key version for misra c
play

KeY Version for MISRA C Daniel Larsson KeY Symposium Gteborg, June - PowerPoint PPT Presentation

KeY Version for MISRA C Daniel Larsson KeY Symposium Gteborg, June 2005 KeY Version for MISRA C p.1/11 CEDES CEDES ( C ost E fficient D ependable E lectronic S ystems) Software-based methods for fault tolerance & fault handling


  1. KeY Version for MISRA C Daniel Larsson KeY Symposium Göteborg, June 2005 KeY Version for MISRA C – p.1/11

  2. CEDES CEDES ( C ost E fficient D ependable E lectronic S ystems) Software-based methods for fault tolerance & fault handling “Our” work package: KeY version for MISRA C programs Symbolic error propagation Formal verification of exception handling routines KeY Version for MISRA C – p.2/11

  3. Symbolic Error Propagation Would complement fault injection methods Main problem with fault injection: coverage Idea: Represent whole classes of errors in logic Perform symbolic execution to ... verify properties in the presence of errors calculate consequences (strongest postcondition) KeY Version for MISRA C – p.3/11

  4. KeY Version for MISRA C Refactoring of KeY + addition of C datastructures Finding and integrating C front-end Writing parser for schemaC Develop and implement dynamic logic and calculus for MISRA C KeY Version for MISRA C – p.4/11

  5. Front-end for C Cetus Implemented in Java Uses ANTLR parser generator Is an active project KeY Version for MISRA C – p.5/11

  6. Refactoring of Datastructures Should as much as possible be re-used/shared? Save a lot of work Avoid duplicated code ... or ... Should structures for different languages be kept separate? Java semantics implicitly built-in ⇒ Bugs that are hard to find KeY Version for MISRA C – p.6/11

  7. Refactoring of Datastructures cont’d Should as much as possible be re-used/shared? Save a lot of work Avoid duplicated code ... or ... Should structures for different languages be kept separate? Java semantics implicitly built-in ⇒ Bugs that are hard to find Decision: Go for 1st approach KeY Version for MISRA C – p.7/11

  8. Refactoring of Datastructures cont’d How general? First plan: Structure that allowed for addition of arbitrary OO language with imperative core Not worth the effort Existing datastructures already fairly general ⇒ Go for ad-hoc approach KeY Version for MISRA C – p.8/11

  9. Refactoring of Datastructures cont’d How general? First plan: Structure that allowed for addition of arbitrary OO language with imperative core Not worth the effort Existing datastructures already fairly general ⇒ Go for ad-hoc approach Decision: Minimal refactoring to be able to add C constructs KeY Version for MISRA C – p.9/11

  10. New Package Structure KeY Version for MISRA C – p.10/11

  11. New Package Structure cont’d KeY Version for MISRA C – p.11/11

Recommend


More recommend