SlideShare a Scribd company logo

DO-178C: the OOT supplement

AdaCore
AdaCore

A look at the OOT supplement being introduced in the upcoming DO-178C avionics standard.

Technology
1 of 18
Download to read offline
Cyrille Comar comar@adacore.com
Content Scope & History Structure of the Document The new objectives & activities Conclusion
Software Scope Why a need for an OOT Supplement? - Very little text about programming techniques in DO-178B OO Certifiable 80s-90s
Software Scope Why a need for an OOT Supplement? - Very little text about programming techniques in DO-178B - -178B objectives & activities appropriate when using OO techniques? OO Certifiable 2000-2010
History OOTiA - 2 workshops in 2002 & 2003 4 documents in 2004 - - Many OO programming guidelines (wrong level for DO-178) - Other Input Documents - CAST 4 (http://www.faa.gov/aircraft/air_cert/design_approvals/air_software/cast/cast_papers/) - FAA OO Issue Papers - EASA OO CRIs - FAA sponsored Research study: DOT/FAA/AR-02/113 (http://www.faa.gov/aircraft/air_cert/design_approvals/air_software/research/)
Is this supplement only about OO? Some programming features are not specific to OO but are common in OO languages and not properly addressed in DO-178 : - genericity - overloading - exception management - memory management
Scope Subgroup 5 - 15 persons in average (significant turnover) - - Little participation from major OOTiA actors - Mix of - Industrial Users ( OO ++, Certif --) - Tool providers - DERs (OO --, Certif ++)
Structure of the Document OO.1.6 OO.2 OO.12 Annexes Appendixes OO.C.1-6 OO.C.7-8 DP#1 DP#2 Characteristics of OO&RT Overridings of DO-178C core Overridings of DO-178C Tables Glossary Overridings of DO-178C Tables FAQs Vulnerability and Guidelines Most of the new text is here OO.4 < 20 lines OO.5 < 20 lines OO.6 < 3 pages OO.11 < 1 page Can be deduced from the rest (particularly OO.D)
Planning & Development Processes Virtualization layers Planning Component reuse Design - HLR Class Hierarchy - LLR + Class Hierarchy Type Consistency - Exception Management Strategy - Memory Management Strategy - Reuse & Deactivation
Appendix OO.C7 & OO.C8 1.Key Features - - - - - - - 2.General Issues - - - - Guidance Guidelines New objective+activities (OO.4.2, OO.5.2.2, OO.6.6) Design standard none Separate instance verif none Code Standard One word (OO.6.3.4.f) Code Standard & Review Enhanced activities (OO.4.2.b, OO.5.2.2.d, OO.6.3.3.a) Design Standard New Objective+Activities (OO.4.2, OO.5.2.2, OO.6.7) Design Standard Clarification (OO.4.2.a) Layered certif evidence Clarification (OO.5.5) none Data & Control coupling Clarification (OO.4.2.b, OO.5.2.2.e) Extensive (redundant) None Extensive (redundant)
OO.6.7: Local Type Consistency Verification How to Address verification of dynamic dispatch ? Is Statement Coverage a good measure? Do_Something  (Object  :  C1) Object.M  (); Do_Something_Else  (Object  :  C2) Object.M  (); Do_Something  (Object  :  C1) case   is =>  Object.C1::M  (); =>  Object.C2::M  (); end  case; Do_Something_Else  (Object  :  C2) case   is =>  Object.C1::M  (); =>  Object.C2::M  (); end  case; Do_Something  (Object  :  C1) Dispatch_M  (C1); Do_Something_Else  (Object  :  C2) Dispatch_M  (C2); Dispatch_M  (Object  :  C1) case   is =>  Object.C1::M  (); =>  Object.C2::M  (); end  case; pessimistic optimistic
OO.6.7: Local Type Consistency Verification (2) Class  C1 Method  M   Class  C3 overriding  Method  M   Class  C2 inherited  Method  M   Class  C4 overriding  Method  M   Do_Something  (Object  :  C1) -­‐-­‐ precondition:  what  does  the  context  provide  to  M Object.M  (); -­‐-­‐ postcondition:  what  is  M  contribution  to  the  context - - it provides as much to the context (postcondition strengthening)
Local Type Consistency (3) 3 possible activities: - - Define explicit annotations (Pre/Postconditions, invariants) - Annotations must be complete & correct - Prove theorem on Pre & Post - Verify substitutability by (unit) testing - LLRs are associated to Class methods - Run LLR tests associated with superclass on subclass - Pessimistic Testing - New coverage criteria for dispatching call - any method invocation must be covered at each dispatch point
OO.6.8: Dynamic Memory Management 7 activities corresponding to usual vulnerabilities: - Reference Ambiguity - Fragmentation Starvation - Deallocation Starvation - Heap exhaustion - Premature Deallocation - Lost Update (Moving GCs) - Time bound on alloc/dealloc 4 Types of Dynamic Allocation Considered - Object Pooling - Stack/Scope Allocation - Manual Heap allocation - Automatic Heap Allocation (GC)
Virtualization What is Code & what is Data ? OO4.2.a : Any time that data, when interpreted, provides control flow for the executable program, virtualization is being used Layered Verification Virtualization Software to be certified at appropriate level Same for Virtualized Software Interpreted Language Java Byte Code State Machine Language Interpret JVM SM interpretLayer 1 Layer 2
Design & Code Standards Restrict Static Dispatch (vs Dynamic dispatch, see Faq #23) Restrict parametric polymorphism Restrict overloading & implicit type conversions Restrict downcasting and narrowing conversions Restrict Exception Handling Restrict Dynamic Memory management Restrict /= Forbid Find the right bounded usage depending on the language and specific needs of the applications
Questions & Answers 36 Q/A Most of them are text explanations from various angles FAQ#20: same example of LSP violation in - Ada - C++ - Java - FAQ#23 : example of static dispatch vs dynamic dispatch
Conclusion Was an OOT supplement necessary? NO: - most of the changes could go in the core document YES: - difficult to get significant changes in the core document - groups all the related accompanying information

