Help for my Master thesis

Help for my Master thesis

[Kiefmann Bernhard]

Dear Ladies and Gentlemen!

My name is Bernhard Kiefmann and I'm writing my Master's thesis with the topic "the suitability of the GNU C compiler used in safety-related areas". The first problem with this is that I have to check if the compiler met the requirements of the international standard IEC 61508:2010. Here I would like to ask you my question as follows:

  1) What are the rules of the compiler development? Are there any diagrams of UML? Because they are a requirement of the standard.
  2) Are there activities for the Functional Verification?
  3) What procedures and measures for
       - The design and programming guidelines
       - Dynamic analysis and testing
       - Functional testing and black box testing
       - Ausfall-/Versagensanalyse
       - modeling
       - Performance tests
       - Semi Formal Methods
       - Static Analysis
       - Modular approach

If you have information here for me I would rather help in assessing whether the compiler for use in safety-relevant area is suitable. 
The second point of my work is concerned with the treatment of releases. Are you putting any kind of evidences in your source-code and how they look like?
Because the evidences should be read and analyzed and the investigation should demonstrate if the changes in the release code effects on the safety relevant area.  

I would like to thank you in advance for your help, stand for any questions you may have in the meantime, I remain Yours sincerely

Kiefmann Bernhard
bernhard.kiefmann@stud.fh-campuswien.ac.at 

Re: Help for my Master thesis

[David Daney]

On 03/29/2013 01:35 PM, Kiefmann Bernhard wrote:
> Dear Ladies and Gentlemen!
>
> My name is Bernhard Kiefmann and I'm writing my Master's thesis with the topic "the suitability of the GNU C compiler used in safety-related areas". The first problem with this is that I have to check if the compiler met the requirements of the international standard IEC 61508:2010. Here I would like to ask you my question as follows:
>
>    1) What are the rules of the compiler development? Are there any diagrams of UML? Because they are a requirement of the standard.
>    2) Are there activities for the Functional Verification?
>    3) What procedures and measures for
>         - The design and programming guidelines
>         - Dynamic analysis and testing
>         - Functional testing and black box testing
>         - Ausfall-/Versagensanalyse
>         - modeling
>         - Performance tests
>         - Semi Formal Methods
>         - Static Analysis
>         - Modular approach

There is a web site that has (at least superficial) answers to most of 
these questions.  Have you looked at:

http://gcc.gnu.org/

I would recommend doing that, then asking more specific questions if you 
find the web site lacking.

David Daney

>
> If you have information here for me I would rather help in assessing whether the compiler for use in safety-relevant area is suitable.
> The second point of my work is concerned with the treatment of releases. Are you putting any kind of evidences in your source-code and how they look like?
> Because the evidences should be read and analyzed and the investigation should demonstrate if the changes in the release code effects on the safety relevant area.
>
> I would like to thank you in advance for your help, stand for any questions you may have in the meantime, I remain Yours sincerely
>
> Kiefmann Bernhard
> bernhard.kiefmann@stud.fh-campuswien.ac.at
>
>
>
>
>

Re: Help for my Master thesis

[Tobias Burnus]

Kiefmann Bernhard wrote:
> My name is Bernhard Kiefmann and I'm writing my Master's thesis with the topic "the suitability of the GNU C compiler used in safety-related areas". The first problem with this is that I have to check if the compiler met the requirements of the international standard IEC 61508:2010. Here I would like to ask you my question as follows:

I think GCC developers and users have different requirements and 
"Functional safety of electrical/electronic/programmable electronic 
safety-related systems" is for most of them not the top priority and 
presumably difficult to achieve for the whole project.

However, I know that the Ada community is wary about the issue and that 
GCC's gnat (GCC' Ada compiler) is used in safety-critical areas. Also 
AdaCore (main contributor to the gnat development) advertises "Aids in 
establishing certification requirements (DO-178B level A / 
DO-178C-ready, EN 50128, IEC 61508, ECCS-E40B)".

See also 
gcc.gnu.org/wiki/cauldron2012?action=AttachFile&do=get&target=petergarbett1958.pdf 
for someone using GCC's Ada compiler for a project, requiring DO178-B/C 
certification.

Thus, I think the GCC Ada developers/AdaCore developers should be best 
suited to answer your questions.

I will try to give a first answer to your questions, but as I did not 
have anything to do with safety certification, I won't be able to give 
perfect answers.

>    1) What are the rules of the compiler development? Are there any diagrams of UML? Because they are a requirement of the standard.

Let's start with bugs as there the scheme is a bit easier: If a bug is 
found and analyzed and a patch has been found, the patch is submitted 
together with a test case, which becomes part of the regression test 
suite. Before submitting the patch, it is required to do a build 
(bootstrap) of the compiler and a run of the test suite without any 
(new) failure. The patch is then submitted to the gcc-patches mailing 
list, which allows others to comment and nonobvious patches require the 
approval prior checkin. - The bootstrap and test-suite run is only done 
for one architecture, however, as others build+regression test the 
compiler on various systems regularly, platform specific issues are also 
detected. Additionally, some other applications/benchmarks/testsuite are 
also regularly run.

