Software Verification/Validation Methods and Tools... or Practical Formal Methods



Similar documents
Software Verification and System Assurance

Development of AUTOSAR Software Components within Model-Based Design

Approaches to Improve System Dependability From Formal Verification to Model-Based Testing

Introduction to Static Analysis for Assurance

Rigorous Methods for Software Engineering (F21RS1) High Integrity Software Development

The Model Checker SPIN

Parameters for Efficient Software Certification

Static Program Transformations for Efficient Software Model Checking

Formal verification of contracts for synchronous software components using NuSMV

Software Tools for Building Assured Software Systems

Best Practices for Verification, Validation, and Test in Model- Based Design

New Challenges In Certification For Aircraft Software

Power inverters: Efficient energy transformation through efficient TargetLink code

Industry-Driven Testing: Past, Present, and Future Activities at Simula

SCADE Suite in Space Applications

What is a life cycle model?

Assurance Cases and Test Design Analysis

Introducing Formal Methods. Software Engineering and Formal Methods

Agile Model-Based Systems Engineering (ambse)

How To Test Automatically

Part I. Introduction

Grigore Rosu Founder, President and CEO Professor of Computer Science, University of Illinois

System requirements for ICS Skills ATS

Chapter 4 Software Lifecycle and Performance Analysis

Towards Verified Automotive Software

What Is Assurance? John Rushby Based on joint work with Bev Littlewood (City University UK)

Instrumentation-Based Verification for Medical-Device Software

University of Konstanz Department of Computer and Information Science

Automated Formal Analysis of Internet Routing Systems

Integration of Formal Analysis into a Model-Based Software Development Process

IBM Rational Rhapsody

TeCReVis: A Tool for Test Coverage and Test Redundancy Visualization

Policy Modeling and Compliance Verification in Enterprise Software Systems: a Survey

Hardware Supported Flexible Monitoring: Early Results

Automated Test Generation And Verified Software

Model Based System Engineering (MBSE) For Accelerating Software Development Cycle

Model-Based Development of Safety-Critical Software: Safe and Effi cient

What makes a good process?

ESP-CV Custom Design Formal Equivalence Checking Based on Symbolic Simulation

Certification of a Scade 6 compiler

Applying 4+1 View Architecture with UML 2. White Paper

Why Adopt Model-Based Design for Embedded Control Software Development?

InvGen: An Efficient Invariant Generator

Compositional Security Evaluation: The MILS approach

FlexRay A Communications Network for Automotive Control Systems

A Comprehensive Safety Engineering Approach for Software Intensive Systems based on STPA

System Aware Cyber Security

How to improve customer experience with a self-organizing network. Lukasz Mendyk OSS Product Manager, Comarch

Next-Generation Performance Testing with Service Virtualization and Application Performance Management

Verification and Validation According to ISO 26262: A Workflow to Facilitate the Development of High-Integrity Software

Dr. Brian Murray March 4, 2011

From Hybrid Data-Flow Languages to Hybrid Automata: A Complete Translation

SAFE SOFTWARE FOR SPACE APPLICATIONS: BUILDING ON THE DO-178 EXPERIENCE. Cheryl A. Dorsey Digital Flight / Solutions cadorsey@df-solutions.

Mathematical finance and linear programming (optimization)

Why We Model: Using MBD Effectively in Critical Domains

BENEFITS OF MODELING WITH A FORMAL LANGUAGE. Emmanuel Gaudin emmanuel.gaudin@pramadev.com

How To Protect Video From Being Lost In A Fault Fault On A Network With A Shadow Archive

Simple and error-free startup of the communication cluster. as well as high system stability over long service life are

Lab Management, Device Provisioning and Test Automation Software

The Course.

CA SiteMinder SSO Agents for ERP Systems

Federated, Generic Configuration Management for Engineering Data

Service Virtualization Implementation Strategies

Automating Code Reviews with Simulink Code Inspector

Design and Verification of Nine port Network Router

Rigorous Software Development An introduction

The MILS Component Integration Approach To Secure Information Sharing

Automated Theorem Proving - summary of lecture 1

Model Checking: An Introduction

Student projects. Formal Methods Group (Prof. Aichernig)

The SPES Methodology Modeling- and Analysis Techniques

Building Security into the Software Life Cycle

OUTILS DE DÉMONSTRATION

Combinational Logic Design Process

A Static Analyzer for Large Safety-Critical Software. Considered Programs and Semantics. Automatic Program Verification by Abstract Interpretation

Northeast Blackout of 2003

Human-Automation Interaction Design and Evaluation Tools. Michael Feary, PhD

White Paper Software Quality Management

Model Checking of Software

Active Directory and DirectControl

Why WebSphere Operational Decision Management?

