1 New Development Techniques: New Challenges for Verification and Validation Mats Heimdahl Critical Systems Research Group Department of Computer Science.

Slides:

Advertisements

Similar presentations

Formal Methods and Testing Goal: software reliability Use software engineering methodologies to develop the code. Use formal methods during code development.

Advertisements

Auto-Generation of Test Cases for Infinite States Reactive Systems Based on Symbolic Execution and Formula Rewriting Donghuo Chen School of Computer Science.

Certifying Auto-generated Flight Code Ewen Denney Robust Software Engineering NASA Ames Research Center California, USA.

Introducing Formal Methods, Module 1, Version 1.1, Oct., Formal Specification and Analytical Verification L 5.

1 Translation Validation: From Simulink to C Michael RyabtsevOfer Strichman Technion, Haifa, Israel Acknowledgement: sponsored by a grant from General.

Dagstuhl Intro Mike Whalen. 2 Mike Whalen My main goal is to reduce software verification and validation (V&V) cost and increasing.

Software Reliability CIS 640 Adapted from the lecture notes by Doron Pelel (

1 Formal Methods in SE Qaisar Javaid Assistant Professor Lecture 05.

Advanced Technology Center Slide 1 Formal Verification of Flight Critical Software Dr. Steven P. Miller Advanced Computing Systems Elise A. Anderson Commercial.

CONNIE HEITMEYER Center for High Assurance Computer Systems Naval Research Laboratory Washington, DC Workshop on the Verification Grand Challenge SRI International.

Advanced Technology Center Slide 1 Formal Methods in Safety-Critical Systems Dr. Steven P. Miller Advanced Computing Systems Rockwell Collins 400 Collins.

Formal Model-Based Development in Aerospace Systems: Challenges to Adoption Mats P. E. Heimdahl University of Minnesota Software Engineering Center Critical.

Formal Methods in Software Engineering Credit Hours: 3+0 By: Qaisar Javaid Assistant Professor Formal Methods in Software Engineering1.

May 11, ACL2 Panel: What is the Future of Theorem Proving? Arvind Computer Science & Artificial Intelligence Laboratory.

Testing and Monitoring at Penn Testing and Monitoring Model-based Generated Program Li Tan, Jesung Kim, and Insup Lee July, 2003.

Automated V&V for High Integrity Systems A Targeted Formal Methods Approach Simon Burton Research Associate Rolls-Royce University Technology Centre University.

SE 555 Software Requirements & Specification Requirements Validation.

On the Correctness of Model Transformations Gabor Karsai ISIS/Vanderbilt University.

EE694v-Verification-Lect5-1- Lecture 5 - Verification Tools Automation improves the efficiency and reliability of the verification process Some tools,

School of Computer ScienceG53FSP Formal Specification1 Dr. Rong Qu Introduction to Formal Specification

End-to-End Design of Embedded Real-Time Systems Kang G. Shin Real-Time Computing Laboratory EECS Department The University of Michigan Ann Arbor, MI

5/24/011 Advanced Tool Integration for Embedded Systems Assurance Insup Lee Department of Computer and Information Science University of Pennsylvania.

Introduction to Software Testing

By Ryan Mowry.  Graphical models of system  Entire system or just parts  Complex systems easier to understand  “Capture key requirements and demonstrate.

Romaric GUILLERM Hamid DEMMOU LAAS-CNRS Nabil SADOU SUPELEC/IETR.

Formal Methods 1. Software Engineering and Formal Methods  Every software engineering methodology is based on a recommended development process  proceeding.

CS527: (Advanced) Topics in Software Engineering Overview of Software Quality Assurance Tao Xie ©D. Marinov, T. Xie.

CENTRE FOR FORMAL DESIGN AND VERIFICATION OF SOFTWARE

Software Testing and Reliability Software Test Process

Model-Based Design & Analysis

Assurance techniques for code generators Ewen Denney USRA/RIACS, NASA Ames Bernd Fischer ECS, U Southampton.

Balancing Practices: Inspections, Testing, and Others JAXA scenario (formal method) Masa Katahira Japanese Space Agency.

Objectives Understand the basic concepts and definitions relating to testing, like error, fault, failure, test case, test suite, test harness. Explore.

©Ian Sommerville 2000 Software Engineering, 6th edition. Chapter 6 Slide 1 Requirements Engineering Processes l Processes used to discover, analyse and.

Software Models (Cont.) 9/22/2015ICS 413 – Software Engineering1 -Component-based software engineering -Formal Development Model.

Testing : A Roadmap Mary Jean Harrold Georgia Institute of Technology Presented by : Navpreet Bawa.

Verification and Validation Overview References: Shach, Object Oriented and Classical Software Engineering Pressman, Software Engineering: a Practitioner’s.

