SlideShare a Scribd company logo

DO-178C OOT supplement: A user's perspective

AdaCore
AdaCore

A perspective user's view of the OOT supplement being introduced in the upcoming DO-178C avionics standard.

1 of 31
Downloaded 28 times
DO178C/ED12C OOT A User’s Perspective Cyrille Comar Hugues Bonnin Fred Rivard Certification Together International Conference, Toulouse, October 2010
CTIC 2010 2 Agenda 3 examples of DO178C/OOT usage 1. Inheritance : Liskov Substitution Principle (LSP) with Ada 2. Virtualization : the Java Virtual Machine case 3. Dynamic Memory Management : a Java Garbage Collector example
Inheritance : Liskov Substitution Principle (LSP) with Ada
CTIC 2010 4 Local Type Consistency (TC)  In order to mitigate inheritance vulnerabilities, local type consistency has to be demonstrated. Indeed, this property limits reliably inheritance mechanism.  TC is referred in : ◦ OO.4.4 n. : if reuse is planned, maintenance of TC shall be described. ◦ OO.5.2.2 j. : in design activities, class hiearachy with TC must be developped with associated LLR. ◦ OO.6.7 : specific verification for Local Type Consistency has to be done, with added objective in table A-7 (OO-10).
CTIC 2010 5 Local Type Consistency (TC) 1. Formal Methods: ◦ Precondition weakening ◦ Postcondition Strengthening 2. Unit Testing (on LLRs associated with Class methods) ◦ Run all tests associated with a class using objects of child classes 3. Pessimistic Testing ◦ Verify that all dispatching calls are covered by tests exercising all methods potentially reachable from a dispatch point
CTIC 2010 6 TC by Formal Analysis type Class1 is tagged private; procedure Method (C : in out Class1; I : Integer) with pre => I > 0; post => C.Updated; type Class2 is new Class1 with private; procedure Method (C : in out Class2; I : Integer) with pre => I >= 0; post => C.Updated and C.Sorted; Ada2012 syntax must demonstrate that • I > 0  I >= 0 • C.Updated and C.Sorted  C.Updated Liskov Substitution Principle: • Precondition is weakened • Postcondition is strengthened
CTIC 2010 7 TC by Formal Analysis (2)  Spark = Small Ada + logical annotations  Spark supports limited OO features  Spark already performs this verification type Class1 is tagged private; function Updated (C : Class1) return Boolean; function Sorted (C : Class1) return Boolean; procedure Method (C : in out Class1; I : Integer); --# pre I > 0; --# post Updated(C); type Class2 is new Class1 with private; procedure Method (C : in out Class2; I : Integer); --# pre I >= 0; --# post Updated(C) and Sorted (C); H1: updated(fld_inherit(c)) . H2: sorted(fld_inherit(c)) . -> C1: updated(fld_inherit(c)) . H1: i > 0 . -> C1: i >= 0 . Spark produces 2 VCs (Verification Conditions)
CTIC 2010 8 TC by Unit Testing  With proper organization of unit testing, verification is relatively easy to put in place: ◦ Each class has a mirror “test” class ◦ Each method has a mirror “test” method  Low-Level Requirements are associated with methods  Corresponding testcases are associated to the “mirror” test method ◦ Group all the tests related to a class in a testsuite ◦ Apply this testsuite to objects of the class ◦ Apply this testsuite to objects of subclasses Verify the LLRs associated with the class Verify type consistency
CTIC 2010 9 TC by Unit Testing package Example is type T1 is tagged private; procedure M1 (X : T1); function F1 (X : T1) return Integer; type T2 is new T1 with private; overriding procedure M1 (X : T2); -- inherit F1 (X : T2) end Example; package Example.Unit_Tests is type Test_T1 is new Root_Class_Test with record Ptr : access_T1_Class; end record; procedure Test_M1 (X : Test_T1); procedure Test_F1 (X : Test_T1); type Test_T2 is new Test_T1 with private; overriding procedure Test_M1 (X : Test_T2); -- inherit Test_F1 (X : Test_T2) end Example.Unit_Tests; LLR1_M1 LLR2_M1 LLR1_M1_TestCase1 LLR1_M1_TestCase2 … +M1() +F1() T1 +M1() T2 +Test_M1() +Test_F1() -Ptr T1_Test +Test_M1() T2_Test 1 1
CTIC 2010 10 TC by Unit Testing package body Example.Test_Suites is procedure T1_Test_Suite (T : Test_T1) is … procedure T2_Test_Suite (T : Test_T2) is begin Test_M1 (T); Test_F1 (T); -- call inherited test end T2_Test_Suite; end Example.Test_Suites; Procedure My_Test is T2_Obj : Test_T2 := (Root_Class_Test with new T2); begin -- regular testing on T2 Example.Test_Suites.T2_Test_Suite (T2_Obj); -- verify that T2 can substitute T1 safely Example.Test_Suites.T1_Test_Suite (Test_T1(T2_Obj)); end My_Test;
CTIC 2010 11 TC by Pessimistic Testing  Locate all dispatching calls in the application  For each, infer every method that can be called  Verify that Req based testing cover all such cases
CTIC 2010 12 TC by Pessimistic Testing procedure Do_Something (Obj1 : T1’Class; Obj2 : T2’Class) is begin … Obj1.M1; … Val := Obj2.F1; … end Do_Something; T2’s F1 T2’s M1 T1’s M1 … Do_Something (My_Obj1, My_Obj2); … Do_Something (My_Obj2, My_Obj2); … Enough to achieve stmt coverage but Not enough for Type Consistency verif Necessary to complete “pessimistic testing”
Virtualization : the Java Virtual Machine case
CTIC 2010 14 Multilayering needs  virtualization has multiple known interests for productivity and industrialisation ◦ SW/HW independance ◦ simulation easier ◦ portability improved  but for safety too : ◦ breakdown of complexity (« divide and conquer ») ◦ in case of Java :  stability of Java Bytecode (10+ years)  formal properties of bytecode but with DO178-B...
CTIC 2010 15 Executable (on target) Code Design Specification Introduction of Virtualizatio n No room for Java Byte Code DO178-B approach Executable (on target) Code Design Specification Byte-Code (on VM) DO178C/OOT approach OO.4 “The target environment is either a target computer or a combination of virtualization software and a target computer. Virtualization software also needs to comply with DO-178C/ED-12C and applicable supplements”
CTIC 2010 16 DO178C ref. on virtualization  OO.4.2 m. ◦ « Describe any planned use of virtualization » and « This data [byte code] should be treated as executable code »  OO.C.7.7 ◦ main vulnerability is « the code of a given virtualization layer may be considered to be data, consequently, tracing may be neglected, and verification may be insufficient »  OO11.7 g., OO11.8 f. ◦ standards (design and code) must include contraints on usage of virtualization
CTIC 2010 17 Development principle for a Java Software (1/2) Java Application JVM Platform HW targetExecutable Code Design Specification Executable Code Design Specification
CTIC 2010 18 Development principle for a Java Software (2/2)  Tests principles : « IMA-like » process Application on JVM  main part of appl. HLR, LLR tests JVM on target  main part of JVM HLR, LLR tests ApplicationonJVM ontarget smallpartof integrationtests Application exec. on JVM JVM exec. on HW
CTIC 2010 19 Constraints on Application devt.  development of application is not changed  but « executable object code » is Java bytecode, and the target is a JVM.  it allows to executes tests on any JVM, considering that target environment is representative of final HW target. ◦ standardisation of the JVM greatly helps for this demonstration
CTIC 2010 20 Constraints on JVM devt. (1)  Devt. of the JVM must be done at least at the same SW level as the application.  JVM HLR and LLR are principally described in Java Virtual Machine specification (the « blue book »).  Robust and deterministic algorithms must be chosen, and described in LLRs, to implement the JVM (see for example Garbage Collector in next part) ◦ The simplest are the choices, the easiest is the demonstration.
CTIC 2010 21 Constraints on JVM devt. (2) : JVM Tests strategy HW target JVM Java tests JVM tests execution on JVM JVM Java Bytecode JVM target bytecode JVM execution on a Test JVM JVM execution on the target Test JVM Single test battery Stage 1 Stage 2
Dynamic Memory Management : the Java Garbage Collector example
CTIC 2010 23 DO178C ref. on Dynamic Memory Management  OO.C.7.6 ◦ vulnerabilities are listed and explained, with guidelines  OO.5.2.2 (design activities) : ◦ k. « As part of the software architecture, develop a strategy for memory management »  OO.11.7 g. et OO.11.8 f. ◦ standards (design and code) must include contraints on usage of memory management  OO.6.8 ◦ specific verification for Dynamic Memory Management has to be done, with added objective in table A-7 (OO- 11), covering all the vulnerabilities explained in OO.C
CTIC 2010 24 Memory ManagementTable OO.C.7.6.3 : where sub-objectives are addressed MMI : Memory Management Infrastructure AC : Application  With automatic heap managament allocation, application transfers dynamic memory management problems to the infrastructure  this is a main advantage of using a Garbage Collector (GC) a b c d e f g Object pooling AC AC AC AC AC N/A MMI Stack allocation AC MMI MMI AC AC N/A MMI Scope allocation MMI MMI MMI AC AC MMI MMI Manual heap allocation AC AC* AC AC AC N/A MMI Automatic heap allocation MMI MMI MMI AC MMI MMI MMI Sub-objectives (OO.6.8.2) Technique
CTIC 2010 25 7 vulnerabilities in DMM a. Ambiguous References b. Fragmentation Starvation c. Deallocation Starvation d. Heap Memory Exhaustion e. Premature Deallocation f. Lost Update and Stale Reference g. Time bound Allocation or Deallocation MMI MMI MMI MMI MMI MMI AC
CTIC 2010 26 Verify GC by tests against vulnerabilities  these verification points are a sort of minimal requirements for a DMM infrastructure.  They all can be tested by adequate stress tests  For example, property e. « Premature Deallocation » ◦ 6.8.2.e states « Verify that reference consistency is maintained, that is, each object is unique, and is only viewed as that object. » ◦ One test could be :  one thread fill an array with objects ;  another one compare randomly cells of the array (a[x]==a[y]) ;  one third thread destroys the objects.  This process is repeated at a high rate and during a long period.  The comparison must never be true.
CTIC 2010 27 Verify GC by analysis against vulnerabilities (1/2)  The fine characteristics of the GC give supplementary LLRs ◦ Stop-the the-world / concurrent ◦ Mark-sweep / copy ◦ Compact / not compact ◦ Exact / conservative pointers ◦ Work / time based ...
CTIC 2010 28 Verify GC by analysis against vulnerabilities (2/2)  For example, b. Fragmentation Starvation c. Deallocation Starvation g. Time bound Allocation or Deallocation are well demonstrated by Shoeberl works, for concurrent-copy GC,  these charactristics can be used to give some sound verification of vulnerabities with periodic GC.
Conclusion
CTIC 2010 30 Conclusion  DO178C/OOT supplement is a real guide to go to certification with OO features ◦ it gives the necessary constraints to make OO programs safe ◦ it gives the sufficient genercity to accept any known OO technology ◦ it gives didactical material (APP.C)  Thanks to this new DO178 version, modern OO technology will finally be embedded in our modern aircrafts.
CTIC 2010 31 Thank you.
Ad

