Intro to Proving Absence of Errors in C/C++ Code

Similar documents
Leveraging Formal Methods Based Software Verification to Prove Code Quality & Achieve MISRA compliance

Increasing Design Confidence Model and Code Verification

Increasing Embedded Software Confidence Model and Code Verification. Daniel Martins Application Engineer MathWorks

Verification and Test with Model-Based Design

Static Analysis in C/C++ code with Polyspace

Leveraging Formal Methods for Verifying Models and Embedded Code Prashant Mathapati Application Engineering Group

From Design to Production

WHITE PAPER. 10 Reasons to Use Static Analysis for Embedded Software Development

2015 The MathWorks, Inc. 1

Jay Abraham 1 MathWorks, Natick, MA, 01760

Simulink 모델과 C/C++ 코드에대한매스웍스의정형검증툴소개 The MathWorks, Inc. 1

Verification and Validation of Models for Embedded Software Development Prashant Hegde MathWorks India Pvt. Ltd.

Automating Best Practices to Improve Design Quality

Implementation and Verification Daniel MARTINS Application Engineer MathWorks

Using Model-Based Design in conformance with safety standards

Developing AUTOSAR Compliant Embedded Software Senior Application Engineer Sang-Ho Yoon

정형기법을활용한 AUTOSAR SWC 의구현확인및정적분석

Verification and Validation of High-Integrity Systems

Utilisation des Méthodes Formelles Sur le code et sur les modèles

Standardkonforme Absicherung mit Model-Based Design

Model-Based Design for High Integrity Software Development Mike Anthony Senior Application Engineer The MathWorks, Inc.

Automatización de Métodos y Procesos para Mejorar la Calidad del Diseño

Formal Verification of Models and Code Prashant Mathapati Application Engineer Polyspace & Model Verification

Generating Industry Standards Production C Code Using Embedded Coder

Program Verification. Aarti Gupta

Better than Hand Generating Highly Optimized Code using Simulink and Embedded Coder

Production Code Generation and Verification for Industry Standards Sang-Ho Yoon Senior Application Engineer

Testing, Validating, and Verifying with Model-Based Design Phil Rottier

Don t Be the Developer Whose Rocket Crashes on Lift off LDRA Ltd

Warm-Up Problem. Let be a set of well-formed Predicate logic formulas. Let be well-formed Predicate logic formulas. Prove or disprove the following.

Automating Best Practices to Improve Design Quality

Verifying source code

Simulink Verification and Validation

Automatic Qualification of Abstract Interpretation-based Static Analysis Tools. Christian Ferdinand, Daniel Kästner AbsInt GmbH 2013

SOFTWARE QUALITY OBJECTIVES FOR SOURCE CODE

By V-cubed Solutions, Inc. Page1. All rights reserved by V-cubed Solutions, Inc.

Simulink 를이용한 효율적인레거시코드 검증방안

Hybrid Verification in SPARK 2014: Combining Formal Methods with Testing

Grigore Rosu Founder, President and CEO Professor of Computer Science, University of Illinois

Guidelines for deployment of MathWorks R2010a toolset within a DO-178B-compliant process

Who is our rival? Upcoming. Testing. Ariane 5 rocket (1996) Ariane 5 rocket 3/8/18. Real programmers need no testing!

Best Practices Process & Technology. Sachin Dhiman, Senior Technical Consultant, LDRA

Fault Injection & Formal Made for Each Other

5) I want to get this done fast, testing is going to slow me down.

Verification, Validation and Test in Model Based Design Manohar Reddy

Static Analysis of Embedded Systems

Principles of Software Construction: Objects, Design, and Concurrency (Part 2: Designing (Sub )Systems)

Structural Coverage Analysis for Safety-Critical Code - Who Cares? 2015 LDRA Ltd 1

Lightweight Verification of Array Indexing

automatisiertensoftwaretests

Introduction to CS 270 Math Foundations of CS

Verification and Validation Introducing Simulink Design Verifier

Error Detection by Code Coverage Analysis without Instrumenting the Code

Unit Testen en embedded software Fout injectie en Software varianten

A Model-Based Reference Workflow for the Development of Safety-Related Software

CSE 403: Software Engineering, Fall courses.cs.washington.edu/courses/cse403/16au/ Static Analysis. Emina Torlak

Therac-25 radiation therapy machine

Coding Standards in FACE Conformance. John Thomas, Chris Edwards, and Shan Bhattacharya

Model-Based Design for Safety-Critical and Mission-Critical Applications Bill Potter Technical Marketing April 17, 2008

Using Code Coverage to Improve the Reliability of Embedded Software. Whitepaper V

C07: Testing and JUnit

CSE 403: Software Engineering, Fall courses.cs.washington.edu/courses/cse403/16au/ Unit Testing. Emina Torlak

Software Verification and Validation

Introduction & Formal Methods

Static Analysis in Practice

Safety Manual. for ait, Astrée, StackAnalyzer. AbsInt Angewandte Informatik GmbH

Program Validation and Testing

Model-Based Design for Safety Critical Automotive Applications

IDE for medical device software development. Hyun-Do Lee, Field Application Engineer

Coding Standards in FACE Conformance. John Thomas, Chris Edwards, and Shan Bhattacharya

Simulation-based Test Management and Automation Sang-Ho Yoon Senior Application Engineer

StackAnalyzer Proving the Absence of Stack Overflows

Test and Evaluation of Autonomous Systems in a Model Based Engineering Context

ISO26262 This Changes Everything!

