Static Analysis of Embedded Systems

Similar documents
Towards an industrial use of FLUCTUAT on safety-critical avionics software

StackAnalyzer Proving the Absence of Stack Overflows

Automatic Qualification of Abstract Interpretation-based Static Analysis Tools. Christian Ferdinand, Daniel Kästner AbsInt GmbH 2013

Static Analysis by A. I. of Embedded Critical Software

Simulink 모델과 C/C++ 코드에대한매스웍스의정형검증툴소개 The MathWorks, Inc. 1

Verification and Test with Model-Based Design

Alexandre Esper, Geoffrey Nelissen, Vincent Nélis, Eduardo Tovar

State of Practice. Automatic Verification of Embedded Control Software with ASTRÉE and beyond

Intro to Proving Absence of Errors in C/C++ Code

Leveraging Formal Methods for Verifying Models and Embedded Code Prashant Mathapati Application Engineering Group

ABSTRACT INTERPRETATION

A Multi-Modal Composability Framework for Cyber-Physical Systems

When Embedded Systems Attack. Unit 22. Therac-25. Therac-25. Embedded Failures. Embedded systems can fail for a variety of reasons

CSE 403: Software Engineering, Fall courses.cs.washington.edu/courses/cse403/16au/ Unit Testing. Emina Torlak

Greats Bugs in History

From Design to Production

Certification Authorities Software Team (CAST) Position Paper CAST-25

Leveraging Formal Methods Based Software Verification to Prove Code Quality & Achieve MISRA compliance

Static Analysis and Verification of Aerospace Software

Overall Structure of RT Systems

Regression testing. Whenever you find a bug. Why is this a good idea?

18-642: Requirements

Static analysis of concurrent avionics software

The do s and don ts of error handling. Joe Armstrong

Static Analysis in C/C++ code with Polyspace

Steps for project success. git status. Milestones. Deliverables. Homework 1 submitted Homework 2 will be posted October 26.

CIS 890: Safety Critical Systems

Who is our rival? Upcoming. Testing. Ariane 5 rocket (1996) Ariane 5 rocket 3/8/18. Real programmers need no testing!

Advanced practical Programming for Scientists

Safety Manual. for ait, Astrée, StackAnalyzer. AbsInt Angewandte Informatik GmbH

Automated Freedom from Interference Analysis for Automotive Software

Safety Architecture Patterns

AstréeA From Research To Industry

Pattern-Based Analysis of an Embedded Real-Time System Architecture

Widening Operator. Fixpoint Approximation with Widening. A widening operator 2 L ˆ L 7``! L is such that: Correctness: - 8x; y 2 L : (y) v (x y)

Developing AUTOSAR Compliant Embedded Software Senior Application Engineer Sang-Ho Yoon

CS 520 Theory and Practice of Software Engineering Fall 2018

Increasing Design Confidence Model and Code Verification

Semantics and Validation Lecture 1. Informal Introduction

Model-Based Design for Safety Critical Automotive Applications

CDA 5140 Software Fault-tolerance. - however, reliability of the overall system is actually a product of the hardware, software, and human reliability

Increasing Embedded Software Confidence Model and Code Verification. Daniel Martins Application Engineer MathWorks

Formal verification of floating-point arithmetic at Intel

Software Verification and Validation (VIMMD052) Introduction. Istvan Majzik Budapest University of Technology and Economics

Relational Abstract Domains for the Detection of Floating-Point Run-Time Errors

Semantic Analysis. Outline. The role of semantic analysis in a compiler. Scope. Types. Where we are. The Compiler Front-End

Verification & Validation of Open Source

CSC313 High Integrity Systems/CSCM13 Critical Systems. CSC313/CSCM13 Chapter 1 1/ 38

CSE 403: Software Engineering, Fall courses.cs.washington.edu/courses/cse403/16au/ Static Analysis. Emina Torlak

Don t Be the Developer Whose Rocket Crashes on Lift off LDRA Ltd

A Byzantine Fault-Tolerant Key-Value Store for Safety-Critical Distributed Real-Time Systems

SAE AS5643 and IEEE1394 Deliver Flexible Deterministic Solution for Aerospace and Defense Applications

Overview of Potential Software solutions making multi-core processors predictable for Avionics real-time applications

Implementation and Verification Daniel MARTINS Application Engineer MathWorks

Verification and Validation of Models for Embedded Software Development Prashant Hegde MathWorks India Pvt. Ltd.

