SlideShare une entreprise Scribd logo

Verifying Architectural Design Rules of a Flight Software Product Line

Télécharger en tant que PPTX, PDF
Dharmalingam Ganesan
Dharmalingam Ganesan
Technologie
1  sur  25
CESE Verifying Architectural Design Rules Of the Flight Software Product Line Fraunhofer CESE: NASA GSFC: Dharmalingam Ganesan David McComas Mikael Lindvall Maureen Bartholomew Chris Ackermann 1
CESE What is the CFS? • The Core Flight Software System (CFS) is a mission-independent, platform-independent, Flight Software (FSW) environment integrating a reusable core flight executive (cFE) • The CFS is a product-line developed by the NASA Goddard Space Flight Center (GSFC) 2
CESE Motivation for cFE/CFS • Requirements – The Requirements for Command and Data Handling (C&DH) Flight Software are very similar from Flight Project to Flight Project – The Requirements for Guidance Navigation and Control (GNC) Flight Software are also be quite similar from Flight Project to Flight Project • So, let’s not “re-invent the wheel” in each project – cFE responds to this by allowing FSW developers and testers to concentrate on the uniqueness of a project 3
CESE cFE/CFS Heritage SMEX- Lite SAMPEX SWAS TRACE WIRE Triana Swift BAT (launched (launched 8/92) (launched (launched 2/99) (waiting for (12/04) 12/98) 3/98) launch) XTE (launched TRMM (launched 12/95) 11/97) JWST ISIM (2011) IceSat GLAS (01/03) Core FSW Executive MAP (launched Future Spacecraft 06/01) and Instruments SDO (2007) LRO (2009) ST-5 (5/06) 4
CESE Business Goals and Arch. Principles The CFS Business Goals Supporting the Goals Reduce time to deploy Layered architecture high-quality software Reduce project schedule and Reusable core modules with cost uncertainty standard API’s Directly facilitate formalized Plug and play modules software reuse Publish-and-subscribe style Enable collaboration across organizations Standard Middleware/ Software bus Simplify sustaining engineering and maintenance Run-time module registration and integration Platform for advanced concepts and prototyping OS and Hardware Abstraction Common standards and tools across NASA 5
CESE Problem/Challenge • How do we make sure that the implementation follows all documented architectural styles (e.g., Layers), patterns, interface usage rules, etc? • Otherwise, architecture remains as a hypothesis • Technical goals can be compromised – testability, buildability, (subtle) performance, run-time adaptability, evolvability, etc., • Also, business goals can be comprised because architecture is an important enabler • cFE/CFS undergoes rigorous code review – are architecture rules already checked in review? 6
CESE Specified Structure … 7
CESE Example cFE/CFS Context Diagram Mass EDAC Storage House- Memory Memory Memory Self GN&C Instrument System keeping Checksum Scrubber Manager Dwell Test Applications Manager (4) Software Data Storage Scheduler File Stored Manager Commanding Local Storage Inter-task Message Router (SW Bus) CFDP File Health & Transfer Safety Manager 1553 Bus Telemetry Command Software Time Executive Event Table Limit Services Services Services Services Checker Support Output Ingest Bus Commands Comm Cards Transponders cFE core App Summit Chip Real-time Telemetry (UDP) CFS Applications File downlink 8 Mission Apps (CFDP)
CESE Approach for Verifying Rules Bridge abstraction gap Mapping - sample clonefinder grep ifnames RPA SAVE 9
CESE Category of Derived (static) Rules • Dependency-restriction rules – Fraunhofer SAVE , Relation Partition Algebra (RPA) • Decomposition-restriction rules – RPA tool, grep • Redundancy (clones) rules – Clone finder tool • Conditional preprocessor usage rules – ifnames tool  Let us see sample results (details in the paper) 10
CESE Why dependency-restriction rules?– a comment from cFE/CFS docs • Developers are discouraged from using the OS_QueueCreate, OS_QueueGet and OS_QueuePut functions. These functions are a lower level duplication of the Software Bus Services pipes. Their usage limit the visibility into data messages being passed between Applications and they would also impose a requirement that two applications must reside on the same processor. 11
CESE Extracted Dependency from Code App and Core are developed almost by the same developers This implemented view is consistent with the design guideline: Cfe-app should use Cfe-core, but not vice-versa because Core should be independently testable/buildable without apps 12 12
CESE Extract Dependencies among Apps Design Rule No two applications are allowed to interact directly, and should instead use the software bus to communicate It should be possible to start, stop, restart, and remove 13 applications independently for improved fault tolerance. 13
CESE OS Abstraction Layer (OSAL) • Real Time Operating System APIs – Tasks, Queues, Semaphores, Interrupts, etc., • File System APIs – Abstracts the file systems that may be present on a system – Simulate multiple embedded file systems on a desktop computer for testing • Hardware APIs – Port and memory based I/O access in order to provide a common way of accessing 14 hardware resources
CESE Why OSAL should be used? – comments from cFE/CFS docs • The developer must make the effort to identify the proper methods through the cFE and OS API to satisfy their software requirements and not be tempted to take a “short-cut” and accomplish their goal with a direct hardware or operating system software interface. • …attempting to write to EEPROM using the standard C function memcpy will fail. Using OS_MemCpy will succeed because the EEPROM will be configured for writing before the copy is performed. 15
CESE OSAL By-Pass • The CFS guide states that all communications to the OS and hardware should go through the OSAL for portability and testability reasons • The analysis shows that there a few places where the OS is directly used (i.e., standard C functions) CFE_ES_StartApplications call memset CFE_FS_Decompress call memset FS_gz_inflate_codes call memcpy main call printf OS_Memset, OS_Memcpy, and OS_printf Should have been called 16
CESE Common Look-and-Feel • A common directory structure template has been defined – Where to place header files – Where to place configuration files – What data to make public (and private) • Template for interaction with software bus and other core components • Template for a module decomposition • Template for a task decomposition 17
CESE Common Look-and-feel violations If modules have different look-and-feel they are difficult to inspect, test, understand. Applications designed to interface with the cFE should follow standard templates. QQ Limit Checker (LC) In fact, found a subtle runtime error QQ_AppMain LC_AppMain in a module that deviates from the QQ template. QQ_AppInit LC_AppInit 18 - Additional performance problems
CESE Module Redundancy (Clone) Analysis • The source code of the cFE/CFS is offered to some of its customers • Presence of clones do not give good impression about the cFE/CFS design excellence • Also, cloning is not a recommended way to implement product lines – Hard to evolve multiple cloned versions 19
CESE Module Redundancy Analysis • Clone finder tool detected a lot of “false” positives (mainly due to template code) • However, there are some true clones within the OS abstraction layer (OSAL) • There are no clones between Core and App layers (developed by the same team!) Important to understand the context before criticizing the team! 20
CESE Conditional Preprocessor Analysis • Minimizing complexity is one of the cFE/CFS design goals • Design decisions were made to use the preprocessor to the “minimum” • 80% of files don’t have conditional preprocessor statements! Checks variation point lower and upper bounds 21
CESE Variability Implementation Strategy • Missions can plug-in and plug-out applications • Abstract APIs with alternative implementations • OS and hardware variants are taken care by the OSAL • Build scripts select and compile the selected OS type implementation files • Header files with the same name is used 22 to manage certain variants
CESE Conclusion and Outlook • The cFE/CFS team performs rigorous design and code reviews thus not many issues remain! • Nevertheless, some issues remain undetected • Detected issues were added into the discrepancy list and were addressed • Imagine the number of architectural violations in hardly reviewed systems! 23
CESE Conclusion and Outlook • This analysis helped in establishing the chain of relationships among business goals, architecture, and source code • Important to verify whether the implementation is indeed consistent with the specified architecture – Tools help a lot in performing and repeating • Otherwise, testability, buildability, performance, etc., can be compromised • On-going work: run-time behavioral rules 24
CESE Questions • Dharmalingam Ganesan – dganesan@fc-md.umd.edu • Mikael Lindvall – mlindvall@fc-md.umd.edu 25