Recommended

System Verilog 2009 & 2012 enhancements
System Verilog 2009 & 2012 enhancementsSystem Verilog 2009 & 2012 enhancements
System Verilog 2009 & 2012 enhancements
Subash John
 
Paper-review: A Parallel Test Pattern Generation Algorithm to Meet Multiple Q...
Paper-review: A Parallel Test Pattern Generation Algorithm to Meet Multiple Q...Paper-review: A Parallel Test Pattern Generation Algorithm to Meet Multiple Q...
Paper-review: A Parallel Test Pattern Generation Algorithm to Meet Multiple Q...
Laboratory of Dependable Systems(I), GIEE, NTU
 
Dynamic Analysis - SCOTCH: Improving Test-to-Code Traceability using Slicing ...
Dynamic Analysis - SCOTCH: Improving Test-to-Code Traceability using Slicing ...Dynamic Analysis - SCOTCH: Improving Test-to-Code Traceability using Slicing ...
Dynamic Analysis - SCOTCH: Improving Test-to-Code Traceability using Slicing ...
ICSM 2011
 
Session 6 sv_randomization
Session 6 sv_randomizationSession 6 sv_randomization
Session 6 sv_randomization
Nirav Desai
 
Embedded system design psoc lab report
Embedded system design psoc lab reportEmbedded system design psoc lab report
Embedded system design psoc lab report
Ramesh Naik Bhukya
 
SystemVerilog Assertions verification with SVAUnit - DVCon US 2016 Tutorial
SystemVerilog Assertions verification with SVAUnit - DVCon US 2016 TutorialSystemVerilog Assertions verification with SVAUnit - DVCon US 2016 Tutorial
SystemVerilog Assertions verification with SVAUnit - DVCon US 2016 Tutorial
Amiq Consulting
 
Unit testingandcontinousintegrationfreenest1dot4
Unit testingandcontinousintegrationfreenest1dot4Unit testingandcontinousintegrationfreenest1dot4
Unit testingandcontinousintegrationfreenest1dot4
JAMK
 
Session 9 advance_verification_features
Session 9 advance_verification_featuresSession 9 advance_verification_features
Session 9 advance_verification_features
Nirav Desai
 
TMPA-2017: Evolutionary Algorithms in Test Generation for digital systems
TMPA-2017: Evolutionary Algorithms in Test Generation for digital systemsTMPA-2017: Evolutionary Algorithms in Test Generation for digital systems
TMPA-2017: Evolutionary Algorithms in Test Generation for digital systems
Iosif Itkin
 
Digital System Design Lab Report - VHDL ECE
Digital System Design Lab Report - VHDL ECEDigital System Design Lab Report - VHDL ECE
Digital System Design Lab Report - VHDL ECE
Ramesh Naik Bhukya
 
Introduction to-vhdl
Introduction to-vhdlIntroduction to-vhdl
Introduction to-vhdl
Neeraj Gupta
 
Coverage and Introduction to UVM
Coverage and Introduction to UVMCoverage and Introduction to UVM
Coverage and Introduction to UVM
Dr. Shivananda Koteshwar
 
ECAD lab manual
ECAD lab manualECAD lab manual
ECAD lab manual
Dr. Swaminathan Kathirvel
 
CG OpenGL polar curves & input display color-course 4
CG OpenGL polar curves & input display color-course 4CG OpenGL polar curves & input display color-course 4
CG OpenGL polar curves & input display color-course 4
fungfung Chen
 
System verilog important
System verilog importantSystem verilog important
System verilog important
elumalai7
 
ATPG Methods and Algorithms
ATPG Methods and AlgorithmsATPG Methods and Algorithms
ATPG Methods and Algorithms
Deiptii Das
 
How to Connect SystemVerilog with Octave
How to Connect SystemVerilog with OctaveHow to Connect SystemVerilog with Octave
How to Connect SystemVerilog with Octave
Amiq Consulting
 
Practical file
Practical filePractical file
Practical file
rajeevkr35
 
Uvm cookbook-systemverilog-guidelines-verification-academy
Uvm cookbook-systemverilog-guidelines-verification-academyUvm cookbook-systemverilog-guidelines-verification-academy
Uvm cookbook-systemverilog-guidelines-verification-academy
Raghavendra Kamath
 
Doulos coverage-tips-tricks
Doulos coverage-tips-tricksDoulos coverage-tips-tricks
Doulos coverage-tips-tricks
Obsidian Software
 
UVM TUTORIAL;
UVM TUTORIAL;UVM TUTORIAL;
UVM TUTORIAL;
Azad Mishra
 
Re usable continuous-time analog sva assertions
Re usable continuous-time analog sva assertionsRe usable continuous-time analog sva assertions
Re usable continuous-time analog sva assertions
Régis SANTONJA
 
Session 8 assertion_based_verification_and_interfaces
Session 8 assertion_based_verification_and_interfacesSession 8 assertion_based_verification_and_interfaces
Session 8 assertion_based_verification_and_interfaces
Nirav Desai
 
Upgrading to System Verilog for FPGA Designs, Srinivasan Venkataramanan, CVC
Upgrading to System Verilog for FPGA Designs, Srinivasan Venkataramanan, CVCUpgrading to System Verilog for FPGA Designs, Srinivasan Venkataramanan, CVC
Upgrading to System Verilog for FPGA Designs, Srinivasan Venkataramanan, CVC
FPGA Central
 
An integrated approach for designing and testing specific processors
An integrated approach for designing and testing specific processorsAn integrated approach for designing and testing specific processors
An integrated approach for designing and testing specific processors
VLSICS Design
 
