ABSTRACT
A dependability case is an explicit, end-to-end argument, based on concrete evidence, that a system satisfies a critical property. We report on a case study constructing a dependability case for the control software of a medical device. The key novelty of our approach is a lightweight code analysis that generates a list of side conditions that correspond to assumptions to be discharged about the code and the environment in which it executes. This represents an unconventional trade-off between, at one extreme, more ambitious analyses that attempt to discharge all conditions automatically (but which cannot even in principle handle environmental assumptions), and at the other, flow- or context-insensitive analyses that require more user involvement. The results of the analysis suggested a variety of ways in which the dependability of the system might be improved.
- M. Barnett, R. DeLine, M. Fähndrich, B. J. 0002, K. R. M. Leino, W. Schulte, and H. Venter. The spec# programming system: Challenges and directions. In VSTTE, pages 144--152, 2005.Google Scholar
- Common Criteria Portal. Common Criteria Documents, August 2010. http://www.commoncriteriaportal.org/thecc.html.Google Scholar
- J. C. Corbett, M. B. Dwyer, J. Hatcliff, S. Laubach, C. S. Pasareanu, Robby, and H. Zheng. Bandera: extracting finite-state models from java source code. In ICSE, pages 439--448, 2000. Google ScholarDigital Library
- M. B. Dwyer and S. G. Elbaum. Unifying verification and validation techniques: relating behavior and properties through partial evidence. In FoSER Workshop, co-located with FSE, pages 93--98, 2010. Google ScholarDigital Library
- C. Flanagan, K. R. M. Leino, M. Lillibridge, G. Nelson, J. B. Saxe, and R. Stata. Extended static checking for java. In PLDI, pages 234--245, 2002. Google ScholarDigital Library
- P. J. Graydon, J. C. Knight, and E. A. Strunk. Assurance based development of critical systems. In DSN, pages 347--357, 2007. Google ScholarDigital Library
- W. Griswold. Coping with crosscutting software changes using information transparency. Metalevel Architectures and Separation of Crosscutting Concerns, pages 250--265, 2001. Google ScholarDigital Library
- D. Jackson. Software Abstractions: Logic, language, and analysis. MIT Press, 2006. Google ScholarDigital Library
- D. Jackson. A direct path to dependable software. Commun. ACM, 52(4):78--88, 2009. Google ScholarDigital Library
- D. Jackson and E. Kang. Property-part diagrams: A dependence notation for software systems. In ICSE '09 Workshop: A Tribute to Michael Jackson, 2009.Google Scholar
- D. Jackson, M. Thomas, and L. Millett. Software for dependable systems: sufficient evidence? National Academies Press, 2007. Google ScholarDigital Library
- D. Jackson and M. Vaziri. Finding bugs with a constraint solver. In ISSTA, pages 14--25, 2000. Google ScholarDigital Library
- M. Jackson. Problem Frames: Analyzing and Structuring Software Development Problems. Addison-Wesley, 2000. Google ScholarDigital Library
- E. Kang. A framework for dependability analysis of software systems with trusted bases. Master's thesis, Massachusetts Institute of Technology, 2010.Google Scholar
- E. Kang and D. Jackson. Dependability arguments with trusted bases. In RE, pages 262--271, 2010. Google ScholarDigital Library
- T. Kelly and R. Weaver. The Goal Structuring Notation - A Safety Argument Notation. In Workshop on Assurance Cases, co-located with DSN, 2004.Google Scholar
- R. R. Lutz and A. Patterson-Hine. Using fault modeling in safety cases. In ISSRE, pages 271--276, 2008. Google ScholarDigital Library
- T. S. E. Maibaum and A. Wassyng. A product-focused approach to software certification. IEEE Computer, 41(2):91--93, 2008. Google ScholarDigital Library
- M. Messier and J. Viega. Safe c string library, January 2005. http://www.zork.org/safestr.Google Scholar
- G. C. Murphy, D. Notkin, and K. J. Sullivan. Software reflexion models: Bridging the gap between source and high-level models. In SIGSOFT FSE, pages 18--28, 1995. Google ScholarDigital Library
- D. Popescu, J. Garcia, and N. Medvidovic. Enabling more precise dependency analysis in event-based systems. In ICPC, pages 305--306. IEEE Computer Society, 2009.Google ScholarCross Ref
- A. Rae, D. Jackson, P. Ramanan, J. Flanz, and D. Leyman. Critical feature analysis of a radiotherapy machine. In SAFECOMP, pages 221--234, 2003.Google ScholarCross Ref
- D. Smith and K. Simpson. Safety Critical Systems Handbook: A Straightforward Guide to Functional Safety, IEC 61508 and Related Standards. Butterworth-Heinemann, 2010.Google Scholar
- G. Snelting, T. Robschink, and J. Krinke. Efficient path conditions in dependence graphs for software safety analysis. ACM Trans. Softw. Eng. Methodol., 15(4):410--457, 2006. Google ScholarDigital Library
- TIBCO (acquired Talarian in 2002). SmartSockets, August 2010. http://www.tibco.com/products/soa/messaging/smartsockets.Google Scholar
- W. Visser, K. Havelund, G. P. Brat, and S. Park. Model checking programs. In ASE, pages 3--12, 2000. Google ScholarDigital Library
Index Terms
- A lightweight code analysis and its role in evaluation of a dependability case
Recommendations
Learning Based Methods for Code Runtime Complexity Prediction
Advances in Information RetrievalAbstractPredicting the runtime complexity of a programming code is an arduous task. In fact, even for humans, it requires a subtle analysis and comprehensive knowledge of algorithms to predict time complexity with high fidelity, given any code. As per ...
Special issue on source code analysis and manipulation
Special issue on source code analysis and manipulation (SCAM 2005)The source code is the reference repository of knowledge, used during program comprehension and modification. SCAM, the IEEE Workshop on Source Code Analysis and Manipulation, brings together researchers and practitioners whose work revolves around the ...
Detection of injected, dynamically generated, and obfuscated malicious code
WORM '03: Proceedings of the 2003 ACM workshop on Rapid malcodeThis paper presents DOME, a host-based technique for detecting several general classes of malicious code in software executables. DOME uses static analysis to identify the locations (virtual addresses) of system calls within the software executables, ...
Comments