When testing just doesn't cut it

Writing unit tests is pretty much standard practice these days. Otherwise, how would you make sure that your code does what you expect? Yet, some software is mission-critical and merely testing a few examples – or even randomized testing – is not enough. To reach higher levels of assurance, we need proof: mathematical, formal proof. This session will be based on an example from industry, where we successfully verified the core of a financial application. I will describe the core architecture of the system and the mathematical foundations behind the verification, including the classes of problems that we can (or cannot) discover with this approach.

Lars Hupel

@lars

Lars is an Evangelist at Giesecke+Devrient, a global company specialized in payments, connectivity, identities, and digital infrastructure. An engineer at heart, they are working to bring modern financial services to people.

Slides

hupel.pdf

Video

https://media.ccc.de/v/bob2023-when-testing-just-doesnt-cut-it-hupel