Session 7 code_functional_coverage
Session 7 code_functional_coverageSession 7 code_functional_coverage
Session 7 code_functional_coverage
Nirav Desai
 
QTP 10 00 Guide
QTP 10 00 GuideQTP 10 00 Guide
QTP 10 00 Guide
G.C Reddy
 
VHdl lab report
VHdl lab reportVHdl lab report
VHdl lab report
Jinesh Kb
 
Stephan berg track f
Stephan berg track fStephan berg track f
Stephan berg track f
Alona Gradman
 
Processor Verification Using Open Source Tools and the GCC Regression Test Suite
Processor Verification Using Open Source Tools and the GCC Regression Test SuiteProcessor Verification Using Open Source Tools and the GCC Regression Test Suite
Processor Verification Using Open Source Tools and the GCC Regression Test Suite
DVClub
 
Ad

More Related Content

What's hot (20)

TMPA-2017: Evolutionary Algorithms in Test Generation for digital systems
TMPA-2017: Evolutionary Algorithms in Test Generation for digital systemsTMPA-2017: Evolutionary Algorithms in Test Generation for digital systems
TMPA-2017: Evolutionary Algorithms in Test Generation for digital systems
Iosif Itkin
 
Digital System Design Lab Report - VHDL ECE
Digital System Design Lab Report - VHDL ECEDigital System Design Lab Report - VHDL ECE
Digital System Design Lab Report - VHDL ECE
Ramesh Naik Bhukya
 
Introduction to-vhdl
Introduction to-vhdlIntroduction to-vhdl
Introduction to-vhdl
Neeraj Gupta
 
Coverage and Introduction to UVM
Coverage and Introduction to UVMCoverage and Introduction to UVM
Coverage and Introduction to UVM
Dr. Shivananda Koteshwar
 
ECAD lab manual
ECAD lab manualECAD lab manual
ECAD lab manual
Dr. Swaminathan Kathirvel
 
CG OpenGL polar curves & input display color-course 4
CG OpenGL polar curves & input display color-course 4CG OpenGL polar curves & input display color-course 4
CG OpenGL polar curves & input display color-course 4
fungfung Chen
 
System verilog important
System verilog importantSystem verilog important
System verilog important
elumalai7
 
ATPG Methods and Algorithms
ATPG Methods and AlgorithmsATPG Methods and Algorithms
ATPG Methods and Algorithms
Deiptii Das
 
How to Connect SystemVerilog with Octave
How to Connect SystemVerilog with OctaveHow to Connect SystemVerilog with Octave
How to Connect SystemVerilog with Octave
Amiq Consulting
 
Practical file
Practical filePractical file
Practical file
rajeevkr35
 
Uvm cookbook-systemverilog-guidelines-verification-academy
Uvm cookbook-systemverilog-guidelines-verification-academyUvm cookbook-systemverilog-guidelines-verification-academy
Uvm cookbook-systemverilog-guidelines-verification-academy
Raghavendra Kamath
 
Doulos coverage-tips-tricks
Doulos coverage-tips-tricksDoulos coverage-tips-tricks
Doulos coverage-tips-tricks
Obsidian Software
 
UVM TUTORIAL;
UVM TUTORIAL;UVM TUTORIAL;
UVM TUTORIAL;
Azad Mishra
 
Re usable continuous-time analog sva assertions
Re usable continuous-time analog sva assertionsRe usable continuous-time analog sva assertions
Re usable continuous-time analog sva assertions
Régis SANTONJA
 
Session 8 assertion_based_verification_and_interfaces
Session 8 assertion_based_verification_and_interfacesSession 8 assertion_based_verification_and_interfaces
Session 8 assertion_based_verification_and_interfaces
Nirav Desai
 
Upgrading to System Verilog for FPGA Designs, Srinivasan Venkataramanan, CVC
Upgrading to System Verilog for FPGA Designs, Srinivasan Venkataramanan, CVCUpgrading to System Verilog for FPGA Designs, Srinivasan Venkataramanan, CVC
Upgrading to System Verilog for FPGA Designs, Srinivasan Venkataramanan, CVC
FPGA Central
 
An integrated approach for designing and testing specific processors
An integrated approach for designing and testing specific processorsAn integrated approach for designing and testing specific processors
An integrated approach for designing and testing specific processors
VLSICS Design
 
Session 7 code_functional_coverage
Session 7 code_functional_coverageSession 7 code_functional_coverage
Session 7 code_functional_coverage
Nirav Desai
 
QTP 10 00 Guide
QTP 10 00 GuideQTP 10 00 Guide
QTP 10 00 Guide
G.C Reddy
 
VHdl lab report
VHdl lab reportVHdl lab report
VHdl lab report
Jinesh Kb
 
TMPA-2017: Evolutionary Algorithms in Test Generation for digital systems
TMPA-2017: Evolutionary Algorithms in Test Generation for digital systemsTMPA-2017: Evolutionary Algorithms in Test Generation for digital systems
TMPA-2017: Evolutionary Algorithms in Test Generation for digital systems
Iosif Itkin
 
Digital System Design Lab Report - VHDL ECE
Digital System Design Lab Report - VHDL ECEDigital System Design Lab Report - VHDL ECE
Digital System Design Lab Report - VHDL ECE
Ramesh Naik Bhukya
 
Introduction to-vhdl
Introduction to-vhdlIntroduction to-vhdl
Introduction to-vhdl
Neeraj Gupta
 
Coverage and Introduction to UVM
Coverage and Introduction to UVMCoverage and Introduction to UVM
Coverage and Introduction to UVM
Dr. Shivananda Koteshwar
 
ECAD lab manual
ECAD lab manualECAD lab manual
ECAD lab manual
Dr. Swaminathan Kathirvel
 
CG OpenGL polar curves & input display color-course 4
CG OpenGL polar curves & input display color-course 4CG OpenGL polar curves & input display color-course 4
CG OpenGL polar curves & input display color-course 4
fungfung Chen
 
System verilog important
System verilog importantSystem verilog important
System verilog important
elumalai7
 
ATPG Methods and Algorithms
ATPG Methods and AlgorithmsATPG Methods and Algorithms
ATPG Methods and Algorithms
Deiptii Das
 
How to Connect SystemVerilog with Octave
How to Connect SystemVerilog with OctaveHow to Connect SystemVerilog with Octave
How to Connect SystemVerilog with Octave
Amiq Consulting
 
Practical file
Practical filePractical file
Practical file
rajeevkr35
 
Uvm cookbook-systemverilog-guidelines-verification-academy
Uvm cookbook-systemverilog-guidelines-verification-academyUvm cookbook-systemverilog-guidelines-verification-academy
Uvm cookbook-systemverilog-guidelines-verification-academy
Raghavendra Kamath
 
Doulos coverage-tips-tricks
Doulos coverage-tips-tricksDoulos coverage-tips-tricks
Doulos coverage-tips-tricks
Obsidian Software
 
UVM TUTORIAL;
UVM TUTORIAL;UVM TUTORIAL;
UVM TUTORIAL;
Azad Mishra
 
Re usable continuous-time analog sva assertions
Re usable continuous-time analog sva assertionsRe usable continuous-time analog sva assertions
Re usable continuous-time analog sva assertions
Régis SANTONJA
 
Session 8 assertion_based_verification_and_interfaces
Session 8 assertion_based_verification_and_interfacesSession 8 assertion_based_verification_and_interfaces
Session 8 assertion_based_verification_and_interfaces
Nirav Desai
 
Upgrading to System Verilog for FPGA Designs, Srinivasan Venkataramanan, CVC
Upgrading to System Verilog for FPGA Designs, Srinivasan Venkataramanan, CVCUpgrading to System Verilog for FPGA Designs, Srinivasan Venkataramanan, CVC
Upgrading to System Verilog for FPGA Designs, Srinivasan Venkataramanan, CVC
FPGA Central
 
An integrated approach for designing and testing specific processors
An integrated approach for designing and testing specific processorsAn integrated approach for designing and testing specific processors
An integrated approach for designing and testing specific processors
VLSICS Design
 
Session 7 code_functional_coverage
Session 7 code_functional_coverageSession 7 code_functional_coverage
Session 7 code_functional_coverage
Nirav Desai
 
QTP 10 00 Guide
QTP 10 00 GuideQTP 10 00 Guide
QTP 10 00 Guide
G.C Reddy
 
VHdl lab report
VHdl lab reportVHdl lab report
VHdl lab report
Jinesh Kb
 

Similar to DO-178C OOT supplement: A user's perspective (20)

Stephan berg track f
Stephan berg track fStephan berg track f
Stephan berg track f
Alona Gradman
 
Processor Verification Using Open Source Tools and the GCC Regression Test Suite
Processor Verification Using Open Source Tools and the GCC Regression Test SuiteProcessor Verification Using Open Source Tools and the GCC Regression Test Suite
Processor Verification Using Open Source Tools and the GCC Regression Test Suite
DVClub
 
Open-DO Update
Open-DO UpdateOpen-DO Update
Open-DO Update
AdaCore
 
Detecting soft errors by a purely software approach
Detecting soft errors by a purely software approachDetecting soft errors by a purely software approach
Detecting soft errors by a purely software approach
Md. Hasibur Rashid
 
Detecting soft errors by a purely software approach
Detecting soft errors by a purely software approachDetecting soft errors by a purely software approach
Detecting soft errors by a purely software approach
Md. Hasibur Rashid
 
Bounded Model Checking for C Programs in an Enterprise Environment
Bounded Model Checking for C Programs in an Enterprise EnvironmentBounded Model Checking for C Programs in an Enterprise Environment
Bounded Model Checking for C Programs in an Enterprise Environment
AdaCore
 
cscript_controller.pdf
cscript_controller.pdfcscript_controller.pdf
cscript_controller.pdf
VcTrn1
 
Implementing distributed mclock in ceph
Implementing distributed mclock in cephImplementing distributed mclock in ceph
Implementing distributed mclock in ceph
병수 박
 
DvClub 2102 tlm based software control of uvcs for vertical verification re...
DvClub 2102 tlm based software control of uvcs for vertical verification re...DvClub 2102 tlm based software control of uvcs for vertical verification re...
DvClub 2102 tlm based software control of uvcs for vertical verification re...
Amit Bhandu
 
Fall 2016 Insurance Case Study – Finance 360Loss ControlLoss.docx
Fall 2016 Insurance Case Study – Finance 360Loss ControlLoss.docxFall 2016 Insurance Case Study – Finance 360Loss ControlLoss.docx
Fall 2016 Insurance Case Study – Finance 360Loss ControlLoss.docx
lmelaine
 
Kroening et al, v2c a verilog to c translator
Kroening et al, v2c a verilog to c translatorKroening et al, v2c a verilog to c translator
Kroening et al, v2c a verilog to c translator
sce,bhopal
 
Report
ReportReport
Report
Conor McMenamin
 
IRJET- Design and Characterization of MAEC IP Core
IRJET- Design and Characterization of MAEC IP CoreIRJET- Design and Characterization of MAEC IP Core
IRJET- Design and Characterization of MAEC IP Core
IRJET Journal
 
Cocomo Model Presentation Software Engineering, MAKUT
Cocomo Model Presentation Software Engineering, MAKUTCocomo Model Presentation Software Engineering, MAKUT
Cocomo Model Presentation Software Engineering, MAKUT
allpurposeuse2024
 
Presentation slides: "How to get 100% code coverage"
Presentation slides: "How to get 100% code coverage" Presentation slides: "How to get 100% code coverage"
Presentation slides: "How to get 100% code coverage"
Rapita Systems Ltd
 
HKG15-300: Art's Quick Compiler: An unofficial overview
HKG15-300: Art's Quick Compiler: An unofficial overviewHKG15-300: Art's Quick Compiler: An unofficial overview
HKG15-300: Art's Quick Compiler: An unofficial overview
Linaro
 
FACS2017-Presentation.pdf
FACS2017-Presentation.pdfFACS2017-Presentation.pdf
FACS2017-Presentation.pdf
allberson
 
Keynote (Mike Muller) - Is There Anything New in Heterogeneous Computing - by...
Keynote (Mike Muller) - Is There Anything New in Heterogeneous Computing - by...Keynote (Mike Muller) - Is There Anything New in Heterogeneous Computing - by...
Keynote (Mike Muller) - Is There Anything New in Heterogeneous Computing - by...
AMD Developer Central
 
1.ppt
1.ppt1.ppt
1.ppt
ManojKumar297202
 
Accelerated Mac OS X Core Dump Analysis training public slides
Accelerated Mac OS X Core Dump Analysis training public slidesAccelerated Mac OS X Core Dump Analysis training public slides
Accelerated Mac OS X Core Dump Analysis training public slides
Dmitry Vostokov
 
Stephan berg track f
Stephan berg track fStephan berg track f
Stephan berg track f
Alona Gradman
 
Processor Verification Using Open Source Tools and the GCC Regression Test Suite
Processor Verification Using Open Source Tools and the GCC Regression Test SuiteProcessor Verification Using Open Source Tools and the GCC Regression Test Suite
Processor Verification Using Open Source Tools and the GCC Regression Test Suite
DVClub
 
Open-DO Update
Open-DO UpdateOpen-DO Update
Open-DO Update
AdaCore
 
Detecting soft errors by a purely software approach
Detecting soft errors by a purely software approachDetecting soft errors by a purely software approach
Detecting soft errors by a purely software approach
Md. Hasibur Rashid
 
Detecting soft errors by a purely software approach
Detecting soft errors by a purely software approachDetecting soft errors by a purely software approach
Detecting soft errors by a purely software approach
Md. Hasibur Rashid
 
Bounded Model Checking for C Programs in an Enterprise Environment
Bounded Model Checking for C Programs in an Enterprise EnvironmentBounded Model Checking for C Programs in an Enterprise Environment
Bounded Model Checking for C Programs in an Enterprise Environment
AdaCore
 
cscript_controller.pdf
cscript_controller.pdfcscript_controller.pdf
cscript_controller.pdf
VcTrn1
 
Implementing distributed mclock in ceph
Implementing distributed mclock in cephImplementing distributed mclock in ceph
Implementing distributed mclock in ceph
병수 박
 
DvClub 2102 tlm based software control of uvcs for vertical verification re...
DvClub 2102 tlm based software control of uvcs for vertical verification re...DvClub 2102 tlm based software control of uvcs for vertical verification re...
DvClub 2102 tlm based software control of uvcs for vertical verification re...
Amit Bhandu
 
Fall 2016 Insurance Case Study – Finance 360Loss ControlLoss.docx
Fall 2016 Insurance Case Study – Finance 360Loss ControlLoss.docxFall 2016 Insurance Case Study – Finance 360Loss ControlLoss.docx
Fall 2016 Insurance Case Study – Finance 360Loss ControlLoss.docx
lmelaine
 
Kroening et al, v2c a verilog to c translator
Kroening et al, v2c a verilog to c translatorKroening et al, v2c a verilog to c translator
Kroening et al, v2c a verilog to c translator
sce,bhopal
 
Report
ReportReport
Report
Conor McMenamin
 
IRJET- Design and Characterization of MAEC IP Core
IRJET- Design and Characterization of MAEC IP CoreIRJET- Design and Characterization of MAEC IP Core
IRJET- Design and Characterization of MAEC IP Core
IRJET Journal
 
Cocomo Model Presentation Software Engineering, MAKUT
Cocomo Model Presentation Software Engineering, MAKUTCocomo Model Presentation Software Engineering, MAKUT
Cocomo Model Presentation Software Engineering, MAKUT
allpurposeuse2024
 
Presentation slides: "How to get 100% code coverage"
Presentation slides: "How to get 100% code coverage" Presentation slides: "How to get 100% code coverage"
Presentation slides: "How to get 100% code coverage"
Rapita Systems Ltd
 
HKG15-300: Art's Quick Compiler: An unofficial overview
HKG15-300: Art's Quick Compiler: An unofficial overviewHKG15-300: Art's Quick Compiler: An unofficial overview
HKG15-300: Art's Quick Compiler: An unofficial overview
Linaro
 
FACS2017-Presentation.pdf
FACS2017-Presentation.pdfFACS2017-Presentation.pdf
FACS2017-Presentation.pdf
allberson
 
Keynote (Mike Muller) - Is There Anything New in Heterogeneous Computing - by...
Keynote (Mike Muller) - Is There Anything New in Heterogeneous Computing - by...Keynote (Mike Muller) - Is There Anything New in Heterogeneous Computing - by...
Keynote (Mike Muller) - Is There Anything New in Heterogeneous Computing - by...
AMD Developer Central
 
