Leveraging Formal Methods Based Software Verification to Prove Code Quality & Achieve MISRA compliance

Similar documents
Intro to Proving Absence of Errors in C/C++ Code

Leveraging Formal Methods for Verifying Models and Embedded Code Prashant Mathapati Application Engineering Group

WHITE PAPER. 10 Reasons to Use Static Analysis for Embedded Software Development

Increasing Design Confidence Model and Code Verification

Verification and Test with Model-Based Design

Increasing Embedded Software Confidence Model and Code Verification. Daniel Martins Application Engineer MathWorks

Static Analysis in C/C++ code with Polyspace

From Design to Production

2015 The MathWorks, Inc. 1

Jay Abraham 1 MathWorks, Natick, MA, 01760

Verification and Validation of Models for Embedded Software Development Prashant Hegde MathWorks India Pvt. Ltd.

Simulink 모델과 C/C++ 코드에대한매스웍스의정형검증툴소개 The MathWorks, Inc. 1

Verification and Validation of High-Integrity Systems

Developing AUTOSAR Compliant Embedded Software Senior Application Engineer Sang-Ho Yoon

Formal Verification of Models and Code Prashant Mathapati Application Engineer Polyspace & Model Verification

Automating Best Practices to Improve Design Quality

Automatización de Métodos y Procesos para Mejorar la Calidad del Diseño

Standardkonforme Absicherung mit Model-Based Design

Implementation and Verification Daniel MARTINS Application Engineer MathWorks

Using Model-Based Design in conformance with safety standards

정형기법을활용한 AUTOSAR SWC 의구현확인및정적분석

Utilisation des Méthodes Formelles Sur le code et sur les modèles

Production Code Generation and Verification for Industry Standards Sang-Ho Yoon Senior Application Engineer

Automating Best Practices to Improve Design Quality

Model-Based Design for High Integrity Software Development Mike Anthony Senior Application Engineer The MathWorks, Inc.

Generating Industry Standards Production C Code Using Embedded Coder

By V-cubed Solutions, Inc. Page1. All rights reserved by V-cubed Solutions, Inc.

Hybrid Verification in SPARK 2014: Combining Formal Methods with Testing

Introduction & Formal Methods

Test and Evaluation of Autonomous Systems in a Model Based Engineering Context

Verification, Validation and Test in Model Based Design Manohar Reddy

Program Verification. Aarti Gupta

Better than Hand Generating Highly Optimized Code using Simulink and Embedded Coder

automatisiertensoftwaretests

Simulink 를이용한 효율적인레거시코드 검증방안

Simulink Verification and Validation

A Model-Based Reference Workflow for the Development of Safety-Related Software

Model-Based Design for Safety-Critical and Mission-Critical Applications Bill Potter Technical Marketing April 17, 2008

Simulation-based Test Management and Automation Sang-Ho Yoon Senior Application Engineer

Guidelines for deployment of MathWorks R2010a toolset within a DO-178B-compliant process

Vector Software. Using VectorCAST to Satisfy Software Verification and Validation for ISO W H I T E P A P E R

ISO Compliant Automatic Requirements-Based Testing for TargetLink

Warm-Up Problem. Let be a set of well-formed Predicate logic formulas. Let be well-formed Predicate logic formulas. Prove or disprove the following.

Structural Coverage Analysis for Safety-Critical Code - Who Cares? 2015 LDRA Ltd 1

ISO compliant verification of functional requirements in the model-based software development process

Certification Authorities Software Team (CAST) Position Paper CAST-25

Program verification. Generalities about software Verification Model Checking. September 20, 2016

AstréeA From Research To Industry

ACCELERATING DO-254 VERIFICATION

Objectives. Chapter 19. Verification vs. validation. Topics covered. Static and dynamic verification. The V&V process

Verification and Validation

Verification and Validation

Automatic Qualification of Abstract Interpretation-based Static Analysis Tools. Christian Ferdinand, Daniel Kästner AbsInt GmbH 2013

Page 1. Stuff. Last Time. Today. Safety-Critical Systems MISRA-C. Terminology. Interrupts Inline assembly Intrinsics

Don t Be the Developer Whose Rocket Crashes on Lift off LDRA Ltd

The University of Iowa Fall CS:5810 Formal Methods in Software Engineering. Introduction

SOFTWARE QUALITY OBJECTIVES FOR SOURCE CODE

Static Analysis Techniques

Unit Testen en embedded software Fout injectie en Software varianten

Verification and Validation

ABSTRACT INTERPRETATION

Changing the way the world does software

Addressing Future Challenges in the Development of Safe and Secure Software Components The MathWorks, Inc. 1

