open-DO

Certification Together Conference

Jamie Ayre — Mon, 26 Jul 2010 09:49:12 +0000

According to the website, “The Certification Together International Conference for the Aeronautical Industry is the only event in Europe fully dedicated to System, Software and Hardware certification challenges.”

Looking at the program, a large part of it, as you’d expect, is dedicated to the changes in the upcoming DO-178C standard and how it will affect current certification process and practices. Coupled with these are more practical, hand-on user studies provided by primes and vendors alike.

Cyrille Comar will be giving a talk based around “The challenges of Agile certification” and an update on the Object Oriented Technology (OOT) supplement of DO-178C.

The event will be held in Toulouse, France – Oct 26-28.

Achieving Embedded Software Safety with Agility

Jamie Ayre — Fri, 09 Jul 2010 10:25:36 +0000

In this recently published article in Embedded Technology, Jose Ruiz looks at how Agile methods can be successfully applied when building safety-critical embedded software. He concludes:

“Production of safety-critical systems is typically expensive and not conducive to changes. Agile techniques can help increase the level of automation in production and certification, increasing adaptability to changing requirements and reducing delivery time and cost. These methods are based on iterative and incremental development, verified by continuous and automated tests. This notion can be extended to all certification artifacts to achieve continuous certification.”

To read the full article, please click here.

Embedded Contract Languages by Microsoft Research

Yannick Moy — Wed, 09 Jun 2010 07:45:19 +0000

People from the group developing Spec# at Microsoft Research finally published an article on their new Code Contracts approach.

Chosen excerpts: “embedding of contracts as code is a better approach”; “The language of conditions is just the language of expressions in the programming language used”; “ForAll and Exists that work over integer ranges and collections”; “Any methods called from within contract expressions should be pure methods”; “Runtime contract checking is particularly effective in conjunction with automated testing”; “generating good documentation from the embedded contracts is a key scenario”.

And the conclusion: “Since contract expressions are compiled by the existing compiler, the typical problem of having the specications and the code drift apart due to edits, refactoring, etc., is avoided.”

All of this supports the vision of project Hi-Lite, and provides valuable experience reports which should inspire us in Hi-Lite.

Couverture paper presented at ERTS² 2010

Jamie Ayre — Tue, 08 Jun 2010 13:01:55 +0000

At the recent ERTS² 2010 conference held in Toulouse, Thomas Quinot presented a paper entitled

“Object and Source Coverage for Critical Appl ications with the Couverture Open Analysis Framework“.

It presents the Couverture approach to object and structural coverage analysis for certified safety-critical applications, in particular in the context of DO-178.

XReq Project

Jamie Ayre — Wed, 02 Jun 2010 10:21:21 +0000

XReq – Executable Requirements for DO-178B – is the latest project to join the Open-DO initiative. XReq, first contributed by Sogilis, is a tool designed to help testing and verifying a project. It has been specifically adapted for the DO-178B context but can be used by a much wider audience. To help DO-178B projects, it bring together the tests (HLT/LLT) with their requirements, thus helping traceability of the tests.

For further information, please visit the XReq project page.

ERTS² conference week

Yannick Moy — Mon, 24 May 2010 14:18:39 +0000

I spent a very interesting week in Toulouse last week. It started with a day of conference in which INRIA research labs showed a host of products and advanced research applicable to the domains of modeling and safety. There was in particular demos of Astrée (static analyzer for C, now sold by AbsInt Gmbh), Frama-C (framework for analyses on C, partner in Hi-Lite) and Alt-Ergo (prover SMT, partner in Hi-Lite).

It continued with the conference ERTS² during 3 days, which gathered many French and European providers and customers of embedded solutions. I’d like to highlight 3 presentations:

the Formal Methods Subgroup of the upcoming DO-178C standard presented how formal methods may be used in a certification context
PolySpace and automotive stakeholders presented the use of static analysis tools to ensure levels of quality from subcontractors
the initiative “Certification Together” presented the goals of their initiative to share the cost of certification

A “Lighter” Introduction to Hi-Lite

Yannick Moy — Mon, 10 May 2010 10:50:39 +0000

The recently launched project Hi-Lite is based on powerful industrial tools that have been developed by the different partners for the last 10 to 25 years. This means in particular that it is not obvious to grasp the “vision” of Hi-Lite without knowing how all these tools work. To share this vision as broadly as possible, we have come up with a “light” (one may even say humorous) introduction to Hi-Lite in which we describe the application of the various tools and techniques that are part of Hi-Lite to a very simple program.

David Crocker’s Verification Blog

Yannick Moy — Fri, 07 May 2010 23:08:30 +0000

In case you missed the very interesting blog that David Crocker of Escher Technologies is writing since January of this year, I have put a link to it in the Blogroll that you find on the right of the Open-DO main page. David’s ArC system reads C code together with annotations written in special macros in order to formally prove properties of C code. Many similarities with Frama-C, yet a different interesting point of view. Plus David’s choice of examples and tone makes it a very nice reading.

Hi-Lite project officially launched

Jamie Ayre — Wed, 05 May 2010 12:02:31 +0000

Yesterday saw the official launch of the Hi-Lite project. Financially supported by French national and local government agencies, Hi-Lite aims to increase the use of formal methods in developing high integrity software, particularly to meet the forthcoming DO-178C avionics standard.

Hi-Lite is completely based on libre software. The project is structured in two different toolchains for Ada and C based on GNAT/GCC compilers, the SPARK verification toolset and the Frama-C platform. The integration of these toolchains inside two industrial IDEs offers to the user a common interaction on Ada and C programs. In particular, mixed Ada/C programs can be verified against a common specification.

The project partners are AdaCore, Altran Praxis, Astrium Space Transportation, CEA-LIST, the ProVal team of INRIA and Thales Communications. AdaCore is the project leader. For more information please visit www.open-do.org/projects/hi-lite and to subscribe to the public mailing list please send email to hi-lite-discuss@lists.forge.open-do.org.

We will be reporting on its progress here as it reaches major milestones throughout the evolution of the project.

Formal Method for Avionics Software Verification (Hervé Delseny)

Jamie Ayre — Wed, 28 Apr 2010 17:26:19 +0000

The next talk in our series from the recent Open-DO Conference is from Hervé Delseny, an expert in Avionics Software Aspects of Certification at Airbus. In his talk he gives examples of Airbus’ use of Formal Methods to verify avionics software, and summarises the integration of Formal Methods in the upcoming ED-12/DO-178 issue C.

You can also view the presentation slides if you want to follow along.

Formal Method for Avionics Software Verification

View more presentations from AdaCore.