Presentation is loading. Please wait.

Presentation is loading. Please wait.

10 th January 2007 www.QinetiQ.com QinetiQ in confidence © Copyright QinetiQ 1.

Published by Modified over 8 years ago

Similar presentations

Presentation on theme: "10 th January 2007 www.QinetiQ.com QinetiQ in confidence © Copyright QinetiQ 1."— Presentation transcript:

1 10 th January 2007 www.QinetiQ.com QinetiQ in confidence © Copyright QinetiQ 1

2 www.QinetiQ.com 27 th November 2007 EVOCS work relevant to MOSAIC Colin O’Halloran A presentation to: University of York

3 10 th January 2007 www.QinetiQ.com QinetiQ in confidence © Copyright QinetiQ 3 Contents slide 01 WP4.1.1 Background 02 WP 4.1.1 Extension of CLawZ Simulink Subset 03 WP 4.1.1 Development of Veriflow Subset 04 WP4.1.2 Background 05 WP4.1.2 Formalised C Subset and Analysis Tools 06 WP 4.1.3 Robustness Analysis 07 WP 4.2.1 Background 08 WP 4.2.1 Extension of the QinetiQ Dependability Library to automotive applications

4 10 th January 2007 www.QinetiQ.com QinetiQ in confidence © Copyright QinetiQ 4 WP4.1 Automated and Formal Model Based Design WP 4.1.1 –Background Previous work has focussed on safety critical code for flight control laws and the Ada programming language. The tools therefore need to be adapted to cope with the needs of the automotive sector which means the adoption of the C programming language as well as extending the subsets of the modelling tools as they currently stand. The focus of this work is on individual, high dependability, complex systems which will then form part of a System of Systems.

5 10 th January 2007 www.QinetiQ.com QinetiQ in confidence © Copyright QinetiQ 5 WP4.1 Automated and Formal Model Based Design WP 4.1.1 Extension of CLawZ Simulink Subset –The CLawZ Simulink subset has been supplied to partners for evaluation –An sample of Simulink models have been assessed by QinetiQ Continuous blocks, such as versions“Clock”, “Integrator” and “Memory”, must be replaced by discrete versions for autocoding and verification. Certain blocks are purely for modelling purposes and are irrelevant to autocoding an implementation, e.g. “From Workspace”, “To Workspace” and the CAN blockset. MATLAB interfaces are problematic because they allow implementation programs to be smuggled in rather than models for autocode. S-Functions explicitly allow implementations to be smuggled in. A recently developed Z producer supports extensions to the Simulink subset, the intention is to support data type conversions, “From” and “Goto” blocks, but undisciplined use of “Goto” and “From” leads to maintenance cost issues.

6 10 th January 2007 www.QinetiQ.com QinetiQ in confidence © Copyright QinetiQ 6 WP4.1 Automated and Formal Model Based Design WP 4.1.1 Development of Veriflow Subset –Extended tool to automatically generate Z specification from a Stateflow model in order to accommodate large models and automotive style –Some validation with “Improved Hood Controller” model supplied by Jaguar-Land Rover. –Revealed an inefficiency in the tool that is being investigated –Tool also generated Ada code to trial approach verification approach using Aerospace toolset –Verification from an aerospace domain model to Ada code conducted successfully with measurements for time taken. –First order measurements indicate that time and cost is equivalent to that taken for the development of safety critical code.

7 10 th January 2007 www.QinetiQ.com QinetiQ in confidence © Copyright QinetiQ 7 WP4.1 Automated and Formal Model Based Design WP 4.1.2 –Background In order to undertake analysis of the code, a relevant subset of the C programming language will need to be formalised in Z. This subset will be based upon the MISRA guidelines, but will be focussed on semantic as well as syntactic correctness. The breadth of the C subset will provide constraints on the eventual uses, but will ensure that the code is amenable to analysis through the use of automated proof.

