Changing the way the world does software
|
|
- Roberta Short
- 5 years ago
- Views:
Transcription
1 Changing the way the world does software
2 Automated Certification from Soup to Nuts Nick Tudor
3 Introducing D-RisQ D-RisQ is a SME based in Malvern, UK. All personnel have a background in mathematics, engineering and computer science Huge experience in analysis of complex systems and software across many sectors Safety and security critical systems, automotive, aerospace, robotics Build automated formal analysis tools Focus on cost/time reduction Builds upon the use of commercially available and widely used development tools
4 D-RisQ FM Ecosystem English CSP Verification Design CSP Protocols Packet Analysis CSP Formal Methods Design Networks CSP Simulink/ Stateflow Z SysML CSP CSP Object Code Source Code CSP Viruses HOL EOC Vulnerability CSP HOL CSP Ada Z Z C HOL
5 D-RisQ FM Ecosystem English CSP Verification Design CSP Protocols Packet Analysis CSP Formal Methods Modelworks CLawZ Design Networks CSP Simulink/ Stateflow Z SysML CSP CSP Object Code FEVER Source Code CSP Viruses HOL EOC Vulnerability CSP HOL CSP Ada Z Z C HOL
6 The USMOOTH Problem Project led by ASV How to design a decision making system that can support Unmanned Safe Maritime Operations Over The Horizon for extended durations (weeks)? How to provide assurance that the software does what is required and nothing else? How could we support a safety argument What standards could be used? Not necessarily maritime standards At what cost and can the process be easily [cheaply] repeated? NB This is safety critical software
7 Acceptable Behaviour Behaviour Boundary Defined by: User requirements Regulations Physics Environment 0 1 Everything in here must be acceptable The more complex, Acceptability demonstrated by: the more cost to Probing the boundary and verify conventionally By design/development processes Aiming to ensure: Nothing can penetrate or leak from the boundary And everything inside is done correctly
8 Engineering, Formal Methods and Certification
9 Verification Objectives DO-178C Soup A-3.2 Accuracy & Consistency A-3.3 HW Compatibility A-3.4 Verifiability A-3.5 Conformance A-3.7 Algorithm Accuracy A-4. 8 Architecture Compatibility System (A-2: 1, 2) High-Level A-4.1 Compliance A-4.6 Traceability (A-2: 3, 4, 5) A-3.1 Compliance A-3.6 Traceability A-6.1 Compliance A-6.2 Robustness A-7.1 Procedures are correct A-7.2 Results are Correct A-7.3 Test Coverage of HLRs A-7.4 Test Coverage of LLRs A-7.5 MC/DC A-7.6 Decision Coverage A-7.7 Statement Coverage A-7.8 Coupling Coverage A-4.9 Consistency A-4.10 HW Compatibility A-4.11 Verifiability A-4.12 Conformance A-4.13 Partition Integrity Architecture Low-Level A-4.2 Accuracy & Consistency A-4.3 HW Compatibility A-4.4 Verifiability A-4.5 Conformance A-4.7 Algorithm Accuracy A-5.2 Compliance A-5.3 Verifiability A-5.4 Conformance A-5.6 Accuracy & Consistency A-5.8 PDI Complete & Correct A-5.9 PDI Verified (A-2: 6) Source Code A-5.1 Compliance A-5.5 Traceability A-6.3 Compliance A-6.4 Robustness A-7.9 Untraceable object code Nuts A-5.7 Complete & Correct (A-2: 7) Executable Object Code A-6.5 Compatible With Target Compliance: with requirements Conformance: with standards
10 Verification Objectives DO-333 FM.A Additional Objectives FM.A-3.2 Accuracy & Consistency FM.A-3.3 HW Compatibility FM.A-3.4 Verifiability FM.A-3.5 Conformance FM.A-3.7 Algorithm Accuracy FM.A-4. 8 Architecture Compatibility System (FM.A-2: 1, 2) High-Level FM.A-4.1 Compliance FM.A-4.6 Traceability (FM.A-2: 3, 4, 5) FM.A-3.1 Compliance FM.A-3.6 Traceability FM.A-6.1 Compliance FM.A-6.2 Robustness FM.A-7.1 Procedures are Correct FM.A-7.2 Results are Correct FM.A-7.3 Coverage of HLRs FM.A-7.4 Coverage of LLRs FM.A Structural Coverage FM.A-4.9 Consistency FM.A-4.10 HW Compatibility FM.A-4.11 Verifiability FM.A-4.12 Conformance FM.A-4.13 Partition Integrity FM.A Additional Objectives Architecture Low-Level FM.A-4.2 Accuracy & Consistency FM.A-4.3 HW Compatibility FM.A-4.4 Verifiability FM.A-4.5 Conformance FM.A-4.7 Algorithm Accuracy FM.A-5.2 Compliance FM.A-5.3 Verifiability FM.A-5.4 Conformance FM.A-5.6 Accuracy & Consistency FM.A-5.8 PDI Complete & Correct FM.A-5.9 PDI Verified FM.A Additional Objectives FM.A-7.9 Property Preservation FM.A-7.10 Additional Objectives FM.A-5.7 Complete & Correct (FM.A-2: 6) Source Code (FM.A-2: 7) Executable Object Code FM.A-5.1 Compliance FM.A-5.5 Traceability FM.A-6.3 Compliance FM.A-6.4 Robustness FM.A-6.5 Compatible With Target Compliance: with requirements Conformance: with standards
11 Verification Objectives DO-333, Certification and Costs System System (FM.A-2: 1, 2) High-Level (FM.A-2: 3, 4, 5) Architecture Design Low-Level (FM.A-2: 6) Source Code Source Code (FM.A-2: 7) Executable Object Code Executable Object Code
