chair of software engineering software verification bertrand meyer carlo a. furia sebastian nanz eth...
TRANSCRIPT
![Page 1: Chair of Software Engineering Software Verification Bertrand Meyer Carlo A. Furia Sebastian Nanz ETH Zurich, Fall 2012 Chair of Software Engineering](https://reader035.vdocuments.us/reader035/viewer/2022062717/56649e2a5503460f94b181f1/html5/thumbnails/1.jpg)
Chair of Software Engineering
Software Verification
Bertrand MeyerCarlo A. Furia
Sebastian Nanz
ETH Zurich, Fall 2012
Chair of Software Engineering
![Page 2: Chair of Software Engineering Software Verification Bertrand Meyer Carlo A. Furia Sebastian Nanz ETH Zurich, Fall 2012 Chair of Software Engineering](https://reader035.vdocuments.us/reader035/viewer/2022062717/56649e2a5503460f94b181f1/html5/thumbnails/2.jpg)
2
Today
Aims of the course
Introduction to issues of software quality
![Page 3: Chair of Software Engineering Software Verification Bertrand Meyer Carlo A. Furia Sebastian Nanz ETH Zurich, Fall 2012 Chair of Software Engineering](https://reader035.vdocuments.us/reader035/viewer/2022062717/56649e2a5503460f94b181f1/html5/thumbnails/3.jpg)
Course organization
Lecturers: Bertrand Meyer, Carlo Furia, Sebastian NanzAssistant: Stephan van Staden
Webpage: http://se.inf.ethz.ch/courses/2012b_fall/sv/
Monday lectures (10-12, RZ F21):Classical lecture
Wednesday lecture (15-16, RZ F21): Variable slot: seminar by guest, or extra lecture, or extra exercise class
Exercise session: Wednesday, 16-18, RZ F213
![Page 4: Chair of Software Engineering Software Verification Bertrand Meyer Carlo A. Furia Sebastian Nanz ETH Zurich, Fall 2012 Chair of Software Engineering](https://reader035.vdocuments.us/reader035/viewer/2022062717/56649e2a5503460f94b181f1/html5/thumbnails/4.jpg)
4
Purpose of this course
To present available techniques for ensuring better software quality
![Page 5: Chair of Software Engineering Software Verification Bertrand Meyer Carlo A. Furia Sebastian Nanz ETH Zurich, Fall 2012 Chair of Software Engineering](https://reader035.vdocuments.us/reader035/viewer/2022062717/56649e2a5503460f94b181f1/html5/thumbnails/5.jpg)
Topics (see Web page for details)
Axiomatic semanticsSeparation logicAssertion inferenceProof-Carrying Code
Static analysisAbstract interpretation
Model checkingReal-time systems
Testing5
Program proofs
Program analysis
Model checking
Testing
![Page 6: Chair of Software Engineering Software Verification Bertrand Meyer Carlo A. Furia Sebastian Nanz ETH Zurich, Fall 2012 Chair of Software Engineering](https://reader035.vdocuments.us/reader035/viewer/2022062717/56649e2a5503460f94b181f1/html5/thumbnails/6.jpg)
Grading
Project: 30%Written exam (17 December): 70%
All material presented during regular slots is examinable
6
![Page 7: Chair of Software Engineering Software Verification Bertrand Meyer Carlo A. Furia Sebastian Nanz ETH Zurich, Fall 2012 Chair of Software Engineering](https://reader035.vdocuments.us/reader035/viewer/2022062717/56649e2a5503460f94b181f1/html5/thumbnails/7.jpg)
7
![Page 8: Chair of Software Engineering Software Verification Bertrand Meyer Carlo A. Furia Sebastian Nanz ETH Zurich, Fall 2012 Chair of Software Engineering](https://reader035.vdocuments.us/reader035/viewer/2022062717/56649e2a5503460f94b181f1/html5/thumbnails/8.jpg)
8
Overview ofsoftware
verification
![Page 9: Chair of Software Engineering Software Verification Bertrand Meyer Carlo A. Furia Sebastian Nanz ETH Zurich, Fall 2012 Chair of Software Engineering](https://reader035.vdocuments.us/reader035/viewer/2022062717/56649e2a5503460f94b181f1/html5/thumbnails/9.jpg)
9
The more general notion: software quality assurance
A set of policies and activities to:
Define quality objectives
Help ensure that software products and
processes meet these objectives
Assess to what extent they do
Improve them over time
![Page 10: Chair of Software Engineering Software Verification Bertrand Meyer Carlo A. Furia Sebastian Nanz ETH Zurich, Fall 2012 Chair of Software Engineering](https://reader035.vdocuments.us/reader035/viewer/2022062717/56649e2a5503460f94b181f1/html5/thumbnails/10.jpg)
Verification
