l13 - CS 267: Automated Verification Lecture 13: Software...

Info iconThis preview shows pages 1–8. Sign up to view the full content.

View Full Document Right Arrow Icon
CS 267: Automated Verification Lecture 13: Software Verification Using Explicit State Model Checking, Java Path Finder, CMC Instructor: Tevfik Bultan
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Software’s Chronic Crisis Large software systems often: Do not provide the desired functionality Take too long to build Cost too much to build Require too much resources (time, space) to run Cannot evolve to meet changing needs For every 6 large software projects that become operational, 2 of them are canceled On the average software development projects overshoot their schedule by half 3 quarters of the large systems do not provide required functionality
Background image of page 2
Software Failures There is a long list of failed software projects and software failures You can find a list of famous software bugs at: http://www5.in.tum.de/~huckle/bugse.html I will talk about two famous and interesting software bugs
Background image of page 3

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Ariane 5 Failure A software bug caused European Space Agency’s Ariane 5 rocket to crash 40 seconds into its first flight in 1996 ( cost: half billion dollars ) The bug was caused because of a software component that was being reused from Ariane 4 A software exception occurred during execution of a data conversion from 64-bit floating point to 16-bit signed integer value The value was larger than 32,767, the largest integer storable in a 16 bit signed integer, and thus the conversion failed and an exception was raised by the program When the primary computer system failed due to this problem, the secondary system started running. The secondary system was running the same software, so it failed too!
Background image of page 4
Ariane 5 Failure The programmers for Ariane 4 had decided that this particular velocity figure would never be large enough to raise this exception. Ariane 5 was a faster rocket than Ariane 4! The calculation containing the bug actually served no purpose once the rocket was in the air. Engineers chose long ago, in an earlier version of the Ariane rocket, to leave this function running for the first 40 seconds of flight to make it easy to restart the system in the event of a brief hold in the countdown. You can read the report of Ariane 5 failure at: http://www.ima.umn.edu/~arnold/disasters/ariane5rep.html
Background image of page 5

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Mars Pathfinder Priority inversion occurs when a thread that has higher priority is waiting for a resource held by thread with a lower priority Pathfinder contained a data bus shared among multiple threads and protected by a mutex lock Two threads that accessed the data bus were: a high-priority bus management thread and a low-priority meteorological data gathering thread Yet another thread with medium-priority was a long running communications thread (which did not access the data bus) A few days into its mission, NASA’s Mars Pathfinder computer system started rebooting itself Cause: Priority inversion during preemptive priority scheduling of threads
Background image of page 6
Mars Pathfinder The scenario that caused the reboot was:
Background image of page 7

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Image of page 8
This is the end of the preview. Sign up to access the rest of the document.

Page1 / 51

l13 - CS 267: Automated Verification Lecture 13: Software...

This preview shows document pages 1 - 8. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online