Regarding the addition of new features: It really depends on the 
developer; I think most do not use UML, but some may.

Actually, a compiler is a rather complex program such that UML does not 
seem to be a practical approach for the development. Nor is it possible 
to test all possible code paths. I also believe that a compiler is not 
required to be developed using UML - contrary to programs requiring 
safety certification. In any case, I am pretty sure that GNAT is used in 
safety critical application, which pass the certification.

If I recall correctly some talk by GNAT/AdaCore developers, for 
certification, they need to prove that the input GNAT code leads to 
correct assembler at the end - how it reaches the code is not important. 
But proving that is does, is a bit cumbersome.


>    2) Are there activities for the Functional Verification?

For the compiler itself, there is only manually writing test cases for 
new features which should try to give a broad coverage of the new 
feature, including both valid and invalid (to be diagnosed) code and 
both compile and run-time test, partially with inspecting the generated 
code. Plus code-review which does nor really count as formal verification.

However, for applications using GCC, there exist tools. See for 
instance, http://www.open-do.org/projects/hi-lite/ which is in the 
context of functional verification and GCC's gnat/C compilers.


> If you have information here for me I would rather help in assessing whether the compiler for use in safety-relevant area is suitable.

Well, given that it is used to create programs for safety critical 
areas, certification agencies seem to regard it (in conjunction with 
suitable verifications) as suitable ;-)


I hope it helps a bit - any that you will get replies from others who 
know better how the safety-related certification works.

And good luck with your thesis!

Tobias

Re: Help for my Master thesis

[Rob Doyle]

On 3/29/2013 1:35 PM, Kiefmann Bernhard wrote:
> Dear Ladies and Gentlemen!
>
> My name is Bernhard Kiefmann and I'm writing my Master's thesis with
>  the topic "the suitability of the GNU C compiler used in
> safety-related areas". The first problem with this is that I have to
>  check if the compiler met the requirements of the international
> standard IEC 61508:2010. Here I would like to ask you my question as
>  follows:
>
> 1) What are the rules of the compiler development? Are there any
> diagrams of UML? Because they are a requirement of the standard. 2)
> Are there activities for the Functional Verification? 3) What
> procedures and measures for - The design and programming guidelines -
> Dynamic analysis and testing - Functional testing and black box
> testing - Ausfall-/Versagensanalyse - modeling - Performance tests -
>  Semi Formal Methods - Static Analysis - Modular approach
>
> If you have information here for me I would rather help in assessing
>  whether the compiler for use in safety-relevant area is suitable.
> The second point of my work is concerned with the treatment of
> releases. Are you putting any kind of evidences in your source-code
> and how they look like? Because the evidences should be read and
> analyzed and the investigation should demonstrate if the changes in
> the release code effects on the safety relevant area.
>
> I would like to thank you in advance for your help, stand for any
> questions you may have in the meantime, I remain Yours sincerely
>
> Kiefmann Bernhard bernhard.kiefmann@stud.fh-campuswien.ac.at
>

For aerospace applications, RTCA/DO-178C entitled "Software
Considerations in Airborne Systems and Equipment Certification" governs
all aspects of software safety. This document and its supplements
addresses all of the information that you're interested in.

DO-333 entitled "Formal Methods Supplement to DO-178C and DO-278A",
DO-332 entitled "Object-Oriented Technology and Related Techniques
Supplement to DO-178C and DO-278A", and DO-331 entitled "Model-Based
Development and Verification Supplement to DO-178C and DO-278A" will
also be relevant.

These are all available from http://www.rtca.org/ (not free, sorry).

The EU has identically worded documents via the EUROCAE organization
(http://www.eurocae.net/). For example, ED-12C is identical to DO-178C.

Rob.

Re: Help for my Master thesis

[Oleg Endo]

Hello,

On Fri, 2013-03-29 at 20:35 +0000, Kiefmann Bernhard wrote:
> Dear Ladies and Gentlemen!
> 
> My name is Bernhard Kiefmann and I'm writing my Master's thesis with
> the topic "the suitability of the GNU C compiler used in safety-related
> areas". 

I can imagine that it could be important to differentiate whether the
compiler is just used to compile programs that are subject to safety
constraints, or whether the compiler is part of the runtime system and
is used during runtime (e.g. JIT compilation).

> The first problem with this is that I have to check if the
> compiler met the requirements of the international standard IEC
> 61508:2010. Here I would like to ask you my question as follows:
> 
>   1) What are the rules of the compiler development? 

Basically: Each patch (i.e. modification of the compiler) is tested
using compiler bootsrapping and/or testsuite and then submitted for
review. 

> Are there any diagrams of UML? Because they are a requirement of the standard.

Not in the official GCC repository. (at least not that I know of).