The Quality Assurance activity devoted to enforcing quality, in particular: Detecting deviations from quality Correcting them
Common distinction (“V & V”):Validation: assessment of any product relative to its
specification (“checking that it is doing the right things”)
Verification: assessment of internal quality (“checking that it is doing things right”)
In this course, “Verification” covers both10
![Page 11: Chair of Software Engineering Software Verification Bertrand Meyer Carlo A. Furia Sebastian Nanz ETH Zurich, Fall 2012 Chair of Software Engineering](https://reader035.vdocuments.us/reader035/viewer/2022062717/56649e2a5503460f94b181f1/html5/thumbnails/11.jpg)
11
The product side
Quality is the absence of “deficiencies” (or “bugs”).
More precise terminology (IEEE):
Mistakes
Faults
Failures
result from
caused by
![Page 12: Chair of Software Engineering Software Verification Bertrand Meyer Carlo A. Furia Sebastian Nanz ETH Zurich, Fall 2012 Chair of Software Engineering](https://reader035.vdocuments.us/reader035/viewer/2022062717/56649e2a5503460f94b181f1/html5/thumbnails/12.jpg)
Verification techniques
A priori techniques Build system for quality; e.g.: process
approaches, proof-guided construction, Design by Contract
A posteriori techniquesStatic: from software text only
Program proofs Program analysis / abstract interpretation Model checking
Dynamic: execute software Testing
13
![Page 13: Chair of Software Engineering Software Verification Bertrand Meyer Carlo A. Furia Sebastian Nanz ETH Zurich, Fall 2012 Chair of Software Engineering](https://reader035.vdocuments.us/reader035/viewer/2022062717/56649e2a5503460f94b181f1/html5/thumbnails/13.jpg)
14
Software quality: external vs internal
External factors: visible to customers
(not just end users but e.g. purchasers)
Examples :
Internal factors: perceptible only to developers
Examples :
Only external factors count in the end, but the internal factors make it possible to obtain them.
ease of use, extendibility, timeliness
good programming style, information hiding, documentation
![Page 14: Chair of Software Engineering Software Verification Bertrand Meyer Carlo A. Furia Sebastian Nanz ETH Zurich, Fall 2012 Chair of Software Engineering](https://reader035.vdocuments.us/reader035/viewer/2022062717/56649e2a5503460f94b181f1/html5/thumbnails/14.jpg)
15
Software quality: product vs process
Product: properties of the resulting software
For example: correctness, efficiency
Process: properties of the procedures used to produce and “maintain” the software
![Page 15: Chair of Software Engineering Software Verification Bertrand Meyer Carlo A. Furia Sebastian Nanz ETH Zurich, Fall 2012 Chair of Software Engineering](https://reader035.vdocuments.us/reader035/viewer/2022062717/56649e2a5503460f94b181f1/html5/thumbnails/15.jpg)
Some external factors
Product quality (immediate): Reliability Efficiency Ease of use Ease of learning Process quality:
Production speed (timeliness)
Cost-effectiveness Predictability Reproducibility Self-improvementProduct quality (long term):
Extendibility Reusability Portability
16
![Page 16: Chair of Software Engineering Software Verification Bertrand Meyer Carlo A. Furia Sebastian Nanz ETH Zurich, Fall 2012 Chair of Software Engineering](https://reader035.vdocuments.us/reader035/viewer/2022062717/56649e2a5503460f94b181f1/html5/thumbnails/16.jpg)
Reliability
Correctness:The systems’ ability to perform according to specification, in cases covered by the specification
Robustness:The systems’ ability to perform reasonably in cases not covered by the specification
Security:The systems’ ability to protect itself against hostile use
Correctness
Robustness Security
HOSTILE USEERRORSSPECIFICATION
17
![Page 17: Chair of Software Engineering Software Verification Bertrand Meyer Carlo A. Furia Sebastian Nanz ETH Zurich, Fall 2012 Chair of Software Engineering](https://reader035.vdocuments.us/reader035/viewer/2022062717/56649e2a5503460f94b181f1/html5/thumbnails/17.jpg)
18
NIST report on testing (May 2002)
Financial consequences, on developers and users, of “insufficient testing infrastructure”
$ 59.5 B.
