Abstract Interpretation-based Static Analysis Tools:
|
|
- Amice Farmer
- 8 years ago
- Views:
Transcription
1 Abstract Interpretation-based Static Analysis Tools: Proving the Absence of Runtime Errors and Safe Upper Bounds on the Worst-Case Execution Time and Safe Upper Bounds on the Stack Usage Christian Ferdinand AbsInt GmbH 2013
2 AbsInt Angewandte Informatik GmbH Provides advanced development tools for embedded systems, and tools for validation, verification, and certification of safety-critical software. Founded in February 1998 by six researchers of Saarland University, Germany, from the group of programming languages and compiler construction of Prof. R. Wilhelm. Privately held by the founders. Selected Customers:
3 Background Time drift in Patriot rockets in 1991 [Rounding error] Crash of railway switch controller 1995 in HamburgAltona [Stack overflow] Explosion of Ariane rocket 1996 [Arithmetic overflow] AECL Medical Therac-25 incident ( ) [Arithmetic overflow]
4 Functional Safety Demonstration of functional correctness Required by Well-defined criteria Automated and/or model-based testing Formal techniques: model checking, theorem DO-178B / DO-178C ISO-26262, EN IEC proving Satisfaction of non-functional requirements No crashes due to runtime errors (Division by zero, Required by invalid pointer accesses, overflow and roundingdo-178b errors) / DO-178C Resource usage: ISO-26262, EN Timing requirements (e.g. WCET, WCRT) Memory requirements (e.g. no stack overflow) IEC Insufficient: Tests & Measurements Test end criteria unclear No full coverage possible "Testing, in general, cannot show the absence of errors." [DO-178B]
5 Key Products: AI-based Static Analyzers ait WCET Analyzer Proving the correct timing behavior Safe upper bounds on the worst-case execution time of tasks in real-time systems StackAnalyzer Excluding stack overflows Safe upper bounds on maximal stack usage of tasks Astrée Proving the absence of runtime errors (division by zero, arithmetic overflow, invalid pointer accesses, etc.) in C programs
6 Static Analysis an Overview General Definition: results are only computed from the program structure, without executing the program under analysis. Classification Syntax-based: Style checkers (e.g. MISRA-C) Unsound semantics-based: Bug-finders / bug-hunters. Can find some bugs, but cannot guarantee that all bugs are found. Examples: Splint, Coverity CMC, Klocwork K7, Sound semantics-based / Abstract Interpretation-based Can guarantee that all bugs (from the class under analysis) are found. Results valid for every possible program execution with any possible input scenario. Examples: ait, StackAnalyzer, Polyspace Verifier, Astrée.
7 Static Analysis an Overview General Definition: results are only computed from the program structure, without executing the program under analysis. Classification Syntax-based: Style checkers (e.g. MISRA-C) Unsound semantics-based: Bug-finders / bug-hunters. Can find some bugs, but cannot guarantee that all bugs are found. Examples: Splint, Coverity CMC, Klocwork K7, Sound semantics-based / Abstract Interpretation-based Can guarantee that all bugs (from the class under analysis) are found. Results valid for every possible program execution with any possible input scenario. Examples: ait, StackAnalyzer, Polyspace Verifier, Astrée.
8 Aerospace: DO-178B / DO-178C Verification is not simply testing. Testing, in general, cannot show the absence of errors.
9 Automotive: ISO Criticality levels: A(lowest) to D (highest) Excerpt from: Final Draft ISO Road vehicles - Functional safety Part 6: Product development: Software Level. Version ISO/FDIS :2011(E), 2011.
10 Automotive: ISO Excerpt from: Final Draft ISO Road vehicles - Functional safety Part 6: Product development: Software Level. Version ISO/FDIS :2011(E), 2011.
11 E&E Systems: IEC Edition 2.0 Excerpt from: IEC-61508, Edition 2.0. Functional safety of electrical/electronic/programmable electronic safety-related systems Part 3: Software requirements
12 E&E Systems: IEC Edition 2.0 Criticality levels: SIL1 (lowest) to SIL4 (highest) Confidence levels:
13 Railway: EN Excerpt from: DRAFT pren 50128, July 2009
14 Worst-Case Execution Time Analysis Controllers in planes, cars, plants, are expected to finish their tasks within reliable time bounds. Schedulability analysis must be performed. Hence, it is essential that an upper bound on the execution times of all runnables/tasks is known. Commonly called the Worst-Case Execution Time (WCET).
