lecture 14 01 02 2016 concluding remarks
play

Lecture 14 (01.02.2016) Concluding Remarks Christoph Lth Jan - PowerPoint PPT Presentation

Feb 22, 2024 •374 likes •767 views

Systeme Hoher Sicherheit und Qualitt Universitt Bremen WS 2015/2016 Lecture 14 (01.02.2016) Concluding Remarks Christoph Lth Jan Peleska Dieter Hutter Where are we? 01: Concepts of Quality 02: Legal Requirements: Norms and

  1. Systeme Hoher Sicherheit und Qualität Universität Bremen WS 2015/2016 Lecture 14 (01.02.2016) Concluding Remarks Christoph Lüth Jan Peleska Dieter Hutter

  2. Where are we? ◮ 01: Concepts of Quality ◮ 02: Legal Requirements: Norms and Standards ◮ 03: The Software Development Process ◮ 04: Hazard Analysis ◮ 05: High-Level Design with SysML ◮ 06: Formal Modelling with SysML and OCL ◮ 07: Detailed Specification with SysML ◮ 08: Testing ◮ 09: Program Analysis ◮ 10: Foundations of Software Verification ◮ 11: Verification Condition Generation ◮ 12: Semantics of Programming Languages ◮ 13: Model-Checking ◮ 14: Conclusions and Outlook SSQ, WS 15/16 2 [23]

  3. Introductive Summary ◮ This lecture series was about developing systems of high quality and high safety. ◮ Quality is measured by quality criteria, which guide improvement of the development process. It is basically an economic criterion. ◮ Safety is “freedom from unacceptable risks”. It is a technical criterion. ◮ Both high quality and safety can be achieved by the means described in this lecture series. ◮ Moreover, there is the legal situation: the machinery directive and other laws require (indirectly) you use these techniques where appropriate. This is why these lectures are so important: disregarding this state of the art may make you personally liable. SSQ, WS 15/16 3 [23]

  4. Quality in the Software Development Process ◮ Hazard analysis SSQ, WS 15/16 4 [23]

  5. Quality in the Software Development Process ◮ Hazard analysis ◮ High-level design ◮ SysML, structural diagrams SSQ, WS 15/16 4 [23]

  6. Quality in the Software Development Process ◮ Hazard analysis ◮ High-level design ◮ SysML, structural diagrams ◮ Formal Modelling ◮ SysML and OCL SSQ, WS 15/16 4 [23]

  7. Quality in the Software Development Process ◮ Hazard analysis ◮ High-level design ◮ SysML, structural diagrams ◮ Formal Modelling ◮ SysML and OCL ◮ Detailed Specification ◮ SysML, behavioural diagrams SSQ, WS 15/16 4 [23]

  8. Quality in the Software Development Process ◮ Hazard analysis ◮ High-level design ◮ SysML, structural diagrams ◮ Formal Modelling ◮ SysML and OCL ◮ Detailed Specification ◮ SysML, behavioural diagrams ◮ Semantics of Programming Languages SSQ, WS 15/16 4 [23]

  9. Quality in the Software Development Process ◮ Hazard analysis ◮ High-level design ◮ SysML, structural diagrams ◮ Formal Modelling ◮ SysML and OCL ◮ Detailed Specification ◮ SysML, behavioural diagrams ◮ Testing ◮ Semantics of Programming Languages SSQ, WS 15/16 4 [23]

  10. Quality in the Software Development Process ◮ Hazard analysis ◮ High-level design ◮ SysML, structural diagrams ◮ Formal Modelling ◮ SysML and OCL ◮ Detailed Specification ◮ SysML, behavioural diagrams ◮ Testing ◮ Static Program Analysis ◮ Semantics of Programming Languages SSQ, WS 15/16 4 [23]

  11. Quality in the Software Development Process ◮ Hazard analysis ◮ High-level design ◮ SysML, structural diagrams ◮ Formal Modelling ◮ SysML and OCL ◮ Detailed Specification ◮ SysML, behavioural diagrams ◮ Testing ◮ Static Program Analysis ◮ Floyd-Hoare Logic ◮ Semantics of Programming Languages SSQ, WS 15/16 4 [23]

  12. Quality in the Software Development Process ◮ Hazard analysis ◮ High-level design ◮ SysML, structural diagrams ◮ Formal Modelling ◮ SysML and OCL ◮ Detailed Specification ◮ SysML, behavioural diagrams ◮ Testing ◮ Static Program Analysis ◮ Floyd-Hoare Logic ◮ Semantics of Programming Languages ◮ Model-Checking SSQ, WS 15/16 4 [23]

