SlideShare une entreprise Scribd logo

DO-178C OOT supplement: A user's perspective

AdaCore
AdaCore

A perspective user's view of the OOT supplement being introduced in the upcoming DO-178C avionics standard.

Technologie
1  sur  31
Télécharger pour lire hors ligne
DO178C/ED12C OOT A User’s Perspective Cyrille Comar Hugues Bonnin Fred Rivard Certification Together International Conference, Toulouse, October 2010
CTIC 2010 2 Agenda 3 examples of DO178C/OOT usage 1. Inheritance : Liskov Substitution Principle (LSP) with Ada 2. Virtualization : the Java Virtual Machine case 3. Dynamic Memory Management : a Java Garbage Collector example
Inheritance : Liskov Substitution Principle (LSP) with Ada
CTIC 2010 4 Local Type Consistency (TC)  In order to mitigate inheritance vulnerabilities, local type consistency has to be demonstrated. Indeed, this property limits reliably inheritance mechanism.  TC is referred in : ◦ OO.4.4 n. : if reuse is planned, maintenance of TC shall be described. ◦ OO.5.2.2 j. : in design activities, class hiearachy with TC must be developped with associated LLR. ◦ OO.6.7 : specific verification for Local Type Consistency has to be done, with added objective in table A-7 (OO-10).
CTIC 2010 5 Local Type Consistency (TC) 1. Formal Methods: ◦ Precondition weakening ◦ Postcondition Strengthening 2. Unit Testing (on LLRs associated with Class methods) ◦ Run all tests associated with a class using objects of child classes 3. Pessimistic Testing ◦ Verify that all dispatching calls are covered by tests exercising all methods potentially reachable from a dispatch point
CTIC 2010 6 TC by Formal Analysis type Class1 is tagged private; procedure Method (C : in out Class1; I : Integer) with pre => I > 0; post => C.Updated; type Class2 is new Class1 with private; procedure Method (C : in out Class2; I : Integer) with pre => I >= 0; post => C.Updated and C.Sorted; Ada2012 syntax must demonstrate that • I > 0  I >= 0 • C.Updated and C.Sorted  C.Updated Liskov Substitution Principle: • Precondition is weakened • Postcondition is strengthened
CTIC 2010 7 TC by Formal Analysis (2)  Spark = Small Ada + logical annotations  Spark supports limited OO features  Spark already performs this verification type Class1 is tagged private; function Updated (C : Class1) return Boolean; function Sorted (C : Class1) return Boolean; procedure Method (C : in out Class1; I : Integer); --# pre I > 0; --# post Updated(C); type Class2 is new Class1 with private; procedure Method (C : in out Class2; I : Integer); --# pre I >= 0; --# post Updated(C) and Sorted (C); H1: updated(fld_inherit(c)) . H2: sorted(fld_inherit(c)) . -> C1: updated(fld_inherit(c)) . H1: i > 0 . -> C1: i >= 0 . Spark produces 2 VCs (Verification Conditions)
CTIC 2010 8 TC by Unit Testing  With proper organization of unit testing, verification is relatively easy to put in place: ◦ Each class has a mirror “test” class ◦ Each method has a mirror “test” method  Low-Level Requirements are associated with methods  Corresponding testcases are associated to the “mirror” test method ◦ Group all the tests related to a class in a testsuite ◦ Apply this testsuite to objects of the class ◦ Apply this testsuite to objects of subclasses Verify the LLRs associated with the class Verify type consistency
CTIC 2010 9 TC by Unit Testing package Example is type T1 is tagged private; procedure M1 (X : T1); function F1 (X : T1) return Integer; type T2 is new T1 with private; overriding procedure M1 (X : T2); -- inherit F1 (X : T2) end Example; package Example.Unit_Tests is type Test_T1 is new Root_Class_Test with record Ptr : access_T1_Class; end record; procedure Test_M1 (X : Test_T1); procedure Test_F1 (X : Test_T1); type Test_T2 is new Test_T1 with private; overriding procedure Test_M1 (X : Test_T2); -- inherit Test_F1 (X : Test_T2) end Example.Unit_Tests; LLR1_M1 LLR2_M1 LLR1_M1_TestCase1 LLR1_M1_TestCase2 … +M1() +F1() T1 +M1() T2 +Test_M1() +Test_F1() -Ptr T1_Test +Test_M1() T2_Test 1 1
CTIC 2010 10 TC by Unit Testing package body Example.Test_Suites is procedure T1_Test_Suite (T : Test_T1) is … procedure T2_Test_Suite (T : Test_T2) is begin Test_M1 (T); Test_F1 (T); -- call inherited test end T2_Test_Suite; end Example.Test_Suites; Procedure My_Test is T2_Obj : Test_T2 := (Root_Class_Test with new T2); begin -- regular testing on T2 Example.Test_Suites.T2_Test_Suite (T2_Obj); -- verify that T2 can substitute T1 safely Example.Test_Suites.T1_Test_Suite (Test_T1(T2_Obj)); end My_Test;
CTIC 2010 11 TC by Pessimistic Testing  Locate all dispatching calls in the application  For each, infer every method that can be called  Verify that Req based testing cover all such cases
CTIC 2010 12 TC by Pessimistic Testing procedure Do_Something (Obj1 : T1’Class; Obj2 : T2’Class) is begin … Obj1.M1; … Val := Obj2.F1; … end Do_Something; T2’s F1 T2’s M1 T1’s M1 … Do_Something (My_Obj1, My_Obj2); … Do_Something (My_Obj2, My_Obj2); … Enough to achieve stmt coverage but Not enough for Type Consistency verif Necessary to complete “pessimistic testing”
Virtualization : the Java Virtual Machine case
CTIC 2010 14 Multilayering needs  virtualization has multiple known interests for productivity and industrialisation ◦ SW/HW independance ◦ simulation easier ◦ portability improved  but for safety too : ◦ breakdown of complexity (« divide and conquer ») ◦ in case of Java :  stability of Java Bytecode (10+ years)  formal properties of bytecode but with DO178-B...
CTIC 2010 15 Executable (on target) Code Design Specification Introduction of Virtualizatio n No room for Java Byte Code DO178-B approach Executable (on target) Code Design Specification Byte-Code (on VM) DO178C/OOT approach OO.4 “The target environment is either a target computer or a combination of virtualization software and a target computer. Virtualization software also needs to comply with DO-178C/ED-12C and applicable supplements”
CTIC 2010 16 DO178C ref. on virtualization  OO.4.2 m. ◦ « Describe any planned use of virtualization » and « This data [byte code] should be treated as executable code »  OO.C.7.7 ◦ main vulnerability is « the code of a given virtualization layer may be considered to be data, consequently, tracing may be neglected, and verification may be insufficient »  OO11.7 g., OO11.8 f. ◦ standards (design and code) must include contraints on usage of virtualization
CTIC 2010 17 Development principle for a Java Software (1/2) Java Application JVM Platform HW targetExecutable Code Design Specification Executable Code Design Specification
CTIC 2010 18 Development principle for a Java Software (2/2)  Tests principles : « IMA-like » process Application on JVM  main part of appl. HLR, LLR tests JVM on target  main part of JVM HLR, LLR tests ApplicationonJVM ontarget smallpartof integrationtests Application exec. on JVM JVM exec. on HW
CTIC 2010 19 Constraints on Application devt.  development of application is not changed  but « executable object code » is Java bytecode, and the target is a JVM.  it allows to executes tests on any JVM, considering that target environment is representative of final HW target. ◦ standardisation of the JVM greatly helps for this demonstration
CTIC 2010 20 Constraints on JVM devt. (1)  Devt. of the JVM must be done at least at the same SW level as the application.  JVM HLR and LLR are principally described in Java Virtual Machine specification (the « blue book »).  Robust and deterministic algorithms must be chosen, and described in LLRs, to implement the JVM (see for example Garbage Collector in next part) ◦ The simplest are the choices, the easiest is the demonstration.
CTIC 2010 21 Constraints on JVM devt. (2) : JVM Tests strategy HW target JVM Java tests JVM tests execution on JVM JVM Java Bytecode JVM target bytecode JVM execution on a Test JVM JVM execution on the target Test JVM Single test battery Stage 1 Stage 2
Dynamic Memory Management : the Java Garbage Collector example
CTIC 2010 23 DO178C ref. on Dynamic Memory Management  OO.C.7.6 ◦ vulnerabilities are listed and explained, with guidelines  OO.5.2.2 (design activities) : ◦ k. « As part of the software architecture, develop a strategy for memory management »  OO.11.7 g. et OO.11.8 f. ◦ standards (design and code) must include contraints on usage of memory management  OO.6.8 ◦ specific verification for Dynamic Memory Management has to be done, with added objective in table A-7 (OO- 11), covering all the vulnerabilities explained in OO.C
CTIC 2010 24 Memory ManagementTable OO.C.7.6.3 : where sub-objectives are addressed MMI : Memory Management Infrastructure AC : Application  With automatic heap managament allocation, application transfers dynamic memory management problems to the infrastructure  this is a main advantage of using a Garbage Collector (GC) a b c d e f g Object pooling AC AC AC AC AC N/A MMI Stack allocation AC MMI MMI AC AC N/A MMI Scope allocation MMI MMI MMI AC AC MMI MMI Manual heap allocation AC AC* AC AC AC N/A MMI Automatic heap allocation MMI MMI MMI AC MMI MMI MMI Sub-objectives (OO.6.8.2) Technique
CTIC 2010 25 7 vulnerabilities in DMM a. Ambiguous References b. Fragmentation Starvation c. Deallocation Starvation d. Heap Memory Exhaustion e. Premature Deallocation f. Lost Update and Stale Reference g. Time bound Allocation or Deallocation MMI MMI MMI MMI MMI MMI AC
CTIC 2010 26 Verify GC by tests against vulnerabilities  these verification points are a sort of minimal requirements for a DMM infrastructure.  They all can be tested by adequate stress tests  For example, property e. « Premature Deallocation » ◦ 6.8.2.e states « Verify that reference consistency is maintained, that is, each object is unique, and is only viewed as that object. » ◦ One test could be :  one thread fill an array with objects ;  another one compare randomly cells of the array (a[x]==a[y]) ;  one third thread destroys the objects.  This process is repeated at a high rate and during a long period.  The comparison must never be true.
CTIC 2010 27 Verify GC by analysis against vulnerabilities (1/2)  The fine characteristics of the GC give supplementary LLRs ◦ Stop-the the-world / concurrent ◦ Mark-sweep / copy ◦ Compact / not compact ◦ Exact / conservative pointers ◦ Work / time based ...
CTIC 2010 28 Verify GC by analysis against vulnerabilities (2/2)  For example, b. Fragmentation Starvation c. Deallocation Starvation g. Time bound Allocation or Deallocation are well demonstrated by Shoeberl works, for concurrent-copy GC,  these charactristics can be used to give some sound verification of vulnerabities with periodic GC.
Conclusion
CTIC 2010 30 Conclusion  DO178C/OOT supplement is a real guide to go to certification with OO features ◦ it gives the necessary constraints to make OO programs safe ◦ it gives the sufficient genercity to accept any known OO technology ◦ it gives didactical material (APP.C)  Thanks to this new DO178 version, modern OO technology will finally be embedded in our modern aircrafts.
CTIC 2010 31 Thank you.

