Know or Go Practical Quest for Reliable Software
|
|
- Bartholomew Atkinson
- 8 years ago
- Views:
Transcription
1 Know or Go Practical Quest for Reliable Software Dr.-Ing. Jörg Barrho Dr.-Ing. Ulrich Wünsche AVACS Project meeting Rolls-Royce Power Systems AG The information in this document is the property of Rolls-Royce Power Systems AG and may not be copied or communicated to a third party, or used for any purpose other than that for which it is supplied without the express written consent of Rolls-Royce Power Systems AG. This information is given in good faith based upon the latest information available to Rolls-Royce Power Systems AG, no warranty or representation is given concerning such information, which must not be taken as establishing any contractual or other commitment binding upon Rolls-Royce Power Systems AG or any of its subsidiary or associated companies. The ROLLS-ROYCE Name, RR badge and RR monogram logos are registered Trade Marks of Rolls-Royce plc.
2 Contents Rolls-Royce Power Systems Development of safety critical software Risk Analysis Risk Minimization Limits of support Conclusion 2
3 Our Products Rolls-Royce Power Systems AG High-speed Engines Distributed Energy Systems Medium-speed Engines Components Bergen Engines AS Complete Drive and Propulsion Systems up to 10,000 kw Gas Gensets up to 2,530 kw Diesel Gensets up to 3,250 kw Diesel Gensets for NPP up to 8,300 kw Diesel and Gas Engines up to 9,620 kw Injection Systems 3
4 Diverse Product Portfolio Propulsion & Power Generation Marine & Offshore Governmental C&I, Agriculture Underground Mining 4 Rail, Mining, Oil & Gas Power Generation
5 Diverse Product Portfolio Energy Solutions & Marine Medium Speed Bergen Engines AS Components Nuclear Power Plants Energy Solutions & Marine Medium Speed Injection Systems 5
6 Objects of IEC60880 In safety critical Instrumentation & Control systems for nuclear power plants software must be developed according to the recognized standard IEC The standard provides requirements for the purpose of achieving highly reliable software. It addresses each stage of software generation and documentation, including: Requirements specification Design Implementation Verification, validation Operation 6
7 Provide Evidence to Trust Know Highly reliable software means RELIABLE SOFTWARE Each work product must be checked thoroughly After best analysis no doubt shall remain Proofs provide best evidence Or go Identify sources of doubt and remove root causes Fight failures systematically The unsuspecting will not stay in project for long 7
8 Safety Playground Process Conventional New Natural Language Interpretation Language sub set Manual process Debugging Trust commercial tools Review Dynamic sampling Requirements Specification Implementation Compilation Test Formal language Automatic test possible Qualified code generator skipped Verified tool Automatic Static proof 8
9 Risk Driven by Six Categories Data access conflict Data initialization, data out of range, type conversion, invalid pointers, data alignment, array sizes Defective operation Rounding, overflow, /0, scaling, side effects, precedence/execution order, array ranges Design error Specification incomplete, hardware access, specified execution order, abstraction level of specification Tool based errors Compiler faults/undefined behaviour, data coherence (prototypes, data declarations) Error handling Unhandled interrupts, error detection (reporting, default behaviour) Runtime limits Loop iteration count, excessive runtime, deadlocks 9
10 Procedural Coding: 71 Risks 10
11 Model Based: 27 Risks Remain 11
12 Detection Still Very Conventional Risk Category Method Data access conflict Defective operation Design error Tool based Error Handling Runtime limits Verification Static Analysis Execution Time check 3 3 Stack check 1 1 Rules check Dynamic test Manual checks 62/109: Verification, Dynamic test, 20 % of rules check 12
13 Properties to be Ensured Worst Case Execution Time Consumption of Memory (program/const and variable/stack) Absence of run time errors - division by 0, - numerical overflow, - access out of bounds Functional Properties Check of defined coding risk reductions (language subset) 13
14 Tool objectives Tool usability, support, and certifiability Tool resource consumption - Limitation in space consumption - Limitation in tool runtime Tool impact increases with - Quality of results (less false-positives, etc.) - Effectiveness Development process shall be accompanied by the tool - [Simplicity in use] 14