15 16 Probability The Timing Problem Best-case execution time Exact worst-case execution time Execution time
16 17 Probability The Timing Problem Best-case execution time Unsafe: execution time measurement Exact worst-case execution time Execution time
17 18 Probability The Timing Problem Best-case execution time Unsafe: execution time measurement Safe worst-case execution time estimate Exact worst-case execution time Execution time
18 19 Probability The Timing Problem Unsafe: execution time measurement Safe worst-case execution time estimate Execution time
19 ait WCET Analyzer Internal Structure
20 ait WCET Analyzer Combines global static program analysis by Abstract Interpretation: microarchitecture analysis (caches, pipelines, ) + value analysis integer linear programming for path analysis to provide safe and precise bounds on the WCET. Application Code void Task (void) { variable++; function(); next++: if (next) do this; terminate() } Specifications (*.ais) clock khz ; loop "_codebook" + 1 loop exactly 16 end ; recursion "_fac" max 6; SNIPPET "printf" IS NOT ANALYZED AND TAKES MAX 333 CYCLES; flow "U_MOD" + 0xAC bytes / "U_MOD" + 0xC4 bytes is max 4; Entry Point area from 0x20 to 0x497 is read-only; Compiler Linker Executable (*.elf / *.out) à ;Þ Kÿÿô;ÿ KÿÿØ 2}Œ`øÿÿ (8H# é³ ( ait Worst Case Execution Time Visualization, Documentation
21 ait WCET Analyzer Advantages WCET results determined automatically Valid for all inputs and all execution scenarios No modification of your code or tool chain required Integration into development tool chain Application areas Timing verification Feedback for optimization Software integration Architecture exploration 22
22 Stack Usage In safety-critical embedded systems the Stack is typically the only dynamically managed memory The stack is used to store Local variables Intermediate values Function parameters Function return addresses Start of reserved stack space Usable stack space Stack frame of current function SP /Stack Pointer End of reserved stack space
23 Stack Usage Analysis Stack space has to be reserved at configuration time => maximal stack usage has to be known. Underestimating stack usage can cause stack overflows. Stack overflows are severe errors: they can cause wrong reactions and program crashes, they are hard to recognize, they are hard to reproduce and fix.
24 Testing is difficult A traditional approach Fill the stack area with a pattern (0xAAAA) Let the system run for a long time Monitor the maximum stack usage so far Error-prone and expensive! Typical stack usage of a task can be very different from maximum stack usage. Dynamic testing typically cannot guarantee that the worst case stack usage has been observed.
25 Solution: StackAnalyzer StackAnalyzer computes save upper bounds of the stack usage of the tasks in a program for all inputs Static program analysis based on Abstract Interpretation Executable (elf,coff, ) à ;ÞKÿ ÿô;ÿ KÿÿØ 2}Œ`øÿÿ (8H#é³ ( Function pointers, recursion depths, instruction "_main" + 1 computed calls "_fooa", "_foob", "_fooc"; routine "_fib" incarnates max 5; Entry Points StackAnalyzer Stack Usage Visualization Documentation
26 StackAnalyzer: Static Stack Usage Analysis StackAnalyzer is an Abstract Interpretation based static analyzer which calculates safe and precise upper bounds of the maximal stack usage of the tasks in the system. It can prove the absence of stack overflows: on binary code without code modification without debug information taking into account loops and recursions taking into account inline assembly and library function calls
27 StackAnalyzer Advantages Results are determined automatically, valid for all inputs and all execution scenarios. No modification of your code or tool chain required. Code is analyzed as executed in the final system. Stack optimization/software integration. Successfully used for certification according to DO178B/Level A. Available for various processor/compiler combinations
28 The Static Analyzer Astrée Crashes or undefined behavior due to runtime errors are bad and too many false alarms are bad. Astrée detects all runtime errors with few false alarms: Array index out of bounds Integer division by 0 Invalid pointer dereferences Arithmetic overflows and wrap-arounds Floating point overflows and invalid operations (IEEE floating values Inf and NaN) + User-defined assertions, unreachable code, uninitialized variables recommended: C programs without dynamic memory allocation and recursion ALARM: invalid dereference: dereferencing 1 byte(s) at offset(s) 10 may overflow the variable ArrayBlock of byte-size 10 at [ ]
29 Astrée Domains Interval domain, Octagon domain. Floating-point computations: #include <stdio.h> Control programs often perform massive int main () { double x; float a,y,z,r1,r2; floating-point computations. a = 1.0; x = ; Rounding errors have to be taken into y = x+a; z = x-a; account for precise analysis. r1 = y - z; r2 = 2*a; Astrée approximates expressions on printf("(x+a)-(x-a) = %f\n", r1); printf("2a = %f\n", r2); variables Vk as } [ a0, b0 ] + [ak, bk ] Vk k Rounding modes can be changed during runtime. Astrée considers worst-case of all possible rounding modes. Output: (x+a)-(x-a) = a = Astrée result: r1 in [ e+08, e+08] r2 = 2.0 Further value domains: Decision tree domain, Digital filter domain, Clock domain, Memory domain.