Highly Available Mobile Services Infrastructure Using Oracle Berkeley DB

System Description: The MathWeb Software Bus for Distributed Mathematical Reasoning

CHAPTER 3 Boolean Algebra and Digital Logic

Building SMT-based Software Model Checkers: an Experience Report

A Classification of Model Checking-based Verification Approaches for Software Models

Software Verification for Space Applications Part 2. Autonomous Systems. G. Brat USRA/RIACS

Software Engineering Reference Framework

Comparison of FlexRay and CAN-bus for Real-Time Communication

ONLINE EXERCISE SYSTEM A Web-Based Tool for Administration and Automatic Correction of Exercises

Code Generation for High-Assurance Java Card Applets

Formal Specification and Verification

White Paper. An Introduction to Informatica s Approach to Enterprise Architecture and the Business Transformation Toolkit

RATP safety approach for railway signalling systems

Model-Based Development of Safety-Critical Systems

CDC UNIFIED PROCESS PRACTICES GUIDE

Whitepaper MODERN THREATS DRIVE DEMAND FOR NEW GENERATION TWO-FACTOR AUTHENTICATION

Formal Foundations for Security Architecture

Foundational Proof Certificates

Reasoning about Safety Critical Java

Transcription:

Software Verification/Validation Methods and Tools... or Practical Formal Methods John Rushby Computer Science Laboratory SRI International Menlo Park, CA John Rushby, SR I Practical Formal Methods: 1

Need: Growing Importance and Cost of Embedded Software Most of the innovation in new cars is enabled by embedded software There is more software in individual functions But the big gains come from integration across functions Integrated, distributed systems are hard to get right Especially if they have to be fault tolerant Or are safety-critical So it is common for more than 75% of embedded softweare development costs to go into verification and verification There is an opportunity to reduce costs and improve quality by applying automation to verification and verification of embedded systems John Rushby, SR I Practical Formal Methods: 2

Approach: Formal Methods The basic idea is to use symbolic calculation to provide cheaper and better methods of verification and validation for software and systems A single symbolic calculation can subsume many individual numeric cases Just as x 2 y 2 = (x y) (x + y) Subsumes 36 16 = 2 10 and 49 4 = 5 9 and... Can be used to find rare error scenarios as well as to verify their absence Symbolic calculation is mechanized using the methods of automated reasoning: theorem proving, model checking, constraint solving, etc. There has been sustained progress in these fields for several decades and they have recently broken through the barriers to practical application SRI has been a leader of this technology throughout its history John Rushby, SR I Practical Formal Methods: 3

A Spectrum of Formal Methods Interactive theorem proving: requires great skill and resources Can solve very hard problems E.g., Verify that Flexray s clock synchronization withstands any single fault Model checking: analysis is automatic but must specify the model and property Can search huge state spaces (trillions of reachable states) efficiently E.g., Find the worst case start up delay for Flexray E.g., Check that horizontally integrated functions interact as expected Invisible formal methods: driven directly off model-based developments Uses symbolic calculation to automate traditional work flows E.g., Generate unit test cases to provide MC/DC coverage E.g., Find me an input vector that gets me to here with x > 3 Check compliance with guidelines (e.g., no 12 o clock rule in Stateflow) John Rushby, SR I Practical Formal Methods: 4

Our Tools Cover the Spectrum Assurance SAL PVS ICS invisible model checking automated abstraction theorem proving formal methods Effort John Rushby, SR I Practical Formal Methods: 5

Our Tools PVS: Industrial strength theorem prover (since 1993) Probably the most widely used theorem prover in research and education Used for verification of AAMP5 (Rockwell) And Time Triggered Architecture (TTTech, NASA, Honeywell) GM group in Asia has recently applied for a license Some other commercial users (e.g., Sun) SAL: Industrial strength suite of model checkers (since 2003) Used for analysis of TTA startup A current application focus is automated test generation ICS: Core decision procedures and SAT solver used in PVS and SAL Designed to be embedded in other tools See fm.csl.sri.com for descriptions and our roadmap John Rushby, SR I Practical Formal Methods: 6

Invisible Formal Methods New design practices: model-based development methods provide the artifacts needed by automated analysis Models serve as formal specifications We have a formal semantics and translator for Stateflow New technology (in SAL): very fast, scalable model checkers that can handle arithmetic and other data types New ideas: invisible formal methods These combine to create new opportunities Example: Generate test vectors that will drive an implementation through all the states and transitions of its model John Rushby, SR I Practical Formal Methods: 7

Automated Test Case Generation Basic approach uses the counterexamples generated by a model checker Counterexample to you cannot get here is a test case that gets you there There are several technical issues dealing with arithmetic in specifications Which we have solved (patents pending) Existing methods give many short tests with much redundancy We have new methods that generate fewer deeper tests (patent pending) E.g., State coverage for a 4-speed shift selector in one test of length 86 We also have technology (automated analysis of hybrid systems) that could take test test generation beyond unit tests into integration and system tests John Rushby, SR I Practical Formal Methods: 8

Benefits: Simplified Vee Diagram time and money requirements system test design/code unit/integration test Automated formal analysis can tighten the vee John Rushby, SR I Practical Formal Methods: 9

Tightened Vee Diagram time and money requirements system test design/code unit/integration test John Rushby, SR I Practical Formal Methods: 10

Competition Test generation for Statemate is automated by Motorola in Veristate Good integration, relies on user-written test observers, weak FM technology For Simulink by T-VEC Good integration and methods, weak FM technology For Stateflow by RSI in Reactis Good integration and methods, weak FM technology We have the best FM technology, more powerful test generation methods, the ability to go beyond test generation, but less integration with commercial products John Rushby, SR I Practical Formal Methods: 11

Summary We are the experts in practical formal methods, and can help others Evaluate Apply Develop this technology Our PVS, SAL, ICS tools are mature (though continually enhanced) and available for licensing We are seeking partners to help us develop and evaluate our technology for automated unit test generation And other applications for invisible formal methods John Rushby, SR I Practical Formal Methods: 12

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information