Recommended

Project backup repository and avoiding requirements creep
Project backup repository and avoiding requirements creepProject backup repository and avoiding requirements creep
Project backup repository and avoiding requirements creepAswin Vijayakumar
 
Verification Automation Using IPXACT
Verification Automation Using IPXACTVerification Automation Using IPXACT
Verification Automation Using IPXACTDVClub
 
An Alternative Approach to DO-178B
An Alternative Approach to DO-178BAn Alternative Approach to DO-178B
An Alternative Approach to DO-178BAdaCore
 
Introduction to DO-178B - Software Considerations in Airborne Systems and Equ...
Introduction to DO-178B - Software Considerations in Airborne Systems and Equ...Introduction to DO-178B - Software Considerations in Airborne Systems and Equ...
Introduction to DO-178B - Software Considerations in Airborne Systems and Equ...Swamy Shettru
 
DO-178B/ED-12B Presentation
DO-178B/ED-12B PresentationDO-178B/ED-12B Presentation
DO-178B/ED-12B PresentationAnkit Singh
 
Embedded software static analysis_Polyspace-WhitePaper_final
Embedded software static analysis_Polyspace-WhitePaper_finalEmbedded software static analysis_Polyspace-WhitePaper_final
Embedded software static analysis_Polyspace-WhitePaper_finalTAMILMARAN C
 
Avionics Software Standards
Avionics Software StandardsAvionics Software Standards
Avionics Software StandardsSushma Reddy
 
G7 calibration with Fiery Color Profiler Suite
G7 calibration with Fiery Color Profiler SuiteG7 calibration with Fiery Color Profiler Suite
G7 calibration with Fiery Color Profiler SuiteEyal Benedek
 

Recommended

Project backup repository and avoiding requirements creep
Project backup repository and avoiding requirements creepProject backup repository and avoiding requirements creep
Project backup repository and avoiding requirements creepAswin Vijayakumar
 
Verification Automation Using IPXACT
Verification Automation Using IPXACTVerification Automation Using IPXACT
Verification Automation Using IPXACTDVClub
 
An Alternative Approach to DO-178B
An Alternative Approach to DO-178BAn Alternative Approach to DO-178B
An Alternative Approach to DO-178BAdaCore
 
Introduction to DO-178B - Software Considerations in Airborne Systems and Equ...
Introduction to DO-178B - Software Considerations in Airborne Systems and Equ...Introduction to DO-178B - Software Considerations in Airborne Systems and Equ...
Introduction to DO-178B - Software Considerations in Airborne Systems and Equ...Swamy Shettru
 
DO-178B/ED-12B Presentation
DO-178B/ED-12B PresentationDO-178B/ED-12B Presentation
DO-178B/ED-12B PresentationAnkit Singh
 
Embedded software static analysis_Polyspace-WhitePaper_final
Embedded software static analysis_Polyspace-WhitePaper_finalEmbedded software static analysis_Polyspace-WhitePaper_final
Embedded software static analysis_Polyspace-WhitePaper_finalTAMILMARAN C
 
Avionics Software Standards
Avionics Software StandardsAvionics Software Standards
Avionics Software StandardsSushma Reddy
 
G7 calibration with Fiery Color Profiler Suite
G7 calibration with Fiery Color Profiler SuiteG7 calibration with Fiery Color Profiler Suite
G7 calibration with Fiery Color Profiler SuiteEyal Benedek
 
DO 178C Upcoming Guidance for OOS
DO 178C Upcoming Guidance for OOSDO 178C Upcoming Guidance for OOS
DO 178C Upcoming Guidance for OOSAdaCore
 
ISO 15926 series standard and its business value
ISO 15926 series standard and its business valueISO 15926 series standard and its business value
ISO 15926 series standard and its business valueHiroshi Okada
 