  13. Examples of Formal Methods in Practice ◮ Hardware verification: ◮ Intel: formal verification of microprocessors ◮ Infineon: equivalence checks ◮ Software verification (research projects): ◮ Verisoft — Microsoft Hyper-V (VCC) ◮ L4.verified — NICTA, Australia (Isabelle) ◮ Tools used in industry (excerpt): ◮ AbsInt tools: aiT, Astrée, CompCert (C) ◮ SPARK tools (Ada) ◮ SCADE (MatLab/Simulink) ◮ UPAALL, Spin, FDR2, other model checkers SSQ, WS 15/16 5 [23]

  14. SSQ at University of Bremen ◮ AG BS (Prof. Jan Peleska): Testing, abstract interpretation. ◮ Strong industrial links to aerospace and railway industry, spin-off (Verified Systems) ◮ DFKI CPS and AG RA (Profs. Rolf Drechsler, Dieter Hutter, Christoph Lüth): ◮ Strong industrial links: Infineon, Intel, NXP ◮ Hardware and system verification ◮ Software verification ◮ Security ◮ Further application areas: robotics and AAL ◮ SyDe Graduate College (University of Bremen, DFKI, DLR) ◮ Includes more application areas: Space, robotics, real-time image processing SSQ, WS 15/16 6 [23]

  15. Questions SSQ, WS 15/16 7 [23]

  16. Lecture 01: Concepts of quality ◮ What is quality? What are quality criteria? ◮ What could be useful quality criteria? ◮ What is the conceptual difference between ISO 9001 and CMM? SSQ, WS 15/16 8 [23]

  17. Lecture 02: Concepts of Safety and Security ◮ What is safety? ◮ Norms and Standards: ◮ Legal situation ◮ What is the machinery directive? ◮ Norm landscape: First, second, third-tier norms ◮ Important norms: IEC 61508, ISO 26262, DIN EN 50128, DO-178B, ISO 15408 ◮ Risk analysis: ◮ What is a SIL? Target SIL? ◮ How do we obtain a SIL? What does it mean for the development? SSQ, WS 15/16 9 [23]

  18. Lecture 03: Quality of the Software Development Process ◮ Which software development models did we encounter? SSQ, WS 15/16 10 [23]

  19. Lecture 03: Quality of the Software Development Process ◮ Which software development models did we encounter? ◮ Waterfall, spiral, agile, MDD, V-model: ◮ How does it work? ◮ What are the advantages and disadvantages? ◮ Which models are appropriate for safety-critical developments? ◮ What are the typical artefacts (and where do they occur)? ◮ Formal software development: ◮ What is it, and how does it work? ◮ How can we define properties, what kind of properties are there, how are they defined? ◮ Development structure: horizontal vs. vertical, layers and views SSQ, WS 15/16 10 [23]

  20. Lecture 04: Hazard Analysis ◮ What is hazard analysis? ◮ Where (in the development process) is it used? ◮ Basic approaches: bottom-up vs. top-down, and what do they mean? ◮ Which methods did we encounter? SSQ, WS 15/16 11 [23]

  21. Lecture 04: Hazard Analysis ◮ What is hazard analysis? ◮ Where (in the development process) is it used? ◮ Basic approaches: bottom-up vs. top-down, and what do they mean? ◮ Which methods did we encounter? ◮ FMEA, FTA, Event traces — how do they work, advantages/disadvantages? ◮ What are the prime verification techniques? SSQ, WS 15/16 11 [23]

  22. Lecture 05: High-level Design ◮ High-level specification and modelling: ◮ What is it, where in the development process does it take place, what formalisms are useful? SSQ, WS 15/16 12 [23]

  23. Lecture 05: High-level Design ◮ High-level specification and modelling: ◮ What is it, where in the development process does it take place, what formalisms are useful? ◮ What is SysML? How does it relate to UML? ◮ Basic elements of SysML used for high-level design: SSQ, WS 15/16 12 [23]

  24. Lecture 05: High-level Design ◮ High-level specification and modelling: ◮ What is it, where in the development process does it take place, what formalisms are useful? ◮ What is SysML? How does it relate to UML? ◮ Basic elements of SysML used for high-level design: ◮ Structural diagrams: ◮ Package diagram ◮ Block definition diagram (describes classes, class diagram) ◮ Internal block diagrams (describes instances of blocks, flow specifications) ◮ Parametric diagram (equational modelling) SSQ, WS 15/16 12 [23]

  25. Lecture 06: Formal Modelling with SysML and OCL ◮ What is OCL? ◮ A specification language for UML/SysML models ◮ Characteristics: pure and typed ◮ What can we use it for? ◮ Invariants on classes and types ◮ Pre- and postconditions on operations and methods ◮ OCL types: ◮ Basic types: Boolean, Integer, Real, String; OclAny, OclType, OclVoid ◮ Collection types: Sequence, Bag,OrderdedSet, Set ◮ Model types ◮ Logic: three-valued Kleene logic SSQ, WS 15/16 13 [23]

  26. Lecture 07: Detailed Specification ◮ What is detailed specification? ◮ Specification of single modules — „last“ level before code ◮ What elements are used in specification? ◮ SysML behavioural diagrams: ◮ State diagrams (hierarchical finite state machines) ◮ Activity diagrams (flow charts) ◮ Sequence diagrams (message sequence charts) ◮ Use-case diagrams SSQ, WS 15/16 14 [23]

  27. Lecture 08: Testing ◮ What is testing, and what are the aims? What can it achieve, what not? ◮ What are test elevels? ◮ What is a black-box test? How are test cases chosen? ◮ What is a white-box test? ◮ What is the control-flow graph of a program? ◮ What kind of coverages are there, and how are they defined? SSQ, WS 15/16 15 [23]

  28. Lecture 09: Static Program Analysis ◮ Is what? Where in the development process is it used? What is the difference to testing? ◮ What is the basic problem, and how is circumvented? ◮ What does it mean when we say an analysis is sound, or safe? ◮ What are false positives? ◮ Did we consider inter- or intraprocedural analysis? ◮ What examples for forward/backward analysis did we encounter? SSQ, WS 15/16 16 [23]

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Concluding remarks Matteo Guainazzi ( ) ASTRO-H Science Operation

Concluding remarks Matteo Guainazzi ( ) ASTRO-H Science Operation

Concluding remarks Matteo Guainazzi ( ) ASTRO-H Science Operation Team, ISAS/JAXA & ESAC/ESA) A lovely thing to see: through the paper window's hole, the Galaxy. Issa (1762-1826) Concluding

474 views • 30 slides
SOCIAL SECURITY AND ACC Concluding remarks for The ACC Debate: How Do We Pay for ACC? ,

SOCIAL SECURITY AND ACC Concluding remarks for The ACC Debate: How Do We Pay for ACC? ,

SOCIAL SECURITY AND ACC Concluding remarks for The ACC Debate: How Do We Pay for ACC? , sponsored by the ACC Group and the Retirement Policy and research Centre, The University of Auckland. 15 December 2009, Auckland. Brian Easton 0

315 views • 3 slides
Concluding remarks Franoise Genova Insight on the evolution from pathfinders to ESFRIs (from

Concluding remarks Franoise Genova Insight on the evolution from pathfinders to ESFRIs (from

Concluding remarks Franoise Genova Insight on the evolution from pathfinders to ESFRIs (from experiments to observatories) data/alerts getting public, a cultural evolution for the astroparticle community A good view of how Research

431 views • 8 slides
On Delegation and Concluding remarks Workflow Execution Models Questions Jason Crampton

On Delegation and Concluding remarks Workflow Execution Models Questions Jason Crampton

Introduction WDEM UDEM On Delegation and Concluding remarks Workflow Execution Models Questions Jason Crampton Hemanth Khambhammettu Information Security Group Royal Holloway, University of London SAC 2008 One-Page Overview

575 views • 26 slides
Concluding Remarks Information and Statistics in Nuclear Experiment and Theory #3 ECT*, Trento,

Concluding Remarks Information and Statistics in Nuclear Experiment and Theory #3 ECT*, Trento,

Concluding Remarks Information and Statistics in Nuclear Experiment and Theory #3 ECT*, Trento, 16-20 November 2015 Witold Nazarewicz (MSU) ORNL Crea*ve Media hRps://en.wikiquote.org/wiki/Sta*s*cs "There are three kinds of lies: lies,

353 views • 16 slides
COMPANY PRESENTATION MAY 2018 AGENDA 1. OVERVIEW 2. VALUE PROPOSAL 3. CONCLUDING REMARKS

COMPANY PRESENTATION MAY 2018 AGENDA 1. OVERVIEW 2. VALUE PROPOSAL 3. CONCLUDING REMARKS

BofAML EM CORPORATE CREDIT CONFERENCE COMPANY PRESENTATION MAY 2018 AGENDA 1. OVERVIEW 2. VALUE PROPOSAL 3. CONCLUDING REMARKS 2 Company overview Leading position in Chile & Peru THE COMPANY Installed Capacity Ownership Market

601 views • 35 slides
Concluding Remarks Overview Background Summarized security issues in ROS1

Concluding Remarks Overview Background Summarized security issues in ROS1

Concluding Remarks Overview Background Summarized security issues in ROS1 Related Work What prior approaches have been proposed Current Work Present development for SROS2 Future Work TODOs and action

429 views • 20 slides
Agent-Based Systems Michael Rovatsos mrovatso@inf.ed.ac.uk Lecture 15 Summary and Concluding

Agent-Based Systems Michael Rovatsos mrovatso@inf.ed.ac.uk Lecture 15 Summary and Concluding

Agent-Based Systems Agent-Based Systems Michael Rovatsos mrovatso@inf.ed.ac.uk Lecture 15 Summary and Concluding Remarks 1 / 19 Agent-Based Systems Lessons learnt Course served as an introduction to the area of agents and multiagent

429 views • 19 slides
T HE R OLE OF BEKP S TRENGTH ON ITS M ARKET S HARE Paulo Csar Pavan 1 CONCLUDING REMARKS

T HE R OLE OF BEKP S TRENGTH ON ITS M ARKET S HARE Paulo Csar Pavan 1 CONCLUDING REMARKS

T HE R OLE OF BEKP S TRENGTH ON ITS M ARKET S HARE Paulo Csar Pavan 1 CONCLUDING REMARKS Sharing with you our understanding: There is a slow but increasing demand for a higher BEKP strength, dependent on the paper grade. BEKP producers and

417 views • 37 slides
Theory of Computer Games: Concluding Remarks Tsan-sheng Hsu tshsu@iis.sinica.edu.tw

Theory of Computer Games: Concluding Remarks Tsan-sheng Hsu tshsu@iis.sinica.edu.tw

Theory of Computer Games: Concluding Remarks Tsan-sheng Hsu tshsu@iis.sinica.edu.tw http://www.iis.sinica.edu.tw/~tshsu 1 Abstract Practical issues. The open book. The endgame database. Smart usage of resources. Time

811 views • 60 slides
Theory of Computer Games: Concluding Remarks Tsan-sheng Hsu tshsu@iis.sinica.edu.tw

Theory of Computer Games: Concluding Remarks Tsan-sheng Hsu tshsu@iis.sinica.edu.tw

Theory of Computer Games: Concluding Remarks Tsan-sheng Hsu tshsu@iis.sinica.edu.tw http://www.iis.sinica.edu.tw/~tshsu 1 Abstract Introducing practical issues. The open book. The graph history interaction (GHI) problem. Smart

884 views • 28 slides
Theory of Computer Games: Concluding Remarks Tsan-sheng Hsu tshsu@iis.sinica.edu.tw

Theory of Computer Games: Concluding Remarks Tsan-sheng Hsu tshsu@iis.sinica.edu.tw

Theory of Computer Games: Concluding Remarks Tsan-sheng Hsu tshsu@iis.sinica.edu.tw http://www.iis.sinica.edu.tw/~tshsu 1 Abstract Introducing practical issues. The open book. The graph history interaction (GHI) problem. Smart

508 views • 21 slides
Theory of Computer Games: Concluding Remarks Tsan-sheng Hsu tshsu@iis.sinica.edu.tw

Theory of Computer Games: Concluding Remarks Tsan-sheng Hsu tshsu@iis.sinica.edu.tw

Theory of Computer Games: Concluding Remarks Tsan-sheng Hsu tshsu@iis.sinica.edu.tw http://www.iis.sinica.edu.tw/~tshsu 1 Abstract Practical issues. The open book. The endgame database. Smart usage of resources. Time

705 views • 52 slides
Concluding Remarks Lawrence Jones University of Michigan It has been a pleasure to be here

Concluding Remarks Lawrence Jones University of Michigan It has been a pleasure to be here

Concluding Remarks Lawrence Jones University of Michigan It has been a pleasure to be here again (my 11 th Vulcano Workshop), to see many old friends and to make new friends; to climb the vulcano, weim and to enjoy the comforts of the

420 views • 7 slides
Concluding remarks Keith Ellis - Fermilab "From a long view of the history of mankind - seen

Concluding remarks Keith Ellis - Fermilab "From a long view of the history of mankind - seen

Concluding remarks Keith Ellis - Fermilab "From a long view of the history of mankind - seen from, say, ten thousand years from now - there can be little doubt that the most significant event of the 19th century will be judged as Maxwell's