Recommandé

Analysis of Testability of a Flight Software Product Line
Analysis of Testability of a Flight Software Product LineAnalysis of Testability of a Flight Software Product Line
Analysis of Testability of a Flight Software Product Line
Dharmalingam Ganesan
 
Friedenthal.sandford
Friedenthal.sandfordFriedenthal.sandford
Friedenthal.sandford
NASAPMC
 
PowerPoint Presentation
PowerPoint PresentationPowerPoint Presentation
PowerPoint Presentation
rhofkens
 
Alliance Successful Selenium Automation
Alliance Successful Selenium AutomationAlliance Successful Selenium Automation
Alliance Successful Selenium Automation
sadams22
 
Dependability Engineering 2 (CS 5032 2012)
Dependability Engineering 2 (CS 5032 2012)Dependability Engineering 2 (CS 5032 2012)
Dependability Engineering 2 (CS 5032 2012)
Ian Sommerville
 
HTAF 2.0 - A hybrid test automation framework.
HTAF 2.0 - A hybrid test automation framework.HTAF 2.0 - A hybrid test automation framework.
HTAF 2.0 - A hybrid test automation framework.
Mindtree Ltd.
 
Ui Modeling In Action With PMF, e4(XWT) And EGF
Ui Modeling In Action With PMF, e4(XWT) And EGFUi Modeling In Action With PMF, e4(XWT) And EGF
Ui Modeling In Action With PMF, e4(XWT) And EGF
BENOIT_LANGLOIS
 
Vince.bilardo
Vince.bilardoVince.bilardo
Vince.bilardo
NASAPMC
 

Recommandé

Analysis of Testability of a Flight Software Product Line
Analysis of Testability of a Flight Software Product LineAnalysis of Testability of a Flight Software Product Line
Analysis of Testability of a Flight Software Product Line
Dharmalingam Ganesan
 
Friedenthal.sandford
Friedenthal.sandfordFriedenthal.sandford
Friedenthal.sandford
NASAPMC
 
PowerPoint Presentation
PowerPoint PresentationPowerPoint Presentation
PowerPoint Presentation
rhofkens
 
Alliance Successful Selenium Automation
Alliance Successful Selenium AutomationAlliance Successful Selenium Automation
Alliance Successful Selenium Automation
sadams22
 
Dependability Engineering 2 (CS 5032 2012)
Dependability Engineering 2 (CS 5032 2012)Dependability Engineering 2 (CS 5032 2012)
Dependability Engineering 2 (CS 5032 2012)
Ian Sommerville
 
HTAF 2.0 - A hybrid test automation framework.
HTAF 2.0 - A hybrid test automation framework.HTAF 2.0 - A hybrid test automation framework.
HTAF 2.0 - A hybrid test automation framework.
Mindtree Ltd.
 
Ui Modeling In Action With PMF, e4(XWT) And EGF
Ui Modeling In Action With PMF, e4(XWT) And EGFUi Modeling In Action With PMF, e4(XWT) And EGF
Ui Modeling In Action With PMF, e4(XWT) And EGF
BENOIT_LANGLOIS
 
Vince.bilardo
Vince.bilardoVince.bilardo
Vince.bilardo
NASAPMC
 
Mil soft jets jetsim
Mil soft jets jetsimMil soft jets jetsim
Mil soft jets jetsim
milsoftSDC
 
A framework for distributed control and building performance simulation
A framework for distributed control and building performance simulationA framework for distributed control and building performance simulation
A framework for distributed control and building performance simulation
Daniele Gianni
 
Developing Safety-Critical Java Applications with oSCJ
Developing Safety-Critical Java Applications with oSCJ Developing Safety-Critical Java Applications with oSCJ
Developing Safety-Critical Java Applications with oSCJ
Aleš Plšek
 
Tccc10 tooling testingci-vs2010teamcity
Tccc10 tooling testingci-vs2010teamcityTccc10 tooling testingci-vs2010teamcity
Tccc10 tooling testingci-vs2010teamcity
Baskin Tapkan
 
Strassner retherford
Strassner retherfordStrassner retherford
Strassner retherford
NASAPMC
 
Test and integration in REC
Test and integration in RECTest and integration in REC
Test and integration in REC
katybairstow
 
Software Processes
Software Processes Software Processes
Software Processes
Mayuran Ramanathan
 
Continuous Integration to Shift Left Testing Across the Enterprise Stack
Continuous Integration to Shift Left Testing Across the Enterprise StackContinuous Integration to Shift Left Testing Across the Enterprise Stack
Continuous Integration to Shift Left Testing Across the Enterprise Stack
DevOps.com
 
Objectif cloud
Objectif cloudObjectif cloud
Objectif cloud
Nicolas De Loof
 
Att lyckas med integration av arbetet från flera scrum team - Christophe Acho...
Att lyckas med integration av arbetet från flera scrum team - Christophe Acho...Att lyckas med integration av arbetet från flera scrum team - Christophe Acho...
Att lyckas med integration av arbetet från flera scrum team - Christophe Acho...
manssandstrom
 
Quality Assurance in REC Group
Quality Assurance in REC GroupQuality Assurance in REC Group
Quality Assurance in REC Group
tonyroz
 
Zapewnienie jakości w Grupie REC
Zapewnienie jakości w Grupie RECZapewnienie jakości w Grupie REC
Zapewnienie jakości w Grupie REC
tonyroz
 
Richlong2013Modified
Richlong2013ModifiedRichlong2013Modified
Richlong2013Modified
richtx
 
Quality on Submit
Quality on SubmitQuality on Submit
Quality on Submit
AgileSparks
 
Patrick A Bohr2003
Patrick A Bohr2003Patrick A Bohr2003
Patrick A Bohr2003
pbohr
 
I Never Thought I Would Grow Up to be This Formal
I Never Thought I Would Grow Up to be This FormalI Never Thought I Would Grow Up to be This Formal
I Never Thought I Would Grow Up to be This Formal
DVClub
 