12 , Certification and Costs System Development cost: 20-50% DO-333 Design Table FM.A-2 Objectives Table FM.A-3 Objectives Table FM.A-4 Objectives Table FM.A-5 Objectives Table FM.A-6 Objectives Table FM.A-7 Objectives Source Code Verification cost: 50-80% Executable Object Code Processor
13 IT STARTS WITH REQUIREMENTS D-RisQ
14 We Need Unambiguous Must be able to bound the required behaviour in a form that: Enables it to be agreed that it is the required behaviour Language understood by regulator and developer The language must enable formalisation Enable checks for conflicting requirements language should allow abstraction Minimal assumptions about architecture Enables a wider possibility of solution
15 and Certification - USMOOTH System LRE System Document (SRD) v1.0 Design DO-333 Table FM.A-2 Objectives Table FM.A-3 Objectives LRE Specification (SRS) v1.0 Source Code Executable Object Code Processor
16 and Certification - USMOOTH System Reviewed LRE System Document (SRD) v1.0 Design DO-333 Table FM.A-2 Objectives Table FM.A-3 Objectives LRE Specification (SRS) v1.0 Source Code Executable Object Code Processor
17 SOFTWARE DESIGN AND REQUIREMENTS VERIFICATION D-RisQ
18 Systems, and Certification System Reviewed LRE Specification (SRS) v1.0 Design DO-333 Table FM.A-2 Objectives Table FM.A-3 Objectives Table FM.A-4 Objectives LRE Simulink/ Stateflow Design v1.0 Source Code Executable Object Code Processor
19 Manual Manual Automatic D-RisQ Modelworks for Properties Description English D-RisQ Language Automatic Communicating Sequential Processes (CSP) Formal Language Simulink/Stateflow Formal Model check (FDR4) Systems Description Simulink/ Stateflow Modelworks Formal Language Communicating Sequential Processes (CSP) Formal Language Pre-defined Stability, reachability & exit Properties Manual design effort Automatic Automatic Automatic
20 Systems, and Certification System Reviewed Modelworks LRE Specification (SRS) v1.0 Design DO-333 Table FM.A-2 Objectives Table FM.A-3 Objectives Table FM.A-4 Objectives LRE Simulink/ Stateflow Design v1.0 Source Code Executable Object Code Processor
21 Hours Independent Experiments mid Feb 17 Now can being analysed by MW ~60% ~40% ~60% ~60% ~30% ~30% More automation of Modelworks due shortly
22 SOFTWARE SOURCE CODE VERIFICATION AGAINST DESIGN D-RisQ
23 Source Code System Reviewed Modelworks LRE Simulink/ Stateflow Design v1.0 Design DO-333 Table FM.A-2 Objectives Table FM.A-3 Objectives Table FM.A-4 Objectives Table FM.A-5 Objectives Source Code Autocoded using dspace TargetLink to C Executable Object Code Processor
24 Overview of the D-RisQ CLawZ Process Autocoder Simulink Code Development Z Producer Z User Interface Proof using Theorem Prover ProofPower Verification
25 Source Code System Reviewed Modelworks LRE Simulink/ Stateflow Design v1.0 Design DO-333 Table FM.A-2 Objectives Table FM.A-3 Objectives Table FM.A-4 Objectives Table FM.A-5 Objectives CLawZ Source Code CLawZ for C not yet fully developed; Verification not done Autocoded using dspace TargetLink to C Executable Object Code Processor
26 EXECUTABLE OBJECT CODE VERIFICATION
27 Executable Object Code System Reviewed Modelworks Autocoded using dspace TargetLink to C Design DO-333 Table FM.A-2 Objectives Table FM.A-3 Objectives Table FM.A-4 Objectives Table FM.A-5 Objectives Table FM.A-6 Objectives CLawZ Source Code Executable Object Code Compiled to ARM Processor
28 D-RisQ FEVER Formal Executable object code VERification Source Code Compiler Executable Object Code Processor Instruction Set Architecture User Interface Formalised in HOL Formalised in HOL Work in progress Proof using Theorem Prover ProofPower (HOL) Target is currently ARM
29 Executable Object Code System Reviewed Modelworks Autocoded using dspace TargetLink to C Design DO-333 Table FM.A-2 Objectives Table FM.A-3 Objectives Table FM.A-4 Objectives Table FM.A-5 Objectives Table FM.A-6 Objectives CLawZ Source Code Compiled to ARM FEVER Executable Object Code Processor
30 COVERAGE
31 DO-333 FM.6.7.f Options for verification activities of Executable Object Code include: (1) Formal analysis of Executable Object Code can be used to satisfy the objectives if all of the following conditions are satisfied: The requirements are formally expressed. A formal model of the Executable Object Code is defined. Formal evidence demonstrates that the formal model of the Executable Object Code satisfies the requirements. (2) Formal analysis of Source Code can be used to satisfy the objectives if all of the following conditions are satisfied: The requirements are formally expressed. A formal model of the Source Code is defined. Formal evidence demonstrates that the formal model of the Source Code satisfies the requirements. Complementary analysis shows property preservation between the Source Code and the EOC.
