SEC Special Seminar October 14 th Chris Tapp, LDRA
|
|
- Winifred Thompson
- 7 years ago
- Views:
Transcription
1 SEC Special Seminar October 14 th 2015 Chris Tapp, LDRA
2 Agenda MISRA C++ update MISRA Compliance Deviations Adopted Code 2
3 MISRA C++ Update Current activity and future plans
4 Current activity Group restarted July 2014 and plans to meet three or four times a year - Bulletin Board Questions - Stand-alone Technical Corrigendum and updated 2008 document (incorporating the TC) will likely be ready late in 2015 or early in New C++ version(s) o The ISO C++ group have released two new versions (2011, 2014) since MISRA C++:2008 was published and will release further versions every three years 4
5 Bulletin Board Questions Some 50 questions have been reviewed Many can be answered by simply posting a reply to the Bulletin Board A number will require corrections to be issued within the Technical Corrigendum 5
6 Future plans update MISRA C++ Bring document up to the same standard as MISRA C: Better rationale, more examples, exceptions, more precise Add support for later versions of C++ - Probably using a single document to support all versions Backport new C++ features for use with the 2003 version - E.g. overload and final from the 2011 version these features are helpful and can be emulated within 2003 (and 2008) code 6
7 Future plans secure programming Add new guidance to support secure programming - Much of this is already covered by the existing guidelines - Most security vulnerabilities have the same underlying causes as safety issues o Undefined behaviour o Common developer errors o Failure to validate input data / run-time errors 7
8 Future plans annotations Add new guidance for the use of annotations - Aim will be to improve the quality and / or precision of static analysis o Identify pure functions many MISRA guidelines are more tolerant if it can be shown that functions do not contain persistent side-effects o Pre-conditions and post-conditions these will help improve data-flow related analysis (range checking, array bounds) 8
9 Future plans formal methods New guidance in the area of formal methods - But in a way that most developers will be able to use and understand we don t want to frighten lighter users of MISRA! - Will work in conjunction with annotations with the aim of allowing a project to use limited formal specification when it will help a project to meet its (A)SIL requirements - It will be made clear that there is no obligation for a project to use formal methods for it to be MISRA compliant 9
10 Future plans rolling release Providing coverage for new versions of the language standard requires a lot of effort! Two options - Wait until coverage for a version is complete before releasing updates o Will be difficult to keep up with the ISO group! o Long delays in making improvements available to the user community - Release updates when significant milestones are reached o Significant will depend on what feature(s) are considered to add significant value to the user community - Implications on publication o PDF is easy o Printed not so easy as printing costs are high Print on demand (PoD) is being investigated 10
11 Other possibilities Other publications - Investigating the feasibility of producing various guides / papers o PDF only - Programming-related issues o Will be written to be applicable to MISRA C when there is a overlap - Possible topics o Security o Formal methods / contract-based programming o Application and low-level programming o Managing Adopted Code (libraries, SOUP) o Dynamic memory allocation o Others 11
12 MISRA Compliance
13 Compliance What is compliance? Why is it important? Does compliant always mean high quality? 13
14 What is compliance? It is a statement claiming that the code within a project complies with the restrictions and controls imposed by a MISRA subset (e.g. MISRA C:2012) A statement of compliance is a form of self-certification - The organization producing the code is responsible for ensuring that it is compliant - Evidence needs to be produced to support a claim of compliance 14
15 What is compliance? 15
16 What is compliance? Note that compliance can only be claimed for a project - Unlike (e.g.) CMMI, an organization cannot be MISRA Compliant An accurate claim of compliance requires the use of skilled staff - It is not good enough to simply rely on the reports produced by analysis tools these need to be thoroughly reviewed and tool configurations validated Trying to make a project compliant at the end will be a painful and demoralizing task - It is not a tick-box exercise - It needs to be designed in and monitored during development 16
17 Why is compliance important? Compliance with a language subset is often required by international standards, e.g. - IEC and derivatives, such as ISO DO-178C - Etc. Issuing a compliance statement helps to demonstrate how this objective has been met 17
18 Compliance claims Compliance claims must be supported by evidence to show o How compliance has been enforced o How compliance has been verified Compliance claims must be independently verifiable - A customer should not blindly accept a claim of compliance issued by a supplier - Suppliers should expect to provide evidence to support a claim Compliance claims are not absolute - Different tools and processes are likely to give different results o Mainly due to decidability issues and the use of natural language to specify the guidelines 18
19 Does compliant mean high quality? That depends u8 u8a; s8 s8a; u16 u16a; u32a = s8a * u8a; // Non-compliant Would a deviation be acceptable here or should the code be written in a compliant manner? - Both options make the code compliant, but the first would be unlikely to be consistent with high quality 19
20 Deviations
21 Deviations MISRA expects the majority of projects to contain violations of the guidelines - They are likely to be essential when hardware is being controlled - Probably avoidable in most pure application code Violations are acceptable provided that they are covered by a valid deviation - A violation is simply a non-compliance with a guideline - A deviation is a violation supported by a process and documentation Requests for code with no deviations should be treated with caution! - Most likely when the person ordering the code comes from a non-misra background. For example, SPARK ADA does not recognise the concept of deviations code must be strictly conforming with no violations 21
22 When is a violation a valid deviation? The violation must be justifiable on strong technical grounds - Never just for developer convenience! The use of deviations must be controlled through a formal deviation process - Deviations are requested by a developer - Approved by a manager - Signed-off (risk accepted) by a suitable technical authority It is never acceptable for code to be made compliant by using a deviation to cover a violation which could reasonably have been avoided 22
23 Justifying a Deviation Reasons Any deviation should be attributable to one or more of the following reasons: - Performance - Alternative build configurations - Access to hardware - Defensive coding - Code quality - Adopted code integration - Non-compliant adopted code 23