Recommandé

System Verilog 2009 & 2012 enhancements
System Verilog 2009 & 2012 enhancementsSystem Verilog 2009 & 2012 enhancements
System Verilog 2009 & 2012 enhancementsSubash John
 
Paper-review: A Parallel Test Pattern Generation Algorithm to Meet Multiple Q...
Paper-review: A Parallel Test Pattern Generation Algorithm to Meet Multiple Q...Paper-review: A Parallel Test Pattern Generation Algorithm to Meet Multiple Q...
Paper-review: A Parallel Test Pattern Generation Algorithm to Meet Multiple Q...Laboratory of Dependable Systems(I), GIEE, NTU
 
Dynamic Analysis - SCOTCH: Improving Test-to-Code Traceability using Slicing ...
Dynamic Analysis - SCOTCH: Improving Test-to-Code Traceability using Slicing ...Dynamic Analysis - SCOTCH: Improving Test-to-Code Traceability using Slicing ...
Dynamic Analysis - SCOTCH: Improving Test-to-Code Traceability using Slicing ...ICSM 2011
 
Session 6 sv_randomization
Session 6 sv_randomizationSession 6 sv_randomization
Session 6 sv_randomizationNirav Desai
 
Embedded system design psoc lab report
Embedded system design psoc lab reportEmbedded system design psoc lab report
Embedded system design psoc lab reportRamesh Naik Bhukya
 
SystemVerilog Assertions verification with SVAUnit - DVCon US 2016 Tutorial
SystemVerilog Assertions verification with SVAUnit - DVCon US 2016 TutorialSystemVerilog Assertions verification with SVAUnit - DVCon US 2016 Tutorial
SystemVerilog Assertions verification with SVAUnit - DVCon US 2016 TutorialAmiq Consulting
 
Unit testingandcontinousintegrationfreenest1dot4
Unit testingandcontinousintegrationfreenest1dot4Unit testingandcontinousintegrationfreenest1dot4
Unit testingandcontinousintegrationfreenest1dot4JAMK
 
Session 9 advance_verification_features
Session 9 advance_verification_featuresSession 9 advance_verification_features
Session 9 advance_verification_featuresNirav Desai
 

Recommandé

System Verilog 2009 & 2012 enhancements
System Verilog 2009 & 2012 enhancementsSystem Verilog 2009 & 2012 enhancements
System Verilog 2009 & 2012 enhancementsSubash John
 
Paper-review: A Parallel Test Pattern Generation Algorithm to Meet Multiple Q...
Paper-review: A Parallel Test Pattern Generation Algorithm to Meet Multiple Q...Paper-review: A Parallel Test Pattern Generation Algorithm to Meet Multiple Q...
Paper-review: A Parallel Test Pattern Generation Algorithm to Meet Multiple Q...Laboratory of Dependable Systems(I), GIEE, NTU
 