32 FMA-6 Our Approach System High-Level Development Activity Review/Analysis Activity Test Activity Formal Analysis Formal Representation Compliance Robustness Modelworks Architecture Design Low-Level Compliance Robustness CLawZ Source Code Executable Object Code Compliance Robustness FEVER Formal Proof of Property Preservation
33 Executable Object Code System Reviewed Modelworks Design DO-333 Table FM.A-2 Objectives Table FM.A-3 Objectives Table FM.A-4 Objectives Table FM.A-5 Objectives Table FM.A-6 Objectives CLawZ Source Code Table FM.A-7 Objectives FEVER Executable Object Code Processor
34 COSTS
35 Locking in IP and Reducing Cost System DO-333 Design Table FM.A-2 Objectives Table FM.A-3 Objectives Table FM.A-4 Objectives Table FM.A-5 Objectives Table FM.A-6 Objectives IP effort here Source Code Table FM.A-7 Objectives Automatic = Significant cost reductions Executable Object Code Processor
36 Summary Unmanned systems have to have a high integrity autonomous decision making system The business case for wider adoption is based on fast, cost effective assurance Automated formal proof from requirements to binary tools being built USMOOTH is showing that this is possible Regulatory approval of safety case and approach using DO-333 as we propose, still required Demonstration to follow in 2017
37 Changing the way the world does software
Certification Authorities Software Team (CAST) Position Paper CAST-25
Certification Authorities Software Team (CAST) Position Paper CAST-25 CONSIDERATIONS WHEN USING A QUALIFIABLE DEVELOPMENT ENVIRONMENT (QDE) IN CERTIFICATION PROJECTS COMPLETED SEPTEMBER 2005 (Rev 0) NOTE:
More informationGuidelines for deployment of MathWorks R2010a toolset within a DO-178B-compliant process
Guidelines for deployment of MathWorks R2010a toolset within a DO-178B-compliant process UK MathWorks Aerospace & Defence Industry Working Group Guidelines for deployment of MathWorks R2010a toolset within
More informationA Model-Based Reference Workflow for the Development of Safety-Related Software
A Model-Based Reference Workflow for the Development of Safety-Related Software 2010-01-2338 Published 10/19/2010 Michael Beine dspace GmbH Dirk Fleischer dspace Inc. Copyright 2010 SAE International ABSTRACT
More informationWHITE PAPER. 10 Reasons to Use Static Analysis for Embedded Software Development
WHITE PAPER 10 Reasons to Use Static Analysis for Embedded Software Development Overview Software is in everything. And in many embedded systems like flight control, medical devices, and powertrains, quality
More informationDon t Be the Developer Whose Rocket Crashes on Lift off LDRA Ltd
Don t Be the Developer Whose Rocket Crashes on Lift off 2015 LDRA Ltd Cost of Software Defects Consider the European Space Agency s Ariane 5 flight 501 on Tuesday, June 4 1996 Due to an error in the software
More informationVerification and Validation of Models for Embedded Software Development Prashant Hegde MathWorks India Pvt. Ltd.
Verification and Validation of Models for Embedded Software Development Prashant Hegde MathWorks India Pvt. Ltd. 2015 The MathWorks, Inc. 1 Designing complex systems Is there something I don t know about
More informationVerification and Validation. Ian Sommerville 2004 Software Engineering, 7th edition. Chapter 22 Slide 1
Verification and Validation 1 Objectives To introduce software verification and validation and to discuss the distinction between them To describe the program inspection process and its role in V & V To
More informationAutomated Requirements-Based Testing
Automated Requirements-Based Testing Tuesday, October 7 th 2008 2008 The MathWorks, Inc. Dr. Marc Segelken Senior Application Engineer Overview Purposes of Testing Test Case Generation Structural Testing
More informationLeveraging Formal Methods Based Software Verification to Prove Code Quality & Achieve MISRA compliance
Leveraging Formal Methods Based Software Verification to Prove Code Quality & Achieve MISRA compliance Prashant Mathapati Senior Application Engineer MATLAB EXPO 2013 The MathWorks, Inc. 1 The problem
More informationAn Introduction to ProofPower
An Introduction to ProofPower Roger Bishop Jones Date: 2006/10/21 16:53:33 Abstract An introductory illustrated description of ProofPower (not progressed far enough to be useful). Contents http://www.rbjones.com/rbjpub/pp/doc/t015.pdf
More informationAVS: A Test Suite for Automatically Generated Code
AVS: A Test Suite for Automatically Generated Code Ekkehard Pofahl Ford Motor Company Torsten Sauer Continental Automotive Systems Oliver Busa TUV Rheinland Industrie Service GmbH Page 1 of 22 AVS: Automotive
More informationLeveraging Formal Methods for Verifying Models and Embedded Code Prashant Mathapati Application Engineering Group
Leveraging Formal Methods for Verifying Models and Embedded Code Prashant Mathapati Application Engineering Group 2014 The MathWorks, Inc. 1 The Cost of Failure News reports: Recall Due to ECU software
More informationSimulink 모델과 C/C++ 코드에대한매스웍스의정형검증툴소개 The MathWorks, Inc. 1
Simulink 모델과 C/C++ 코드에대한매스웍스의정형검증툴소개 2012 The MathWorks, Inc. 1 Agenda Formal Verification Key concept Applications Verification of designs against (functional) requirements Design error detection Test
More informationSafety Assurance in Software Systems From Airplanes to Atoms
Safety Assurance in Software Systems From Airplanes to Atoms MDEP Conference on New Reactor Design Activities Session Digital I&C: Current & Emerging Technical Challenges September 07 Dr. Darren Cofer
