Interface-Implementation Contract Checking:
A Case Study on NASA’s OSAL

Dharmalingam Ganesan, Mikael Lindvall
Fraunhofer ...
Agenda
• Context: NASA OSAL
• Static equivalence analysis
• Static contract checking
• Conclusion

© 2013 Fraunhofer USA, ...
Context: NASA OSAL
• Operating System Abstraction Layer
• Isolates flight software from real time operating
systems and ha...
NASA OSAL
• Why is it important that OSAL is bug free?
– flight software is mission critical and needs to
be of very high ...
NASA OSAL in CFS

© 2013 Fraunhofer USA, Inc.
Center for Experimental Software Engineering

5
NASA OSAL – Architecture

© 2013 Fraunhofer USA, Inc.
Center for Experimental Software Engineering

6
Agenda
• Context: NASA OSAL
• Static equivalence analysis
• Static contract checking
• Conclusion

© 2013 Fraunhofer USA, ...
Static equivalence analysis
• Currently OSAL has implementations for
Rtems, vxWorks and Posix operating
systems
• All impl...
Static equivalence analysis
• Used to find differences between
implementations of OSAL
– Posix, RTEMS, vxWorks

• Extracts...
Static equivalence analysis
• Enables us to easily find otherwise subtle and hard to
find errors

Posix implementation

Rt...
Static equivalence analysis - example

© 2013 Fraunhofer USA, Inc.
Center for Experimental Software Engineering

11
Which defects can be found in OSAL when analyzing function pairs for functional
equivalence?

Runtime Issues

# Issues

Mi...
Agenda
• Context: NASA OSAL
• Static equivalence analysis
• Static contract checking
• Conclusion

© 2013 Fraunhofer USA, ...
Static contract checking without a formal contract
• API‘s are supposed to fulfill a “contract”
• A contract is:
– Specifi...
Static contract checking without a formal contract
Example of function fulfilling contract
Contract

Implementation

© 201...
Static contract checking without a formal contract
Example of function fulfilling contract

© 2013 Fraunhofer USA, Inc.
Ce...
Static contract checking without a formal contract
Example of function fulfilling contract

© 2013 Fraunhofer USA, Inc.
Ce...
Static contract checking without a formal contract
Example of function not fulfilling contract

© 2013 Fraunhofer USA, Inc...
Static contract checking without a formal contract
• Regular expressions to create simple and fast perl
programs
• Compati...
Static contract checking without a formal contract

© 2013 Fraunhofer USA, Inc.
Center for Experimental Software Engineeri...
Static contract checking without a formal contract
...and the other way around.

• To find if functions implement more tha...
Static contract checking without a formal contract

© 2013 Fraunhofer USA, Inc.
Center for Experimental Software Engineeri...
static contract checking without a formal contract
A part of the 61 issues found in the Posix
implementation.
All issues r...
Summary
Static equivalence analysis:
• A lightweight technique
• powerful for detecting inconsistencies between
wrappers
•...
Thank you!
dganesan@fc-md.umd.edu
mlindvall@fc-md.umd.edu

© 2013 Fraunhofer USA, Inc.
Center for Experimental Software En...
Acknowledgement
• Gunnar Cortes
• Henning Femmer
• Dave McComas
• Alan Cudmore
• Wesley Deadrick

© 2013 Fraunhofer USA, I...
Upcoming SlideShare
Loading in...5
×

Interface-Implementation Contract Checking

141

Published on

Published in: Technology, Business
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
141
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
2
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Interface-Implementation Contract Checking

