Building Reliable Software Requirements and Methods.

Slides:

Advertisements

Similar presentations

Formal Methods and Testing Goal: software reliability Use software engineering methodologies to develop the code. Use formal methods during code development.

Advertisements

Verification and Validation

Delta Debugging and Model Checkers for fault localization

An Evaluation of MC/DC Coverage for Pair-wise Test Cases By David Anderson Software Testing Research Group (STRG)

CSC 300, Winter Assignments Week 5 Work on your paper / presentation topic –papers are due 20 February (Tuesday) for both sections! Reading: Baase.

Annoucements  Next labs 9 and 10 are paired for everyone. So don’t miss the lab.  There is a review session for the quiz on Monday, November 4, at 8:00.

LIFE CYCLE MODELS FORMAL TRANSFORMATION

Programming Languages Marjan Sirjani 2 2. Language Design Issues Design to Run efficiently : early languages Easy to write correctly : new languages.

Data Abstraction II SWE 619 Software Construction Last Modified, Spring 2009 Paul Ammann.

©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 24 Slide 1 Critical Systems Validation 2.

Software Failure: Reasons Incorrect, missing, impossible requirements * Requirement validation. Incorrect specification * Specification verification. Faulty.

1 Semantic Description of Programming languages. 2 Static versus Dynamic Semantics n Static Semantics represents legal forms of programs that cannot be.

1 Static Testing: defect prevention SIM objectives Able to list various type of structured group examinations (manual checking) Able to statically.

Lecture 9 Recursive and r.e. language classes

1 Module 9 Recursive and r.e. language classes –representing solvable and half-solvable problems Proofs of closure properties –for the set of recursive.

Software Reliability Methods Sorin Lerner. Software reliability methods: issues What are the issues?

OOP #10: Correctness Fritz Henglein. Wrap-up: Types A type is a collection of objects with common behavior (operations and properties). (Abstract) types.

Developing Dependable Systems CIS 376 Bruce R. Maxim UM-Dearborn.

Semantics with Applications Mooly Sagiv Schrirber html:// Textbooks:Winskel The.

CSC 402, Fall Requirements Analysis for Special Properties Systems Engineering (def?) –why? increasing complexity –ICBM’s (then TMI, Therac, Challenger...)

Testing Components in the Context of a System CMSC 737 Fall 2006 Sharath Srinivas.

Describing Syntax and Semantics

EE694v-Verification-Lect5-1- Lecture 5 - Verification Tools Automation improves the efficiency and reliability of the verification process Some tools,

A Pragmatic View of Formal Methods The Hi-Lite Project Robert B K Dewar SSS ‘11 President & CEO, AdaCore Emeritus Professor of Computer.

Software Reliability Categorising and specifying the reliability of software systems.

CSCI 5801: Software Engineering

Formal Methods 1. Software Engineering and Formal Methods  Every software engineering methodology is based on a recommended development process  proceeding.

©Ian Sommerville 2000Software Engineering, 6th edition. Chapter 19Slide 1 Verification and Validation l Assuring that a software system meets a user's.

Software Construction. Implementation System Specification Requirements Analysis Architectural Design Detailed Design Coding & Debugging Unit Testing.

Verification and Validation Yonsei University 2 nd Semester, 2014 Sanghyun Park.

Standards. What is a standard? What are the benefits of using a standard? What are the costs? Do the costs exceed the benefits?

©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 22 Slide 1 Verification and Validation.

Balancing Practices: Inspections, Testing, and Others JAXA scenario (formal method) Masa Katahira Japanese Space Agency.

CS 501: Software Engineering Fall 1999 Lecture 16 Verification and Validation.

Safety-Critical Systems 6 Safety and Quality Management and Certification T

Path Testing + Coverage Chapter 9 Assigned reading from Binder.

Ranga Rodrigo. The purpose of software engineering is to find ways of building quality software.

Overview of Formal Methods. Topics Introduction and terminology FM and Software Engineering Applications of FM Propositional and Predicate Logic Program.

1 CS 501 Spring 2002 CS 501: Software Engineering Lecture 23 Reliability III.

WSMX Execution Semantics Executable Software Specification Eyal Oren DERI

ISBN Chapter 3 Describing Semantics -Attribute Grammars -Dynamic Semantics.

CS 350, slide set 5 M. Overstreet Old Dominion University Spring 2005.

© Andrew IrelandDependable Systems Group On the Scalability of Proof Carrying Code for Software Certification Andrew Ireland School of Mathematical & Computer.

Safety-Critical Systems 5 Testing and V&V T

McGraw-Hill/Irwin © 2006 The McGraw-Hill Companies, Inc., All Rights Reserved. 1.

Quality Assurance.

A Review of Software Testing - P David Coward Reprinted: Information and Software Technology; Vol. 30, No. 3 April 1988 Software Engineering: The Development.

What is Testing? Testing is the process of finding errors in the system implementation. –The intent of testing is to find problems with the system.

Chapter 3 Part II Describing Syntax and Semantics.

Formal Methods.

Verification & Validation By: Amir Masoud Gharehbaghi

CSCI1600: Embedded and Real Time Software Lecture 28: Verification I Steven Reiss, Fall 2015.

Version 02U-1 Computer Security: Art and Science1 Correctness by Construction: Developing a Commercial Secure System by Anthony Hall Roderick Chapman.