24 Justifying a deviation what are the options? Once a reason has been identified an explanation should be given to explain what other options were considered and why they are not suitable - Can a different compiler be used? o More efficient code - Can other language features be used? o May be less efficient, but do they result in better quality attributes (more readable, easier to maintain, better testability, etc.)? 24
25 Technical authorities Skill and experience is needed when deciding if a violation should be signedoff (accepted) as a deviation - The rationale must be understood - The steps taken to mitigate any danger must be understood - Review can be non-trivial due to the potential for interaction between the guidelines when one is violated: o A violation of Rule 11.8 A cast shall not remove any const or volatile qualification from the type pointer to by a pointer can negate the protection provided by Rule 7.4 A string literal shall not be assigned to an object unless the object s type is pointer to const-qualified char o In this case the implications of a violation may not be constrained to the point in the code where the violation occurs all paths leading to that point will also need to be considered 25
26 Example of interaction const char * const message = "Hello World!"; void f1( char * p1 ) { *p1 = ' 0'; // Processing "message" at this point leads // to undefined behaviour } void f2( const char * p2 ) { // Deviation XYZ f1( ( char * )p2 ); // Violates MISRA C:2012 Rule 11.8 } void f3( void ) { f2( message ); // Complies with MISRA C:2012 Rule 7.4 } 26
27 Technical authorities Knowledge of how the language behaves is also important - Consider the common practice of using defensive code static enum { E1, E2 } E; switch ( E ) { case E1: action_1(); break; case E2: action_2(); break; default: an_error(); break; // May be unreachable } - The compiler may eliminate the path to the default and remove the code - This may be reported by an analysis tool - Simply adding a deviation will not make the code reachable - Testing may show coverage of the default, but it may still be missing in the binary used in production! 27
28 28
29 29
30 30
31 31
32 32
33 Limiting the number of deviations
34 Why limit the number of deviations? For the supplier - Limit the process overhead associated with each deviation - Improve the development culture For the customer - Reduce the effort required to audit compliance It is important to ensure that code is easy to understand, test and maintain - Too many deviations may give code that meets its time and resource constraints, but is it really a feasible solution? - One real danger is the uncontrolled, excessive use of macros o At the extreme, the code can only be reviewed when looking at the output of the pre-processor 34
35 How can their numbers be controlled? By the use of a guideline re-categorization policy By the use of deviation use-cases 35
36 Guideline re-categorization MISRA allocates a category to each guideline - Mandatory violations are never permitted - Required violations are permitted when supported by a deviation - Advisory violations should be avoided where practicable, but a formal deviation may not be required where violations exist The categories within the MISRA documents define the minimum enforcement level to be used for the guidelines - It is likely that a project will be able to raise the enforcement level for many Required guidelines to Mandatory - A project may also decide to raise Advisory guidelines to Required (or even Mandatory ) 36
37 Guidelines categorized as Required The requirements and restrictions should generally be followed all the time, but there can be conditions under which a deviation may be required, which is why they are not Mandatory (as deviations are never permitted) - The guidelines relating to implementation-defined and undefined language behaviours used when dealing with hardware are most commonly the ones which are likely to require deviation o For example, using a pointer to short to access the two words of a long on a 16-bit machine - Any Required guidelines that are not expected to be subject to deviations should be elevated to Mandatory o Developers then know that a deviation request will not be accepted o Can be reduced to Required later on if deviation becomes necessary 37
38 Guidelines categorized as Advisory The requirements and restrictions suggested are generally considered to be best practice and they can be of significant benefit to code quality - They should be assessed and those considered to be important to a particular project should be elevated to an appropriate, higher level - Projects with greater safety/security requirements often raise all of the Advisory guidelines to Required so that any violations have to be approved through the normal deviation process 38
39 Deviation use-cases Definitions - Violation a non-compliance with a MISRA guideline - Deviation a violation that is to be permitted within the code and which is supported by a deviation record - Deviation record documentation required to support a claim that a violation should be accepted as a deviation on the grounds that it is necessary and is proven not to have a negative impact on system integrity - Deviation use-case a deviation record template used to specify the conditions under which a guideline may be deviated 39
40 Deviation use-cases Specify the conditions and locations where deviations may be applied - Rule X may be subject to a deviation when performing CRC checks in the M module Ensure that any deviations have a good reason - Performance Allow a detailed rationale to be presented explaining why a deviation is the best option Allow a reasoned argument to be presented to explain how a deviation will not compromise system integrity Allow risks to be identified and any preventative measures required when deviating to be documented Allow the person responsible for approving deviations to easily decide if a particular deviation is acceptable 40
41 Deviation use-cases A deviation use-case is a deviation template that captures most of the information required by a deviation record - A subsequent deviation record can simply reference the deviation usecase, add relevant information (e.g. the location of the violation) and capture the required signatures - Deviation use-cases can be reused for other projects, especially when they relate to uses such as accessing hardware on a particular platform - Deviation use-cases allow developers to know if and where they can request the use of a deviation - Limiting the number of deviation use-cases available to the developers within a project will help to restrict the number of deviations they request 41
42 Use-case example for MISRA C:2004 Rule 13.7 Boolean operations whose results are invariant shall not be permitted 42
43 Re-Categorization and deviation use-cases A single level of guideline enforcement may not always be optimal - Access to hardware is normally encapsulated within device driver code o Deviations against a limited number of Required guidelines are likely o Deviations against the same guidelines are unlikely to be acceptable within higher level application code Two possible solutions - Use different guideline categorization profiles to alter the enforcement level applied to different parts of the code o Hardware categories and application categories - Use a single categorization profile with a set of deviation use-cases to restrict the conditions under which guidelines may be deviated 43
