32,687 research outputs found
Managers Handbook for Software Development
Methods and aids for the management of software development projects are presented. The recommendations are based on analyses and experiences with flight dynamics software development. The management aspects of organizing the project, producing a development plan, estimation costs, scheduling, staffing, preparing deliverable documents, using management tools, monitoring the project, conducting reviews, auditing, testing, and certifying are described
Using ACL2 to Verify Loop Pipelining in Behavioral Synthesis
Behavioral synthesis involves compiling an Electronic System-Level (ESL)
design into its Register-Transfer Level (RTL) implementation. Loop pipelining
is one of the most critical and complex transformations employed in behavioral
synthesis. Certifying the loop pipelining algorithm is challenging because
there is a huge semantic gap between the input sequential design and the output
pipelined implementation making it infeasible to verify their equivalence with
automated sequential equivalence checking techniques. We discuss our ongoing
effort using ACL2 to certify loop pipelining transformation. The completion of
the proof is work in progress. However, some of the insights developed so far
may already be of value to the ACL2 community. In particular, we discuss the
key invariant we formalized, which is very different from that used in most
pipeline proofs. We discuss the needs for this invariant, its formalization in
ACL2, and our envisioned proof using the invariant. We also discuss some
trade-offs, challenges, and insights developed in course of the project.Comment: In Proceedings ACL2 2014, arXiv:1406.123
Sawja: Static Analysis Workshop for Java
Static analysis is a powerful technique for automatic verification of
programs but raises major engineering challenges when developing a full-fledged
analyzer for a realistic language such as Java. This paper describes the Sawja
library: a static analysis framework fully compliant with Java 6 which provides
OCaml modules for efficiently manipulating Java bytecode programs. We present
the main features of the library, including (i) efficient functional
data-structures for representing program with implicit sharing and lazy
parsing, (ii) an intermediate stack-less representation, and (iii) fast
computation and manipulation of complete programs
Functional Requirements-Based Automated Testing for Avionics
We propose and demonstrate a method for the reduction of testing effort in
safety-critical software development using DO-178 guidance. We achieve this
through the application of Bounded Model Checking (BMC) to formal low-level
requirements, in order to generate tests automatically that are good enough to
replace existing labor-intensive test writing procedures while maintaining
independence from implementation artefacts. Given that existing manual
processes are often empirical and subjective, we begin by formally defining a
metric, which extends recognized best practice from code coverage analysis
strategies to generate tests that adequately cover the requirements. We then
formulate the automated test generation procedure and apply its prototype in
case studies with industrial partners. In review, the method developed here is
demonstrated to significantly reduce the human effort for the qualification of
software products under DO-178 guidance
Code analysis: past and present
The integration of Software components within complex industrial applications with severe security standards, requires strict quality assessment of each integrated component. That is, requires a guarantee that each component is compliant with the software development good practices and all the standards in use. If full certification is easy to obtain for proprietary modules, it is particularly hard to achieve when dealing with Open-Source Software pieces, demanding for rigorous methods and techniques to implement their certification process.
In this context, code analysis plays an important role as the basis for the automatization of quality assessment of open source software projects – code analysis provides the techniques and tools to implement the necessary validation process. Although source code is still the most explored (the main support for analysis), nowadays this assessment process should be able to deal with code at different compilation levels.
Due to its relevance for the open source software certification task, this paper reviews code analysis area (stages of the analyzing process, traditional approaches, and future trends), aiming at identifying what is available, and what deserves further research.Fundação para a Ciência e a Tecnologia (FCT
Experience in using a typed functional language for the development of a security application
In this paper we present our experience in developing a security application
using a typed functional language. We describe how the formal grounding of its
semantic and compiler have allowed for a trustworthy development and have
facilitated the fulfillment of the security specification.Comment: In Proceedings F-IDE 2014, arXiv:1404.578
Secure mobile code and control flow analysis
The interaction between software systems by means of mobile code is a powerful and truly effective method, particularly useful for installing and executing code dynamically. However, for this mechanism to be applicable safely, especially in industrial or critical applications, techniques that guarantee foreign code execution safety for the consumer or host will be necessary. Of course, tool support for automating, at least partially, the application of these techniques is essential. The importance of guarantee code execution safety originates numerous active research lines, among which Proof-Carrying Code (PCC) is one of the most successful. One of the problems to overcome for the PCC industrial use is to obtain lineal methods of safeness certification and verification.
A framework for the generation and execution of safe mobile code based on PCC together with techniques for static analysis of control and data-flow, called PCC-SA, was developed later by the authors.
The results of the group that allowed proving the hypothesis that the PCC-SA complexity in practice is lineal respect to the input programs length, as for certification as for verification processes are also presented. To achieve this, a C-program family, whose elements are referred to as lineally annotative, is defined. Parameters statically measured over their source code determine whether a program belongs to this family or not. Different properties of this family are demonstrated in this work, which allows formally showing that for all the programs of this family, the PCC-SA presents a lineal behavior. The parameters required for a large sample of programs keeping of standard packages, are calculated. This calculation finally determines that all the programs of the sample are lineally annotative, which validates the hypothesis previously stated.Red de Universidades con Carreras en Informática (RedUNCI
- …