ada or how to enforce safety rules at compile time
play

Ada, or How to Enforce Safety Rules at Compile Time Jean-Pierre - PowerPoint PPT Presentation

Sep 28, 2022 •224 likes •321 views

Ada, or How to Enforce Safety Rules at Compile Time Jean-Pierre Rosen Adalog www.adalog.fr Safety Integrity Levels and Segregation Railway systems: EN-50128 defines 5 integrity levels From SIL0 (not critical) to SIL4 (highest

  1. Ada, or How to Enforce Safety Rules at Compile Time Jean-Pierre Rosen Adalog www.adalog.fr

  2. Safety Integrity Levels and Segregation ● Railway systems: EN-50128 defines 5 “integrity levels” ➢ From SIL0 (not critical) to SIL4 (highest criticality) ➢ Constraints (and costs!) increase with SIL level ● Mixed criticality systems: ➢ Same computer running various criticality applications ➢ Same application with various criticality components ● How to make sure that unsafe components do not alter safe ones? ➢ Validate all components at highest level (expensive!) ➢ Hardware protection ➢ Proofs hardware Segregation software

  3. Segregation Requirements ● Components based architecture with only two levels: SIL0 (not certified) and SIL4 (certified) components ● Data ➢ Data can be passed from SIL0 to SIL4 Deemed unreliable, SIL4 access must go through special gateways to check ● validity ➢ No direct access of SIL4 data by SIL0 components ● Components ➢ Some components are not by themselves SIL4, but may be called by SIL0 as well as SIL4 components Classified as SIL4 ● ➢ SIL0 components shall not call other SIL4 components ➢ SIL4 components shall call SIL0 components only through special isolation components

  4. Child Unit and Visibility ● A package can be a child of another package (the parent ) ➢ Public child package Parent.Child is ... ● ➢ Private child private package Parent.Child is … ● ● A public child can be used by outer components ➢ But it has no visible access to the parent’s private part ● A private child can be used only by its parent and siblings (subsystem rooted at the parent) ➢ But it has visibility on the parent’s private part

  5. Structure Public Private child unit/child Safe_Components Unsafe_Components Shared_Services Data X-Memory Data Safe_1 Safe_2 Unsafe_1 Unsafe_2

  6. Structure Public Private child unit/child Safe_Components Unsafe_Components Shared_Services Data X-Memory Data Safe_1 Safe_2 Unsafe_1 Unsafe_2

  7. Other Checks ● Prevent users from cheating with the rules ! ➢ Requires static analysis ● Use of AdaControl ➢ Free tool provided by Adalog : www.adacontrol.fr ● Ensures : ➢ No unchecked programming Can’t be hidden in Ada ● ➢ No removal of language checks, including in SIL0 components ➢ No visible variable in package specifications

  8. Achievements ● Criticality of a component is immediately identifiable from its full name ➢ The name defines applicable rules ➢ Cross-criticality accessors are easily identified ● The most important rules of segregation are enforced by proper usage of language features ➢ Violations don't compile! ● Simple static analysis demonstrates that there is no cheating with the rules Name another language that can achieve that...

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

LLVM Compile Time. Challenges. Improvements. Outlook. Michael Zolotukhin, Apple Agenda

LLVM Compile Time. Challenges. Improvements. Outlook. Michael Zolotukhin, Apple Agenda

LLVM Compile Time. Challenges. Improvements. Outlook. Michael Zolotukhin, Apple Agenda Benchmarking and tracking Historical findings Future work Tools and tricks Compile Time Trend O0-g Os O3 1.5x Compile Time

702 views • 52 slides
A New Architecture for Building Software Daniel Dunbar Overview Compile time How

A New Architecture for Building Software Daniel Dunbar Overview Compile time How

A New Architecture for Building Software Daniel Dunbar Overview Compile time How software is built llbuild A new architecture Compile Time Clang & Compile Times Designed to be a fast compiler Tuned lex & parse

917 views • 44 slides
Sa Safety Rules Reminders 1. Take your time doing your experiment. 2. Wash your hands when the

Sa Safety Rules Reminders 1. Take your time doing your experiment. 2. Wash your hands when the

Sa Safety Rules Reminders 1. Take your time doing your experiment. 2. Wash your hands when the class ends. 3. No horseplay, but its ok to have fun. 4. No cell phones, put away phone and ear buds. 5. Know where safety items are located.