15 C Language Subset ANSI C ISO 9899:1989 => well used paths in compiler No floating point data (as int as possible) => integer promotion far from common sense No bitfields => allocation compiler specific No unions => ambiguous access methods No pointer arithmetics => bounds hard to identify No function pointers => traceability Control flow preferred over data driven => Better understanding Defined structure and formatting => reading focus on contents However: No quantitative figures on effects of measures available Code accessible to static analysis 15
16 Using Compilers is Dangerous The Situation Virtually all commercially available compilers have bugs Source code checks need continuous updating due to newly identified limiting rules Applying a test suite strongly binds to set of compiler flags Conventional Attempt for Resolution Compiler validation for limited language subset offered Compiler code coverage in validation is low One just cannot be sure Or a different approach Compcert (with subset preprocessor and validated assemblylinkage)? 16
17 Formal Specification in Frama-C /** Calculate Delta speed demand by processing speed-up and speed-down buttons.*/ requires -200 <= t_speedhold <= 200; assigns t_speedhold; behavior SpeedConst: assumes SpeedDown == 0; assumes SpeedUp == 0; ensures \result == 0; [..] behavior SpeedD1: assumes SpeedDown!= 0; assumes SpeedHold >= 0; ensures \result == -ENGINE_SPEED_SCALE; ensures t_speedhold == -1; [..] behavior SpeedU1: assumes SpeedDown == 0; assumes SpeedUp!= 0; assumes t_speedhold <= 0; ensures \result == ENGINE_SPEED_SCALE; ensures t_speedhold == 1; [..] complete behaviors; disjoint behaviors; */ Ansi C specification language ACSL Permits formal specification of behaviors Behavior proven vs. Abstract syntax tree Well possible for simple functions But Difficult to read for the untrained programmer Yet another tool Why not generate proven code from spec automatically? 17
18 Challenges Abstract Interpretation Control-driven vs data-flow driven algorithms - Control-flow driven designs Require less annotations Provide more precise results Model-generated code (e.g., SCADE) - Automation by integration required Function pointers and pointer arithmetics - Increase false-positives especially if pointers are shared over different calling contexts 18
19 Example: Signal Debouncing Propagate a logical TRUE iff Condition is TRUE for more than CountMax cycles Using a design verifier to prove absence of overflows with - Condition in [FALSE, TRUE] - CountMax in [1, INT32_MAX 1] is not feasible (after 15h of runtime and more 70GB of space consumption) 19
20 Concurrency Runaway Auto Synchronous Thread Interrupt Thread Pointer gets lost void Func1(void) { int a[3]; Func2(a); } static int *c; void Func2(int* b) { c=b; } void Func3(void) { /* use c */ } Version works better static int c[3]; void Func2(int b[3]) { int i; for(i=0;i<3;i++) c[i]=b[i]; } void Func3(void) { /* use c */ } 20
21 Data Driven Code Hard to Check Stimulated regularly, s in [0..4]; Using interval domains: code coverage ok a[1] never accessed => dead data int f(int s) { struct { int b,c; } a[3] = {{ 1, 2 }, { 2, 999 }, { 5, 0 }}; } static int t=0; if(s==a[t].b) t=a[t].c; return t; 21
22 Post Proof Debugging Coders and testers do not always believe in proofs Known fact: {x x N}: (2 * x) & 1 = 0 If the practical case is x=5 humans still check if 10 is an even number Assumption In software development everything is uncertain until each specific case is investigated (which is impossible in finite time). 22
23 Failure Culture: Fight until Done Failure count per module Singular case Specific to one module F Failures favourite biotope One specific type Number of modules 23
24 Conclusion Reliable software is product of risk minimization Prevention before Detection Commercially available analysis tools support safety process Specification error avoidance hardly available Still manual effort prevailing Provable compliance is not within reach yet 24
25 Quellen [IEC60880]: IEC60880:2006: Nuclear power plants Instrumentation and control systems important to safety Software aspects for computer-based system performing category A functions 25
Anwendung von Polyspace im Software Entwicklungsprozess nach IEC 60880. München, 19.05.2011, Dr.-Ing. Jörg Barrho
Anwendung von Polyspace im Software Entwicklungsprozess nach IEC 60880 München, 19.05.2011, Dr.-Ing. Jörg Barrho Agenda 01 Tognum and MTU Friedrichshafen 02 Background and project 03 Overview IEC 60880
More informationA Static Analyzer for Large Safety-Critical Software. Considered Programs and Semantics. Automatic Program Verification by Abstract Interpretation