EXPERIENCES FROM MODEL BASED DEVELOPMENT OF DRIVE-BY-WIRE CONTROL SYSTEMS

SOFTWARE QUALITY OBJECTIVES FOR SOURCE CODE

The role of semantic analysis in a compiler

Introduction to Real-time Systems. Advanced Operating Systems (M) Lecture 2

Distributed Systems (ICE 601) Fault Tolerance

CS 161 Computer Security. Security Throughout the Software Development Process

Fault Tolerance. Distributed Software Systems. Definitions

Examples of Code Roaches. First Draft List Cem Kaner September 11, 2005

Object Oriented Programming Exception Handling

CPSC 427: Object-Oriented Programming

The University of Iowa Fall CS:5810 Formal Methods in Software Engineering. Introduction

SCADE. SCADE Suite Tailored for Critical Applications EMBEDDED SOFTWARE

Model-Based Design for High Integrity Software Development Mike Anthony Senior Application Engineer The MathWorks, Inc.

5) I want to get this done fast, testing is going to slow me down.

CPSC 427: Object-Oriented Programming

Real-Time Component Software. slide credits: H. Kopetz, P. Puschner

Safety Assurance in Software Systems From Airplanes to Atoms

Part 5. Verification and Validation

Test and Evaluation of Autonomous Systems in a Model Based Engineering Context

Hierarchical Shape Abstraction of Dynamic Structures in Static Blocks

Jay Abraham 1 MathWorks, Natick, MA, 01760

COMPLEX EMBEDDED SYSTEMS

Software Quality. What is Good Software?

IN4343 Real-Time Systems

Dependability and real-time. TDDD07 Real-time Systems. Where to start? Two lectures. June 16, Lecture 8

Fundamentals: Software Engineering. Objectives. Last lectures. Unit 2: Light Introduction to Requirements Engineering

Understanding Undefined Behavior

SECURE PROGRAMMING A.A. 2018/2019

Chapter 17 - Component-based software engineering. Chapter 17 So-ware reuse

SWITCHED ETHERNET TESTING FOR AVIONICS APPLICATIONS. Ken Bisson Troy Troshynski

Opportunities and Obstacles to Using Static Analysis for the Development of Safety-Critical Software

Programming Embedded Systems

Scientific Computing. Error Analysis

Algorithms in Systems Engineering IE172. Midterm Review. Dr. Ted Ralphs

Assertions. Assertions - Example

Incremental Functional Certification (IFC) on Integrated Modular Avionics (IMA)

Semantic Analysis. Outline. The role of semantic analysis in a compiler. Scope. Types. Where we are. The Compiler so far

Verification of Real-Time Systems Resource Sharing

Onboard Data Handling. Gert Caspersen Terma A/S

Introduction to Real-Time Communications. Real-Time and Embedded Systems (M) Lecture 15

An Introduction to Lustre

Reaching for the sky with certified and safe solutions for the aerospace market

A program execution is memory safe so long as memory access errors never occur:

SCADE. SCADE Architect System Requirements Analysis EMBEDDED SOFTWARE

Certification Requirements for High Assurance Systems

Transcription:

Static Analysis of Embedded Systems Xavier RIVAL rival@di.ens.fr

Outline Case study Certification of embedded softwares Demo Static Analysisof Embedded Systems p.2/12