More informationFormal Verification in Aeronautics: Current Practice and Upcoming Standard. Yannick Moy, AdaCore ACSL Workshop, Fraunhofer FIRST
Formal Verification in Aeronautics: Current Practice and Upcoming Standard Yannick Moy, AdaCore ACSL Workshop, Fraunhofer FIRST Outline Project Hi-Lite Industrial Applications DO-178C DO-178B 1992 2012
More informationModel-Based Design for Safety-Critical and Mission-Critical Applications Bill Potter Technical Marketing April 17, 2008
Model-Based Design for Safety-Critical and Mission-Critical Applications Bill Potter Technical Marketing April 17, 2008 2008 The MathWorks, Inc. Safety-Critical Model-Based Design Workflow Validate Trace:
More informationIntro to Proving Absence of Errors in C/C++ Code
Intro to Proving Absence of Errors in C/C++ Code Develop high quality embedded software Kristian Lindqvist Senior Pilot Engineer MathWorks 2016 The MathWorks, Inc. 1 The Cost of Failure Ariane 5: Overflow
More informationAn incremental and multi-supplement compliant process for Autopilot development to make drones safer
An incremental and multi-supplement compliant process for Autopilot development to make drones safer Frédéric POTHON - ACG Solutions frederic.pothon@acg-solutions.fr Tel: (33)4. 67. 609.487 www.acg-solutions.fr
More informationTest and Evaluation of Autonomous Systems in a Model Based Engineering Context
Test and Evaluation of Autonomous Systems in a Model Based Engineering Context Raytheon Michael Nolan USAF AFRL Aaron Fifarek Jonathan Hoffman 3 March 2016 Copyright 2016. Unpublished Work. Raytheon Company.
More informationISO compliant verification of functional requirements in the model-based software development process
requirements in the model-based software development process Hans J. Holberg SVP Marketing & Sales, BTC Embedded Systems AG An der Schmiede 4, 26135 Oldenburg, Germany hans.j.holberg@btc-es.de Dr. Udo
More informationCTAL. ISTQB Advanced Level.
ASTQB CTAL ISTQB Advanced Level TYPE: DEMO http://www.examskey.com/ctal.html Examskey ASTQB CTAL exam demo product is here for you to test the quality of the product. This ASTQB CTAL demo also ensures
More informationApplied Theorem Proving: Modelling Instruction Sets and Decompiling Machine Code. Anthony Fox University of Cambridge, Computer Laboratory
Applied Theorem Proving: Modelling Instruction Sets and Decompiling Machine Code Anthony Fox University of Cambridge, Computer Laboratory Overview This talk will mainly focus on 1. Specifying instruction
More informationDO-178C / ED-12C Model Based Supplement. Pierre Lionne, SC-205 / WG-71 SG-4 Co-Chairman 1 Nov. 2011
DO-78C / ED-2C Model Based Supplement Pierre Lionne, SC-205 / WG-7 SG-4 Co-Chairman Nov. 20 Summary Introduction Foundations Concepts Highlights Conclusion Introduction Introduction Issues TOR DO-78C ED-94C
More informationIan Sommerville 2006 Software Engineering, 8th edition. Chapter 22 Slide 1
Verification and Validation Slide 1 Objectives To introduce software verification and validation and to discuss the distinction between them To describe the program inspection process and its role in V
More informationVerification and Validation. Ian Sommerville 2004 Software Engineering, 7th edition. Chapter 22 Slide 1
Verification and Validation Ian Sommerville 2004 Software Engineering, 7th edition. Chapter 22 Slide 1 Verification vs validation Verification: "Are we building the product right?. The software should
More informationISO Compliant Automatic Requirements-Based Testing for TargetLink
ISO 26262 Compliant Automatic Requirements-Based Testing for TargetLink Dr. Udo Brockmeyer CEO BTC Embedded Systems AG An der Schmiede 4, 26135 Oldenburg, Germany udo.brockmeyer@btc-es.de Adrian Valea
More informationVerification and Validation Introducing Simulink Design Verifier
Verification and Validation Introducing Simulink Design Verifier Goran Begic, Technical Marketing Goran.Begic@mathworks.com June 5, 2007 2007 The MathWorks, Inc. Agenda Verification and Validation in Model-Based
More informationOn the Generation of Test Cases for Embedded Software in Avionics or Overview of CESAR
1 / 16 On the Generation of Test Cases for Embedded Software in Avionics or Overview of CESAR Philipp Rümmer Oxford University, Computing Laboratory philr@comlab.ox.ac.uk 8th KeY Symposium May 19th 2009
More informationApplications of Program analysis in Model-Based Design
Applications of Program analysis in Model-Based Design Prahlad Sampath (Prahlad.Sampath@mathworks.com) 2018 by The MathWorks, Inc., MATLAB, Simulink, Stateflow, are registered trademarks of The MathWorks,
More informationPart 5. Verification and Validation
Software Engineering Part 5. Verification and Validation - Verification and Validation - Software Testing Ver. 1.7 This lecture note is based on materials from Ian Sommerville 2006. Anyone can use this
More informationVerification and Validation
Verification and Validation Assuring that a software system meets a user's needs Ian Sommerville 2000 Software Engineering, 6th edition. Chapter 19 Slide 1 Objectives To introduce software verification
More informationRockwell Collins Evolving FM Methodology
Rockwell Collins Evolving FM Methodology Konrad Slind Trusted Systems Group Rockwell Collins January 25, 2014 Collaborators Rockwell Collins: Andrew Gacek, David Hardin, Darren Cofer, John Backes, Luas
More informationModel-Based Design for High Integrity Software Development Mike Anthony Senior Application Engineer The MathWorks, Inc.
