Utilisation des Méthodes Formelles Sur le code et sur les modèles Patrick Munier Co-fondateur de PolySpace Technologies Polyspace Development Manager, MathWorks Patrick.Munier@mathworks.fr Forum Méthodes Formelles June 28 th 2013, Toulouse 2013 The MathWorks, Inc. 1
Formal Methods at MathWorks Provide tools for Model and Code verification For pure Model (does it really exist?) For pure hand-code For mixed generated and hand-code Provide tools for early and late verification Used by Design Engineers (1) Used by Developers (2) Used by Quality Engineers (3) Cover from Bug Finding to Proving absence of bugs 2
Complementarity between Model and Code Verification Simulink Stateflow Control Algorithm, Fault Detection, Supervisory Logic Model MATLAB Need for Model Verification 3
Complementarity between Model and Code Verification ECU Integrated Code Control Algorithm, Fault Detection, Supervisory Logic Model Utility (I/O Driver, Lookup Table, etc.) C RTOS, Fault Logging, Service Tool Interface C Hand-code (S-Function) Need for Code Verification 4
MathWorks V&V Technologies Model/Coding Rules Checking Simulink Stateflow Internal representation or C/C++ code generation Abstract Interpretation Engine SAT Solver Bugs Finding MATLAB C/C++ Hand-code Compilation Technics Symbolic Execution Proving absence of runtime errors Proving properties C, C++, 5
MathWorks V&V Technologies Simulink Stateflow Model V&V tools Simulink Design Verifier Model/Coding Rules Checking Bugs Finding MATLAB Code V&V tools Polyspace Proving absence of runtime errors Proving properties C, C++, 6
Model Verification Simulink Design Verifier Model with highlighted violations Simulink and Stateflow models, atomic subsystems, and subcharts Model harness with test cases Property proving Models or subsystems augmented with design properties Detailed report and violations 7
Code Verification Polyspace Verify as early as possible Target System Find bugs Use of Formal Methods Verify properties Verify compliance to standards (e.g., MISRA, JSF++) Prove absence of runtime errors 8
Challenges of Formal Method based tools? Easy to use (automatic, non-intrusive) Tools are easy to launch by Design Engineers, Developers and Quality Engineers Take into account all dialects, compilers, flavors of Visual Studio, VxWorks, Results are easy to understand Results are relevant (False Positive / False Negatives) Review of results is easy and powerful High quality Validation of Formal-Method-based tools is challenging There are needs for certification 9
Code Verification Easy understanding of results P ro v e n 10
Easy Launching and Review Example: Eclipse plugin* Launch Polyspace from Eclipse Review results in Eclipse * Also integrated in Simulink, and available as a separate GUI 11
Easy and powerful review of results Check s detail Review/Justify means List of Files Data Dictionary List of checks Call Tree Source code 12
Generated Code Link results back to Simulink Models 13
Relevance of results More about Precision Intervals Congruences Polyhedra Aliases Trace partitioning Multi-linear 14
Maths, even good maths, are not enough Provide information about environment Range of Data (e.g., Calibration data in asap2 format) Automatic stubs of unknown functions Multi-tasking information (i.e., Critical sections) Fix/comment/justify the orange And generate customizable reports Follow a predefined Software Quality Objective ( SQO ) Powertrain Diesel 15
Polyspace Validation +38 000 tests (all languages mixed) C language: +30 millions of LOC Hundreds of customer s code Pathological codes, non favorable to Polyspace Certification kit for ISO 26262 Qualification kit for DO178B/C Measure of oranges Measure of analysis time Polyspace on MathWorks Polyspace code 16
Conclusion Formal Methods are used successfully in MathWorks products They are used for Model and Code verification MathWorks picked up the challenge of making them easy to use and robust 17
Thank you 18