Crossing the Boundaries while Analyzing Heterogeneous Component-Based
Software Systems
Amir Reza Yazdanshenas Leon Moonen
2011/09/28 ICSM 2011
logic
Sensor
Sensor
Sensor
Actuator
Actuator
Actuator
Input Output
Safety Monitoring and Control System
3
Start with clear design & documents
Similar to digital circuit design components!
More costumers: new requirements
• Inhibit • Override • Suppress • Acknowledge
More costumers: scalability
Workaround: • Cascading modules • Voting modules
Input1 Input2 Input3 Input4 Input5 Input6 Input7
Output1 Output2 Output3 Output4 Output5 Output6 Output7
Output8 Output9
A A
A
D D D D D
D D D D D D D D
Input1 Output1 A A
CascIn CascOut
A A
CascIn CascOut
Case Description
5
Case Description…
7
Potentially unlimited number of configurations – No default/standard configuration of components! – Separate configuration for each installation
– (examples omitted due to NDA)
Problem Statement
logic
Input Output
For certification purposes, can we provide source based evidence?
9
Do sensor signals reach the correct output actuators?
Tracking Information Flow
“find source based evidence that signals from sensors trigger the correct
actuators”
⇔ is there information flow from the desired sensors to the selected actuator?
⇔ are the desired sensors (input ports) part of the backward program slice
for the selected actuator (output port)?
10
Heterogeneous Systems
Deployed system is not just set of components – actual behavior depends on composition &
configuration – literature focuses on analysis of homogeneous
systems
⚡ Existing slicing tools are language specific ⚡ no support for “external” artifacts
11
Challenge #1:
void main() { int sum, I; while ( i<11 ){ sum = add(sum) i = add(i, 1);
…
output.c
void main() { int sum, I; while ( i<11 ){ sum = add(sum) i = add(i, 1);
…
voter.c
void main() { int sum, I; while ( i<11 ){ sum = add(sum) i = add(i, 1);
…
input.c
void main() { int sum, I; while ( i<11 ){ sum = add(sum) i = add(i, 1);
…
sensor.c ✓
✗
✗
✗ Model-driven Information Flow Analysis to Support Software Certification - NECSIS Seminar at Queen's (2011/06/27) 12 © 2011 Leon Moonen
13
Shared Memory Communication
1
2
i
2 3 j
3
causeinput A output B
output D
output C
effect
effect
cause & effect matrix
main
effectinput B cause
Conclusion
19
void main() { int sum, I; while ( i<11 ){ sum = add(sum) i = add(i, 1);
…
output.C
void main() { int sum, I; while ( i<11 ){ sum = add(sum) i = add(i, 1);
…
voter.C
void main() { int sum, I; while ( i<11 ){ sum = add(sum) i = add(i, 1);
…
input.C
void main() { int sum, I; while ( i<11 ){ sum = add(sum) i = add(i, 1);
…
sensor.C
Conclusion
20
sensor#1
sensor#2
sensor#N
output#4
input#1
input#2
voter#3
voter#2
voter#1
output#3
output#2
output#1
Conclusion
21
sensor#1
sensor#2
sensor#N
output#4
input#1
input#2
voter#3
voter#2
voter#1
output#3
output#2
output#1
✓ ✓
✓
✓
✓✓
✓
✓
✓
✓
✓
✓
✓
✓
✓
✓
✓
✓
✓
✓
✓ ✓
✓
Precision & Scalability Tests
22
Identical results with CodeSurfer on an example program
Kongsberg code base:
Precision & Scalability Tests
23
Identical results with CodeSurfer on an example program
Kongsberg code base:
Limitations Bit manipulation: no precise information flow – granularity limitation in Codesurfer implementation
Implemented for C with proprietary composition – experiment with other languages, e.g. Java and other
composition languages/frameworks
24
Abstraction and visualization – improve comprehensibility of results – present the result in multiple abstraction layers – separate Intra- and Inter- component information
flows
Future Work
Top Related