Open-DO: Towards a Lean Approach for Certification (Cyrille Comar)
Open-DO: Towards a Lean Approach for Certification (Cyrille Comar)Open-DO: Towards a Lean Approach for Certification (Cyrille Comar)
Open-DO: Towards a Lean Approach for Certification (Cyrille Comar)AdaCore
 
Guob consolidation implementation11gr2
Guob consolidation implementation11gr2Guob consolidation implementation11gr2
Guob consolidation implementation11gr2Rodrigo Almeida
 
Elite S summer school 2020 - Standardisation training by David Filip
Elite S summer school 2020 - Standardisation training by David FilipElite S summer school 2020 - Standardisation training by David Filip
Elite S summer school 2020 - Standardisation training by David FilipDavid Filip
 
Building products - A Nifty Approach
Building products - A Nifty ApproachBuilding products - A Nifty Approach
Building products - A Nifty ApproachGuruprasadBhat21
 
Coverage Solutions on Emulators
Coverage Solutions on EmulatorsCoverage Solutions on Emulators
Coverage Solutions on EmulatorsDVClub
 
Legacy Renewal of Central Framework in the Enterprise
Legacy Renewal of Central Framework in the EnterpriseLegacy Renewal of Central Framework in the Enterprise
Legacy Renewal of Central Framework in the EnterpriseAnatole Tresch
 
Open-Do - Initial concepts and idea
Open-Do - Initial concepts and ideaOpen-Do - Initial concepts and idea
Open-Do - Initial concepts and ideaAdaCore
 
Ceph Day Shanghai - On the Productization Practice of Ceph
Ceph Day Shanghai - On the Productization Practice of Ceph Ceph Day Shanghai - On the Productization Practice of Ceph
Ceph Day Shanghai - On the Productization Practice of Ceph Ceph Community
 
Preparing for Neo - Singapore OutSystems User Group October 2022 Meetup
Preparing for Neo - Singapore OutSystems User Group October 2022 MeetupPreparing for Neo - Singapore OutSystems User Group October 2022 Meetup
Preparing for Neo - Singapore OutSystems User Group October 2022 MeetupYashrajNayak4
 
iSeries Modernization: RPG/400 to Java Migration
iSeries Modernization: RPG/400 to Java MigrationiSeries Modernization: RPG/400 to Java Migration
iSeries Modernization: RPG/400 to Java Migrationecubemarketing
 
13_CES_DO-178B.pdf
13_CES_DO-178B.pdf13_CES_DO-178B.pdf
13_CES_DO-178B.pdfAbdulQadeerKhan72
 
Ramprasad-CV_3+yrs
Ramprasad-CV_3+yrsRamprasad-CV_3+yrs
Ramprasad-CV_3+yrsRamprasad B
 
Agados POC Report to Build/Rebuild for ERP PKG
Agados POC Report to Build/Rebuild for ERP PKG Agados POC Report to Build/Rebuild for ERP PKG
Agados POC Report to Build/Rebuild for ERP PKG Yongkyoo Park
 
Yakaiah_Resume_9Yrs
Yakaiah_Resume_9YrsYakaiah_Resume_9Yrs
Yakaiah_Resume_9YrsYakaiah S
 
SAP ABAP Online Training Institute in Hyderabad - C-Point
SAP ABAP Online Training Institute in Hyderabad - C-PointSAP ABAP Online Training Institute in Hyderabad - C-Point
SAP ABAP Online Training Institute in Hyderabad - C-Pointcpointss
 
Storage Benchmarks - Voodoo oder Wissenschaft? – data://disrupted® 2020
Storage Benchmarks - Voodoo oder Wissenschaft? – data://disrupted® 2020Storage Benchmarks - Voodoo oder Wissenschaft? – data://disrupted® 2020
Storage Benchmarks - Voodoo oder Wissenschaft? – data://disrupted® 2020data://disrupted®
 
[db tech showcase Tokyo 2016] E34: Oracle SE - RAC, HA and Standby are Still ...
[db tech showcase Tokyo 2016] E34: Oracle SE - RAC, HA and Standby are Still ...[db tech showcase Tokyo 2016] E34: Oracle SE - RAC, HA and Standby are Still ...
[db tech showcase Tokyo 2016] E34: Oracle SE - RAC, HA and Standby are Still ...Insight Technology, Inc.
 
Case study - IV&V of Standby Engine Instrument
Case study - IV&V of Standby Engine InstrumentCase study - IV&V of Standby Engine Instrument
Case study - IV&V of Standby Engine InstrumentOak Systems
 
RCA OCORA: Safe Computing Platform using open standards
RCA OCORA: Safe Computing Platform using open standardsRCA OCORA: Safe Computing Platform using open standards
RCA OCORA: Safe Computing Platform using open standardsAdaCore
 
Have we a Human Ecosystem?
Have we a Human Ecosystem?Have we a Human Ecosystem?
Have we a Human Ecosystem?AdaCore
 

More Related Content

Similar to DO-178C: the OOT supplement

DO 178C Upcoming Guidance for OOS
DO 178C Upcoming Guidance for OOSDO 178C Upcoming Guidance for OOS
DO 178C Upcoming Guidance for OOSAdaCore
 
