Abstract
In this article we will give an overview of the development and commercialization of two industry-strength Abstract Interpretation-based static analyzers, aiT WCET Analyzer and Astrée . We focus on development steps, adaptations to meet industry requirements and discuss criteria for a successful transfer of formal verification methods to industrial usage.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Alt, M., Ferdinand, C., Martin, F., Wilhelm, R.: Cache behavior prediction by abstract interpretation. In: Cousot, R., Schmidt, D.A. (eds.) SAS 1996. LNCS, vol. 1145, pp. 52–66. Springer, Heidelberg (1996). https://doi.org/10.1007/3-540-61739-6_33
AUTOSAR: AUTOSAR (AUTomotive Open System ARchitecture). http://www.autosar.org
Barr, M.: Bookout v. Toyota, 2005 Camry software Analysis by Michael Barr (2013). http://www.safetyresearch.net/Library/BarrSlides_FINAL_SCRUBBED.pdf
Bouissou, O., et al.: Space software validation using abstract interpretation. In: Proceedings of the 13thData Systems in Aerospace (DASIA 2009) (2009)
BS EN 50657: Railway applications - Rolling stock applications - Software on Board Rolling Stock (2017)
CENELEC EN 50128: Railway Applications - Communication, Signalling and Processing Systems - Software for Railway Control and Protection Systems (2011)
Certification Authorities Software Team (CAST): Position Paper CAST-32A Multi-core Processors (2016)
Cousot, P., Cousot, R.: Abstract interpretation: a unified lattice model for static analysis of programs by construction or approximation of fixpoints. In: Proceedings of the POPL’77, pp. 238–252. ACM Press (1977). http://www.di.ens.fr/~cousot/COUSOTpapers/POPL77.shtml. Accessed Sep 2017
Cousot, P., Cousot, R.: Static determination of dynamic properties of generalized type unions. In: Wortman, D.B. (ed.) Proceedings of an ACM Conference on Language Design for Reliable Software (LDRS), Raleigh, North Carolina, USA, 28-30 March 1977, pp. 77–94. ACM (1977). https://doi.org/10.1145/800022.808314
EASA: AMC-20 - amendment 23 - AMC 20–193 use of multi-core processors (2022)
Ferdinand, C., et al.: Reliable and precise WCET determination for a real-life processor. In: Henzinger, T.A., Kirsch, C.M. (eds.) EMSOFT 2001. LNCS, vol. 2211, pp. 469–485. Springer, Heidelberg (2001). https://doi.org/10.1007/3-540-45449-7_32
Ferdinand, C., Wilhelm, R.: Efficient and precise cache behavior prediction for real-time systems. Real-Time Syst. 17(2–3), 131–181 (1999)
Freescale Inc.: QorIQTM P4080 Communications Processor Product Brief (2008). rev. 1
Giet, J., Mauborgne, L., Kästner, D., Ferdinand, C.: Towards zero alarms in sound static analysis of finite state machines. In: Romanovsky, A., Troubitsyna, E., Bitsch, F. (eds.) SAFECOMP 2019. LNCS, vol. 11698, pp. 3–18. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-26601-1_1
IEC 61508: Functional safety of electrical/electronic/programmable electronic safety-related systems (2010)
Infineon Technologies AG: AURIXTM TC27x D-Step User’s Manual (2014)
ISO 26262: Road vehicles - Functional safety (2018)
ISO 26262: Road vehicles - Functional safety - Part 2: Management of functional safety (2018)
ISO 26262: Road vehicles - Functional safety - Part 6: Product development at the software level (2018)
Kaestner, D., Wilhelm, S., Mallon, C., Schank, S., Ferdinand, C., Mauborgne, L.: Automatic sound static analysis for integration verification of AUTOSAR software. In: WCX SAE World Congress Experience. SAE International (2023). https://doi.org/10.4271/2023-01-0591
Karos, T.: The Gauge Domain in Astrée. Master’s thesis, Saarland University (2015)
Kästner, D.: Applying abstract interpretation to demonstrate functional safety. In: Boulanger, J.L. (ed.) Formal Methods Applied to Industrial Complex Systems. ISTE/Wiley, London, UK (2014)
Kästner, D., Ferdinand, C.: Efficient verification of non-functional safety properties by abstract interpretation: timing, stack consumption, and absence of runtime errors. In: Proceedings of the 29th International System Safety Conference ISSC2011. Las Vegas (2011)
Kästner, D., Ferdinand, C.: Proving the absence of stack overflows. In: Bondavalli, A., Di Giandomenico, F. (eds.) SAFECOMP 2014. LNCS, vol. 8666, pp. 202–213. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-10506-2_14
Kästner, D., Pister, M., Gebhard, G., Schlickling, M., Ferdinand, C.: Confidence in timing. In: SAFECOMP 2013 Workshop: Next Generation of System Assurance Approaches for Safety-Critical Systems (SASSUR) (2013)