PLDI 03 A Static Analyzer for Large Safety-Critical Software B. Blanchet, P. Cousot, R. Cousot, J. Feret L. Mauborgne, A. Miné, D. Monniaux,. Rival CNRS École normale supérieure École polytechnique Paris
More informationIntroduction to Software Engineering. 8. Software Quality
Introduction to Software Engineering 8. Software Quality Roadmap > What is quality? > Quality Attributes > Quality Assurance: Planning and Reviewing > Quality System and Standards 2 Sources > Software
More informationComprehensive Static Analysis Using Polyspace Products. A Solution to Today s Embedded Software Verification Challenges WHITE PAPER
Comprehensive Static Analysis Using Polyspace Products A Solution to Today s Embedded Software Verification Challenges WHITE PAPER Introduction Verification of embedded software is a difficult task, made
More informationStatic Analysis of Dynamic Properties - Automatic Program Verification to Prove the Absence of Dynamic Runtime Errors
Static Analysis of Dynamic Properties - Automatic Program Verification to Prove the Absence of Dynamic Runtime Errors Klaus Wissing PolySpace Technologies GmbH Argelsrieder Feld 22 82234 Wessling-Oberpfaffenhofen
More informationWhen COTS is not SOUP Commercial Off-the-Shelf Software in Medical Systems. Chris Hobbs, Senior Developer, Safe Systems
When COTS is not SOUP Commercial Off-the-Shelf Software in Medical Systems Chris Hobbs, Senior Developer, Safe Systems 2 Audience and Assumptions Who will benefit from this presentation? Software designers
More informationVisualizing Information Flow through C Programs
Visualizing Information Flow through C Programs Joe Hurd, Aaron Tomb and David Burke Galois, Inc. {joe,atomb,davidb}@galois.com Systems Software Verification Workshop 7 October 2010 Joe Hurd, Aaron Tomb
More informationNumerology - A Case Study in Network Marketing Fractions
Vers l analyse statique de programmes numériques Sylvie Putot Laboratoire de Modélisation et Analyse de Systèmes en Interaction, CEA LIST Journées du GDR et réseau Calcul, 9-10 novembre 2010 Sylvie Putot
More informationSoftware Testing & Analysis (F22ST3): Static Analysis Techniques 2. Andrew Ireland
Software Testing & Analysis (F22ST3) Static Analysis Techniques Andrew Ireland School of Mathematical and Computer Science Heriot-Watt University Edinburgh Software Testing & Analysis (F22ST3): Static
More informationOverview Motivating Examples Interleaving Model Semantics of Correctness Testing, Debugging, and Verification
Introduction Overview Motivating Examples Interleaving Model Semantics of Correctness Testing, Debugging, and Verification Advanced Topics in Software Engineering 1 Concurrent Programs Characterized by
More informationCertification of a Scade 6 compiler
Certification of a Scade 6 compiler F-X Fornari Esterel Technologies 1 Introduction Topic : What does mean developping a certified software? In particular, using embedded sofware development rules! What
More informationSoftware testing. Objectives
Software testing cmsc435-1 Objectives To discuss the distinctions between validation testing and defect testing To describe the principles of system and component testing To describe strategies for generating
More informationHow To Port A Program To Dynamic C (C) (C-Based) (Program) (For A Non Portable Program) (Un Portable) (Permanent) (Non Portable) C-Based (Programs) (Powerpoint)
TN203 Porting a Program to Dynamic C Introduction Dynamic C has a number of improvements and differences compared to many other C compiler systems. This application note gives instructions and suggestions
More informationAbstract Interpretation-based Static Analysis Tools:
Abstract Interpretation-based Static Analysis Tools: Proving the Absence of Runtime Errors and Safe Upper Bounds on the Worst-Case Execution Time and Safe Upper Bounds on the Stack Usage Christian Ferdinand
More informationEmbedded Systems. Review of ANSI C Topics. A Review of ANSI C and Considerations for Embedded C Programming. Basic features of C
Embedded Systems A Review of ANSI C and Considerations for Embedded C Programming Dr. Jeff Jackson Lecture 2-1 Review of ANSI C Topics Basic features of C C fundamentals Basic data types Expressions Selection
More informationSources: On the Web: Slides will be available on:
C programming Introduction The basics of algorithms Structure of a C code, compilation step Constant, variable type, variable scope Expression and operators: assignment, arithmetic operators, comparison,
More informationLogistics. Software Testing. Logistics. Logistics. Plan for this week. Before we begin. Project. Final exam. Questions?
