Goals: - Shorten development cycle for flight SW; Reduce cost; Increase

reliability Current SW development cycle:- Coding and testing performed as separate activities- Testing is costly; performed after code developmentContinuous Incremental Checking:- Testing performed during code development- Excess workstation cycles used to continuously generate and

run tests and to suggest repairs and invariants- Seamless integration in coding environment familiar to

developers

Continuous Incremental Software Checking for Robotic and Satellite Missions – Corina Pasareanu, CMU/NASA Ames

User

Code (Android) + JML Specs

SystematicAnalysis

JUnit Tests

PassFail- Insert pre-condition- Modify code- Modify test

Quick Fixes

Sym Exe Tree

Likely Invariants

Test Execution

Test Generation

Invariant Generation

Integrated Development Environment

NASA PhoneSat

SPHERES on ISS

Target Applications

Features:- Automatic test generation and execution- Automatic program and test repair- Rapid feedback to user: test failures, code and

test fixes, invariants

1: d=d+1;2: if (x > y)3: return d / (x-y); else 4: return d / (y-x);

PC: X>Y

x: X, y: Y, d: D+1PC: true

PC: X<=Y

PC: X>Yreturn: (D+1)/(X-Y)

PC: X<=Y & Y-X!=0return: (D+1)/(Y-X)

PC: X<=Y & Y-X=0Div by zero!

Solve path conditions → test inputs

Example code:

Symbolic execution tree:

[2:] [2:]

[3:] [4:] [4:]

x: X, y: Y, d: DPath condition PC: true

[1:]