30 Alarm Analysis: Example
31 The Zero Alarm Goal With zero alarms, absence of runtime errors is automatically proven by the analysis run, without additional reasoning Design features of Astrée: Precise and extensible analysis engine, combining powerful abstract domains (intervals, octagons, filters, decision trees, ) Support for precise alarm investigation Source code views/editors for original/preprocessed code The more precise the analysis is, the fewer false alarms there are. Astrée supports improving precision by parametrization: local tuning of analysis precision making external knowledge available to Astrée specialization: adaptation to software class and target hardware
32 Other Isues in Safety Standards handled by Astrée Control flow analysis Data flow analysis Static code analysis Semantic code analysis Soon: Shared variables Soon: Coding rule checker (MISRA C)
33 Astrée Advantages Low number of false alarms by high analysis precision. Special support for real-time systems, digital filters, Floating-point rounding errors taken into account Efficient elimination of false alarms High analysis speed Local tuning of analysis precision Efficient support for alarm analysis (intuitive GUI, variable values per context, ) High reliability. No alarms shadowed (no "green follows orange ) Seamless integration into development environment Flexible licensing models Qualified tool support (CET) and analysis service
34 36 Esterel SCADE + ait/stackanalyzer Analysis Results (XML) SCADE-aiT coupling Traceabilit y File (XML) ait Generated C Code Cross Compiler External C Code Executable Code
35 37 GUI Integration
36 38 SCADE: Model-Level Feedback
37 39 dspace TargetLink + Astrée TargetLink Code Generator Analysis Results (XML) TargetLink-aiT Coupling Data Dictionary Astrée Generated C Code Integratio n C Code Preprocesso r Preprocesse d C Code
38 EmbeddedTester Coupling Analysis Results (XML) EmbeddedTester Simulink/TargetLink Model Information void wrapper(){ AutoGenerated Analysis Models EmbeddedTester Astrée while (1){ subsys_function(); } } ait TargetLink Auto-Code Information StackAnalyzer
39 41 Tool Coupling Advantages Automatic transfer of model-level information to implementationlevel tools Analysis results are conveniently accessible from the modeling level Direct feedback on the effect of design decisions on resource usage Automatic Verification Cost savings estimation during European IST research project INTEREST on real-life software for SCADE-aiT coupling. Main findings: SCADE-Workflow with ait coupling saves 2 days per KLOC In average, for a 19 KLOC SW, 40 days are saved, which represent 66% of the total effort in the classical approach.
40 The Confidence Argument Absence of hazards has to be shown with adequate confidence: the evidence provided can be trusted beyond reasonable doubt. Abstract Interpretation is a formal verification method enabling provably sound analyses to be designed. Reasoning strategy: 1. Soundness proof of mathematical analysis specification. 2. Automatic generation of analyzer implementation from mathematical specification, enabling high implementation quality. 3. Empirical validation of chosen abstraction, i.e., analysis model. 4. Qualification Support Kits: demonstrating implementation correctness in operational context of tool users. 5. Qualification Software Life Cycle Data reports: soundness of tool development and validation process.
41 Qualification Support Kits
42
43 Summary Current safety standards also require to demonstrate nonfunctional program properties. In all of them, variants of static analysis are recommended or highly recommended as a verification technique AI-based static analyzers for non-functional properties are increasingly used in industry and can be considered as the state of the art. ait Worst-Case Execution Time Analyzer StackAnalyzer runtime error analyzer Astrée They can easily be integrated into (model-based) development processes and can contribute to reducing the V&V effort
44
A Static Analyzer for Large Safety-Critical Software. Considered Programs and Semantics. Automatic Program Verification by Abstract Interpretation
PLDI 03 A Static Analyzer for Large Safety-Critical Software B. Blanchet, P. Cousot, R. Cousot, J. Feret L. Mauborgne, A. Miné, D. Monniaux,. Rival CNRS École normale supérieure École polytechnique Paris
More informationWorst-Case Execution Time Prediction by Static Program Analysis
Worst-Case Execution Time Prediction by Static Program Analysis Reinhold Heckmann Christian Ferdinand AbsInt Angewandte Informatik GmbH Science Park 1, D-66123 Saarbrücken, Germany Phone: +49-681-38360-0
More informationStatic Analysis of Dynamic Properties - Automatic Program Verification to Prove the Absence of Dynamic Runtime Errors
Static Analysis of Dynamic Properties - Automatic Program Verification to Prove the Absence of Dynamic Runtime Errors Klaus Wissing PolySpace Technologies GmbH Argelsrieder Feld 22 82234 Wessling-Oberpfaffenhofen
More informationTowards Model-Driven Development of Hard Real-Time Systems
Towards Model-Driven Development of Hard Real-Time Systems Integrating ASCET and ait/stackanalyzer Christian Ferdinand 1, Reinhold Heckmann 1, Hans-Jörg Wolff 2, Christian Renz 2, Oleg Parshin 3, and Reinhard
More informationCertification of a Scade 6 compiler
Certification of a Scade 6 compiler F-X Fornari Esterel Technologies 1 Introduction Topic : What does mean developping a certified software? In particular, using embedded sofware development rules! What
More informationBest Practices for Verification, Validation, and Test in Model- Based Design
2008-01-1469 Best Practices for Verification, Validation, and in Model- Based Design Copyright 2008 The MathWorks, Inc. Brett Murphy, Amory Wakefield, and Jon Friedman The MathWorks, Inc. ABSTRACT Model-Based
More informationKnow or Go Practical Quest for Reliable Software
Know or Go Practical Quest for Reliable Software Dr.-Ing. Jörg Barrho Dr.-Ing. Ulrich Wünsche AVACS Project meeting 25.09.2014 2014 Rolls-Royce Power Systems AG The information in this document is the
More informationSoftware Production. Industrialized integration and validation of TargetLink models for series production
PAGE 24 EB AUTOMOTIVE Industrialized integration and validation of TargetLink models for series production Continuous Software Production The complexity of software systems in vehicles is increasing at
More informationComprehensive Static Analysis Using Polyspace Products. A Solution to Today s Embedded Software Verification Challenges WHITE PAPER
Comprehensive Static Analysis Using Polyspace Products A Solution to Today s Embedded Software Verification Challenges WHITE PAPER Introduction Verification of embedded software is a difficult task, made
More informationThe Course. http://www.cse.unsw.edu.au/~cs3153/
The Course http://www.cse.unsw.edu.au/~cs3153/ Lecturers Dr Peter Höfner NICTA L5 building Prof Rob van Glabbeek NICTA L5 building Dr Ralf Huuck NICTA ATP building 2 Plan/Schedule (1) Where and When Tuesday,
More informationOracle Solaris Studio Code Analyzer
Oracle Solaris Studio Code Analyzer The Oracle Solaris Studio Code Analyzer ensures application reliability and security by detecting application vulnerabilities, including memory leaks and memory access
More informationThe programming language C. sws1 1
The programming language C sws1 1 The programming language C invented by Dennis Ritchie in early 1970s who used it to write the first Hello World program C was used to write UNIX Standardised as K&C (Kernighan
More informationDesign of automatic testing tool for railway signalling systems software safety assessment
Risk Analysis VI 513 Design of automatic testing tool for railway signalling systems software safety assessment J.-G. Hwang 1, H.-J. Jo 1 & H.-S. Kim 2 1 Train Control Research Team, Korea Railroad Research
More informationSound Verification Techniques for Developing High-Integrity Medical Device Software
ESC-360 Sound Verification Techniques for Developing High-Integrity Medical Device Software Jay Abraham The MathWorks Paul Jones FDA / CDRH Raoul Jetley FDA / CDRH Abstract Embedded software in medical
More informationDie wichtigsten Use Cases für MISRA, HIS, SQO, IEC, ISO und Co. - Warum Polyspace DIE Embedded Code-Verifikationslösung ist.
