towards the qualification of open-source code …acg-solutions.fr › acg › wp-content › uploads...
TRANSCRIPT
Towards the qualification of open-source
code generators
Frédéric POTHON - ACG Solutions
[email protected] Tel: (33)4. 67. 609.487
www.acg-solutions.fr
Matteo BORDIN - Adacore
[email protected] Tel: (33)1. 49.70.67.16
www.adacore.com
Towards the qualification of open-source code generators : Agenda
1. P Project presentation
2. P Project challenges
3. Impact of DO-330/ED-215 principles
4.P Model-Compiler qualification
2
Background: Gene-Auto
“An Automatic Code Generator for a safe subset of Simulink/Stateflow and Scicos”
• Duration : 3 years from January 2006 • Countries : Belgium, Estonia, France, Israel • Partners: Industrial (”users”), ”suppliers”, SME’s Research Institutes and
Universities • Domain: Space, Automotive and Avionics • Free license
http://geneauto.gforge.enseeiht.fr/
3
1- P Project presentation
New project : “P” (FUI 2011)
“A qualify-able Code generation chain, under free license, based on open standard of interoperability”
1- P Project presentation
New project : “P” (FUI 2011)
“A qualify-able Code generation chain, under free license, based on open standard of interoperability”
5
• To treat in a coherent way relevant subsets of Modeling languages (functional and Architecture) such as Simulink, Stateflow, Xcos, Scicos, SysML, MARTE, UML;
• To be able to produce several programming languages (Ada, C/C ++) and of synthesis ( VHDL, SystemC) as well as computers mono and multi-heart;
• Supplied with a kit of qualification primarily DO-178B / C and ECSS-E-ST-40C / Q-ST-80C (spatial) and ISO-26262 ( automobile).
• Free license
http://www.open-do.org/projects/p/
1- P Project presentation
6
A dream:
“To create a line of freeware product for code generation from models similar than GCC from programming languages.”
GCC Compiler
x68
C/C++
PowerPC …
Ada …
1- P Project presentation
7
GCC Compiler
x68
C/C++
PowerPC …
Ada …
P Model Compiler
Simulink Scicos …
1- P Project presentation
Towards the qualification of open-source code generators : Agenda
1. P Project presentation
2. P Project challenges
3. Impact of DO-330/ED-215 principles
4.P Model-Compiler qualification
8
How to develop such Code Generator ?
• Not a single code generator, but a code generation framework which could be instantiated by/for each users: Inputs/Outputs
• To define a suitable intermediate representation for model refinement
• This intermediate representation “a Pivot Formalism” is used to develop specific importers for Simulink, UML, AADL and specific back-ends for Ada, C and VHDL
9
2- P Project challenges
Pivot formalism
An intermediate internal representation
Code Generation
Verification
of Integration
Control algorithms Signal processing
Software architecture System and platform
System Engineer Software Engineer Automation Engineer
Model refinement & transformation
10
2- P Project challenges
Is it really that difficult to qualify a code generator?
For DO-178B/ED-12B :
Software
Development Tool
13
DO-178B/ED-12B
2- P Project challenges
Is it really that difficult to qualify a code generator?
For DO-178C/ED-12C and the Tool Qualification Document
Criteria 1
14
DO-178C/ED-12C
DO-330/ED-215
2- P Project challenges
Is it really that difficult to qualify a code generator?
For DO-178C/ED-12C and the Tool Qualification Document
Yes it is
TQL-1 to 4 “equivalent” to objectives applicable to software level A to D.
- Evidences about all the development, verification, quality assurance and management processes of the tool
- Need to be aware and to apply qualification requirements since the launch of the development: Process definition and data recording.
- and often very far from those applied by tool vendors, so very difficult to qualify a COTS as a development tool
15
2- P Project challenges
Is it really that difficult to qualify a code generator?
For DO-178C/ED-12C and the Tool Qualification Document
Yes it is
But DO-330/ED-215 provides
- A guidance directly applicable to software tools
- A section for COTS tool
- An FAQ on benefits of using a qualified code generator
16
2- P Project challenges
And in our context, additional difficulties:
• Multiple Users
• Multiple Domain
• Multiple Inputs: Models formalisms, and possible several models
• Multiple Outputs: Source code languages
And more:
• To allow adaptations for each users in terms of adding new inputs models features, source code optimization ….
• To develop generic qualification data for all possible (allowed) P-Model-Compiler
• One of the first application of DO-330/ED-215 17
2- P Project challenges
Towards the qualification of open-source code generators : Agenda
1. P Project presentation
2. P Project challenges
3. Impact of DO-330/ED-215 principles
4.P Model-Compiler qualification
18
This separation facilitates reuse, COTS and further qualification after changes
3- Impact of DO-330/ED-215 principles
“Tool User” and “Tool Developer”
Qualification performed in the scope of a specific project/context
Some errors may be detected only in the user context
=> Specific Objectives for the user context
=> Tool user is responsible of the qualification
19
Two levels of requirements:
- Tool Operational Requirements describe the software life cycle needs (user context).
- Tool development processes produce one or several levels of Tool Requirements (developer context), from TOR
20
3- Impact of DO-330/ED-215 principles
Identification of the certification credit in a software document (not tool)
Adequacy of the tool?
Not enough to verify the compliance to the requirements
“Validation” is necessary!
To ensure that the tool is compliant with the user needs (software life cycle) as described in the TOR …. or NOT!
21
3- Impact of DO-330/ED-215 principles
User context
Developer context
Tool User and Tool Developer processes
22
3- Impact of DO-330/ED-215 principles
Tool Operational
Verification and
Validation
process
Tool Verification process
User context
Developer context
23
3- Impact of DO-330/ED-215 principles
Tool User and Tool Developer processes
24
COTS tools: A specific section : DO-330/ED-215§11.3
• What is a COTS tool:
Despite the term “Commercial” any tool develop independently
of a specific project should be assimilated to COTS tool
3- Impact of DO-330/ED-215 principles
25
COTS tools: A specific section : DO-330/ED-215§11.3
• Guidance to qualify COTS tool:
• “Same objectives “ but there is a problem : COTS tools are
typically developed without available Tool Operational
Requirements specific to software life cycle
3- Impact of DO-330/ED-215 principles
26
COTS tools: A two steps approach
• Pre-qualification by the Tool-Developer
• Qualification by the Tool User
3- Impact of DO-330/ED-215 principles
27
COTS tools: A two steps approach
• Pre-qualification by the Tool-Developer
– Developer-TQP, Developer-TAS, Developer-TCI
– Developer-TOR
– Tool Development and Tool verification performed accordingly
to this Developer-TOR.
3- Impact of DO-330/ED-215 principles
28
COTS tools: A two steps approach
• Qualification by the Tool User
– Define need for qualification and certification credit (PSAC)
– Finalization of TQP, TAS and TCI with user activities
– Assess the developer-TOR and provide additional information
in the TOR
– Assess qualification data and may provide additional data in
case of deficiencies
– Perform all « validation » activities
3- Impact of DO-330/ED-215 principles
Towards the qualification of open-source code generators : Agenda
1. P Project presentation
2. P Project challenges
3. Impact of DO-330/ED-215 principles
4.P Model-Compiler qualification
31
32
In compliance with DO-330/ED-215 §10.3
• Pre-qualification by the Tool-Developer
– All pre-qualification objectives satisfied by the Consortium
(Planning, development, verification quality assurance,
configuration management)
– Allowed P-Model-Compiler identified (Combination of
Inputs/Outputs)
– Limitations and constraints on inputs identified
– Knows errors identified and analysed
– Data provided to users (Developer-TQP, Developer-TAS,
Developer-TCI as a minimum)
4- P-Model-Compiler qualification
33
In compliance with DO-330/ED-215 §10.3
• Qualification by the Tool User
– Define need for qualification and certification credit (PSAC)
1. Document provided by the Consortium to be included or
referenced in the project PSAC
2. Based on DO-330/ED-215 §1.8 – Scenario 3 application
with credit claimed on source code and tests
4- P-Model-Compiler qualification
34
In compliance with DO-330/ED-215 §10.3
• Qualification by the Tool User
– Finalization of TQP, TAS and TCI with user activities
1. “Recommended” supplementary user activities identified
2. Activities to be performed only on the “selected” P-Model-
Compiler
3. Activities limited to the user configuration and limitations of
modelling guidelines.
