124 research outputs found
LusRegTes: A Regression Testing Tool for Lustre Programs
Lustre is a synchronous data-flow declarative language widely used for safety-critical applications (avionics, energy, transport...). In such applications, the testing activity for detecting errors of the system plays a crucial role. During the development and maintenance processes, Lustre programs are often evolving, so regression testing should be performed to detect bugs. In this paper, we present a tool for automatic regression testing of Lustre programs. We have defined an approach to generate test cases in regression testing of Lustre programs. In this approach, a Lustre program is represented by an operator network, then the set of paths is identified and the path activation conditions are symbolically computed for each version. Regression test cases are generated by comparing paths between versions. The approach was implemented in a tool, called LusRegTes, in order to automate the test process for Lustre programs
An approach to translate LUSTRE code to ACL2
In this thesis, we propose an approach to translate LUSTRE code to ACL2 code. The languages are very different and the translation is non-trivial. We have also validated our approach by translating and comparing results for many non-trivial test cases. There is more than one way to perform the translation. Although, the proposed approach has performance inefficiencies - these do not matter because the main reason for the translation is to prove properties of the model. The proving operation does not require execution of the programs. The proposed approach has some key benefits such as it can be verified by execution - and that the resulting ACL2 code structure matches the input LUSTRE code structure. This makes it easier to use the theorem prover to prove properties of the program. This translation work is important in the real-world. For example, it will allow Rockwell Collins to verify the correctness of models developed in Simulink, SCADE and LUSTRE using ACL2. The aforementioned tools are widely used in the aviation industry - in particular by Airbus and Boeing
Automatically Generating Test Cases for Safety-Critical Software via Symbolic Execution
Automated test generation based on symbolic execution can be beneficial for
systematically testing safety-critical software, to facilitate test engineers
to pursue the strict testing requirements mandated by the certification
standards, while controlling at the same time the costs of the testing process.
At the same time, the development of safety-critical software is often
constrained with programming languages or coding conventions that ban
linguistic features which are believed to downgrade the safety of the programs,
e.g., they do not allow dynamic memory allocation and variable-length arrays,
limit the way in which loops are used, forbid recursion, and bound the
complexity of control conditions. As a matter of facts, these linguistic
features are also the main efficiency-blockers for the test generation
approaches based on symbolic execution at the state of the art. This paper
contributes new evidence of the effectiveness of generating test cases with
symbolic execution for a significant class of industrial safety
critical-systems. We specifically focus on Scade, a largely adopted model-based
development language for safety-critical embedded software, and we report on a
case study in which we exploited symbolic execution to automatically generate
test cases for a set of safety-critical programs developed in Scade. To this
end, we introduce a novel test generator that we developed in a recent
industrial project on testing safety-critical railway software written in
Scade, and we report on our experience of using this test generator for testing
a set of Scade programs that belong to the development of an on-board signaling
unit for high-speed rail. The results provide empirically evidence that
symbolic execution is indeed a viable approach for generating high-quality test
suites for the safety-critical programs considered in our case study
Synthesizing Modular Invariants for Synchronous Code
In this paper, we explore different techniques to synthesize modular
invariants for synchronous code encoded as Horn clauses. Modular invariants are
a set of formulas that characterizes the validity of predicates. They are very
useful for different aspects of analysis, synthesis, testing and program
transformation. We describe two techniques to generate modular invariants for
code written in the synchronous dataflow language Lustre. The first technique
directly encodes the synchronous code in a modular fashion. While in the second
technique, we synthesize modular invariants starting from a monolithic
invariant. Both techniques, take advantage of analysis techniques based on
property-directed reachability. We also describe a technique to minimize the
synthesized invariants.Comment: In Proceedings HCVS 2014, arXiv:1412.082
Hard Real-Time and Synchronous Programming with SDL.
This is a report of how the two Telelogic development tools the SCADE Suite, and the SDL Suite can be used together, combining a time-driven language and an event-driven language. Suggestions on how the tools can be integrated are presented. The report also suggests how Telelogic can improve the SDL Suite from a hard real-time aspect. Last part of the report shows how the scheduling algorithm “Earliest Deadline First” can be implemented in the SDL Cmicro kernel, and how the implementation can be improved
04491 Abstracts Collection -- Synchronous Programming - SYNCHRON\u2704
From 28.11.04 to 03.12.04, the Dagstuhl Seminar Perspectives Workshop 04491
``Synchronous Programming - SYNCHRON\u2704\u27\u27 was held in the International Conference and Research Center (IBFI), Schloss Dagstuhl.
During the seminar, several participants presented their current
research, and ongoing work and open problems were discussed. Abstracts of
the presentations given during the seminar as well as abstracts of
seminar results and ideas are put together in this paper. The first section
describes the seminar topics and goals in general.
Links to extended abstracts or full papers are provided, if available
Integrated formal verification of safety-critical software
This work presents a formal verification process based on the Systerel Smart Solver (S3) toolset for the development of safety-critical embedded software. In order to guarantee the correctness of the implementation of a set of textual requirements, the process integrates different verification techniques (inductive proof, bounded model checking, test case generation and equivalence proof) to handle different types of properties at their best capacities. It is aimed at the verification of properties at system, design, and code levels. To handle the floating-point arithmetic (FPA) in both the design and the code, an FPA library is designed and implemented in S3. This work is illustrated on an Automatic Rover Protection (ARP) system implemented on-board a robot. Focus is placed on the verification of safety and functional properties and on the equivalence proof between the design model and the generated code
Reducing V&V Cost of Flight Critical Systems: Myth or Reality?
This paper presents an overview of NASA research program on the V&V of flight critical systems. Five years ago, NASA started an effort to reduce the cost and possibly increase the effectiveness of V&V for flight critical systems. It is the right time to take a look back and realize what progress has been made. This paper describes our overall approach and the tools introduced to address different phases of the software lifecycle. For example, we have improved testing by developing a statistical learning approach tor defining test cases. The tool automatically identifies possible unsafe conditions by analyzing outliers in output data; using an iterative learning process, it can then generate more test cases that represent potentially unsafe regions of operation. At the code level, we have developed and made available as open source a static analyzer for C and C++ programs called IKOS. We have shown that IKOS is very precise in the analysis of embedded C programs (very few false positives) and a bit less for regular C and C++ code. At the design level, in collaboration with our NRA partners, we have developed a suite of analysis tools for Simulink models. The analysis is done in a compositional framework for scalability
- …