Slide: 1 Copyright © 2009 AdaCore GeneAuto for Ada and SPARK A verifying model compiler GeneAuto2 meeting (Toulouse) September 2009 Matteo Bordin

Slides:



Advertisements
Similar presentations
Integration of MBSE and Virtual Engineering for Detailed Design
Advertisements

Programming Paradigms Introduction. 6/15/2005 Copyright 2005, by the authors of these slides, and Ateneo de Manila University. All rights reserved. L1:
1 Translation Validation: From Simulink to C Michael RyabtsevOfer Strichman Technion, Haifa, Israel Acknowledgement: sponsored by a grant from General.
© Chinese University, CSE Dept. Software Engineering / Software Engineering Topic 1: Software Engineering: A Preview Your Name: ____________________.
Programming Languages Marjan Sirjani 2 2. Language Design Issues Design to Run efficiently : early languages Easy to write correctly : new languages.
Slide: 1 Copyright © 2014 AdaCore Claire Dross, Pavlos Efstathopoulos, David Lesens, David Mentré and Yannick Moy Embedded Real Time Software and Systems.
Chapter 5: Elementary Data Types Properties of types and objects –Data objects, variables and constants –Data types –Declarations –Type checking –Assignment.
ISBN Chapter 3 Describing Syntax and Semantics.
1 Semantic Description of Programming languages. 2 Static versus Dynamic Semantics n Static Semantics represents legal forms of programs that cannot be.
Automated creation of verification models for C-programs Yury Yusupov Saint-Petersburg State Polytechnic University The Second Spring Young Researchers.
Semantic analysis Parsing only verifies that the program consists of tokens arranged in a syntactically-valid combination, we now move on to semantic analysis,
Computer Engineering 203 R Smith Requirements Management 6/ Requirements IEEE Standard Glossary A condition or capability needed by a user to solve.
CS189A/172 - Winter 2008 Lecture 7: Software Specification, Architecture Specification.
Context-sensitive Analysis, II Ad-hoc syntax-directed translation, Symbol Tables, andTypes.
From Cooper & Torczon1 Implications Must recognize legal (and illegal) programs Must generate correct code Must manage storage of all variables (and code)
Applied Software Project Management Andrew Stellman & Jennifer Greene Applied Software Project Management Applied Software.
November 18, 2004 Embedded System Design Flow Arkadeb Ghosal Alessandro Pinto Daniele Gasperini Alberto Sangiovanni-Vincentelli
Describing Syntax and Semantics
1 Scenario-based Analysis of UML Design Class Models Lijun Yu October 4th, 2010 Oslo, Norway.
© 2008 IBM Corporation Behavioral Models for Software Development Andrei Kirshin, Dolev Dotan, Alan Hartman January 2008.
Software Engineering Tools and Methods Presented by: Mohammad Enamur Rashid( ) Mohammad Rashim Uddin( ) Masud Ur Rahman( )
A case study System to Software Integrity Matteo Bordin Jérôme Hugues Cyrille Comar, Ed Falis, Franco Gasperoni, Yannick Moy, Elie Richa.
1.3 Executing Programs. How is Computer Code Transformed into an Executable? Interpreters Compilers Hybrid systems.
Romaric GUILLERM Hamid DEMMOU LAAS-CNRS Nabil SADOU SUPELEC/IETR ESM'2009, October 26-28, 2009, Holiday Inn Leicester, Leicester, United Kingdom.
- Chaitanya Krishna Pappala Enterprise Architect- a tool for Business process modelling.
Introduction to High-Level Language Programming
Romaric GUILLERM Hamid DEMMOU LAAS-CNRS Nabil SADOU SUPELEC/IETR.
Formal Methods 1. Software Engineering and Formal Methods  Every software engineering methodology is based on a recommended development process  proceeding.
Verification and Validation Yonsei University 2 nd Semester, 2014 Sanghyun Park.
