METHODOLOGICAL ASPECTS OF INTEGRATING FORMAL VERIFICATION INTO CI/CD PIPELINES: ANALYSIS OF CHALLENGES AND PROSPECTS
DOI:
https://doi.org/10.35546/kntu2078-4481.2025.1.2.34Keywords:
formal verification, CI/CD, DevOps, automation, scalability, software correctness, verification tools, cybersecurity, artificial intelligence, open toolsAbstract
The integration of formal verification into continuous integration and delivery (CI/CD) pipelines is an important stage in the development of modern software development methodologies. The article analyzes conceptual approaches to the use of formal methods to verify the correctness of software at different stages of CI/CD processes. The tools and technologies that ensure the integration of formal verification into DevOps cycles are considered, with an emphasis on automation of analysis, scalability of solutions and ensuring compliance with high quality standards.The article also highlights in detail key challenges, including the complexity of integration into existing infrastructures, the high computational cost of formal verification, the limited availability of specialized tools and the need to adapt to the specifics of CI/CD pipelines. Particular attention is paid to the issues of ensuring cybersecurity, compatibility with distributed systems and integration with artificial intelligence to increase the efficiency of verification processes.Real-world cases of successful implementation of formal verification in CI/CD pipelines are presented, in particular in large technology companies such as Amazon and Microsoft. The possibilities of combining formal methods with traditional testing or machine learning-based approaches to increase software reliability are analyzed.Development prospects are focused on the automation of formal verification, improving the toolkit for complex distributed systems, and developing adaptive solutions that allow scaling verification processes under high computational loads. The importance of open tools and platforms for formal verification, such as Z3, SPIN, and CBMC, which simplify the implementation of these methods in development, is separately considered. The presented research is aimed at increasing the reliability, performance, and security of modern software systems, as well as achieving compliance with international quality and cybersecurity standards.
References
Aichernig, B., Tretter, J., & Wolff, B. (2021). Formal methods in software engineering: Verification and validation approaches. Journal of Software Engineering and Applications, 14(6), 341–358 c.
Clarke, E., Grumberg, O., & Peled, D. (2022). Model checking. MIT Press.
Baier, C., Katoen, J., & Hähnle, R. (2020). Formal verification of software: Challenges and techniques. Formal Methods in System Design, 56(3), 248–272 c.
Bjørner, N., & Gurevich, Y. (2021). The role of formal methods in ensuring software correctness. Formal Methods for Software Engineering, 29(4), 185–203 c.
Microsoft Research. (2020). Formal verification of cloud services: Case studies and methods. Proceedings of the ACM on Cloud Computing, 11(2), 120–139 c.
Amazon Web Services (AWS). (2021). Using TLA+ for system modeling and verification. AWS Architecture Blog. Retrieved from https://aws.amazon.com/architecture/ Використано в розділі «Впровадження у промислових умовах».
Bjørner, N., & Gurevich, Y. (2021). Using cloud technologies for scalable formal verification. IEEE Transactions on Cloud Computing, 9(7), 412–426 c.
Amazon Web Services. (2021). TLA+: Model checking for cloud systems. Retrieved from https://aws.amazon.com/tla/
Katoen, J., & Baier, C. (2020). Formal verification in DevOps environments: Challenges and potential solutions. International Journal of Software Engineering and Knowledge Engineering, 30(3), 250–271 c..
Ng, B., & Turner, S. (2020). Cloud-based formal verification tools for DevSecOps. ACM Digital Library. Retrieved from https://dl.acm.org/
