1 / 8

Short/mid/long term requirements for the static analysis of avionics programs

Dagstuhl Seminar 08161. Scalable Program Analysis. Presented by Jean Souyris Airbus France S.A.S. Short/mid/long term requirements for the static analysis of avionics programs. Overview. Process based assurance Product based Assurance Scalability and Precision

elaine
Download Presentation

Short/mid/long term requirements for the static analysis of avionics programs

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Dagstuhl Seminar 08161 Scalable Program Analysis Presented by Jean Souyris Airbus France S.A.S. Short/mid/long term requirements for the static analysis of avionics programs

  2. Overview Process based assurance Product based Assurance Scalability and Precision Towards the Product based Assurance Practical process of the future

  3. Process based Assurance Process based assurance = current DO178B conforming process Confidence in the software product comes from the fact that it has been rigorously developed (DO178B conforming process). A single activity never proves anything. It’s the conjunction of several activities that ensures the safety of a software product and the compliance to its specifications. Certification authorities check the conformity to DO178B.

  4. Static Analyzers in the development Cycle Astrée, Fluctuat (R&T) aiV, aiT, Stackanalyzer Specification Validation level checks Software architecture Integration Verification Caveat (IP, R&T), Frama-C, aiV, aiT, Stackanalyzer LL requirements Unit Verification Automatic Coding Caveat (UP), Frama-C, Fluctuat aiV, aiT, Stackanalyzer Code Frama-C Translation Validation (R&T) Executable

  5. (Ideal) Product based Assurance Product based Assurance = new paradigm Confidence of the software product is based on the proof of required properties (or specifications) Proof of “Executability” : absence of RTE, satisfaction of timing constraints (based on WCET safe computation), same for memory usage, absence of deadlocks, race conditions, etc. Proof of user-defined properties: during software development formal properties are assigned to the software product at specification or design time. Translation Validation: proof of the last two step of the Model based Development, i.e., SCADE to source code and source code to binary code translation validation.

  6. Ideal Product based Assurance is not for tomorrow Scalability and Precision Specialisation to a pair (family of programs, class of properties) Families of programs: sequential, synchronous with floating-point calculus, asynchronous Classes of properties: see previous slide Current/short term application of the Product based Assurance paradigm Proof of executability on sequential and synchronous programs. Proof of user-defined properties on “small pieces” (Unit Proof*) of a sequential program. Translation Validation C code to PowerPC binary code * Unit Proof = WP based proofs on C functions individually.

  7. Next steps towards the Product based Assurance (mid term) Proof of Executability on asynchronous programs Absence of Run Time Errors (Thésée). Synchronisation properties like absence of deadlocks, WCET computation of tasks made for running on top an OS. Schedulability analysis (?). Memory protection (a process’ thread does not access another process’ memory space). Proof of user-defined properties on sequential programs On bigger “completely” formally specified program pieces. On a whole sequential program if limited number of formalised safety properties (?). Translation Validation: SCADE to source code (?) ‘?’: Only ideas; research work did not start

  8. Full Product based Assurance is unrealistic (long term) Rigorous development process and dynamic analysis (tests) will always be necessary. Practical process will mix: Process and Product based assurances. Static and dynamic analyses.

More Related