Chapter 2: Software Process Omar Meqdadi SE 2730 Lecture 2 Department of Computer Science and Software Engineering University of Wisconsin-Platteville.

Advanced Technology Center Slide 1 Requirements-Based Testing Dr. Mats P. E. Heimdahl University of Minnesota Software Engineering Center Dr. Steven P.

Proof Carrying Code Zhiwei Lin. Outline Proof-Carrying Code The Design and Implementation of a Certifying Compiler A Proof – Carrying Code Architecture.

Overview of Formal Methods. Topics Introduction and terminology FM and Software Engineering Applications of FM Propositional and Predicate Logic Program.

1 A Spectrum of IV&V Modeling Techniques Mats Heimdahl (Co-PI) Jimin Gao (RA) University of Minnesota Tim Menzies (Co-PI) David Owen (RA) West Virginia.

Verification and Validation in the Context of Domain-Specific Modelling Janne Merilinna.

Functional Verification Figure 1.1 p 6 Detection of errors in the design Before fab for design errors, after fab for physical errors.

Formal Verification Lecture 9. Formal Verification Formal verification relies on Descriptions of the properties or requirements Descriptions of systems.

A Static Approach to Consistency Verification of UML Models Andrea Baruzzo Department of Computer Science University of Udine MoDeV.

Model Checking and Model-Based Design Bruce H. Krogh Carnegie Mellon University.

Page 1 Advanced Technology Center HCSS 03 – April 2003 vFaat: von Neumann Formal Analysis and Annotation Tool David Greve Dr. Matthew Wilding Rockwell.

Requirements Specification. Welcome to Software Engineering: “Requirements Specification” “Requirements Specification”  Verb?  Noun?  “Specification”

Software Debugging, Testing, and Verification Presented by Chris Hundersmarck November 10, 2004 Dr. Bi’s SE516.

Universität Dortmund Chapter 6A: Validation Simulation and test pattern generation (TPG) EECE **** Embedded System Design.

Formal Methods.

Verification & Validation By: Amir Masoud Gharehbaghi

Using Symbolic PathFinder at NASA Corina Pãsãreanu Carnegie Mellon/NASA Ames.

SAFEWARE System Safety and Computers Chap18:Verification of Safety Author : Nancy G. Leveson University of Washington 1995 by Addison-Wesley Publishing.

Software Quality Assurance and Testing Fazal Rehman Shamil.

Assessing Requirements Quality through Requirements Coverage Ajitha RajanUniversity of Minnesota Mats HeimdahlUniversity of Minnesota Kurt WoodhamL3 Communications.

SAMCAHNG Yun Goo Kim I. Formal Model Based Development & Safety Analysis II. UML (Model) Based Safety RMS S/W Development February KIM, YUN GOO.

Software Testing and Quality Assurance Practical Considerations (1) 1.

Cs498dm Software Testing Darko Marinov January 24, 2012.

1 Process activities. 2 Software specification Software design and implementation Software validation Software evolution.

Verification and Validation Overview

Software Design Methodology

It is great that we automate our tests, but why are they so bad?

Introduction to Software Testing

Test Driven Lasse Koskela Chapter 9: Acceptance TDD Explained

Software Verification and Validation

Software Verification and Validation

Department of Computer Science Abdul Wali Khan University Mardan

Software Verification and Validation

Presentation transcript:

1 New Development Techniques: New Challenges for Verification and Validation Mats Heimdahl Critical Systems Research Group Department of Computer Science and Engineering University of Minnesota EE/CS; 200 Union Street SE Minneapolis, MN 55455

2 Domain of Concern

3 How we Develop Software Concept Formation Requirements Specification Design Implementation Integration System Unit Test Integration Test System Test Object Code Test Analysis

4 Validation and Verification Concept Formation Requirements Specification Design Implementation Integration Verification: Are we building the thing right? Validation: Are we building the right thing? System

5 Model-Based Development Specification Model Visualization Prototyping Testing Code Analysis Properties

6 Model-Based Development Tools Commercial Products  Esterel Studio and SCADE Studio from Esterel Technologies  SpecTRM from Safeware Engineering  Rhapsody from I-Logix  Simulink and Stateflow from Mathworks Inc.  Rose Real-Time from Rational  Etc. Etc.

