Upload
allison-rich
View
212
Download
0
Tags:
Embed Size (px)
Citation preview
Copyright Critical Software S.A. 1998-2007 All Rights Reserved.
G-SWFIT A Technique for Fault Injection in Executable CodeSAS’07, Morgantown Sept. 25th-27th
Nuno SilvaRicardo BarbosaVV&RAMS Engineering Unit
© Copyright Critical Software S.A. 1998-2007 All Rights Reserved.
2
Presentation Overview
Last Year’s Presentation
Current R&D at CSW
SpaceAQua Project
G-SWFIT Technique and Xception Plugin
Other Research Initiatives
Future Work
© Copyright Critical Software S.A. 1998-2007 All Rights Reserved.
3
Last Year Presentation
COTS vs. Custom Made “Evaluation of COTS through Fault
Injection?” Three techniques for assessing COTS
components Robustness and Stress Testing Double phased technique using API fault
injection and SWIFI Fault Injection for Risk Assessment
Assessment of real time (COTS) kernels through fault injection Presentation of the case studies and results
© Copyright Critical Software S.A. 1998-2007 All Rights Reserved.
4
Current R&D at CSW
Main stream R&D is divided into two different (but related) trends
SpaceAQua Project G-SWFIT Technique
Further development (improvement and optimization) of current Xception plugins
Mainly based on industrial usage feedback Other Research Initiatives
Xpy – Non intrusive monitoring tool for space applications
TestOO – Static assessment of object oriented real time applications
© Copyright Critical Software S.A. 1998-2007 All Rights Reserved.
5
SpaceAQua Project
Automated Qualification Framework SpaceAQua will integrate several
techniques and tools for assessing COTS used in space
Qualify each assessed product according to a predefined qualification scheme
Generic Test Plan for Reuse Automate qualification steps (including
the definition, generation and execution of test cases)
© Copyright Critical Software S.A. 1998-2007 All Rights Reserved.
6
G-SWFIT Technique
G-SWFIT Assessment and research of the
technique Applicability analysis of technique in
space systems evaluation, namely COTS Implementation of plug-in for Xception
toolset (for Intel IA32 architecture) Experimentation and validation of
toolset
© Copyright Critical Software S.A. 1998-2007 All Rights Reserved.
7
G-SWFIT Technique
PhD work of João Durães Durães, J., Madeira, H., “Definition of Software Fault Emulation
Operators: a Field Data Study”, DSN 2003 Durães, J., Madeira, H., “Generic Faultloads Based on Software Faults
for Dependability Benchmarking” Durães, J., Madeira, H., “Multidimensional Characterization of the
Impact of Faulty Drivers on the Operating Systems Behavior”, IEICE 2003
Durães, J., Madeira, H., “Emulation of Software Faults by Educated Mutations at Machine-Code Level”, ISSRE 2002
Fault injection technique Used on binary code No source code needed No recompilation or development environment required
Applicable virtually to any software Need to investigate legal aspects for COTS software Check impacts on SW with Checksums
© Copyright Critical Software S.A. 1998-2007 All Rights Reserved.
8
G-SWFIT Technique – Fault Types
Analyses of opensource projects bug lists Classification of faults using:
ODC associated to the type of correction needed
Extra variable ‘nature’ defines if there is something ‘missing’, ‘wrong’ or
‘extraneous’ Selection of the most representative faults
© Copyright Critical Software S.A. 1998-2007 All Rights Reserved.
9
G-SWFIT Technique - Fault Injection Example
© Copyright Critical Software S.A. 1998-2007 All Rights Reserved.
10
G-SWFIT Technique - Fault Creation and Injection Process
OperatorOperatorFault
Operator
Originalexecutable
Mutatedexecutable
Assemblyrepresentation
Fault
1. Disassembling
2. Fault generation
3. Fault injection
Hard drive
Memory
© Copyright Critical Software S.A. 1998-2007 All Rights Reserved.
11
G-SWFIT Technique - Operator example
Fault Operator for Missing Function Call1. Locates function calls Pattern2. Function call not alone in block Constraint3. Function Returned value (if any) not used Constraint4. Removes function call Injection
CALL removal is made by replacing the CALL instruction by NOP instructions
Example Search pattern Code change
function(...);
CALL target-address
remove ‘CALL’ instruction
© Copyright Critical Software S.A. 1998-2007 All Rights Reserved.
12
Other Research Initiatives - XPY
XPY - Monitoring and Profiling Tool for Space Software XPY provides the end user (VV Engineers) with
a automated code coverage analysis of the user software in a non-intrusive way through boundary scan.
XPY calculates coverage metrics over the original non-instrumented code, based on the low level monitoring of the target system.
SCSC (Statement Coverage), EECEEC (Entry and Exit Point Coverage), DCDC (Decision Coverage), BCCBCC (Branch Condition Coverage), MC/DCMC/DC (Modified Condition/Decision Coverage)
© Copyright Critical Software S.A. 1998-2007 All Rights Reserved.
13
XPY - Monitoring and Profiling Tool for Space Software Modular architecture design allows to be integrated
in different development environments (e.g. Eclipse) and target processors (e.g. LEON – Sparc V8).
The XPY components are: XPY Core – metrics calculation, timing statistics, execution
control; XPY DB Interface – interface with the pre-defined
Database, XPY Interface – integration with application specific plug-
ins, Target System Abstraction Layer – interface layer to other
processor specific boundary scan libraries.
Other Research Initiatives - XPY
© Copyright Critical Software S.A. 1998-2007 All Rights Reserved.
14
XPY - Monitoring and Profiling Tool for Space Software The XPY external components are described
hereafter: GDBIF – access to GDB functionalities in the
application environment. MDSProtocol API – MDS JTAG API to the ERC32 XceptionTM XPY Plug-In – XPY GUI as a new
XceptionTM Plug-In
Other Research Initiatives - XPY
© Copyright Critical Software S.A. 1998-2007 All Rights Reserved.
15
Aditional Features
XPY
Xception Xpy Plug-in
XPY
Eclipse Xpy Plug-in
MDSProtocol API
Plug-in
XPY Interface
Target System Abstraction Layer
DBMS
ERC32 Target System
XPY Db Interface
Target System
GDBIF
Other Research Initiatives - XPYHardware
XPY
JTAG ControllerERC32 Board
(TSC695F)
© Copyright Critical Software S.A. 1998-2007 All Rights Reserved.
16
Testing Object Orientation (TestOO) Can we relay on Object Oriented Software in
Critical Systems? Development a Coding Rules Checker Tool to
support a set of coding rules enhancing the testability and verifiability of Object Oriented Software for Critical Systems;
Checking Ada and JAVA source code for the right use of: General Best Coding Practices, General Best Coding Practices, ESA Standard ESA Standard Coding RulesCoding Rules, BSSC(98)3 Issue 1 Ada95 Coding , BSSC(98)3 Issue 1 Ada95 Coding Standards, Standards, BSSC 2005(2) Issue 1 Java Coding StandardsBSSC 2005(2) Issue 1 Java Coding Standards, , Object Oriented guidelines provided within the scope of Object Oriented guidelines provided within the scope of the project.the project.
Other Research Initiatives - TESTOO
© Copyright Critical Software S.A. 1998-2007 All Rights Reserved.
17
Testing Object Orientation (TestOO) TestOO Checker Architecture
Modular Architecture Design, Windows XP and Linux OS Portability, Integrates Open Source Tools and Rules DB (DataBase)
TestOO Checker Features Generic IDE Layout (GUI)
Explorer File System Browser; Profile Manager (Ada and
JAVA Profiles / Rules Navigators) Text Editor Output Console Reporting Facilities
Command Line Interface (CLI)
Other Research Initiatives - TESTOO
© Copyright Critical Software S.A. 1998-2007 All Rights Reserved.
18
Other Research Initiatives - TESTOO
© Copyright Critical Software S.A. 1998-2007 All Rights Reserved.
19
Future Work
Evaluation of Xception G-SWFIT Further validation of toolset Development of other fault operators Optimization of pattern search Assessment of disassembling
capabilities Assessment of processor architecture
and compiler dependencies OK for OSS, needs to be carefully
thought for “other” COTS
© Copyright Critical Software S.A. 1998-2007 All Rights Reserved.
20
Future Work
SpaceAQua Project Kick Off of SpaceAQua Project (late ’07) Cooperation between
CSW, NASA IVV, WVU and CISUC
CISUC
© Copyright Critical Software S.A. 1998-2007 All Rights Reserved.
21
Questions? Thank You!
www.criticalsoftware.com
VV&RAMS Engineering Unit Engineering ManagerNuno [email protected]
Project ManagerRicardo [email protected]
Critical Software SA Critical Software SA Critical Software SA Critical Software, Limited
Critical Software Technologies Ltd
Parque Industrial de Taveiro, Lote 483045-504 Coimbra, PORTUGALTel: +351 239 989 100 Fax: +351 239 989 119
Pólo Tecnológico de Lisboa, Lote 1, Estrada do Paço do Lumiar1600-546 Lisboa, PORTUGAL Tel: +351 21 7101192 Fax: +351 21 7101103
Tecmaia - Rua Eng.º Frederico Ulrich, nº 26504470-605 Moreira da Maia, Porto, PORTUGALTel.: +351 229446927Fax: +351 229446929
111 North Market Street, Suite 670San Jose, California, USA, 95113Tel: +1(408) 9711231Fax: +1(408) 3513330
Suite 19-21 - 2 Venture RoadSouthampton Science ParkChilworth - SouthamptonSO16 7NP - United KingdomTel: +44 (0)23 8076 3853