Model-Based Design for High Integrity Software Development Mike Anthony Senior Application Engineer The MathWorks, Inc. Tucson, AZ USA 2009 The MathWorks, Inc. Model-Based Design for High Integrity Software
More informationTools for Formally Reasoning about Systems. June Prepared by Lucas Wagner
Tools for Formally Reasoning about Systems June 9 2015 Prepared by Lucas Wagner 2015 Rockwell 2015 Collins. Rockwell All Collins. rights reserved. All rights reserved. Complex systems are getting more
More informationBCS Level 3 Certificate in Software Development Context and Methodologies Syllabus QAN 603/1191/5
Making IT good for society BCS Level 3 Certificate in Software Development Context and Methodologies Syllabus QAN 603/1191/5 Version 3.1 March 2018 This is a United Kingdom government regulated qualification
More informationDRYING CONTROL LOGIC DEVELOPMENT USING MODEL BASED DESIGN
DRYING CONTROL LOGIC DEVELOPMENT USING MODEL BASED DESIGN Problem Definition To generate and deploy automatic code for Drying Control Logics compatible with new SW architecture in 6 months using MBD, a
More informationBest Practices Process & Technology. Sachin Dhiman, Senior Technical Consultant, LDRA
Best Practices Process & Technology Sachin Dhiman, Senior Technical Consultant, LDRA Best Quality Software Product Requirements Design Coding Testing 2 Product Requirement Feature Requirement Security
More informationEXAM PREPARATION GUIDE
When Recognition Matters EXAM PREPARATION GUIDE PECB Certified ISO 22000 Lead Auditor www.pecb.com The objective of the Certified ISO 22000 Lead Auditor examination is to ensure that the candidate has
More informationSecuring Digital Applications
Securing Digital Applications Chris Lewis: Certification Director Agenda The problem and solution The Kitemark and how it works ISO/IEC 27001 (Information Security Management Standard) OWASP ASVS v2 CVSS
More informationCompatible Qualification Metrics for Formal Property Checking
Munich - November 18, 2013 Formal Property Checking Senior Staff Engineer Verification Infineon Technologies Page 1 Overview Motivation Goals Qualification Approaches Onespin s Coverage Feature Certitude
More informationVerifying control systems using CSP, FDR, and Handel-C.
erifying control systems using CSP, FDR, and Handel-C. 01 Verifying control systems using CSP, FDR, and Handel-C. Alistair A. McEwan University of Surrey erifying control systems using CSP, FDR, and Handel-C.