Applications of Program analysis in Model-Based Design

Program Validation and Testing

Software Testing Lecture 1. Justin Pearson

Using Code Coverage to Improve the Reliability of Embedded Software. Whitepaper V

Static program checking and verification

Introduction to CS 270 Math Foundations of CS

Important From Last Time

CSE 403: Software Engineering, Fall courses.cs.washington.edu/courses/cse403/16au/ Static Analysis. Emina Torlak

Testing, Validating, and Verifying with Model-Based Design Phil Rottier

Who is our rival? Upcoming. Testing. Ariane 5 rocket (1996) Ariane 5 rocket 3/8/18. Real programmers need no testing!

MISRA-C. Subset of the C language for critical systems

Ian Sommerville 2006 Software Engineering, 8th edition. Chapter 22 Slide 1

System Requirements & Platform Availability by Product for R2016b

ISO26262 This Changes Everything!

IDE for medical device software development. Hyun-Do Lee, Field Application Engineer

What s New with the MATLAB and Simulink Product Families. Marta Wilczkowiak & Coorous Mohtadi Application Engineering Group

CSE Computer Security

Static Analysis of Embedded Systems

5) I want to get this done fast, testing is going to slow me down.

Formal Verification and Automatic Testing for Model-based Development in compliance with ISO 26262

Verifying source code

Automated Requirements-Based Testing

State of Practice. Automatic Verification of Embedded Control Software with ASTRÉE and beyond

Verification, Testing, and Bugs

Lightweight Verification of Array Indexing

Verification and Validation Introducing Simulink Design Verifier

MathWorks Products and Prices North America January 2018

Best Practices Process & Technology. Sachin Dhiman, Senior Technical Consultant, LDRA

18-642: Code Style for Compilers

People tell me that testing is

Verification and Validation. Ian Sommerville 2004 Software Engineering, 7th edition. Chapter 22 Slide 1

Verification and Validation

Automated Freedom from Interference Analysis for Automotive Software

Model-Based Design for Safety Critical Automotive Applications

IBM Rational Rhapsody. IBM Rational Rhapsody Kit for ISO 26262, IEC 61508, IEC and EN Overview. Version 1.9

1 Visible deviation from the specification or expected behavior for end-user is called: a) an error b) a fault c) a failure d) a defect e) a mistake

Introduction: Software Testing and Quality Assurance

Transcription:

Leveraging Formal Methods Based Software Verification to Prove Code Quality & Achieve MISRA compliance Prashant Mathapati Senior Application Engineer MATLAB EXPO 2013 The MathWorks, Inc. 1

The problem Complex systems can fail with drastic consequences Ariane-5, expendable launch system Overflow error Resulted in destruction of the launch vehicle USS Yorktown, Ticonderoga class ship Divide by zero error Caused ship s propulsion system to fail Therac-25, radiation therapy machine Race condition and overflow error Casualties due to overdosing of patients 2

When is it safe to ship? 40% - of all bugs are runtime errors IBM Study 33% of all medical devices sold in U.S. between 99 and 05 recalled for software failures - U. of Patras (Greece) Study 3

Analyzing and proving embedded software Good design and testing Helps eliminate functional errors But, robustness concerns may still exist Undetected run-time errors will cause catastrophic failure Polyspace: static code analysis using formal methods Address robustness concerns Ensures safe and dependable software 4

How does Polyspace help you? Finds bugs Checks coding rule conformance (MISRA/JSF/Custom) Provides metrics (Cyclomatic complexity etc) Proves the existence and absence of errors Indicates when you ve reached the desired quality level Certification help for DO-178 C, ISO 26262, 5

Can you find a bug? Could there be a bug on this line? 6

Other potential run-time errors to consider Variables may not be initialized Overflow potential Division by zero potential Dead code potential 7

Exhaustive testing If both inputs are signed int32 Full range inputs: -2 31-1.. +2 31-1 All combinations of two inputs: 4.61X10 18 test-cases Test time on a Windows host machine 2.2GHz T7500 Intel processor 4 million test-cases took 9.284 seconds Exhaustive testing time: 339,413 years Exhaustive Testing is Impossible 8