44 Categorization profiles Allow multiple guideline categorizations to be applied to the code - Typically one for hardware related code and one for application code Hardware profile - Generally less restrictive - Allows access to hardware features through deviations against a limited number of Required guidelines - All other Required guidelines should still be elevated to Mandatory Application profile - More restrictive - Most (or even all) Required guidelines will be elevated to Mandatory - Some (or even all) Advisory guidelines will be elevated to Required" 44
45 Categorization profiles Multiple profiles used - Code may need to be run through analysis tools for each profile, requiring more review effort - Multiple profiles may apply when crossing module boundaries (e.g. when application code invokes a device driver API) o Not an issue for Translation unit guidelines, but which profile should be applied for System guidelines? Single profile with deviation use-cases - More permissive profile used, but use-cases restrict use of deviations - Only one analysis run is needed in all cases - Module boundary issue can be handled by defining a deviation scope within a use-case o Enforcement of scope will be the responsibility of the people approving any deviations 45
46 Adopted code Third party code Legacy code Non-compliant code
47 Adopted code and enforcement profiles The term Adopted Code is used to describe - Third-party code - Legacy code - Code which is not MISRA compliant or that is compliant to a different version of a MISRA document Generally related to the use of libraries, applications, code from other projects - A particular piece of code can be one or more of the above o E.g. a library which is not MISRA compliant Basically, any code which may not meet the MISRA compliance objectives of the current project can be considered as Adopted Code - Note that this does not mean that Adopted Code is necessarily of poor quality good quality code does not have to be MISRA compliant 47
48 Issues with Adopted Code Any violations against the MISRA guidelines that have been adopted by the project need to be handled - It is never acceptable to simply declare that the MISRA guidelines do not apply to the Adopted Code - Deviations are likely to be required as it is often not possible or practicable to modify the Adopted Code to make it compliant o Such code is often well tested and there is a serious risk of introducing defects - Consideration must always be given to the potential for interaction between project code and Adopted Code 48
49 Interactions with Adopted Code Interactions can exist between Adopted Code and Native Code (project code) - A macro provided by an Adopted Code header file may be MISRA compliant within the header file and when used within the Adopted Code, but a use within Native Code could be non-compliant o It may then be possible to modify the Native Code to eliminate the violation - Identifier names with Adopted Code and Native Code may not meet the uniqueness requirements of MISRA o Adopted / Native conflicts are easy to resolve as Native Code can be changed o However, this may not be possible for conflicts between different pieces of Adopted Code (e.g. two libraries) o Such clashes are hard / impossible to detect for binary only code (e.g. a global name is reused but not defined within a header file) 49
50 Example Example is for MISRA C:2012 // Adopted_Code.h #define NOT_NULL( a ) ( ( a )!= 0 ) // Macro is compliant // Native_Code.c U32 f( const U32 * p ) { return NOT_NULL( p )? *p : 0U; // Use violates Rule 11.9 } 50
51 Adopted Code summary The Native and Adopted code within a project needs to be subjected to system-wide analysis using the guideline categories chosen for the project - This may highlight violations which would otherwise be missed - Adopted Code really needs to be in source code form o Some tools can check binary code, but this is not common or easy Any violations within Adopted Code will either need to be removed or covered by deviations Significant effort will be required, so make sure Adopted Code is subjected to MISRA checking as early as possible 51
52 Contact Details Portside Monks Ferry Wirral CH41 5LH United Kingdom 52
C++ INTERVIEW QUESTIONS
C++ INTERVIEW QUESTIONS http://www.tutorialspoint.com/cplusplus/cpp_interview_questions.htm Copyright tutorialspoint.com Dear readers, these C++ Interview Questions have been designed specially to get
More informationHow To Port A Program To Dynamic C (C) (C-Based) (Program) (For A Non Portable Program) (Un Portable) (Permanent) (Non Portable) C-Based (Programs) (Powerpoint)
TN203 Porting a Program to Dynamic C Introduction Dynamic C has a number of improvements and differences compared to many other C compiler systems. This application note gives instructions and suggestions
More informationEmbedded Programming in C/C++: Lesson-1: Programming Elements and Programming in C
Embedded Programming in C/C++: Lesson-1: Programming Elements and Programming in C 1 An essential part of any embedded system design Programming 2 Programming in Assembly or HLL Processor and memory-sensitive
More informationJava Interview Questions and Answers
1. What is the most important feature of Java? Java is a platform independent language. 2. What do you mean by platform independence? Platform independence means that we can write and compile the java
More informationFundamentals of Measurements
Objective Software Project Measurements Slide 1 Fundamentals of Measurements Educational Objective: To review the fundamentals of software measurement, to illustrate that measurement plays a central role
More informationIBM Rational Rhapsody
IBM Rational Rhapsody IBM Rational Rhapsody Reference Workflow Guide Version 1.9 License Agreement No part of this publication may be reproduced, transmitted, stored in a retrieval system, nor translated
More informationIntroduction of ISO/DIS 26262 (ISO 26262) Parts of ISO 26262 ASIL Levels Part 6 : Product Development Software Level
ISO 26262 the Emerging Automotive Safety Standard Agenda Introduction of ISO/DIS 26262 (ISO 26262) Parts of ISO 26262 ASIL Levels Part 4 : Product Development System Level Part 6 : Product Development
More informationSoftware in safety critical systems
Software in safety critical systems Software safety requirements Software safety integrity Budapest University of Technology and Economics Department of Measurement and Information Systems Definitions
More informationCIP 010 1 Cyber Security Configuration Change Management and Vulnerability Assessments
CIP 010 1 Cyber Security Configuration Change Management and Vulnerability Assessments A. Introduction 1. Title: Cyber Security Configuration Change Management and Vulnerability Assessments 2. Number:
More informationThe C Programming Language course syllabus associate level
TECHNOLOGIES The C Programming Language course syllabus associate level Course description The course fully covers the basics of programming in the C programming language and demonstrates fundamental programming
More informationName: Class: Date: 9. The compiler ignores all comments they are there strictly for the convenience of anyone reading the program.