More informationFormal Verification in Industry
Formal Verification in Industry 1 Formal Verification in Industry John Harrison Intel Corporation The cost of bugs Formal verification Machine-checked proof Automatic and interactive approaches HOL Light
More informationQualification Specification for the Knowledge Modules that form part of the BCS Level 3 Software Development Technician Apprenticeship
Qualification Specification for the Knowledge Modules that form part of the BCS Level 3 Software Development Technician Apprenticeship Level 3 Certificate in Software Development Context and Methodologies
More informationFormal Methods and their role in Software and System Development. Riccardo Sisto, Politecnico di Torino
Formal Methods and their role in Software and System Development Riccardo Sisto, Politecnico di Torino What are Formal Methods? Rigorous (mathematical) methods for modelling and analysing (computer-based)
More informationStructural Coverage Analysis for Safety-Critical Code - Who Cares? 2015 LDRA Ltd 1
Structural Coverage Analysis for Safety-Critical Code - Who Cares? 2015 LDRA Ltd 1 What is Structural Coverage? Measurement of Test Effectiveness How effectively did tests exercise code? Exercised, entry
More informationUsing formal methods for quality assurance of interlocking systems L.-H. Eriksson* & K. Johansson^
Using formal methods for quality assurance of interlocking systems L.-H. Eriksson* & K. Johansson^ Email: lhe@l4i.se *6W%#jA AWm^^ Sweden. Email: kjell.johansson@hk. banverket.se Abstract "Formal methods"
More informationJay Abraham 1 MathWorks, Natick, MA, 01760
Jay Abraham 1 MathWorks, Natick, MA, 01760 Stringent performance requirements and shorter development cycles are driving the use of modeling and simulation. Model-Based Design core of this development
More informationThis project has received funding from the European Union s Horizon 2020 research and innovation programme under grant agreement No
This project has received funding from the European Union s Horizon 2020 research and innovation programme under grant agreement No 643921. TOOLS INTEGRATION UnCoVerCPS toolchain Goran Frehse, UGA Xavier
More informationFrom Design to Production
From Design to Production An integrated approach Paolo Fabbri Senior Engineer 2014 The MathWorks, Inc. 1 Do you know what it is? Requirements System Test Functional Spec Integration Test Detailed Design
More informationNew Zealand Certificate in Regulatory Compliance (Operational Practice) Level 4
New Zealand Certificate in Regulatory Compliance (Operational Practice) Level 4 This qualification is designed for people who work in frontline roles that deal with the operational aspects of regulatory
More informationUsing Model-Based Design in conformance with safety standards
Using Model-Based Design in conformance with safety standards MATLAB EXPO 2014 Kristian Lindqvist Senior Engineer 2014 The MathWorks, Inc. 1 High-Integrity Applications Software-based systems that are
More informationEfficient Development of Airborne Software with SCADE Suite
Efficient Development of Airborne Software with SCADE Suite Esterel Technologies 2003 Abstract This white paper addresses the issue of cost and productivity improvement in the development of safety-critical
More informationVerification and Validation. Assuring that a software system meets a user s needs. Verification vs Validation. The V & V Process
Verification and Validation Assuring that a software system meets a user s needs Ian Sommerville 1995/2000 (Modified by Spiros Mancoridis 1999) Software Engineering, 6th edition. Chapters 19,20 Slide 1
More informationGNAT Pro Innovations for High-Integrity Development
GNAT Pro Innovations for High-Integrity Development José F. Ruiz Senior Software Engineer Ada Europe 2010, Valencia 2010-06-15 www.adacore.com Index Development environment Tools Static
More informationAgreement on High Security Locks
Agreement on High Security Locks Participants: Certification Body Signatory CNPP VdS Schadenverhütung Svensk Brand- och Säkerhetscertifiering AB (SBSC) Associated Testing Laboratories Signatory CNPP VdS
More informationUse of formal methods in embedded software development: stakes, constraints and proposal
Use of formal methods in embedded software development: stakes, constraints and proposal A. Fernandes-Pires, T. Polacsek, V. Wiels, S. Duprat To cite this version: A. Fernandes-Pires, T. Polacsek, V. Wiels,
More informationΗΜΥ 317 Τεχνολογία Υπολογισμού
ΗΜΥ 317 Τεχνολογία Υπολογισμού Εαρινό Εξάμηνο 2008 ΙΑΛΕΞΕΙΣ 18-19: Έλεγχος και Πιστοποίηση Λειτουργίας ΧΑΡΗΣ ΘΕΟΧΑΡΙ ΗΣ Λέκτορας ΗΜΜΥ (ttheocharides@ucy.ac.cy) [Προσαρμογή από Ian Sommerville, Software
More informationSystem-level co-modeling AADL and Simulink specifications using Polychrony (and Syndex)
System-level co-modeling AADL and Simulink specifications using Polychrony (and Syndex) AADL Standards Meeting June 6., 2011 Jean-Pierre Talpin, INRIA Parts of this presentation are joint work with Paul,
More informationVerification of Control Systems using Circus
Verification of Control Systems using Circus Ana Cavalcanti Department of Computer Science University of York York - England Ana.Cavalcanti@cs.york.ac.uk Phil Clayton Systems Assurance Group, QinetiQ Malvern,
More informationSOFTWARE QUALITY. MADE IN GERMANY.
UPCOMING IMPACT OF THE SECOND EDITION OF THE ISO 26262 MGIGroup, 11.07.2017 SOFTWARE QUALITY. MADE IN GERMANY. SOLUTIONS FOR INTEGRATED QUALITY ASSURANCE OF EMBEDDED SOFTWARE MOTIVATION Release ISO 26262:2011
More informationA set-based approach to robust control and verification of piecewise affine systems subject to safety specifications
Dipartimento di Elettronica, Informazione e Bioingegneria A set-based approach to robust control and verification of piecewise affine systems subject to safety specifications Maria Prandini maria.prandini@polimi.it
More informationVerification and Test with Model-Based Design
Verification and Test with Model-Based Design Flight Software Workshop 2015 Jay Abraham 2015 The MathWorks, Inc. 1 The software development process Develop, iterate and specify requirements Create high
More informationOn the Role of Formal Methods in Software Certification: An Experience Report
Electronic Notes in Theoretical Computer Science 238 (2009) 3 9 www.elsevier.com/locate/entcs On the Role of Formal Methods in Software Certification: An Experience Report Constance L. Heitmeyer 1,2 Naval
More informationECE 587 Hardware/Software Co-Design Lecture 12 Verification II, System Modeling
ECE 587 Hardware/Software Co-Design Spring 2018 1/20 ECE 587 Hardware/Software Co-Design Lecture 12 Verification II, System Modeling Professor Jia Wang Department of Electrical and Computer Engineering
More informationValidation of Complex. Systems
Validation of Complex Systems EVoCS Evolutionary Validation of Complex Systems Ross McMurran WMG, University of Warwick ross.mcmurran@warwick.ac.uk Lead Partner: Partners: 1 Content Introduction Systems
More informationDeveloping AUTOSAR Compliant Embedded Software Senior Application Engineer Sang-Ho Yoon
Developing AUTOSAR Compliant Embedded Software Senior Application Engineer Sang-Ho Yoon 2015 The MathWorks, Inc. 1 Agenda AUTOSAR Compliant Code Generation AUTOSAR Workflows Starting from Software Component
More informationMONIKA HEINER.