Dynamic Analysis - SCOTCH: Improving Test-to-Code Traceability using Slicing ...
Dynamic Analysis - SCOTCH: Improving Test-to-Code Traceability using Slicing ...Dynamic Analysis - SCOTCH: Improving Test-to-Code Traceability using Slicing ...
Dynamic Analysis - SCOTCH: Improving Test-to-Code Traceability using Slicing ...ICSM 2011
 
Session 6 sv_randomization
Session 6 sv_randomizationSession 6 sv_randomization
Session 6 sv_randomizationNirav Desai
 
Embedded system design psoc lab report
Embedded system design psoc lab reportEmbedded system design psoc lab report
Embedded system design psoc lab reportRamesh Naik Bhukya
 
SystemVerilog Assertions verification with SVAUnit - DVCon US 2016 Tutorial
SystemVerilog Assertions verification with SVAUnit - DVCon US 2016 TutorialSystemVerilog Assertions verification with SVAUnit - DVCon US 2016 Tutorial
SystemVerilog Assertions verification with SVAUnit - DVCon US 2016 TutorialAmiq Consulting
 
Unit testingandcontinousintegrationfreenest1dot4
Unit testingandcontinousintegrationfreenest1dot4Unit testingandcontinousintegrationfreenest1dot4
Unit testingandcontinousintegrationfreenest1dot4JAMK
 
Session 9 advance_verification_features
Session 9 advance_verification_featuresSession 9 advance_verification_features
Session 9 advance_verification_featuresNirav Desai
 
TMPA-2017: Evolutionary Algorithms in Test Generation for digital systems
TMPA-2017: Evolutionary Algorithms in Test Generation for digital systemsTMPA-2017: Evolutionary Algorithms in Test Generation for digital systems
TMPA-2017: Evolutionary Algorithms in Test Generation for digital systemsIosif Itkin
 
Digital System Design Lab Report - VHDL ECE
Digital System Design Lab Report - VHDL ECEDigital System Design Lab Report - VHDL ECE
Digital System Design Lab Report - VHDL ECERamesh Naik Bhukya
 
Introduction to-vhdl
Introduction to-vhdlIntroduction to-vhdl
Introduction to-vhdlNeeraj Gupta
 
Coverage and Introduction to UVM
Coverage and Introduction to UVMCoverage and Introduction to UVM
Coverage and Introduction to UVMDr. Shivananda Koteshwar
 
ECAD lab manual
ECAD lab manualECAD lab manual
ECAD lab manualDr. Swaminathan Kathirvel
 
CG OpenGL polar curves & input display color-course 4
CG OpenGL polar curves & input display color-course 4CG OpenGL polar curves & input display color-course 4
CG OpenGL polar curves & input display color-course 4fungfung Chen
 
System verilog important
System verilog importantSystem verilog important
System verilog importantelumalai7
 
ATPG Methods and Algorithms
ATPG Methods and AlgorithmsATPG Methods and Algorithms
ATPG Methods and AlgorithmsDeiptii Das
 
How to Connect SystemVerilog with Octave
How to Connect SystemVerilog with OctaveHow to Connect SystemVerilog with Octave
How to Connect SystemVerilog with OctaveAmiq Consulting
 
Practical file
Practical filePractical file
Practical filerajeevkr35
 
Uvm cookbook-systemverilog-guidelines-verification-academy
Uvm cookbook-systemverilog-guidelines-verification-academyUvm cookbook-systemverilog-guidelines-verification-academy
Uvm cookbook-systemverilog-guidelines-verification-academyRaghavendra Kamath
 
Doulos coverage-tips-tricks
Doulos coverage-tips-tricksDoulos coverage-tips-tricks
Doulos coverage-tips-tricksObsidian Software
 
UVM TUTORIAL;
UVM TUTORIAL;UVM TUTORIAL;
UVM TUTORIAL;Azad Mishra
 
Re usable continuous-time analog sva assertions
Re usable continuous-time analog sva assertionsRe usable continuous-time analog sva assertions
Re usable continuous-time analog sva assertionsRégis SANTONJA
 
Session 8 assertion_based_verification_and_interfaces
Session 8 assertion_based_verification_and_interfacesSession 8 assertion_based_verification_and_interfaces
Session 8 assertion_based_verification_and_interfacesNirav Desai
 
Upgrading to System Verilog for FPGA Designs, Srinivasan Venkataramanan, CVC
Upgrading to System Verilog for FPGA Designs, Srinivasan Venkataramanan, CVCUpgrading to System Verilog for FPGA Designs, Srinivasan Venkataramanan, CVC
Upgrading to System Verilog for FPGA Designs, Srinivasan Venkataramanan, CVCFPGA Central
 
An integrated approach for designing and testing specific processors
An integrated approach for designing and testing specific processorsAn integrated approach for designing and testing specific processors
An integrated approach for designing and testing specific processorsVLSICS Design
 
Session 7 code_functional_coverage
Session 7 code_functional_coverageSession 7 code_functional_coverage
Session 7 code_functional_coverageNirav Desai
 
QTP 10 00 Guide
QTP 10 00 GuideQTP 10 00 Guide
QTP 10 00 GuideG.C Reddy
 
VHdl lab report
VHdl lab reportVHdl lab report
VHdl lab reportJinesh Kb
 
Stephan berg track f
Stephan berg track fStephan berg track f
Stephan berg track fAlona Gradman
 
Processor Verification Using Open Source Tools and the GCC Regression Test Suite
Processor Verification Using Open Source Tools and the GCC Regression Test SuiteProcessor Verification Using Open Source Tools and the GCC Regression Test Suite
Processor Verification Using Open Source Tools and the GCC Regression Test SuiteDVClub
 

Contenu connexe

Tendances

TMPA-2017: Evolutionary Algorithms in Test Generation for digital systems
TMPA-2017: Evolutionary Algorithms in Test Generation for digital systemsTMPA-2017: Evolutionary Algorithms in Test Generation for digital systems
TMPA-2017: Evolutionary Algorithms in Test Generation for digital systemsIosif Itkin
 
Digital System Design Lab Report - VHDL ECE
Digital System Design Lab Report - VHDL ECEDigital System Design Lab Report - VHDL ECE
Digital System Design Lab Report - VHDL ECERamesh Naik Bhukya
 
Introduction to-vhdl
Introduction to-vhdlIntroduction to-vhdl
Introduction to-vhdlNeeraj Gupta
 
CG OpenGL polar curves & input display color-course 4
CG OpenGL polar curves & input display color-course 4CG OpenGL polar curves & input display color-course 4
CG OpenGL polar curves & input display color-course 4fungfung Chen
 
System verilog important
System verilog importantSystem verilog important
System verilog importantelumalai7
 
ATPG Methods and Algorithms
ATPG Methods and AlgorithmsATPG Methods and Algorithms
ATPG Methods and AlgorithmsDeiptii Das
 
How to Connect SystemVerilog with Octave
How to Connect SystemVerilog with OctaveHow to Connect SystemVerilog with Octave
How to Connect SystemVerilog with OctaveAmiq Consulting
 
