Assurance techniques for code generators Ewen Denney USRA/RIACS, NASA Ames Bernd Fischer ECS, U Southampton.

Slides:

Advertisements

Similar presentations

1 Verification by Model Checking. 2 Part 1 : Motivation.

Advertisements

Certifying Auto-generated Flight Code Ewen Denney Robust Software Engineering NASA Ames Research Center California, USA.

Verification and Validation

A System to Generate Test Data and Symbolically Execute Programs Lori A. Clarke September 1976.

Introducing Formal Methods, Module 1, Version 1.1, Oct., Formal Specification and Analytical Verification L 5.

Chapter 4 Quality Assurance in Context

LIFE CYCLE MODELS FORMAL TRANSFORMATION

Software Engineering-II Sir zubair sajid. What’s the difference? Verification – Are you building the product right? – Software must conform to its specification.

©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 24 Slide 1 Critical Systems Validation 2.

Which role might model-based engineering play in software certification? Selo Sulistyo.

1 DiSTiL : A Transformation Library for Data Structures Yannis Smaragdakis.

Presented by: Thabet Kacem Spring Outline Contributions Introduction Proposed Approach Related Work Reconception of ADLs XTEAM Tool Chain Discussion.

Background information Formal verification methods based on theorem proving techniques and modelchecking –to prove the absence of errors (in the formal.

Run Time Monitoring of Reactive System Models Mikhail Auguston Naval Postgraduate School Mark Trakhtenbrot Holon Academic Institute of.

Building Reliable Software Requirements and Methods.

Software Reuse Building software from reusable components Objectives

© The McGraw-Hill Companies, 2006 Chapter 9 Software quality.

©Ian Sommerville 2000Software Engineering, 6th edition. Chapter 19Slide 1 Verification and Validation l Assuring that a software system meets a user's.

On the Correctness of Model Transformations Gabor Karsai ISIS/Vanderbilt University.

School of Computer ScienceG53FSP Formal Specification1 Dr. Rong Qu Introduction to Formal Specification

End-to-End Design of Embedded Real-Time Systems Kang G. Shin Real-Time Computing Laboratory EECS Department The University of Michigan Ann Arbor, MI

1 Software Testing and Quality Assurance Lecture 1 Software Verification & Validation.

Formal verification Marco A. Peña Universitat Politècnica de Catalunya.

Generative Programming. Generic vs Generative Generic Programming focuses on representing families of domain concepts Generic Programming focuses on representing.

Mathematics throughout the CS Curriculum Support by NSF #

1 L07SoftwareDevelopmentMethod.pptCMSC 104, Version 8/06 Software Development Method Topics l Software Development Life Cycle Reading l Section 1.4 – 1.5.

Formal Methods 1. Software Engineering and Formal Methods  Every software engineering methodology is based on a recommended development process  proceeding.

©Ian Sommerville 2000Software Engineering, 6th edition. Chapter 19Slide 1 Verification and Validation l Assuring that a software system meets a user's.

Expert System Presentation On…. Software Certification for Industry - Verification and Validation Issues in Expert Systems By Anca I. Vermesan Presented.

Verification and Validation Yonsei University 2 nd Semester, 2014 Sanghyun Park.

Assurance techniques for code generators Ewen Denney USRA/RIACS, NASA Ames Bernd Fischer ECS, U Southampton.

Ontology Development Kenneth Baclawski Northeastern University Harvard Medical School.

1 Validation & Verification Chapter VALIDATION & VERIFICATION Very Difficult Very Important Conceptually distinct, but performed simultaneously.

1 Chapter 2 The Process. 2 Process  What is it?  Who does it?  Why is it important?  What are the steps?  What is the work product?  How to ensure.

3.2 Data Checking.

Kestrel Tools for Producing Reliable Software: Synthesis and Analysis Kestrel Institute Palo Alto, California Douglas R. Smith.

Composing Adaptive Software Authors Philip K. McKinley, Seyed Masoud Sadjadi, Eric P. Kasten, Betty H.C. Cheng Presented by Ana Rodriguez June 21, 2006.

Intent Specification Intent Specification is used in SpecTRM

High Performance Embedded Computing © 2007 Elsevier Lecture 3: Design Methodologies Embedded Computing Systems Mikko Lipasti, adapted from M. Schulte Based.

High Performance Embedded Computing © 2007 Elsevier Chapter 1, part 2: Embedded Computing High Performance Embedded Computing Wayne Wolf.

John D. McGregor Session 2 Preparing for Requirements V & V

Generative Programming. Automated Assembly Lines.

CMSC 1041 Algorithms II Software Development Life-Cycle.

INRIA - LaBRICharles Consel Jan-06 1 Domain-Specific Software Engineering Charles Consel Phoenix Research Group LaBRI /INRIA-Futurs January 2006.

©Ian Sommerville 2000Software Engineering, 6th edition. Chapter 19Slide 1 Chapter 19 Verification and Validation.

Model Checking and Model-Based Design Bruce H. Krogh Carnegie Mellon University.

High Integrity Ada in a UML and C world Peter Amey, Neil White Presented by Liping Cai.

Verification and Validation Assuring that a software system meets a user's needs.

Ensure that the right functions are performed Ensure that the these functions are performed right and are reliable.

An Axiomatic Basis for Computer Programming Robert Stewart.

HNDIT23082 Lecture 06:Software Maintenance. Reasons for changes Errors in the existing system Changes in requirements Technological advances Legislation.

Winter 2011SEG Chapter 11 Chapter 1 (Part 1) Review from previous courses Subject 1: The Software Development Process.

Using Symbolic PathFinder at NASA Corina Pãsãreanu Carnegie Mellon/NASA Ames.

Formal Verification. Background Information Formal verification methods based on theorem proving techniques and modelchecking –To prove the absence of.

R-Verify: Deep Checking of Embedded Code James Ezick † Donald Nguyen † Richard Lethin † Rick Pancoast* (†) Reservoir Labs (*) Lockheed Martin The Eleventh.

Lectures 2 & 3: Software Process Models Neelam Gupta.

Testing Overview Software Reliability Techniques Testing Concepts CEN 4010 Class 24 – 11/17.

A Framework for Automated and Composable Testing of Component-based Services Miguel A. Jiménez, Ángela Villota, Norha M. Villegas, Gabriel Tamura, Laurence.

©Ian Sommerville 2000Software Engineering, 6th edition. Chapter 19Slide 1 Verification and Validation l Assuring that a software system meets a user's.

Laurea Triennale in Informatica – Corso di Ingegneria del Software I – A.A. 2006/2007 Andrea Polini XVII. Verification and Validation.

CSC 480 Software Engineering

Chapter 18 Maintaining Information Systems

SDC – SDLC integration.

Software Design Methodology

Aspect Validation: Connecting Aspects and Formal Methods

CSSSPEC6 SOFTWARE DEVELOPMENT WITH QUALITY ASSURANCE

QGen and TQL-1 Qualification

QGen and TQL Qualification

Test Case Test case Describes an input Description and an expected output Description. Test case ID Section 1: Before execution Section 2: After execution.

Presentation transcript:

Assurance techniques for code generators Ewen Denney USRA/RIACS, NASA Ames Bernd Fischer ECS, U Southampton

Assurance problem Safety/mission-critical software requires assurance that it meets a certain level of “quality” What are the issues in assuring automatically generated code? –Different forms of assurance –Different assurance techniques –Diverse generator paradigms

Forms of assurance What exactly might we need to assure? Compliance with requirements Compliance with spec/model Certification standards Coding standards Absence of run-time errors Traceability Appropriate documentation Correctness Reliability Legibility

Participants Harold Ossher Markus Pueschel Julia Lawall Ann Le Meur Yannis Smaragdakis Oleg Kiselyov Tom Ellman Gabor Karsai Kevin Hammond Laurence Tratt Baris Aktemur Walid Taha Bernd Fischer Ewen Denney

Target domains numerical code –statistical data analysis –GN&C –physics-based animation –linear transforms embedded systems –real-time systems –device drivers optimizing simulators programming language tools

Generator paradigms mathematical, schema-based –templates and symbolic reasoning source-level transformations –DSLs –AOP –template metaprogramming –staged programming model-driven –graph-transformations

The Holy War?!? Thou shalt qualify thy generator vs. Certify the generated programs, Luke Certification ≠ Verification! Safety ≠ Correctness! Should prove parts of the generator correct –find problems earlier: in generator rather than at compilation time –domain knowledge (much) easier to understand at higher- level than in generated code Generate proofs that can be checked Compositional verification Safety is ultimately a system question

Some Current Approaches Distinction between generator framework and domain knowledge reflected in distinction between verification and validation Testing generator rules in Spiral: –domain source might be wrong –formalization might be wrong –plug in parameters and check an instance of the transformation Simulate algorithm instances in AutoFilter Compose aspects while ensuring they don’t corrupt each other –ultimately: want behavioral equivalence “Type systems can encode interesting things” "Our formal abilities are laughable“

Traceability and Documentation Doing it manually very tedious and error-prone Adding "rationale system" to explain the transformation steps –Programming traceability info was harder than the rest of the system, but very important –Good for debugging, but users don't care Relating performance model to higher-level description? Optimization blurs boundaries Establishing bisimulation gives trace Tracing is much easier in “horizontal” systems rather than vertical systems

Bake-off A bake-off for assuring generators? Need challenge problems, consisting of –classes of specs, –algorithms for generating programs –proofs that the algorithms are correct –…

Conclusions??? In Europe, everything is proven, but nothing works. In the US, nothing is proven, but it works. And in code generation, nothing works and nothing is proven…