LESSON 1 testing, intro 1 / 25 SOFTWARE TESTING - STATE OF THE ART, METHODS, AND LIMITATIONS MONIKA HEINER monika.heiner@b-tu.de http://www.informatik.tu-cottbus.de PRELIMINARIES testing, intro 2 / 25
More informationJust-In-Time Certification
Just-In-Time Certification John Rushby Computer Science Laboratory SRI International Menlo Park, California, USA John Rushby, SR I Just-In-Time Certification: 1 Certification Provides assurance that deploying
More informationChecklist for Requirements Specification Reviews
Checklist for Requirements Specification Reviews Organization and Completeness o Are all internal cross-references to other requirements correct? o Are all requirements written at a consistent and appropriate
More informationEXAM PREPARATION GUIDE
EXAM PREPARATION GUIDE PECB Certified ISO 50001 Lead Auditor The objective of the PECB Certified ISO 50001 Lead Auditor examination is to ensure that the candidate has the knowledge and skills to plan
More informationArchitecture-driven development of Climate Control Software LMS Imagine.Lab Embedded Software Designer Siemens DF PL
Architecture-driven development of Climate Control Software LMS Imagine.Lab Embedded Software Designer Siemens DF PL Restricted Siemens AG 2017 Realize innovation. Content 1 Overview 3 2 LMS Imagine.Lab
More informationHow much is a mechanized proof worth, certification-wise?
How much is a mechanized proof worth, certification-wise? Xavier Leroy Inria Paris-Rocquencourt PiP 2014: Principles in Practice In this talk... Some feedback from the aircraft industry concerning the
More informationO B J E C T L E V E L T E S T I N G
Source level testing and O B J E C T L E V E L T E S T I N G Objectives At the end of this section, you will be able to Explain the advantages and disadvantages of both instrumented testing and object
More informationVerification, Validation, and Test with Model-Based Design
2008-01-2709 Verification, Validation, and Test with Model-Based Design Copyright 2008 The MathWorks, Inc Tom Erkkinen The MathWorks, Inc. Mirko Conrad The MathWorks, Inc. ABSTRACT Model-Based Design with
More informationSoftware Testing. Software Testing
Software Testing Software Testing Error: mistake made by the programmer/ developer Fault: a incorrect piece of code/document (i.e., bug) Failure: result of a fault Goal of software testing: Cause failures
More informationDeriving safety requirements according to ISO for complex systems: How to avoid getting lost?
Deriving safety requirements according to ISO 26262 for complex systems: How to avoid getting lost? Thomas Frese, Ford-Werke GmbH, Köln; Denis Hatebur, ITESYS GmbH, Dortmund; Hans-Jörg Aryus, SystemA GmbH,
More informationEXAM PREPARATION GUIDE
EXAM PREPARATION GUIDE PECB Certified ISO 39001 Lead Auditor The objective of the PECB Certified ISO 39001 Lead Auditor examination is to ensure that the candidate has the knowledge and skills to plan
More informationTitle Requirements for accreditation with flexible scope, Department of Certification and Inspection Bodies
Title Requirements for accreditation with flexible scope, Department of Certification and Inspection Bodies Reference RT-37 Revision 00 Date 18-07-2017 NOTE: The present document represents the English
More informationAddressing Future Challenges in the Development of Safe and Secure Software Components The MathWorks, Inc. 1
Addressing Future Challenges in the Development of Safe and Secure Software Components 2016 The MathWorks, Inc. 1 Cybersecurity Emerging Topic in the Auto Industry Vehicle-to-Infrastructure Wifi Hotspot
More informationWhat s New with the MATLAB and Simulink Product Families. Marta Wilczkowiak & Coorous Mohtadi Application Engineering Group
What s New with the MATLAB and Simulink Product Families Marta Wilczkowiak & Coorous Mohtadi Application Engineering Group 1 Area MATLAB Math, Statistics, and Optimization Application Deployment Parallel
More informationEXAM PREPARATION GUIDE
When Recognition Matters EXAM PREPARATION GUIDE PECB Certified ISO/IEC 20000 Lead Auditor www.pecb.com The objective of the Certified ISO/IEC 20000 Lead Auditor examination is to ensure that the candidate
More informationProcess for the Evaluation and Acceptance of Building Products in the USA
Process for the Evaluation and Acceptance of Building Products in the USA Rick Okawa, P.E. Deputy Vice President of Global Services and Business Development An Integrated Building System Product Certification
More informationPresented by Jack G. Nestell. Topics for Discussion. I. Introduction. Discussion on the different logics and methods of reasonings of Formal Methods
A Discussion on Security Protocols over open networks and distributed Systems: Formal methods for their Analysis, Design, and Verification S. Gritzalis, D. Spinellis, and P. Georgiadis Presented by Jack