Practical file
Practical filePractical file
Practical filerajeevkr35
 
Uvm cookbook-systemverilog-guidelines-verification-academy
Uvm cookbook-systemverilog-guidelines-verification-academyUvm cookbook-systemverilog-guidelines-verification-academy
Uvm cookbook-systemverilog-guidelines-verification-academyRaghavendra Kamath
 
Re usable continuous-time analog sva assertions
Re usable continuous-time analog sva assertionsRe usable continuous-time analog sva assertions
Re usable continuous-time analog sva assertionsRégis SANTONJA
 
Session 8 assertion_based_verification_and_interfaces
Session 8 assertion_based_verification_and_interfacesSession 8 assertion_based_verification_and_interfaces
Session 8 assertion_based_verification_and_interfacesNirav Desai
 
Upgrading to System Verilog for FPGA Designs, Srinivasan Venkataramanan, CVC
Upgrading to System Verilog for FPGA Designs, Srinivasan Venkataramanan, CVCUpgrading to System Verilog for FPGA Designs, Srinivasan Venkataramanan, CVC
Upgrading to System Verilog for FPGA Designs, Srinivasan Venkataramanan, CVCFPGA Central
 
An integrated approach for designing and testing specific processors
An integrated approach for designing and testing specific processorsAn integrated approach for designing and testing specific processors
An integrated approach for designing and testing specific processorsVLSICS Design
 
Session 7 code_functional_coverage
Session 7 code_functional_coverageSession 7 code_functional_coverage
Session 7 code_functional_coverageNirav Desai
 
QTP 10 00 Guide
QTP 10 00 GuideQTP 10 00 Guide
QTP 10 00 GuideG.C Reddy
 
VHdl lab report
VHdl lab reportVHdl lab report
VHdl lab reportJinesh Kb
 

Tendances (20)

TMPA-2017: Evolutionary Algorithms in Test Generation for digital systems
TMPA-2017: Evolutionary Algorithms in Test Generation for digital systemsTMPA-2017: Evolutionary Algorithms in Test Generation for digital systems
TMPA-2017: Evolutionary Algorithms in Test Generation for digital systems
 
Digital System Design Lab Report - VHDL ECE
Digital System Design Lab Report - VHDL ECEDigital System Design Lab Report - VHDL ECE
Digital System Design Lab Report - VHDL ECE
 
Introduction to-vhdl
Introduction to-vhdlIntroduction to-vhdl
Introduction to-vhdl
 
Coverage and Introduction to UVM
Coverage and Introduction to UVMCoverage and Introduction to UVM
Coverage and Introduction to UVM
 
ECAD lab manual
ECAD lab manualECAD lab manual
ECAD lab manual
 
CG OpenGL polar curves & input display color-course 4
CG OpenGL polar curves & input display color-course 4CG OpenGL polar curves & input display color-course 4
CG OpenGL polar curves & input display color-course 4
 
System verilog important
System verilog importantSystem verilog important
System verilog important
 
ATPG Methods and Algorithms
ATPG Methods and AlgorithmsATPG Methods and Algorithms
ATPG Methods and Algorithms
 
How to Connect SystemVerilog with Octave
How to Connect SystemVerilog with OctaveHow to Connect SystemVerilog with Octave
How to Connect SystemVerilog with Octave
 
Practical file
Practical filePractical file
Practical file
 
Uvm cookbook-systemverilog-guidelines-verification-academy
Uvm cookbook-systemverilog-guidelines-verification-academyUvm cookbook-systemverilog-guidelines-verification-academy
Uvm cookbook-systemverilog-guidelines-verification-academy
 
Doulos coverage-tips-tricks
Doulos coverage-tips-tricksDoulos coverage-tips-tricks
Doulos coverage-tips-tricks
 
UVM TUTORIAL;
UVM TUTORIAL;UVM TUTORIAL;
UVM TUTORIAL;
 
Re usable continuous-time analog sva assertions
Re usable continuous-time analog sva assertionsRe usable continuous-time analog sva assertions
Re usable continuous-time analog sva assertions
 
Session 8 assertion_based_verification_and_interfaces
Session 8 assertion_based_verification_and_interfacesSession 8 assertion_based_verification_and_interfaces
Session 8 assertion_based_verification_and_interfaces
 
Upgrading to System Verilog for FPGA Designs, Srinivasan Venkataramanan, CVC
Upgrading to System Verilog for FPGA Designs, Srinivasan Venkataramanan, CVCUpgrading to System Verilog for FPGA Designs, Srinivasan Venkataramanan, CVC
Upgrading to System Verilog for FPGA Designs, Srinivasan Venkataramanan, CVC
 
An integrated approach for designing and testing specific processors
An integrated approach for designing and testing specific processorsAn integrated approach for designing and testing specific processors
An integrated approach for designing and testing specific processors
 
Session 7 code_functional_coverage
Session 7 code_functional_coverageSession 7 code_functional_coverage
Session 7 code_functional_coverage
 
QTP 10 00 Guide
QTP 10 00 GuideQTP 10 00 Guide
QTP 10 00 Guide
 
VHdl lab report
VHdl lab reportVHdl lab report
VHdl lab report
 

Similaire à DO-178C OOT supplement: A user's perspective

Stephan berg track f
Stephan berg track fStephan berg track f
Stephan berg track fAlona Gradman
 
Processor Verification Using Open Source Tools and the GCC Regression Test Suite
Processor Verification Using Open Source Tools and the GCC Regression Test SuiteProcessor Verification Using Open Source Tools and the GCC Regression Test Suite
Processor Verification Using Open Source Tools and the GCC Regression Test SuiteDVClub
 
Open-DO Update
Open-DO UpdateOpen-DO Update
Open-DO UpdateAdaCore
 
Detecting soft errors by a purely software approach
Detecting soft errors by a purely software approachDetecting soft errors by a purely software approach
Detecting soft errors by a purely software approachMd. Hasibur Rashid
 
Detecting soft errors by a purely software approach
Detecting soft errors by a purely software approachDetecting soft errors by a purely software approach
Detecting soft errors by a purely software approachMd. Hasibur Rashid
 
Bounded Model Checking for C Programs in an Enterprise Environment
Bounded Model Checking for C Programs in an Enterprise EnvironmentBounded Model Checking for C Programs in an Enterprise Environment
Bounded Model Checking for C Programs in an Enterprise EnvironmentAdaCore
 
cscript_controller.pdf
cscript_controller.pdfcscript_controller.pdf
cscript_controller.pdfVcTrn1
 
Implementing distributed mclock in ceph
Implementing distributed mclock in cephImplementing distributed mclock in ceph
Implementing distributed mclock in ceph병수 박
 
DvClub 2102 tlm based software control of uvcs for vertical verification re...
DvClub 2102 tlm based software control of uvcs for vertical verification re...DvClub 2102 tlm based software control of uvcs for vertical verification re...
DvClub 2102 tlm based software control of uvcs for vertical verification re...Amit Bhandu
 