>   2) Are there activities for the Functional Verification?

The testsuite contains test cases with some input (program code) and
expected output.  There are test cases that check whether a piece of
code just compiles, links, runs and produces some expected output or
whether certain instructions are generated on particular targets.

>   3) What procedures and measures for
>        - The design and programming guidelines

There is a common coding convention.  The SW design of the compiler is
modified in order to fulfill the needs for new features or improvements.
Some data structures and algorithms are carefully designed or picked to
meet certain performance criteria (e.g. avoiding n^2 algorithms).

>        - Dynamic analysis and testing

Occasionally developers use additional tools such as GDB, Valgrind etc
to identify problematic parts in the compiler.

>        - Functional testing and black box testing

Testsuite (see above).

>        - Ausfall-/Versagensanalyse

I guess you mean failure analysis here.
If somebody detects a problem (e.g. compiler crashes or produces wrong
machine code and the compiled program crashes) this problem is reported
and a reduced test case is derived.  After fixing the issue in the
compiler the test case is added to the testsuite.

>        - Performance tests

People run various kinds of benchmarks and post the results to the
mailing lists etc.

>        - Modular approach

GCC is split into different modules internally, such as language
front-ends, SSA tree optimizations/transformations, back-ends etc.

> 
> If you have information here for me I would rather help in assessing
> whether the compiler for use in safety-relevant area is suitable. The
> second point of my work is concerned with the treatment of releases.
> Are you putting any kind of evidences in your source-code and how they
> look like? 

What do you mean by putting evidence into the source code regarding
releases?  Like associating a release and the source code that was used
to make the release?  The official GCC is released as source code only.
Versions are tracked with SVN branches.  See also the bottom of this
page: http://gcc.gnu.org/develop.html 

Hope it helps,
Oleg

Help for my Master thesis

[Kiefmann Bernhard]

Dear Ladies and Gentlemen!

As you can read below, I need some information regarding the development of the GCC's. Some of the questions below were answered me already but I can not find any references to the use of formal or semi-formal methods. as
- Logic / functional block diagrams
- Flow charts
- Data flow diagrams
- Finite state machines / state transition diagrams
- Timed Petri Nets
- Entity Relationship Attribute data model
- Messages history tables
- Entscheidungs-/Wahrheitstabellen
and
CCS,
CSP, HOL, LOTOS, OBJ, temporary logic, VDM and Z.


I would like to thank you in advance for your help, stand for any questions you may have in the meantime, I remain Yours sincerely
Bernhard Kiefmann
bernhard.kiefmann@stud.fh-campuswien.ac.at 

Am 29.03.2013 um 21:35 schrieb Bernhard Kiefmann <bernhard.kiefmann@stud.fh-campuswien.ac.at>:
>> Dear Ladies and Gentlemen!
>> 
>> My name is Bernhard Kiefmann and I'm writing my Master's thesis with the topic "the suitability of the GNU C compiler used in safety-related areas". The first problem with this is that I have to check if the compiler met the requirements of the international standard IEC 61508:2010. Here I would like to ask you my question as follows:
>> 
>>  1) What are the rules of the compiler development? Are there any diagrams of UML? Because they are a requirement of the standard.
>>  2) Are there activities for the Functional Verification?
>>  3) What procedures and measures for
>>       - The design and programming guidelines
>>       - Dynamic analysis and testing
>>       - Functional testing and black box testing
>>       - Ausfall-/Versagensanalyse
>>       - modeling
>>       - Performance tests
>>       - Semi Formal Methods
>>       - Static Analysis
>>       - Modular approach
>> 
>> If you have information here for me I would rather help in assessing whether the compiler for use in safety-relevant area is suitable. 
>> The second point of my work is concerned with the treatment of releases. Are you putting any kind of evidences in your source-code and how they look like?
>> Because the evidences should be read and analyzed and the investigation should demonstrate if the changes in the release code effects on the safety relevant area.  
>> 
>> I would like to thank you in advance for your help, stand for any questions you may have in the meantime, I remain Yours sincerely
>> 
>> Kiefmann Bernhard
>> bernhard.kiefmann@stud.fh-campuswien.ac.at 
>> 
>> 
> 

Re: Help for my Master thesis

[Andrew Haley]

On 07/27/2013 08:36 PM, Kiefmann Bernhard wrote:
> As you can read below, I need some information regarding the development of the GCC's. Some of the questions below were answered me already but I can not find any references to the use of formal or semi-formal methods. as
> - Logic / functional block diagrams
> - Flow charts
> - Data flow diagrams
> - Finite state machines / state transition diagrams
> - Timed Petri Nets
> - Entity Relationship Attribute data model
> - Messages history tables
> - Entscheidungs-/Wahrheitstabellen
> and
> CCS,
> CSP, HOL, LOTOS, OBJ, temporary logic, VDM and Z.

Yes, it's all true.  Out here in the real world we don't do any
of that.  ;-)

Andrew.