582 views • 27 slides
1 Key Issues Reference Counting Idea For both for each heap allocated object, maintain

1 Key Issues Reference Counting Idea For both for each heap allocated object, maintain

Garbage Collection Background Last time Static allocation: variables are bound to storage at compile-time Compiling Object-Oriented Languages pros: easy to implement cons: no recursion, data structure sizes are compile-time

260 views • 8 slides
Ultimate Architecture Enforcement Write Your Own Rules and Enforce Them Continuously SATURN May

Ultimate Architecture Enforcement Write Your Own Rules and Enforce Them Continuously SATURN May

Ultimate Architecture Enforcement Write Your Own Rules and Enforce Them Continuously SATURN May 2017 Paulo Merson Brazilian Federal Court of Accounts Agenda Architecture conformance Custom checks lab Sonarqube Custom checks at TCU Lessons

776 views • 54 slides
Automatic Memory Management Storage Allocation Static Allocation Bind names at compile

Automatic Memory Management Storage Allocation Static Allocation Bind names at compile

Automatic Memory Management Storage Allocation Static Allocation Bind names at compile time Pros: Fast (no run time allocation, no indirection) Safety : memory requirements known in advance Cons: Sizes must be

417 views • 14 slides
CONSUMER S SAFETY ON IMPORT ASEM meeting - Prague Non Food/Food Food Safety Rules Product

CONSUMER S SAFETY ON IMPORT ASEM meeting - Prague Non Food/Food Food Safety Rules Product

Customs Administration of the Czech Republic CONSUMER S SAFETY ON IMPORT ASEM meeting - Prague Non Food/Food Food Safety Rules Product Safety Rules Product Safety Product Safety Rules EU Reg. 765/2008 setting out the requirements for

604 views • 32 slides
M OBILE C OMPUTING Syntax Errors Violate language rules program won't compile Source:

M OBILE C OMPUTING Syntax Errors Violate language rules program won't compile Source:

Excep&ons EECS1012 M OBILE C OMPUTING Syntax Errors Violate language rules program won't compile Source: programmer Defense: modern IDEs expose these Run&me Errors Make an invalid opera?on program will crash Source:

196 views • 3 slides
May 12: Information Flow Static (compile-time) mechanisms Dynamic (run-time) mechanisms

May 12: Information Flow Static (compile-time) mechanisms Dynamic (run-time) mechanisms

May 12: Information Flow Static (compile-time) mechanisms Dynamic (run-time) mechanisms May 12, 2017 ECS 235B Spring Quarter 2017 Slide #1 Array Elements Information flowing out: ... := a [ i ] Value of i , a [ i ] both affect

1.12k views • 40 slides
Compile-time type transformation Meeting C++ 2019, Berlin dr Ivan uki KDAB

Compile-time type transformation Meeting C++ 2019, Berlin dr Ivan uki KDAB

Compile-time type transformation Meeting C++ 2019, Berlin dr Ivan uki KDAB ivan.cukic@kdab.com, ivan@cukic.co https://kdab.com, https://cukic.co Slow introduction Compile-time Meta information Generation The End About me KDAB senior

1.34k views • 95 slides
Rules and Regulations for Dam Safety and Dam Construction Rules Hearing Presentation 1313 S

Rules and Regulations for Dam Safety and Dam Construction Rules Hearing Presentation 1313 S

Rules and Regulations for Dam Safety and Dam Construction Rules Hearing Presentation 1313 S herman S treet, Rm 814 Denver, CO November 6, 2019 Bill McCormick, P .E., P .G. and Jason Ward, PhD, P .E. Colorado Dam S afety Out line for

843 views • 34 slides
HOMEOWNER INFORMATION MEETING PROPERTY MANAGEMENT Manage common elements Enforce

HOMEOWNER INFORMATION MEETING PROPERTY MANAGEMENT Manage common elements Enforce

HOMEOWNER INFORMATION MEETING PROPERTY MANAGEMENT Manage common elements Enforce Declaration, By-Laws and Rules as directed by Board of Directors Provide financial, administration, customer service and 24-hour emergency service

808 views • 36 slides
New Hampshire State Police Marine Patrol MARINE PATROL STATUTORY REQUIREMENTS Enforce NH

New Hampshire State Police Marine Patrol MARINE PATROL STATUTORY REQUIREMENTS Enforce NH

New Hampshire State Police Marine Patrol MARINE PATROL STATUTORY REQUIREMENTS Enforce NH Boating Laws and Rules Provide Education to Recreational Boaters Maintain Aids to Navigation Powers on all Bodies of Water 10 Acres + All

493 views • 33 slides
On the Effectiveness of Kernel Debloating via Compile-time Configuration Mansour Alharthi, Hong

On the Effectiveness of Kernel Debloating via Compile-time Configuration Mansour Alharthi, Hong

On the Effectiveness of Kernel Debloating via Compile-time Configuration Mansour Alharthi, Hong Hu, Hyungon Moon, Taesoo Kim The problem of bloated software High complexity: more vulnerabilities Unused interfaces: an attacker can use