Ovp Introduction Presentation (04 Feb 10)
Ovp Introduction Presentation (04 Feb 10)Ovp Introduction Presentation (04 Feb 10)
Ovp Introduction Presentation (04 Feb 10)
simon56
 
Ovp Introduction Presentation
Ovp Introduction PresentationOvp Introduction Presentation
Ovp Introduction Presentation
simon56
 
David.oberhettinger
David.oberhettingerDavid.oberhettinger
David.oberhettinger
NASAPMC
 
UnBBayes Plugin Framework
UnBBayes Plugin FrameworkUnBBayes Plugin Framework
UnBBayes Plugin Framework
Rommel Carvalho
 
Mil soft company_overview_2013
Mil soft company_overview_2013Mil soft company_overview_2013
Mil soft company_overview_2013
milsoftSDC
 
Hsa10 whitepaper
Hsa10 whitepaperHsa10 whitepaper
Hsa10 whitepaper
HSA Foundation
 

Contenu connexe

Tendances

Mil soft jets jetsim
Mil soft jets jetsimMil soft jets jetsim
Mil soft jets jetsim
milsoftSDC
 
Developing Safety-Critical Java Applications with oSCJ
Developing Safety-Critical Java Applications with oSCJ Developing Safety-Critical Java Applications with oSCJ
Developing Safety-Critical Java Applications with oSCJ
Aleš Plšek
 
Strassner retherford
Strassner retherfordStrassner retherford
Strassner retherford
NASAPMC
 
Test and integration in REC
Test and integration in RECTest and integration in REC
Test and integration in REC
katybairstow
 
Att lyckas med integration av arbetet från flera scrum team - Christophe Acho...
Att lyckas med integration av arbetet från flera scrum team - Christophe Acho...Att lyckas med integration av arbetet från flera scrum team - Christophe Acho...
Att lyckas med integration av arbetet från flera scrum team - Christophe Acho...
manssandstrom
 
Quality Assurance in REC Group
Quality Assurance in REC GroupQuality Assurance in REC Group
Quality Assurance in REC Group
tonyroz
 
Zapewnienie jakości w Grupie REC
Zapewnienie jakości w Grupie RECZapewnienie jakości w Grupie REC
Zapewnienie jakości w Grupie REC
tonyroz
 
I Never Thought I Would Grow Up to be This Formal
I Never Thought I Would Grow Up to be This FormalI Never Thought I Would Grow Up to be This Formal
I Never Thought I Would Grow Up to be This Formal
DVClub
 
Ovp Introduction Presentation (04 Feb 10)
Ovp Introduction Presentation (04 Feb 10)Ovp Introduction Presentation (04 Feb 10)
Ovp Introduction Presentation (04 Feb 10)
simon56
 
Ovp Introduction Presentation
Ovp Introduction PresentationOvp Introduction Presentation
Ovp Introduction Presentation
simon56
 
David.oberhettinger
David.oberhettingerDavid.oberhettinger
David.oberhettinger
NASAPMC
 
UnBBayes Plugin Framework
UnBBayes Plugin FrameworkUnBBayes Plugin Framework
UnBBayes Plugin Framework
Rommel Carvalho
 

Tendances (20)

Mil soft jets jetsim
Mil soft jets jetsimMil soft jets jetsim
Mil soft jets jetsim
 
A framework for distributed control and building performance simulation
A framework for distributed control and building performance simulationA framework for distributed control and building performance simulation
A framework for distributed control and building performance simulation
 
Developing Safety-Critical Java Applications with oSCJ
Developing Safety-Critical Java Applications with oSCJ Developing Safety-Critical Java Applications with oSCJ
Developing Safety-Critical Java Applications with oSCJ
 
Tccc10 tooling testingci-vs2010teamcity
Tccc10 tooling testingci-vs2010teamcityTccc10 tooling testingci-vs2010teamcity
Tccc10 tooling testingci-vs2010teamcity
 
Strassner retherford
Strassner retherfordStrassner retherford
Strassner retherford
 
Test and integration in REC
Test and integration in RECTest and integration in REC
Test and integration in REC
 
Software Processes
Software Processes Software Processes
Software Processes
 
Continuous Integration to Shift Left Testing Across the Enterprise Stack
Continuous Integration to Shift Left Testing Across the Enterprise StackContinuous Integration to Shift Left Testing Across the Enterprise Stack
Continuous Integration to Shift Left Testing Across the Enterprise Stack
 
Objectif cloud
Objectif cloudObjectif cloud
Objectif cloud
 
Att lyckas med integration av arbetet från flera scrum team - Christophe Acho...
Att lyckas med integration av arbetet från flera scrum team - Christophe Acho...Att lyckas med integration av arbetet från flera scrum team - Christophe Acho...
Att lyckas med integration av arbetet från flera scrum team - Christophe Acho...
 
