{"id":"https://openalex.org/W7124438182","doi":"https://doi.org/10.1145/3785652","title":"Lessons from Formally Verified Deployed Software Systems","display_name":"Lessons from Formally Verified Deployed Software Systems","publication_year":2026,"publication_date":"2026-01-16","ids":{"openalex":"https://openalex.org/W7124438182","doi":"https://doi.org/10.1145/3785652"},"language":"en","primary_location":{"id":"doi:10.1145/3785652","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3785652","pdf_url":null,"source":{"id":"https://openalex.org/S157921468","display_name":"ACM Computing Surveys","issn_l":"0360-0300","issn":["0360-0300","1557-7341"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319798","host_organization_name":"Association for Computing Machinery","host_organization_lineage":["https://openalex.org/P4310319798"],"host_organization_lineage_names":["Association for Computing Machinery"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"ACM Computing Surveys","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"hybrid","oa_url":"https://doi.org/10.1145/3785652","any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5100494937","display_name":"Li Huang","orcid":"https://orcid.org/0000-0003-3531-4045"},"institutions":[{"id":"https://openalex.org/I193619901","display_name":"Constructor University","ror":"https://ror.org/02yrs2n53","country_code":"DE","type":"education","lineage":["https://openalex.org/I193619901"]}],"countries":["DE"],"is_corresponding":true,"raw_author_name":"Li Huang","raw_affiliation_strings":["Constructor University Bremen","No address"],"affiliations":[{"raw_affiliation_string":"Constructor University Bremen","institution_ids":["https://openalex.org/I193619901"]},{"raw_affiliation_string":"No address","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5100565241","display_name":"Yeguo Wang","orcid":null},"institutions":[{"id":"https://openalex.org/I3131550300","display_name":"Universit\u00e9 Toulouse-I-Capitole","ror":"https://ror.org/0443n9e75","country_code":"FR","type":"education","lineage":["https://openalex.org/I3131550300"]},{"id":"https://openalex.org/I1294671590","display_name":"Centre National de la Recherche Scientifique","ror":"https://ror.org/02feahw73","country_code":"FR","type":"funder","lineage":["https://openalex.org/I1294671590"]},{"id":"https://openalex.org/I4210152422","display_name":"Universit\u00e9 Toulouse - Jean Jaur\u00e8s","ror":"https://ror.org/04ezk3x31","country_code":"FR","type":"education","lineage":["https://openalex.org/I4210152422","https://openalex.org/I4412460029"]},{"id":"https://openalex.org/I4210160189","display_name":"Institut Polytechnique de Bordeaux","ror":"https://ror.org/054qv7y42","country_code":"FR","type":"education","lineage":["https://openalex.org/I4210160189"]},{"id":"https://openalex.org/I134560555","display_name":"Universit\u00e9 Toulouse III - Paul Sabatier","ror":"https://ror.org/02v6kpv12","country_code":"FR","type":"education","lineage":["https://openalex.org/I134560555","https://openalex.org/I4412460029"]},{"id":"https://openalex.org/I4210119061","display_name":"Institut de Recherche en Informatique de Toulouse","ror":"https://ror.org/01rx4qw44","country_code":"FR","type":"facility","lineage":["https://openalex.org/I1294671590","https://openalex.org/I205747304","https://openalex.org/I4210119061","https://openalex.org/I4412460029"]}],"countries":["FR"],"is_corresponding":false,"raw_author_name":"Sophie Ebersold","raw_affiliation_strings":["IRIT CNRS, University of Toulouse","No address"],"affiliations":[{"raw_affiliation_string":"IRIT CNRS, University of Toulouse","institution_ids":["https://openalex.org/I4210152422","https://openalex.org/I1294671590","https://openalex.org/I134560555","https://openalex.org/I4210119061","https://openalex.org/I3131550300","https://openalex.org/I4210160189"]},{"raw_affiliation_string":"No address","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5060007556","display_name":"Alexander Kogtenkov","orcid":"https://orcid.org/0000-0003-4873-8306"},"institutions":[{"id":"https://openalex.org/I2801221094","display_name":"Constructing Excellence","ror":"https://ror.org/04vxrkc13","country_code":"GB","type":"other","lineage":["https://openalex.org/I2801221094"]}],"countries":["GB"],"is_corresponding":false,"raw_author_name":"Alexander Kogtenkov","raw_affiliation_strings":["Formerly of Constructor Institute of Technology","No address"],"affiliations":[{"raw_affiliation_string":"Formerly of Constructor Institute of Technology","institution_ids":["https://openalex.org/I2801221094"]},{"raw_affiliation_string":"No address","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5073925128","display_name":"Bertrand Meyer","orcid":"https://orcid.org/0000-0002-5985-7434"},"institutions":[{"id":"https://openalex.org/I35440088","display_name":"ETH Zurich","ror":"https://ror.org/05a28rw58","country_code":"CH","type":"education","lineage":["https://openalex.org/I2799323385","https://openalex.org/I35440088"]},{"id":"https://openalex.org/I97750245","display_name":"Software (Spain)","ror":"https://ror.org/02ethns06","country_code":"ES","type":"company","lineage":["https://openalex.org/I4210087817","https://openalex.org/I97750245"]}],"countries":["CH","ES"],"is_corresponding":false,"raw_author_name":"Bertrand Meyer","raw_affiliation_strings":["ETH Zurich","Eiffel Software","No address"],"affiliations":[{"raw_affiliation_string":"ETH Zurich","institution_ids":["https://openalex.org/I35440088"]},{"raw_affiliation_string":"Eiffel Software","institution_ids":["https://openalex.org/I97750245"]},{"raw_affiliation_string":"No address","institution_ids":[]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5123224411","display_name":"Yinling Liu","orcid":null},"institutions":[{"id":"https://openalex.org/I90183372","display_name":"Universit\u00e9 de Lorraine","ror":"https://ror.org/04vfs2w97","country_code":"FR","type":"education","lineage":["https://openalex.org/I90183372"]}],"countries":["FR"],"is_corresponding":false,"raw_author_name":"Yinling Liu","raw_affiliation_strings":["CRAN, Universit\u00e9 de Lorraine","No address"],"affiliations":[{"raw_affiliation_string":"CRAN, Universit\u00e9 de Lorraine","institution_ids":["https://openalex.org/I90183372"]},{"raw_affiliation_string":"No address","institution_ids":[]}]}],"institutions":[],"countries_distinct_count":5,"institutions_distinct_count":5,"corresponding_author_ids":["https://openalex.org/A5100494937"],"corresponding_institution_ids":["https://openalex.org/I193619901"],"apc_list":null,"apc_paid":null,"fwci":null,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":{"value":0.89845954,"is_in_top_1_percent":true,"is_in_top_10_percent":true},"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":null,"last_page":null},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10126","display_name":"Logic, programming, and type systems","score":0.11755560338497162,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10126","display_name":"Logic, programming, and type systems","score":0.11755560338497162,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10639","display_name":"Advanced Software Engineering Methodologies","score":0.07520237565040588,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12784","display_name":"Modular Robots and Swarm Intelligence","score":0.06277983635663986,"subfield":{"id":"https://openalex.org/subfields/2210","display_name":"Mechanical Engineering"},"field":{"id":"https://openalex.org/fields/22","display_name":"Engineering"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/software-verification","display_name":"Software verification","score":0.6004592776298523},{"id":"https://openalex.org/keywords/formal-methods","display_name":"Formal methods","score":0.5857084393501282},{"id":"https://openalex.org/keywords/mathematical-proof","display_name":"Mathematical proof","score":0.564357578754425},{"id":"https://openalex.org/keywords/formal-verification","display_name":"Formal verification","score":0.5344327092170715},{"id":"https://openalex.org/keywords/software","display_name":"Software","score":0.520726203918457},{"id":"https://openalex.org/keywords/verification-and-validation","display_name":"Verification and validation","score":0.48812830448150635},{"id":"https://openalex.org/keywords/software-system","display_name":"Software system","score":0.48137393593788147},{"id":"https://openalex.org/keywords/software-development","display_name":"Software development","score":0.4085261821746826}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8613124489784241},{"id":"https://openalex.org/C33054407","wikidata":"https://www.wikidata.org/wiki/Q6504747","display_name":"Software verification","level":5,"score":0.6004592776298523},{"id":"https://openalex.org/C75606506","wikidata":"https://www.wikidata.org/wiki/Q1049183","display_name":"Formal methods","level":2,"score":0.5857084393501282},{"id":"https://openalex.org/C115903868","wikidata":"https://www.wikidata.org/wiki/Q80993","display_name":"Software engineering","level":1,"score":0.5816980600357056},{"id":"https://openalex.org/C108710211","wikidata":"https://www.wikidata.org/wiki/Q11538","display_name":"Mathematical proof","level":2,"score":0.564357578754425},{"id":"https://openalex.org/C111498074","wikidata":"https://www.wikidata.org/wiki/Q173326","display_name":"Formal verification","level":2,"score":0.5344327092170715},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.520726203918457},{"id":"https://openalex.org/C48002344","wikidata":"https://www.wikidata.org/wiki/Q2919644","display_name":"Verification and validation","level":2,"score":0.48812830448150635},{"id":"https://openalex.org/C149091818","wikidata":"https://www.wikidata.org/wiki/Q2429814","display_name":"Software system","level":3,"score":0.48137393593788147},{"id":"https://openalex.org/C529173508","wikidata":"https://www.wikidata.org/wiki/Q638608","display_name":"Software development","level":3,"score":0.4085261821746826},{"id":"https://openalex.org/C204323151","wikidata":"https://www.wikidata.org/wiki/Q905424","display_name":"Range (aeronautics)","level":2,"score":0.38860848546028137},{"id":"https://openalex.org/C110251889","wikidata":"https://www.wikidata.org/wiki/Q1569697","display_name":"Model