Name: Class: Date: Exam #1 - Prep True/False Indicate whether the statement is true or false. 1. Programming is the process of writing a computer program in a language that the computer can respond to
More informationKITES TECHNOLOGY COURSE MODULE (C, C++, DS)
KITES TECHNOLOGY 360 Degree Solution www.kitestechnology.com/academy.php info@kitestechnology.com technologykites@gmail.com Contact: - 8961334776 9433759247 9830639522.NET JAVA WEB DESIGN PHP SQL, PL/SQL
More informationC++ Programming Language
C++ Programming Language Lecturer: Yuri Nefedov 7th and 8th semesters Lectures: 34 hours (7th semester); 32 hours (8th semester). Seminars: 34 hours (7th semester); 32 hours (8th semester). Course abstract
More informationHow Safe does my Code Need to be? Shawn A. Prestridge, Senior Field Applications Engineer
How Safe does my Code Need to be? Shawn A. Prestridge, Senior Field Applications Engineer Agendum What the benefits of Functional Safety are What the most popular safety certifications are Why you should
More informationCase studies: Outline. Requirement Engineering. Case Study: Automated Banking System. UML and Case Studies ITNP090 - Object Oriented Software Design
I. Automated Banking System Case studies: Outline Requirements Engineering: OO and incremental software development 1. case study: withdraw money a. use cases b. identifying class/object (class diagram)
More informationThe programming language C. sws1 1
The programming language C sws1 1 The programming language C invented by Dennis Ritchie in early 1970s who used it to write the first Hello World program C was used to write UNIX Standardised as K&C (Kernighan
More informationBCS HIGHER EDUCATION QUALIFICATIONS - GUIDANCE NOTES FOR THE PROFESSIONAL PROJECT IN IT
BCS HIGHER EDUCATION QUALIFICATIONS - GUIDANCE NOTES FOR THE PROFESSIONAL PROJECT IN IT These guidance notes should be read in conjunction with the General Notes for Guidance and the Professional Project
More informationEQF CODE EQF. European Competence Profiles in e-content Professions. http://www.ubique.org/eqfcode
EQF CODE EQF European Competence Profiles in e-content Professions http://www.ubique.org/eqfcode European Competence Profiles in e-content Professions This project has been funded with support from the
More informationOpenGL ES Safety-Critical Profile Philosophy
OpenGL ES Safety-Critical Profile Philosophy Claude Knaus July 5th, 2004 OpenGL is a registered trademark, and OpenGL ES is a trademark, of Silicon Graphics, Inc. 1 1 Overview The Safety-Critical profile
More informationVolume I, Section 4 Table of Contents
Volume I, Section 4 Table of Contents 4 Software Standards...4-1 4.1 Scope...4-1 4.1.1 Software Sources...4-2 4.1.2 Location and Control of Software and Hardware on Which it Operates...4-2 4.1.3 Exclusions...4-3
More informationSoftware Requirements Specification
1 of 7 17.04.98 13:32 Software Requirements Specification The sub-sections : 1. What is a Software Requirements Specification 2. Why is a Software Requirement Specification Required 3. What is Contained
More informationSources: On the Web: Slides will be available on:
C programming Introduction The basics of algorithms Structure of a C code, compilation step Constant, variable type, variable scope Expression and operators: assignment, arithmetic operators, comparison,
More informationLimitations of Data Encapsulation and Abstract Data Types
Limitations of Data Encapsulation and Abstract Data Types Paul L. Bergstein University of Massachusetts Dartmouth pbergstein@umassd.edu Abstract One of the key benefits provided by object-oriented programming
More informationSoftware Test Plan (STP) Template
(STP) Template Items that are intended to stay in as part of your document are in bold; explanatory comments are in italic text. Plain text is used where you might insert wording about your project. This
More informationMPLAB Harmony System Service Libraries Help
MPLAB Harmony System Service Libraries Help MPLAB Harmony Integrated Software Framework v1.08 All rights reserved. This section provides descriptions of the System Service libraries that are available
More informationAdvanced Encryption Standard (AES) User's Guide
Advanced Encryption Standard (AES) User's Guide Version 1.00 BETA For use with AES versions 1.6 and above Date: 11-Feb-2015 11:23 All rights reserved. This document and the associated software are the
More informationCESG ASSURED SERVICE CAS SERVICE REQUIREMENT PSN CA (IPSEC)
CESG ASSURED SERVICE CAS SERVICE REQUIREMENT PSN CA (IPSEC) Version 1.0 Crown Copyright 2016 All Rights Reserved Page 1 Document History Version Date Description 1.0 October 2013 Initial issue Soft copy