Fall 2016 Insurance Case Study – Finance 360Loss ControlLoss.docx
Fall 2016 Insurance Case Study – Finance 360Loss ControlLoss.docxFall 2016 Insurance Case Study – Finance 360Loss ControlLoss.docx
Fall 2016 Insurance Case Study – Finance 360Loss ControlLoss.docxlmelaine
 
Kroening et al, v2c a verilog to c translator
Kroening et al, v2c a verilog to c translatorKroening et al, v2c a verilog to c translator
Kroening et al, v2c a verilog to c translatorsce,bhopal
 
IRJET- Design and Characterization of MAEC IP Core
IRJET- Design and Characterization of MAEC IP CoreIRJET- Design and Characterization of MAEC IP Core
IRJET- Design and Characterization of MAEC IP CoreIRJET Journal
 
Presentation slides: "How to get 100% code coverage"
Presentation slides: "How to get 100% code coverage" Presentation slides: "How to get 100% code coverage"
Presentation slides: "How to get 100% code coverage" Rapita Systems Ltd
 
HKG15-300: Art's Quick Compiler: An unofficial overview
HKG15-300: Art's Quick Compiler: An unofficial overviewHKG15-300: Art's Quick Compiler: An unofficial overview
HKG15-300: Art's Quick Compiler: An unofficial overviewLinaro
 
FACS2017-Presentation.pdf
FACS2017-Presentation.pdfFACS2017-Presentation.pdf
FACS2017-Presentation.pdfallberson
 
Keynote (Mike Muller) - Is There Anything New in Heterogeneous Computing - by...
Keynote (Mike Muller) - Is There Anything New in Heterogeneous Computing - by...Keynote (Mike Muller) - Is There Anything New in Heterogeneous Computing - by...
Keynote (Mike Muller) - Is There Anything New in Heterogeneous Computing - by...AMD Developer Central
 
Accelerated Mac OS X Core Dump Analysis training public slides
Accelerated Mac OS X Core Dump Analysis training public slidesAccelerated Mac OS X Core Dump Analysis training public slides
Accelerated Mac OS X Core Dump Analysis training public slidesDmitry Vostokov
 

Similaire à DO-178C OOT supplement: A user's perspective (20)

Stephan berg track f
Stephan berg track fStephan berg track f
Stephan berg track f
 
Processor Verification Using Open Source Tools and the GCC Regression Test Suite
Processor Verification Using Open Source Tools and the GCC Regression Test SuiteProcessor Verification Using Open Source Tools and the GCC Regression Test Suite
Processor Verification Using Open Source Tools and the GCC Regression Test Suite
 
Open-DO Update
Open-DO UpdateOpen-DO Update
Open-DO Update
 
Detecting soft errors by a purely software approach
Detecting soft errors by a purely software approachDetecting soft errors by a purely software approach
Detecting soft errors by a purely software approach
 
Detecting soft errors by a purely software approach
Detecting soft errors by a purely software approachDetecting soft errors by a purely software approach
Detecting soft errors by a purely software approach
 
Bounded Model Checking for C Programs in an Enterprise Environment
Bounded Model Checking for C Programs in an Enterprise EnvironmentBounded Model Checking for C Programs in an Enterprise Environment
Bounded Model Checking for C Programs in an Enterprise Environment
 
cscript_controller.pdf
cscript_controller.pdfcscript_controller.pdf
cscript_controller.pdf
 
Implementing distributed mclock in ceph
Implementing distributed mclock in cephImplementing distributed mclock in ceph
Implementing distributed mclock in ceph
 
DvClub 2102 tlm based software control of uvcs for vertical verification re...
DvClub 2102 tlm based software control of uvcs for vertical verification re...DvClub 2102 tlm based software control of uvcs for vertical verification re...
DvClub 2102 tlm based software control of uvcs for vertical verification re...
 
Fall 2016 Insurance Case Study – Finance 360Loss ControlLoss.docx
Fall 2016 Insurance Case Study – Finance 360Loss ControlLoss.docxFall 2016 Insurance Case Study – Finance 360Loss ControlLoss.docx
Fall 2016 Insurance Case Study – Finance 360Loss ControlLoss.docx
 
Kroening et al, v2c a verilog to c translator
Kroening et al, v2c a verilog to c translatorKroening et al, v2c a verilog to c translator
Kroening et al, v2c a verilog to c translator
 
Report
ReportReport
Report
 
IRJET- Design and Characterization of MAEC IP Core
IRJET- Design and Characterization of MAEC IP CoreIRJET- Design and Characterization of MAEC IP Core
IRJET- Design and Characterization of MAEC IP Core
 
Presentation slides: "How to get 100% code coverage"
Presentation slides: "How to get 100% code coverage" Presentation slides: "How to get 100% code coverage"
Presentation slides: "How to get 100% code coverage"
 
HKG15-300: Art's Quick Compiler: An unofficial overview
HKG15-300: Art's Quick Compiler: An unofficial overviewHKG15-300: Art's Quick Compiler: An unofficial overview
HKG15-300: Art's Quick Compiler: An unofficial overview
 
FACS2017-Presentation.pdf
FACS2017-Presentation.pdfFACS2017-Presentation.pdf
FACS2017-Presentation.pdf
 
Keynote (Mike Muller) - Is There Anything New in Heterogeneous Computing - by...
Keynote (Mike Muller) - Is There Anything New in Heterogeneous Computing - by...Keynote (Mike Muller) - Is There Anything New in Heterogeneous Computing - by...
Keynote (Mike Muller) - Is There Anything New in Heterogeneous Computing - by...
 
1.ppt
1.ppt1.ppt
1.ppt
 
Accelerated Mac OS X Core Dump Analysis training public slides
Accelerated Mac OS X Core Dump Analysis training public slidesAccelerated Mac OS X Core Dump Analysis training public slides
Accelerated Mac OS X Core Dump Analysis training public slides
 
G017124045
G017124045G017124045
G017124045
 

Plus de AdaCore

RCA OCORA: Safe Computing Platform using open standards
RCA OCORA: Safe Computing Platform using open standardsRCA OCORA: Safe Computing Platform using open standards
RCA OCORA: Safe Computing Platform using open standardsAdaCore
 
Have we a Human Ecosystem?
Have we a Human Ecosystem?Have we a Human Ecosystem?
Have we a Human Ecosystem?AdaCore
 
Rust and the coming age of high integrity languages
Rust and the coming age of high integrity languagesRust and the coming age of high integrity languages
Rust and the coming age of high integrity languagesAdaCore
 
SPARKNaCl: A verified, fast cryptographic library
SPARKNaCl: A verified, fast cryptographic librarySPARKNaCl: A verified, fast cryptographic library
SPARKNaCl: A verified, fast cryptographic libraryAdaCore
 
Developing Future High Integrity Processing Solutions
Developing Future High Integrity Processing SolutionsDeveloping Future High Integrity Processing Solutions
Developing Future High Integrity Processing SolutionsAdaCore
 
Taming event-driven software via formal verification
Taming event-driven software via formal verificationTaming event-driven software via formal verification
Taming event-driven software via formal verificationAdaCore
 