Logistics Project Part 3 (block) due Sunday, Oct 30 Feedback by Monday Logistics Project Part 4 (clock variant) due Sunday, Nov 13 th Individual submission Recommended: Submit by Nov 6 th Scoring Functionality
More informationCS 451 Software Engineering Winter 2009
CS 451 Software Engineering Winter 2009 Yuanfang Cai Room 104, University Crossings 215.895.0298 yfcai@cs.drexel.edu 1 Testing Process Testing Testing only reveals the presence of defects Does not identify
More informationFROM SAFETY TO SECURITY SOFTWARE ASSESSMENTS AND GUARANTEES FLORENT KIRCHNER (LIST)
FROM SAFETY TO SECURITY SOFTWARE ASSESSMENTS AND GUARANTEES FLORENT KIRCHNER (LIST) M loc 12 ONBOARD SOFTWARE SIZE 10 Volt (2011) F-35 (2012) 8 6 787 (2010) F-35 (2010) 4 2 F-22 (2005) 0 WHY DO WE TRUST
More informationBest Practices for Verification, Validation, and Test in Model- Based Design
2008-01-1469 Best Practices for Verification, Validation, and in Model- Based Design Copyright 2008 The MathWorks, Inc. Brett Murphy, Amory Wakefield, and Jon Friedman The MathWorks, Inc. ABSTRACT Model-Based
More informationhttps://runtimeverification.com Grigore Rosu Founder, President and CEO Professor of Computer Science, University of Illinois
https://runtimeverification.com Grigore Rosu Founder, President and CEO Professor of Computer Science, University of Illinois Runtime Verification, Inc. (RV): startup company aimed at bringing the best
More informationSoftware Engineering. How does software fail? Terminology CS / COE 1530
Software Engineering CS / COE 1530 Testing How does software fail? Wrong requirement: not what the customer wants Missing requirement Requirement impossible to implement Faulty design Faulty code Improperly
More informationBergen Engines Products and Applications
Bergen Engines Products and Applications 1 Since 1948 Bergen Engines, a Rolls-Royce Power Systems Company, has delivered more than 6,500 four-stroke medium-speed diesel and gas engines for power generation
More informationThe V-model. Validation and Verification. Inspections [24.3] Testing overview [8, 15.2] - system testing. How much V&V is enough?
Validation and Verification Inspections [24.3] Testing overview [8, 15.2] - system testing Requirements Design The V-model V & V Plans Implementation Unit tests System tests Integration tests Operation,
More informationMeeting DO-178B Software Verification Guidelines with Coverity Integrity Center
Meeting DO-178B Software Verification Guidelines with Coverity Integrity Center May, 2009 Thomas Schultz Director of Product Strategy, Coverity, Inc. Executive Summary Development organizations that create
More informationA Test Suite for Basic CWE Effectiveness. Paul E. Black. paul.black@nist.gov. http://samate.nist.gov/
A Test Suite for Basic CWE Effectiveness Paul E. Black paul.black@nist.gov http://samate.nist.gov/ Static Analysis Tool Exposition (SATE V) News l We choose test cases by end of May l Tool output uploaded
More informationSample Exam. 2011 Syllabus
ISTQ Foundation Level 2011 Syllabus Version 2.3 Qualifications oard Release ate: 13 June 2015 ertified Tester Foundation Level Qualifications oard opyright 2015 Qualifications oard (hereinafter called
More informationLEVERAGING DEDUCTIVE VERIFICATION IN INDUSTRIAL CONTEXTS
LEVERAGING DEDUCTIVE VERIFICATION IN INDUSTRIAL CONTEXTS CEA S SOFTWARE SAFETY LABORATORY 1995: LEAP FROM DYNAMIC TO STATIC CODE ANALYSIS! CAVEAT: ARCHITECTURE C source code VC Generator Formal specifications
More informationStatic analysis of numerical programs
Sylvie Putot with Eric Goubault, Franck Védrine and Karim Tekkal (Digiteo) Laboratory for the Modelling and Analysis of Interacting Systems, CEA LIST RAIM 09: 3es Rencontres Arithmétique de l Informatique
More informationSemantic Analysis: Types and Type Checking
Semantic Analysis Semantic Analysis: Types and Type Checking CS 471 October 10, 2007 Source code Lexical Analysis tokens Syntactic Analysis AST Semantic Analysis AST Intermediate Code Gen lexical errors
More informationF-22 Raptor. Agenda. 1. Motivation
Model-Based Software Development and Automated Code Generation for Safety-Critical Systems F-22 Raptor for the Seminar Advanced Topics in Software Engineering for Safety-Critical Systems Cause: Bug in
More informationModule 10. Coding and Testing. Version 2 CSE IIT, Kharagpur
Module 10 Coding and Testing Lesson 23 Code Review Specific Instructional Objectives At the end of this lesson the student would be able to: Identify the necessity of coding standards. Differentiate between
More informationConverting Models from Floating Point to Fixed Point for Production Code Generation
MATLAB Digest Converting Models from Floating Point to Fixed Point for Production Code Generation By Bill Chou and Tom Erkkinen An essential step in embedded software development, floating- to fixed-point
More informationThe programming language C. sws1 1
The programming language C sws1 1 The programming language C invented by Dennis Ritchie in early 1970s who used it to write the first Hello World program C was used to write UNIX Standardised as K&C (Kernighan
More informationSoftware Engineering. Software Development Process Models. Lecturer: Giuseppe Santucci
Software Engineering Software Development Process Models Lecturer: Giuseppe Santucci Summary Modeling the Software Process Generic Software Process Models Waterfall model Process Iteration Incremental
More informationEl Dorado Union High School District Educational Services
El Dorado Union High School District Course of Study Information Page Course Title: ACE Computer Programming I (#494) Rationale: A continuum of courses, including advanced classes in technology is needed.
More informationInterpreters and virtual machines. Interpreters. Interpreters. Why interpreters? Tree-based interpreters. Text-based interpreters
Interpreters and virtual machines Michel Schinz 2007 03 23 Interpreters Interpreters Why interpreters? An interpreter is a program that executes another program, represented as some kind of data-structure.
More informationChapter 17 Software Testing Strategies Slide Set to accompany Software Engineering: A Practitioner s Approach, 7/e by Roger S. Pressman Slides copyright 1996, 2001, 2005, 2009 by Roger S. Pressman For
More informationHow Safe does my Code Need to be? Shawn A. Prestridge, Senior Field Applications Engineer
How Safe does my Code Need to be? Shawn A. Prestridge, Senior Field Applications Engineer Agendum What the benefits of Functional Safety are What the most popular safety certifications are Why you should
More informationDie wichtigsten Use Cases für MISRA, HIS, SQO, IEC, ISO und Co. - Warum Polyspace DIE Embedded Code-Verifikationslösung ist.
Die wichtigsten Use Cases für MISRA, HIS, SQO, IEC, ISO und Co. - Warum Polyspace DIE Embedded Code-Verifikationslösung ist. Christian Guß Application Engineer The MathWorks GmbH 2015 The MathWorks, Inc.
More informationStatic Analysis of the Mars Exploration Rover Flight Software
Static Analysis of the Mars Exploration Rover Flight Software Guillaume Brat Kestrel Technology brat@email.arc.nasa.gov Roger Klemm California Institute of Technology roger.klemm@jpl.nasa.gov Abstract
More informationR214 SPECIFIC REQUIREMENTS: INFORMATION TECHNOLOGY TESTING LABORATORY ACCREDITATION PROGRAM
The American Association for Laboratory Accreditation Document Revised: R214: Specific Requirements: Information Technology Testing Laboratory Accreditation July 13, 2010 Program Page 1 of 26 R214 SPECIFIC
More informationHow To Develop A Static Analysis System For Large Programs
Towards the Industrial Scale Development of Custom Static Analyzers John Anton, Eric Bush, Allen Goldberg, Klaus Havelund, Doug Smith, Arnaud Venet Kestrel Technology LLC 4984 El Camino Real #230 Los Altos,
More informationIntroduction to Automated Testing
Introduction to Automated Testing What is Software testing? Examination of a software unit, several integrated software units or an entire software package by running it. execution based on test cases
More informationBest-Practice Software Engineering: Software Processes to Support Project Success. Dietmar Winkler
Best-Practice Software Engineering: Software Processes to Support Project Success Dietmar Winkler Vienna University of Technology Institute of Software Technology and Interactive Systems Dietmar.Winkler@qse.ifs.tuwien.ac.at
More informationSpecification and Analysis of Contracts Lecture 1 Introduction
Specification and Analysis of Contracts Lecture 1 Introduction Gerardo Schneider gerardo@ifi.uio.no http://folk.uio.no/gerardo/ Department of Informatics, University of Oslo SEFM School, Oct. 27 - Nov.
More informationSoftware Testing. Quality & Testing. Software Testing
Software Testing Software Testing Error: mistake made by the programmer/developer Fault: a incorrect piece of code/document (i.e., bug) Failure: result of a fault Goal of software testing: Cause failures
More informationRevision History Revision Date 3.0 14.02.10. Changes Initial version published to http://www.isasecure.org
SDLA-312 ISA Security Compliance Institute Security Development Lifecycle Assurance - Security Development Lifecycle Assessment v3.0 Lifecycle Phases Number Phase Name Description PH1 Security Management
More informationFormal Verification and Linear-time Model Checking
Formal Verification and Linear-time Model Checking Paul Jackson University of Edinburgh Automated Reasoning 21st and 24th October 2013 Why Automated Reasoning? Intellectually stimulating and challenging
More informationHow To Improve Software Quality
Software Quality and Standards Dr. James A. Bednar jbednar@inf.ed.ac.uk http://homepages.inf.ed.ac.uk/jbednar Dr. David Robertson dr@inf.ed.ac.uk http://www.inf.ed.ac.uk/ssp/members/dave.htm SEOC2 Spring
More informationOracle Solaris Studio Code Analyzer
Oracle Solaris Studio Code Analyzer The Oracle Solaris Studio Code Analyzer ensures application reliability and security by detecting application vulnerabilities, including memory leaks and memory access
More informationStatic Analysis. Find the Bug! 15-654: Analysis of Software Artifacts. Jonathan Aldrich. disable interrupts. ERROR: returning with interrupts disabled
Static Analysis 15-654: Analysis of Software Artifacts Jonathan Aldrich 1 Find the Bug! Source: Engler et al., Checking System Rules Using System-Specific, Programmer-Written Compiler Extensions, OSDI
More informationEmbedded Software Development with MPS
Embedded Software Development with MPS Markus Voelter independent/itemis The Limitations of C and Modeling Tools Embedded software is usually implemented in C. The language is relatively close to the hardware,
More informationStandard for Software Component Testing
Standard for Software Component Testing Working Draft 3.4 Date: 27 April 2001 produced by the British Computer Society Specialist Interest Group in Software Testing (BCS SIGIST) Copyright Notice This document
More informationCS 2112 Spring 2014. 0 Instructions. Assignment 3 Data Structures and Web Filtering. 0.1 Grading. 0.2 Partners. 0.3 Restrictions
CS 2112 Spring 2014 Assignment 3 Data Structures and Web Filtering Due: March 4, 2014 11:59 PM Implementing spam blacklists and web filters requires matching candidate domain names and URLs very rapidly
More information2. Analysis, Design and Implementation
2. Subject/Topic/Focus: Software Production Process Summary: Software Crisis Software as a Product: From Individual Programs to Complete Application Systems Software Development: Goals, Tasks, Actors,
More informationAdvances in Programming Languages
Advances in Programming Languages Lecture 13: Certifying Correctness Ian Stark School of Informatics The University of Edinburgh Tuesday 4 November 2014 Semester 1 Week 8 http://www.inf.ed.ac.uk/teaching/courses/apl
More informationSCADE SUITE SOFTWARE VERIFICATION PLAN FOR DO-178B LEVEL A & B
SCADE SUITE SOFTWARE VERIFICATION PLAN FOR DO-78B LEVEL A & B TABLE OF CONTENTS. INTRODUCTION..... PURPOSE..... RELATED DOCUMENTS..... GLOSSARY... 9.. CONVENTIONS..... RELATION WITH OTHER PLANS....6. MODIFICATION
More informationSecure Software Programming and Vulnerability Analysis
Secure Software Programming and Vulnerability Analysis Christopher Kruegel chris@auto.tuwien.ac.at http://www.auto.tuwien.ac.at/~chris Testing and Source Code Auditing Secure Software Programming 2 Overview
More informationEsa Jokioinen Rolls Royce Marine 10.9.2014 MUNIN Workshop at SMM. Trusted to deliver excellence
Esa Jokioinen Rolls Royce Marine 10.9.2014 MUNIN Workshop at SMM 2014 Rolls-Royce plc The information in this document is the property of Rolls-Royce plc and may not be copied or communicated to a third
More informationVerification and Validation of Software Components and Component Based Software Systems
Chapter 5 29 Verification and Validation of Software Components and Component Based Christina Wallin Industrial Information Technology Software Engineering Processes ABB Corporate Research christina.wallin@mdh.se
More informationModule 10. Coding and Testing. Version 2 CSE IIT, Kharagpur
Module 10 Coding and Testing Lesson 26 Debugging, Integration and System Testing Specific Instructional Objectives At the end of this lesson the student would be able to: Explain why debugging is needed.
