A Software Safety Certification Plug-in for Automated Code Generators

This report summarizes the results of a feasibility study into the applicability of automated certification technology to auto-generated code, and presents a preliminary design for a software safety certification plug-in (working title, AUTOCERT) to the MathWorks RealTime Workshop (RTW) automated code generator. The proposed tool is an adaptation of a pattern-based annotation inference technology previously developed in NASA funded research at NASA Ames. The principal functionalities to be offered in the first version of the tool, building on RTW’s code generation features, are safety certificate creation, and tracing between certification artifacts—comprising verification conditions and their proofs—and the generated code. This will build on the existing model-to-code tracing features of RTW. The Vertical Motion System flight simulator project at NASA Ames was used as a case study. RTW was used to generate code from Simulink models provided by the VMS developers, and the code was analyzed by the verification tool. The results of the analysis were presented to the VMS team, who also provided feedback on the top-level preliminary design and functionalities of the tool. We conclude that the use of a tightly-coupled generation/analysis tool can allow system engineers to concentrate on modeling and design, with less need to worry about low-level software details, and that the core idea of pattern-based annotation inference is a feasible basis for such a tool.