![Page 18: Chair of Software Engineering Software Verification Bertrand Meyer Carlo A. Furia Sebastian Nanz ETH Zurich, Fall 2012 Chair of Software Engineering](https://reader035.vdocuments.us/reader035/viewer/2022062717/56649e2a5503460f94b181f1/html5/thumbnails/18.jpg)
Software projects according to Standish
2000199819961994 2006
16
27
2835
26
10%
20%
30%
40%
50%
53
33
46
49
46
31
40
28
23 19
Successful
Failed
Challenged
![Page 19: Chair of Software Engineering Software Verification Bertrand Meyer Carlo A. Furia Sebastian Nanz ETH Zurich, Fall 2012 Chair of Software Engineering](https://reader035.vdocuments.us/reader035/viewer/2022062717/56649e2a5503460f94b181f1/html5/thumbnails/19.jpg)
20
Some famous failures
Ariane 5TheracPatriotLondon Ambulance SystemMars Orbiter VehicleBuffer overflows
...
![Page 20: Chair of Software Engineering Software Verification Bertrand Meyer Carlo A. Furia Sebastian Nanz ETH Zurich, Fall 2012 Chair of Software Engineering](https://reader035.vdocuments.us/reader035/viewer/2022062717/56649e2a5503460f94b181f1/html5/thumbnails/20.jpg)
Mars Climate Orbiter Vehicle
![Page 21: Chair of Software Engineering Software Verification Bertrand Meyer Carlo A. Furia Sebastian Nanz ETH Zurich, Fall 2012 Chair of Software Engineering](https://reader035.vdocuments.us/reader035/viewer/2022062717/56649e2a5503460f94b181f1/html5/thumbnails/21.jpg)
22
Mars Polar Lander
![Page 22: Chair of Software Engineering Software Verification Bertrand Meyer Carlo A. Furia Sebastian Nanz ETH Zurich, Fall 2012 Chair of Software Engineering](https://reader035.vdocuments.us/reader035/viewer/2022062717/56649e2a5503460f94b181f1/html5/thumbnails/22.jpg)
23
The problem
![Page 23: Chair of Software Engineering Software Verification Bertrand Meyer Carlo A. Furia Sebastian Nanz ETH Zurich, Fall 2012 Chair of Software Engineering](https://reader035.vdocuments.us/reader035/viewer/2022062717/56649e2a5503460f94b181f1/html5/thumbnails/23.jpg)
24
Ariane-5 maiden launch, 1996
37 seconds into flight, exception in Ada program not processed; order given to abort mission. Loss estimated to $10 billion.Exception was caused by an incorrect conversion: a 64-bit real value was incorrectly translated into a 16-bit integer.Systematic analysis had “proved” that the exception could not occur – the 64-bit value (“horizontal bias” of the flight) was proved to be always representable as a 16-bit integer !It was a REUSE error:
The analysis was correct – for Ariane 4 ! The assumption was documented – in a design
document !See Jean-Marc Jézéquel & Bertrand Meyer, “Design by Contract: The Lessons of Ariane, IEEE Computer, January 1997, available at se.ethz.ch/~meyer/publications/computer/ariane.pdf
![Page 24: Chair of Software Engineering Software Verification Bertrand Meyer Carlo A. Furia Sebastian Nanz ETH Zurich, Fall 2012 Chair of Software Engineering](https://reader035.vdocuments.us/reader035/viewer/2022062717/56649e2a5503460f94b181f1/html5/thumbnails/24.jpg)
25
Security example: the buffer overflow
System expects some input from an external user:
First name:
Last name:
Address:
![Page 25: Chair of Software Engineering Software Verification Bertrand Meyer Carlo A. Furia Sebastian Nanz ETH Zurich, Fall 2012 Chair of Software Engineering](https://reader035.vdocuments.us/reader035/viewer/2022062717/56649e2a5503460f94b181f1/html5/thumbnails/25.jpg)
26
Getting the input
from i := 1 until
i > input_size
loop
buffer [i ] := input [i ]
i := i + 1
end
![Page 26: Chair of Software Engineering Software Verification Bertrand Meyer Carlo A. Furia Sebastian Nanz ETH Zurich, Fall 2012 Chair of Software Engineering](https://reader035.vdocuments.us/reader035/viewer/2022062717/56649e2a5503460f94b181f1/html5/thumbnails/26.jpg)
Overflowinga buffer!
Data“The
stack”
0
Programs
Max
Routine 1
Routine 2… Return
address, argument
s,locals
Routine n
My nasty code
Main
Return addressMy return address
Code of routine n-1
The buffer
(overflowing)
The buffer array
(activation records)
Memory
![Page 27: Chair of Software Engineering Software Verification Bertrand Meyer Carlo A. Furia Sebastian Nanz ETH Zurich, Fall 2012 Chair of Software Engineering](https://reader035.vdocuments.us/reader035/viewer/2022062717/56649e2a5503460f94b181f1/html5/thumbnails/27.jpg)
28
Getting the input
from i := 1 until
i > input_size
loop
buffer [i ] := input [i ]
i := i + 1
end
or i > buffer_size
![Page 28: Chair of Software Engineering Software Verification Bertrand Meyer Carlo A. Furia Sebastian Nanz ETH Zurich, Fall 2012 Chair of Software Engineering](https://reader035.vdocuments.us/reader035/viewer/2022062717/56649e2a5503460f94b181f1/html5/thumbnails/28.jpg)
- 1 –
Overview of the
requirements task
Verification in the software lifecycle
29
![Page 29: Chair of Software Engineering Software Verification Bertrand Meyer Carlo A. Furia Sebastian Nanz ETH Zurich, Fall 2012 Chair of Software Engineering](https://reader035.vdocuments.us/reader035/viewer/2022062717/56649e2a5503460f94b181f1/html5/thumbnails/29.jpg)
30
Quality assurance techniques
Manual Tool-supported
Process Product
Informal Mathematical
Complete Partial
Technology-generic Technology-specific
Static Dynamic
vs
Phase-generic Phase-specific(analysis, design,
implementation…)Product-generic Product-specific
(code, documentation…)
Build (a priori) Assess (a posteriori)
![Page 30: Chair of Software Engineering Software Verification Bertrand Meyer Carlo A. Furia Sebastian Nanz ETH Zurich, Fall 2012 Chair of Software Engineering](https://reader035.vdocuments.us/reader035/viewer/2022062717/56649e2a5503460f94b181f1/html5/thumbnails/30.jpg)
31
Quality assurance throughout the process
“Software” is not just code!
Quality affects code, documentation, design, analysis, management, the software process, and the software quality policy itself.
Most of the techniques presented will, however, be for code.
![Page 31: Chair of Software Engineering Software Verification Bertrand Meyer Carlo A. Furia Sebastian Nanz ETH Zurich, Fall 2012 Chair of Software Engineering](https://reader035.vdocuments.us/reader035/viewer/2022062717/56649e2a5503460f94b181f1/html5/thumbnails/31.jpg)
32
Process-based approaches to quality assurance
Lifecycle models
Process models: CMMI, ISO 9001:2000
Inspections
Open-source process
eXtreme Programming (XP)