Abstract
If we wish to use an automatic code generator for the modelbased development of a safety-critical system, how can we gain sufficient confidence in the correctness of the tool? For a tool like a code generator, which could insert an error into an airborne system, the US Federal Aviation Administration (FAA) requires the highest level of tool qualification [2], Tool Qualification Level 1 (TQL-1), if the tool is going to be used for a Level-A subsystem (one whose failure could be catastrophic). Achieving TQL-1 for such a code generator is analogous to achieving Level A certification for an embedded software component, but the lines of code in the tool can be substantially greater. In this paper we describe approaches to manage the complexity of specification and testing required for Level-1 qualification of a tool like an automatic code generator, a tool which includes multiple phases that transform an input model into optimized generated code.
- AdaCore, QGen Model-Based Tool Suite, http://adacore.com/qgen.Google Scholar
- Certification Authorities Software Team (CAST), CAST-25, "Considerations when using a Qualifiable Development Environment (QDE) in Certification Projects," FAA, Sep 2005, https://www.faa.gov/aircraft/air_cert/design_approvals/air_software/cast/cast_papers/media/cast-25.pdf.Google Scholar
- Dieumegard, A. et al, Block Library Driven Translation Validation for Dataflow Models in Safety Critical Systems, FMICS-AVoCS 2016, Pisa, Italy, Sep 2016.Google Scholar
- Richa, E. et al, Towards Testing Model Transformation Chains using Precondition Construction in Algebraic Graph Transformation, Third Workshop on the Analysis of Model Transformations, AMT'14, Valencia, Spain, Sep 2014, http://ceur-ws.org/Vol-1277/4.pdf.Google Scholar
- Rierson, L., Developing Safety-Critical Software: A Practical Guide for Aviation Software and DO-178C Compliance, CRC Press, 2013.Google Scholar
- S. T. Taft, "TQL-1 Qualification of a Model-Based Code Generator," HCSS 2016, Annapolis, MD, May 2016, http://cps-vo.org/node/24503.Google Scholar
- ANSYS Esterel Technologies, "SCADE Suite® KCG 6.4 DO-178C Certification Kits Technical Data Sheet," http://www.esterel-technologies.com/wpcontent/uploads/2013/02/SCADE-Suite-DO178CCertification-Kit.pdfGoogle Scholar
- ANSYS Esterel Technologies, "Efficient Development of Safe Avionics Software with DO-178C Objectives Using SCADE Suite®," http://www.peraglobal.com/upload/contents/2015/11/20151113142739_85462.pdfGoogle Scholar
- Biernacki, D. et al, "Clock-directed Modular Code Generation for Synchronous Data-flow Languages," LCTES'08, Tucson, AZ, June 2008, https://www.di.ens.fr/~pouzet/bib/lctes08a.pdfGoogle Scholar
- O'Halloran, C., "Automated verification of code automatically generated from Simulink®", Automated Software Engineering 20(2):237-264, June 2012 Google Scholar
Digital Library
- Ryabtsev, M. Translation validation: from Simulink to C. Diss. Technion-Israel Institute of Technology, 2009, http://ie.technion.ac.il/~ofers/publications/theses/Michael- Ryabtsev.pdfGoogle Scholar
- Leroy, X., Formal verification of a realistic compiler. Communications of the ACM, 52(7):107-115, 2009. Google Scholar
Digital Library
Index Terms
(auto-classified)Building Trust in a Model-Based Automatic Code Generator
Recommendations
Use of formal methods for building qualified code generator for safer automotive systems
CARS '10: Proceedings of the 1st Workshop on Critical Automotive applications: Robustness & SafetyIn this position paper, we address issues of the development of correct-by-construction components for GeneAuto a qualifiable (according to DO178B-ISO26262 recommendations) automatic code generator. It transforms Simulink, Stateflow and Scicos models to ...
Integrated Formal Approach for Qualified Critical Embedded Code Generator
FMICS '09: Proceedings of the 14th International Workshop on Formal Methods for Industrial Critical SystemsThis paper sums up the integration of a correct-by-construction components for the qualifiable <Emphasis Type="SmallCaps">geneauto</Emphasis> automatic code generator (<Emphasis Type="SmallCaps">Acg</Emphasis> ). It transforms <Emphasis Type="SmallCaps">...
Model-Based Tool Qualification
Revised Selected Papers of the SEFM 2012 Satellite Events on Information Technology and Open Source: Applications for Education, Innovation, and Sustainability - Volume 7991In this paper we describe the model-based approach to tool qualification starting from the process model for the determination of the qualification need until the model for test and qualification. The model-based approach can automate many steps from ...






Comments