Pushing the Boundary of Mostly Automatic Program Proof
Pushing the Boundary of Mostly Automatic Program ProofPushing the Boundary of Mostly Automatic Program Proof
Pushing the Boundary of Mostly Automatic Program ProofAdaCore
 
RCA OCORA: Safe Computing Platform using open standards
RCA OCORA: Safe Computing Platform using open standardsRCA OCORA: Safe Computing Platform using open standards
RCA OCORA: Safe Computing Platform using open standardsAdaCore
 
Product Lines and Ecosystems: from customization to configuration
Product Lines and Ecosystems: from customization to configurationProduct Lines and Ecosystems: from customization to configuration
Product Lines and Ecosystems: from customization to configurationAdaCore
 
Securing the Future of Safety and Security of Embedded Software
Securing the Future of Safety and Security of Embedded SoftwareSecuring the Future of Safety and Security of Embedded Software
Securing the Future of Safety and Security of Embedded SoftwareAdaCore
 
Spark / Ada for Safe and Secure Firmware Development
Spark / Ada for Safe and Secure Firmware DevelopmentSpark / Ada for Safe and Secure Firmware Development
Spark / Ada for Safe and Secure Firmware DevelopmentAdaCore
 
Introducing the HICLASS Research Programme - Enabling Development of Complex ...
Introducing the HICLASS Research Programme - Enabling Development of Complex ...Introducing the HICLASS Research Programme - Enabling Development of Complex ...
Introducing the HICLASS Research Programme - Enabling Development of Complex ...AdaCore
 
The Future of Aerospace – More Software Please!
The Future of Aerospace – More Software Please!The Future of Aerospace – More Software Please!
The Future of Aerospace – More Software Please!AdaCore
 
Adaptive AUTOSAR - The New AUTOSAR Architecture
Adaptive AUTOSAR - The New AUTOSAR ArchitectureAdaptive AUTOSAR - The New AUTOSAR Architecture
Adaptive AUTOSAR - The New AUTOSAR ArchitectureAdaCore
 
Using Tiers of Assurance Evidence to Reduce the Tears! Adopting the “Wheel of...
Using Tiers of Assurance Evidence to Reduce the Tears! Adopting the “Wheel of...Using Tiers of Assurance Evidence to Reduce the Tears! Adopting the “Wheel of...
Using Tiers of Assurance Evidence to Reduce the Tears! Adopting the “Wheel of...AdaCore
 
Software Engineering for Robotics - The RoboStar Technology
Software Engineering for Robotics - The RoboStar TechnologySoftware Engineering for Robotics - The RoboStar Technology
Software Engineering for Robotics - The RoboStar TechnologyAdaCore
 
MISRA C in an ISO 26262 context
MISRA C in an ISO 26262 contextMISRA C in an ISO 26262 context
MISRA C in an ISO 26262 contextAdaCore
 
Application of theorem proving for safety-critical vehicle software
Application of theorem proving for safety-critical vehicle softwareApplication of theorem proving for safety-critical vehicle software
Application of theorem proving for safety-critical vehicle softwareAdaCore
 
The Application of Formal Methods to Railway Signalling Software
The Application of Formal Methods to Railway Signalling SoftwareThe Application of Formal Methods to Railway Signalling Software
The Application of Formal Methods to Railway Signalling SoftwareAdaCore
 
Multi-Core (MC) Processor Qualification for Safety Critical Systems
Multi-Core (MC) Processor Qualification for Safety Critical SystemsMulti-Core (MC) Processor Qualification for Safety Critical Systems
Multi-Core (MC) Processor Qualification for Safety Critical SystemsAdaCore
 

Plus de AdaCore (20)

RCA OCORA: Safe Computing Platform using open standards
RCA OCORA: Safe Computing Platform using open standardsRCA OCORA: Safe Computing Platform using open standards
RCA OCORA: Safe Computing Platform using open standards
 
Have we a Human Ecosystem?
Have we a Human Ecosystem?Have we a Human Ecosystem?
Have we a Human Ecosystem?
 
Rust and the coming age of high integrity languages
Rust and the coming age of high integrity languagesRust and the coming age of high integrity languages
Rust and the coming age of high integrity languages
 
SPARKNaCl: A verified, fast cryptographic library
SPARKNaCl: A verified, fast cryptographic librarySPARKNaCl: A verified, fast cryptographic library
SPARKNaCl: A verified, fast cryptographic library
 
Developing Future High Integrity Processing Solutions
Developing Future High Integrity Processing SolutionsDeveloping Future High Integrity Processing Solutions
Developing Future High Integrity Processing Solutions
 
Taming event-driven software via formal verification
Taming event-driven software via formal verificationTaming event-driven software via formal verification
Taming event-driven software via formal verification
 
Pushing the Boundary of Mostly Automatic Program Proof
Pushing the Boundary of Mostly Automatic Program ProofPushing the Boundary of Mostly Automatic Program Proof
Pushing the Boundary of Mostly Automatic Program Proof
 
RCA OCORA: Safe Computing Platform using open standards
RCA OCORA: Safe Computing Platform using open standardsRCA OCORA: Safe Computing Platform using open standards
RCA OCORA: Safe Computing Platform using open standards
 
Product Lines and Ecosystems: from customization to configuration
Product Lines and Ecosystems: from customization to configurationProduct Lines and Ecosystems: from customization to configuration
Product Lines and Ecosystems: from customization to configuration
 
Securing the Future of Safety and Security of Embedded Software
Securing the Future of Safety and Security of Embedded SoftwareSecuring the Future of Safety and Security of Embedded Software
Securing the Future of Safety and Security of Embedded Software
 
Spark / Ada for Safe and Secure Firmware Development
Spark / Ada for Safe and Secure Firmware DevelopmentSpark / Ada for Safe and Secure Firmware Development
Spark / Ada for Safe and Secure Firmware Development
 
Introducing the HICLASS Research Programme - Enabling Development of Complex ...
Introducing the HICLASS Research Programme - Enabling Development of Complex ...Introducing the HICLASS Research Programme - Enabling Development of Complex ...
Introducing the HICLASS Research Programme - Enabling Development of Complex ...
 
The Future of Aerospace – More Software Please!
The Future of Aerospace – More Software Please!The Future of Aerospace – More Software Please!
The Future of Aerospace – More Software Please!
 
Adaptive AUTOSAR - The New AUTOSAR Architecture
Adaptive AUTOSAR - The New AUTOSAR ArchitectureAdaptive AUTOSAR - The New AUTOSAR Architecture
Adaptive AUTOSAR - The New AUTOSAR Architecture
 
Using Tiers of Assurance Evidence to Reduce the Tears! Adopting the “Wheel of...
Using Tiers of Assurance Evidence to Reduce the Tears! Adopting the “Wheel of...Using Tiers of Assurance Evidence to Reduce the Tears! Adopting the “Wheel of...
Using Tiers of Assurance Evidence to Reduce the Tears! Adopting the “Wheel of...
 