Polyspace demonstration 9

Results from Polyspace 10

Results from Polyspace Green: reliable safe pointer access static void pointer_arithmetic (void) { int array[100]; int *p = array; int i; Red: faulty out of bounds error Gray: dead unreachable code Orange: unproven may be unsafe for some conditions for (i = 0; i < 100; i++) { *p = 0; } p++; variable I (int32): [0.. 99] assignment of I (int32): [1.. 100] if (get_bus_status() > 0) { if (get_oil_pressure() > 0) { *p = 5; } else { i++; } } i = get_bus_status(); Purple: violation MISRA-C/C++ or JSF++ code rules Range data tool tip } if (i >= 0) { *(p - i) = 10; } 11

Functionality Validation and Verification High Proven Correct Unproven Proven Testing Code Inspection Compiler Lint Low Implementation (Runtime Correctness) High 12

Functionality Validation and Verification High Proven Correct Unproven Proven Testing Code Inspection Low Compiler Lint Implementation (Runtime Correctness) Polyspace High 13

How is Polyspace code verification unique? Statically verifies all possible executions of your code (considering all possible inputs, paths, variable values) Proves when code will not fail under any runtime conditions Finds runtime errors, boundary conditions and unreachable code without exhaustive testing Gives insight into runtime behavior and data ranges Mathematically sound has no false negatives 14

DO-178 certification credit 15

Applicability to ISO 26262 ISO 26262-6 Software unit design and implementation Methods 1a Walk-through ++ + o o ASIL Applicable Tools / A B C D Processes 1b Inspection + ++ ++ ++ 1c Semi-formal verification + + ++ ++ Polyspace Bug Finder, Polyspace Code Prover 1d Formal verification o o + + Polyspace Code Prover 1e Control flow analysis + + ++ ++ 1f Data flow analysis + + ++ ++ 1g Static code analysis + ++ ++ ++ Polyspace Bug Finder, Polyspace Code Prover 1h Semantic code analysis* + + + + Polyspace Code Prover Table 9 Methods for the verification of the software unit design and implementation * is used for mathematical analysis of source code by use of an abstract representation of possible values for the variables. For this it is not necessary to translate and execute the source code. (ISO 26262-6, table 9, Method 1h) 16

Why verify code in MBD? May contain S-Functions (handwritten code) Generated code may interface with legacy or driver code Interface may cause downstream run-time errors Inadequate model verification to eliminate constructional errors Certification may require verification at code level 17

Benefits of running Polyspace from Simulink Find bugs in S-Functions in isolation Check compliance for MISRA (or MISRA-AC-AGC) Annotate models to justify code rule violations Trace code verification results back to Simulink models* Qualify integrated code (generated code and handwritten code) Independent verification of generated code Easily produce reports and artifacts for certification * Traceability support available for TargetLink and UML Rhapsody 18

Traceability from code to models Polyspace Bug Finder and Polyspace Code Prover verification results, including MISRA analysis can be traced from code to model 19

EADS Ensures Launch Vehicle Dependability with Polyspace Products for Ada Challenge To automate the identification of run-time errors in mission-critical software for launch vehicles Solution Use Polyspace products to analyze 100,000 lines of Ada code developed in-house and by third-party contractors Results Development time reduced Subcontractor code verified Exhaustive tests streamlined Ariane 5 launcher taking off. "The Polyspace solution is unique - it detects run-time errors without execution and has the advantage of being exhaustive." EADS Engineer Link to user story 20

Nissan Motor Company Increases Software Reliability with Polyspace Products for C/C++ Challenge Identify hard-to-find run-time errors to improve software quality Solution Use MathWorks tools to exhaustively analyze Nissan and supplier code Results Suppliers' bugs detected and measured Software reliability improved PolySpace products for C/C++ adopted by Nissan suppliers Nissan Fairlady Z. Polyspace products for C/C++ can ensure a level of software reliability that is unmatched by any tools in the industry. Mitsuhiko Kikuchi Nissan Motor Company Link to user story 21

ROI Analysis Earlier discovery of hard-to-find run-time errors 66% more error detection in earlier development phases. More bugs found before release 31% more bugs found compared to manual reviews and testing. Shorter quality assurance cycles Reduce development time by as much as 39% by finding run-time errors faster and earlier. More thorough validation of code Continuously improve software quality resulting in fewer run-time errors found during later development stages where they are most expensive to find and fix. Reduced development costs 42% reduction in total cost of development resulting in savings of approximately $1,000 per day. 22

Polyspace Impact in Software Development Finding runtime errors that might have been missed Improves quality and safety Finding runtime errors earlier, when quicker/cheaper to fix Saves time, saves money Knowing how data will behave, and which code is risky Improves code Improves code reviews Proving reliability and robustness without exhaustive testing Shortens verification cycle Focuses testing where it s more effective Lets you know when you re done 23

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback