Escolar Documentos
Profissional Documentos
Cultura Documentos
Veena BN
2013 LDRA Ltd Copyright 2005 Liverpool Data Research Associates Limited
Agenda
Introduction Formal Methods: Why? Where? How? Mathematical models & algorithms by stealth Industrial strength formal methods Techniques & methods implemented in the LDRA tool suite Conclusion Summary
LDRA Ltd
Liverpool Data Research Associates Founded 1975 Provider of Test Tools & Solutions Metrics Pioneer Consultancy, Support, Training Active participation in standards such as DO-178B/C, MISRA C/C++
4
Part of the reason is that LDRA have deliberately avoided the association, because so many software engineers are fearful of the mathematical overtones.
This paper documents some of the most commonly used Formal Methods which have been implemented in the LDRA tool suite for many years
Mathematical Models
9
11
Flow Graph
12
The model is system wide and includes variable aliasing through procedure interfaces
13
14
Procedure information
15
For Ex: a global variable when passed as a parameter in a call then has two access mechanisms inside the procedure.
The danger arises firstly from the programmer failing to appreciate this fact and thinking they are distinct secondly from a compiler treating them as distinct when the programmer thinks they are the same Use of pointers make it worse
The objective is to search system wide to find instances (on any path) of:
files written to, before being opened; files written to, after being closed; files written to, but never closed.
17
Storage Analysis
This model is, at present, exclusive to C. The problem is to identify the careless use of storage Storage allocated and then not de-allocated correctly It is also possible to release memory not allocated and this is also reported
18
Pointer Analysis
The data flow model is enhanced by the pointer variables and the operations performed upon them. The operations include aliasing over procedure boundaries and dereference operations.
Pointer Analysis:
Caveat:
Since this is a static model and pointer operations are a dynamic issue, the model has certain limitations.
19
Accomplished by searching an annotated data flow model which is enhanced by the conditions of all the branching conditions Then any use of a pointer in any context on a path which does not contain a successful test of the value of the pointer is flagged.
20
Divide-by-Zero Analysis
This model is similar in concept to the previous model and uses an enhanced data flow model. The enhancements
Include the specific arithmetic operations on the program variables
The aim is to detect constructs which can lead to a divide-by-zero event. Any input value which is not checked before being used as a division is reported.
21
The static checks are again performed by enhancing the data flow model. The model has limitations due to the dynamic characteristics and additionally, the unhelpful nature of languages such as C and C++ makes a precise algorithm difficult. The checks can also be performed dynamically. The use of unchecked input values as an array index are reported.
22
Except in specific circumstances, the removal of this code contributes to most quality characteristics of a program.
Such code is flagged up by a comprehensive model which relates the program outputs to the program inputs, both directly and indirectly.
23
24
This is performed in the LDRA Testbed tool suite by scanning the system-wide control and dataflow graphs with a grammar to discover such relationships.
25
26
This provides a direct link with a number of other flavours of Formal Methods and notations.
27
LCSAJ Analysis
The set of linear code sequence and jump (LCSAJ) sub paths forms a basis set for the generation of program paths. As such, LCSAJs are a powerful vehicle for analyzing path structure and generating targeted test data. The tool generates a test case plan.
28
29
30
32
Conclusion
The LDRA tool suite comprising lexical analyzers, parsers and modelling tools have been in continuous production since 1975 The use of the Formal Methods components were first described in 1983 The algorithms have been applied to some 14 different computer languages with numerous dialectic variations The LDRA tool suite has been used in a huge number of safety and mission critical applications
33
Summary
In 40 years the LDRA tool suite has progressed considerably but there is still much to be done. The aim is to implement any technique
Which can reduce the occurrence of defects and faults provided only that the technique is reasonably applicable to significant numbers of software systems
As more Formal Methods mature they are likely to be prime candidates for implementation
34
References
Formal Methods by Stealth: Formal Methods Implemented in the LDRA Tool Suite: M. A. Hennell, and M. R. Woodward An Algebra for Dataflow anomaly Detection: Ira Forman RTCA. Software considerations in airborne systems and equipment certification. Report DO-178B, Radio Technical Commission for Aeronautics (RTCA) Inc., Suite 1020, 1140 Connecticut Avenue NW, Washington DC 20036, U.S.A. (1992). LDRA tool suite manual
35
36
@ldra_technology
LDRA Limited
37