Quality Assurance in REC Group
Quality Assurance in REC GroupQuality Assurance in REC Group
Quality Assurance in REC Group
 
Zapewnienie jakości w Grupie REC
Zapewnienie jakości w Grupie RECZapewnienie jakości w Grupie REC
Zapewnienie jakości w Grupie REC
 
Richlong2013Modified
Richlong2013ModifiedRichlong2013Modified
Richlong2013Modified
 
Quality on Submit
Quality on SubmitQuality on Submit
Quality on Submit
 
Patrick A Bohr2003
Patrick A Bohr2003Patrick A Bohr2003
Patrick A Bohr2003
 
I Never Thought I Would Grow Up to be This Formal
I Never Thought I Would Grow Up to be This FormalI Never Thought I Would Grow Up to be This Formal
I Never Thought I Would Grow Up to be This Formal
 
Ovp Introduction Presentation (04 Feb 10)
Ovp Introduction Presentation (04 Feb 10)Ovp Introduction Presentation (04 Feb 10)
Ovp Introduction Presentation (04 Feb 10)
 
Ovp Introduction Presentation
Ovp Introduction PresentationOvp Introduction Presentation
Ovp Introduction Presentation
 
David.oberhettinger
David.oberhettingerDavid.oberhettinger
David.oberhettinger
 
UnBBayes Plugin Framework
UnBBayes Plugin FrameworkUnBBayes Plugin Framework
UnBBayes Plugin Framework
 

Similaire à Verifying Architectural Design Rules of a Flight Software Product Line

Mil soft company_overview_2013
Mil soft company_overview_2013Mil soft company_overview_2013
Mil soft company_overview_2013
milsoftSDC
 
Ruszkowski.james
Ruszkowski.jamesRuszkowski.james
Ruszkowski.james
NASAPMC
 
Oracle rac 10g best practices
Oracle rac 10g best practicesOracle rac 10g best practices
Oracle rac 10g best practices
Haseeb Alam
 
AF3 Interner Tag Offene Tueren
AF3 Interner Tag Offene TuerenAF3 Interner Tag Offene Tueren
AF3 Interner Tag Offene Tueren
af_devel
 
Reverse Engineering of Software Architecture
Reverse Engineering of Software ArchitectureReverse Engineering of Software Architecture
Reverse Engineering of Software Architecture
Dharmalingam Ganesan
 
Architecture Analysis of Systems based on Publish-Subscribe Systems
Architecture Analysis of Systems based on Publish-Subscribe SystemsArchitecture Analysis of Systems based on Publish-Subscribe Systems
Architecture Analysis of Systems based on Publish-Subscribe Systems
Dharmalingam Ganesan
 
Gallo resume-pdf
Gallo resume-pdfGallo resume-pdf
Gallo resume-pdf
gingergallo
 
Mil soft company overview 2012 v2
Mil soft company overview 2012 v2Mil soft company overview 2012 v2
Mil soft company overview 2012 v2
milsoftSDC
 
VMware View – Storage Considerations
VMware View – Storage ConsiderationsVMware View – Storage Considerations
VMware View – Storage Considerations
Calin Damian Tanase
 
Cordova kovich sargusingh
Cordova kovich sargusinghCordova kovich sargusingh
Cordova kovich sargusingh
NASAPMC
 
V Labs Product Presentation
V Labs Product PresentationV Labs Product Presentation
V Labs Product Presentation
Wil Huijben
 
DockerCon14 Cluster Management and Containerization
DockerCon14 Cluster Management and ContainerizationDockerCon14 Cluster Management and Containerization
DockerCon14 Cluster Management and Containerization
Docker, Inc.
 

Similaire à Verifying Architectural Design Rules of a Flight Software Product Line (20)

Mil soft company_overview_2013
Mil soft company_overview_2013Mil soft company_overview_2013
Mil soft company_overview_2013
 
Hsa10 whitepaper
Hsa10 whitepaperHsa10 whitepaper
Hsa10 whitepaper
 
Ruszkowski.james
Ruszkowski.jamesRuszkowski.james
Ruszkowski.james
 
Oracle rac 10g best practices
Oracle rac 10g best practicesOracle rac 10g best practices
Oracle rac 10g best practices
 
Introduction of file based workflows 111004 vfinal
Introduction of file based workflows 111004 vfinalIntroduction of file based workflows 111004 vfinal
Introduction of file based workflows 111004 vfinal
 
FPL'2014 - FlexTiles Workshop - 5 - FlexTiles Simulation Platform
FPL'2014 - FlexTiles Workshop - 5 - FlexTiles Simulation PlatformFPL'2014 - FlexTiles Workshop - 5 - FlexTiles Simulation Platform
FPL'2014 - FlexTiles Workshop - 5 - FlexTiles Simulation Platform
 
ATI Technical CONOPS and Concepts Technical Training Course Sampler
ATI Technical CONOPS and Concepts Technical Training Course SamplerATI Technical CONOPS and Concepts Technical Training Course Sampler
ATI Technical CONOPS and Concepts Technical Training Course Sampler
 
AF3 Interner Tag Offene Tueren
AF3 Interner Tag Offene TuerenAF3 Interner Tag Offene Tueren
AF3 Interner Tag Offene Tueren
 
Reverse Engineering of Software Architecture
Reverse Engineering of Software ArchitectureReverse Engineering of Software Architecture
Reverse Engineering of Software Architecture
 
Why AIOps Matters For Kubernetes
Why AIOps Matters For KubernetesWhy AIOps Matters For Kubernetes
Why AIOps Matters For Kubernetes
 
Architecture Analysis of Systems based on Publish-Subscribe Systems
Architecture Analysis of Systems based on Publish-Subscribe SystemsArchitecture Analysis of Systems based on Publish-Subscribe Systems
Architecture Analysis of Systems based on Publish-Subscribe Systems
 
Gallo resume-pdf
Gallo resume-pdfGallo resume-pdf
Gallo resume-pdf
 
Mil soft company overview 2012 v2
Mil soft company overview 2012 v2Mil soft company overview 2012 v2
Mil soft company overview 2012 v2
 
VMware View – Storage Considerations
VMware View – Storage ConsiderationsVMware View – Storage Considerations
VMware View – Storage Considerations
 
PROSE
PROSEPROSE
PROSE
 
Docker bdxio
Docker bdxioDocker bdxio
Docker bdxio
 
Icin 2009
Icin 2009Icin 2009
Icin 2009
 
Cordova kovich sargusingh
Cordova kovich sargusinghCordova kovich sargusingh
Cordova kovich sargusingh
 
V Labs Product Presentation
V Labs Product PresentationV Labs Product Presentation
V Labs Product Presentation
 
DockerCon14 Cluster Management and Containerization
DockerCon14 Cluster Management and ContainerizationDockerCon14 Cluster Management and Containerization
DockerCon14 Cluster Management and Containerization
 

Plus de Dharmalingam Ganesan

Analysis of Short RSA Secret Exponent d
Analysis of Short RSA Secret Exponent dAnalysis of Short RSA Secret Exponent d
Analysis of Short RSA Secret Exponent d
Dharmalingam Ganesan
 

Plus de Dharmalingam Ganesan (20)

.NET Deserialization Attacks
.NET Deserialization Attacks.NET Deserialization Attacks
.NET Deserialization Attacks
 
Reverse Architecting using Relation Algebra.pdf
Reverse Architecting using Relation Algebra.pdfReverse Architecting using Relation Algebra.pdf
Reverse Architecting using Relation Algebra.pdf
 
How to exploit rand()?
How to exploit rand()?How to exploit rand()?
How to exploit rand()?
 
Cyclic Attacks on the RSA Trapdoor Function
Cyclic Attacks on the RSA Trapdoor FunctionCyclic Attacks on the RSA Trapdoor Function
Cyclic Attacks on the RSA Trapdoor Function
 
An Analysis of RSA Public Exponent e
An Analysis of RSA Public Exponent eAn Analysis of RSA Public Exponent e
An Analysis of RSA Public Exponent e
 
An Analysis of Secure Remote Password (SRP)
An Analysis of Secure Remote Password (SRP)An Analysis of Secure Remote Password (SRP)
An Analysis of Secure Remote Password (SRP)
 
Thank-a-Gram
Thank-a-GramThank-a-Gram
Thank-a-Gram
 
Active Attacks on DH Key Exchange
Active Attacks on DH Key ExchangeActive Attacks on DH Key Exchange
Active Attacks on DH Key Exchange
 
Can I write to a read only file ?
Can I write to a read only file ?Can I write to a read only file ?
Can I write to a read only file ?
 
How do computers exchange secrets using Math?
How do computers exchange secrets using Math?How do computers exchange secrets using Math?
How do computers exchange secrets using Math?
 
On the Secrecy of RSA Private Keys
On the Secrecy of RSA Private KeysOn the Secrecy of RSA Private Keys
On the Secrecy of RSA Private Keys
 
Computing the Square Roots of Unity to break RSA using Quantum Algorithms
Computing the Square Roots of Unity to break RSA using Quantum AlgorithmsComputing the Square Roots of Unity to break RSA using Quantum Algorithms
Computing the Square Roots of Unity to break RSA using Quantum Algorithms
 
Analysis of Short RSA Secret Exponent d
Analysis of Short RSA Secret Exponent dAnalysis of Short RSA Secret Exponent d
Analysis of Short RSA Secret Exponent d
 
Dependency Analysis of RSA Private Variables
Dependency Analysis of RSA Private VariablesDependency Analysis of RSA Private Variables
Dependency Analysis of RSA Private Variables
 
Analysis of Shared RSA Modulus
Analysis of Shared RSA ModulusAnalysis of Shared RSA Modulus
Analysis of Shared RSA Modulus
 
RSA Game using an Oracle
RSA Game using an OracleRSA Game using an Oracle
RSA Game using an Oracle
 
RSA Two Person Game
RSA Two Person GameRSA Two Person Game
RSA Two Person Game
 
RSA without Integrity Checks
RSA without Integrity ChecksRSA without Integrity Checks
RSA without Integrity Checks
 
RSA without Padding
RSA without PaddingRSA without Padding
RSA without Padding
 
Solutions to online rsa factoring challenges
Solutions to online rsa factoring challengesSolutions to online rsa factoring challenges
Solutions to online rsa factoring challenges
 

Dernier

Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel Araújo
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
Delhi Call girls
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
vu2urc
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
Enterprise Knowledge
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
UK Journal
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
giselly40
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
Malak Abu Hammad
 

Dernier (20)

How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 

Verifying Architectural Design Rules of a Flight Software Product Line

  • 1. CESE Verifying Architectural Design Rules Of the Flight Software Product Line Fraunhofer CESE: NASA GSFC: Dharmalingam Ganesan David McComas Mikael Lindvall Maureen Bartholomew Chris Ackermann 1
  • 2. CESE What is the CFS? • The Core Flight Software System (CFS) is a mission-independent, platform-independent, Flight Software (FSW) environment integrating a reusable core flight executive (cFE) • The CFS is a product-line developed by the NASA Goddard Space Flight Center (GSFC) 2
  • 3. CESE Motivation for cFE/CFS • Requirements – The Requirements for Command and Data Handling (C&DH) Flight Software are very similar from Flight Project to Flight Project – The Requirements for Guidance Navigation and Control (GNC) Flight Software are also be quite similar from Flight Project to Flight Project • So, let’s not “re-invent the wheel” in each project – cFE responds to this by allowing FSW developers and testers to concentrate on the uniqueness of a project 3
  • 4. CESE cFE/CFS Heritage SMEX- Lite SAMPEX SWAS TRACE WIRE Triana Swift BAT (launched (launched 8/92) (launched (launched 2/99) (waiting for (12/04) 12/98) 3/98) launch) XTE (launched TRMM (launched 12/95) 11/97) JWST ISIM (2011) IceSat GLAS (01/03) Core FSW Executive MAP (launched Future Spacecraft 06/01) and Instruments SDO (2007) LRO (2009) ST-5 (5/06) 4
  • 5. CESE Business Goals and Arch. Principles The CFS Business Goals Supporting the Goals Reduce time to deploy Layered architecture high-quality software Reduce project schedule and Reusable core modules with cost uncertainty standard API’s Directly facilitate formalized Plug and play modules software reuse Publish-and-subscribe style Enable collaboration across organizations Standard Middleware/ Software bus Simplify sustaining engineering and maintenance Run-time module registration and integration Platform for advanced concepts and prototyping OS and Hardware Abstraction Common standards and tools across NASA 5
  • 6. CESE Problem/Challenge • How do we make sure that the implementation follows all documented architectural styles (e.g., Layers), patterns, interface usage rules, etc? • Otherwise, architecture remains as a hypothesis • Technical goals can be compromised – testability, buildability, (subtle) performance, run-time adaptability, evolvability, etc., • Also, business goals can be comprised because architecture is an important enabler • cFE/CFS undergoes rigorous code review – are architecture rules already checked in review? 6
  • 7. CESE Specified Structure … 7
  • 8. CESE Example cFE/CFS Context Diagram Mass EDAC Storage House- Memory Memory Memory Self GN&C Instrument System keeping Checksum Scrubber Manager Dwell Test Applications Manager (4) Software Data Storage Scheduler File Stored Manager Commanding Local Storage Inter-task Message Router (SW Bus) CFDP File Health & Transfer Safety Manager 1553 Bus Telemetry Command Software Time Executive Event Table Limit Services Services Services Services Checker Support Output Ingest Bus Commands Comm Cards Transponders cFE core App Summit Chip Real-time Telemetry (UDP) CFS Applications File downlink 8 Mission Apps (CFDP)
  • 9. CESE Approach for Verifying Rules Bridge abstraction gap Mapping - sample clonefinder grep ifnames RPA SAVE 9
  • 10. CESE Category of Derived (static) Rules • Dependency-restriction rules – Fraunhofer SAVE , Relation Partition Algebra (RPA) • Decomposition-restriction rules – RPA tool, grep • Redundancy (clones) rules – Clone finder tool • Conditional preprocessor usage rules – ifnames tool  Let us see sample results (details in the paper) 10
  • 11. CESE Why dependency-restriction rules?– a comment from cFE/CFS docs • Developers are discouraged from using the OS_QueueCreate, OS_QueueGet and OS_QueuePut functions. These functions are a lower level duplication of the Software Bus Services pipes. Their usage limit the visibility into data messages being passed between Applications and they would also impose a requirement that two applications must reside on the same processor. 11
  • 12. CESE Extracted Dependency from Code App and Core are developed almost by the same developers This implemented view is consistent with the design guideline: Cfe-app should use Cfe-core, but not vice-versa because Core should be independently testable/buildable without apps 12 12
  • 13. CESE Extract Dependencies among Apps Design Rule No two applications are allowed to interact directly, and should instead use the software bus to communicate It should be possible to start, stop, restart, and remove 13 applications independently for improved fault tolerance. 13
  • 14. CESE OS Abstraction Layer (OSAL) • Real Time Operating System APIs – Tasks, Queues, Semaphores, Interrupts, etc., • File System APIs – Abstracts the file systems that may be present on a system – Simulate multiple embedded file systems on a desktop computer for testing • Hardware APIs – Port and memory based I/O access in order to provide a common way of accessing 14 hardware resources
  • 15. CESE Why OSAL should be used? – comments from cFE/CFS docs • The developer must make the effort to identify the proper methods through the cFE and OS API to satisfy their software requirements and not be tempted to take a “short-cut” and accomplish their goal with a direct hardware or operating system software interface. • …attempting to write to EEPROM using the standard C function memcpy will fail. Using OS_MemCpy will succeed because the EEPROM will be configured for writing before the copy is performed. 15
  • 16. CESE OSAL By-Pass • The CFS guide states that all communications to the OS and hardware should go through the OSAL for portability and testability reasons • The analysis shows that there a few places where the OS is directly used (i.e., standard C functions) CFE_ES_StartApplications call memset CFE_FS_Decompress call memset FS_gz_inflate_codes call memcpy main call printf OS_Memset, OS_Memcpy, and OS_printf Should have been called 16
  • 17. CESE Common Look-and-Feel • A common directory structure template has been defined – Where to place header files – Where to place configuration files – What data to make public (and private) • Template for interaction with software bus and other core components • Template for a module decomposition • Template for a task decomposition 17
  • 18. CESE Common Look-and-feel violations If modules have different look-and-feel they are difficult to inspect, test, understand. Applications designed to interface with the cFE should follow standard templates. QQ Limit Checker (LC) In fact, found a subtle runtime error QQ_AppMain LC_AppMain in a module that deviates from the QQ template. QQ_AppInit LC_AppInit 18 - Additional performance problems
  • 19. CESE Module Redundancy (Clone) Analysis • The source code of the cFE/CFS is offered to some of its customers • Presence of clones do not give good impression about the cFE/CFS design excellence • Also, cloning is not a recommended way to implement product lines – Hard to evolve multiple cloned versions 19
  • 20. CESE Module Redundancy Analysis • Clone finder tool detected a lot of “false” positives (mainly due to template code) • However, there are some true clones within the OS abstraction layer (OSAL) • There are no clones between Core and App layers (developed by the same team!) Important to understand the context before criticizing the team! 20
  • 21. CESE Conditional Preprocessor Analysis • Minimizing complexity is one of the cFE/CFS design goals • Design decisions were made to use the preprocessor to the “minimum” • 80% of files don’t have conditional preprocessor statements! Checks variation point lower and upper bounds 21
  • 22. CESE Variability Implementation Strategy • Missions can plug-in and plug-out applications • Abstract APIs with alternative implementations • OS and hardware variants are taken care by the OSAL • Build scripts select and compile the selected OS type implementation files • Header files with the same name is used 22 to manage certain variants
  • 23. CESE Conclusion and Outlook • The cFE/CFS team performs rigorous design and code reviews thus not many issues remain! • Nevertheless, some issues remain undetected • Detected issues were added into the discrepancy list and were addressed • Imagine the number of architectural violations in hardly reviewed systems! 23
  • 24. CESE Conclusion and Outlook • This analysis helped in establishing the chain of relationships among business goals, architecture, and source code • Important to verify whether the implementation is indeed consistent with the specified architecture – Tools help a lot in performing and repeating • Otherwise, testability, buildability, performance, etc., can be compromised • On-going work: run-time behavioral rules 24
  • 25. CESE Questions • Dharmalingam Ganesan – dganesan@fc-md.umd.edu • Mikael Lindvall – mlindvall@fc-md.umd.edu 25