More informationMISRA-C:2012 Standards Model Summary for C / C++
MISRA-C:2012 Standards Model Summary for C / C++ The LDRA tool suite is developed and certified to BS EN ISO 9001:2000. This information is applicable to version 9.4.2 of the LDRA tool suite. It is correct
More informationSmarter Balanced Assessment Consortium. Recommendation
Smarter Balanced Assessment Consortium Recommendation Smarter Balanced Quality Assurance Approach Recommendation for the Smarter Balanced Assessment Consortium 20 July 2012 Summary When this document was
More informationARINC 653. An Avionics Standard for Safe, Partitioned Systems
ARINC 653 An Avionics Standard for Safe, Partitioned Systems 1 Courtesy of Wind River Inc. 2008 IEEE-CS Seminar June 4 th, 2008 Agenda Aerospace Trends IMA vs. Federated ARINC 653 Main concepts Safety
More informationSoftware Requirements
Software Engineering Software Requirements Based on Software Engineering, 7 th Edition by Ian Sommerville Objectives To introduce the concepts of user and system requirements To describe functional and
More informationOutline Intrusion Detection CS 239 Security for Networks and System Software June 3, 2002
Outline Intrusion Detection CS 239 Security for Networks and System Software June 3, 2002 Introduction Characteristics of intrusion detection systems Some sample intrusion detection systems Page 1 Page
More informationCONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL
CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL WHAT IS CDM? The continuous stream of high profile cybersecurity breaches demonstrates the need to move beyond purely periodic, compliance-based approaches to
More informationStandard for Software Component Testing
Standard for Software Component Testing Working Draft 3.4 Date: 27 April 2001 produced by the British Computer Society Specialist Interest Group in Software Testing (BCS SIGIST) Copyright Notice This document
More informationChap 1. Software Quality Management
Chap 1. Software Quality Management Part 1.1 Quality Assurance and Standards Part 1.2 Software Review and Inspection Part 1.3 Software Measurement and Metrics 1 Part 1.1 Quality Assurance and Standards
More informationwww.transition-support.com
Can we include all products and services in the QMS but limit the scope of registration? According to ISO/TC 176/SC 2/N 524, organizations are not obliged to include all the products that it provides within
More informationThe FDA Forensics Lab, New Tools and Capabilities
U. S. Department of Health and Human Services The FDA Forensics Lab, New Tools and Capabilities Symposium on Static Code Analysis and Complex Medical Devices University of Minnesota July 23, 2009 Static
More informationKeil C51 Cross Compiler
Keil C51 Cross Compiler ANSI C Compiler Generates fast compact code for the 8051 and it s derivatives Advantages of C over Assembler Do not need to know the microcontroller instruction set Register allocation
More informationMPLAB TM C30 Managed PSV Pointers. Beta support included with MPLAB C30 V3.00
MPLAB TM C30 Managed PSV Pointers Beta support included with MPLAB C30 V3.00 Contents 1 Overview 2 1.1 Why Beta?.............................. 2 1.2 Other Sources of Reference..................... 2 2
More informationLesson Plans Microsoft s Managing and Maintaining a Microsoft Windows Server 2003 Environment
Lesson Plans Microsoft s Managing and Maintaining a Microsoft Windows Server 2003 Environment (Exam 70-290) Table of Contents Table of Contents... 1 Course Overview... 2 Section 0-1: Introduction... 4
More informationInline Variables. Document Number: N4424 Date: 2015 04 07 Hal Finkel (hfinkel@anl.gov) and Richard Smith (richard@metafoo.co.
Document Number: N4424 Date: 2015 04 07 Hal Finkel (hfinkel@anl.gov) and Richard Smith (richard@metafoo.co.uk) Inline Variables Introduction C++ generally requires all extern functions and variables to
More informationReal Time Programming: Concepts
Real Time Programming: Concepts Radek Pelánek Plan at first we will study basic concepts related to real time programming then we will have a look at specific programming languages and study how they realize
More informationSoftware Requirements. Descriptions and specifications of a system. Ian Sommerville 2000 Software Engineering, 6th edition.
Software Requirements Descriptions and specifications of a system Ian Sommerville 2000 Software Engineering, 6th edition. Chapter 5 Slide 1 Objectives To introduce the concepts of user and system To describe
More informationPART-A Questions. 2. How does an enumerated statement differ from a typedef statement?