More informationIntegrity Static Analysis of COTS/SOUP
Integrity Static Analysis of COTS/SOUP Peter Bishop 12, Robin Bloomfield 12, Tim Clement 2, Sofia Guerra 2 and Claire Jones 2 CSR, City University 1 Adelard 2 Drysdale Building, Northampton Square London
More informationCrash Course in Java
Crash Course in Java Based on notes from D. Hollinger Based in part on notes from J.J. Johns also: Java in a Nutshell Java Network Programming and Distributed Computing Netprog 2002 Java Intro 1 What is
More informationUniversity of Paderborn Software Engineering Group II-25. Dr. Holger Giese. University of Paderborn Software Engineering Group. External facilities
II.2 Life Cycle and Safety Safety Life Cycle: The necessary activities involving safety-related systems, occurring during a period of time that starts at the concept phase of a project and finishes when
More informationSoftware Engineering 9.1. Quality Control
Software Engineering 9.1. 9. Introduction When, Why and What? Product & Process Attributes Internal & External Attributes Typical Quality Attributes Overview Definitions Quality Assurance Assumption Quality
More informationStatic Analysis of Virtualization- Obfuscated Binaries
Static Analysis of Virtualization- Obfuscated Binaries Johannes Kinder School of Computer and Communication Sciences École Polytechnique Fédérale de Lausanne (EPFL), Switzerland Virtualization Obfuscation
More informationGlossary of Object Oriented Terms
Appendix E Glossary of Object Oriented Terms abstract class: A class primarily intended to define an instance, but can not be instantiated without additional methods. abstract data type: An abstraction
More informationRequirements-driven Verification Methodology for Standards Compliance
Requirements-driven Verification Methodology for Standards Compliance Serrie-justine Chapman (TVS) serrie@testandverification.com Mike Bartley (TVS) mike@testandverification.com Darren Galpin (Infineon)
More informationThe C Programming Language course syllabus associate level
TECHNOLOGIES The C Programming Language course syllabus associate level Course description The course fully covers the basics of programming in the C programming language and demonstrates fundamental programming
More informationSoftware Testing Strategies and Techniques
Software Testing Strategies and Techniques Sheetal Thakare 1, Savita Chavan 2, Prof. P. M. Chawan 3 1,2 MTech, Computer Engineering VJTI, Mumbai 3 Associate Professor, Computer Technology Department, VJTI,
More informationSoftware Reliability Estimation Based on Static Error Detection
7 th Central and Eastern European Software Engineering Conference in Russia - CEE-SECR 2011 October 31 November 3, Moscow Software Reliability Estimation Based on Static M. Moiseev, M. Glukhikh, A. Karpenko,
More informationOpenACC 2.0 and the PGI Accelerator Compilers
OpenACC 2.0 and the PGI Accelerator Compilers Michael Wolfe The Portland Group michael.wolfe@pgroup.com This presentation discusses the additions made to the OpenACC API in Version 2.0. I will also present
More informationEmbedded Programming in C/C++: Lesson-1: Programming Elements and Programming in C
Embedded Programming in C/C++: Lesson-1: Programming Elements and Programming in C 1 An essential part of any embedded system design Programming 2 Programming in Assembly or HLL Processor and memory-sensitive
More informationTesting Introduction. IEEE Definitions
Testing Introduction IEEE Definitions Software testing is the process of analyzing a software item to detect the differences between existing and required conditions (that is, bugs) and to evaluate the
More informationOutline. 1 Denitions. 2 Principles. 4 Implementation and Evaluation. 5 Debugging. 6 References
Outline Computer Science 331 Introduction to Testing of Programs Mike Jacobson Department of Computer Science University of Calgary Lecture #3-4 1 Denitions 2 3 4 Implementation and Evaluation 5 Debugging
More informationThe CompCert verified C compiler
The CompCert verified C compiler Compiler built and proved by Xavier Leroy et al. Talk given by David Pichardie - Harvard University / INRIA Rennes Slides largely inspired by Xavier Leroy own material
More informationRegression Verification: Status Report
Regression Verification: Status Report Presentation by Dennis Felsing within the Projektgruppe Formale Methoden der Softwareentwicklung 2013-12-11 1/22 Introduction How to prevent regressions in software
More informationSoftware Engineering Introduction & Background. Complaints. General Problems. Department of Computer Science Kent State University
Software Engineering Introduction & Background Department of Computer Science Kent State University Complaints Software production is often done by amateurs Software development is done by tinkering or
More informationCritical Systems Validation. Objectives
Critical Systems Validation Ian Sommerville 2006 Software Engineering, 8th edition. Chapter 24 Slide 1 Objectives To explain how system reliability can be measured and how reliability growth models can
More informationCompute Cluster Server Lab 3: Debugging the parallel MPI programs in Microsoft Visual Studio 2005
Compute Cluster Server Lab 3: Debugging the parallel MPI programs in Microsoft Visual Studio 2005 Compute Cluster Server Lab 3: Debugging the parallel MPI programs in Microsoft Visual Studio 2005... 1
More informationStorage Classes CS 110B - Rule Storage Classes Page 18-1 \handouts\storclas
CS 110B - Rule Storage Classes Page 18-1 Attributes are distinctive features of a variable. Data type, int or double for example, is an attribute. Storage class is another attribute. There are four storage
More informationMPLAB Harmony System Service Libraries Help
MPLAB Harmony System Service Libraries Help MPLAB Harmony Integrated Software Framework v1.08 All rights reserved. This section provides descriptions of the System Service libraries that are available
More informationSoftware Engineering for LabVIEW Applications. Elijah Kerry LabVIEW Product Manager
Software Engineering for LabVIEW Applications Elijah Kerry LabVIEW Product Manager 1 Ensuring Software Quality and Reliability Goals 1. Deliver a working product 2. Prove it works right 3. Mitigate risk
More informationChapter 8 Software Testing
Chapter 8 Software Testing Summary 1 Topics covered Development testing Test-driven development Release testing User testing 2 Program testing Testing is intended to show that a program does what it is
More informationProgramming and Software Development CTAG Alignments
Programming and Software Development CTAG Alignments This document contains information about four Career-Technical Articulation Numbers (CTANs) for Programming and Software Development Career-Technical
More informationSoftware Testing. Definition: Testing is a process of executing a program with data, with the sole intention of finding errors in the program.