8 10 th January 2007 www.QinetiQ.com QinetiQ in confidence © Copyright QinetiQ 8 WP4.1 Automated and Formal Model Based Design WP 4.1.2 Formalised C Subset and Analysis Tools –MISRA compliant subset language called C ♭ has been defined –A formal semantics in Z for C ♭ statements (this includes assignment) has been defined except for function calls (deferred but straightforward) A formal semantics in Z for most C ♭ expressions has been defined, some binary expressions and “sizeof” expressions to be done (function calls deferred but straightforward) –A prototype verification tool based on the formal semantics has been developed and forms part of a validation of the formal semantics.

9 10 th January 2007 www.QinetiQ.com QinetiQ in confidence © Copyright QinetiQ 9 WP4.1 Automated and Formal Model Based Design WP 4.1.3 –Background Although code can be correct with respect to the design, it is often not apparent at the design stage that the design decisions have implications for the code. These decisions relate to the context of use of the system. In particular, there are 2 main areas of concern: the environment and the processor. This WP will carry out robustness analysis in the context of system and platform though the use of automatic static analysis techniques.

10 10 th January 2007 www.QinetiQ.com QinetiQ in confidence © Copyright QinetiQ 10 Malporte 2.0 status WP 4.1.3 Robustness Analysis –Objectives have remained unchanged Evolution Soundness Speed Accuracy –Introduction of generics into C# to re-implement and simplify Malporte 2.0 architecture.

11 10 th January 2007 www.QinetiQ.com QinetiQ in confidence © Copyright QinetiQ 11 Malporte 2.0 status

12 10 th January 2007 www.QinetiQ.com QinetiQ in confidence © Copyright QinetiQ 12 Malporte 2.0 status Malporte 2.0 architecture reflects Architecture Neutral Distribution Format (ANDF) Open Software Foundation standard and contains a formal model of memory and access to memory. –This underpins soundness and supports evolution. –Allows incremental development Architecture separates out concerns of symbolic execution and mathematical predicates that describe values in memory and the conditions of access to memory. There are hundreds of ANDF constructs that are represented by C# methods on classes. Only a fraction of the constructs are used for any specific program and some constructs are seldom used (one construct we have never seen used in practice).

13 10 th January 2007 www.QinetiQ.com QinetiQ in confidence © Copyright QinetiQ 13 Malporte 2.0 status The ongoing work is the implementation of the methods for these constructs. There are certain key constructs that correspond to loops, procedure calls and structures in memory –These take a few weeks to implement and test Most of the rest take hours or minutes to implement, a small minority will take a few days. Progress has been good and QinetiQ are currently analysing an avionics ILS while implementing the methods corresponding to the ANDF constructors used in the C code. Validation against Malporte 1.2 results for an ILS occurred at end of October. By December we aim to validate Malporte 2.0 against signal conditioning code in an avionics DECMU.

14 10 th January 2007 www.QinetiQ.com QinetiQ in confidence © Copyright QinetiQ 14 Malporte 2.0 next steps Incorporate WMG evaluation into Malporte 2.0 incremental development Determine ANDF constructors required for next phase of evaluation Compare with ANDF constructors covered for aerospace domain Determine what extra constructors require implementation, if any, and focus on these for WMG evaluation. In parallel we will be working on simplifying predicate conditions that characterise when software is vulnerable to unpredictable behaviour. –Will support human validation and the next phase of WMG evaluation

15 10 th January 2007 www.QinetiQ.com QinetiQ in confidence © Copyright QinetiQ 15 WP4.2 Dependable Systems of Systems WP 4.2.1 –Background Following the selection of a critical part of an automotive SoS architecture, we will develop the Dependability Library (DL) of building blocks to formally represent the specifications of the individual systems’ interfaces. This will include the communications medium and will involve the use of various formalisms in combination, as the properties of any one particular system cannot be represented by one alone. A key component of this extension is the development of automated specification generation from which it should be possible to provide tailor-able building blocks.

16 10 th January 2007 www.QinetiQ.com QinetiQ in confidence © Copyright QinetiQ 16 WP4.2 Dependable Systems of Systems WP 4.2.1 Extension of the QinetiQ Dependability Library to automotive applications –Development of A/C reasoning for automotive domain Vertical A/C ideas –Workshop on benefits of A/C reasoning for SoS and identification of case studies from JLR A/C reasoning supports separate description and validation of individual systems Enables compositional reasoning (systems by contracts) Suitable for legacy or Off The Shelf systems unlike usual approaches –Information and models on Immobilisation and Infotainment SoSs provided by JLR –Model of immobiliser with library components developed and properties of interest identified with checks –Compilation problem with FDR holding this up at the moment –Scalability o f analysis is the next step

17 www.QinetiQ.com

Download ppt "10 th January 2007 www.QinetiQ.com QinetiQ in confidence © Copyright QinetiQ 1."

Similar presentations

© Copyright QinetiQ limited 2006 Objectives of Coding Standards & MISRA C++ Clive Pygott, Systems Assurance Group, QinetiQ Chris Tapp, Keylevel Consultants.

© Copyright QinetiQ limited 2006 Objectives of Coding Standards & MISRA C++ Clive Pygott, Systems Assurance Group, QinetiQ Chris Tapp, Keylevel Consultants.
Software change management

Software change management
Configuration management

Configuration management
Database Planning, Design, and Administration

Database Planning, Design, and Administration
Verification and Validation

Verification and Validation
©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 4 Slide 1 Software Processes.

©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 4 Slide 1 Software Processes.
What is Software Design?. Systems Development Life- Cycle Planning Analysis Design Implementation Design.

What is Software Design?. Systems Development Life- Cycle Planning Analysis Design Implementation Design.
Chapter 4 Quality Assurance in Context

Chapter 4 Quality Assurance in Context
Chapter 2 – Software Processes

Chapter 2 – Software Processes
Presented by: Thabet Kacem Spring 2010. Outline Contributions Introduction Proposed Approach Related Work Reconception of ADLs XTEAM Tool Chain Discussion.

Presented by: Thabet Kacem Spring Outline Contributions Introduction Proposed Approach Related Work Reconception of ADLs XTEAM Tool Chain Discussion.
Formal Methods in Software Engineering Credit Hours: 3+0 By: Qaisar Javaid Assistant Professor Formal Methods in Software Engineering1.

Formal Methods in Software Engineering Credit Hours: 3+0 By: Qaisar Javaid Assistant Professor Formal Methods in Software Engineering1.
1 Certification Chapter 14, Storey. 2 Topics  What is certification?  Various forms of certification  The process of system certification (the planning.

1 Certification Chapter 14, Storey. 2 Topics  What is certification?  Various forms of certification  The process of system certification (the planning.
©Ian Sommerville 2000Software Engineering, 6th edition. Chapter 19Slide 1 Verification and Validation l Assuring that a software system meets a user's.

©Ian Sommerville 2000Software Engineering, 6th edition. Chapter 19Slide 1 Verification and Validation l Assuring that a software system meets a user's.
©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 23 Slide 1 Software testing.

©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 23 Slide 1 Software testing.
©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 4 Slide 1 Software Process Models.

©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 4 Slide 1 Software Process Models.
Software Requirements

Software Requirements
Establishing the overall structure of a software system

Establishing the overall structure of a software system
The Systems Assurance Group Dr Jaspal Sagoo Systems Assurance Group QinetiQ Trusted Information Management Malvern Technology Centre.

The Systems Assurance Group Dr Jaspal Sagoo Systems Assurance Group QinetiQ Trusted Information Management Malvern Technology Centre.
Software Engineering Tools and Methods Presented by: Mohammad Enamur Rashid(2009-1-96-04) Mohammad Rashim Uddin(2009-1-96-008) Masud Ur Rahman(2009-1-96-009)

Software Engineering Tools and Methods Presented by: Mohammad Enamur Rashid( ) Mohammad Rashim Uddin( ) Masud Ur Rahman( )
Verification and Validation

Verification and Validation

Similar presentations

Ads by Google