1. Distinguish & and && operators. PART-A Questions 2. How does an enumerated statement differ from a typedef statement? 3. What are the various members of a class? 4. Who can access the protected members
More informationStoring Measurement Data
Storing Measurement Data File I/O records or reads data in a file. A typical file I/O operation involves the following process. 1. Create or open a file. Indicate where an existing file resides or where
More informationMultichoice Quetions 1. Atributes a. are listed in the second part of the class box b. its time is preceded by a colon. c. its default value is
Multichoice Quetions 1. Atributes a. are listed in the second part of the class box b. its time is preceded by a colon. c. its default value is preceded by an equal sign d. its name has undereline 2. Associations
More informationTest case design techniques II: Blackbox testing CISS
Test case design techniques II: Blackbox testing Overview Black-box testing (or functional testing): Equivalence partitioning Boundary value analysis Domain analysis Cause-effect graphing Behavioural testing
More informationReduce Medical Device Compliance Costs with Best Practices. mark.pitchford@ldra.com
Reduce Medical Device Compliance Costs with Best Practices mark.pitchford@ldra.com 1 Agenda Medical Software Certification How new is Critical Software Certification? What do we need to do? What Best Practises
More informationMaruleng Local Municipality
Maruleng Local Municipality. 22 November 2011 1 Version Control Version Date Author(s) Details 1.1 23/03/2012 Masilo Modiba New Policy 2 Contents ICT Firewall Policy 1 Version Control.2 1. Introduction.....4
More informationImplementation of ANSI/AAMI/IEC 62304 Medical Device Software Lifecycle Processes.
Implementation of ANSI/AAMI/IEC 62304 Medical Device Software Lifecycle Processes.. www.pharmout.net Page 1 of 15 Version-02 1. Scope 1.1. Purpose This paper reviews the implementation of the ANSI/AAMI/IEC
More informationWhen COTS is not SOUP Commercial Off-the-Shelf Software in Medical Systems. Chris Hobbs, Senior Developer, Safe Systems
When COTS is not SOUP Commercial Off-the-Shelf Software in Medical Systems Chris Hobbs, Senior Developer, Safe Systems 2 Audience and Assumptions Who will benefit from this presentation? Software designers
More informationEl Dorado Union High School District Educational Services
El Dorado Union High School District Course of Study Information Page Course Title: ACE Computer Programming II (#495) Rationale: A continuum of courses, including advanced classes in technology is needed.
More informationIEEE ComputerSociety 1 Software and Systems Engineering Vocabulary
IEEE ComputerSociety 1 Software and Systems software. (1) computer programs, procedures and possibly associated documentation and data pertaining to the operation of a computer system (IEEE 828-2012 IEEE
More informationFriendship and Encapsulation in C++
Friendship and Encapsulation in C++ Adrian P Robson Department of Computing University of Northumbria at Newcastle 23rd October 1995 Abstract There is much confusion and debate about friendship and encapsulation
More informationParameter Passing. Standard mechanisms. Call by value-result Call by name, result
Parameter Passing Standard mechanisms Call by value Call by reference Other methods Call by value-result Call by name, result Terms Function definition where the details of the function are presented (type,
More informationIntroducing Formal Methods. Software Engineering and Formal Methods
Introducing Formal Methods Formal Methods for Software Specification and Analysis: An Overview 1 Software Engineering and Formal Methods Every Software engineering methodology is based on a recommended
More informationChapter 13 Storage classes
Chapter 13 Storage classes 1. Storage classes 2. Storage Class auto 3. Storage Class extern 4. Storage Class static 5. Storage Class register 6. Global and Local Variables 7. Nested Blocks with the Same
More informationManaging Variability in Software Architectures 1 Felix Bachmann*
Managing Variability in Software Architectures Felix Bachmann* Carnegie Bosch Institute Carnegie Mellon University Pittsburgh, Pa 523, USA fb@sei.cmu.edu Len Bass Software Engineering Institute Carnegie
More informationIT Service Management
IT Service Management Service Continuity Methods (Disaster Recovery Planning) White Paper Prepared by: Rick Leopoldi May 25, 2002 Copyright 2001. All rights reserved. Duplication of this document or extraction
More information1 Abstract Data Types Information Hiding
1 1 Abstract Data Types Information Hiding 1.1 Data Types Data types are an integral part of every programming language. ANSI-C has int, double and char to name just a few. Programmers are rarely content
More informationEmbedded/Real-Time Software Development with PathMATE and IBM Rational Systems Developer
Generate Results. Real Models. Real Code. Real Fast. Embedded/Real-Time Software Development with PathMATE and IBM Rational Systems Developer Andreas Henriksson, Ericsson andreas.henriksson@ericsson.com
More informationHow To Choose the Right Vendor Information you need to select the IT Security Testing vendor that is right for you.
