabelle/UTP, and several Archive of Formal Proofs (AFP) entries that our development depends upon. These theories are redistributed under the terms of the 2 and 3 clause BSD license. The smaller file contains only those Isabelle files directly related to the LRE case study.

In order to get started, extract the larger archive to a suitable directory, and then from here execute

bin/isabelle jedit -l RoboChart-Assurance

This will start Isabelle and build several session heap images, including Isabelle/DOF and RoboChart. Once finished, the assurance case example can be found under src/CyPhyAssure/AUV/LRE/LRE.thy, and the various theory files it imports. In particular, the state machine can be found in LRE_Beh.thy.