7 Research Tools (many): RSML -e and Nimbus RSML -e Formal Models (~20 running concurrently) Simulations of environment

8 System Specification/Model How we Will Develop Software Concept Formation Requirements Implementation Integration Properties Analysi s Integration Test Syste m Test Specification Test

9 FGS/FMS Mode Logic RSML -e and Nimbus RSML -e Formal Models (~20 running concurrently) Simulations of environment

10 Sample RSML -e Specification

11 Capture Requirements as Shalls

12 Translated All the Shalls into SMV Properties

13 Early Validation of Requirements Using Model-Checking (NuSMV) Prove Over 300+ Properties in Less Than an Hour Found Several Errors in Our Models Using Model-Checking Substantially Revised the Shalls to Correct Errors

14 Early Validation of Requirements Using Theorem Proving (PVS) Proved Several Hundred Properties Using PVS More Time Consuming than Model-Checking Use When Model-Checking Won’t Work

15 Model-Based Development Examples

16 A Simplified Development Model Requirements and Specification Code Unit Test System Test Time

17 Ongoing Research Specification Model Visualization Prototyping Testing Code Analysis Properties CMU, SRI, Stanford, UC Berkley, VERIMAG, NASA, Etc., Etc. RSML -e, SCR, SpecTRM, Statecharts, Esterel, SCADE, Simulink, Etc. Etc. RSML -e, SCR, SpecTRM, Statecharts, Esterel, SCADE, Simulink, Etc. Etc. –UML Minnesota, Pennsylvania, George Mason, NRL, NASA Ames, Etc. Proof carrying code, Provably correct compilers, Test for correctness

18 Problems… Specification Model Visualization Prototyping Testing Code Analysis Properties Are the languages usable—syntax and semantics? Can they play nice together? Can we trust execution environment? Trust the results? Tested enough? Can we really trust the code?

19 Benefits of Modeling Time Savings Fewer “Bugs”

20 Code Generation Time Savings Fewer “Bugs” Coding effort greatly reduced

21 Qualified Code Generation (theory) Time Savings Unit testing eliminated for generated code Unit testing moved here.

22 System Specification/Model Code Generation Concerns Concept Formation Requirements Implementation Integration Properties Can we trust the code generator? Is our model “right”? Can we trust the execution environment? Can we trust our analysis tools? Can we trust our properties?

23 “Correct” Code Generation Provably correct compilers  Very hard (and often not convincing) Proof carrying code  Total correctness required Base all specification testing on the generated code  Loose the benefits of working at the specification level Generate test suites from specification  Compare specification behavior with generated code to better trust your specification testing  Unit testing is now not eliminated, but completely automated Specification/Model Implementation Specification Based Tests Output Generate

24 Specification Testing Certify the execution environment  Too costly and probably impossible Specification based testing  Any discrepancy and either the code generator is wrong, or the execution environment is wrong, or the target platform is faulty When have we tested enough?  Specification coverage criteria What is adequate coverage? Criteria for measurement are not good for generation –Technically covering the specification, but with useless tests  Do we reveal faults Tradeoff between the impossible and the inadequate

25 Proof Techniques (theory) Time Savings Reduced testing since properties proved correct in specification stage Proofs performed here

26 System Specification/Model Verification Trust Concept Formation Requirements Implementation Integration Properties Proof validity in production environment? We need properties (requirements)!!! Often lost in the modeling “frenzy” How do we trust our proofs?

27 Proof Techniques Certify analysis tools  Too costly and probably impossible Use redundant proof paths  Technically feasible, but is the redundancy “trustworthy”??  Cost… Automation is key  Must keep analysis cost under control Generate test suites from specification  Low cost since it is already done for the code generator Trusted Translators ? RSML -e State Exploration Model Checker Theorem Prover Translation Trusted Translators? Many languages and many analysis techniques

28 Proof Techniques (worst case) Time Savings Most analysis is not easy, nor cheap! Added burden that cannot be leveraged later

29 Regression Verification 100s, if not 1000s, of properties Large Evolving Model Analysis Result Iterated Weekly? Daily? Hourly? Abstraction cost amortized Impact of change on abstraction Approximate techniques in day-to-day activities

30 Can We Achieve the Goal? Time Savings Abbreviated system testing augmented with generated tests Redundant proof process (PVS, SMV, Prover, SAL,…) Specification testing Test case generation Verifiable code generator Automated unit testing (to MC/DC?)—to check code generator and specification execution environment Yes! ? ? ? ? ?

31 Perfection is Not Necessary We only need to be better than what we are now…  How do we demonstrate this? Empirical studies are of great importance ≥ Missed Faults

32 Education of Regulatory Agencies Regulatory agencies are very conservative  And rightly so…  Avionics software is very good We need to understand regulatory and industry concerns to get our techniques into practice We need to have convincing evidence that our techniques work and are effective

33 New Challenges for V&V Validate models  The models must satisfy the “real” requirements  Validate the properties used in analysis  Model testing crucial to success Validate tools  We will rely a lot on tools for model validation, can we trust them?  Creative use of testing necessary Verify and Validate generated code  Can we trust that the translation was correct?  Test automation crucial  Includes output to analysis tools Adapt to the various modeling notations  Models will not come in one language  Translation between notations and tools

34 Discussion