Ariane 5 Flight 501 Ariane 5: sattelite launcher successor of Ariane 5, much more powerful higher payload capability first flight, June, 4th, 1996: failure failure report: http://esamultimedia.esa.int/docs/esa-x-1819eng.pdf History of the flight: take-off parameters nominal, normal flight during 36 seconds T + 36.7s: loss of trajectory T + 39s: desintegration of the launcher What is the cause of this trajectory issue? Consequences: > $370 000 000... loss of satellites launcher out of service (more than a year) Static Analysisof Embedded Systems p.3/12

Navigation system Sensors: gyroscopes, inertial units Computers (hardware + software): IRS (Inertial Reference System: integrates sensor data OBC (On Board Computer): computes the action to keep the trajectory correct Actuators: engines of the launcher Fault tolerant, redundant systems: two IRS units, but same software Static Analysisof Embedded Systems p.4/12

Analysis of the failure Resource problem: registers and memory were expensive... programming practice: reduce number of bits to be used e.g., cast 64 bits floating point numbers into signed 16 bits integers In case of an overflow: no local interruption catch (expensive) thus, computer crash + error code returned! Ariane 501 flight: arithmetic fault interuption in IRS computer illegal error code interpreted as regular flight data by OBC improper actions, thus loss of trajectory Static Analysisof Embedded Systems p.5/12

Other Considerations Redundant hardware: useless here all IRS units crashed in the same time in avionics: separate development chains (and teams) Irrelevant computations: faulty computation was irrelevant after take-off (gyroscopes recalibration; useful in the first few seconds only) shutting down a task was considered potentially dangerous Legacy software: the whole system had been used in Ariane 4 successfully, many times... but Ariane 5 was more powerful thus higher horizontal bias values... thus overflow Wrong assumptions, due to legacy software Static Analysisof Embedded Systems p.6/12

Embedded systems software failures Many cases: www.cs.tau.ac.il/~nachumd/horror.html Families of bugs: runtime errors, and other safety problems functional bugs, e.g.: violation of liveness properties unstable control loop specification issues incorrect specifications, invalid specifications... beyond this lecture: what to do if the spec is wrong? user interface issues again, beyond this lecture... Static Analysisof Embedded Systems p.7/12

Outline Case study Certification of embedded softwares Demo Static Analysisof Embedded Systems p.8/12

Development Requirements Rigorous development requirements defined by norms, such as: DO-178 b for avionics ISO 26262, ARP 4754 for automotive industry High certification cost techniques to validate/certify software typically represent a huge cost: unit testing integration testing software maintenance: imposes more testing... Aeronautics, cost of an airplane: airframe: 1/3 engines: 1/3 softwares, avionics: 1/3...... 80 % of which is testing, integration, validation, certification Static Analysisof Embedded Systems p.9/12

DO-178 B Principle Software levels, depending on level of criticality, e.g.: level A: a failure would cause a crash e.g., fly-by-wire software level C: a failure would cause crew overloading e.g., fly management computer level E: no effect on the safety of the flight e.g., IFE (entertainment software)... Software requirement, depending on level of criticality, e.g.: identification of possible failures, and evidence of correctness traceability absence of dead-code unit testing No technique imposed to meet those criteria... but choice based on efficiency in terms of cost/reliability Static Analysisof Embedded Systems p.10/12

Certifying Safety by Analysis Advantages of static analysis: lower cost, better confidence Safety: the software will not crash / cease to function: absence of runtime errors no crash, no violation of application specific constraints Astrée synchronous requirement, i.e., time constraint critical sections should take a bounded amount of time i.e., the software must be responsive recursion is forbidden Absint WCET analysis (Worst Case Execution Time) resource usage no dynamic memory allocation stack usage Absint stack analyzer Beyond safety, functional correctness: usually only testing... (challenge!) Static Analysisof Embedded Systems p.11/12

Outline Case study Certification of embedded softwares Demo Static Analysisof Embedded Systems p.12/12

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback