towards the qualification of open-source code …acg-solutions.fr › acg › wp-content › uploads...

Towards the qualification of open-source

code generators

Frédéric POTHON - ACG Solutions

[email protected] Tel: (33)4. 67. 609.487

www.acg-solutions.fr

Matteo BORDIN - Adacore

[email protected] Tel: (33)1. 49.70.67.16

www.adacore.com

mailto:[email protected]





Towards the qualification of open-source code generators : Agenda

1. P Project presentation

2. P Project challenges

3. Impact of DO-330/ED-215 principles

4.P Model-Compiler qualification

2

Background: Gene-Auto

“An Automatic Code Generator for a safe subset of Simulink/Stateflow and Scicos”

• Duration : 3 years from January 2006 • Countries : Belgium, Estonia, France, Israel • Partners: Industrial (”users”), ”suppliers”, SME’s Research Institutes and

Universities • Domain: Space, Automotive and Avionics • Free license

http://geneauto.gforge.enseeiht.fr/

3

1- P Project presentation

New project : “P” (FUI 2011)

“A qualify-able Code generation chain, under free license, based on open standard of interoperability”


New project : “P” (FUI 2011)

“A qualify-able Code generation chain, under free license, based on open standard of interoperability”

5

• To treat in a coherent way relevant subsets of Modeling languages (functional and Architecture) such as Simulink, Stateflow, Xcos, Scicos, SysML, MARTE, UML;

• To be able to produce several programming languages (Ada, C/C ++) and of synthesis ( VHDL, SystemC) as well as computers mono and multi-heart;

• Supplied with a kit of qualification primarily DO-178B / C and ECSS-E-ST-40C / Q-ST-80C (spatial) and ISO-26262 ( automobile).

• Free license

http://www.open-do.org/projects/p/


6

A dream:

“To create a line of freeware product for code generation from models similar than GCC from programming languages.”

GCC Compiler

x68

C/C++

PowerPC …

Ada …


7

GCC Compiler

x68

C/C++

PowerPC …

Ada …

P Model Compiler

Simulink Scicos …







8

How to develop such Code Generator ?

• Not a single code generator, but a code generation framework which could be instantiated by/for each users: Inputs/Outputs

• To define a suitable intermediate representation for model refinement

• This intermediate representation “a Pivot Formalism” is used to develop specific importers for Simulink, UML, AADL and specific back-ends for Ada, C and VHDL

9

2- P Project challenges

Pivot formalism

An intermediate internal representation

Code Generation

Verification

of Integration

Control algorithms Signal processing

Software architecture System and platform

System Engineer Software Engineer Automation Engineer

Model refinement & transformation

10


11

A “P Model Compiler” is designed by selecting elementary tools


12


A “P Model Compiler” is designed by selecting elementary tools

Is it really that difficult to qualify a code generator?

For DO-178B/ED-12B :

Software

Development Tool

13

DO-178B/ED-12B



For DO-178C/ED-12C and the Tool Qualification Document

Criteria 1

14

DO-178C/ED-12C

DO-330/ED-215




Yes it is

TQL-1 to 4 “equivalent” to objectives applicable to software level A to D.

- Evidences about all the development, verification, quality assurance and management processes of the tool

- Need to be aware and to apply qualification requirements since the launch of the development: Process definition and data recording.

- and often very far from those applied by tool vendors, so very difficult to qualify a COTS as a development tool

15




Yes it is

But DO-330/ED-215 provides

- A guidance directly applicable to software tools

- A section for COTS tool

- An FAQ on benefits of using a qualified code generator

16


And in our context, additional difficulties:

• Multiple Users

• Multiple Domain

• Multiple Inputs: Models formalisms, and possible several models

• Multiple Outputs: Source code languages

And more:

• To allow adaptations for each users in terms of adding new inputs models features, source code optimization ….

• To develop generic qualification data for all possible (allowed) P-Model-Compiler

• One of the first application of DO-330/ED-215 17







18

This separation facilitates reuse, COTS and further qualification after changes

3- Impact of DO-330/ED-215 principles

“Tool User” and “Tool Developer”

Qualification performed in the scope of a specific project/context

Some errors may be detected only in the user context

=> Specific Objectives for the user context

=> Tool user is responsible of the qualification

19

Two levels of requirements:

- Tool Operational Requirements describe the software life cycle needs (user context).

- Tool development processes produce one or several levels of Tool Requirements (developer context), from TOR

20


Identification of the certification credit in a software document (not tool)

Adequacy of the tool?

Not enough to verify the compliance to the requirements

“Validation” is necessary!

To ensure that the tool is compliant with the user needs (software life cycle) as described in the TOR …. or NOT!

21


User context

Developer context

Tool User and Tool Developer processes

22


Tool Operational

Verification and

Validation

process

Tool Verification process

User context

Developer context

23



24

COTS tools: A specific section : DO-330/ED-215§11.3

• What is a COTS tool:

Despite the term “Commercial” any tool develop independently

of a specific project should be assimilated to COTS tool


25

COTS tools: A specific section : DO-330/ED-215§11.3

• Guidance to qualify COTS tool:

• “Same objectives “ but there is a problem : COTS tools are

typically developed without available Tool Operational

Requirements specific to software life cycle


26

COTS tools: A two steps approach

• Pre-qualification by the Tool-Developer

• Qualification by the Tool User


27



– Developer-TQP, Developer-TAS, Developer-TCI

– Developer-TOR

– Tool Development and Tool verification performed accordingly

to this Developer-TOR.


28



– Define need for qualification and certification credit (PSAC)

– Finalization of TQP, TAS and TCI with user activities

– Assess the developer-TOR and provide additional information

in the TOR

– Assess qualification data and may provide additional data in

case of deficiencies

– Perform all « validation » activities


29



30


Tool User and Tool Developer processes (COTS)






31

32

In compliance with DO-330/ED-215 §10.3


– All pre-qualification objectives satisfied by the Consortium

(Planning, development, verification quality assurance,

configuration management)

– Allowed P-Model-Compiler identified (Combination of

Inputs/Outputs)

– Limitations and constraints on inputs identified

– Knows errors identified and analysed

– Data provided to users (Developer-TQP, Developer-TAS,

Developer-TCI as a minimum)

4- P-Model-Compiler qualification

33



– Define need for qualification and certification credit (PSAC)

1. Document provided by the Consortium to be included or

referenced in the project PSAC

2. Based on DO-330/ED-215 §1.8 – Scenario 3 application

with credit claimed on source code and tests


34



– Finalization of TQP, TAS and TCI with user activities

1. “Recommended” supplementary user activities identified

2. Activities to be performed only on the “selected” P-Model-

Compiler

3. Activities limited to the user configuration and limitations of

modelling guidelines.

4. Purpose of a template of the TQP that references the

Developer-TQP


35



– Assess the developer-TOR and provide additional information

in the TOR

1. Developer-TOR provided to the user

2. Developer-TOR develop in an easy to read format

3. Additional information/requirements are those necessary for

“validation” activity

4. Template of TOR provided that references the Developer-

TOR


36



– Assess qualification data and may provide additional data in

case of deficiencies

1. Our goal is: “No deficiencies!”

2. But known errors may exists, and impact analysis in the

scope of the project provided in TAS


37



– Perform all « validation » activities

1. TOR Validation (review): Correctness and completeness of

additional information/requirements

2. Tool Validation: To generate the code for Model Samples

with the selected P-Model-Compiler and to validate the

generated source code

3. Tool Validation: To generate the executable object code with

compiler/linker and validate its execution on “target”.


38


3. Tool Validation: To generate the executable object code with

compiler/linker and validate its execution on “target”.

Certification credit for tests is based on this activity!

Equivalent to low-level requirements based tests, performed through equivalent classes of inputs


Source code

Tier n-1

Tier n(Model)

Tier 1

Executable Object Code

ACG

Compiler /Linker

Soft

war

e R

equ

irem

ents

: A

s m

any

leve

ls a

s n

ece

ssar

y!

System reqs

Tests: To demonstrate the compliance of EOC to all requirements (and all levels)

39


Source code

Tier n-1

Tier n(Model)

Tier 1

Executable Object Code

ACG

Compiler /Linker

Soft

war

e R

equ

irem

ents

: A

s m

any

leve

ls a

s n

ece

ssar

y!

System reqs

Only tests based on the lowest level of requirements may be alleviated by the use of a qualified ACG

40


Certification credit for tests is based on the thoroughness of the Tool Operational Verification and Validation process:

But, equivalent only if ...

Inputs: (1) all the allowed elements,

(2) an acceptable degree of combination

(3) the size and complexity limits.

Outputs: All possible statements that may be generated

EOC generation: Same compiler/linker, same setup.

41


Possible user adaptations Why ? - New input: Model formalism - New output: Other source code language But also - Scope extension of a Model: e.g new symbols - Source code generation: e.g. performances, Interfaces

42


43

Possible user adaptations: Possible new elementary tool - Elementary tool: Processes up to the developer

- P-Model-Compiler TOR and integration to be re-entered

- P-Model Operational Verification and validation to be performed


New Importer

New Code generator

44

Possible user adaptations: Elementary tool improvements - Changes: In application of existing processes

- P-Model-Compiler TOR and integration to be re-entered

- P-Model Operational Verification and validation to be performed


Possible support from consortium partners

45

www.open-do.org/projects/p

Soon available to the community:

A first step towards collaborative tool qualification

Thank you for your attention!

towards the qualification of open-source code …acg-solutions.fr › acg › wp-content › uploads...

Documents