Tech Days 2015: Certification and Qualification
Transcript of Tech Days 2015: Certification and Qualification
![Page 1: Tech Days 2015: Certification and Qualification](https://reader036.fdocuments.net/reader036/viewer/2022081520/588943d11a28abde5a8b4ed1/html5/thumbnails/1.jpg)
Certification & Qualification
Quentin OchemNovember 4th 2015
![Page 2: Tech Days 2015: Certification and Qualification](https://reader036.fdocuments.net/reader036/viewer/2022081520/588943d11a28abde5a8b4ed1/html5/thumbnails/2.jpg)
DO-178C
EN 50128:2011
![Page 3: Tech Days 2015: Certification and Qualification](https://reader036.fdocuments.net/reader036/viewer/2022081520/588943d11a28abde5a8b4ed1/html5/thumbnails/3.jpg)
Overall Picture
ArchitectureCertifiable LibrariesCertifiable PlatformsObject Oriented Techniques
VerificationTesting toolsStructural code coverageFormal proofStatic Analysis
Development EnvironmentSustained Branches
DesignFormal SpecificationModel to Code Generation
![Page 4: Tech Days 2015: Certification and Qualification](https://reader036.fdocuments.net/reader036/viewer/2022081520/588943d11a28abde5a8b4ed1/html5/thumbnails/4.jpg)
[Architecture] Libraries and Platforms
PowerPC / ARM / Leon / AVR…
Bare Board VxWorks 653 / Cert / 7Lynx178PikeOS
AdaC
Zero FootprintCert Profile
Ravenscar profileEN 50128SIL 3/4
DO-178Level A
EN 50128
T3
![Page 5: Tech Days 2015: Certification and Qualification](https://reader036.fdocuments.net/reader036/viewer/2022081520/588943d11a28abde5a8b4ed1/html5/thumbnails/5.jpg)
[Architecture] Object Orientation
?type A380 is new Plane …
procedure Open_Doors(My_Plane : Plane)with Pre => My_Plane.On_Ground and My_Plane.Speed = 0.0, Post => My_Plane.Doors_Opened and My_Plane.Pressurization_Off;
type Plane is abstract …
procedure Open_Doors (My_Plane : Plane)with Pre => My_Plane.On_Ground, Post => My_Plane.Doors_Opened;
type Glider is new Plane …
procedure Open_Doors(My_Plane : Plane)with Pre => null, Post => My_Plane.Doors_Unlocked;
procedure Operate(My_Plane : Plane’Class)isbegin if My_Plane.On_Ground then My_Plane.Open_Doors; My_Plane.Move_Passengers_Out; end if;
DO-332OO.6.7
![Page 6: Tech Days 2015: Certification and Qualification](https://reader036.fdocuments.net/reader036/viewer/2022081520/588943d11a28abde5a8b4ed1/html5/thumbnails/6.jpg)
[Design] Model to Code Generation
QGen Code Generation(Ada or C)
EN 50128SIL3/4
Automatic Translation ofModel Tests to Code Test
DO-178CTQL-1
Simulink®StateFlow®
…
Credit sought on code reviewCredit sought on code test & coverage
(in progress)
(in progress)
![Page 7: Tech Days 2015: Certification and Qualification](https://reader036.fdocuments.net/reader036/viewer/2022081520/588943d11a28abde5a8b4ed1/html5/thumbnails/7.jpg)
[Design] Formal Specification
Low Level Requirements
Software ComponentDesign Specification
DO-178C EN-50128
type A380 is new Plane …
procedure Open_Doors(My_Plane : Plane)
with Pre => My_Plane.On_Ground and My_Plane.Speed = 0.0,
Post => My_Plane.Doors_Opened and My_Plane.Pressurization_Off;
DO-333FM.6.3.2
EN 50128D.28
