In dynamic software updates there exists a different level of possible behavior change. The easiest way of transforming an application is to modify the implementation of a whole method body, i.e., updating the method body to a new version without disturbing the overall application. A next step regarding arbitrary updates is the ability to change the signature of a method, along with the interna...

ed Control FlowGraphs. The algorithm uses abstracted control flow graphs (CFGs), in which code fragments matching specific patterns are collapsed into individual nodes. Since the patterns can depend on the variables, separate abstracted CFGs must be constructed for

We formalise a simple assembly language with procedures and a safety policy for arithmetic overflow in Isabelle/HOL. To verify individual programs we use a safety logic. Such a logic can be realised in Isabelle/HOL either as shallow or deep embedding. In a shallow embedding logical formulas are written as HOL predicates, whereas a deep embedding models formulas as a datatype. This paper present...

Safety cases provide a mechanism for representing evidence-based arguments that a system is acceptably safe to operate in its intended context. We show how we can automatically combine diverse types of information from heterogeneous sources into a single integrated safety case for a system implemented using automatically generated software. The core argument structure of the safety case is gene...

The software and hardware quality of safety-critical embedded systems in avionics and the automotive sector is currently ensured by means of extensive assurance procedures (e.g. certification). The way embedded software is developed has changed, such that executable models are used from the early development stages up to implementation in order to design and verify the software behaviour desire...

In this article we describe a method for fully automated object code verification, applicable to railway control systems developed within a framework previously proposed by the authors. This allows us to apply arbitrary off-theshelf compilers in a safety-critical context without having to perform expensive compiler validations. Within the restrictions of the framework, the object code verificat...

The code of practice for the prevention of infection in clinical laboratories and postmortem rooms (the "Howie code") was produced in order to standardise laboratory safety procedures at a level which would minimise risks to laboratory workers. The costs of implementing this code, which were not given proper consideration when the code was drawn up, are seen to be very high. This paper question...

With the growth of the global Internet, users have begun to download and run programs for more different purposes and from more varied sources than ever before. These programs should not be allowed to cause harm to a user's system or data, either as a result of malicious code created by an adversary or buggy code that could cause accidentally. Users may have different ideas of what constitutes ...

ion-Carrying Code (ACC) is a framework for mobile code safety in which the code supplier provides a program together with an abstraction (or abstract model of the program) whose validity entails compliance with a predefined safety policy. The abstraction plays thus the role of safety certificate and its generation is carried out automatically by a fixed-point analyzer. The advantage of providin...

The high cost of software production is driving development organizations to adopt more automated design and analysis methods such as rapid prototyping, computer-aided software engineering (CASE) tools, and high-level code generators. Even developers of safety-critical software systems have adopted many of these new methods while striving to achieve high levels of quality and reliability. While...