Components - Crossing the Boundaries while Analyzing Heterogeneous Component-Based Software Systems

Crossing the Boundaries while Analyzing Heterogeneous Component-Based

Software Systems

Amir Reza Yazdanshenas Leon Moonen

2011/09/28 ICSM 2011

Safety Monitoring and Control System

2

logic

Sensor

Sensor

Sensor

Actuator

Actuator

Actuator

Input Output


3

logic Input Output


4

Start with clear design & documents

Similar to digital circuit design components!

More costumers: new requirements

• Inhibit • Override • Suppress • Acknowledge

More costumers: scalability

Workaround: • Cascading modules • Voting modules

Input1 Input2 Input3 Input4 Input5 Input6 Input7

Output1 Output2 Output3 Output4 Output5 Output6 Output7

Output8 Output9

A A

A

D D D D D

D D D D D D D D

Input1 Output1 A A

CascIn CascOut

A A

CascIn CascOut

Case Description

5

Case Description…

6

More costumers: reusing decisions

Case Description…

7

  Potentially unlimited number of configurations –  No default/standard configuration of components! –  Separate configuration for each installation

–  (examples omitted due to NDA)

Problem Statement

logic

Input Output

8

Comp. 1

Comp. 2

Comp. 3

Comp. n

Problem Statement

logic

Input Output

For certification purposes, can we provide source based evidence?

9

Do sensor signals reach the correct output actuators?

Tracking Information Flow

“find source based evidence that signals from sensors trigger the correct

actuators”

⇔  is there information flow from the desired sensors to the selected actuator?

⇔  are the desired sensors (input ports) part of the backward program slice

for the selected actuator (output port)?

10

Heterogeneous Systems

  Deployed system is not just set of components –  actual behavior depends on composition &

configuration –  literature focuses on analysis of homogeneous

systems

⚡ Existing slicing tools are language specific ⚡ no support for “external” artifacts

11

Challenge #1:

void main() { int sum, I; while ( i<11 ){ sum = add(sum) i = add(i, 1);

…

output.c


…

voter.c


…

input.c


…

sensor.c ✓

✗

✗

✗ Model-driven Information Flow Analysis to Support Software Certification - NECSIS Seminar at Queen's (2011/06/27) 12 © 2011 Leon Moonen

13

Shared Memory Communication

1

2

i

2 3 j

3

causeinput A output B

output D

output C

effect

effect

cause & effect matrix

main

effectinput B cause

Challenge #2:

14

sensor#1

sensor#2

sensor#N

output#4

input#1

input#2 output#3

output#2

output#1

Challenge #2:

15

sensor#1

sensor#2

sensor#N

output#4

input#1

input#2 output#3

output#2

output#1

Our solution: Build a Homogeneous Model of the System

16

17

KDM: Flexible and Extensible

18

SDG: ICDG + CDGs

Conclusion

19


…

output.C


…

voter.C


…

input.C


…

sensor.C

Conclusion

20

sensor#1

sensor#2

sensor#N

output#4

input#1

input#2

voter#3

voter#2

voter#1

output#3

output#2

output#1

Conclusion

21

sensor#1

sensor#2

sensor#N

output#4

input#1

input#2

voter#3

voter#2

voter#1

output#3

output#2

output#1

✓ ✓

✓

✓

✓✓

✓

✓

✓

✓

✓

✓

✓

✓

✓

✓

✓

✓

✓

✓

✓ ✓

✓

Precision & Scalability Tests

22

  Identical results with CodeSurfer on an example program

  Kongsberg code base:

Precision & Scalability Tests

23

  Identical results with CodeSurfer on an example program

  Kongsberg code base:

Limitations   Bit manipulation: no precise information flow –  granularity limitation in Codesurfer implementation

  Implemented for C with proprietary composition –  experiment with other languages, e.g. Java and other

composition languages/frameworks

24

  Abstraction and visualization –  improve comprehensibility of results –  present the result in multiple abstraction layers –  separate Intra- and Inter- component information

flows

Future Work

Thank you!

Comments/Questions?

25

Technology

Components - Crossing the Boundaries while Analyzing Heterogeneous Component-Based Software Systems