state of practice
play

State of Practice Jerome C. Hunsaker Visiting Professor Department - PowerPoint PPT Presentation

Sep 20, 2022 •90 likes •188 views

Automatic Verification of Embedded Control Software with ASTRE and beyond Patrick Cousot State of Practice Jerome C. Hunsaker Visiting Professor Department of Aeronautics and Astronautics, MIT c o u s o t mi t e d u w w w . mi t . e d u /

  1. Automatic Verification of Embedded Control Software with ASTRÉE and beyond Patrick Cousot State of Practice Jerome C. Hunsaker Visiting Professor Department of Aeronautics and Astronautics, MIT c o u s o t mi t e d u w w w . mi t . e d u / ~ c o u s o t École normale supérieure, Paris c o u s o t e n s f r w w w . d i . e n s . f r / ~ c o u s o t Workshop on Critical Research Areas in Aerospace Software Aero. Astro. Dept., MIT, August 9 th , 2005 August 9 th , 2005 Critical Research Areas in Aerospace Software, MIT — 2 — ľ P. Cousot The software challenge for next 10 years An example among many others (Matlab code) » h=get(gca,’children’); - Present-day software engineering is almost exclusively - - apple.awt.EventQueueExceptionHandler Caught Throwable : java.lang.ArrayIndexOutOfBoundsException: 2 >= 2 java.lang.ArrayIndexOutOfBoundsException: 2 >= 2 manual, with very few automated tools; at java.util.Vector.elementAt(Vector.java:431) at com.mathworks.mde.help.IndexItem.getFilename(IndexItem.java:100) at com.mathworks.mde.help.Index.getFilenameForLocation(Index.java:706) - Trust and confidence in specifications and software can - - at com.mathworks.mde.help.Index.access$3100(Index.java:29) at com.mathworks.mde.help.Index$IndexMouseMotionAdapter.mouseMoved(Index.java:768) at java.awt.AWTEventMulticaster.mouseMoved(AWTEventMulticaster.java:272) no longer be entirely based on the development process at java.awt.AWTEventMulticaster.mouseMoved(AWTEventMulticaster.java:271) at java.awt.Component.processMouseMotionEvent(Component.java:5211) (e.g. DO178B); at javax.swing.JComponent.processMouseMotionEvent(JComponent.java:2779) at com.mathworks.mwswing.MJTable.processMouseMotionEvent(MJTable.java:725) at java.awt.Component.processEvent(Component.java:4967) - In complement, quality assurance must be ensured by - - at java.awt.Container.processEvent(Container.java:1613) at java.awt.Component.dispatchEventImpl(Component.java:3681) at java.awt.Container.dispatchEventImpl(Container.java:1671) new design, modeling, checking, verification and certi- at java.awt.Component.dispatchEvent(Component.java:3543) at java.awt.LightweightDispatcher.retargetMouseEvent(Container.java:3527) at java.awt.LightweightDispatcher.processMouseEvent(Container.java:3255) fication tools based on the product itself. at java.awt.LightweightDispatcher.dispatchEvent(Container.java:3172) at java.awt.Container.dispatchEventImpl(Container.java:1657) at java.awt.Window.dispatchEventImpl(Window.java:1606) at java.awt.Component.dispatchEvent(Component.java:3543) at java.awt.EventQueue.dispatchEvent(EventQueue.java:456) at java.awt.EventDispatchThread.pumpOneEventForHierarchy(EventDispatchThread.java:234) at java.awt.EventDispatchThread.pumpEventsForHierarchy(EventDispatchThread.java:184) at java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:178) at java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:170) at java.awt.EventDispatchThread.run(EventDispatchThread.java:100) » August 9 th , 2005 August 9 th , 2005 Critical Research Areas in Aerospace Software, MIT — 3 — ľ P. Cousot Critical Research Areas in Aerospace Software, MIT — 4 — ľ P. Cousot

  2. Static analysis tools - Determine automatically from the program text pro- - - gram properties of a certain class that do hold at run- State of the Art in Automatic time (e.g. absence of runtime error); - Based on the automatic computation of machine repre- - - Static Program Analysis sentable abstractions 1 of all possible executions of the program in any possible environment; - Scales up to hundreds of thousands lines; - - - Undecidable whence false alarms are possible 2 - - 1 sound but (in general) uncomplete approximations. 2 cases when a question on the program runtime behavior cannot be answered automatically for sure August 9 th , 2005 August 9 th , 2005 Critical Research Areas in Aerospace Software, MIT — 5 — ľ P. Cousot Critical Research Areas in Aerospace Software, MIT — 6 — ľ P. Cousot Degree of specialization The ASTRÉE static analyzer - Specialization for a class of runtime properties (e.g. ab- - - - ASTRÉE is a static program analyzer aiming at proving - - sence of runtime errors) the absence of Run Time Errors (started Nov. 2001) - Specialization for a programming language (e.g. PolySpace - - - C programs, no dynamic memory allocation and recur- - - Suite for Ada, C or C++) sion - Specialization for a programming style (e.g. C Global - - - Encompass many (automatically generated) synchro- - - Surveyor) nous, time-triggered, real-time, safety critical, embed- - Specialization for an application type (e.g. ASTRÉE for - - ded software embedded real-time synchronous 3 autocodes) - automotive, energy and aerospace applications - - The more specialized, the less false alarms 4 ! ) e.g. No false alarm on the electric flight control codes ) for the A340 (Nov. 2003) and A380 (Nov. 2004) gener- 3 deterministic ated from SAO/SCADE. 4 but the less specialized, the larger commercial market (and the less client satisfaction)! August 9 th , 2005 August 9 th , 2005 Critical Research Areas in Aerospace Software, MIT — 7 — ľ P. Cousot Critical Research Areas in Aerospace Software, MIT — 8 — ľ P. Cousot

  3. Ellipsoid Abstract Domain for Filters Filter Example 2 d Order Digital Filter: t y pedef enum { FALSE = 0, TRUE = 1} BOOLEAN; BOOLEAN I NI T; f l oat P, X;  ¸ X n ` 1 + ˛ X n ` 2 + Y n v oi d f i l t er ( ) { a b - Computes X n = - - I n - s t at i c f l oat E[ 2] , S[ 2] ; - The concrete computation is bounded, which - - i f ( I NI T) { S[ 0] = X; P = X; E[ 0] = X; } + + z -1 + z -1 must be proved in the abstract. t el s e { P = ( ( ( ( ( 0. 5 * X) - ( E[ 0] * 0. 7) ) + ( E[ 1] * 0. 4) ) Unit delay Unit delay Switch - There is no stable interval or octagon. - - Switch + ( S[ 0] * 1. 5) ) - ( S[ 1] * 0. 7) ) ; } x(n) j B i E[ 1] = E[ 0] ; E[ 0] = X; S[ 1] = S[ 0] ; S[ 0] = P; Switch - The simplest stable surface is an ellipsoid. - - / * S[ 0] , S[ 1] i n [ - 1327. 02698354, 1327. 02698354] * / } v oi d mai n ( ) { X = 0. 2 * X + 5; I NI T = TRUE; whi l e ( 1) { X = 0. 9 * X + 35; / * s i mul at ed f i l t er i nput * / F(X) f i l t er ( ) ; I NI T = FALSE; } X X } F(X) X U F(X) X U F(X) Reference execution trace unstable interval stable ellipsoid see h t t p : / / w w w . a s t r e e . e n s . f r / August 9 th , 2005 August 9 th , 2005 Critical Research Areas in Aerospace Software, MIT — 9 — ľ P. Cousot Critical Research Areas in Aerospace Software, MIT — 10 — ľ P. Cousot Arithmetic-Geometric Progressions (Example 1) Arithmetic-geometric progressions % c at c ount . c t y pedef enum { FALSE = 0, TRUE = 1} BOOLEAN; - Abstract domain: ( R + ) 5 - - 5 v ol at i l e BOOLEAN I ; i nt R; BOOLEAN T; - Concretization (any function bounded by the arithmetic- - - v oi d mai n( ) { R = 0; geometric progression): whi l e ( TRUE) { ‚ 2 ( R + ) 5 7 ` ! } ( N 7 ! R ) __ASTREE_l og_v ar s ( ( R) ) ; potential overflow! i f ( I ) { R = R + 1; } ‚ ( M ; a; b; a 0 0 ; b ) = el s e { R = 0; } “ ) k ” T = ( R >= 100) ; –x . ax + b ‹ ( –x . a 0 0 f f j 8 k 2 N : j f ( k ) j » x + b ( M ) g __ASTREE_wai t _f or _c l oc k ( ( ) ) ; } } % c at c ount . c onf i g __ASTREE_v ol at i l e_i nput ( ( I [ 0, 1] ) ) ; __ASTREE_max _c l oc k ( ( 3600000) ) ; Reference % as t r ee –ex ec - f n mai n –c onf i g- s em c ount . c onf i g c ount . c | gr ep ’ | R| ’ see h t t p : / / w w w . a s t r e e . e n s . f r / | R| <= 0. + c l oc k * 1. <= 3600001. 5 here in R August 9 th , 2005 August 9 th , 2005 Critical Research Areas in Aerospace Software, MIT — 11 — ľ P. Cousot Critical Research Areas in Aerospace Software, MIT — 12 — ľ P. Cousot

  4. Arithmetic-geometric progressions (Example 2) v oi d m ai n( ) % c at r et r o. c { FI RST = TRUE; t y pedef enum { FALSE=0, TRUE=1} BOOL; whi l e ( TRUE) { BOOL FI RST; dev ( ) ; v ol at i l e BOOL SW I TCH; FI RST = FALSE; v ol at i l e f l oat E; __ASTREE_wai t _f or _c l oc k ( ( ) ) ; f l oat P, X, A, B; Towards System Verification Tools } } % c at r et r o. c onf i g v oi d dev ( ) __ASTREE_v ol at i l e_i nput ( ( E [ - 15. 0, 15. 0] ) ) ; { X=E; __ASTREE_v ol at i l e_i nput ( ( SW I TCH [ 0, 1] ) ) ; i f ( FI RST) { P = X; } __ASTREE_m ax _c l oc k ( ( 3600000) ) ; el s e | P| <= ( 15. + 5. 87747175411e- 39 { P = ( P - ( ( ( ( 2. 0 * P) - A) - B) * 4. 491048e- 03) ) ; } ; / 1. 19209290217e- 07) * ( 1 B = A; + 1. 19209290217e- 07) ˆ c l oc k i f ( SW I TCH) { A = P; } - 5. 87747175411e- 39 / el s e { A = X; } 1. 19209290217e- 07 <= } 23. 0393526881 August 9 th , 2005 August 9 th , 2005 Critical Research Areas in Aerospace Software, MIT — 13 — ľ P. Cousot Critical Research Areas in Aerospace Software, MIT — 14 — ľ P. Cousot Computer controlled systems Software test Approximations: program ! precise, system ! precise Abstractions: program ! none, system ! precise August 9 th , 2005 August 9 th , 2005 Critical Research Areas in Aerospace Software, MIT — 15 — ľ P. Cousot Critical Research Areas in Aerospace Software, MIT — 16 — ľ P. Cousot

Recommend

ReedSm R mith State e Tax Pr ractice S tate Ta ax Team m Lee A. Zoeller Brent K. Be

ReedSm R mith State e Tax Pr ractice S tate Ta ax Team m Lee A. Zoeller Brent K. Be

ReedSmith State Tax Practice Exceptional Experience For more information about our group, please visit www.reedsmith.com/state Reed Smiths State Tax Practice has more professionals exclusively focused on state tax tax/ or contact: issues

360 views • 6 slides
EtherCAT in practice version identification state machine sync manager FMMU

EtherCAT in practice version identification state machine sync manager FMMU

cable and connector LED diagnosis EtherCAT in practice version identification state machine sync manager FMMU Michael Jost mailbox protocols Beckhoff working counter 10/02/2009 EtherCAT in practice 1

527 views • 29 slides
DDIs State of the Practice and the Next Evolution Smith Siromaskul OV E RV I E W C O N C E

DDIs State of the Practice and the Next Evolution Smith Siromaskul OV E RV I E W C O N C E

DDIs State of the Practice and the Next Evolution Smith Siromaskul OV E RV I E W C O N C E P T UA L OV E RV I E W DDI Sites T H E B I G P I C T U R E Used for high volumes of turns Typically requires fewer lanes

785 views • 40 slides
Finite State Machines: Definitions; Verification Greg Plaxton Theory in Programming Practice,

Finite State Machines: Definitions; Verification Greg Plaxton Theory in Programming Practice,

Finite State Machines: Definitions; Verification Greg Plaxton Theory in Programming Practice, Spring 2005 Department of Computer Science University of Texas at Austin Finite State Machine: Definition A (deterministic) finite state machine

130 views • 11 slides
Branding Your Practice: Principles of effective Branding Your Practice: Principles of effective

Branding Your Practice: Principles of effective Branding Your Practice: Principles of effective

4/17/2018 Branding Your Practice: Principles of effective Branding Your Practice: Principles of effective marketing marketing Russell H. Samson MD, FACS, RVT Clinical professor of Surgery (Vascular) Florida State University Medical School

597 views • 15 slides
State of the art treatment MPN How has practice changed from a patient perspective? Claire

State of the art treatment MPN How has practice changed from a patient perspective? Claire

State of the art treatment MPN How has practice changed from a patient perspective? Claire Harrison Guys and St Thomas Hospital London Disclosures: Research funding: Novartis and Celgene Speaker/Advisory board: Sanofi, Gilead,

461 views • 30 slides
Good Read-Across Practice 1: State of the Art of Read-Across for Toxicity Prediction Mark Cronin

Good Read-Across Practice 1: State of the Art of Read-Across for Toxicity Prediction Mark Cronin

Good Read-Across Practice 1: State of the Art of Read-Across for Toxicity Prediction Mark Cronin Liverpool John Moores University England Acknowledgement What I am Going to Say Background and context State of the art of read-across

825 views • 36 slides
Outline A brief tour of practice diversity Its everywhere you look! Is practice diversity

Outline A brief tour of practice diversity Its everywhere you look! Is practice diversity

5/30/2014 I think Medicine has Practice diversity: What does it mean when everybody does it differently? 1. Too much practice diversity 2. Just enough practice diversity 3. Not enough practice diversity Avery Tung, M.D. FCCM Quality Chief

816 views • 24 slides
Standards for Mathematical Practice (MP) TOM TORLAKSON State Superintendent of Public

Standards for Mathematical Practice (MP) TOM TORLAKSON State Superintendent of Public

Standards for Mathematical Practice (MP) TOM TORLAKSON State Superintendent of Public Instruction Lori Freiermuth, Ideally, several MP Commissioner, standards will be evident in Instructional Quality each lesson as they interact and

287 views • 15 slides
On the UML use in the Brazilian industry: A state of the practice survey Kleinner Farias, Lucian

On the UML use in the Brazilian industry: A state of the practice survey Kleinner Farias, Lucian

On the UML use in the Brazilian industry: A state of the practice survey Kleinner Farias, Lucian Gonales, Vinicius Bischoff, Bruno C. da Silva , Everton Guimares, and Jacob Niggle. University of Vale do Rio dos Sinos (UNISINOS)

474 views • 31 slides
A New Scope of Practice for PAs and APRNs in Michigan State Bar of Michigan Health Care Law

A New Scope of Practice for PAs and APRNs in Michigan State Bar of Michigan Health Care Law

Exceptional service. Dykema delivers. A New Scope of Practice for PAs and APRNs in Michigan State Bar of Michigan Health Care Law Section Annual Meeting, September 12, 2017 Kathleen A. Reed California | Illinois | Michigan | Minnesota | Texas

521 views • 31 slides
Micropipetting Doing it the correct way Practice, practice, practice! Why Take the Time to

Micropipetting Doing it the correct way Practice, practice, practice! Why Take the Time to

Micropipetting Doing it the correct way Practice, practice, practice! Why Take the Time to Practice? Micropipetting is the foundation to many future experiments Correct pipetting insures correct volumes which creates a greater chance

544 views • 19 slides
Welcome Brian B. McCuller is the Tax Practice Leader for LBMC. Brian is an attorney and a CPA

Welcome Brian B. McCuller is the Tax Practice Leader for LBMC. Brian is an attorney and a CPA

Welcome Brian B. McCuller is the Tax Practice Leader for LBMC. Brian is an attorney and a CPA with over twenty years of experience in the state and local tax field. He specializes in multi-state tax planning and controversy services.

758 views • 72 slides
Use of Geophysics for Levee Investigation Levee State-of-the-Practice Symposium April 22, 2016

Use of Geophysics for Levee Investigation Levee State-of-the-Practice Symposium April 22, 2016

Use of Geophysics for Levee Investigation Levee State-of-the-Practice Symposium April 22, 2016 Use of Geophysics for Levee Investigation Horacio Ferriz California State University Stanislaus With the collaboration of Koichi Hayashi,

492 views • 35 slides
At the end of this presentation the participant will able to: Describe the Community

At the end of this presentation the participant will able to: Describe the Community

Sylvia Pirani, Director, New York State Office of Public Health Practice; Donald W. Rowe, Director Office of Public Health Practice, State University of New York at Buffalo, School of Public Health and Health Professions; Robert Furlani,

749 views • 25 slides
CSC 4992: Cyber Security Practice Team Projects Fengwei Zhang Wayne State University CSC 4992

CSC 4992: Cyber Security Practice Team Projects Fengwei Zhang Wayne State University CSC 4992

CSC 4992: Cyber Security Practice Team Projects Fengwei Zhang Wayne State University CSC 4992 Cyber Security Practice 1 General Information A research project with 3-5 individuals Building a new system Improving an existing

405 views • 9 slides
CSC 5290: Cyber Security Practice Term Projects Fengwei Zhang Wayne State University CSC 5290

CSC 5290: Cyber Security Practice Term Projects Fengwei Zhang Wayne State University CSC 5290

CSC 5290: Cyber Security Practice Term Projects Fengwei Zhang Wayne State University CSC 5290 Cyber Security Practice 1 General Information A research project with 1-2 individuals Building a new system Improving an existing

104 views • 9 slides
Clinical Practice and Information Sharing: HIPAA, State Confidentiality Laws and Other Legal

Clinical Practice and Information Sharing: HIPAA, State Confidentiality Laws and Other Legal

Clinical Practice and Information Sharing: HIPAA, State Confidentiality Laws and Other Legal Issues Harrisburg, Pennsylvania December 3, 2013 John Petrila, J.D., LL.M. Professor College of Public Health University of South Florida

1.42k views • 113 slides
CURRICULUM POLICY AND PRACTICE AT WESTMINSTER Educational purpose The youth, which is growing to

CURRICULUM POLICY AND PRACTICE AT WESTMINSTER Educational purpose The youth, which is growing to

CURRICULUM POLICY AND PRACTICE AT WESTMINSTER Educational purpose The youth, which is growing to manhood, as tender shoots in the wood of our state, shall be liberally instructed in good books to the greater honour of the state. (Elizabeth I:

521 views • 10 slides
VIRTUAL ARCHITECTURAL PRACTICE - AN ALTERNATE REALITY PRODUCED BY AIA PMKC + AIA TRUST 1.5

VIRTUAL ARCHITECTURAL PRACTICE - AN ALTERNATE REALITY PRODUCED BY AIA PMKC + AIA TRUST 1.5

Peter S. Macrae, AIA SPEAKERS: VIRTUAL PRACTICE FRAMEWORK Charles R. Heuer, Esq, FAIA MANAGING RISK WHEN RUNNING A VIRTUAL PRACTICE Kevin J. Collins, RPLU, Associate AIA CHALLENGES TO PROFESSION AND PRACTICE IN A VIRTUAL PRACTICE Lira Luis,

630 views • 37 slides
CSC 5290 Cyber Security Practice Fengwei Zhang Wayne State University CSC 5290 Cyber Security

CSC 5290 Cyber Security Practice Fengwei Zhang Wayne State University CSC 5290 Cyber Security

CSC 5290 Cyber Security Practice Fengwei Zhang Wayne State University CSC 5290 Cyber Security Practice 1 Who Am I? Fengwei Zhang Assistant Professor of Computer Science Office: Maccabees Building, Room 14109.3 Emai: fengwei at

559 views • 19 slides
Practice Advancement Initiative (PAI) State Affiliate Workshop Vanessa Freitag, PharmD, MBA Vice

Practice Advancement Initiative (PAI) State Affiliate Workshop Vanessa Freitag, PharmD, MBA Vice

Practice Advancement Initiative (PAI) State Affiliate Workshop Vanessa Freitag, PharmD, MBA Vice President Ascension Health, Wisconsin Market Facilitate innovation at the local level Moving past self-assessment completion ACTI TION!

693 views • 56 slides
Impact of State Variation in Scope of Practice on Psychiatric Mental Health Nurse Practitioner

Impact of State Variation in Scope of Practice on Psychiatric Mental Health Nurse Practitioner

Impact of State Variation in Scope of Practice on Psychiatric Mental Health Nurse Practitioner Services AcademyHealth June 2, 2019 Susan A. Chapman Christopher Toretsky Bethany Phoenix Disclosures No financial or other conflicts of interest

375 views • 18 slides
Urban Freight Tour Models: State of the Art and Practice Jos Holgun-Veras, Ellen Thorson,

Urban Freight Tour Models: State of the Art and Practice Jos Holgun-Veras, Ellen Thorson,

1 Urban Freight Tour Models: State of the Art and Practice Jos Holgun-Veras, Ellen Thorson, Qian Wang, Ning Xu, Carlos Gonzlez-Caldern, Ivn Snchez-Daz, John Mitchell Center for Infrastructure, Transportation, and the Environment

859 views • 54 slides

More recommend