Section: New Results

Space Software Validation using Abstract Interpretation

Participants : Olivier Bouissou [ CEA LIST ] , Éric Conquet [ ESA - ESTEC ] , Patrick Cousot, Radhia Cousot, Jérôme Feret, Khalil Ghorbal [ CEA LIST ] , Éric Goubault [ CEA LIST ] , David Lesens [ Astrium ST ] , Laurent Mauborgne, Antoine Miné, Sylvie Putot [ CEA LIST ] , Xavier Rival, Michel Turin [ GTI6 ] .

In [20] , we report the results of the ESA funded project (see 7.2 ) on the use of abstract interpretation to validate critical real-time embedded space software. Abstract interpretation is industrially used since several years, especially for the validation of the Ariane 5 launcher. However, the limitations of the tools used so far prevented a wider deployment. Astrium Space Transportation, CEA, and ENS have analyzed the performances of two recent tools on a case study extracted from the safety software of the ATV:

• Astrée , developed by ENS and CNRS, to check for run-time errors,

• Fluctuat , developed by CEA, to analyze the accuracy of numerical computations.

The conclusion of the study is that the performance of this new generation of tools has dramatically increased (no false alarms and fine analysis of numerical precision).

Thanks to a case study representative of the software developed at Astrium ST, the results of this study will be applicable to any type of embedded critical real-time space software (launchers, satellites, spacecrafts, and space probes) developed in C. They will improve the quality of software (fewer residual bugs) and will at the same time dramatically decrease the costs of robustness testing. The study has also hinted towards some directions of improvement for the tools. As a conclusion, the Technology Readiness Level (TRL) for Astrée and Fluctuat on space software is evaluated between 4 (component and/or breadboard validation in laboratory environment) and 5 (component and/or breadboard validation in relevant environment).