Ada Core Technical Update 1 Copyright Ada Core
- Slides: 53
Ada. Core Technical Update 1 Copyright © Ada. Core, 14 December 2021
Outline § Market Trends, hardware, OS and programming languages § Technology update in the Ada and C++ toolchains § Static Analysis and Formal Proof § Testing, Coverage and Fuzzing Technologies § Evolutions of programming technologies for cyber security § DO-178 qualified Simulink to code generation 2 Copyright © Ada. Core, 14 December 2021
Market Trends, hardware, OS and programming languages 3 Copyright © Ada. Core, 14 December 2021
The Future of Power. PC is. . . 4 Copyright © Ada. Core, 14 December 2021
Where is everyone going? 5 Copyright © Ada. Core, 14 December 2021
New Industries - Why use Ada? Avionics is clearly doing something right. . . 6 Copyright © Ada. Core, 14 December 2021
What is the Ada benefit? https: //www. adacore. com/uploads/tech. Papers/Controlling-Costs-with-Software-Language-Choice-Ada. Core-VDC-WP. PDF 7 Copyright © Ada. Core, 14 December 2021
The Automotive Example 8 Copyright © Ada. Core, 14 December 2021
9 Copyright © Ada. Core, 14 December 2021
To RTOS or not to RTOS? 10 Copyright © Ada. Core, 14 December 2021
The RTOS Selection Wind River Lynx Software Technologies Lynx. OS SYSGO Pike. OS Black. Berry Linux Foundation 11 Copyright © Ada. Core, 14 December 2021 Vx. Works QNX Real Time Linux
The Alternative The Ada Bare Metal Profiles Ravenscar Extended Profile - Jorvik Profile Ravenscar Full Ravenscar Small Footprint (SFP) Zero Footprint (ZFP) 12 Copyright © Ada. Core, 14 December 2021
Hypervisors in Certified Systems 13 Copyright © Ada. Core, 14 December 2021
The Rise of LLVM vs 14 Copyright © Ada. Core, 14 December 2021
Technology update in the Ada and C++ toolchains 15 Copyright © Ada. Core, 14 December 2021
GNAT Pro 20 overview 46 platforms (41 cross, 5 native) Support for Ada 83, 95, 2005, 2012, SPARK GCC 7 ➠ GCC 8 GDB 8. 2 ➠ GDB 8. 3 16 Copyright © Ada. Core, 14 December 2021
GNAT Pro Ports Vx. Works 7 SR 620 on all processors (ARM, Power. PC, x 86 - 32 and 64 bits) hosted on Linux and Windows RISC-V Bare Metal 17 Copyright © Ada. Core, 14 December 2021
GNAT Pro Ports (Roadmap) Vx. Works 7 Cert / HELIX Lynx MOSA. IC X 86 -64 Bare Metal CUDA (NVIDIA GPU) Motorola 68 k Bare Metal (!) RTEMS (? ) 18 Copyright © Ada. Core, 14 December 2021
GNAT Pro C++ Cross Linux (ARM, Power. PC) Vx. Works 6 Power. PC Vx. Works 7 all processors (for GNAT Pro 21) 19 Copyright © Ada. Core, 14 December 2021
GNAT Pro CCG Common Code Generator: SPARK to C compiler Numerous code generation improvements to support more constructs (attributes, representation clauses, …) and more efficient C code. Ability to insert arbitrary C code from Ada via pragma Annotate. 20 Copyright © Ada. Core, 14 December 2021
IDEs 21 Copyright © Ada. Core, 14 December 2021
Welcome to GNAT Studio! 22 Copyright © Ada. Core, 14 December 2021
The Microsoft Language Server Protocol (LSP) No LSP Navigation Diagnostics Tooltips Formatting … 23 Copyright © Ada. Core, 14 December 2021
What is libadalang A library that allows users to query/alter data about Ada sources Both low & high level APIs: What is the type of this expression? How many references to this variable? Give me the source location of this token Rename this entity Multi-language: Easy binding generation to other languages: Python, Ada, C, . . . Easy scripting: Be able to create a prototype quickly & interactively 24 Copyright © Ada. Core, 14 December 2021
Static Analysis and Formal Proof 25 Copyright © Ada. Core, 14 December 2021
What is Static Analysis? Basic Static Analysis: coding standard checking, metrics, compiler warnings and style checks Advanced Static Analysis: symbolic execution/interpretation of source code, whole program analysis to perform software analysis Formal Verification: verify high level or abstract properties of your application, give strong guarantees 26 Copyright © Ada. Core, 14 December 2021
Code. Peer Overview Advanced static analysis tool for Ada - Includes also basic static analysis (gnatcheck, gnatmetric) Detects runtime and logic errors - Buffer overflow, division by zero, dead code, … Analyzes complete or partial programs (full Ada) Generates human readable annotations CWE compatible (http: //cwe. mitre. org) 27 Copyright © Ada. Core, 14 December 2021