4. Purpose of a template of the TQP that references the
Developer-TQP
4- P-Model-Compiler qualification
35
In compliance with DO-330/ED-215 §10.3
• Qualification by the Tool User
– Assess the developer-TOR and provide additional information
in the TOR
1. Developer-TOR provided to the user
2. Developer-TOR develop in an easy to read format
3. Additional information/requirements are those necessary for
“validation” activity
4. Template of TOR provided that references the Developer-
TOR
4- P-Model-Compiler qualification
36
In compliance with DO-330/ED-215 §10.3
• Qualification by the Tool User
– Assess qualification data and may provide additional data in
case of deficiencies
1. Our goal is: “No deficiencies!”
2. But known errors may exists, and impact analysis in the
scope of the project provided in TAS
4- P-Model-Compiler qualification
37
In compliance with DO-330/ED-215 §10.3
• Qualification by the Tool User
– Perform all « validation » activities
1. TOR Validation (review): Correctness and completeness of
additional information/requirements
2. Tool Validation: To generate the code for Model Samples
with the selected P-Model-Compiler and to validate the
generated source code
3. Tool Validation: To generate the executable object code with
compiler/linker and validate its execution on “target”.
4- P-Model-Compiler qualification
38
In compliance with DO-330/ED-215 §10.3
3. Tool Validation: To generate the executable object code with
compiler/linker and validate its execution on “target”.
Certification credit for tests is based on this activity!
Equivalent to low-level requirements based tests, performed through equivalent classes of inputs
4- P-Model-Compiler qualification
Source code
Tier n-1
Tier n(Model)
Tier 1
Executable Object Code
ACG
Compiler /Linker
Soft
war
e R
equ
irem
ents
: A
s m
any
leve
ls a
s n
ece
ssar
y!
System reqs
Tests: To demonstrate the compliance of EOC to all requirements (and all levels)
39
4- P-Model-Compiler qualification
Source code
Tier n-1
Tier n(Model)
Tier 1
Executable Object Code
ACG
Compiler /Linker
Soft
war
e R
equ
irem
ents
: A
s m
any
leve
ls a
s n
ece
ssar
y!
System reqs
Only tests based on the lowest level of requirements may be alleviated by the use of a qualified ACG
40
4- P-Model-Compiler qualification
Certification credit for tests is based on the thoroughness of the Tool Operational Verification and Validation process:
But, equivalent only if ...
Inputs: (1) all the allowed elements,
(2) an acceptable degree of combination
(3) the size and complexity limits.
Outputs: All possible statements that may be generated
EOC generation: Same compiler/linker, same setup.
41
4- P-Model-Compiler qualification
Possible user adaptations Why ? - New input: Model formalism - New output: Other source code language But also - Scope extension of a Model: e.g new symbols - Source code generation: e.g. performances, Interfaces
42
4- P-Model-Compiler qualification
43
Possible user adaptations: Possible new elementary tool - Elementary tool: Processes up to the developer
- P-Model-Compiler TOR and integration to be re-entered
- P-Model Operational Verification and validation to be performed
2- P Project challenges
New Importer
New Code generator
44
Possible user adaptations: Elementary tool improvements - Changes: In application of existing processes
- P-Model-Compiler TOR and integration to be re-entered
- P-Model Operational Verification and validation to be performed
2- P Project challenges
Possible support from consortium partners