Source-Code-to-Object-Code Traceability Analysis for Avionics Software: Don’t Trust Your Compiler

  • Jörg BrauerEmail author
  • Markus Dahlweid
  • Tobias Pankrath
  • Jan Peleska
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9337)


One objective of structural coverage analysis according to RTCA DO-178C for avionic software of development assurance level A (DAL-A) is to either identify object code that was not exercised during testing, or to provide evidence that all code has been tested in an adequate way. Therefore comprehensive tracing information from source code to object code is required, which is typically derived using a manual source-code-to-object-code (STO) traceability analysis. This paper presents a set of techniques to perform automatic STO traceability analysis using abstract interpretation, which we have implemented in a tool-suite called Rtt-Sto. At its core, the tool tries to prove that the control flow graphs of the object code and the source are isomorphic. Further analyses, such as memory allocation analysis and store analysis are then performed on top. Our approach has been applied during low-level verification for DAL-A avionics software, where the effort for STO analysis was significantly reduced due to a high degree of automation. Importantly, the associated analysis process was accepted by the responsible certification authorities.


DO-178C Source-code-to-object-code traceability Static analysis Abstract interpretation 


  1. 1.
    Balakrishnan, G., Reps, T.W.: WYSINWYX: what you see is not what you execute. ACM Trans. Program. Lang. Syst. 32(6), 23:1–23:84 (2010)CrossRefGoogle Scholar
  2. 2.
    Bardin, S., Baufreton, P., Cornuet, N., Herrmann, P., Labbé, S.: Binary-level testing of embedded programs. In: QSIC, pp. 11–20. IEEE (2013)Google Scholar
  3. 3.
    Bardin, S., Herrmann, P., Védrine, F.: Refinement-based CFG reconstruction from unstructured programs. In: Jhala, R., Schmidt, D. (eds.) VMCAI 2011. LNCS, vol. 6538, pp. 54–69. Springer, Heidelberg (2011) CrossRefGoogle Scholar
  4. 4.
    Bartholomew, D.: Qemu: a multihost, multitarget emulator. Linux J. 2006(145), 3 (2006)Google Scholar
  5. 5.
    Bordin, M., Comar, C., Gingold, T., Guitton, J., Hainque, O., Quinot, T.: Object and source coverage for critical applications with the couverture open analysis framework. In: ERTS (2010)Google Scholar
  6. 6.
    Brauer, J., Noll, T., Schlich, B.: Interval analysis of microcontroller code using abstract interpretation of hardware and software. In: SCOPES. ACM (2010)Google Scholar
  7. 7.
    Certification Authorities Software Team (CAST): Guidelines for Approving Source Code to Object Code Traceability - Position Paper CAST-12. CAST (2002)Google Scholar
  8. 8.
    Certification Authorities Software Team (CAST): Structural Coverage of Object Code - Position Paper CAST-17. CAST (2003)Google Scholar
  9. 9.
    Cousot, P., Cousot, R.: Abstract interpretation: a unified lattice model for static analysis of programs by construction or approximation of fixpoints. In: POPL, pp. 238–252. ACM (1977)Google Scholar
  10. 10.
    Dullien, T., Rolles, R.: Graph-based comparison of executable objects. SSTIC 5, 1–13 (2005)Google Scholar
  11. 11.
    Flake, H.: Structural comparison of executable objects (2004)Google Scholar
  12. 12.
    Flexeder, A., Petter, M., Seidl, H.: Side-effect analysis of assembly code. In: Yahav, E. (ed.) SAS 2011. LNCS, vol. 6887, pp. 77–94. Springer, Heidelberg (2011) CrossRefGoogle Scholar
  13. 13.
    Gao, D., Reiter, M.K., Song, D.: BinHunt: automatically finding semantic differences in binary programs. In: Chen, L., Ryan, M.D., Wang, G. (eds.) ICICS 2008. LNCS, vol. 5308, pp. 238–255. Springer, Heidelberg (2008) CrossRefGoogle Scholar
  14. 14.
    Hopcroft, J.: An n log n algorithm for minimizing states in a finite automaton. Technical report, DTIC Document (1971)Google Scholar
  15. 15.
    Kinder, J., Zuleger, F., Veith, H.: An abstract interpretation-based framework for control flow reconstruction from binaries. In: Jones, N.D., Müller-Olm, M. (eds.) VMCAI 2009. LNCS, vol. 5403, pp. 214–228. Springer, Heidelberg (2009) CrossRefGoogle Scholar
  16. 16.
    Leroy, X.: Formal verification of a realistic compiler. Commun. ACM 52(7), 107–115 (2009)CrossRefGoogle Scholar
  17. 17.
    Reinbacher, T., Brauer, J.: Precise control flow reconstruction using boolean logic. In: EMSOFT, pp. 117–126. ACM (2011)Google Scholar
  18. 18.
    Rierson, A.: Developing Safety-Critical Software. CRC Press, Boca Raton (2013) Google Scholar
  19. 19.
    RTCA SC-205/EUROCAE WG-71: Software Considerations in Airborne Systems and Equipment Certification. No. RTCA DO-178C, RTCA Inc. 1140 Connecticut Avenue, N.W., Suite 1020, Washington, D.C., 20036, December 2011Google Scholar
  20. 20.
    RTCA SC-205/EUROCAE WG-71: Software Tool Qualification Considerations. No. RTCA DO-330, RTCA, Inc., December 2011Google Scholar
  21. 21.
    RTCA SC-205/EUROCAE WG-71: Supporting Information for DO-178C and DO-278A. No. RTCA DO-248C, RTCA, Inc., December 2011Google Scholar
  22. 22.
    RTCA, SC-167: Software Considerations in Airborne Systems and Equipment Certification, RTCA/DO-178B. RTCA (1992)Google Scholar
  23. 23.
    European Committee for Electrotechnical Standardization: EN 50128:2011 - Railway applications - Communications, signalling and processing systems - Software for railway control and protection systems. CENELEC, Brussels (2001)Google Scholar
  24. 24.
    Sobek, S.,Burke, K.: Power PC Embedded Application Binary Interface (EABI): 32-Bit Implementation. Freescale Semiconductor Inc. (2004)Google Scholar

Copyright information

© Springer International Publishing Switzerland 2015

Authors and Affiliations

  • Jörg Brauer
    • 1
    Email author
  • Markus Dahlweid
    • 1
  • Tobias Pankrath
    • 1
  • Jan Peleska
    • 2
  1. 1.Verified Systems International GmbHBremenGermany
  2. 2.Department of Mathematics and Computer ScienceUniversity of BremenBremenGermany

Personalised recommendations