ISO 15926 series standard and its business value
ISO 15926 series standard and its business valueISO 15926 series standard and its business value
ISO 15926 series standard and its business valueHiroshi Okada
 
Open-DO: Towards a Lean Approach for Certification (Cyrille Comar)
Open-DO: Towards a Lean Approach for Certification (Cyrille Comar)Open-DO: Towards a Lean Approach for Certification (Cyrille Comar)
Open-DO: Towards a Lean Approach for Certification (Cyrille Comar)AdaCore
 
Guob consolidation implementation11gr2
Guob consolidation implementation11gr2Guob consolidation implementation11gr2
Guob consolidation implementation11gr2Rodrigo Almeida
 
Elite S summer school 2020 - Standardisation training by David Filip
Elite S summer school 2020 - Standardisation training by David FilipElite S summer school 2020 - Standardisation training by David Filip
Elite S summer school 2020 - Standardisation training by David FilipDavid Filip
 
Building products - A Nifty Approach
Building products - A Nifty ApproachBuilding products - A Nifty Approach
Building products - A Nifty ApproachGuruprasadBhat21
 
Coverage Solutions on Emulators
Coverage Solutions on EmulatorsCoverage Solutions on Emulators
Coverage Solutions on EmulatorsDVClub
 
Legacy Renewal of Central Framework in the Enterprise
Legacy Renewal of Central Framework in the EnterpriseLegacy Renewal of Central Framework in the Enterprise
Legacy Renewal of Central Framework in the EnterpriseAnatole Tresch
 
Open-Do - Initial concepts and idea
Open-Do - Initial concepts and ideaOpen-Do - Initial concepts and idea
Open-Do - Initial concepts and ideaAdaCore
 
Ceph Day Shanghai - On the Productization Practice of Ceph
Ceph Day Shanghai - On the Productization Practice of Ceph Ceph Day Shanghai - On the Productization Practice of Ceph
Ceph Day Shanghai - On the Productization Practice of Ceph Ceph Community
 
Preparing for Neo - Singapore OutSystems User Group October 2022 Meetup
Preparing for Neo - Singapore OutSystems User Group October 2022 MeetupPreparing for Neo - Singapore OutSystems User Group October 2022 Meetup
Preparing for Neo - Singapore OutSystems User Group October 2022 MeetupYashrajNayak4
 
iSeries Modernization: RPG/400 to Java Migration
iSeries Modernization: RPG/400 to Java MigrationiSeries Modernization: RPG/400 to Java Migration
iSeries Modernization: RPG/400 to Java Migrationecubemarketing
 
Ramprasad-CV_3+yrs
Ramprasad-CV_3+yrsRamprasad-CV_3+yrs
Ramprasad-CV_3+yrsRamprasad B
 
Agados POC Report to Build/Rebuild for ERP PKG
Agados POC Report to Build/Rebuild for ERP PKG Agados POC Report to Build/Rebuild for ERP PKG
Agados POC Report to Build/Rebuild for ERP PKG Yongkyoo Park
 
Yakaiah_Resume_9Yrs
Yakaiah_Resume_9YrsYakaiah_Resume_9Yrs
Yakaiah_Resume_9YrsYakaiah S
 
SAP ABAP Online Training Institute in Hyderabad - C-Point
SAP ABAP Online Training Institute in Hyderabad - C-PointSAP ABAP Online Training Institute in Hyderabad - C-Point
SAP ABAP Online Training Institute in Hyderabad - C-Pointcpointss
 
Storage Benchmarks - Voodoo oder Wissenschaft? – data://disrupted® 2020
Storage Benchmarks - Voodoo oder Wissenschaft? – data://disrupted® 2020Storage Benchmarks - Voodoo oder Wissenschaft? – data://disrupted® 2020
Storage Benchmarks - Voodoo oder Wissenschaft? – data://disrupted® 2020data://disrupted®
 
[db tech showcase Tokyo 2016] E34: Oracle SE - RAC, HA and Standby are Still ...
[db tech showcase Tokyo 2016] E34: Oracle SE - RAC, HA and Standby are Still ...[db tech showcase Tokyo 2016] E34: Oracle SE - RAC, HA and Standby are Still ...
[db tech showcase Tokyo 2016] E34: Oracle SE - RAC, HA and Standby are Still ...Insight Technology, Inc.
 
Case study - IV&V of Standby Engine Instrument
Case study - IV&V of Standby Engine InstrumentCase study - IV&V of Standby Engine Instrument
Case study - IV&V of Standby Engine InstrumentOak Systems
 

Similar to DO-178C: the OOT supplement (20)

DO 178C Upcoming Guidance for OOS
DO 178C Upcoming Guidance for OOSDO 178C Upcoming Guidance for OOS
DO 178C Upcoming Guidance for OOS
 
ISO 15926 series standard and its business value
ISO 15926 series standard and its business valueISO 15926 series standard and its business value
ISO 15926 series standard and its business value
 
Open-DO: Towards a Lean Approach for Certification (Cyrille Comar)
Open-DO: Towards a Lean Approach for Certification (Cyrille Comar)Open-DO: Towards a Lean Approach for Certification (Cyrille Comar)
Open-DO: Towards a Lean Approach for Certification (Cyrille Comar)
 
Guob consolidation implementation11gr2
Guob consolidation implementation11gr2Guob consolidation implementation11gr2
Guob consolidation implementation11gr2
 
Elite S summer school 2020 - Standardisation training by David Filip
Elite S summer school 2020 - Standardisation training by David FilipElite S summer school 2020 - Standardisation training by David Filip
Elite S summer school 2020 - Standardisation training by David Filip
 
Building products - A Nifty Approach
Building products - A Nifty ApproachBuilding products - A Nifty Approach
Building products - A Nifty Approach
 
Coverage Solutions on Emulators
Coverage Solutions on EmulatorsCoverage Solutions on Emulators
Coverage Solutions on Emulators
 
Legacy Renewal of Central Framework in the Enterprise
Legacy Renewal of Central Framework in the EnterpriseLegacy Renewal of Central Framework in the Enterprise
Legacy Renewal of Central Framework in the Enterprise
 
Open-Do - Initial concepts and idea
Open-Do - Initial concepts and ideaOpen-Do - Initial concepts and idea
Open-Do - Initial concepts and idea
 
Ceph Day Shanghai - On the Productization Practice of Ceph
Ceph Day Shanghai - On the Productization Practice of Ceph Ceph Day Shanghai - On the Productization Practice of Ceph
Ceph Day Shanghai - On the Productization Practice of Ceph
 
Preparing for Neo - Singapore OutSystems User Group October 2022 Meetup
Preparing for Neo - Singapore OutSystems User Group October 2022 MeetupPreparing for Neo - Singapore OutSystems User Group October 2022 Meetup
Preparing for Neo - Singapore OutSystems User Group October 2022 Meetup
 
iSeries Modernization: RPG/400 to Java Migration
iSeries Modernization: RPG/400 to Java MigrationiSeries Modernization: RPG/400 to Java Migration
iSeries Modernization: RPG/400 to Java Migration
 
13_CES_DO-178B.pdf
13_CES_DO-178B.pdf13_CES_DO-178B.pdf
13_CES_DO-178B.pdf
 
Ramprasad-CV_3+yrs
Ramprasad-CV_3+yrsRamprasad-CV_3+yrs
Ramprasad-CV_3+yrs
 
Agados POC Report to Build/Rebuild for ERP PKG
Agados POC Report to Build/Rebuild for ERP PKG Agados POC Report to Build/Rebuild for ERP PKG
Agados POC Report to Build/Rebuild for ERP PKG
 
Yakaiah_Resume_9Yrs
Yakaiah_Resume_9YrsYakaiah_Resume_9Yrs
Yakaiah_Resume_9Yrs
 
SAP ABAP Online Training Institute in Hyderabad - C-Point
SAP ABAP Online Training Institute in Hyderabad - C-PointSAP ABAP Online Training Institute in Hyderabad - C-Point
SAP ABAP Online Training Institute in Hyderabad - C-Point
 
Storage Benchmarks - Voodoo oder Wissenschaft? – data://disrupted® 2020
Storage Benchmarks - Voodoo oder Wissenschaft? – data://disrupted® 2020Storage Benchmarks - Voodoo oder Wissenschaft? – data://disrupted® 2020
Storage Benchmarks - Voodoo oder Wissenschaft? – data://disrupted® 2020
 
[db tech showcase Tokyo 2016] E34: Oracle SE - RAC, HA and Standby are Still ...
[db tech showcase Tokyo 2016] E34: Oracle SE - RAC, HA and Standby are Still ...[db tech showcase Tokyo 2016] E34: Oracle SE - RAC, HA and Standby are Still ...
[db tech showcase Tokyo 2016] E34: Oracle SE - RAC, HA and Standby are Still ...
 
Case study - IV&V of Standby Engine Instrument
Case study - IV&V of Standby Engine InstrumentCase study - IV&V of Standby Engine Instrument
Case study - IV&V of Standby Engine Instrument
 

More from AdaCore

RCA OCORA: Safe Computing Platform using open standards
RCA OCORA: Safe Computing Platform using open standardsRCA OCORA: Safe Computing Platform using open standards
RCA OCORA: Safe Computing Platform using open standardsAdaCore
 
Have we a Human Ecosystem?
Have we a Human Ecosystem?Have we a Human Ecosystem?
Have we a Human Ecosystem?AdaCore
 
Rust and the coming age of high integrity languages
Rust and the coming age of high integrity languagesRust and the coming age of high integrity languages
Rust and the coming age of high integrity languagesAdaCore
 
SPARKNaCl: A verified, fast cryptographic library
SPARKNaCl: A verified, fast cryptographic librarySPARKNaCl: A verified, fast cryptographic library
SPARKNaCl: A verified, fast cryptographic libraryAdaCore
 
Developing Future High Integrity Processing Solutions
Developing Future High Integrity Processing SolutionsDeveloping Future High Integrity Processing Solutions
Developing Future High Integrity Processing SolutionsAdaCore
 
Taming event-driven software via formal verification
Taming event-driven software via formal verificationTaming event-driven software via formal verification
Taming event-driven software via formal verificationAdaCore
 
Pushing the Boundary of Mostly Automatic Program Proof
Pushing the Boundary of Mostly Automatic Program ProofPushing the Boundary of Mostly Automatic Program Proof
Pushing the Boundary of Mostly Automatic Program ProofAdaCore
 
RCA OCORA: Safe Computing Platform using open standards
RCA OCORA: Safe Computing Platform using open standardsRCA OCORA: Safe Computing Platform using open standards
RCA OCORA: Safe Computing Platform using open standardsAdaCore
 
Product Lines and Ecosystems: from customization to configuration
Product Lines and Ecosystems: from customization to configurationProduct Lines and Ecosystems: from customization to configuration
Product Lines and Ecosystems: from customization to configurationAdaCore
 
Securing the Future of Safety and Security of Embedded Software
Securing the Future of Safety and Security of Embedded SoftwareSecuring the Future of Safety and Security of Embedded Software
Securing the Future of Safety and Security of Embedded SoftwareAdaCore
 
Spark / Ada for Safe and Secure Firmware Development
Spark / Ada for Safe and Secure Firmware DevelopmentSpark / Ada for Safe and Secure Firmware Development
Spark / Ada for Safe and Secure Firmware DevelopmentAdaCore
 
Introducing the HICLASS Research Programme - Enabling Development of Complex ...
Introducing the HICLASS Research Programme - Enabling Development of Complex ...Introducing the HICLASS Research Programme - Enabling Development of Complex ...
Introducing the HICLASS Research Programme - Enabling Development of Complex ...AdaCore
 
The Future of Aerospace – More Software Please!
The Future of Aerospace – More Software Please!The Future of Aerospace – More Software Please!
The Future of Aerospace – More Software Please!AdaCore
 
Adaptive AUTOSAR - The New AUTOSAR Architecture
Adaptive AUTOSAR - The New AUTOSAR ArchitectureAdaptive AUTOSAR - The New AUTOSAR Architecture
Adaptive AUTOSAR - The New AUTOSAR ArchitectureAdaCore
 
Using Tiers of Assurance Evidence to Reduce the Tears! Adopting the “Wheel of...
Using Tiers of Assurance Evidence to Reduce the Tears! Adopting the “Wheel of...Using Tiers of Assurance Evidence to Reduce the Tears! Adopting the “Wheel of...
Using Tiers of Assurance Evidence to Reduce the Tears! Adopting the “Wheel of...AdaCore
 
Software Engineering for Robotics - The RoboStar Technology
Software Engineering for Robotics - The RoboStar TechnologySoftware Engineering for Robotics - The RoboStar Technology
Software Engineering for Robotics - The RoboStar TechnologyAdaCore
 
MISRA C in an ISO 26262 context
MISRA C in an ISO 26262 contextMISRA C in an ISO 26262 context
MISRA C in an ISO 26262 contextAdaCore
 
Application of theorem proving for safety-critical vehicle software
Application of theorem proving for safety-critical vehicle softwareApplication of theorem proving for safety-critical vehicle software
Application of theorem proving for safety-critical vehicle softwareAdaCore
 
The Application of Formal Methods to Railway Signalling Software
The Application of Formal Methods to Railway Signalling SoftwareThe Application of Formal Methods to Railway Signalling Software
The Application of Formal Methods to Railway Signalling SoftwareAdaCore
 
Bounded Model Checking for C Programs in an Enterprise Environment
Bounded Model Checking for C Programs in an Enterprise EnvironmentBounded Model Checking for C Programs in an Enterprise Environment
Bounded Model Checking for C Programs in an Enterprise EnvironmentAdaCore
 

More from AdaCore (20)

RCA OCORA: Safe Computing Platform using open standards
RCA OCORA: Safe Computing Platform using open standardsRCA OCORA: Safe Computing Platform using open standards
RCA OCORA: Safe Computing Platform using open standards
 
Have we a Human Ecosystem?
Have we a Human Ecosystem?Have we a Human Ecosystem?
Have we a Human Ecosystem?
 