SAFEWARE System Safety and Computers Chap18:Verification of Safety Author : Nancy G. Leveson University of Washington 1995 by Addison-Wesley Publishing.

CIS 540 Principles of Embedded Computation Spring Instructor: Rajeev Alur

© Andrew IrelandGrand Challenges for Computing Research 2004 The Verifying Compiler Andrew Ireland Dependable Systems Group School of Mathematical & Computer.

Testing Overview Software Reliability Techniques Testing Concepts CEN 4010 Class 24 – 11/17.

Software Testing. SE, Testing, Hans van Vliet, © Nasty question  Suppose you are being asked to lead the team to test the software that controls.

Testing. Aspects of Quality Software Flexibility Extensibility Correctness Robustness Reliability Safety Usability.

A Review of Software Testing - P. David Coward

CSC 480 Software Engineering

Graph Coverage for Specifications CS 4501 / 6501 Software Testing

BASICS OF SOFTWARE TESTING Chapter 1. Topics to be covered 1. Humans and errors, 2. Testing and Debugging, 3. Software Quality- Correctness Reliability.

Lecture Software Process Definition and Management Chapter 3: Descriptive Process Models Dr. Jürgen Münch Fall

QGen and TQL-1 Qualification

Verification and Validation Unit Testing

QGen and TQL Qualification

Graph Coverage for Specifications CS 4501 / 6501 Software Testing

CRISP Process Stephen Wyrick.

Presentation transcript:

Building Reliable Software Requirements and Methods

Reliability Reliability means that the level and frequency of failure is acceptable We are not requiring no failures at all Merely an acceptable level Failure is measured pragmatically

Correctness Software is correct if its behavior is correct Correctness of behavior has to be defined The definition is called a specification So correctness is a matter of the implementation matching the specification And is typically interpreted formally

Correctness and Reliability Correct but unreliable –Can result from an incorrect specification Reliable but incorrect –Can result from a program that does not exactly meet its specification, but which works well enough. Reliability is really what we are after –Correctness is a means to this end

Requirements for Reliability If a failure has high cost, then reliability becomes important. How important depends on the cost Most software is typically not very reliable

Safety Critical Software Software is said to be safety critical if a failure can cause loss of life or severe injury –Nuclear power plant control –Breaking systems in cars –Avionics (military and commercial) –Train signal systems –Dam control systems –etc

SC Software – An example The Boeing 777 –Fully computerized control –All avionics programmed in Ada –All safety critical –No flight problems ever encountered Except in entertainment system Which is in C++ and not safety critical

How do We approach Reliability Use reliable tools Program carefully Test thoroughly Is that good enough? –Would you fly on an airplane if that was the best we could say about our approach?

Safety Critical Programming We can’t depend on people being careful –Control the tools that are used –Control the process that is used –Develop formal specifications –Use formal design techniques –Use formal techniques for proving correctness –Do systematic testing –Measure how we are doing quantitatively

Control Tools We need simple programming languages Avoid “dangerous” constructs –Dynamic storage allocation –Non-determinacy –Recursion Typically very simple subsets are used –SPARK (

More on Tools Languages with strenuous compile time checking are more desirable Redundancy is desirable –Say what you want multiple times and check consistency of usage Ease of writing is irrelevant compared to ease of analysis and writing

More on SPARK SPARK is a very simple subset of Ada –No allocators, tasks, generics, exceptions etc But adds static assertions –What variables are accessed and modified –What routines call one another etc All assertions are verified at compile time

More on Processes Organized configuration control Procedural standards (ISO 9000) Use of metrics Strict coding practices Formal code reviews Clean room techniques

More on Formal Methods A program is a mathematical object We can reason about programs using standard mathematical techniques Proving properties of programs –Proof of correctness –More limited proofs Careful examination always helps –Formalizing this examination helps more!

More on Specification A formal specification is one about which we can reason mathematically And for which correctness is a mathematical property Specification languages –Very high level, not necessarily compilable But how do we know the spec is correct?

Formal Testing Coverage testing –Every source line executed at least once Decision testing –Every decision path tested Flow testing –Every definition use chain tested

Def-Use testing Program fragment A := 1; … A := 2; … B := A; … C := A; Suppose both definitions reach both references Then tests must cover all four paths

The Basic Idea Behind Testing We trust software much more if it has executed once than if it has never executed So let’s set up testing so that as much as possible has been executed at least one Testing does not guarantee reliability But it helps

Source/Object Traceability Reasoning at the source level is useful But it is not good enough Why? Because we can’t trust compilers So we need to reason and test at the object (generated machine code) level We need to trace source-to-object easily Optimization is a problem!

Safety Critical Standards DO-178B (also ED-12B) –A safety critical standard used for both military and commercial avionics in the US and Europe –Requires full documentation of process –Forbids certain constructs –Requires certain aspects (e.g. traceability) –Requires formal testing –Does not rely on any one aspect

Other Guidelines The ISO HRG of WG 9 –Prepares guidelines –HRG report catalogs safety critical techniques

Is this relevant only for SC Safety Critical programs MUST be reliable But reliability is generally desirable Reliability is expensive We need a tradeoff But we need to know the techniques to make the tradeoff accurately So the answer is “not at all”