Kästner, D., et al.: Model-driven code generation and analysis. In: SAE World Congress 2014. SAE International (2014). https://doi.org/10.4271/2014-01-0217
Kästner, D., et al.: Meeting real-time requirements with multi-core processors. SAFECOMP 2012 Workshop: Next Generation of System Assurance Approaches for Safety-Critical Systems (SASSUR) (2012)
Kästner, D., et al.: Astrée: proving the absence of runtime errors. In: Embedded Real Time Software and Systems Congress ERTS \(^2\) (2010)
Kästner, D., et al.: CompCert: practical experience on integrating and qualifying a formally verified optimizing compiler. In: ERTS2 2018 - Embedded Real Time Software and Systems. 3AF, SEE, SIE, Toulouse, France (2018). https://hal.inria.fr/hal-01643290, archived in the HAL-INRIA open archive, https://hal.inria.fr/hal-01643290/file/ERTS_2018_paper_59.pdf
Kästner, D., Leroy, X., Blazy, S., Schommer, B., Schmidt, M., Ferdinand, C.: Closing the gap - the formally verified optimizing compiler CompCert. In: SSS 2017: Developments in System Safety Engineering: Proceedings of the Twenty-fifth Safety-critical Systems Symposium, pp. 163–180. CreateSpace (2017)
Kästner, D., Mauborgne, L., Ferdinand, C.: Detecting safety- and security-relevant programming defects by sound static analysis. In: Falk, R., Chan, J.C.B.S. (eds.) The Second International Conference on Cyber-Technologies and Cyber-Systems (CYBER 2017). IARIA Conferences, vol. 2, pp. 26–31. IARIA XPS Press (2017)
Kästner, D., Mauborgne, L., Ferdinand, C.: Detecting spectre vulnerabilities by sound static analysis. In: Anne Coull, R.F., Chan, S. (ed.) The Fourth International Conference on Cyber-Technologies and Cyber-Systems (CYBER 2019). IARIA Conferences, vol. 4, pp. 29–37. IARIA XPS Press (2019). http://www.thinkmind.org/download.php?articleid=cyber_2019_3_10_80050
Kästner, D., Mauborgne, L., Grafe, N., Ferdinand, C.: Advanced sound static analysis to detect safety- and security-relevant programming defects. In: Falk, R., Steve Chan, J.C.B. (eds.) 8th International Journal on Advances in Security. vol. 1 & 2, pp. 149–159. IARIA (2018), https://www.iariajournals.org/security/
Kästner, D., Mauborgne, L., Wilhelm, S., Ferdinand, C.: high-precision sound analysis to find safety and cybersecurity defects. In: 10th European Congress on Embedded Real Time Software and Systems (ERTS 2020). Toulouse, France (2020). https://hal.archives-ouvertes.fr/hal-02479217
Kästner, D., Mauborgne, L., Wilhelm, S., Mallon, C., Ferdinand, C.: Static data and control coupling analysis. In: 11th Embedded Real Time Systems European Congress (ERTS2022). Toulouse, France (2022). https://hal.archives-ouvertes.fr/hal-03694546
Kästner, D., Pohland, J.: Program analysis on evolving software. In: Roy, M. (ed.) CARS 2015 - Critical Automotive applications: Robustness & Safety. Paris, France (2015). https://hal.archives-ouvertes.fr/hal-01192985
Kästner, D., Hümbert, C., Gebhard, G., Pister, M., Wegener, S., Ferdinand, C.: Taming Timing - Combining Static Analysis With Non-intrusive Tracing to Compute WCET Bounds on Multicore Processors. Embedded World Congress (2021)
Kästner, D., Salvi, S., Bienmüller, T., Ferdinand, C.: Exploiting synergies between static analysis and model-based testing (2015). https://doi.org/10.1109/EDCC.2015.20
Langenbach, M., Thesing, S., Heckmann, R.: Pipeline modeling for timing analysis. In: Hermenegildo, M.V., Puebla, G. (eds.) SAS 2002. LNCS, vol. 2477, pp. 294–309. Springer, Heidelberg (2002). https://doi.org/10.1007/3-540-45789-5_22
Li, Y.T.S., Malik, S.: Performance analysis of embedded software using implicit path enumeration. In: Proceedings of the 32nd ACM/IEEE Design Automation Conference, pp. 456–461 (1995)
Limited, M.: MISRA C++:2008 Guidelines for the use of the C++ language in critical systems (2008)
Miné, A.: Static analysis of run-time errors in embedded real-time parallel C programs. Logic. Meth. Comput. Sci. (LMCS) 8(26), 63 (2012)
Miné, A., Delmas, D.: Towards an industrial use of sound static analysis for the verification of concurrent embedded avionics software. In: Proceedings of the 15th International Conference on Embedded Software (EMSOFT 2015), pp. 65–74. IEEE CS Press (2015)
MISRA (Motor Industry Software Reliability Association) Working Group: MISRA-C:2012 Guidelines for the use of the C Language in Critical Systems. MISRA Limited (2013)
MISRA (Motor Industry Software Reliability Association) Working Group: MISRA-C:2023 Guidelines for the use of the C Language in Critical Systems. MISRA Limited (2023)
Nowotsch, J., Paulitsch, M., Bühler, D., Theiling, H., Wegener, S., Schmidt, M.: Multi-core interference-sensitive wcet analysis leveraging runtime resource capacity enforcement. In: ECRTS 2014: Proceedings of the 26th Euromicro Conference on Real-Time Systems (2014)
Radio Technical Commission for Aeronautics: RTCA DO-178B. Software Considerations in Airborne Systems and Equipment Certification (1992)
Radio Technical Commission for Aeronautics: RTCA DO-178C. Software Considerations in Airborne Systems and Equipment Certification (2011)
Radio Technical Commission for Aeronautics: RTCA DO-333. Formal Methods Supplement to DO-178C and DO-278A (2011)
Reineke, J., Grund, D., Berg, C., Wilhelm, R.: Timing predictability of cache replacement policies. Real-Time Syst. 37(2), 99–122 (2007)
Reineke, J., et al.: A definition and classification of timing anomalies. In: Mueller, F. (ed.) International Workshop on Worst-Case Execution Time Analysis (WCET) (2006)
Rival, X., Mauborgne, L.: The trace partitioning abstract domain. ACM Trans. Program. Lang. Syst. 29(5), 26 (2007). https://doi.org/10.1145/1275497.1275501
Schranzhofer, A., Chen, J.J., Thiele, L.: Timing predictability on multi-processor systems with shared resources. In: Workshop on Reconciling Performance with Predictability (RePP), 2010 (2009)
Shaw, A.C.: Reasoning about time in higher-level language software. IEEE Trans. Softw. Eng. 15(7), 875–889 (1989). https://doi.org/10.1109/32.29487
Software Engineering Institute SEI - CERT Division: SEI CERT C Coding Standard - Rules for Developing Safe, Reliable, and Secure Systems. Carnegie Mellon University (2016)
The MITRE Corporation: CWE – Common Weakness Enumeration. https://cwe.mitre.org. Accessed Sep 2017
Theiling, H.: Extracting safe and precise control flow from binaries. In: Proceedings of the 7th Conference on Real-Time Computing Systems and Applications. Cheju Island, South Korea (2000)
Theiling, H.: ILP-based interprocedural path analysis. In: Sangiovanni-Vincentelli, A., Sifakis, J. (eds.) EMSOFT 2002. LNCS, vol. 2491, pp. 349–363. Springer, Heidelberg (2002). https://doi.org/10.1007/3-540-45828-X_26
Thesing, S.: Modeling a system controller for timing analysis. In: Min, S.L., Yi, W. (eds.) Proceedings of the 6th ACM & IEEE International conference on Embedded software, EMSOFT 2006, 22-25 October 2006, Seoul, Korea, pp. 292–300. ACM (2006). https://doi.org/10.1145/1176887.1176929
Thiele, L., Wilhelm, R.: Design for timing predictability. Real-Time Syst. 28(2–3), 157–177 (2004). https://doi.org/10.1023/B:TIME.0000045316.66276.6e
Transcript of Morning Trial Proceedings had on the 14th day of October, 2013 Before the Honorable Patricia G. Parrish, District Judge, Case No. CJ-2008-7969 (2013). http://www.safetyresearch.net/Library/Bookout_v_Toyota_Barr_REDACTED.pdf
Venet, A.: The gauge domain: scalable analysis of linear inequality invariants (2012). https://doi.org/10.1007/978-3-642-31424-7_15
Wegener, S.: Towards multicore WCET analysis. In: Reineke, J. (ed.) 17th International Workshop on Worst-Case Execution Time Analysis (WCET 2017). OpenAccess Series in Informatics (OASIcs), vol. 57, pp. 1–12. Schloss Dagstuhl–Leibniz-Zentrum fuer Informatik, Dagstuhl, Germany (2017). https://doi.org/10.4230/OASIcs.WCET.2017.7, http://drops.dagstuhl.de/opus/volltexte/2017/7311
Wilhelm, R., Reineke, J., Wegener, S.: Keeping up with real time. In: Durak, U., Becker, J., Hartmann, S., Voros, N.S. (eds.) Advances in Aeronautical Informatics, pp. 121–133. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-75058-3_9
Acknowledgment
Many people contributed to aiT and Astrée and their success. We want to thank them all.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Kästner, D., Wilhelm, R., Ferdinand, C. (2023). Abstract Interpretation in Industry – Experience and Lessons Learned. In: Hermenegildo, M.V., Morales, J.F. (eds) Static Analysis. SAS 2023. Lecture Notes in Computer Science, vol 14284. Springer, Cham. https://doi.org/10.1007/978-3-031-44245-2_2
Download citation
DOI: https://doi.org/10.1007/978-3-031-44245-2_2
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-44244-5
Online ISBN: 978-3-031-44245-2
eBook Packages: Computer ScienceComputer Science (R0)