Rust and the coming age of high integrity languages
Rust and the coming age of high integrity languagesRust and the coming age of high integrity languages
Rust and the coming age of high integrity languages
 
SPARKNaCl: A verified, fast cryptographic library
SPARKNaCl: A verified, fast cryptographic librarySPARKNaCl: A verified, fast cryptographic library
SPARKNaCl: A verified, fast cryptographic library
 
Developing Future High Integrity Processing Solutions
Developing Future High Integrity Processing SolutionsDeveloping Future High Integrity Processing Solutions
Developing Future High Integrity Processing Solutions
 
Taming event-driven software via formal verification
Taming event-driven software via formal verificationTaming event-driven software via formal verification
Taming event-driven software via formal verification
 
Pushing the Boundary of Mostly Automatic Program Proof
Pushing the Boundary of Mostly Automatic Program ProofPushing the Boundary of Mostly Automatic Program Proof
Pushing the Boundary of Mostly Automatic Program Proof
 
RCA OCORA: Safe Computing Platform using open standards
RCA OCORA: Safe Computing Platform using open standardsRCA OCORA: Safe Computing Platform using open standards
RCA OCORA: Safe Computing Platform using open standards
 
Product Lines and Ecosystems: from customization to configuration
Product Lines and Ecosystems: from customization to configurationProduct Lines and Ecosystems: from customization to configuration
Product Lines and Ecosystems: from customization to configuration
 
Securing the Future of Safety and Security of Embedded Software
Securing the Future of Safety and Security of Embedded SoftwareSecuring the Future of Safety and Security of Embedded Software
Securing the Future of Safety and Security of Embedded Software
 
Spark / Ada for Safe and Secure Firmware Development
Spark / Ada for Safe and Secure Firmware DevelopmentSpark / Ada for Safe and Secure Firmware Development
Spark / Ada for Safe and Secure Firmware Development
 
Introducing the HICLASS Research Programme - Enabling Development of Complex ...
Introducing the HICLASS Research Programme - Enabling Development of Complex ...Introducing the HICLASS Research Programme - Enabling Development of Complex ...
Introducing the HICLASS Research Programme - Enabling Development of Complex ...
 
The Future of Aerospace – More Software Please!
The Future of Aerospace – More Software Please!The Future of Aerospace – More Software Please!
The Future of Aerospace – More Software Please!
 
Adaptive AUTOSAR - The New AUTOSAR Architecture
Adaptive AUTOSAR - The New AUTOSAR ArchitectureAdaptive AUTOSAR - The New AUTOSAR Architecture
Adaptive AUTOSAR - The New AUTOSAR Architecture
 
Using Tiers of Assurance Evidence to Reduce the Tears! Adopting the “Wheel of...
Using Tiers of Assurance Evidence to Reduce the Tears! Adopting the “Wheel of...Using Tiers of Assurance Evidence to Reduce the Tears! Adopting the “Wheel of...
Using Tiers of Assurance Evidence to Reduce the Tears! Adopting the “Wheel of...
 
Software Engineering for Robotics - The RoboStar Technology
Software Engineering for Robotics - The RoboStar TechnologySoftware Engineering for Robotics - The RoboStar Technology
Software Engineering for Robotics - The RoboStar Technology
 
MISRA C in an ISO 26262 context
MISRA C in an ISO 26262 contextMISRA C in an ISO 26262 context
MISRA C in an ISO 26262 context
 
Application of theorem proving for safety-critical vehicle software
Application of theorem proving for safety-critical vehicle softwareApplication of theorem proving for safety-critical vehicle software
Application of theorem proving for safety-critical vehicle software
 
The Application of Formal Methods to Railway Signalling Software
The Application of Formal Methods to Railway Signalling SoftwareThe Application of Formal Methods to Railway Signalling Software
The Application of Formal Methods to Railway Signalling Software
 
Bounded Model Checking for C Programs in an Enterprise Environment
Bounded Model Checking for C Programs in an Enterprise EnvironmentBounded Model Checking for C Programs in an Enterprise Environment
Bounded Model Checking for C Programs in an Enterprise Environment
 

Recently uploaded

Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionDilum Bandara
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxLoriGlavin3
 
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESSALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESmohitsingh558521
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxLoriGlavin3
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxLoriGlavin3
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersRaghuram Pandurangan
 
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxunit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxBkGupta21
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfLoriGlavin3
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 

Recently uploaded (20)

Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An Introduction
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
 
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESSALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptx
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information Developers
 
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxunit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptx
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdf
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 

DO-178C: the OOT supplement

  • 2. Content Scope & History Structure of the Document The new objectives & activities Conclusion
  • 3. Software Scope Why a need for an OOT Supplement? - Very little text about programming techniques in DO-178B OO Certifiable 80s-90s
  • 4. Software Scope Why a need for an OOT Supplement? - Very little text about programming techniques in DO-178B - -178B objectives & activities appropriate when using OO techniques? OO Certifiable 2000-2010
  • 5. History OOTiA - 2 workshops in 2002 & 2003 4 documents in 2004 - - Many OO programming guidelines (wrong level for DO-178) - Other Input Documents - CAST 4 (http://www.faa.gov/aircraft/air_cert/design_approvals/air_software/cast/cast_papers/) - FAA OO Issue Papers - EASA OO CRIs - FAA sponsored Research study: DOT/FAA/AR-02/113 (http://www.faa.gov/aircraft/air_cert/design_approvals/air_software/research/)
  • 6. Is this supplement only about OO? Some programming features are not specific to OO but are common in OO languages and not properly addressed in DO-178 : - genericity - overloading - exception management - memory management
  • 7. Scope Subgroup 5 - 15 persons in average (significant turnover) - - Little participation from major OOTiA actors - Mix of - Industrial Users ( OO ++, Certif --) - Tool providers - DERs (OO --, Certif ++)
  • 8. Structure of the Document OO.1.6 OO.2 OO.12 Annexes Appendixes OO.C.1-6 OO.C.7-8 DP#1 DP#2 Characteristics of OO&RT Overridings of DO-178C core Overridings of DO-178C Tables Glossary Overridings of DO-178C Tables FAQs Vulnerability and Guidelines Most of the new text is here OO.4 < 20 lines OO.5 < 20 lines OO.6 < 3 pages OO.11 < 1 page Can be deduced from the rest (particularly OO.D)
  • 9. Planning & Development Processes Virtualization layers Planning Component reuse Design - HLR Class Hierarchy - LLR + Class Hierarchy Type Consistency - Exception Management Strategy - Memory Management Strategy - Reuse & Deactivation
  • 10. Appendix OO.C7 & OO.C8 1.Key Features - - - - - - - 2.General Issues - - - - Guidance Guidelines New objective+activities (OO.4.2, OO.5.2.2, OO.6.6) Design standard none Separate instance verif none Code Standard One word (OO.6.3.4.f) Code Standard & Review Enhanced activities (OO.4.2.b, OO.5.2.2.d, OO.6.3.3.a) Design Standard New Objective+Activities (OO.4.2, OO.5.2.2, OO.6.7) Design Standard Clarification (OO.4.2.a) Layered certif evidence Clarification (OO.5.5) none Data & Control coupling Clarification (OO.4.2.b, OO.5.2.2.e) Extensive (redundant) None Extensive (redundant)
  • 11. OO.6.7: Local Type Consistency Verification How to Address verification of dynamic dispatch ? Is Statement Coverage a good measure? Do_Something  (Object  :  C1) Object.M  (); Do_Something_Else  (Object  :  C2) Object.M  (); Do_Something  (Object  :  C1) case   is =>  Object.C1::M  (); =>  Object.C2::M  (); end  case; Do_Something_Else  (Object  :  C2) case   is =>  Object.C1::M  (); =>  Object.C2::M  (); end  case; Do_Something  (Object  :  C1) Dispatch_M  (C1); Do_Something_Else  (Object  :  C2) Dispatch_M  (C2); Dispatch_M  (Object  :  C1) case   is =>  Object.C1::M  (); =>  Object.C2::M  (); end  case; pessimistic optimistic
  • 12. OO.6.7: Local Type Consistency Verification (2) Class  C1 Method  M   Class  C3 overriding  Method  M   Class  C2 inherited  Method  M   Class  C4 overriding  Method  M   Do_Something  (Object  :  C1) -­‐-­‐ precondition:  what  does  the  context  provide  to  M Object.M  (); -­‐-­‐ postcondition:  what  is  M  contribution  to  the  context - - it provides as much to the context (postcondition strengthening)
  • 13. Local Type Consistency (3) 3 possible activities: - - Define explicit annotations (Pre/Postconditions, invariants) - Annotations must be complete & correct - Prove theorem on Pre & Post - Verify substitutability by (unit) testing - LLRs are associated to Class methods - Run LLR tests associated with superclass on subclass - Pessimistic Testing - New coverage criteria for dispatching call - any method invocation must be covered at each dispatch point
  • 14. OO.6.8: Dynamic Memory Management 7 activities corresponding to usual vulnerabilities: - Reference Ambiguity - Fragmentation Starvation - Deallocation Starvation - Heap exhaustion - Premature Deallocation - Lost Update (Moving GCs) - Time bound on alloc/dealloc 4 Types of Dynamic Allocation Considered - Object Pooling - Stack/Scope Allocation - Manual Heap allocation - Automatic Heap Allocation (GC)
  • 15. Virtualization What is Code & what is Data ? OO4.2.a : Any time that data, when interpreted, provides control flow for the executable program, virtualization is being used Layered Verification Virtualization Software to be certified at appropriate level Same for Virtualized Software Interpreted Language Java Byte Code State Machine Language Interpret JVM SM interpretLayer 1 Layer 2
  • 16. Design & Code Standards Restrict Static Dispatch (vs Dynamic dispatch, see Faq #23) Restrict parametric polymorphism Restrict overloading & implicit type conversions Restrict downcasting and narrowing conversions Restrict Exception Handling Restrict Dynamic Memory management Restrict /= Forbid Find the right bounded usage depending on the language and specific needs of the applications
  • 17. Questions & Answers 36 Q/A Most of them are text explanations from various angles FAQ#20: same example of LSP violation in - Ada - C++ - Java - FAQ#23 : example of static dispatch vs dynamic dispatch
  • 18. Conclusion Was an OOT supplement necessary? NO: - most of the changes could go in the core document YES: - difficult to get significant changes in the core document - groups all the related accompanying information