Slide: 1 Copyright © 2014 AdaCore Claire Dross, Pavlos Efstathopoulos, David Lesens, David Mentré and Yannick Moy Embedded Real Time Software and Systems.

Slides:



Advertisements
Similar presentations
Copyright W. Howden1 Programming by Contract CSE 111 6/4/2014.
Advertisements

Rigorous Software Development CSCI-GA Instructor: Thomas Wies Spring 2012 Lecture 8.
Software development process. Explanation of the iterative nature of the software development process.
A System to Generate Test Data and Symbolically Execute Programs Lori A. Clarke September 1976.
B. Sharma, S.D. Dhodapkar, S. Ramesh 1 Assertion Checking Environment (ACE) for Formal Verification of C Programs Babita Sharma, S.D.Dhodapkar RCnD, BARC,
Software Construction
David Evans CS655: Programming Languages University of Virginia Computer Science Lecture 19: Minding Ps & Qs: Axiomatic.
Presented by David LESENS and Johannes KANIG Thursday, 16 May 2013 Astrium Space Transportation AdaCore Formal Validation of Aerospace Software DASIA 2013.
1 Semantic Description of Programming languages. 2 Static versus Dynamic Semantics n Static Semantics represents legal forms of programs that cannot be.
Automated creation of verification models for C-programs Yury Yusupov Saint-Petersburg State Polytechnic University The Second Spring Young Researchers.
An Integration of Program Analysis and Automated Theorem Proving Bill J. Ellis & Andrew Ireland School of Mathematical & Computer Sciences Heriot-Watt.
Formal Methods in Software Engineering Credit Hours: 3+0 By: Qaisar Javaid Assistant Professor Formal Methods in Software Engineering1.
6/4/2015Page 1 Enterprise Service Bus (ESB) B. Ramamurthy.
Software Engineering and Design Principles Chapter 1.
Building Reliable Software Requirements and Methods.
Software Engineering for Safety : A Roadmap Presentation by: Manu D Vij CS 599 Software Engineering for Embedded Systems.
Chapter 1 Principles of Programming and Software Engineering.
© 2006 Pearson Addison-Wesley. All rights reserved2-1 Chapter 2 Principles of Programming & Software Engineering.
20 February Detailed Design Implementation. Software Engineering Elaborated Steps Concept Requirements Architecture Design Implementation Unit test Integration.
A case study System to Software Integrity Matteo Bordin Jérôme Hugues Cyrille Comar, Ed Falis, Franco Gasperoni, Yannick Moy, Elie Richa.
Copyrighted material John Tullis 8/13/2015 page 1 Blaze Software John Tullis DePaul Instructor
A Pragmatic View of Formal Methods The Hi-Lite Project Robert B K Dewar SSS ‘11 President & CEO, AdaCore Emeritus Professor of Computer.
Formal Methods 1. Software Engineering and Formal Methods  Every software engineering methodology is based on a recommended development process  proceeding.
Ranga Rodrigo. Class is central to object oriented programming.
CS 501: Software Engineering Fall 1999 Lecture 16 Verification and Validation.
Objectives of the Lecture
Software Engineering Prof. Dr. Bertrand Meyer March 2007 – June 2007 Chair of Software Engineering Static program checking and verification Slides: Based.
Is Proof More Cost-Effective Than Testing? Presented by Yin Shi.
© Andrew IrelandDependable Systems Group Proof Automation for the SPARK Approach to High Integrity Ada Andrew Ireland Computing & Electrical Engineering.
© Andrew IrelandDependable Systems Group. © Andrew IrelandDependable Systems Group Proof Automation for the SPARK Approach to High Integrity Ada Andrew.
Ranga Rodrigo. The purpose of software engineering is to find ways of building quality software.
Overview of Formal Methods. Topics Introduction and terminology FM and Software Engineering Applications of FM Propositional and Predicate Logic Program.
WSMX Execution Semantics Executable Software Specification Eyal Oren DERI
Framework for the Development and Testing of Dependable and Safety-Critical Systems IKTA 065/ Supported by the Information and Communication.
1 Introduction to Software Engineering Lecture 1.
CS Data Structures I Chapter 2 Principles of Programming & Software Engineering.
QuickCheck: A Lightweight Tool for Random Testing of Haskell Programs By Koen Claessen, Juhn Hughes ME: Mike Izbicki.
High Integrity Ada in a UML and C world Peter Amey, Neil White Presented by Liping Cai.
© Andrew IrelandDependable Systems Group Static Analysis and Program Proof Andrew Ireland School of Mathematical & Computer Sciences Heriot-Watt University.
Slide: 1 Copyright © 2009 AdaCore GeneAuto for Ada and SPARK A verifying model compiler GeneAuto2 meeting (Toulouse) September 2009 Matteo Bordin
Software Debugging, Testing, and Verification Presented by Chris Hundersmarck November 10, 2004 Dr. Bi’s SE516.
Using and Building an Automatic Program Verifier K. Rustan M. Leino Research in Software Engineering (RiSE) Microsoft Research, Redmond Lecture 0 Marktoberdorf.
1 CSCD 326 Data Structures I Software Design. 2 The Software Life Cycle 1. Specification 2. Design 3. Risk Analysis 4. Verification 5. Coding 6. Testing.
© Andrew IrelandDependable Systems Group Proof Automation for the SPARK Approach to High Integrity Ada Andrew Ireland Computing & Electrical Engineering.
Presented by David LESENS Tuesday 29 November 2011 Hi-Lite project – Case Study ASTRIUM Space Transportation.
© 2006 Pearson Addison-Wesley. All rights reserved2-1 Chapter 2 Principles of Programming & Software Engineering.
A System to Generate Test Data and Symbolically Execute Programs Lori A. Clarke Presented by: Xia Cheng.
16/11/ Semantic Web Services Language Requirements Presenter: Emilia Cimpian
© 2006 Pearson Addison-Wesley. All rights reserved 2-1 Chapter 2 Principles of Programming & Software Engineering.
Version 02U-1 Computer Security: Art and Science1 Correctness by Construction: Developing a Commercial Secure System by Anthony Hall Roderick Chapman.
PROGRAMMING PRE- AND POSTCONDITIONS, INVARIANTS AND METHOD CONTRACTS B MODULE 2: SOFTWARE SYSTEMS 13 NOVEMBER 2013.
Static Techniques for V&V. Hierarchy of V&V techniques Static Analysis V&V Dynamic Techniques Model Checking Simulation Symbolic Execution Testing Informal.
/ PSWLAB Evidence-Based Analysis and Inferring Preconditions for Bug Detection By D. Brand, M. Buss, V. C. Sreedhar published in ICSM 2007.
Design by Contract. The Goal Ensure the correctness of our software (correctness) Recover when it is not correct anyway (robustness) Correctness: Assertions.
Copyright 1999 G.v. Bochmann ELG 7186C ch.1 1 Course Notes ELG 7186C Formal Methods for the Development of Real-Time System Applications Gregor v. Bochmann.
Mechanisms for Requirements Driven Component Selection and Design Automation 최경석.
Principles of Programming & Software Engineering
Principles of Programming and Software Engineering
Levels of Software Assurance in SPARK
Lecture Software Process Definition and Management Chapter 3: Descriptive Process Models Dr. Jürgen Münch Fall
Enterprise Service Bus (ESB) (Chapter 9)
QGen and TQL-1 Qualification
AdaCore Technologies for Cyber Security
QGen and TQL Qualification
Software system modeling
Software Engineering for Safety: a Roadmap
Rail, Space, Security: Three Case Studies for SPARK 2014
The Zoo of Software Security Techniques
System to Software Integrity
Update & Roadmap. Update & Roadmap Established Ada market “Helping to preserve investments done with Ada” “Provide new cost-effective ways to develop.
Presentation transcript:

Slide: 1 Copyright © 2014 AdaCore Claire Dross, Pavlos Efstathopoulos, David Lesens, David Mentré and Yannick Moy Embedded Real Time Software and Systems – February 5th, 2014 Rail, Space, Security: Three Case Studies for SPARK 2014

Slide: 2 Copyright © 2014 AdaCore SPARK 2014

Slide: 3 Copyright © 2014 AdaCore programming language for long- lived embedded critical software Ada 2012 and SPARK 2014 Ada subset for formal verification programming by contract practical formal verification

Slide: 4 Copyright © 2014 AdaCore SPARK 2014 Value Proposition Functional RequirementFunctional Verification Software ArchitectureSoftware Architecture Verification Unit RequirementsUnit Verification CodeRobustness Verification

Slide: 5 Copyright © 2014 AdaCore SPARK 2014 Value Proposition (DO-178C Version) System Requirements High Level Requirements Low Level Requirements Software Architecture Source Code Executable Object Code Compliance Robustness Property Preservation Software architecture is consistent Accuracy Consistency

Slide: 6 Copyright © 2014 AdaCore Contract = agreement between client & supplier SPARK 2014 Contracts Program caller & callee Contract = agreement between client & supplier Dynamic Verification Formal Verification

Slide: 7 Copyright © 2014 AdaCore Case Studies

Slide: 8 Copyright © 2014 AdaCore Case study 1: Train Control Systems David Mentré

Slide: 9 Copyright © 2014 AdaCore openETCS Open Source  no vendor lock-in Model based (SysML) Formal methods  Strong guaranties of correctness “Open Proofs”  Everybody can re-check

Slide: 10 Copyright © 2014 AdaCore Formalization of the Correctness of Step Functions Has_Same_Delimiters? Get_Value? Minimum_Until_Point? Restrictive_Merge

Slide: 11 Copyright © 2014 AdaCore Results SPARK 2014 very good for: Capturing objects in the requirements Readability of the specifications (= contracts) Automatic proof of absence of run-time errors Automatic proof of simple functional contracts Dynamic verification of contracts and assertions SPARK 2014 is not good for: Proving existing code automatically without any modifications Proving automatically complex functional contracts Areas requiring improvements: Possibility to prove some properties interactively (in 2014 roadmap) Better diagnostic for incomplete loop invariants (in 2014 roadmap) Training for developers to use proof tools (available in SPARK Pro subscription) Workflow to make efficient use of developers’ time (in progress)

Slide: 12 Copyright © 2014 AdaCore Case study 2: Flight Control and Vehicle Management in Space David Lesens

Slide: 13 Copyright © 2014 AdaCore On Board Control Procedure On-board control procedure –Software program designed to be executed by an OBCP engine, which can easily be loaded, executed, and also replaced, on-board the spacecraft OBCP code –Complete representation of an OBCP, in a form that can be loaded on-board for subsequent execution OBCP engine –Application of the on-board software handling the execution of OBCPs OBCP language –Programming language in which OBCP source code is expressed by human programmers

Slide: 14 Copyright © 2014 AdaCore Formalization of the Correctness of 1505 Subprograms procedure Reset_Event_Status (Event : in T_Event) with Post => not Event_Status (Event).Detection and (for all Other_Event in T_Event => (if Other_Event /= Event then Event_Status (Other_Event) = Event_Status'Old (Other_Event))); Example: A list of event detection statuses Request to reset the detection status for Event The detection status is unchanged Post-condition The detection of event is reset For all other events Event1Event2Event3 Not detectedDetected Event1 Event2 Event3 Not detected Detected Event1 Event2 Event3 Not detected Detected Event1 Event2 Event3 Not detected Detected

Slide: 15 Copyright © 2014 AdaCore Numerical control/command algorithms Mission and vehicle management Formal Verification of Aerospace Software, DASIA 2013, content/uploads/2013/05/DASIA_2013.pdfhttp:// content/uploads/2013/05/DASIA_2013.pdf Automatic Proof Results Part# subprograms# checks% proved Math library Numerical algorithms Part# subprograms# checks% proved Single variable List of variables Events Expressions Automated proc On board control proc

Slide: 16 Copyright © 2014 AdaCore SPARK 2014 very good for: Proof of absence of run-time errors Correct access to all global variables Absence of out-of-range values Internal consistency of software unit Correct numerical protection Correctness of a generic code in a specific context SPARK 2014 is good for: Proof of functional properties Areas requiring improvements: Sound treatment of floating-points (done) Support of object oriented features (in 2014 roadmap) Helping user with unproved checks (in 2014 roadmap) Results

Slide: 17 Copyright © 2014 AdaCore Case study 3: Biometric Access to a Secure Enclave Pavlos Efstathopoulos

Slide: 18 Copyright © 2014 AdaCore Tokeneer

Slide: 19 Copyright © 2014 AdaCore Aspect / PragmaNum. of occurrences Global197 Refined_Global71 Refined_Depends40 Depends202 Pre28 Post41 Assume3 Loop_Invariant10 Formalization of the “Admin” Package Dataflow Information flow Refinement Functional contracts User guidance Assumptions

Slide: 20 Copyright © 2014 AdaCore SPARK 2014 very good for: Readability of the formal specifications Expressing specification-only code SPARK 2014 is better than SPARK 2005 for: Analysis of code that was not analyzable with SPARK 2005 Automating proofs with less user efforts Proving complete functional behavior of functions Uncovering corner cases in specifications related to run-time checks Areas requiring improvements: Summary of proof results (done) Results

Slide: 21 Copyright © 2014 AdaCore Lessons Learned

Slide: 22 Copyright © 2014 AdaCore SPARK 2014 Strengths executable contracts better automation of proofs large, expressive, analyzable language

Slide: 23 Copyright © 2014 AdaCore SPARK 2014 Challenges static debugging of contracts need expert advice sometimes code and specifications must be adapted

Slide: 24 Copyright © 2014 AdaCore SPARK in 2014

Slide: 25 Copyright © 2014 AdaCore Now available as beta First release April 2014 See and New LabCom ProofInUse between AdaCore and INRIA (hiring 2 R&D software engineer postdocs) Roadmap

Slide: 26 Copyright © 2014 AdaCore Tomorrow Thursday: 8:00 – 8:50 (room Daurat) Information session on the working group on “Theorem Proving in Certification” 10:30 – 12:30 New Trends in Certification I 16:40 – 18:40 New Trends in Certification II Announcements

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.