checking","level":2,"score":0.3564475476741791},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.3510558009147644},{"id":"https://openalex.org/C116253237","wikidata":"https://www.wikidata.org/wiki/Q1437424","display_name":"Formal specification","level":2,"score":0.345577210187912},{"id":"https://openalex.org/C186846655","wikidata":"https://www.wikidata.org/wiki/Q3398377","display_name":"Software construction","level":4,"score":0.3241989016532898},{"id":"https://openalex.org/C202973057","wikidata":"https://www.wikidata.org/wiki/Q7380130","display_name":"Runtime verification","level":3,"score":0.3129698634147644},{"id":"https://openalex.org/C105339364","wikidata":"https://www.wikidata.org/wiki/Q2297740","display_name":"Software deployment","level":2,"score":0.30932605266571045},{"id":"https://openalex.org/C62460635","wikidata":"https://www.wikidata.org/wiki/Q5508853","display_name":"Functional verification","level":3,"score":0.2711595892906189},{"id":"https://openalex.org/C142284323","wikidata":"https://www.wikidata.org/wiki/Q7921323","display_name":"Verification","level":5,"score":0.26232224702835083},{"id":"https://openalex.org/C26517878","wikidata":"https://www.wikidata.org/wiki/Q228039","display_name":"Key (lock)","level":2,"score":0.2538721561431885}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/3785652","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3785652","pdf_url":null,"source":{"id":"https://openalex.org/S157921468","display_name":"ACM Computing Surveys","issn_l":"0360-0300","issn":["0360-0300","1557-7341"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319798","host_organization_name":"Association for Computing Machinery","host_organization_lineage":["https://openalex.org/P4310319798"],"host_organization_lineage_names":["Association for Computing Machinery"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"ACM Computing Surveys","raw_type":"journal-article"}],"best_oa_location":{"id":"doi:10.1145/3785652","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3785652","pdf_url":null,"source":{"id":"https://openalex.org/S157921468","display_name":"ACM Computing Surveys","issn_l":"0360-0300","issn":["0360-0300","1557-7341"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319798","host_organization_name":"Association for Computing Machinery","host_organization_lineage":["https://openalex.org/P4310319798"],"host_organization_lineage_names":["Association for Computing Machinery"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"ACM Computing Surveys","raw_type":"journal-article"},"sustainable_development_goals":[{"id":"https://metadata.un.org/sdg/9","display_name":"Industry, innovation and infrastructure","score":0.6816970109939575}],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":15,"referenced_works":["https://openalex.org/W2775081510","https://openalex.org/W2564949988","https://openalex.org/W4252184193","https://openalex.org/W3139619551","https://openalex.org/W3206261744","https://openalex.org/W2163347957","https://openalex.org/W4240497447","https://openalex.org/W2148662736","https://openalex.org/W2170674426","https://openalex.org/W3043183386","https://openalex.org/W3104549103","https://openalex.org/W2967277443","https://openalex.org/W2741973633","https://openalex.org/W4401722656","https://openalex.org/W2064390891"],"related_works":[],"abstract_inverted_index":{"The":[0],"technology":[1],"of":[2,19,28,34,56,71,96],"formal":[3,117],"software":[4,58,107],"verification":[5,97,118],"has":[6],"made":[7],"spectacular":[8],"advances,":[9],"but":[10],"how":[11],"much":[12],"does":[13],"it":[14],"actually":[15],"benefit":[16,115],"the":[17,26,48,57,65,91,94,99,103,106,126,131],"development":[18],"practical":[20],"software?":[21],"Considerable":[22],"disagreement":[23],"remains":[24],"about":[25],"practicality":[27],"building":[29],"systems":[30,82,132],"with":[31],"mechanically-checked":[32],"proofs":[33],"correctness.":[35],"Is":[36],"this":[37,63,123],"prospect":[38],"confined":[39],"to":[40,52,114],"a":[41,53,69,141],"few":[42],"expensive,":[43],"life-critical":[44],"projects,":[45,72],"or":[46],"can":[47],"idea":[49],"be":[50],"applied":[51],"wide":[54],"segment":[55],"industry?":[59],"To":[60],"help":[61],"answer":[62],"question,":[64],"present":[66],"survey":[67],"examines":[68],"range":[70],"in":[73],"various":[74],"application":[75],"areas,":[76],"that":[77,105],"have":[78],"produced":[79],"formally":[80],"verified":[81],"and":[83,102,120],"deployed":[84],"them":[85],"for":[86],"actual":[87],"use.":[88],"It":[89],"considers":[90],"technologies":[92],"used,":[93],"form":[95],"applied,":[98],"results":[100],"obtained,":[101],"lessons":[104],"industry":[108],"should":[109],"draw":[110],"regarding":[111],"its":[112],"ability":[113],"from":[116],"techniques":[119],"tools.":[121],"Note:":[122],"version":[124],"is":[125,143],"extended":[127],"article,":[128],"covering":[129,139],"all":[130],"identified":[133],"as":[134],"relevant.":[135],"A":[136],"shorter":[137],"version,":[138],"only":[140],"selection,":[142],"also":[144],"available.":[145]},"counts_by_year":[],"updated_date":"2026-01-17T23:15:25.596738","created_date":"2026-01-17T00:00:00"}