720 views • 25 slides
Safety Presentation What is the Purpose of Laboratory Safety Training? Regulatory Compliance

Safety Presentation What is the Purpose of Laboratory Safety Training? Regulatory Compliance

Laboratory Safety Presentation What is the Purpose of Laboratory Safety Training? Regulatory Compliance Washington Industrial Safety & Health Act of 1973 Empowered the state to enforce safety & health regulations, which must

697 views • 41 slides
Selection Rules: Selection Rules Each of the spectroscopies have associated selection

Selection Rules: Selection Rules Each of the spectroscopies have associated selection

Selection Rules: Selection Rules Each of the spectroscopies have associated selection rules. Selection rules originate from the quantum mechanical description of electromagnetic radiation interaction with matter. Use time-dependent

424 views • 13 slides
Mastering the game of Go with deep neural networks and tree search Nature, Jan, 2016 Roadmap

Mastering the game of Go with deep neural networks and tree search Nature, Jan, 2016 Roadmap

Mastering the game of Go with deep neural networks and tree search Nature, Jan, 2016 Roadmap What this paper is about? Deep Learning Search problem How to explore a huge tree (graph) AlphaGo Video

556 views • 51 slides
The natural emergence of the SFR-H2 surface density relation in galaxy simulations Alessandro

The natural emergence of the SFR-H2 surface density relation in galaxy simulations Alessandro

The natural emergence of the SFR-H2 surface density relation in galaxy simulations Alessandro Lupi (Institut dAstrophysique de Paris) THE ROLE OF GAS IN GALAXY DYNAMICS with: S. Bovino, P. R. Capelo, M. Volonteri, J. Silk October 2nd, 2017

542 views • 14 slides
Energy-Efficient Management of Virtual Machines in Data Centers for Cloud Computing Anton

Energy-Efficient Management of Virtual Machines in Data Centers for Cloud Computing Anton

H EURISTICS M ARKOV H OST O VERLOAD D ETECTION I MPLEMENTATION C ONCLUSIONS Energy-Efficient Management of Virtual Machines in Data Centers for Cloud Computing Anton Beloglazov Supervisor: Prof. Rajkumar Buyya The Cloud Computing and

995 views • 87 slides
Inference and Optimalities in Estimation of Gaussian Graphical Model Harrison H. Zhou Department

Inference and Optimalities in Estimation of Gaussian Graphical Model Harrison H. Zhou Department

Inference and Optimalities in Estimation of Gaussian Graphical Model Harrison H. Zhou Department of Statistics Yale University Jointly with Zhao Ren, Tingni Sun and Cun-Hui Zhang 1 Outline Introduction Main Results Asymptotic

509 views • 27 slides
CPU Scheduling Schedulers in the OS Structure of a CPU Scheduler Scheduling =

CPU Scheduling Schedulers in the OS Structure of a CPU Scheduler Scheduling =

CPSC 410 / 611 : Operating Systems CPU Scheduling Schedulers in the OS Structure of a CPU Scheduler Scheduling = Selection + Dispatching Criteria for scheduling Scheduling Algorithms FIFO/FCFS SPF / SRTF

342 views • 16 slides
In-medium QQ potential from lattice QCD & the generalized Gauss-law Alexander Rothkopf

In-medium QQ potential from lattice QCD & the generalized Gauss-law Alexander Rothkopf

In-medium QQ potential from lattice QCD & the generalized Gauss-law Alexander Rothkopf Faculty of Science and Technology Department of Mathematics and Physics University of Stavanger References : P. Petreczky, A.R., J. Weber, NPA982

955 views • 66 slides
production environment Yahoo! Chiebukuro (a CQA service of Yahoo! Japan) Task Given a

production environment Yahoo! Chiebukuro (a CQA service of Yahoo! Japan) Task Given a

Overview of the NTCIR-13 O penLive Q Task Makoto P. Kato, Takehiro Yamamoto (Kyoto University) , Sumio Fujita, Akiomi Nishida, Tomohiro Manabe (Yahoo Japan Corporation) Agenda Task Design (3 slides) Data (5 slides) Evaluation

531 views • 30 slides
Protein Structure Bioinformatics Introduction Basel, 27. September 2004 Biozentrum -

Protein Structure Bioinformatics Introduction Basel, 27. September 2004 Biozentrum -

1 Swiss Institute of Bioinformatics Protein Structure Bioinformatics Introduction Basel, 27. September 2004 Biozentrum - Universitt Basel Swiss Institute of Bioinformatics Torsten Schwede Klingelbergstr 50-70 CH - 4056 Basel, Switzerland

603 views • 33 slides

More recommend