SPARK Overview - Formal verification tool and language - Subset of Ada 2012: limited pointers, no exceptions - New aspects, pragmas, attributes - Can add (executable) contracts for more precise analysis - Can combine test and proof at subprogram level - Allows 100% automatic proof 28 Copyright © Ada. Core, 14 December 2021
Testing, Coverage and Fuzzing Technologies 29 Copyright © Ada. Core, 14 December 2021
Testing Code Quality 30 Copyright © Ada. Core, 14 December 2021 Code Safety
How Ada. Core Can Help GNATtest § Unit testing infrastructure generator § Automatically generates harness, test driver § Enables more efficient time management when unit testing § Included with GNAT Pro 31 Copyright © Ada. Core, 14 December 2021 GNATcoverage § Coverage tool § Supports multiple object-level and source-level coverages § Instruction, Branch § Statement, Decision, MC/DC § Uses Source Instrumentation GNATfuzz § Fuzzing tool § Negative input black box test § Can help you achieve a higher level of coverage for relatively small setup effort § Currently in beta, available upon request
Generic Unit Testing Setup Subprogram Test procedure specification Code to be tested Actual test procedure Harness Test Results 32 Copyright © Ada. Core, 14 December 2021 Subprogram
What GNATtest Takes Care Of Harness Generated Unit Tests Stubs 33 Copyright © Ada. Core, 14 December 2021 Generated Unit Tests Stubs
Ada 2012 Test Case Aspect function Sqrt (X : Integer) return Integer with Test_Case => (Requires => X = 100, Ensures => Sqrt’Result = 10), Test_Case => (Requires => X < 0, Ensures => Sqrt’Result = 0); procedure Sqrt_Test_1; procedure Sqrt_Test_2; 34 Copyright © Ada. Core, 14 December 2021
What GNATtest Takes Care Of – Other Tests Legacy Unit Tests Other kinds of Tests Harness Generated Unit Test Stubs 35 Copyright © Ada. Core, 14 December 2021 Generated Unit Test Stubs
GNATcoverage Example if (a or b) and c then Ada. Text_IO. Put_Line ( “I’m covered!” ); end if; § Tests: a or b § 1. a = false, b = true, c = true § 2. a = false, b = true, c = false § 3. a = false, b = false, c = true § 4. a = true, b = false, c = true Branch not taken c Legend: Statement Branch/Decision MC/DC Branch not taken 36 Copyright © Ada. Core, 14 December 2021 Branch taken
Coverage for DO-178 § GNATcoverage is qualifiable § For more info, we wrote a book § https: //www. adacore. com/books/do-178 c -tech 37 Copyright © Ada. Core, 14 December 2021
Fuzzing – High Level § Concept: Negative input testing leads to more stable software Seed with test corpus (optional) Generate new input § Benefits § High benefit to cost ratio § Can use to enhance robustness Execute program § Limitations § Not a proper software quality tool § Only detects crashing bugs Fault? § Triaging bugs requires knowledge of the system § Ada mitigates this using compiler checks § Can combine with data from other tools to help 38 Copyright © Ada. Core, 14 December 2021 Bugs
Workflow Ideas The Jonah Strategy 39 Divide and Conquer § Run GNATtest to generate an executable for GNATcoverage to instrument and generate coverage reports § Run GNATcoverage on isolated parts of your codebase (maybe different libraries), then merge the coverage reports § Run GNATfuzz to generate a test corpus, use a GNATtest harness to generate an executable, then pass to GNATcoverage § Gives you a good overall picture of your codebase’s coverage, and where it’s lacking Copyright © Ada. Core, 14 December 2021
Evolutions of programming technologies for cyber security 40 Copyright © Ada. Core, 14 December 2021
A Multi-Tier Approach Static Analysis Dynamic Analysis Code. Peer can analyze many vulnerabilities on existing Ada code SPARK can provide guarantees of absence of certain categories of vulnerabilities Ada checks can protect against a number of vulnerabilities Certain test techniques (fuzz testing) can trigger potential vulnerabilities Compiler hardening The compiler can generate “hardened” code to prevent certain kinds of attacks 41 Copyright © Ada. Core, 14 December 2021
42 Copyright © Ada. Core, 14 December 2021
Data Validation – Mitigations 43 Dynamic Mitigation Static Mitigation Ada run-time checking Ada attribute X’Valid GNAT attribute X’Valid_Scalars GNAT validity checks -gnat. V GNAT warnings Code. Peer static analysis SPARK Pro proof of checks SPARK Pro proof of contracts Copyright © Ada. Core, 14 December 2021