Assurance techniques for code generators Ewen Denney USRA/RIACS, NASA Ames Bernd Fischer ECS, U Southampton.
An intro to programming. The purpose of writing a program is to solve a problem or take advantage of an opportunity Consists of multiple steps:  Understanding.
Chapter 1 Introduction Dr. Frank Lee. 1.1 Why Study Compiler? To write more efficient code in a high-level language To provide solid foundation in parsing.
Parser-Driven Games Tool programming © Allan C. Milne Abertay University v
COP 4620 / 5625 Programming Language Translation / Compiler Writing Fall 2003 Lecture 10, 10/30/2003 Prof. Roy Levow.
CSC-682 Cryptography & Computer Security Sound and Precise Analysis of Web Applications for Injection Vulnerabilities Pompi Rotaru Based on an article.
Gene-Auto development status and support Andres Toom IB Krates, Estonia 23/09/2009.
Testing Workflow In the Unified Process and Agile/Scrum processes.
Software testing Main issues: There are a great many testing techniques Often, only the final code is tested.
SE: CHAPTER 7 Writing The Program
CS 363 Comparative Programming Languages Semantics.
C++ Programming Language Lecture 2 Problem Analysis and Solution Representation By Ghada Al-Mashaqbeh The Hashemite University Computer Engineering Department.
Software Construction Lecture 18 Software Testing.
Vendor Presentation SigAda 2005 George Romanski
High Integrity Ada in a UML and C world Peter Amey, Neil White Presented by Liping Cai.
© Andrew IrelandDependable Systems Group Static Analysis and Program Proof Andrew Ireland School of Mathematical & Computer Sciences Heriot-Watt University.
Requirements Specification. Welcome to Software Engineering: “Requirements Specification” “Requirements Specification”  Verb?  Noun?  “Specification”
1 Chapter 1 Introduction. 2 Outlines 1.1 Overview and History 1.2 What Do Compilers Do? 1.3 The Structure of a Compiler 1.4 The Syntax and Semantics of.
Compilers: Overview/1 1 Compiler Structures Objective – –what are the main features (structures) in a compiler? , Semester 1,
1 CSCD 326 Data Structures I Software Design. 2 The Software Life Cycle 1. Specification 2. Design 3. Risk Analysis 4. Verification 5. Coding 6. Testing.
© Andrew IrelandDependable Systems Group Proof Automation for the SPARK Approach to High Integrity Ada Andrew Ireland Computing & Electrical Engineering.
 Programming - the process of creating computer programs.
1 Compiler & its Phases Krishan Kumar Asstt. Prof. (CSE) BPRCE, Gohana.
Modelling the Process and Life Cycle. The Meaning of Process A process: a series of steps involving activities, constrains, and resources that produce.
The Hashemite University Computer Engineering Department
Next steps from the developers viewpoint Tõnu Näks IB Krates, Estonia 23/09/2009.
1 Asstt. Prof Navjot Kaur Computer Dept PRESENTED BY.
Software Systems Division (TEC-SW) ASSERT process & toolchain Maxime Perrotin, ESA.
Overview of Compilation Prepared by Manuel E. Bermúdez, Ph.D. Associate Professor University of Florida Programming Language Principles Lecture 2.
Programming Languages Concepts Chapter 1: Programming Languages Concepts Lecture # 4.
Software Design and Development Development Methodoligies Computing Science.
©Ian Sommerville 2000Software Engineering, 6th edition. Chapter 19Slide 1 Verification and Validation l Assuring that a software system meets a user's.
Definition CASE tools are software systems that are intended to provide automated support for routine activities in the software process such as editing.
QGen and TQL-1 Qualification
AdaCore C/C++ Offering
Yes, we do those languages too.
QGen and TQL Qualification
UML profiles.
System to Software Integrity
Yes, we do those languages too.
Presentation transcript:

