View
8
Download
0
Category
Preview:
Citation preview
1© 2013 The MathWorks, Inc.
Utilisation desMéthodes FormellesSur le code et sur les modèles
Patrick MunierCo-fondateur de PolySpace TechnologiesPolyspace Development Manager, MathWorksPatrick.Munier@mathworks.fr
Forum Méthodes FormellesJune 28th 2013, Toulouse
2
Formal Methods at MathWorks
Provide tools for Model and Code verification– For “pure” Model (does it really exist?)– For “pure” hand-code– For mixed generated and hand-code
Provide tools for early and late verification– Used by Design Engineers (1)– Used by Developers (2)– Used by Quality Engineers (3)
Cover from Bug Finding to Proving absence of bugs
3
Complementarity betweenModel and Code Verification
Control Algorithm,Fault Detection,
Supervisory Logic
Model
MATLAB Need for Model Verification
Stateflow
Simulink
4
Complementarity betweenModel and Code Verification
ECU
RTOS, Fault Logging,Service Tool
Interface
Control Algorithm,Fault Detection,
Supervisory Logic
Utility (I/O Driver,
Lookup Table, etc.)
C
Model
C
Integrated Code
Hand-code(S-Function)
Need for Code Verification
5
Internal representation
orC/C++ codegeneration
MathWorks V&V Technologies
Model/CodingRules Checking
SymbolicExecution
CompilationTechnics Proving absence of
runtime errors
SAT Solver
AbstractInterpretation
Engine
Provingproperties
BugsFinding
C/C++Hand-code
MATLAB
Stateflow
Simulink
C, C++, …
6
MathWorks V&V Technologies
Model/CodingRules Checking
MATLAB
Proving absence of runtime errors
Provingproperties
BugsFinding
Model V&V tools
Simulink Design Verifier
Code V&V tools
Polyspace
Stateflow
Simulink
C, C++, …
7
Model VerificationSimulink Design Verifier
Simulink and Stateflow models, atomic subsystems, and subcharts
Model harness with test cases
Models or subsystems augmented with design properties
Detailed report and violations
Property proving
Model with highlighted violations
8
“Verify as early as possible” Target System
Verifycompliancetostandards(e.g.,MISRA,JSF++)
Findbugs
Proveabsenceofruntimeerrors
Verifyproperties
Use of FormalMethods
Code VerificationPolyspace
9
Challenges of Formal Method based tools?
Easy to use (automatic, non-intrusive)– Tools are easy to launch by Design Engineers,
Developers and Quality Engineers Take into account all dialects, compilers, flavors of Visual Studio, VxWorks, …
– Results are easy to understand
– Results are relevant (False Positive / False Negatives)
– Review of results is easy and powerful
High quality– Validation of Formal-Method-based tools is challenging
– There are needs for certification
10
Code VerificationEasy understanding of results
Proven
11
Easy Launching and ReviewExample: Eclipse plugin*
Launch Polyspace
from Eclipse
Review
results in Eclipse
* Also integrated in Simulink, and
available as a separate GUI
12
Easy and powerful review of results
List of Files
List of checks
Check’s detailReview/Justify means
Source code
Data Dictionary
Call Tree
13
Generated CodeLink results back to Simulink Models
14
Intervals Congruences Polyhedra Aliases Trace partitioning Multi-linear
Relevance of results – More about Precision
15
Maths, even good maths, are not enough … Provide information about environment
– Range of Data (e.g., Calibration data in asap2 format)– Automatic stubs of unknown functions– Multi-tasking information (i.e., Critical sections)
Fix/comment/justify the orange– And generate customizable reports
Follow a predefined Software Quality Objective (“SQO”)
Powertrain Diesel
16
Polyspace Validation
+38 000 tests (all languages mixed)– C language: +30 millions of LOC
Hundreds of customer’s code– “Pathological” codes,
non favorable to Polyspace
Polyspace on Polyspace codeMathWorks
Measure of oranges Measure of analysis time
Certification kit for ISO 26262Qualification kit for DO178B/C
17
Conclusion
Formal Methods are used successfully in MathWorks products
They are used for Model and Code verification
MathWorks picked up the challengeof making them easy to use and robust
18
Thank you
Recommended