More informationModel-Based Design for Safety Critical Automotive Applications
Model-Based Design for Safety Critical Automotive Applications Mirko Conrad Senior Team Lead Simulink Certification and Standards 2008 The MathWorks, Inc. Model-Based Design for Safety-Critical Applications
More informationCertification of the Galileo SIS The GALCERT Project
Certification of the Galileo SIS The GALCERT Project Prepared by: Prof. Dr. P. Hecker - C. Butzmuehlen Presented by: K. Hartwig - DLR ZEL-GNSS 2008 TABLE OF CONTENTS 2 The Mission Goal of the GALCERT Project
More informationSoftware architecture in ASPICE and Even-André Karlsson
Software architecture in ASPICE and 26262 Even-André Karlsson Agenda Overall comparison (3 min) Why is the architecture documentation difficult? (2 min) ASPICE requirements (8 min) 26262 requirements (12
More informationVerification of Requirements For Safety-Critical Software
Verification of Requirements For Safety-Critical Software Paul B. Carpenter Director, Life Cycle Technology Aonix, 5040 Shoreham Place, San Diego, CA USA, 92122 Email: paulc@aonix.com; Tel: 602-816-0245;
More information[IT6004-SOFTWARE TESTING] UNIT 2
1. List the two basic Testing strategies. UNIT 2 Black box testing. White box testing. 2. What are the knowledge sources for Black box testing? Requirements Document specification Domain knowledge Defect
More informationModel Curriculum Aerospace Software Testing Engineer
Model Curriculum Aerospace Software Testing Engineer SECTOR: AEROSPACE AND AVIATION SUB-SECTOR: DESIGN AND DEVELOPMENT OCCUPATION: AEROSPACE TESTING, VERIFICATION AND VALIDATION REF ID: AAS/Q3207, V1.0
More informationTesting TargetLink. Models and C Code with Reactis
Testing TargetLink R Models and C Code with Reactis R Build better embedded software faster. Generate tests from TargetLink models. Detect runtime errors. Execute and debug models. Track coverage. Back-to-back
More informationEXAM PREPARATION GUIDE
When Recognition Matters EXAM PREPARATION GUIDE PECB Certified ISO 9001 Lead Auditor www.pecb.com The objective of the PECB Certified ISO 9001 Lead Auditor examination is to ensure that the candidate possesses
More informationVerification by Static Analysis
Verification by Static Analysis Intelligent Testing Conference Bristol, 17 th March 2014 Verification overview Software Verification is The process of evaluating software during or at the end of the development
More informationBoeing Certification Techniques for Advanced Flight Critical Systems Challenge Problem Integration (CerTA FCS CPI) Briefing at the
Boeing Certification Techniques for Advanced Flight Critical Systems Challenge Problem Integration (CerTA FCS CPI) Briefing at the AFRL Safe & Secure Systems & Software Symposium (S5) BOEING is a trademark
More informationTechniques for the unambiguous specification of software
Formal Techniques for the unambiguous of software Objectives To explain why formal techniques help discover problems in system requirements To describe the use of algebraic techniques for interface To
More informationEXAM PREPARATION GUIDE
When Recognition Matters EXAM PREPARATION GUIDE PECB Certified ISO 22000 Lead Implementer www.pecb.com The objective of the Certified ISO 22000 Lead Implementer examination is to ensure that the candidate
More informationDelimited. Interfaced. Readable. Modifiable. Verifiable. Prioritized* Endorsed
15 quality goals for requirements Justified Correct Complete Consistent Unambiguous Feasible Abstract Traceable Delimited Interfaced Readable Modifiable Verifiable Prioritized* Endorsed Marked attributes
More informationEvidence-based Development coupling structured argumentation with requirements development.
Evidence-based Development coupling structured argumentation with requirements development Jeremy.Dick@integrate.biz integrate 2012 based on paper Paper: EVIDENCE-BASED DEVELOPMENT COUPLING STRUCTURED
More informationFormal Methods Expert to IMA-SP Kernel Qualification Preparation
Formal Methods Expert to IMA-SP Kernel Qualification Preparation Andrew Butterfield Formal Methods Expert to IMA-SP Kernel Qualification Preparation ESTEC Contract No 4000112208 9 th June 2016 10/06/2016
More informationTranslation Validation for a Verified OS Kernel
To appear in PLDI 13 Translation Validation for a Verified OS Kernel Thomas Sewell 1, Magnus Myreen 2, Gerwin Klein 1 1 NICTA, Australia 2 University of Cambridge, UK L4.verified sel4 = a formally verified
More information3 August Software Safety and Security Best Practices A Case Study From Aerospace
3 August 2014 Software Safety and Security Best Practices A Case Study From Aerospace Agenda Introduction Why Aviation? ARINC 653 Real-time Linux on Xen (ARLX) Safety Artifacts for ARLX Security Artifacts
More information