Die wichtigsten Use Cases für MISRA, HIS, SQO, IEC, ISO und Co. - Warum Polyspace DIE Embedded Code-Verifikationslösung ist. Christian Guß Application Engineer The MathWorks GmbH 2015 The MathWorks, Inc.
More informationHelping you avoid stack overflow crashes!
Helping you avoid stack overflow crashes! One of the toughest (and unfortunately common) problems in embedded systems is stack overflows and the collateral corruption that it can cause. As a result, we
More informationStatic Verification of Non-Functional Software Requirements in the ISO-26262
Static Verification of Non-Functional Software Requirements in the ISO-26262 Daniel Kästner,Christian Ferdinand AbsInt GmbH Science Park 1 66123 Saarbrücken kaestner@absint.com ferdinand@absint.com Abstract:
More informationF-22 Raptor. Agenda. 1. Motivation
Model-Based Software Development and Automated Code Generation for Safety-Critical Systems F-22 Raptor for the Seminar Advanced Topics in Software Engineering for Safety-Critical Systems Cause: Bug in
More informationIntroduction to Static Analysis for Assurance
Introduction to Static Analysis for Assurance John Rushby Computer Science Laboratory SRI International Menlo Park CA USA John Rushby Static Analysis for Assurance: 1 Overview What is static analysis?
More informationTESSY Automated dynamic module/unit and. CTE Classification Tree Editor. integration testing of embedded applications. for test case specifications
TESSY Automated dynamic module/unit and integration testing of embedded applications CTE Classification Tree Editor for test case specifications Automated module/unit testing and debugging at its best
More informationNumerology - A Case Study in Network Marketing Fractions
Vers l analyse statique de programmes numériques Sylvie Putot Laboratoire de Modélisation et Analyse de Systèmes en Interaction, CEA LIST Journées du GDR et réseau Calcul, 9-10 novembre 2010 Sylvie Putot
More informationModel Based System Engineering (MBSE) For Accelerating Software Development Cycle
Model Based System Engineering (MBSE) For Accelerating Software Development Cycle Manish Patil Sujith Annamaneni September 2015 1 Contents 1. Abstract... 3 2. MBSE Overview... 4 3. MBSE Development Cycle...
More informationAnwendung von Polyspace im Software Entwicklungsprozess nach IEC 60880. München, 19.05.2011, Dr.-Ing. Jörg Barrho
Anwendung von Polyspace im Software Entwicklungsprozess nach IEC 60880 München, 19.05.2011, Dr.-Ing. Jörg Barrho Agenda 01 Tognum and MTU Friedrichshafen 02 Background and project 03 Overview IEC 60880
More informationSimulink Modeling Guidelines for High-Integrity Systems
Simulink Modeling Guidelines for High-Integrity Systems R2015a How to Contact MathWorks Latest news: www.mathworks.com Sales and services: www.mathworks.com/sales_and_services User community: www.mathworks.com/matlabcentral
More informationIntroduction of ISO/DIS 26262 (ISO 26262) Parts of ISO 26262 ASIL Levels Part 6 : Product Development Software Level
ISO 26262 the Emerging Automotive Safety Standard Agenda Introduction of ISO/DIS 26262 (ISO 26262) Parts of ISO 26262 ASIL Levels Part 4 : Product Development System Level Part 6 : Product Development
More informationOverview of Existing Safeguarding Techniques for Automatically Generated Code
Overview of Existing Safeguarding Techniques for Automatically Generated Code Ingo Stürmer Member of the ACM stuermer@acm.org Daniela Weinberg Fraunhofer FIRST Computer Architecture and Software Technology
More informationIBM Rational Rhapsody
IBM Rational Rhapsody IBM Rational Rhapsody Reference Workflow Guide Version 1.9 License Agreement No part of this publication may be reproduced, transmitted, stored in a retrieval system, nor translated
More informationTechnical Data Sheet SCADE Suite R16. Software Prototyping and Design. Technical Data Sheet SCADE Suite R16 1
SCADE Suite R6 SCADE Suite is a product line of the ANSYS Embedded software family of products and solutions that empowers users with a Model-Based Development Environment for critical embedded software.
More informationReduce Medical Device Compliance Costs with Best Practices. mark.pitchford@ldra.com
Reduce Medical Device Compliance Costs with Best Practices mark.pitchford@ldra.com 1 Agenda Medical Software Certification How new is Critical Software Certification? What do we need to do? What Best Practises
More informationCertification Authorities Software Team (CAST) Position Paper CAST-13
Certification Authorities Software Team (CAST) Position Paper CAST-13 Automatic Code Generation Tools Development Assurance Completed June 2002 NOTE: This position paper has been coordinated among the
More informationCritical Systems Validation. Objectives
Critical Systems Validation Ian Sommerville 2006 Software Engineering, 8th edition. Chapter 24 Slide 1 Objectives To explain how system reliability can be measured and how reliability growth models can
More informationStatic Analysis of the Mars Exploration Rover Flight Software
Static Analysis of the Mars Exploration Rover Flight Software Guillaume Brat Kestrel Technology brat@email.arc.nasa.gov Roger Klemm California Institute of Technology roger.klemm@jpl.nasa.gov Abstract
More informationBoolean Expressions, Conditions, Loops, and Enumerations. Precedence Rules (from highest to lowest priority)
Boolean Expressions, Conditions, Loops, and Enumerations Relational Operators == // true if two values are equivalent!= // true if two values are not equivalent < // true if left value is less than the
More informationFROM SAFETY TO SECURITY SOFTWARE ASSESSMENTS AND GUARANTEES FLORENT KIRCHNER (LIST)
FROM SAFETY TO SECURITY SOFTWARE ASSESSMENTS AND GUARANTEES FLORENT KIRCHNER (LIST) M loc 12 ONBOARD SOFTWARE SIZE 10 Volt (2011) F-35 (2012) 8 6 787 (2010) F-35 (2010) 4 2 F-22 (2005) 0 WHY DO WE TRUST
More informationHabanero Extreme Scale Software Research Project
Habanero Extreme Scale Software Research Project Comp215: Java Method Dispatch Zoran Budimlić (Rice University) Always remember that you are absolutely unique. Just like everyone else. - Margaret Mead
More informationWhen COTS is not SOUP Commercial Off-the-Shelf Software in Medical Systems. Chris Hobbs, Senior Developer, Safe Systems
When COTS is not SOUP Commercial Off-the-Shelf Software in Medical Systems Chris Hobbs, Senior Developer, Safe Systems 2 Audience and Assumptions Who will benefit from this presentation? Software designers
More informationModel-based Testing of Automotive Systems
Model-based Testing of Automotive Systems Eckard Bringmann and Andreas Krämer ICST 08 Presented by Julia Rubin on November 21, 2012 Multidisciplinary Business 2 Supply Chain of Components 3 Innovation
More informationGold Standard Method for Benchmarking C Source Code Static Analysis Tools
Gold Standard Method for Benchmarking C Source Code Static Analysis Tools Cyber Security Division 2012 Principal Investigators Meeting October 11, 2012 Henny Sipma Sr. Computer Scientist Kestrel Technology,
More informationAstrée: Building a Static Analyzer for Real-Life Programs
Astrée: Building a Static Analyzer for Real-Life Programs Antoine Miné CNRS & École normale supérieure Paris, France Workshop on Learning From experience June 6th, 2010 LFX June 6th, 2010 Astrée: Building
More informationQA Analysis of the WRF Program
QA Analysis of the WRF Program WRF Workshop, Boulder Colorado, 26-28th June 2012 Mark Anderson 1 John Collins 1,2,3,4 Brian Farrimond 1,2,4 mark.anderson@edgehill.ac.uk john.collins@simconglobal.com brian.farrimond@simconglobal.com
More informationThe FDA Forensics Lab, New Tools and Capabilities
U. S. Department of Health and Human Services The FDA Forensics Lab, New Tools and Capabilities Symposium on Static Code Analysis and Complex Medical Devices University of Minnesota July 23, 2009 Static
More informationSCADE Suite in Space Applications
SCADE Suite in Space Applications at EADS David Lesens 09/10/2008 Overview Introduction Historical use of SCADE at EADS Astrium ST Why using SCADE? The Automatic Transfer Vehicle (ATV) M51 and Vega R&T
More informationhttps://runtimeverification.com Grigore Rosu Founder, President and CEO Professor of Computer Science, University of Illinois
https://runtimeverification.com Grigore Rosu Founder, President and CEO Professor of Computer Science, University of Illinois Runtime Verification, Inc. (RV): startup company aimed at bringing the best
More informationSecure Software Programming and Vulnerability Analysis
Secure Software Programming and Vulnerability Analysis Christopher Kruegel chris@auto.tuwien.ac.at http://www.auto.tuwien.ac.at/~chris Testing and Source Code Auditing Secure Software Programming 2 Overview
More informationOpenGL ES Safety-Critical Profile Philosophy
OpenGL ES Safety-Critical Profile Philosophy Claude Knaus July 5th, 2004 OpenGL is a registered trademark, and OpenGL ES is a trademark, of Silicon Graphics, Inc. 1 1 Overview The Safety-Critical profile
More informationChapter 7D The Java Virtual Machine
This sub chapter discusses another architecture, that of the JVM (Java Virtual Machine). In general, a VM (Virtual Machine) is a hypothetical machine (implemented in either hardware or software) that directly
More informationDATA ITEM DESCRIPTION
DD Form 1664, APR 89 Previous editions are obsolete Page 1 of 4 Pages 135/123 DATA ITEM DESCRIPTION Form Approved OMB NO.0704-0188 Public reporting burden for collection of this information is estimated
More informationModule 10. Coding and Testing. Version 2 CSE IIT, Kharagpur
Module 10 Coding and Testing Lesson 23 Code Review Specific Instructional Objectives At the end of this lesson the student would be able to: Identify the necessity of coding standards. Differentiate between
More informationQualifying Software Tools According to ISO 26262
Qualifying Software Tools According to ISO 26262 Mirko Conrad 1, Patrick Munier 2, Frank Rauch 3 1 The MathWorks, Inc., Natick, MA, USA mirko.conrad@mathworks.com 2 The MathWorks, SAS, Grenoble, France
More informationSatisfying ASIL Requirements with Parasoft C++test Achieving Functional Safety in the Automotive Industry
Satisfying Requirements with Parasoft C++test Achieving Functional Safety in the Automotive Industry Introduction Safety functions are increasingly being carried out by electrical, electronic, or programmable
More informationSoftware Testing & Analysis (F22ST3): Static Analysis Techniques 2. Andrew Ireland
Software Testing & Analysis (F22ST3) Static Analysis Techniques Andrew Ireland School of Mathematical and Computer Science Heriot-Watt University Edinburgh Software Testing & Analysis (F22ST3): Static
More informationEmbedded Systems. Review of ANSI C Topics. A Review of ANSI C and Considerations for Embedded C Programming. Basic features of C
Embedded Systems A Review of ANSI C and Considerations for Embedded C Programming Dr. Jeff Jackson Lecture 2-1 Review of ANSI C Topics Basic features of C C fundamentals Basic data types Expressions Selection
More informationDevelopment of AUTOSAR Software Components within Model-Based Design
2008-01-0383 Development of AUTOSAR Software Components within Model-Based Design Copyright 2008 The MathWorks, Inc. Guido Sandmann Automotive Marketing Manager, EMEA The MathWorks Richard Thompson Senior
More informationMPLAB TM C30 Managed PSV Pointers. Beta support included with MPLAB C30 V3.00
MPLAB TM C30 Managed PSV Pointers Beta support included with MPLAB C30 V3.00 Contents 1 Overview 2 1.1 Why Beta?.............................. 2 1.2 Other Sources of Reference..................... 2 2
More informationWe drive Aurix to success Aurix Services for Automotive & Industrial
Building a safe and secure embedded world We drive Aurix to success Aurix Services for Automotive & Industrial > Services HITEX: An Preferred Design House (PDH) Questions about? Ask us Aurix Services for
More informationTowards practical reactive security audit using extended static checkers 1
Towards practical reactive security audit using extended static checkers 1 Julien Vanegue 1 Shuvendu K. Lahiri 2 1 Bloomberg LP, New York 2 Microsoft Research, Redmond May 20, 2013 1 The work was conducted
More informationWIND RIVER DIAB COMPILER
AN INTEL COMPANY WIND RIVER DIAB COMPILER Boost application performance, reduce memory footprint, and produce high-quality, standards-compliant object code for embedded systems with Wind River Diab Compiler.
More informationwww.dspace.com Model-Based Development of Safety-Critical Software: Safe and Effi cient
www.dspace.com Model-Based Development of Safety-Critical Software: Safe and Effi cient Translation of Sicherheitskritische Software entwickeln Published at: MEDengineering, 06/2012 Software for safety-critical
More informationSoftware Reliability Estimation Based on Static Error Detection
7 th Central and Eastern European Software Engineering Conference in Russia - CEE-SECR 2011 October 31 November 3, Moscow Software Reliability Estimation Based on Static M. Moiseev, M. Glukhikh, A. Karpenko,
More informationSoftware testing. Objectives
Software testing cmsc435-1 Objectives To discuss the distinctions between validation testing and defect testing To describe the principles of system and component testing To describe strategies for generating
More informationHow Safe does my Code Need to be? Shawn A. Prestridge, Senior Field Applications Engineer
How Safe does my Code Need to be? Shawn A. Prestridge, Senior Field Applications Engineer Agendum What the benefits of Functional Safety are What the most popular safety certifications are Why you should
More informationReasoning about Safety Critical Java
Reasoning about Safety Critical Java Chris Marriott 27 th January 2011 Motivation Safety critical systems are becoming part of everyday life Failure can potentially lead to serious consequences Verification
More informationQuality Assurance of Models for Autocoding
Quality Assurance of Models for Autocoding Ann Cass, Pierre Castori S YNS PACE AG Hardstrasse 11 CH - 4052 Basel ac@synspace.com, pc@synspace.com Abstract: Automatic Code Generation is an emerging technology
More informationThe C Programming Language course syllabus associate level
TECHNOLOGIES The C Programming Language course syllabus associate level Course description The course fully covers the basics of programming in the C programming language and demonstrates fundamental programming
More informationISO 26262 Introduction
ISO 26262 Introduction Prof. Christian Madritsch 2012 Table of Contents Structure of ISO 26262 Management of Functional Safety Product Development System Level Product Development Hardware Level Product
More informationMotivations 1. What is (or should be) the essential preoccupation of computer scientists?
Improving Systems Quality Challenges and Trends An Abstract Interpretation Perspective Patrick COUSOT École Normale Supérieure 45 rue d Ulm, 75230 Paris cedex 05, France Patrick.Cousot@ens.fr www.di.ens.fr/
More informationConverting Models from Floating Point to Fixed Point for Production Code Generation
MATLAB Digest Converting Models from Floating Point to Fixed Point for Production Code Generation By Bill Chou and Tom Erkkinen An essential step in embedded software development, floating- to fixed-point
More informationHow To Develop A Static Analysis System For Large Programs
Towards the Industrial Scale Development of Custom Static Analyzers John Anton, Eric Bush, Allen Goldberg, Klaus Havelund, Doug Smith, Arnaud Venet Kestrel Technology LLC 4984 El Camino Real #230 Los Altos,
More informationRequirements-driven Verification Methodology for Standards Compliance
Requirements-driven Verification Methodology for Standards Compliance Serrie-justine Chapman (TVS) serrie@testandverification.com Mike Bartley (TVS) mike@testandverification.com Darren Galpin (Infineon)
More informationBest practices for developing DO-178 compliant software using Model-Based Design
Best practices for developing DO-178 compliant software using Model-Based Design Raymond G. Estrada, Jr. 1 The MathWorks, Torrance, CA Eric Dillaber. 2 The MathWorks, Natick, MA Gen Sasaki 3 The MathWorks,
More informationASSESSMENT OF THE ISO 26262 STANDARD, ROAD VEHICLES FUNCTIONAL SAFETY
ASSESSMENT OF THE ISO 26262 STANDARD, ROAD VEHICLES FUNCTIONAL SAFETY Dr. Qi Van Eikema Hommes SAE 2012 Government/Industry Meeting January 25, 2012 1 Outline ISO 26262 Overview Scope of the Assessment
More informationIntegrated Model-based Software Development and Testing with CSD and MTest
Integrated Model-based Software Development and Testing with CSD and Andreas Rau / Mirko Conrad / Helmut Keller / Ines Fey / Christian Dziobek DaimlerChrysler AG, Germany fa-stz-andreas.rau Mirko.Conrad
More informationWiederverwendung von Testfällen bei der modellbasierten SW-Entwicklung
Wiederverwendung von Testfällen bei der modellbasierten SW-Entwicklung DGLR Workshop "Verifikation in der modellbasierten Software-Entwicklung" Garching, 04 October 2011 Dipl.-Ing. Peter Hermle, Key Account
More informationStatic vs. Dynamic Testing How Static Analysis and Run-Time Testing Can Work Together. Outline
Static vs. Dynamic Testing How Static Analysis and Run-Time Testing Can Work Together S. Tucker Taft and Brian Lesuer SQGNE December 2006 Outline The Challenges Facing Software Testing A Software Testing
More informationIKOS: A Framework for Static Analysis based on Abstract Interpretation (Tool Paper)
IKOS: A Framework for Static Analysis based on Abstract Interpretation (Tool Paper) Guillaume Brat, Jorge A. Navas, Nija Shi, and Arnaud Venet NASA Ames Research Center, Moffett Field, CA 94035 Abstract.
More informationEffective Software Verification for Medical Devices
STERLINGTECH AND KLOCWORK WHITE PAPER NOVEMBER 2009 Effective Software Verification for Medical Devices Achieving compliance and meeting productivity goals with static analysis In addition to producing
More informationA Comparative Study of Industrial Static Analysis Tools (Extended Version)
Technical reports in Computer and Information Science Report number 2008:3 A Comparative Study of Industrial Static Analysis Tools (Extended Version) by Pär Emanuelsson and Ulf Nilsson par.emanuelsson@ericsson.com,
More informationSoftware in safety critical systems
Software in safety critical systems Software safety requirements Software safety integrity Budapest University of Technology and Economics Department of Measurement and Information Systems Definitions
More informationINTEGRATION OF THE CODE GENERATION APPROACH IN THE MODEL-BASED DEVELOPMENT PROCESS BY MEANS OF TOOL CERTIFICATION
Journal of Integrated Design and Process Science, Vol. 8 (2), pp.-, 2004 INTEGRATION OF THE CODE GENERATION APPROACH IN THE MODEL-BASED DEVELOPMENT PROCESS BY MEANS OF TOOL CERTIFICATION Ingo Stürmer Department
More informationEE361: Digital Computer Organization Course Syllabus
EE361: Digital Computer Organization Course Syllabus Dr. Mohammad H. Awedh Spring 2014 Course Objectives Simply, a computer is a set of components (Processor, Memory and Storage, Input/Output Devices)
More informationDesigning Predictable Multicore Architectures for Avionics and Automotive Systems extended abstract
Designing Predictable Multicore Architectures for Avionics and Automotive Systems extended abstract Reinhard Wilhelm, Christian Ferdinand, Christoph Cullmann, Daniel Grund, Jan Reineke, Benôit Triquet
More informationA Tool for Generating Partition Schedules of Multiprocessor Systems
A Tool for Generating Partition Schedules of Multiprocessor Systems Hans-Joachim Goltz and Norbert Pieth Fraunhofer FIRST, Berlin, Germany {hans-joachim.goltz,nobert.pieth}@first.fraunhofer.de Abstract.
More informationLogistics. Software Testing. Logistics. Logistics. Plan for this week. Before we begin. Project. Final exam. Questions?
Logistics Project Part 3 (block) due Sunday, Oct 30 Feedback by Monday Logistics Project Part 4 (clock variant) due Sunday, Nov 13 th Individual submission Recommended: Submit by Nov 6 th Scoring Functionality
More informationMeeting DO-178B Software Verification Guidelines with Coverity Integrity Center
Meeting DO-178B Software Verification Guidelines with Coverity Integrity Center May, 2009 Thomas Schultz Director of Product Strategy, Coverity, Inc. Executive Summary Development organizations that create
More informationumps software development
Laboratorio di Sistemi Operativi Anno Accademico 2006-2007 Software Development with umps Part 2 Mauro Morsiani Software development with umps architecture: Assembly language development is cumbersome:
More informationLaboratorio di Sistemi Operativi Anno Accademico 2009-2010
Laboratorio di Sistemi Operativi Anno Accademico 2009-2010 Software Development with umps Part 2 Mauro Morsiani Copyright Permission is granted to copy, distribute and/or modify this document under the
More informationHow To Port A Program To Dynamic C (C) (C-Based) (Program) (For A Non Portable Program) (Un Portable) (Permanent) (Non Portable) C-Based (Programs) (Powerpoint)
TN203 Porting a Program to Dynamic C Introduction Dynamic C has a number of improvements and differences compared to many other C compiler systems. This application note gives instructions and suggestions
More informationKeil C51 Cross Compiler
Keil C51 Cross Compiler ANSI C Compiler Generates fast compact code for the 8051 and it s derivatives Advantages of C over Assembler Do not need to know the microcontroller instruction set Register allocation
More informationSAFE SOFTWARE FOR SPACE APPLICATIONS: BUILDING ON THE DO-178 EXPERIENCE. Cheryl A. Dorsey Digital Flight / Solutions cadorsey@df-solutions.
SAFE SOFTWARE FOR SPACE APPLICATIONS: BUILDING ON THE DO-178 EXPERIENCE Cheryl A. Dorsey Digital Flight / Solutions cadorsey@df-solutions.com DIGITAL FLIGHT / SOLUTIONS Presentation Outline DO-178 Overview
More information11.1 inspectit. 11.1. inspectit
11.1. inspectit Figure 11.1. Overview on the inspectit components [Siegl and Bouillet 2011] 11.1 inspectit The inspectit monitoring tool (website: http://www.inspectit.eu/) has been developed by NovaTec.
More informationThe Road from Software Testing to Theorem Proving
The Road from Software Testing to Theorem Proving A Short Compendium of my Favorite Software Verification Techniques Frédéric Painchaud DRDC Valcartier / Robustness and Software Analysis Group December
More informationMPI-Checker Static Analysis for MPI
MPI-Checker Static Analysis for MPI Alexander Droste, Michael Kuhn, Thomas Ludwig November 15, 2015 Motivation 2 / 39 Why is runtime analysis in HPC challenging? Large amount of resources are used State
More informationSCADE SUITE SOFTWARE VERIFICATION PLAN FOR DO-178B LEVEL A & B
SCADE SUITE SOFTWARE VERIFICATION PLAN FOR DO-78B LEVEL A & B TABLE OF CONTENTS. INTRODUCTION..... PURPOSE..... RELATED DOCUMENTS..... GLOSSARY... 9.. CONVENTIONS..... RELATION WITH OTHER PLANS....6. MODIFICATION
More informationA JIT Compiler for Android s Dalvik VM. Ben Cheng, Bill Buzbee May 2010
A JIT Compiler for Android s Dalvik VM Ben Cheng, Bill Buzbee May 2010 Overview View live session notes and ask questions on Google Wave: http://bit.ly/bizjnf Dalvik Environment Trace vs. Method Granularity
More informationAutomated Theorem Proving - summary of lecture 1
Automated Theorem Proving - summary of lecture 1 1 Introduction Automated Theorem Proving (ATP) deals with the development of computer programs that show that some statement is a logical consequence of
More informationReal-Time Software. Basic Scheduling and Response-Time Analysis. René Rydhof Hansen. 21. september 2010
Real-Time Software Basic Scheduling and Response-Time Analysis René Rydhof Hansen 21. september 2010 TSW (2010e) (Lecture 05) Real-Time Software 21. september 2010 1 / 28 Last Time Time in a real-time
More informationSystem-on-Chip Design Verification: Challenges and State-of-the-art
System-on-Chip Design Verification: Challenges and State-of-the-art Prof. Sofiène Tahar Hardware Verification Group Concordia University Montréal, QC, CANADA MCSOC 12 Aizu-Wakamatsu, Fukushima, Japan September
More informationRigorous Methods for Software Engineering (F21RS1) High Integrity Software Development
Rigorous Methods for Software Engineering (F21RS1) High Integrity Software Development Andrew Ireland Department of Computer Science School of Mathematical and Computer Sciences Heriot-Watt University
More informationTechnical Data Sheet SCADE R17 Solutions for ARINC 661 Compliant Systems Design Environment for Aircraft Manufacturers, CDS and UA Suppliers
661 Solutions for ARINC 661 Compliant Systems SCADE R17 Solutions for ARINC 661 Compliant Systems Design Environment for Aircraft Manufacturers, CDS and UA Suppliers SCADE Solutions for ARINC 661 Compliant
More information