1.ppt
1.ppt1.ppt
1.ppt
ManojKumar297202
 
Accelerated Mac OS X Core Dump Analysis training public slides
Accelerated Mac OS X Core Dump Analysis training public slidesAccelerated Mac OS X Core Dump Analysis training public slides
Accelerated Mac OS X Core Dump Analysis training public slides
Dmitry Vostokov
 
Ad

More from AdaCore (20)

RCA OCORA: Safe Computing Platform using open standards
RCA OCORA: Safe Computing Platform using open standardsRCA OCORA: Safe Computing Platform using open standards
RCA OCORA: Safe Computing Platform using open standards
AdaCore
 
Have we a Human Ecosystem?
Have we a Human Ecosystem?Have we a Human Ecosystem?
Have we a Human Ecosystem?
AdaCore
 
Rust and the coming age of high integrity languages
Rust and the coming age of high integrity languagesRust and the coming age of high integrity languages
Rust and the coming age of high integrity languages
AdaCore
 
SPARKNaCl: A verified, fast cryptographic library
SPARKNaCl: A verified, fast cryptographic librarySPARKNaCl: A verified, fast cryptographic library
SPARKNaCl: A verified, fast cryptographic library
AdaCore
 
Developing Future High Integrity Processing Solutions
Developing Future High Integrity Processing SolutionsDeveloping Future High Integrity Processing Solutions
Developing Future High Integrity Processing Solutions
AdaCore
 
Taming event-driven software via formal verification
Taming event-driven software via formal verificationTaming event-driven software via formal verification
Taming event-driven software via formal verification
AdaCore
 
Pushing the Boundary of Mostly Automatic Program Proof
Pushing the Boundary of Mostly Automatic Program ProofPushing the Boundary of Mostly Automatic Program Proof
Pushing the Boundary of Mostly Automatic Program Proof
AdaCore
 
RCA OCORA: Safe Computing Platform using open standards
RCA OCORA: Safe Computing Platform using open standardsRCA OCORA: Safe Computing Platform using open standards
RCA OCORA: Safe Computing Platform using open standards
AdaCore
 
Product Lines and Ecosystems: from customization to configuration
Product Lines and Ecosystems: from customization to configurationProduct Lines and Ecosystems: from customization to configuration
Product Lines and Ecosystems: from customization to configuration
AdaCore
 
Securing the Future of Safety and Security of Embedded Software
Securing the Future of Safety and Security of Embedded SoftwareSecuring the Future of Safety and Security of Embedded Software
Securing the Future of Safety and Security of Embedded Software
AdaCore
 
Spark / Ada for Safe and Secure Firmware Development
Spark / Ada for Safe and Secure Firmware DevelopmentSpark / Ada for Safe and Secure Firmware Development
Spark / Ada for Safe and Secure Firmware Development
AdaCore
 
Introducing the HICLASS Research Programme - Enabling Development of Complex ...
Introducing the HICLASS Research Programme - Enabling Development of Complex ...Introducing the HICLASS Research Programme - Enabling Development of Complex ...
Introducing the HICLASS Research Programme - Enabling Development of Complex ...
AdaCore
 
The Future of Aerospace – More Software Please!
The Future of Aerospace – More Software Please!The Future of Aerospace – More Software Please!
The Future of Aerospace – More Software Please!
AdaCore
 
Adaptive AUTOSAR - The New AUTOSAR Architecture
Adaptive AUTOSAR - The New AUTOSAR ArchitectureAdaptive AUTOSAR - The New AUTOSAR Architecture
Adaptive AUTOSAR - The New AUTOSAR Architecture
AdaCore
 
Using Tiers of Assurance Evidence to Reduce the Tears! Adopting the “Wheel of...
Using Tiers of Assurance Evidence to Reduce the Tears! Adopting the “Wheel of...Using Tiers of Assurance Evidence to Reduce the Tears! Adopting the “Wheel of...
Using Tiers of Assurance Evidence to Reduce the Tears! Adopting the “Wheel of...
AdaCore
 
Software Engineering for Robotics - The RoboStar Technology
Software Engineering for Robotics - The RoboStar TechnologySoftware Engineering for Robotics - The RoboStar Technology
Software Engineering for Robotics - The RoboStar Technology
AdaCore
 
MISRA C in an ISO 26262 context
MISRA C in an ISO 26262 contextMISRA C in an ISO 26262 context
MISRA C in an ISO 26262 context
AdaCore
 
Application of theorem proving for safety-critical vehicle software
Application of theorem proving for safety-critical vehicle softwareApplication of theorem proving for safety-critical vehicle software
Application of theorem proving for safety-critical vehicle software
AdaCore
 
The Application of Formal Methods to Railway Signalling Software
The Application of Formal Methods to Railway Signalling SoftwareThe Application of Formal Methods to Railway Signalling Software
The Application of Formal Methods to Railway Signalling Software
AdaCore
 
Multi-Core (MC) Processor Qualification for Safety Critical Systems
Multi-Core (MC) Processor Qualification for Safety Critical SystemsMulti-Core (MC) Processor Qualification for Safety Critical Systems
Multi-Core (MC) Processor Qualification for Safety Critical Systems
AdaCore
 
RCA OCORA: Safe Computing Platform using open standards
RCA OCORA: Safe Computing Platform using open standardsRCA OCORA: Safe Computing Platform using open standards
RCA OCORA: Safe Computing Platform using open standards
AdaCore
 
Have we a Human Ecosystem?
Have we a Human Ecosystem?Have we a Human Ecosystem?
Have we a Human Ecosystem?
AdaCore
 
Rust and the coming age of high integrity languages
Rust and the coming age of high integrity languagesRust and the coming age of high integrity languages
Rust and the coming age of high integrity languages
AdaCore
 
SPARKNaCl: A verified, fast cryptographic library
SPARKNaCl: A verified, fast cryptographic librarySPARKNaCl: A verified, fast cryptographic library
SPARKNaCl: A verified, fast cryptographic library
AdaCore
 
Developing Future High Integrity Processing Solutions
Developing Future High Integrity Processing SolutionsDeveloping Future High Integrity Processing Solutions
Developing Future High Integrity Processing Solutions
AdaCore
 
Taming event-driven software via formal verification
Taming event-driven software via formal verificationTaming event-driven software via formal verification
Taming event-driven software via formal verification
AdaCore
 
Pushing the Boundary of Mostly Automatic Program Proof
Pushing the Boundary of Mostly Automatic Program ProofPushing the Boundary of Mostly Automatic Program Proof
Pushing the Boundary of Mostly Automatic Program Proof
AdaCore
 
RCA OCORA: Safe Computing Platform using open standards
RCA OCORA: Safe Computing Platform using open standardsRCA OCORA: Safe Computing Platform using open standards
RCA OCORA: Safe Computing Platform using open standards
AdaCore
 
Product Lines and Ecosystems: from customization to configuration
Product Lines and Ecosystems: from customization to configurationProduct Lines and Ecosystems: from customization to configuration
Product Lines and Ecosystems: from customization to configuration
AdaCore
 
Securing the Future of Safety and Security of Embedded Software
Securing the Future of Safety and Security of Embedded SoftwareSecuring the Future of Safety and Security of Embedded Software
Securing the Future of Safety and Security of Embedded Software
AdaCore
 
Spark / Ada for Safe and Secure Firmware Development
Spark / Ada for Safe and Secure Firmware DevelopmentSpark / Ada for Safe and Secure Firmware Development
Spark / Ada for Safe and Secure Firmware Development
AdaCore
 
Introducing the HICLASS Research Programme - Enabling Development of Complex ...
Introducing the HICLASS Research Programme - Enabling Development of Complex ...Introducing the HICLASS Research Programme - Enabling Development of Complex ...
Introducing the HICLASS Research Programme - Enabling Development of Complex ...
AdaCore
 
The Future of Aerospace – More Software Please!
The Future of Aerospace – More Software Please!The Future of Aerospace – More Software Please!
The Future of Aerospace – More Software Please!
AdaCore
 
Adaptive AUTOSAR - The New AUTOSAR Architecture
Adaptive AUTOSAR - The New AUTOSAR ArchitectureAdaptive AUTOSAR - The New AUTOSAR Architecture
Adaptive AUTOSAR - The New AUTOSAR Architecture
AdaCore
 
Using Tiers of Assurance Evidence to Reduce the Tears! Adopting the “Wheel of...
Using Tiers of Assurance Evidence to Reduce the Tears! Adopting the “Wheel of...Using Tiers of Assurance Evidence to Reduce the Tears! Adopting the “Wheel of...
Using Tiers of Assurance Evidence to Reduce the Tears! Adopting the “Wheel of...
AdaCore
 
