Presentation on theme: "Dagstuhl Intro Mike Whalen. 2 Mike Whalen My main goal is to reduce software verification and validation (V&V) cost and increasing."— Presentation transcript:
Dagstuhl Intro Mike Whalen
http://www.umsec.umn.edu 2 Mike Whalen My main goal is to reduce software verification and validation (V&V) cost and increasing rigor Applied automated V&V techniques on industrial systems Proofs, bounded analyses, static analysis, automated testing Combining several kinds of assurance artifacts PhD in proofs of translation for synchronous languages [UMN 2005] Worked at Rockwell Collins for 6 ½ years on formal analysis of avionics systems Came back to UMN in December 2009 as Program Director for UM Software Engineering Center Work very closely with Mats Heimdahl, Rockwell Collins folks, and several other collaborators August, 20112RE 2011: Mike Whalen
http://www.umsec.umn.edu 3 RequirementsDesign / CodeTestField Automated completeness and consistency checking of requirements Compositional analysis Static analysis Automated proof that design/code satisfies requirements Requirements- based test oracles for unit and integration test runtime monitors to recover from failures at runtime Automated test generation from requirements Subsystem System System of Systems Level of Scale Uses of Formal Requirements
http://www.umsec.umn.edu 4 Rockwell Collins Inc. Gryphon Tool Family UMN: simulator, fault seeder, coverage measurement tool, TCG RCI: Information Flow Modeling S. Miller, M. Whalen, D. Cofer, Software Model Checking Takes Off, Communications of the ACM, February 2010 M. Whalen, D. Greve, L. Wagner, Model Checking Information Flow, In: Design and Verification of Microprocessor Systems for High-Assurance Applications, D. Hardin, Ed., Springer, March 2010. D. Hardin, D.R. Johnson, L. Wagner, and M. Whalen. Development of Security Software: A High-Assurance Methodology, ICFEM 2009, Rio de Janeiro, Brazil, December, 2009.
http://www.umsec.umn.edu 5 ADGS-2100 Adaptive Display & Guidance System Example Requirement: Drive the Maximum Number of Display Units Given the Available Graphics Processors Counterexample Found in 5 Seconds Checked 573 Properties - Found and Corrected 98 Errors in Early Design Models Modeled in Simulink Translated to NuSMV 4,295 Subsystems 16,117 Simulink Blocks Over 10 37 Reachable States
http://www.umsec.umn.edu 6 Use of formally verified Active/Standby design pattern cut development time by 1/3 and saved hundreds of hours of on-aircraft test time Flight Control System (FCS) FGS_LFGS_R 6 Architectural design patterns attack system complexity through automated model transformations with guaranteed behaviors State Space Size Fault-tolerance Configuration SYNCHRONOUS NETWORK ASYNCHRONOUS BOUNDED DELAY NETWORK WITH PALS NODE 1 NODE 2 NODE 3 NODE 1 NODE 2 NODE 3 T CLOCK JITTER ii + 1i PALS: Physically Asynchronous Logically Synchronous Rework cost is up to 60% of total development cost for large, complex systems. Verification reuse through design patterns supports correct-by- construction system development Avionics System (AADL model) FCS Flight Guidance System (FGS) MODE LOGIC CONTROL LOGIC LEADER SELECT PALS pattern for virtual synchrony achieves >3 orders of magnitude reduction in state space and verification complexity ASSUMPTIONS GUARANTEES Compositional verification exploits natural system hierarchy through formal assume-guarantee reasoning Leader Select PALSRep Platform synchronous communication one node operational timing constraints not co-located Avionics System leader transition bounded Active-Standby pattern for fault-tolerant control allows system developers to work at a higher level of abstraction Steven P. Miller, Michael W. Whalen, and Darren D. Cofer. Software Model Checking Takes Off. Communications of the ACM, February, 2010.
http://www.umsec.umn.edu 8 And other stuff… Test metrics and oracles [ICSE 2008, ICSE 2011, FASE 2012] Semantics and analysis of Statecharts [ISSTA 11, NFM 2012] DSL and Analysis for Guard Languages [TACAS 2012] Invariant generation techniques for K-Induction model checkers [NFM 2012] Requirements-based testing [ICFEM 2008, ISSTA 2006]