Static Analysis methods and tools An industrial study. Pär Emanuelsson Ericsson AB and LiU Prof Ulf Nilsson LiU

Ingegneria del Software Corso di Laurea in Informatica per il Management

The Path Not Taken: Maximizing the ROI of Increased Decision Coverage

Software Testing Lecture 1. Justin Pearson

AstréeA From Research To Industry

Formal Verification of Flight Control Applications along a Model- Based Development Process A Case Study

Testing. CSE 331 University of Washington. Michael Ernst

MISRA-C. Subset of the C language for critical systems

Static program checking and verification

Advanced Software Testing Testing Code with Static Analysis

State of Practice. Automatic Verification of Embedded Control Software with ASTRÉE and beyond

MathWorks Products and Prices North America January 2018

Certification Authorities Software Team (CAST) Position Paper CAST-25

Writing better code Loop invariants Correctness. John Edgar 2

IBM Rational Rhapsody

Introduction: Software Testing and Quality Assurance

Static Analysis Techniques

Important From Last Time

Software Quality. What is Good Software?

Verification and Validation

Three General Principles of QA. COMP 4004 Fall Notes Adapted from Dr. A. Williams

Static Analysis! Prof. Leon J. Osterweil! CS 520/620! Fall 2012! Characteristics of! System to be! built must! match required! characteristics!

Understanding Undefined Behavior

Program verification. Generalities about software Verification Model Checking. September 20, 2016

Announcements. Testing. Announcements. Announcements

Software Security: Vulnerability Analysis

Transcription:

Intro to Proving Absence of Errors in C/C++ Code Develop high quality embedded software Kristian Lindqvist Senior Pilot Engineer MathWorks 2016 The MathWorks, Inc. 1

The Cost of Failure Ariane 5: Overflow Error $7,500,000,000 Rocket & payload lost 2

The Cost of Failure News reports: Recall Due to ECU software bug 3

The Cost of Failure USS Yorktown: Divide-by-zero Error 0 Knots Top speed 4

The Cost of Failure Therac-25: Race Condition, Overflow 6 Casualties due to radiation overdose 5

What do all these systems have in common? Complex software developed to rigorous standards Extensively reviewed, analyzed and tested Yet still failed 6

Examples of software bugs and errors Run-time errors Concurrency issues Programming errors Dead or unreachable code Static and dynamic memory errors 7

Testing is not enough! Good design and testing Helps eliminate functional errors Implementation correctness - Robustness Undetected run-time errors will cause catastrophic failure Tests needed for coverage Tests needed to catch all the defects 8

Can you find a bug? 9

Can you find a bug? Could there be a bug on this line? 10

Consider the operation: x / (x - y) Potential run-time errors Variables x and y may not be initialized An overflow on subtraction If x == y, then a divide by zero will occur How to prove that run-time errors do or do not exist? 11

Exhaustive testing If both inputs are signed int32 Full range inputs: -2 31-1.. +2 31-1 All combinations of two inputs: 4.61X10 18 test-cases Test time on a Windows host machine 2.2GHz T7500 Intel processor 4 million test-cases took 9.284 seconds Exhaustive testing time: 339,413 years Exhaustive Testing is Impossible 12

Polyspace demonstration where_are_errors 13

Results from Polyspace Green: reliable safe pointer access static void pointer_arithmetic (void) { int array[100]; int *p = array; int i; Red: faulty out of bounds error Gray: dead unreachable code Orange: unproven may be unsafe for some conditions for (i = 0; i < 100; i++) { *p = 0; } p++; variable I (int32): [0.. 99] assignment of I (int32): [1.. 100] if (get_bus_status() > 0) { if (get_oil_pressure() > 0) { *p = 5; } else { i++; } } i = get_bus_status(); Purple: violation MISRA-C/C++ or JSF++ code rules Range data tool tip } if (i >= 0) { *(p - i) = 10; } 22

How is Polyspace code verification unique? Statically verifies all possible executions of your code (considering all possible inputs, paths, variable values) Proves when code will not fail under any runtime conditions Finds runtime errors, boundary conditions and unreachable code without exhaustive testing Gives insight into runtime behavior and data ranges Mathematically sound has no false negatives 23

Detailed Polyspace demonstration demo_c 24

Why verify code in Model-Based Design? May contain S-Functions (handwritten code) Generated code may interface with legacy or driver code Interface may cause downstream run-time errors Inadequate model verification to eliminate constructional errors Certification may require verification at code level 25

Benefits of running Polyspace from Simulink Find bugs in S-Functions in isolation Check compliance for MISRA (or MISRA-AC-AGC) Annotate models to justify code rule violations Trace code verification results back to Simulink models Qualify integrated code (generated code and handwritten code) Independent verification of generated code Easily produce reports and artifacts for certification 26

Traceability from code to models Polyspace Bug Finder and Polyspace Code Prover verification results, including MISRA analysis can be traced from code to model 27

Polyspace product family for C/C++ Polyspace Code Prover Proves code to be safe and dependable Deep verification of software components Perform QA signoff for production ready code Polyspace Bug Finder Quickly find bugs in embedded software Check code compliance for MISRA and JSF Intended for every day use by software engineers Ada language also supported for proving code 29

How does Polyspace help you? Finds bugs and security vulnerabilities Checks coding rule conformance (MISRA/JSF/Custom/CWE*) Provides metrics (Cyclomatic complexity etc) Proves the existence and absence of errors Indicates when you ve reached the desired quality level Certification help for DO-178 C, ISO 26262, EN 50128, IEC 62304, IEC 61508 30

Thank You! 31

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback