System to Software Integrity

Slides:

Advertisements

Similar presentations

© Telelogic AB Modeling DoDAF Compliant Architectures Operational Systems Technical.

Advertisements

.NET Technology. Introduction Overview of.NET What.NET means for Developers, Users and Businesses Two.NET Research Projects:.NET Generics AsmL.

Abstraction and Modular Reasoning for the Verification of Software Corina Pasareanu NASA Ames Research Center.

LIFE CYCLE MODELS FORMAL TRANSFORMATION

Background information Formal verification methods based on theorem proving techniques and modelchecking –to prove the absence of errors (in the formal.

Slide: 1 Copyright © 2014 AdaCore Claire Dross, Pavlos Efstathopoulos, David Lesens, David Mentré and Yannick Moy Embedded Real Time Software and Systems.

MotoHawk Training Model-Based Design of Embedded Systems.

Formal Methods in Software Engineering Credit Hours: 3+0 By: Qaisar Javaid Assistant Professor Formal Methods in Software Engineering1.

VIDE Integrated Environment for Development and Verification of Programs.

1 / 26 CS 425/625 Software Engineering Architectural Design Based on Chapter 11 of the textbook [SE-8] Ian Sommerville, Software Engineering, 8t h Ed.,

Chair of Software Engineering Automatic Verification of Computer Programs.

November 18, 2004 Embedded System Design Flow Arkadeb Ghosal Alessandro Pinto Daniele Gasperini Alberto Sangiovanni-Vincentelli

On the Correctness of Model Transformations Gabor Karsai ISIS/Vanderbilt University.

The Mana Project Lars Asplund Kristina Lundqvist Uppsala University, Information Technology, Dept of Computer Systems.

Architectural Design Establishing the overall structure of a software system Objectives To introduce architectural design and to discuss its importance.

A case study System to Software Integrity Matteo Bordin Jérôme Hugues Cyrille Comar, Ed Falis, Franco Gasperoni, Yannick Moy, Elie Richa.

Architectural Design.

Katanosh Morovat.   This concept is a formal approach for identifying the rules that encapsulate the structure, constraint, and control of the operation.

MT311 Java Application Development and Programming Languages Li Tak Sing( 李德成 )

Using AADL to Model a Protodol Stack Didier Delanote, Stefan Van Baelen, Wouter Joosen and Yolande Berbers Katholieke Universiteit Leuven.

©Ian Sommerville 2000 Software Engineering, 6th edition. Chapter 10Slide 1 Architectural Design l Establishing the overall structure of a software system.

1 New Development Techniques: New Challenges for Verification and Validation Mats Heimdahl Critical Systems Research Group Department of Computer Science.

Institute e-Austria in Timisoara 1 Author: prep. eng. Calin Jebelean Verification of Communication Protocols using SDL ( )

6 th Framework Programme (IST-FP ) A Domain-Specific Metamodel for Reusable Object-Oriented High-Integrity Components Matteo Bordin and Tullio.

Architectural Design lecture 10. Topics covered Architectural design decisions System organisation Control styles Reference architectures.

Formal Verification Lecture 9. Formal Verification Formal verification relies on Descriptions of the properties or requirements Descriptions of systems.

Quality Driven SystemC Design By Nasir Mahmood. Hybrid Approach The idea here is to combine the strengths of simulation – namely the ability to handle.

Refining middleware functions for verification purpose Jérôme Hugues Laurent Pautet Fabrice Kordon

TTCN-3 MOST Challenges Maria Teodorescu

Model Checking and Model-Based Design Bruce H. Krogh Carnegie Mellon University.

Safety-Critical Systems 5 Testing and V&V T

Writing Systems Software in a Functional Language An Experience Report Iavor Diatchki, Thomas Hallgren, Mark Jones, Rebekah Leslie, Andrew Tolmach.

Slide: 1 Copyright © 2009 AdaCore GeneAuto for Ada and SPARK A verifying model compiler GeneAuto2 meeting (Toulouse) September 2009 Matteo Bordin

Requirements Specification. Welcome to Software Engineering: “Requirements Specification” “Requirements Specification”  Verb?  Noun?  “Specification”

Laboratory of Model Driven Engineering for Embedded Systems An Execution Framework for MARTE-based Models UML&AADL’2008 workshop Belfast, Northern Ireland.

1 / 26 CS 425/625 Software Engineering Architectural Design Based on Chapter 10 of the textbook [Somm00] Ian Sommerville, Software Engineering, 6 th Ed.,

MK++ A High Assurance Operating System Kernel Shai Guday David Black.

SAFEWARE System Safety and Computers Chap18:Verification of Safety Author : Nancy G. Leveson University of Washington 1995 by Addison-Wesley Publishing.

Formal Verification. Background Information Formal verification methods based on theorem proving techniques and modelchecking –To prove the absence of.

Software Systems Division (TEC-SW) ASSERT process & toolchain Maxime Perrotin, ESA.

Testing Overview Software Reliability Techniques Testing Concepts CEN 4010 Class 24 – 11/17.

Wrap up. Structures and views Quality attribute scenarios Achieving quality attributes via tactics Architectural pattern and styles.

Principles of Programming & Software Engineering

The Post Windows Operating System

Security analysis of COM with Alloy

Done By: Ashlee Lizarraga Ricky Usher Jacinto Roches Eli Gomez

Chapter 8 – Software Testing

Principles of Programming and Software Engineering

Part 3 Design What does design mean in different fields?

Towards a Model-Driven Engineering Software Development Framework

runtime verification Brief Overview Grigore Rosu

Levels of Software Assurance in SPARK

CodePeer Update Arnaud Charlet CodePeer Update Arnaud Charlet

Logical architecture refinement

Aspect Validation: Connecting Aspects and Formal Methods

Component-Based Software Engineering

QGen and TQL-1 Qualification

AdaCore Technologies for Cyber Security

AdaCore C/C++ Offering

CodePeer Update Arnaud Charlet CodePeer Update Arnaud Charlet

Yes, we do those languages too.

CS 425/625 Software Engineering Architectural Design

QGen and TQL Qualification

Princess Nourah bint Abdulrahman University

IS 2935: Developing Secure Systems

A Refinement Calculus for Promela

Presented By: Darlene Banta

Rail, Space, Security: Three Case Studies for SPARK 2014

Yes, we do those languages too.

Presentation transcript:

System to Software Integrity a case study Matteo Bordin Jérôme Hugues Cyrille Comar, Ed Falis, Franco Gasperoni, Yannick Moy, Elie Richa

How to verify property preservation? Peer review Testing Design/Verify-by-contract (Eiffel, Ada 2012, SPARK, Frama-C, …) Reverse engineering Automatic code generators How to combine them? What about system properties?

The nose gear challenge a case study The nose gear challenge

The ground velocity shall be available iff the data used for computation is no older than 3000ms The measured velocity shall not differ of more than 3 Km/h from the real velocity during the latest 3000ms

From System to Software (top-down only) AADL System Model Property 1 Property 2 … Property N SPARK 2014 Property 1 Decomposition Simulink Property 2 Property N Code Generation SPARK 2014 Property 2 Property N

From AADL to Simulink and SPARK Take advantage of AADL mechanisms to Describe execution and communication resources (threads, ports, …) Bind Simulink or Ada functional models to threads as subprograms First level of V&V done at model-level Interface are correctly typed, behavior correctly defined as subprograms Compliance to Ravenscar profile: deterministic concurrency Schedulability analysis Consistency: WCET of ISR handlers compatible with # of interrupts thread implementation Rotation_Sensor_Sim.Impl subcomponents calls seq : { C : subprogram Rotation_Sim; }; connections parameter Simulated_Velocity -> C.Simulated_Velocity; port C.Click -> Rotation_Click; end Rotation_Sensor_Sim.Impl; subprogram Rotation_Sim features Simulated_Velocity : in parameter Velocity; Click : out event port; properties Source_Name => "Rotation_Sim.Rotation_Sim"; Source_Language => (Ada95); end Rotation_Sim;

From AADL to SPARK AADL provides full description of use of runtime resources Use Ocarina to generate code from architectural description Based on archetypes for concurrency, communication Ada/SPARK compliant, path to high-integrity software #5: strong typing, generic, native support for concurrency #4: restriction for HI systems #3: restrictions for concurrency: Ravenscar profile #2: well-known coding patterns #1: contracts: pre/post conditions Functional code integrated as external Ada libraries Preserve abstraction boundaries (typing, encapsulation) Then connect to integration V&V activities Compiler checks 100% OK Best practice Theorem proving, 90%, on-going

Model-level verification (proof + simulation) From Simulink to SPARK 2014 Model-level verification (proof + simulation) ... if Compare_To_Constant_out1 = estimatedGroundVelocityIsAvailable then Relational_Operator_out1 := True; else Relational_Operator_out1 := False; end if; pragma Assert (Relational_Operator_out1); Source-level proof or property preservation Run-time monitoring of safety properties

Verification by formal proof Verification by simulation The wrap-up AADL System Model Property 1 Property 2 … Property N Decomposition SPARK 2014 Simulink Verification by formal proof Property 1 Property 2 Verification by simulation Property N Code Generation SPARK 2014 Property 2 Verification by formal proof Property N

TAKE HOME messages

Property preservation: how? Several different techniques Peer review, testing, automatic code generation, formal proof, … How to combine them? While providing evidence of coverage And taking into account system-level concerns Use AADL as a pivot representation Derive formalized specifications downstream Rely on languages supporting design-by-contract AADL, SPARK, Simulink Assertion Blocks, … And translate them across abstraction layers

Current state & future improvements SPARK 2014 Formal Verification Toolset Currently in Beta, first release in April 2014 Simulink to SPARK 2014 code generator Project P, available in Q4 2014 AADL to Ada/SPARK2014 code generator + runtime Part of Ocarina distribution, available through http://www.openaadl.org Tested with GNATProve GPL 2013

Franco Gasperoni, AdaCore Cyrille Comar, AdaCore Ed Falis, AdaCore Franco Gasperoni, AdaCore Yannick Moy, AdaCore Elie Richa, AdaCore thanks! Matteo Bordin, bordin@adacore.com Jérôme Hugues, jerome.hugues@isae.fr