Slide: 1 Copyright © 2009 AdaCore GeneAuto for Ada and SPARK A verifying model compiler GeneAuto2 meeting (Toulouse) September 2009 Matteo Bordin Franco Gasperoni

Slide: 2 Copyright © 2009 AdaCore Model Compilers: State-of-the-Art Traditional model compiler –Rarely added value (model = graphical coding) Properties verifiable at model level –Show they hold at source level: qualified code generator –Show they hold in the executable: compiler qualification kit –Assume they are respected during execution Properties non-verifiable at model level –Platform-dependent properties (overflows, stack size, wcet, …) –No feedback in the model

Slide: 3 Copyright © 2009 AdaCore Verifying Model Compilers: High-level Vision Properties for an intermediate representation –Formal semantics –Executable semantics –Show properties are formally preserved –Complement V&V activities Our first experiment: Simulink –Need open technology to rely on: GeneAuto –Emphasis on the intermediate representation for: –Correctness (property preservation + complement V&V) –Efficiency –Traceability (model  source & source  object)

Slide: 4 Copyright © 2009 AdaCore SPARK: target language of GeneAuto/Ada package My_Block --# own Input_Ports, Output_Ports, Is_Initialized; is procedure Initialize; --# global out Is_Initialized; --# post Is_Initialized; procedure Pass_Data (D : Data); --# global out Input_Ports; --# pre Is_Initialized; --# derives Input_Ports from D; procedure Compute; --# global in Input_Ports; out Output_Ports; --# pre Is_Initialized; --# derives Output_Ports from Input_Ports; Data/Information flow contract Statically proved pre/post condition Require the Block to be initialized State that the value of input ports depends from the parameter D

Slide: 5 Copyright © 2009 AdaCore GeneAuto/Ada: a Verifying Model Compiler (I) What we can formally prove with SPARK –Absence of run-time errors: –Overflows, underflows –Array-out-of-bounds –Data/Information flow errors (uninitialized variables, ineffective statements, …) –Partial correctness –Hoare-like pre/post conditions Major advantages: –Model translation is formally void of errors –The formal representation (in SPARK) is executable and efficient

Slide: 6 Copyright © 2009 AdaCore GeneAuto/Ada: a Verifying Model Compiler (II) Ada SPARK Model Object Code Use SPARK as an intermediate representation ADDED VALUE: Complement model-level V&V by automated source code analysis Round-trip of analysis results VIRTUAL

Slide: 7 Copyright © 2009 AdaCore A typical day in GeneAuto/Ada… This is the C code we generate: how would the SPARK version look like? Yep, you’re right. We discovered: - A problem in GeneAuto requirements - A problem in GeneAuto implementation - A limit in model-level verification This is the corresponding SPARK code. I’ve found: - Possible source of overflow - Unused parameters - Access to uninitialized variables - …

Slide: 8 Copyright © 2009 AdaCore Qualifying GeneAuto/Ada We considered OpenOffice… for almost 3 full minutes… We needed: –Agile framework supporting distributed artifacts manipulation –Easy revision control (at least 4 developers) –Tracking of: –Actions! –Approved requirements –Implemented requirements –Open questions –Traceability evidence

Slide: 9 Copyright © 2009 AdaCore FitNesse: a Prototypal Qualifying Machine A qualifying machine: –Infrastructure keeping track of each atomic action –Analyze artifacts deployment/history to discover: –Workflow was (not) followed –Traceability problems –Agile user interface (possibly web-based) Our current choice: FitNesse –A tool for test-driven development (agile paradigm) –Slightly modified to better fit our needs

Slide: 10 Copyright © 2009 AdaCore FitNesse: a Prototypal Qualifying Machine (II)

Slide: 11 Copyright © 2009 AdaCore Future Directions Increase the number of supported blocks Pursuing the verifying model compiler vision Investigate integration with UML, SysML, MARTE/AADL Improve qualifying machine Opening the project: Open-DO Business model (OPEES)

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.