Side Channel Attacks 44 Data Leakage Attacks Fault Injection Attacks - Key material is leaked - Branch test on secret data - Array read/write on secret data - Verification of secret is time sensitive - Secret data is left in memory - Bit-flip Boolean/enums Data corruption Corrupt return address/PC Skip branch decision Early loop termination www. riscure. com/uploads/2017/08/Riscure_Whitepaper_Side_Cha nnel_Patterns. pdf Copyright © Ada. Core, 14 December 2021
Example: Muen The Muen Separation Kernel is the world’s first Open Source microkernel that has been formally proven to contain no runtime errors at the source code level. https: //muen. codelabs. ch/ 45 Copyright © Ada. Core, 14 December 2021
Example: Woo. Key Software classes of attacks (e. g. buffer overflows) are mitigated using Ewo. K [. . . ] providing more confidence by using the Ada safe language along with SPARK formal verification of critical parts. https: //github. com/wookeyproject 46 Copyright © Ada. Core, 14 December 2021
Take Home Messages 47 - Use of Ada/SPARK and Ada. Core tools helps prevent or mitigate a number of serious security vulnerabilities - Static analysis tools Code. Peer and SPARK Pro (GNATprove) can be used to identify around 20 CWE vulnerabilities - Ada. Core roadmap includes features and tools to prevent or mitigate security vulnerabilities: fuzz testing, compiler hardening, taint analysis, proven secure libraries Copyright © Ada. Core, 14 December 2021
DO-178 qualified Simulink to code generation 48 Copyright © Ada. Core, 14 December 2021
QGen • 120 Simulink blocks Trusted Code Generator • Stateflow support • MISRA C: 2012 or SPARK • Consistent, stable code ○ ○ 49 Copyright © Ada. Core, 14 December 2021 Across Simulink versions Across minor layout changes
System Certification & Tool Qualification • Certifying software to DO-178 C Level A is expensive! – • Many required source-code review & verification objectives, including: ■ Low-Level Requirements (LLR)-based testing of source code ■ MC/DC coverage of source code MBD + automatic code generation can greatly reduce that cost … but only if the code generation is qualified to TQL-1. LLR expressed as Model 50 Copyright © Ada. Core, 14 December 2021 TQL-1 Qualified QGen Generated Source Code
Benefits of QGen TQL-1 Qualification Take credit for certification objectives, including: • Review of generated source code: – • LLR-based testing of the generated source code – • QGen TQL 1 guarantees conformance to Simulink semantics Coverage analysis of generated source code – 51 QGen TQL 1 guarantees compliance with requirements & coding standards QGen TQL 1 guarantees that model-level coverage implies code-level coverage Copyright © Ada. Core, 14 December 2021
QGen TQL 1 Qualification: Schedule ● ● ● 52 SOI#1 materials sent to both FAA and initial launch customer on Sep 2019 Initial audit is expected early Q 1 2020 QGen TQL 1 qualification is expected to be completed on Nov 2020 with an FAA program of record QGen TQL 1 is also expected to go through EASA acceptance through a program of record in 2021 QGen TQL 1 has been chosen by one of the largest Aerospace and Defense contractor in the USA and we expect to have several DO-178 C projects at both FAA and EASA Copyright © Ada. Core, 14 December 2021
53 Copyright © Ada. Core, 14 December 2021
Shadow paging recovery technique
Gaya ada yang ... dan ada pula yang
Dalam laporan percobaan tidak ada urutan waktu tetapi ada
Nilai dari tabel kebenaran biimplikasi adalah
Gisci geospatial core technical knowledge exam
Deloitte core values
Common career technical core standards
Technical core
Ada core technologies
Core capabilities and core rigidities
Inner core and outer core
Inner core and outer core
Basic layers of the earth
Chrome update
Yum update reboot
Utils ctl update ctlfile
Gmod
Publishing swansea
Gtcs professional update examples
Grundfos mi 301 firmware update
Project update newsletter
Gartner magic quadrant bi 2018
Vrki update
Adobe connect update
Database recovery techniques
S_alr_87012103
Deferred update
Www.gov.uk/dbs-update-service
Microsoft update
Move update compliance
Klasifikasi failure berdasarkan storage:
Rockwell collins fms database
Sab update
Pastequick user ghost
Gov.ukdbs
Multiplicative update
Igel universal management suite
Bankhead primary rutherglen
Iso legislation update
Delphi sql update
Kb2533623 update for windows 7
Dhl seafreight
Update cmp
811 locate request
Flowchart proses update secara berurutan adalah
Java game loop
Update windows 7
Position update formula
Multiplicative weights update algorithm
Section 508 refresh
Windws update
Sql insert update delete query
Leslie intervention update
@microsoft/mgt