Software Engineering for Robotics - The RoboStar Technology
Software Engineering for Robotics - The RoboStar TechnologySoftware Engineering for Robotics - The RoboStar Technology
Software Engineering for Robotics - The RoboStar Technology
 
MISRA C in an ISO 26262 context
MISRA C in an ISO 26262 contextMISRA C in an ISO 26262 context
MISRA C in an ISO 26262 context
 
Application of theorem proving for safety-critical vehicle software
Application of theorem proving for safety-critical vehicle softwareApplication of theorem proving for safety-critical vehicle software
Application of theorem proving for safety-critical vehicle software
 
The Application of Formal Methods to Railway Signalling Software
The Application of Formal Methods to Railway Signalling SoftwareThe Application of Formal Methods to Railway Signalling Software
The Application of Formal Methods to Railway Signalling Software
 
Multi-Core (MC) Processor Qualification for Safety Critical Systems
Multi-Core (MC) Processor Qualification for Safety Critical SystemsMulti-Core (MC) Processor Qualification for Safety Critical Systems
Multi-Core (MC) Processor Qualification for Safety Critical Systems
 

Dernier

Generative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfGenerative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfIngrid Airi González
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxLoriGlavin3
 
Manual 508 Accessibility Compliance Audit
Manual 508 Accessibility Compliance AuditManual 508 Accessibility Compliance Audit
Manual 508 Accessibility Compliance AuditSkynet Technologies
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
Assure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyesAssure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyesThousandEyes
 
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...panagenda
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxLoriGlavin3
 
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...Scott Andery
 
Testing tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesTesting tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesKari Kakkonen
 
Scale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterScale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterMydbops
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality AssuranceInflectra
 
Sample pptx for embedding into website for demo
Sample pptx for embedding into website for demoSample pptx for embedding into website for demo
Sample pptx for embedding into website for demoHarshalMandlekar2
 
Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Hiroshi SHIBATA
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsNathaniel Shimoni
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersRaghuram Pandurangan
 
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfSo einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfpanagenda
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
UiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPathCommunity
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersNicole Novielli
 

Dernier (20)

Generative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfGenerative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdf
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
 
Manual 508 Accessibility Compliance Audit
Manual 508 Accessibility Compliance AuditManual 508 Accessibility Compliance Audit
Manual 508 Accessibility Compliance Audit
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 
Assure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyesAssure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyes
 
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptx
 
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
 
Testing tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesTesting tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examples
 
Scale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterScale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL Router
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
 
Sample pptx for embedding into website for demo
Sample pptx for embedding into website for demoSample pptx for embedding into website for demo
Sample pptx for embedding into website for demo
 
Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directions
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information Developers
 
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfSo einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
UiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to Hero
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software Developers
 