Information you need to select the IT Security Testing vendor that is right for you. Netragard, Inc Main: 617-934- 0269 Email: sales@netragard.com Website: http://www.netragard.com Blog: http://pentest.netragard.com
More informationSOFTWARE-IMPLEMENTED SAFETY LOGIC Angela E. Summers, Ph.D., P.E., President, SIS-TECH Solutions, LP
SOFTWARE-IMPLEMENTED SAFETY LOGIC Angela E. Summers, Ph.D., P.E., President, SIS-TECH Solutions, LP Software-Implemented Safety Logic, Loss Prevention Symposium, American Institute of Chemical Engineers,
More informationFirst Java Programs. V. Paúl Pauca. CSC 111D Fall, 2015. Department of Computer Science Wake Forest University. Introduction to Computer Science
First Java Programs V. Paúl Pauca Department of Computer Science Wake Forest University CSC 111D Fall, 2015 Hello World revisited / 8/23/15 The f i r s t o b l i g a t o r y Java program @author Paul Pauca
More informationGNU LIBRARY GENERAL PUBLIC LICENSE. Preamble
GNU LIBRARY GENERAL PUBLIC LICENSE Version 2, June 1991 Copyright (C) 1991 Free Software Foundation, Inc. 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA Everyone is permitted to copy and distribute
More informationPemrograman Dasar. Basic Elements Of Java
Pemrograman Dasar Basic Elements Of Java Compiling and Running a Java Application 2 Portable Java Application 3 Java Platform Platform: hardware or software environment in which a program runs. Oracle
More informationSpecialized Android APP Development Program with Java (SAADPJ) Duration 2 months
Specialized Android APP Development Program with Java (SAADPJ) Duration 2 months Our program is a practical knowledge oriented program aimed at making innovative and attractive applications for mobile
More informationAC 20-148 REUSABLE SOFTWARE COMPONENTS
AC 20-148 REUSABLE SOFTWARE COMPONENTS December 7, 2004 12/7/04 AC 20-148 CONTENTS Paragraph Title Page 1. Purpose....1 2. Motivation for this Guidance....1 3. Document Overview...1 4. General Guidelines
More informationmbeddr: an Extensible MPS-based Programming Language and IDE for Embedded Systems
mbeddr: an Extensible MPS-based Programming Language and IDE for Embedded Systems Markus Voelter independent/itemis voelter@acm.org Daniel Ratiu Bernhard Schaetz Fortiss {ratiu schaetz}@fortiss.org Bernd
More informationC Programming. for Embedded Microcontrollers. Warwick A. Smith. Postbus 11. Elektor International Media BV. 6114ZG Susteren The Netherlands
C Programming for Embedded Microcontrollers Warwick A. Smith Elektor International Media BV Postbus 11 6114ZG Susteren The Netherlands 3 the Table of Contents Introduction 11 Target Audience 11 What is
More informationA deeper look at Inline functions
A deeper look at Inline functions I think it s safe to say that all Overload readers know what C++ inline functions are. When we declare a function or member function as inline we are trying to avoid the
More informationD6.1: Service management tools implementation and maturity baseline assessment framework
D6.1: Service management tools implementation and maturity baseline assessment framework Deliverable Document ID Status Version Author(s) Due FedSM- D6.1 Final 1.1 Tomasz Szepieniec, All M10 (31 June 2013)
More informationDelivering Software Quality and Security through Test, Analysis and Requirements Traceability
Increase Productivity with Automated Unit/ Integration Testing with TBrun Delivering Software Quality and Security through Test, Analysis and Requirements Traceability SoftwareTechnology Unit Testing/
More informationIntel EP80579 Software for Security Applications on Intel QuickAssist Technology Cryptographic API Reference
Intel EP80579 Software for Security Applications on Intel QuickAssist Technology Cryptographic API Reference Automatically generated from sources, May 19, 2009. Reference Number: 320184, Revision -003
More informationUsing TechExcel s DevSuite to Achieve FDA Software Validation Compliance For Medical Software Device Development
Using TechExcel s DevSuite to Achieve FDA Software Validation Compliance For Medical Software Device Development The FDA requires medical software development teams to comply with its standards for software
More informationPROPOSED DOCUMENT. Quality management system Medical devices Nonconformity Grading System for Regulatory Purposes and Information Ex-change
AHWP/WG3/P001:2013 PROPOSED DOCUMENT Title: Quality management system Medical devices Nonconformity Grading System for Regulatory Purposes and Information Ex-change Author: AHWP Work Group 3 Date: 13 November
More informationA mixed e-invoice format (PDF + a set of few datas): the best compromise between suppliers and buyers for a fast adoption of e-invoicing
the best compromise between suppliers and buyers for a fast adoption of e-invoicing Build some intermediate floors and stairs in the e-invoicing House in order to create a path to the roof and enjoy the
More informationCourse Title: Software Development
Course Title: Software Development Unit: Customer Service Content Standard(s) and Depth of 1. Analyze customer software needs and system requirements to design an information technology-based project plan.