Software Testing Definition: Testing is a process of executing a program with data, with the sole intention of finding errors in the program. Testing can only reveal the presence of errors and not the
More informationData Structure with C
Subject: Data Structure with C Topic : Tree Tree A tree is a set of nodes that either:is empty or has a designated node, called the root, from which hierarchically descend zero or more subtrees, which
More informationMTU ONSITE ENERGY. Madrid, November 19 th, 2014. MTU Onsite Energy GmbH All rights reserved
MTU ONSITE ENERGY Madrid, November 19 th, 2014 MTU Onsite Energy GmbH All rights reserved MTU ONSITE ENERGY Rolls Royce Introduction 01. Our Vision 02. Our Roots 03. Rolls-Royce Power Systems AG 04. The
More informationSelecting Sensors for Safety Instrumented Systems per IEC 61511 (ISA 84.00.01 2004)
Selecting Sensors for Safety Instrumented Systems per IEC 61511 (ISA 84.00.01 2004) Dale Perry Worldwide Pressure Marketing Manager Emerson Process Management Rosemount Division Chanhassen, MN 55317 USA
More informationModel Checking based Software Verification
Model Checking based Software Verification 18.5-2006 Keijo Heljanko Keijo.Heljanko@tkk.fi Department of Computer Science and Engineering Helsinki University of Technology http://www.tcs.tkk.fi/~kepa/ 1/24
More informationAPPROACHES TO SOFTWARE TESTING PROGRAM VERIFICATION AND VALIDATION
1 APPROACHES TO SOFTWARE TESTING PROGRAM VERIFICATION AND VALIDATION Validation: Are we building the right product? Does program meet expectations of user? Verification: Are we building the product right?
More informationIntroduction to Static Analysis for Assurance
Introduction to Static Analysis for Assurance John Rushby Computer Science Laboratory SRI International Menlo Park CA USA John Rushby Static Analysis for Assurance: 1 Overview What is static analysis?
More informationTowards practical reactive security audit using extended static checkers 1
Towards practical reactive security audit using extended static checkers 1 Julien Vanegue 1 Shuvendu K. Lahiri 2 1 Bloomberg LP, New York 2 Microsoft Research, Redmond May 20, 2013 1 The work was conducted
More informationInvGen: An Efficient Invariant Generator
InvGen: An Efficient Invariant Generator Ashutosh Gupta and Andrey Rybalchenko Max Planck Institute for Software Systems (MPI-SWS) Abstract. In this paper we present InvGen, an automatic linear arithmetic
More informationHow To Write A Program Verification And Programming Book
Jose Bacelar Almeida Maria Joao Frade Jorge Sousa Pinto Simao Melo de Sousa Rigorous Software Development An Introduction to Program Verification & Springer Contents 1 Introduction 1 1.1 A Formal Approach
More informationRigorous Software Engineering Hoare Logic and Design by Contracts
Rigorous Software Engineering Hoare Logic and Design by Contracts Simão Melo de Sousa RELEASE (UBI), LIACC (Porto) Computer Science Department University of Beira Interior, Portugal 2010-2011 S. Melo de
More informationCoverity White Paper. Effective Management of Static Analysis Vulnerabilities and Defects
Effective Management of Static Analysis Vulnerabilities and Defects Introduction According to a recent industry study, companies are increasingly expanding their development testing efforts to lower their
More informationStatic vs. Dynamic Testing How Static Analysis and Run-Time Testing Can Work Together. Outline
Static vs. Dynamic Testing How Static Analysis and Run-Time Testing Can Work Together S. Tucker Taft and Brian Lesuer SQGNE December 2006 Outline The Challenges Facing Software Testing A Software Testing
More informationThe Power of Ten Rules for Developing Safety Critical Code 1. Gerard J. Holzmann NASA/JPL Laboratory for Reliable Software Pasadena, CA 91109
The Power of Ten Rules for Developing Safety Critical Code 1 Gerard J. Holzmann NASA/JPL Laboratory for Reliable Software Pasadena, CA 91109 Most serious software development projects use coding guidelines.
More information