630 views • 44 slides
Kings Fund concluding remarks Professor Chloe Orkin Consultant Physician in HIV Medicine

Kings Fund concluding remarks Professor Chloe Orkin Consultant Physician in HIV Medicine

Kings Fund concluding remarks Professor Chloe Orkin Consultant Physician in HIV Medicine Barts Health NHS Trust Future of HIV services Delivering HIV care (2017): some challenges for health professionals Sharing NHS records with

733 views • 25 slides
Computer-aided cryptographic proofs Gilles Barthe IMDEA Software Institute, Madrid, Spain July

Computer-aided cryptographic proofs Gilles Barthe IMDEA Software Institute, Madrid, Spain July

Computer-aided cryptographic proofs Gilles Barthe IMDEA Software Institute, Madrid, Spain July 18, 2014 Motivation Cryptography is a small but important part of security Proofs are a small but important part of cryptography Hard to

402 views • 17 slides
Dependent Type Theory of Stateful Higher-Order Functions Aleksandar Nanevski Harvard University

Dependent Type Theory of Stateful Higher-Order Functions Aleksandar Nanevski Harvard University

Dependent Type Theory of Stateful Higher-Order Functions Aleksandar Nanevski Harvard University joint with Greg Morrisett and Lars Birkedal TYPES 2006, Nottingham April 20, 2006 Dependent Type Theory of Stateful Higher-Order Functions p.

625 views • 44 slides
Separation Logic for Weak Consistency PLMW15 Viktor Vafeiadis Max Planck Institute for

Separation Logic for Weak Consistency PLMW15 Viktor Vafeiadis Max Planck Institute for

Separation Logic for Weak Consistency PLMW15 Viktor Vafeiadis Max Planck Institute for Software Systems (MPI-SWS) 14 January 2015 Sequential consistency Sequential consistency (SC): The standard model for concurrency. Interleave

375 views • 21 slides
Proving Copyless Message Passing Jules Villard 1 tienne Lozes 1 Cristiano Calcagno 2 1 LSV, ENS

Proving Copyless Message Passing Jules Villard 1 tienne Lozes 1 Cristiano Calcagno 2 1 LSV, ENS

Proving Copyless Message Passing Jules Villard 1 tienne Lozes 1 Cristiano Calcagno 2 1 LSV, ENS Cachan, CNRS 2 Imperial College, London ANR PANDA Sept. 10 PPS Outline Copyless Message Passing Language Highlights Contracts Local

1.08k views • 60 slides
Program Construction and Reasoning Shin-Cheng Mu Institute of Information Science, Academia

Program Construction and Reasoning Shin-Cheng Mu Institute of Information Science, Academia

Program Construction and Reasoning Shin-Cheng Mu Institute of Information Science, Academia Sinica, Taiwan 2010 Formosan Summer School on Logic, Language, and Computation June 28 July 9, 2010 . . . . . . 1 / 97 Introduction: On

1.84k views • 160 slides
Principles for Value Annotation Languages Bjrn Lisper School of Innovation, Design, and

Principles for Value Annotation Languages Bjrn Lisper School of Innovation, Design, and

Principles for Value Annotation Languages Bjrn Lisper School of Innovation, Design, and Engineering Mlardalen University bjorn.lisper@mdh.se July 8, 2014 WCET Workshop 2014 Introduction WCET analysis tools require many kinds of

434 views • 19 slides
Verifying Graph Transformation Systems with Description Logics Jon H. Brenas 1 , Rachid Echahed 2

Verifying Graph Transformation Systems with Description Logics Jon H. Brenas 1 , Rachid Echahed 2

Verifying Graph Transformation Systems with Description Logics Jon H. Brenas 1 , Rachid Echahed 2 and Martin Strecker 3 1 UTHSC - ORNL, University of Memphis, Tennessee, USA 2 CNRS and Universit e Grenoble Alpes, Grenoble, France 3 Universit

976 views • 59 slides
Computer-Aided Privacy Proofs C esar Kunz Joint work with Gilles Barthe, Benjamin Gr

Computer-Aided Privacy Proofs C esar Kunz Joint work with Gilles Barthe, Benjamin Gr

Computer-Aided Privacy Proofs C esar Kunz Joint work with Gilles Barthe, Benjamin Gr egoire, Santiago Zanella-B eguelin 2012.07.10 Provable Privacy Workshop 2012 Privacy for Statistical Databases Privacy for Statistical Databases

721 views • 23 slides

More recommend