Automating
Target Analysis to Speed up the
Dependability
Analysis
of complex real time Software
In
the space sector, SURLOG has demonstrated the assets of its expert approach.
Clearly, the
ATASDAS methodology is tackled for the space sector on a European basis: ESTEC (the
research centre of ESA) looks for the most adequate expertise throughout Europe
to solve its software safety needs.
The
ATASDAS project extends this space expertise to different sectors that use more and more critical real time software. It should speed up the
implementation of new European rules for reliability analysis of complex real
time software, first in the critical application areas, but also in other areas where safety is a key factor,
such as automotive, aeronautics, and air traffic management.
There
are numerous industrial processes that are driven by real time control software.
Many of such processes are critical for the safety of the whole system. When
failures occur,
either at the development/test phase or during real life operations, it is of
paramount importance to understand very quickly the existing software structure and to propose diagnostics and
remedies leading to:
Ø
Error
analysis, debugging and correction
Ø
An
improved evaluation of the safety level of the resulting new software
It
must be emphasized that dependable software involved in the control and command
of automated systems belongs
to a very specific subclass of software programs the ones that can be considered as an infinite cycle of finite and
deterministic execution steps of a sequence of instructions:
Ø
The
scope of languages
used by programmers is
rather limited (C, C++, ADA, Modula-2)
Ø
The
software size is limited (about 1,000 to 20, 000 lines of active code)
Ø
The
number of software components has to be kept limited in size (from
100 to a few thousands) with a call depth restricted to 5 to 20 levels
The
new tool ATASDAS, which greatly automates such analysis, implements heuristics
and algorithms of graph theory in order to obtain the following attributes
[from any source code written in current real time software languages: C, C++, Ada, Modula 2, in compliance with any of the major standards (IEC
61508, CENELEC 50128, DO178B, CEI 880...)]:
q
The
software architecture;
q
The
call graph of each parallel process the software;
q
The
data dependency
graph based on the critical inputs of each parallel process;
q
The
data dependency graph for data generating the critical outputs of each parallel process;
q
The
data flow graph of each parallel process;
q
The
data sharing
between each parallel process;
q
Appropriate
metrics describing the incriminated software,
both at system level and at component level (i.e. the call graph depth, the number of components,
the inputs and outputs
statistics per component, recursiveness, dynamic memory allocation, aliasing,
non deterministic asynchronous data processing etc.).
Thus,
this static analysis approach, which makes sense when it deals with the
preliminary steps of a target analysis, also provides some key information about
the relevant “real time information” needed for analyses
dealing with real time, deterministic or synchronous systems (through the call graph and dependency graphs).
The availability of such a new tool helps real time software project managers and their quality counterpart to speed up the first analysis of failing source codes, without having the huge prior background, that SURLOG has acquired dealing with safety projects.