AdaCore Paris Tech Day 2016: Eric Perlade - Verification Solutions
- 1. Eric Perlade Verification Solutions Technical Account Manager
- 3. Software that matters Leverage the increase in tool responsibility offered by Ada and SPARK Find software bugs and vulnerabilities earlier in the development process Ideally weād like the developers to do this as part of their every day workflow Verification can be made easy Ada
- 4. Verification Assure that software fully satisfies all the expected requirements Non-Functional Requirements Functional Requirements
- 5. Functional Requirements A refinement from System Requirements -> Software Requirements āThe software shallā¦ā High Level and Low Level ā DO-178 Require verification Functional Requirements
- 6. Non-Functional Requirements Can be from outside the SRD refinement path Coding Standards Complexity Requirements Coverage Requirements Target resource usage Requirements Non-Functional Requirements
- 8. Know Your Code ā¢ Embrace Programming by Contract ā¢ Continuous Unit Testing ā¢ Measure your software ā¢ Keep your subprograms at a sensible length and level of complexity ā¢ Ensure your software is readable and understandable by all the developers
- 10. GNATmetric Variety of different metrics are available ā¢ Complexity ā¢ Syntax Elements ā¢ Line Metrics ā¢ Coupling Metrics Output into an XML file which can be post-processed
- 13. GNAT Front End Objective is to leverage the increased formality of the language to allow tools to be more responsible. Compiler switches for the GNAT front end can do a great job of catching coding problems early in the development process Many customers turn on ALL warnings and ensure warnings are treated as ERRORS which will halt compilation Produces better developers ??
- 15. Style Checking The key word here is consistency Developers can unintentionally introduce code constructs that are considered un-helpful in reducing defects General guidelines for good Ada can accompany company coding standards GNATcheck and the GNAT front end itself are available to help
- 17. GNATcheck A set of implemented rules from which a subset can be selected as a coding standard Specified in a file read by GNATcheck and the output can be written to a textual report file or an XML file for post-processing GNAT Programming Studio has a fantastic GUI helper for rule selection
- 21. Static Stack Analysis Generation of the basic stack consumption and call-graph information. Performed during compilation -fcallgraph-info=su,da Generates a .ci file per object file Analysis and report generation
- 24. Pitfalls Cycles, unbounded frames, external calls, dynamic variables or indirect calls Use ā-Waā and ā-vā to get additional information Encourage developers to run GNATstack and try to rework the code to enable full stack analysis
- 25. Build your own tools ! libadalang
- 28. Desktop Dynamic Verification TARGET EMULATIONGNATemulator COVERAGE ANALYSISGNATcoverage UNIT TEST GENERATIONGNATtest
- 29. HARNESS TEST CASES UUT package Simple is procedure SubP( Loop_Count : in Integer; Even_Count : out Integer; Odd_Count : out Integer ) with Pre => (Loop_Count > 0), Post => ((Even_Count >= 0) and (Odd_Count >= 0)); end Simple;
- 30. GNATtest Unit Test Harness Generation Included in GNAT Pro Based on the Open Source AUnit Framework Available for Native and Cross Compilers Code Generation = Lower Costs
- 31. GNATtest Work Flow gnattest -v --RTS=ravenscar-full-prep -Pex4.gpr Generates Test Case Skeletons and a Harness Very Flexible and allows for CM of generated code Aware of User Defined Test Case Code Clearly identifies what will NOT survive a re-generation
- 32. GNATtest āTest Case Generation package Simple.Test_Data is -- begin read only type Test is new AUnit.Test_Fixtures.Test_Fixture -- end read only with null record; procedure Set_Up (Gnattest_T : in out Test); procedure Tear_Down (Gnattest_T : in out Test); end Simple.Test_Data; -- This package has been generated automatically by GNATtest. -- Do not edit any part of it, see GNATtest documentation for more details. -- begin read only with Gnattest_Generated; package Simple.Test_Data.Tests is type Test is new GNATtest_Generated.GNATtest_Standard.Simple.Test_Data.Test with null record; procedure Test_SubP_75ecda (Gnattest_T : in out Test); -- simple.ads:3:4:SubP end Simple.Test_Data.Tests; -- end read only
- 33. GNATtest āTest Case Generation -- This package is intended to set up and tear down the test environment. -- Once created by GNATtest, this package will never be overwritten -- automatically. Contents of this package can be modified in any way -- except for sections surrounded by a 'read only' marker. package body Simple.Test_Data is X : constant Integer := 20; procedure Set_Up (Gnattest_T : in out Test) is pragma Unreferenced (Gnattest_T); begin null; end Set_Up; procedure Tear_Down (Gnattest_T : in out Test) is pragma Unreferenced (Gnattest_T); begin null; end Tear_Down; end Simple.Test_Data;
- 34. -- This package has been generated automatically by GNATtest. -- You are allowed to add your code to the bodies of test routines. -- Such changes will be kept during further regeneration of this file. -- All code placed outside of test routine bodies will be lost. The -- code intended to set up and tear down the test environment should be -- placed into Simple.Test_Data. with AUnit.Assertions; use AUnit.Assertions; package body Simple.Test_Data.Tests is -- begin read only procedure Test_SubP (Gnattest_T : in out Test); procedure Test_SubP_75ecda (Gnattest_T : in out Test) renames Test_SubP; -- id:2.2/75ecda11d3241da6/SubP/1/0/ procedure Test_SubP (Gnattest_T : in out Test) is -- simple.ads:3:4:SubP -- end read only pragma Unreferenced (Gnattest_T); begin AUnit.Assertions.Assert (Gnattest_Generated.Default_Assert_Value, "Test not implemented."); -- begin read only end Test_SubP; -- end read only end Simple.Test_Data.Tests;
- 35. Even_Count, Odd_Count : Integer; begin Simple.SubP( Loop_Count => 21, Even_Count => Even_Count, Odd_Count => Odd_Count ); Assert(((Even_Count = 10) and (Odd_Count = 10)),"Loop_Count => 21"); -- White box analysis identified that no odd numbers above 20 will be counted Simple.SubP( Loop_Count => 22, Even_Count => Even_Count, Odd_Count => Odd_Count ); Assert(((Even_Count = 11) and (Odd_Count = 10)),"Loop_Count => 22");
- 36. GNATtest ā Coverage Analysis
- 39. GNATemulator QEMU Open Source Processor Emulator Not a Simulator I/O Connections No Instrumentation Actual Target Object Code No expensive native re-host PowerPC/ARM/SPARC Executable Image PowerPC/ARM/SPARC -> x86 Translation x86 Host Platform
- 40. GNATemulator Platform Support VxWorks 6 VxWorks 653 PowerPC ELF Bare Metal LEON ELF Bare Metal ARM ELF Bare Metal
- 41. GNATemulator Debugging Puts a verification environment on the developers desk Rapid re-test No target hardware Actual object code EXE GNATemulator GDB SERVER TCP GPS/GDB
- 42. GNATcoverage ā¢ Coverage Analysis - Multiple Modes of Operation ā¢ Run and Capture Execution Trace Data ā¢ Conversion of IEEE-ISTO 5001-2003 (Nexus) Trace Data ā¢ Coverage Analysis of Execution Trace Data ā¢ Source Code Level ā¢ Object Code Level
- 43. Native Intel PowerPC LEON 2 and LEON 3 ARM (Target Trace Port) GNATcoverage Platform Support
- 44. Build Considerations -g Debug data -fpreserve-control-flow Control Optimizers for precise SLOC info -fdump-scos Source Coverage Obligation in *.ali files
- 45. Build Considerations Support for Optimizations (up to -O1) Inlining Allowed (-gnatn) No External Libraries Needed All can be achieved using GNAT Project file scenario variables.
- 46. GNATcoverage Analysis Levels Source Level gnatcov coverage --level=stmt gnatcov coverage --level=stmt+decision gnatcov coverage --level=stmt+mcdc Object Level gnatcov coverage --level=insn gnatcov coverage --level=branch
- 47. GNATcoverage Analysis Formats xcov - Annotated Sources in Text Format report - Textual Summary HTML - Colours, Sortable Columns and Per-project indexes
- 48. Conclusion AdaCore has verification tools that are applicable to the different phases in the classic V-model. Developers can leverage the increase in tool responsibility to continuously verify and catch defects early. Easy to integrate into the developers work environment through the GPS IDE but also command line driven for non- interactive use cases.
- 49. Advance through these slides for more instruction
- 50. Getting Started This template has been setup with a variety of slide layouts to give you a solid foundation that you can build on and adapt as necessary. Get started by clicking the Insert tab and selecting the New Slide dropdown to choose from a variety of slide designs. Each design is available in Dark, Blue, and Light background themes.
- 51. Resources A repository of AdaCore acquired Stock Photography, product screenshots, logos, and other assets can be found at dropbox at the following link : http://bit.ly/1SMRRXT Please note that any stock photography may be used for the purposes of company PowerPoint presentations. For any other use case, please get in touch with us first at [email protected]
- 52. The following icons have been useful for illustrating various industries. Visit http://www.thenounproject.com for a good resource beyond whatās available here. Rail Naval Drone Medical Financial Security Auto Space Air ATM Submarine Grid
- 53. The following icons have been useful for illustrating various industries. Visit http://www.thenounproject.com for a good resource beyond whatās available here. Rail Naval Drone Medical Financial Security Auto Space Air ATM Submarine Grid