DO-178C OOT supplement: A user's perspective

  • 1. DO178C/ED12C OOT A User’s Perspective Cyrille Comar Hugues Bonnin Fred Rivard Certification Together International Conference, Toulouse, October 2010
  • 2. CTIC 2010 2 Agenda 3 examples of DO178C/OOT usage 1. Inheritance : Liskov Substitution Principle (LSP) with Ada 2. Virtualization : the Java Virtual Machine case 3. Dynamic Memory Management : a Java Garbage Collector example
  • 3. Inheritance : Liskov Substitution Principle (LSP) with Ada
  • 4. CTIC 2010 4 Local Type Consistency (TC)  In order to mitigate inheritance vulnerabilities, local type consistency has to be demonstrated. Indeed, this property limits reliably inheritance mechanism.  TC is referred in : ◦ OO.4.4 n. : if reuse is planned, maintenance of TC shall be described. ◦ OO.5.2.2 j. : in design activities, class hiearachy with TC must be developped with associated LLR. ◦ OO.6.7 : specific verification for Local Type Consistency has to be done, with added objective in table A-7 (OO-10).
  • 5. CTIC 2010 5 Local Type Consistency (TC) 1. Formal Methods: ◦ Precondition weakening ◦ Postcondition Strengthening 2. Unit Testing (on LLRs associated with Class methods) ◦ Run all tests associated with a class using objects of child classes 3. Pessimistic Testing ◦ Verify that all dispatching calls are covered by tests exercising all methods potentially reachable from a dispatch point
  • 6. CTIC 2010 6 TC by Formal Analysis type Class1 is tagged private; procedure Method (C : in out Class1; I : Integer) with pre => I > 0; post => C.Updated; type Class2 is new Class1 with private; procedure Method (C : in out Class2; I : Integer) with pre => I >= 0; post => C.Updated and C.Sorted; Ada2012 syntax must demonstrate that • I > 0  I >= 0 • C.Updated and C.Sorted  C.Updated Liskov Substitution Principle: • Precondition is weakened • Postcondition is strengthened
  • 7. CTIC 2010 7 TC by Formal Analysis (2)  Spark = Small Ada + logical annotations  Spark supports limited OO features  Spark already performs this verification type Class1 is tagged private; function Updated (C : Class1) return Boolean; function Sorted (C : Class1) return Boolean; procedure Method (C : in out Class1; I : Integer); --# pre I > 0; --# post Updated(C); type Class2 is new Class1 with private; procedure Method (C : in out Class2; I : Integer); --# pre I >= 0; --# post Updated(C) and Sorted (C); H1: updated(fld_inherit(c)) . H2: sorted(fld_inherit(c)) . -> C1: updated(fld_inherit(c)) . H1: i > 0 . -> C1: i >= 0 . Spark produces 2 VCs (Verification Conditions)
  • 8. CTIC 2010 8 TC by Unit Testing  With proper organization of unit testing, verification is relatively easy to put in place: ◦ Each class has a mirror “test” class ◦ Each method has a mirror “test” method  Low-Level Requirements are associated with methods  Corresponding testcases are associated to the “mirror” test method ◦ Group all the tests related to a class in a testsuite ◦ Apply this testsuite to objects of the class ◦ Apply this testsuite to objects of subclasses Verify the LLRs associated with the class Verify type consistency
  • 9. CTIC 2010 9 TC by Unit Testing package Example is type T1 is tagged private; procedure M1 (X : T1); function F1 (X : T1) return Integer; type T2 is new T1 with private; overriding procedure M1 (X : T2); -- inherit F1 (X : T2) end Example; package Example.Unit_Tests is type Test_T1 is new Root_Class_Test with record Ptr : access_T1_Class; end record; procedure Test_M1 (X : Test_T1); procedure Test_F1 (X : Test_T1); type Test_T2 is new Test_T1 with private; overriding procedure Test_M1 (X : Test_T2); -- inherit Test_F1 (X : Test_T2) end Example.Unit_Tests; LLR1_M1 LLR2_M1 LLR1_M1_TestCase1 LLR1_M1_TestCase2 … +M1() +F1() T1 +M1() T2 +Test_M1() +Test_F1() -Ptr T1_Test +Test_M1() T2_Test 1 1
  • 10. CTIC 2010 10 TC by Unit Testing package body Example.Test_Suites is procedure T1_Test_Suite (T : Test_T1) is … procedure T2_Test_Suite (T : Test_T2) is begin Test_M1 (T); Test_F1 (T); -- call inherited test end T2_Test_Suite; end Example.Test_Suites; Procedure My_Test is T2_Obj : Test_T2 := (Root_Class_Test with new T2); begin -- regular testing on T2 Example.Test_Suites.T2_Test_Suite (T2_Obj); -- verify that T2 can substitute T1 safely Example.Test_Suites.T1_Test_Suite (Test_T1(T2_Obj)); end My_Test;
  • 11. CTIC 2010 11 TC by Pessimistic Testing  Locate all dispatching calls in the application  For each, infer every method that can be called  Verify that Req based testing cover all such cases
  • 12. CTIC 2010 12 TC by Pessimistic Testing procedure Do_Something (Obj1 : T1’Class; Obj2 : T2’Class) is begin … Obj1.M1; … Val := Obj2.F1; … end Do_Something; T2’s F1 T2’s M1 T1’s M1 … Do_Something (My_Obj1, My_Obj2); … Do_Something (My_Obj2, My_Obj2); … Enough to achieve stmt coverage but Not enough for Type Consistency verif Necessary to complete “pessimistic testing”
  • 13. Virtualization : the Java Virtual Machine case
  • 14. CTIC 2010 14 Multilayering needs  virtualization has multiple known interests for productivity and industrialisation ◦ SW/HW independance ◦ simulation easier ◦ portability improved  but for safety too : ◦ breakdown of complexity (« divide and conquer ») ◦ in case of Java :  stability of Java Bytecode (10+ years)  formal properties of bytecode but with DO178-B...
  • 15. CTIC 2010 15 Executable (on target) Code Design Specification Introduction of Virtualizatio n No room for Java Byte Code DO178-B approach Executable (on target) Code Design Specification Byte-Code (on VM) DO178C/OOT approach OO.4 “The target environment is either a target computer or a combination of virtualization software and a target computer. Virtualization software also needs to comply with DO-178C/ED-12C and applicable supplements”
  • 16. CTIC 2010 16 DO178C ref. on virtualization  OO.4.2 m. ◦ « Describe any planned use of virtualization » and « This data [byte code] should be treated as executable code »  OO.C.7.7 ◦ main vulnerability is « the code of a given virtualization layer may be considered to be data, consequently, tracing may be neglected, and verification may be insufficient »  OO11.7 g., OO11.8 f. ◦ standards (design and code) must include contraints on usage of virtualization
  • 17. CTIC 2010 17 Development principle for a Java Software (1/2) Java Application JVM Platform HW targetExecutable Code Design Specification Executable Code Design Specification
  • 18. CTIC 2010 18 Development principle for a Java Software (2/2)  Tests principles : « IMA-like » process Application on JVM  main part of appl. HLR, LLR tests JVM on target  main part of JVM HLR, LLR tests ApplicationonJVM ontarget smallpartof integrationtests Application exec. on JVM JVM exec. on HW
  • 19. CTIC 2010 19 Constraints on Application devt.  development of application is not changed  but « executable object code » is Java bytecode, and the target is a JVM.  it allows to executes tests on any JVM, considering that target environment is representative of final HW target. ◦ standardisation of the JVM greatly helps for this demonstration
  • 20. CTIC 2010 20 Constraints on JVM devt. (1)  Devt. of the JVM must be done at least at the same SW level as the application.  JVM HLR and LLR are principally described in Java Virtual Machine specification (the « blue book »).  Robust and deterministic algorithms must be chosen, and described in LLRs, to implement the JVM (see for example Garbage Collector in next part) ◦ The simplest are the choices, the easiest is the demonstration.
  • 21. CTIC 2010 21 Constraints on JVM devt. (2) : JVM Tests strategy HW target JVM Java tests JVM tests execution on JVM JVM Java Bytecode JVM target bytecode JVM execution on a Test JVM JVM execution on the target Test JVM Single test battery Stage 1 Stage 2
  • 22. Dynamic Memory Management : the Java Garbage Collector example
  • 23. CTIC 2010 23 DO178C ref. on Dynamic Memory Management  OO.C.7.6 ◦ vulnerabilities are listed and explained, with guidelines  OO.5.2.2 (design activities) : ◦ k. « As part of the software architecture, develop a strategy for memory management »  OO.11.7 g. et OO.11.8 f. ◦ standards (design and code) must include contraints on usage of memory management  OO.6.8 ◦ specific verification for Dynamic Memory Management has to be done, with added objective in table A-7 (OO- 11), covering all the vulnerabilities explained in OO.C
  • 24. CTIC 2010 24 Memory ManagementTable OO.C.7.6.3 : where sub-objectives are addressed MMI : Memory Management Infrastructure AC : Application  With automatic heap managament allocation, application transfers dynamic memory management problems to the infrastructure  this is a main advantage of using a Garbage Collector (GC) a b c d e f g Object pooling AC AC AC AC AC N/A MMI Stack allocation AC MMI MMI AC AC N/A MMI Scope allocation MMI MMI MMI AC AC MMI MMI Manual heap allocation AC AC* AC AC AC N/A MMI Automatic heap allocation MMI MMI MMI AC MMI MMI MMI Sub-objectives (OO.6.8.2) Technique
  • 25. CTIC 2010 25 7 vulnerabilities in DMM a. Ambiguous References b. Fragmentation Starvation c. Deallocation Starvation d. Heap Memory Exhaustion e. Premature Deallocation f. Lost Update and Stale Reference g. Time bound Allocation or Deallocation MMI MMI MMI MMI MMI MMI AC
  • 26. CTIC 2010 26 Verify GC by tests against vulnerabilities  these verification points are a sort of minimal requirements for a DMM infrastructure.  They all can be tested by adequate stress tests  For example, property e. « Premature Deallocation » ◦ 6.8.2.e states « Verify that reference consistency is maintained, that is, each object is unique, and is only viewed as that object. » ◦ One test could be :  one thread fill an array with objects ;  another one compare randomly cells of the array (a[x]==a[y]) ;  one third thread destroys the objects.  This process is repeated at a high rate and during a long period.  The comparison must never be true.
  • 27. CTIC 2010 27 Verify GC by analysis against vulnerabilities (1/2)  The fine characteristics of the GC give supplementary LLRs ◦ Stop-the the-world / concurrent ◦ Mark-sweep / copy ◦ Compact / not compact ◦ Exact / conservative pointers ◦ Work / time based ...
  • 28. CTIC 2010 28 Verify GC by analysis against vulnerabilities (2/2)  For example, b. Fragmentation Starvation c. Deallocation Starvation g. Time bound Allocation or Deallocation are well demonstrated by Shoeberl works, for concurrent-copy GC,  these charactristics can be used to give some sound verification of vulnerabities with periodic GC.
  • 30. CTIC 2010 30 Conclusion  DO178C/OOT supplement is a real guide to go to certification with OO features ◦ it gives the necessary constraints to make OO programs safe ◦ it gives the sufficient genercity to accept any known OO technology ◦ it gives didactical material (APP.C)  Thanks to this new DO178 version, modern OO technology will finally be embedded in our modern aircrafts.