  1. 1. Interface-Implementation Contract Checking: A Case Study on NASA’s OSAL Dharmalingam Ganesan, Mikael Lindvall Fraunhofer Center for Experimental Software Engineering College Park Maryland © 2013 Fraunhofer USA, Inc. Center for Experimental Software Engineering 1
  2. 2. Agenda • Context: NASA OSAL • Static equivalence analysis • Static contract checking • Conclusion © 2013 Fraunhofer USA, Inc. Center for Experimental Software Engineering 2
  3. 3. Context: NASA OSAL • Operating System Abstraction Layer • Isolates flight software from real time operating systems and hardware. • Implementation for the real time systems RTEMS and vxWorks and posix compliant non-real time systems. • Provides “Write once, run everywhere (somewhere)” at compile level • Used for mission critical embedded systems • Provides support for file-system, tasks, queues, semaphores, interrupts, hardware abstraction, I/O ports and exception handling © 2013 Fraunhofer USA, Inc. Center for Experimental Software Engineering 3
  4. 4. NASA OSAL • Why is it important that OSAL is bug free? – flight software is mission critical and needs to be of very high quality – OSAL is the foundation of the CFE which CFS runs on top of – OSAL is used in many NASA missions, e.g. the Lunar Renaissance Orbit – If OSAL has issues, it might result in catastrophic failure © 2013 Fraunhofer USA, Inc. Center for Experimental Software Engineering 4
  5. 5. NASA OSAL in CFS © 2013 Fraunhofer USA, Inc. Center for Experimental Software Engineering 5
  6. 6. NASA OSAL – Architecture © 2013 Fraunhofer USA, Inc. Center for Experimental Software Engineering 6
  7. 7. Agenda • Context: NASA OSAL • Static equivalence analysis • Static contract checking • Conclusion © 2013 Fraunhofer USA, Inc. Center for Experimental Software Engineering 7
  8. 8. Static equivalence analysis • Currently OSAL has implementations for Rtems, vxWorks and Posix operating systems • All implementations should work the same – Perform same operation regardless of OS – Return same error-codes when errors occur © 2013 Fraunhofer USA, Inc. Center for Experimental Software Engineering 8
  9. 9. Static equivalence analysis • Used to find differences between implementations of OSAL – Posix, RTEMS, vxWorks • Extracts return codes from function bodies • Return codes of each implementation compared to find differences © 2013 Fraunhofer USA, Inc. Center for Experimental Software Engineering 9
  10. 10. Static equivalence analysis • Enables us to easily find otherwise subtle and hard to find errors Posix implementation Rtems implementation © 2013 Fraunhofer USA, Inc. Center for Experimental Software Engineering 10
  11. 11. Static equivalence analysis - example © 2013 Fraunhofer USA, Inc. Center for Experimental Software Engineering 11
  12. 12. Which defects can be found in OSAL when analyzing function pairs for functional equivalence? Runtime Issues # Issues Minor Issues # Issues Precondition Checking Diffs. 13 Configuration Issues 9* Return Code Diffs. 24 Output Differences 18* Global Variable Writing Diffs. 15 Parameter Writing Diffs. 3 Parameter Checking 2 Σ Σ 27 57 Acknowledged and/or Fixed © 2013 Fraunhofer USA, Inc. Center for Experimental Software Engineering 12
  13. 13. Agenda • Context: NASA OSAL • Static equivalence analysis • Static contract checking • Conclusion © 2013 Fraunhofer USA, Inc. Center for Experimental Software Engineering 13
  14. 14. Static contract checking without a formal contract • API‘s are supposed to fulfill a “contract” • A contract is: – Specification of what each function does and – How it responds to errors and what the function should return • Programmers program to a API using the contract as a guide. • A function not written according to the contract can cause hard to find errors © 2013 Fraunhofer USA, Inc. Center for Experimental Software Engineering 14
  15. 15. Static contract checking without a formal contract Example of function fulfilling contract Contract Implementation © 2013 Fraunhofer USA, Inc. Center for Experimental Software Engineering 15
  16. 16. Static contract checking without a formal contract Example of function fulfilling contract © 2013 Fraunhofer USA, Inc. Center for Experimental Software Engineering 16
  17. 17. Static contract checking without a formal contract Example of function fulfilling contract © 2013 Fraunhofer USA, Inc. Center for Experimental Software Engineering 17
  18. 18. Static contract checking without a formal contract Example of function not fulfilling contract © 2013 Fraunhofer USA, Inc. Center for Experimental Software Engineering 18
  19. 19. Static contract checking without a formal contract • Regular expressions to create simple and fast perl programs • Compatible with C and C++ • Extracts return codes from function bodies and contract comments • Compares the return codes of contract comments and function bodies to find mismatches © 2013 Fraunhofer USA, Inc. Center for Experimental Software Engineering 19
  20. 20. Static contract checking without a formal contract © 2013 Fraunhofer USA, Inc. Center for Experimental Software Engineering 20
  21. 21. Static contract checking without a formal contract ...and the other way around. • To find if functions implement more than the contracts implies • To identify an uncomplete contract that could result in implementation mismatches between wrappers • Extract return codes from the function bodies, instead of the contract comments • Compare the extracted returns to the contract comments to find undocumented behavior © 2013 Fraunhofer USA, Inc. Center for Experimental Software Engineering 21
  22. 22. Static contract checking without a formal contract © 2013 Fraunhofer USA, Inc. Center for Experimental Software Engineering 22
  23. 23. static contract checking without a formal contract A part of the 61 issues found in the Posix implementation. All issues reported and taken care now. © 2013 Fraunhofer USA, Inc. Center for Experimental Software Engineering 23
  24. 24. Summary Static equivalence analysis: • A lightweight technique • powerful for detecting inconsistencies between wrappers • Found several inconsistencies (addressed in OSAL) Static contract checking without a formal contract: • A lightweight technique • Found a lot of inconsistencies between documentation and code (addressed in OSAL) • Does not need any modeling or rigor – (but neither sound nor complete) © 2013 Fraunhofer USA, Inc. Center for Experimental Software Engineering 24
  25. 25. Thank you! dganesan@fc-md.umd.edu mlindvall@fc-md.umd.edu © 2013 Fraunhofer USA, Inc. Center for Experimental Software Engineering 25
  26. 26. Acknowledgement • Gunnar Cortes • Henning Femmer • Dave McComas • Alan Cudmore • Wesley Deadrick © 2013 Fraunhofer USA, Inc. Center for Experimental Software Engineering 26
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×