A case study System to Software Integrity Matteo Bordin Jérôme Hugues Cyrille Comar, Ed Falis, Franco Gasperoni, Yannick Moy, Elie Richa.

Slides:



Advertisements
Similar presentations
© Telelogic AB Modeling DoDAF Compliant Architectures Operational Systems Technical.
Advertisements

.NET Technology. Introduction Overview of.NET What.NET means for Developers, Users and Businesses Two.NET Research Projects:.NET Generics AsmL.
Abstraction and Modular Reasoning for the Verification of Software Corina Pasareanu NASA Ames Research Center.
LIFE CYCLE MODELS FORMAL TRANSFORMATION
Background information Formal verification methods based on theorem proving techniques and model­checking –to prove the absence of errors (in the formal.
Slide: 1 Copyright © 2014 AdaCore Claire Dross, Pavlos Efstathopoulos, David Lesens, David Mentré and Yannick Moy Embedded Real Time Software and Systems.
Software Reliability CIS 640 Adapted from the lecture notes by Doron Pelel (
Formal Methods in Software Engineering Credit Hours: 3+0 By: Qaisar Javaid Assistant Professor Formal Methods in Software Engineering1.
VIDE Integrated Environment for Development and Verification of Programs.
ECE Synthesis & Verification1 ECE 667 Spring 2011 Synthesis and Verification of Digital Systems Verification Introduction.
Establishing the overall structure of a software system
1 / 26 CS 425/625 Software Engineering Architectural Design Based on Chapter 11 of the textbook [SE-8] Ian Sommerville, Software Engineering, 8t h Ed.,
Chair of Software Engineering Automatic Verification of Computer Programs.
November 18, 2004 Embedded System Design Flow Arkadeb Ghosal Alessandro Pinto Daniele Gasperini Alberto Sangiovanni-Vincentelli
On the Correctness of Model Transformations Gabor Karsai ISIS/Vanderbilt University.
The Mana Project Lars Asplund Kristina Lundqvist Uppsala University, Information Technology, Dept of Computer Systems.
Architectural Design Establishing the overall structure of a software system Objectives To introduce architectural design and to discuss its importance.
Formal Methods 1. Software Engineering and Formal Methods  Every software engineering methodology is based on a recommended development process  proceeding.
Cheng/Dillon-Software Engineering: Formal Methods Model Checking.
Katanosh Morovat.   This concept is a formal approach for identifying the rules that encapsulate the structure, constraint, and control of the operation.
MT311 Java Application Development and Programming Languages Li Tak Sing( 李德成 )
©Ian Sommerville 1995 Software Engineering, 5th edition. Chapter 13Slide 1 Architectural Design u Establishing the overall structure of a software system.
©Ian Sommerville 2000 Software Engineering, 6th edition. Chapter 10Slide 1 Chapter 10 Architectural Design.
Architectural Design portions ©Ian Sommerville 1995 Establishing the overall structure of a software system.
Using AADL to Model a Protodol Stack Didier Delanote, Stefan Van Baelen, Wouter Joosen and Yolande Berbers Katholieke Universiteit Leuven.
©Ian Sommerville 2000 Software Engineering, 6th edition. Chapter 10Slide 1 Architectural Design l Establishing the overall structure of a software system.
1 New Development Techniques: New Challenges for Verification and Validation Mats Heimdahl Critical Systems Research Group Department of Computer Science.
Overview of Formal Methods. Topics Introduction and terminology FM and Software Engineering Applications of FM Propositional and Predicate Logic Program.
Institute e-Austria in Timisoara 1 Author: prep. eng. Calin Jebelean Verification of Communication Protocols using SDL ( )
6 th Framework Programme (IST-FP ) A Domain-Specific Metamodel for Reusable Object-Oriented High-Integrity Components Matteo Bordin and Tullio.
Architectural Design lecture 10. Topics covered Architectural design decisions System organisation Control styles Reference architectures.
Formal Verification Lecture 9. Formal Verification Formal verification relies on Descriptions of the properties or requirements Descriptions of systems.
Quality Driven SystemC Design By Nasir Mahmood. Hybrid Approach The idea here is to combine the strengths of simulation – namely the ability to handle.
Refining middleware functions for verification purpose Jérôme Hugues Laurent Pautet Fabrice Kordon
TTCN-3 MOST Challenges Maria Teodorescu
Model Checking and Model-Based Design Bruce H. Krogh Carnegie Mellon University.
Safety-Critical Systems 5 Testing and V&V T
Writing Systems Software in a Functional Language An Experience Report Iavor Diatchki, Thomas Hallgren, Mark Jones, Rebekah Leslie, Andrew Tolmach.
Slide: 1 Copyright © 2009 AdaCore GeneAuto for Ada and SPARK A verifying model compiler GeneAuto2 meeting (Toulouse) September 2009 Matteo Bordin
Requirements Specification. Welcome to Software Engineering: “Requirements Specification” “Requirements Specification”  Verb?  Noun?  “Specification”
FDT Foil no 1 On Methodology from Domain to System Descriptions by Rolv Bræk NTNU Workshop on Philosophy and Applicablitiy of Formal Languages Geneve 15.
Laboratory of Model Driven Engineering for Embedded Systems An Execution Framework for MARTE-based Models UML&AADL’2008 workshop Belfast, Northern Ireland.
1 CSCD 326 Data Structures I Software Design. 2 The Software Life Cycle 1. Specification 2. Design 3. Risk Analysis 4. Verification 5. Coding 6. Testing.
1 Chapter 26 Cleanroom Software Engineering Cleanroom Developed in early 80’s by Harlan Mills Reported very good results –reliable, high-quality.
CSC480 Software Engineering Lecture 10 September 25, 2002.
Presented by David LESENS Tuesday 29 November 2011 Hi-Lite project – Case Study ASTRIUM Space Transportation.
1 / 26 CS 425/625 Software Engineering Architectural Design Based on Chapter 10 of the textbook [Somm00] Ian Sommerville, Software Engineering, 6 th Ed.,
Testing OO software. State Based Testing State machine: implementation-independent specification (model) of the dynamic behaviour of the system State:
CSCI1600: Embedded and Real Time Software Lecture 28: Verification I Steven Reiss, Fall 2015.
SAFEWARE System Safety and Computers Chap18:Verification of Safety Author : Nancy G. Leveson University of Washington 1995 by Addison-Wesley Publishing.
Formal Verification. Background Information Formal verification methods based on theorem proving techniques and model­checking –To prove the absence of.
Rigorous Testing by Merging Structural and Behavioral UML Representations Presented by Chin-Yi Tsai.
Software Systems Division (TEC-SW) ASSERT process & toolchain Maxime Perrotin, ESA.
Testing Overview Software Reliability Techniques Testing Concepts CEN 4010 Class 24 – 11/17.
Slide 1 Chapter 8 Architectural Design. Slide 2 Topics covered l System structuring l Control models l Modular decomposition l Domain-specific architectures.
Chapter 8 – Software Testing
Part 3 Design What does design mean in different fields?
Towards a Model-Driven Engineering Software Development Framework
Levels of Software Assurance in SPARK
Logical architecture refinement
QGen and TQL-1 Qualification
AdaCore Technologies for Cyber Security
AdaCore C/C++ Offering
Yes, we do those languages too.
QGen and TQL Qualification
IS 2935: Developing Secure Systems
Rail, Space, Security: Three Case Studies for SPARK 2014
System to Software Integrity
Yes, we do those languages too.
Presentation transcript:

a case study System to Software Integrity Matteo Bordin Jérôme Hugues Cyrille Comar, Ed Falis, Franco Gasperoni, Yannick Moy, Elie Richa

How to verify property preservation? How to combine them? What about system properties? Peer review Testing Design/Verify-by-contract (Eiffel, Ada 2012, SPARK, Frama-C, …) Automatic code generators Reverse engineering

a case study The nose gear challenge

The ground velocity shall be available iff the data used for computation is no older than 3000ms The measured velocity shall not differ of more than 3 Km/h from the real velocity during the latest 3000ms The ground velocity shall be available iff the data used for computation is no older than 3000ms The measured velocity shall not differ of more than 3 Km/h from the real velocity during the latest 3000ms

From System to Software (top-down only) AADL System Model AADL Property 1 Property 2 Property N … SPARK 2014 Property 1 Decompositi on SimulinkSimulink Property 2 Property N Code Generation SPARK 2014 Property 2 Property N

From AADL to Simulink and SPARK Take advantage of AADL mechanisms to –Describe execution and communication resources (threads, ports, …) –Bind Simulink or Ada functional models to threads as subprograms First level of V&V done at model-level –Interface are correctly typed, behavior correctly defined as subprograms –Compliance to Ravenscar profile: deterministic concurrency –Schedulability analysis –Consistency: WCET of ISR handlers compatible with # of interrupts subprogram Rotation_Sim features Simulated_Velocity : in parameter Velocity; Click : out event port; properties Source_Name => "Rotation_Sim.Rotation_Sim"; Source_Language => (Ada95); end Rotation_Sim; thread implementation Rotation_Sensor_Sim.Impl subcomponents calls seq : { C : subprogram Rotation_Sim; }; connections parameter Simulated_Velocity -> C.Simulated_Velocity; port C.Click -> Rotation_Click; end Rotation_Sensor_Sim.Impl;

From AADL to SPARK AADL provides full description of use of runtime resources –Use Ocarina to generate code from architectural description –Based on archetypes for concurrency, communication Ada/SPARK compliant, path to high-integrity software –#5: strong typing, generic, native support for concurrency –#4: restriction for HI systems –#3: restrictions for concurrency: Ravenscar profile –#2: well-known coding patterns –#1: contracts: pre/post conditions Functional code integrated as external Ada libraries –Preserve abstraction boundaries (typing, encapsulation) –Then connect to integration V&V activities Compiler checks 100% OK Best practice Theorem proving, 90%, on-going

From Simulink to SPARK 2014 Model-level verification (proof + simulation)... if Compare_To_Constant_out1 = estimatedGroundVelocityIsAvailable then Relational_Operator_out1 := True; else Relational_Operator_out1 := False; end if; pragma Assert (Relational_Operator_out1);... Source-level proof or property preservation Run-time monitoring of safety properties

The wrap-up AADL System Model AADL Property 1 Property 2 Property N … SPARK 2014 Property 1 Decompositi on Verification by formal proof SimulinkSimulink Property 2 Property N Verification by simulation Code Generation SPARK 2014 Verification by formal proof Property 2 Property N

TAKE HOME messages

Property preservation: how? Several different techniquesSeveral different techniques –Peer review, testing, automatic code generation, formal proof, … How to combine them?How to combine them? –While providing evidence of coverage –And taking into account system-level concerns Use AADL as a pivot representationUse AADL as a pivot representation –Derive formalized specifications downstream Rely on languages supporting design-by-contractRely on languages supporting design-by-contract –AADL, SPARK, Simulink Assertion Blocks, … –And translate them across abstraction layers

Current state & future improvements SPARK 2014 Formal Verification ToolsetSPARK 2014 Formal Verification Toolset –Currently in Beta, first release in April 2014 Simulink to SPARK 2014 code generatorSimulink to SPARK 2014 code generator –Project P, available in Q AADL to Ada/SPARK2014 code generator + runtimeAADL to Ada/SPARK2014 code generator + runtime –Part of Ocarina distribution, available through –Tested with GNATProve GPL 2013

Cyrille Comar, AdaCore Ed Falis, AdaCore Franco Gasperoni, AdaCore Yannick Moy, AdaCore Elie Richa, AdaCorethanks! Matteo Bordin, Jérôme Hugues,

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.