![Page 8: Tech Days 2015: Certification and Qualification](https://reader036.fdocuments.net/reader036/viewer/2022081520/588943d11a28abde5a8b4ed1/html5/thumbnails/8.jpg)
[Development] Sustained Branches
2012 2013 20147.0
7.0.1
7.0.2
7.0.3
7.0.4
7.2.3
7.1.2 7.2.2
7.1.1 7.2.1
7.1 7.2
Critical Fixes
Critical Fixes
Critical Fixes
EN 50128
6.7.4.11DO-1784.4.2.f
![Page 9: Tech Days 2015: Certification and Qualification](https://reader036.fdocuments.net/reader036/viewer/2022081520/588943d11a28abde5a8b4ed1/html5/thumbnails/9.jpg)
[Verification] Testing Tools
Test Skeleton
Test
Subprogram under Test
Actual Code
Stub
StubSkeleton
calls
callscalls
GNATtest will generate Test and Stub Skeletons for Units / SubprogramsThe developer writes tests and subs in Ada
EN 50128
7.5DO-1786.4.3.c
![Page 10: Tech Days 2015: Certification and Qualification](https://reader036.fdocuments.net/reader036/viewer/2022081520/588943d11a28abde5a8b4ed1/html5/thumbnails/10.jpg)
[Verification] Structural Code Coverage
HOST
TARGET
PureFunctional Test
GNATemulator / Valgrind / dynamiRIO
CoverageData
Executable
Coverage Information
PureFunctional Test
Lauterbarch /iSystems
SourcesAda 83 / 95 / 05 / 2012
C 99
StatementDecisionMC/DC
DO-178TQL-5
EN 50128
T2
(no instrumentation)
Source to Object Traceability Study
DO-1786.4.4.2.
b
![Page 11: Tech Days 2015: Certification and Qualification](https://reader036.fdocuments.net/reader036/viewer/2022081520/588943d11a28abde5a8b4ed1/html5/thumbnails/11.jpg)
[Verification] Static Analysis
GNATcheck
Coding standard
check
Metrics check
Ada feature usage check
CodePeer
Out of range checks
Overflow checks
Uninitialized variables
check
GNATstack
Worst case stack consumpti
onDO-178TQL-5
EN 50128
T2
![Page 12: Tech Days 2015: Certification and Qualification](https://reader036.fdocuments.net/reader036/viewer/2022081520/588943d11a28abde5a8b4ed1/html5/thumbnails/12.jpg)
[Verification] Formal Proof
Low Level Requirements
Software ComponentDesign Specification
DO-178C EN-50128type A380 is new Plane …
procedure Open_Doors(My_Plane : Plane)
with Pre => My_Plane.On_Ground and My_Plane.Speed = 0.0,
Post => My_Plane.Doors_Opened and My_Plane.Pressurization_Off;
Low Level Test Source Code Verification
type A380 is new Plane …
procedure Open_Doors(My_Plane : Plane) isbegin -- codeend Open_Doors;
Formal proof Formal proof
SPARK will formally verify implementation of subprogram according to the specified contractSPARK will (also) formally verify absence of run-time errors and data flow
DO-333FM.6.3.2
EN 50128D.28
![Page 13: Tech Days 2015: Certification and Qualification](https://reader036.fdocuments.net/reader036/viewer/2022081520/588943d11a28abde5a8b4ed1/html5/thumbnails/13.jpg)
Conclusion
ArchitectureCertifiable LibrariesCertifiable PlatformsObject Oriented Techniques
VerificationTesting toolsStructural code coverageFormal proofStatic Analysis
Development EnvironmentSustained Branches
DesignFormal SpecificationModel to Code Generation
Bare Board
VxWorks
Math LibraryRavenscar
PikeOS
LiskovPowerPCARM
LEON
SPARKQGEN
GNAT Pro
GNATcheck
CodePeerGNATstack
GNATcoverageSPARKGNATtest
EN 50128Qualifiable Certifiable
DO-178Qualifiable Certifiable