More informationWhat do you think? Definitions of Quality
What do you think? What is your definition of Quality? Would you recognise good quality bad quality Does quality simple apply to a products or does it apply to services as well? Does any company epitomise
More informationTopics. Introduction. Java History CS 146. Introduction to Programming and Algorithms Module 1. Module Objectives
Introduction to Programming and Algorithms Module 1 CS 146 Sam Houston State University Dr. Tim McGuire Module Objectives To understand: the necessity of programming, differences between hardware and software,
More informationCourse Name: ADVANCE COURSE IN SOFTWARE DEVELOPMENT (Specialization:.Net Technologies)
Course Name: ADVANCE COURSE IN SOFTWARE DEVELOPMENT (Specialization:.Net Technologies) Duration of Course: 6 Months Fees: Rs. 25,000/- (including Service Tax) Eligibility: B.E./B.Tech., M.Sc.(IT/ computer
More informationSerialization in Java (Binary and XML)
IOWA STATE UNIVERSITY Serialization in Java (Binary and XML) Kyle Woolcock ComS 430 4/4/2014 2 Table of Contents Introduction... 3 Why Serialize?... 3 How to Serialize... 3 Serializable Interface... 3
More informationfor Source Code MathWorks Automotive Conference June 23 rd 2010 A project with Renault, PSA, Valeo, Delphi, MathWorks Presenters: Thierry Cambois -
Software Quality Objectives for Source Code A project with Renault, PSA, Valeo, Delphi, MathWorks MathWorks Automotive Conference June 23 rd 2010 Presenters: Thierry Cambois - Cost Patrick Munier - MathWorks
More informationR214 SPECIFIC REQUIREMENTS: INFORMATION TECHNOLOGY TESTING LABORATORY ACCREDITATION PROGRAM
The American Association for Laboratory Accreditation Document Revised: R214: Specific Requirements: Information Technology Testing Laboratory Accreditation July 13, 2010 Program Page 1 of 26 R214 SPECIFIC
More informationThis interpretation of the revised Annex
Reprinted from PHARMACEUTICAL ENGINEERING The Official Magazine of ISPE July/August 2011, Vol. 31 No. 4 www.ispe.org Copyright ISPE 2011 The ISPE GAMP Community of Practice (COP) provides its interpretation
More information<name of project> Software Project Management Plan
The document in this file is adapted from the IEEE standards for Software Project Management Plans, 1058-1998, which conforms to the requirements of ISO standard 12207 Software Life Cycle Processes. Tailor
More informationSystem Requirements for Archiving Electronic Records PROS 99/007 Specification 1. Public Record Office Victoria
System Requirements for Archiving Electronic Records PROS 99/007 Specification 1 Public Record Office Victoria Version 1.0 April 2000 PROS 99/007 Specification 1: System Requirements for Archiving Electronic
More informationChapter 1 Java Program Design and Development
presentation slides for JAVA, JAVA, JAVA Object-Oriented Problem Solving Third Edition Ralph Morelli Ralph Walde Trinity College Hartford, CT published by Prentice Hall Java, Java, Java Object Oriented
More informationPolicy Based Encryption Gateway. Administration Guide
Policy Based Encryption Gateway Administration Guide Document Revision Date: Sept. 11, 2012 Policy Based Encryption Gateway Admin Guide i Contents Description of Policy Based Encryption... 1 Policy Based
More informationOutline. 1 Denitions. 2 Principles. 4 Implementation and Evaluation. 5 Debugging. 6 References
Outline Computer Science 331 Introduction to Testing of Programs Mike Jacobson Department of Computer Science University of Calgary Lecture #3-4 1 Denitions 2 3 4 Implementation and Evaluation 5 Debugging
More informationCIP-010-2 Cyber Security Configuration Change Management and Vulnerability Assessments
CIP-010-2 Cyber Security Configuration Change Management and Vulnerability Assessments A. Introduction 1. Title: Cyber Security Configuration Change Management and Vulnerability Assessments 2. Number:
More informationCORBA Programming with TAOX11. The C++11 CORBA Implementation
CORBA Programming with TAOX11 The C++11 CORBA Implementation TAOX11: the CORBA Implementation by Remedy IT TAOX11 simplifies development of CORBA based applications IDL to C++11 language mapping is easy
More informationEffective management of customer complaints
Effective management of customer complaints 2 nd FICCI Quality Systems Excellence Awards for Manufacturing & Conference on Sustainable Manufacturing Growth through Quality Systems New Delhi 16.05.2013
More informationReplication on Virtual Machines
Replication on Virtual Machines Siggi Cherem CS 717 November 23rd, 2004 Outline 1 Introduction The Java Virtual Machine 2 Napper, Alvisi, Vin - DSN 2003 Introduction JVM as state machine Addressing non-determinism
More informationKey Steps to a Management Skills Audit
Key Steps to a Management Skills Audit COPYRIGHT NOTICE PPA Consulting Pty Ltd (ACN 079 090 547) 2005-2013 You may only use this document for your own personal use or the internal use of your employer.
More informationRaima Database Manager Version 14.0 In-memory Database Engine
+ Raima Database Manager Version 14.0 In-memory Database Engine By Jeffrey R. Parsons, Senior Engineer January 2016 Abstract Raima Database Manager (RDM) v14.0 contains an all new data storage engine optimized
More informationEthernet/IP Explicit Messaging Using Unity Software
Data Bulletin 8000DB1025 07/2010 Raleigh, NC, USA Ethernet/IP Explicit Messaging Using Unity Software Retain for future use. Overview Presumption Requirements This data bulletin illustrates how to setup
More informationSystem Development Life Cycle Guide
TEXAS DEPARTMENT OF INFORMATION RESOURCES System Development Life Cycle Guide Version 1.1 30 MAY 2008 Version History This and other Framework Extension tools are available on Framework Web site. Release
More informationStandard Glossary of Terms Used in Software Testing. Version 3.01
Standard Glossary of Terms Used in Software Testing Version 3.01 Terms Used in the Expert Level Test Automation - Engineer Syllabus International Software Testing Qualifications Board Copyright International
More informationAC 2007-2027: A PROCESSOR DESIGN PROJECT FOR A FIRST COURSE IN COMPUTER ORGANIZATION
AC 2007-2027: A PROCESSOR DESIGN PROJECT FOR A FIRST COURSE IN COMPUTER ORGANIZATION Michael Black, American University Manoj Franklin, University of Maryland-College Park American Society for Engineering
More information