Software Engineering for Robotics - The RoboStar Technology
Software Engineering for Robotics - The RoboStar TechnologySoftware Engineering for Robotics - The RoboStar Technology
Software Engineering for Robotics - The RoboStar Technology
AdaCore
 
MISRA C in an ISO 26262 context
MISRA C in an ISO 26262 contextMISRA C in an ISO 26262 context
MISRA C in an ISO 26262 context
AdaCore
 
Application of theorem proving for safety-critical vehicle software
Application of theorem proving for safety-critical vehicle softwareApplication of theorem proving for safety-critical vehicle software
Application of theorem proving for safety-critical vehicle software
AdaCore
 
The Application of Formal Methods to Railway Signalling Software
The Application of Formal Methods to Railway Signalling SoftwareThe Application of Formal Methods to Railway Signalling Software
The Application of Formal Methods to Railway Signalling Software
AdaCore
 
Multi-Core (MC) Processor Qualification for Safety Critical Systems
Multi-Core (MC) Processor Qualification for Safety Critical SystemsMulti-Core (MC) Processor Qualification for Safety Critical Systems
Multi-Core (MC) Processor Qualification for Safety Critical Systems
AdaCore
 
Ad

Recently uploaded (20)

Linux Professional Institute LPIC-1 Exam.pdf
Linux Professional Institute LPIC-1 Exam.pdfLinux Professional Institute LPIC-1 Exam.pdf
Linux Professional Institute LPIC-1 Exam.pdf
RHCSA Guru
 
Transcript: #StandardsGoals for 2025: Standards & certification roundup - Tec...
Transcript: #StandardsGoals for 2025: Standards & certification roundup - Tec...Transcript: #StandardsGoals for 2025: Standards & certification roundup - Tec...
Transcript: #StandardsGoals for 2025: Standards & certification roundup - Tec...
BookNet Canada
 
tecnologias de las primeras civilizaciones.pdf
tecnologias de las primeras civilizaciones.pdftecnologias de las primeras civilizaciones.pdf
tecnologias de las primeras civilizaciones.pdf
fjgm517
 
What is Model Context Protocol(MCP) - The new technology for communication bw...
What is Model Context Protocol(MCP) - The new technology for communication bw...What is Model Context Protocol(MCP) - The new technology for communication bw...
What is Model Context Protocol(MCP) - The new technology for communication bw...
Vishnu Singh Chundawat
 
Special Meetup Edition - TDX Bengaluru Meetup #52.pptx
Special Meetup Edition - TDX Bengaluru Meetup #52.pptxSpecial Meetup Edition - TDX Bengaluru Meetup #52.pptx
Special Meetup Edition - TDX Bengaluru Meetup #52.pptx
shyamraj55
 
Dev Dives: Automate and orchestrate your processes with UiPath Maestro
Dev Dives: Automate and orchestrate your processes with UiPath MaestroDev Dives: Automate and orchestrate your processes with UiPath Maestro
Dev Dives: Automate and orchestrate your processes with UiPath Maestro
UiPathCommunity
 
AI and Data Privacy in 2025: Global Trends
AI and Data Privacy in 2025: Global TrendsAI and Data Privacy in 2025: Global Trends
AI and Data Privacy in 2025: Global Trends
InData Labs
 
Increasing Retail Store Efficiency How can Planograms Save Time and Money.pptx
Increasing Retail Store Efficiency How can Planograms Save Time and Money.pptxIncreasing Retail Store Efficiency How can Planograms Save Time and Money.pptx
Increasing Retail Store Efficiency How can Planograms Save Time and Money.pptx
Anoop Ashok
 
IEDM 2024 Tutorial2_Advances in CMOS Technologies and Future Directions for C...
IEDM 2024 Tutorial2_Advances in CMOS Technologies and Future Directions for C...IEDM 2024 Tutorial2_Advances in CMOS Technologies and Future Directions for C...
IEDM 2024 Tutorial2_Advances in CMOS Technologies and Future Directions for C...
organizerofv
 
ThousandEyes Partner Innovation Updates for May 2025
ThousandEyes Partner Innovation Updates for May 2025ThousandEyes Partner Innovation Updates for May 2025
ThousandEyes Partner Innovation Updates for May 2025
ThousandEyes
 
Greenhouse_Monitoring_Presentation.pptx.
Greenhouse_Monitoring_Presentation.pptx.Greenhouse_Monitoring_Presentation.pptx.
Greenhouse_Monitoring_Presentation.pptx.
hpbmnnxrvb
 
Noah Loul Shares 5 Steps to Implement AI Agents for Maximum Business Efficien...
Noah Loul Shares 5 Steps to Implement AI Agents for Maximum Business Efficien...Noah Loul Shares 5 Steps to Implement AI Agents for Maximum Business Efficien...
Noah Loul Shares 5 Steps to Implement AI Agents for Maximum Business Efficien...
Noah Loul
 
Drupalcamp Finland – Measuring Front-end Energy Consumption
Drupalcamp Finland – Measuring Front-end Energy ConsumptionDrupalcamp Finland – Measuring Front-end Energy Consumption
Drupalcamp Finland – Measuring Front-end Energy Consumption
Exove
 
Electronic_Mail_Attacks-1-35.pdf by xploit
Electronic_Mail_Attacks-1-35.pdf by xploitElectronic_Mail_Attacks-1-35.pdf by xploit
Electronic_Mail_Attacks-1-35.pdf by xploit
niftliyevhuseyn
 
Designing Low-Latency Systems with Rust and ScyllaDB: An Architectural Deep Dive
Designing Low-Latency Systems with Rust and ScyllaDB: An Architectural Deep DiveDesigning Low-Latency Systems with Rust and ScyllaDB: An Architectural Deep Dive
Designing Low-Latency Systems with Rust and ScyllaDB: An Architectural Deep Dive
ScyllaDB
 
UiPath Community Berlin: Orchestrator API, Swagger, and Test Manager API
UiPath Community Berlin: Orchestrator API, Swagger, and Test Manager APIUiPath Community Berlin: Orchestrator API, Swagger, and Test Manager API
UiPath Community Berlin: Orchestrator API, Swagger, and Test Manager API
UiPathCommunity
 
Linux Support for SMARC: How Toradex Empowers Embedded Developers
Linux Support for SMARC: How Toradex Empowers Embedded DevelopersLinux Support for SMARC: How Toradex Empowers Embedded Developers
Linux Support for SMARC: How Toradex Empowers Embedded Developers
Toradex
 
#StandardsGoals for 2025: Standards & certification roundup - Tech Forum 2025
#StandardsGoals for 2025: Standards & certification roundup - Tech Forum 2025#StandardsGoals for 2025: Standards & certification roundup - Tech Forum 2025
#StandardsGoals for 2025: Standards & certification roundup - Tech Forum 2025
BookNet Canada
 
AI EngineHost Review: Revolutionary USA Datacenter-Based Hosting with NVIDIA ...
AI EngineHost Review: Revolutionary USA Datacenter-Based Hosting with NVIDIA ...AI EngineHost Review: Revolutionary USA Datacenter-Based Hosting with NVIDIA ...
AI EngineHost Review: Revolutionary USA Datacenter-Based Hosting with NVIDIA ...
SOFTTECHHUB
 
How Can I use the AI Hype in my Business Context?
How Can I use the AI Hype in my Business Context?How Can I use the AI Hype in my Business Context?
How Can I use the AI Hype in my Business Context?
Daniel Lehner
 
Linux Professional Institute LPIC-1 Exam.pdf
Linux Professional Institute LPIC-1 Exam.pdfLinux Professional Institute LPIC-1 Exam.pdf
Linux Professional Institute LPIC-1 Exam.pdf
RHCSA Guru
 
Transcript: #StandardsGoals for 2025: Standards & certification roundup - Tec...
Transcript: #StandardsGoals for 2025: Standards & certification roundup - Tec...Transcript: #StandardsGoals for 2025: Standards & certification roundup - Tec...
Transcript: #StandardsGoals for 2025: Standards & certification roundup - Tec...
BookNet Canada
 
tecnologias de las primeras civilizaciones.pdf
tecnologias de las primeras civilizaciones.pdftecnologias de las primeras civilizaciones.pdf
tecnologias de las primeras civilizaciones.pdf
fjgm517
 
What is Model Context Protocol(MCP) - The new technology for communication bw...
What is Model Context Protocol(MCP) - The new technology for communication bw...What is Model Context Protocol(MCP) - The new technology for communication bw...
What is Model Context Protocol(MCP) - The new technology for communication bw...
Vishnu Singh Chundawat
 
Special Meetup Edition - TDX Bengaluru Meetup #52.pptx
Special Meetup Edition - TDX Bengaluru Meetup #52.pptxSpecial Meetup Edition - TDX Bengaluru Meetup #52.pptx
Special Meetup Edition - TDX Bengaluru Meetup #52.pptx
shyamraj55
 
Dev Dives: Automate and orchestrate your processes with UiPath Maestro
Dev Dives: Automate and orchestrate your processes with UiPath MaestroDev Dives: Automate and orchestrate your processes with UiPath Maestro
Dev Dives: Automate and orchestrate your processes with UiPath Maestro
UiPathCommunity
 
AI and Data Privacy in 2025: Global Trends
AI and Data Privacy in 2025: Global TrendsAI and Data Privacy in 2025: Global Trends
AI and Data Privacy in 2025: Global Trends
InData Labs
 
Increasing Retail Store Efficiency How can Planograms Save Time and Money.pptx
Increasing Retail Store Efficiency How can Planograms Save Time and Money.pptxIncreasing Retail Store Efficiency How can Planograms Save Time and Money.pptx
Increasing Retail Store Efficiency How can Planograms Save Time and Money.pptx
Anoop Ashok
 
IEDM 2024 Tutorial2_Advances in CMOS Technologies and Future Directions for C...
IEDM 2024 Tutorial2_Advances in CMOS Technologies and Future Directions for C...IEDM 2024 Tutorial2_Advances in CMOS Technologies and Future Directions for C...
IEDM 2024 Tutorial2_Advances in CMOS Technologies and Future Directions for C...
organizerofv
 
ThousandEyes Partner Innovation Updates for May 2025
ThousandEyes Partner Innovation Updates for May 2025ThousandEyes Partner Innovation Updates for May 2025
ThousandEyes Partner Innovation Updates for May 2025
ThousandEyes
 
Greenhouse_Monitoring_Presentation.pptx.
Greenhouse_Monitoring_Presentation.pptx.Greenhouse_Monitoring_Presentation.pptx.
Greenhouse_Monitoring_Presentation.pptx.
hpbmnnxrvb
 
Noah Loul Shares 5 Steps to Implement AI Agents for Maximum Business Efficien...
Noah Loul Shares 5 Steps to Implement AI Agents for Maximum Business Efficien...Noah Loul Shares 5 Steps to Implement AI Agents for Maximum Business Efficien...
Noah Loul Shares 5 Steps to Implement AI Agents for Maximum Business Efficien...
Noah Loul
 
Drupalcamp Finland – Measuring Front-end Energy Consumption
Drupalcamp Finland – Measuring Front-end Energy ConsumptionDrupalcamp Finland – Measuring Front-end Energy Consumption
Drupalcamp Finland – Measuring Front-end Energy Consumption
Exove
 
Electronic_Mail_Attacks-1-35.pdf by xploit
Electronic_Mail_Attacks-1-35.pdf by xploitElectronic_Mail_Attacks-1-35.pdf by xploit
Electronic_Mail_Attacks-1-35.pdf by xploit
niftliyevhuseyn
 
Designing Low-Latency Systems with Rust and ScyllaDB: An Architectural Deep Dive
Designing Low-Latency Systems with Rust and ScyllaDB: An Architectural Deep DiveDesigning Low-Latency Systems with Rust and ScyllaDB: An Architectural Deep Dive
Designing Low-Latency Systems with Rust and ScyllaDB: An Architectural Deep Dive
ScyllaDB
 
UiPath Community Berlin: Orchestrator API, Swagger, and Test Manager API
UiPath Community Berlin: Orchestrator API, Swagger, and Test Manager APIUiPath Community Berlin: Orchestrator API, Swagger, and Test Manager API
UiPath Community Berlin: Orchestrator API, Swagger, and Test Manager API
UiPathCommunity
 
Linux Support for SMARC: How Toradex Empowers Embedded Developers
Linux Support for SMARC: How Toradex Empowers Embedded DevelopersLinux Support for SMARC: How Toradex Empowers Embedded Developers
Linux Support for SMARC: How Toradex Empowers Embedded Developers
Toradex
 
#StandardsGoals for 2025: Standards & certification roundup - Tech Forum 2025
#StandardsGoals for 2025: Standards & certification roundup - Tech Forum 2025#StandardsGoals for 2025: Standards & certification roundup - Tech Forum 2025
#StandardsGoals for 2025: Standards & certification roundup - Tech Forum 2025
BookNet Canada
 
AI EngineHost Review: Revolutionary USA Datacenter-Based Hosting with NVIDIA ...
AI EngineHost Review: Revolutionary USA Datacenter-Based Hosting with NVIDIA ...AI EngineHost Review: Revolutionary USA Datacenter-Based Hosting with NVIDIA ...
AI EngineHost Review: Revolutionary USA Datacenter-Based Hosting with NVIDIA ...
SOFTTECHHUB
 
How Can I use the AI Hype in my Business Context?
How Can I use the AI Hype in my Business Context?How Can I use the AI Hype in my Business Context?
How Can I use the AI Hype in my Business Context?
Daniel Lehner
 

DO-178C OOT supplement: A user's perspective

  • 1. DO178C/ED12C OOT A User’s Perspective Cyrille Comar Hugues Bonnin Fred Rivard Certification Together International Conference, Toulouse, October 2010
  • 2. CTIC 2010 2 Agenda 3 examples of DO178C/OOT usage 1. Inheritance : Liskov Substitution Principle (LSP) with Ada 2. Virtualization : the Java Virtual Machine case 3. Dynamic Memory Management : a Java Garbage Collector example
  • 3. Inheritance : Liskov Substitution Principle (LSP) with Ada
  • 4. CTIC 2010 4 Local Type Consistency (TC)  In order to mitigate inheritance vulnerabilities, local type consistency has to be demonstrated. Indeed, this property limits reliably inheritance mechanism.  TC is referred in : ◦ OO.4.4 n. : if reuse is planned, maintenance of TC shall be described. ◦ OO.5.2.2 j. : in design activities, class hiearachy with TC must be developped with associated LLR. ◦ OO.6.7 : specific verification for Local Type Consistency has to be done, with added objective in table A-7 (OO-10).
  • 5. CTIC 2010 5 Local Type Consistency (TC) 1. Formal Methods: ◦ Precondition weakening ◦ Postcondition Strengthening 2. Unit Testing (on LLRs associated with Class methods) ◦ Run all tests associated with a class using objects of child classes 3. Pessimistic Testing ◦ Verify that all dispatching calls are covered by tests exercising all methods potentially reachable from a dispatch point
  • 6. CTIC 2010 6 TC by Formal Analysis type Class1 is tagged private; procedure Method (C : in out Class1; I : Integer) with pre => I > 0; post => C.Updated; type Class2 is new Class1 with private; procedure Method (C : in out Class2; I : Integer) with pre => I >= 0; post => C.Updated and C.Sorted; Ada2012 syntax must demonstrate that • I > 0  I >= 0 • C.Updated and C.Sorted  C.Updated Liskov Substitution Principle: • Precondition is weakened • Postcondition is strengthened
  • 7. CTIC 2010 7 TC by Formal Analysis (2)  Spark = Small Ada + logical annotations  Spark supports limited OO features  Spark already performs this verification type Class1 is tagged private; function Updated (C : Class1) return Boolean; function Sorted (C : Class1) return Boolean; procedure Method (C : in out Class1; I : Integer); --# pre I > 0; --# post Updated(C); type Class2 is new Class1 with private; procedure Method (C : in out Class2; I : Integer); --# pre I >= 0; --# post Updated(C) and Sorted (C); H1: updated(fld_inherit(c)) . H2: sorted(fld_inherit(c)) . -> C1: updated(fld_inherit(c)) . H1: i > 0 . -> C1: i >= 0 . Spark produces 2 VCs (Verification Conditions)
  • 8. CTIC 2010 8 TC by Unit Testing  With proper organization of unit testing, verification is relatively easy to put in place: ◦ Each class has a mirror “test” class ◦ Each method has a mirror “test” method  Low-Level Requirements are associated with methods  Corresponding testcases are associated to the “mirror” test method ◦ Group all the tests related to a class in a testsuite ◦ Apply this testsuite to objects of the class ◦ Apply this testsuite to objects of subclasses Verify the LLRs associated with the class Verify type consistency
  • 9. CTIC 2010 9 TC by Unit Testing package Example is type T1 is tagged private; procedure M1 (X : T1); function F1 (X : T1) return Integer; type T2 is new T1 with private; overriding procedure M1 (X : T2); -- inherit F1 (X : T2) end Example; package Example.Unit_Tests is type Test_T1 is new Root_Class_Test with record Ptr : access_T1_Class; end record; procedure Test_M1 (X : Test_T1); procedure Test_F1 (X : Test_T1); type Test_T2 is new Test_T1 with private; overriding procedure Test_M1 (X : Test_T2); -- inherit Test_F1 (X : Test_T2) end Example.Unit_Tests; LLR1_M1 LLR2_M1 LLR1_M1_TestCase1 LLR1_M1_TestCase2 … +M1() +F1() T1 +M1() T2 +Test_M1() +Test_F1() -Ptr T1_Test +Test_M1() T2_Test 1 1
  • 10. CTIC 2010 10 TC by Unit Testing package body Example.Test_Suites is procedure T1_Test_Suite (T : Test_T1) is … procedure T2_Test_Suite (T : Test_T2) is begin Test_M1 (T); Test_F1 (T); -- call inherited test end T2_Test_Suite; end Example.Test_Suites; Procedure My_Test is T2_Obj : Test_T2 := (Root_Class_Test with new T2); begin -- regular testing on T2 Example.Test_Suites.T2_Test_Suite (T2_Obj); -- verify that T2 can substitute T1 safely Example.Test_Suites.T1_Test_Suite (Test_T1(T2_Obj)); end My_Test;
  • 11. CTIC 2010 11 TC by Pessimistic Testing  Locate all dispatching calls in the application  For each, infer every method that can be called  Verify that Req based testing cover all such cases
  • 12. CTIC 2010 12 TC by Pessimistic Testing procedure Do_Something (Obj1 : T1’Class; Obj2 : T2’Class) is begin … Obj1.M1; … Val := Obj2.F1; … end Do_Something; T2’s F1 T2’s M1 T1’s M1 … Do_Something (My_Obj1, My_Obj2); … Do_Something (My_Obj2, My_Obj2); … Enough to achieve stmt coverage but Not enough for Type Consistency verif Necessary to complete “pessimistic testing”
  • 13. Virtualization : the Java Virtual Machine case
  • 14. CTIC 2010 14 Multilayering needs  virtualization has multiple known interests for productivity and industrialisation ◦ SW/HW independance ◦ simulation easier ◦ portability improved  but for safety too : ◦ breakdown of complexity (« divide and conquer ») ◦ in case of Java :  stability of Java Bytecode (10+ years)  formal properties of bytecode but with DO178-B...
  • 15. CTIC 2010 15 Executable (on target) Code Design Specification Introduction of Virtualizatio n No room for Java Byte Code DO178-B approach Executable (on target) Code Design Specification Byte-Code (on VM) DO178C/OOT approach OO.4 “The target environment is either a target computer or a combination of virtualization software and a target computer. Virtualization software also needs to comply with DO-178C/ED-12C and applicable supplements”
  • 16. CTIC 2010 16 DO178C ref. on virtualization  OO.4.2 m. ◦ « Describe any planned use of virtualization » and « This data [byte code] should be treated as executable code »  OO.C.7.7 ◦ main vulnerability is « the code of a given virtualization layer may be considered to be data, consequently, tracing may be neglected, and verification may be insufficient »  OO11.7 g., OO11.8 f. ◦ standards (design and code) must include contraints on usage of virtualization
  • 17. CTIC 2010 17 Development principle for a Java Software (1/2) Java Application JVM Platform HW targetExecutable Code Design Specification Executable Code Design Specification
  • 18. CTIC 2010 18 Development principle for a Java Software (2/2)  Tests principles : « IMA-like » process Application on JVM  main part of appl. HLR, LLR tests JVM on target  main part of JVM HLR, LLR tests ApplicationonJVM ontarget smallpartof integrationtests Application exec. on JVM JVM exec. on HW
  • 19. CTIC 2010 19 Constraints on Application devt.  development of application is not changed  but « executable object code » is Java bytecode, and the target is a JVM.  it allows to executes tests on any JVM, considering that target environment is representative of final HW target. ◦ standardisation of the JVM greatly helps for this demonstration
  • 20. CTIC 2010 20 Constraints on JVM devt. (1)  Devt. of the JVM must be done at least at the same SW level as the application.  JVM HLR and LLR are principally described in Java Virtual Machine specification (the « blue book »).  Robust and deterministic algorithms must be chosen, and described in LLRs, to implement the JVM (see for example Garbage Collector in next part) ◦ The simplest are the choices, the easiest is the demonstration.
  • 21. CTIC 2010 21 Constraints on JVM devt. (2) : JVM Tests strategy HW target JVM Java tests JVM tests execution on JVM JVM Java Bytecode JVM target bytecode JVM execution on a Test JVM JVM execution on the target Test JVM Single test battery Stage 1 Stage 2
  • 22. Dynamic Memory Management : the Java Garbage Collector example
  • 23. CTIC 2010 23 DO178C ref. on Dynamic Memory Management  OO.C.7.6 ◦ vulnerabilities are listed and explained, with guidelines  OO.5.2.2 (design activities) : ◦ k. « As part of the software architecture, develop a strategy for memory management »  OO.11.7 g. et OO.11.8 f. ◦ standards (design and code) must include contraints on usage of memory management  OO.6.8 ◦ specific verification for Dynamic Memory Management has to be done, with added objective in table A-7 (OO- 11), covering all the vulnerabilities explained in OO.C
  • 24. CTIC 2010 24 Memory ManagementTable OO.C.7.6.3 : where sub-objectives are addressed MMI : Memory Management Infrastructure AC : Application  With automatic heap managament allocation, application transfers dynamic memory management problems to the infrastructure  this is a main advantage of using a Garbage Collector (GC) a b c d e f g Object pooling AC AC AC AC AC N/A MMI Stack allocation AC MMI MMI AC AC N/A MMI Scope allocation MMI MMI MMI AC AC MMI MMI Manual heap allocation AC AC* AC AC AC N/A MMI Automatic heap allocation MMI MMI MMI AC MMI MMI MMI Sub-objectives (OO.6.8.2) Technique
  • 25. CTIC 2010 25 7 vulnerabilities in DMM a. Ambiguous References b. Fragmentation Starvation c. Deallocation Starvation d. Heap Memory Exhaustion e. Premature Deallocation f. Lost Update and Stale Reference g. Time bound Allocation or Deallocation MMI MMI MMI MMI MMI MMI AC
  • 26. CTIC 2010 26 Verify GC by tests against vulnerabilities  these verification points are a sort of minimal requirements for a DMM infrastructure.  They all can be tested by adequate stress tests  For example, property e. « Premature Deallocation » ◦ 6.8.2.e states « Verify that reference consistency is maintained, that is, each object is unique, and is only viewed as that object. » ◦ One test could be :  one thread fill an array with objects ;  another one compare randomly cells of the array (a[x]==a[y]) ;  one third thread destroys the objects.  This process is repeated at a high rate and during a long period.  The comparison must never be true.
  • 27. CTIC 2010 27 Verify GC by analysis against vulnerabilities (1/2)  The fine characteristics of the GC give supplementary LLRs ◦ Stop-the the-world / concurrent ◦ Mark-sweep / copy ◦ Compact / not compact ◦ Exact / conservative pointers ◦ Work / time based ...
  • 28. CTIC 2010 28 Verify GC by analysis against vulnerabilities (2/2)  For example, b. Fragmentation Starvation c. Deallocation Starvation g. Time bound Allocation or Deallocation are well demonstrated by Shoeberl works, for concurrent-copy GC,  these charactristics can be used to give some sound verification of vulnerabities with periodic GC.
  • 30. CTIC 2010 30 Conclusion  DO178C/OOT supplement is a real guide to go to certification with OO features ◦ it gives the necessary constraints to make OO programs safe ◦ it gives the sufficient genercity to accept any known OO technology ◦ it gives didactical material (APP.C)  Thanks to this new DO178 version, modern OO technology will finally be embedded in our modern aircrafts.