NASA developer secures way to the stars

By Jeff Feinman

May 1, 2009 —

When Gerard Holzmann arrives at work, he passes by assembly facilities for putting spacecraft together. He says hello to scientists working with vacuum chambers, which test mechanical devices that operate in outer space. He takes a peek into the “dark room,” an observation room where all active spacecraft are tracked and monitored. It is easy for him to explore his space at the NASA Jet Propulsion Laboratory in Pasadena, Calif.

“There’s lots of very interesting stuff to be seen here,” Holzmann said. “The perspective on writing software changes very quickly if you imagine, ‘Well, maybe your life is at stake if that software malfunctions,’ like if the software were to go into your car or you have to fly on a mission where the software is in control. Then your perspective changes very quickly, and you really don’t want to cut any corners.”

Holzmann didn’t cut corners on his way to the JPL, either. Born in Amsterdam, the Netherlands, he received an engineer’s degree in electrical engineering from the Delft University of Technology. He has written four books, including “The Spin Model Checker – Primer and Reference Manual” and “The Early History of Data Networks.”

Prior to joining the JPL in 2003, Holzmann worked for over 20 years in the Computing Science Research Center at AT&T’s Bell Labs.

With each mission that NASA carries, more and more software is being used on spacecraft. Any small defect can pose a problem during a mission, and with the long transmission delays while a spacecraft is in flight, fixing defects can be “particularly nasty,” Holzmann noted.

As a result, Holzmann and his team have the unenviable task of catching software defects before they reach mission operations. In May 2003, the JPL Laboratory for Reliable Software was created to try and achieve long-term improvements in the JPL’s software systems. The laboratory develops coding standards and creates defect catchers.

Currently, the Laboratory for Reliable Software has its attention on the Mars Science Laboratory mission. Mars Science Laboratory will put a rover onto the red planet to assess whether or not Mars is an environment that could sustain microbial life. In December 2008, the mission was postponed from 2009 to 2011 as a result of issues with flight system testing and hardware, according to NASA. Holzmann said this mission has a couple million lines of code, more than any previous mission.

Naturally, one of Holzmann’s main tasks for the Mars Science Laboratory mission is looking into better methods of catching defects, but this time around, he and his team will be involved in a more hands-on fashion.

“We decided to do something unconventional, which is to actually join the flight software team as members,” Holzmann said. “The flight software development team is very good, experienced people, and they know that the stakes are high, so they’re typically motivated to reach a very high level of quality for their code.”

Scrubbing code clean
Holzmann called writing compliance checkers an art, not a science. He wrote a code-reviewing program called Scrub that is being used for all module code reviews.

Scrub collects all warnings and error reports from different analyzers and compliance checkers, according to Holzmann. The data is then presented in a graphical user interface to module developers so they can see all issues that need to be addressed. Scrub also lets developers compare the quality of their module with those of their colleagues.

“Of course, nobody wants to be an outlier and nobody wants to be the worst, so psychologically, this works very well at getting quality to improve over time,” Holzmann said.

The programs that the JPL lead has created certainly do not end with Scrub. Holzmann and his team have created software to catch defects for the full development life cycle. He’s also written the Spin model checker, which is used for verifying the design of multi-threaded systems, as well as the RCAT requirements analyzer.

For large missions, the JPL typically has a new build once a week, and the team runs all the checkers for each build. Running the static analyzers and checkers takes approximately 18 hours.

According to Holzmann, proper source code analysis should entail compiling at the highest level of warnings allowed by the compiler. Every minor issue should kindle a warning, and people should use several different static analyzers. That is the minimum of workmanship that any careful developer should carry out.

One problem with static analyzers is that the best ones are usually fairly expensive, Holzmann noted. There is some freeware available; for instance, Holzmann developed the Uno static analyzer based on the ANSI C standard. However, he admitted that Uno and other freeware don’t “hold a candle” to commercial static source code analyzers.

Regardless of the method used for static analysis, the emphasis in Holzmann’s mind is just being able to find mistakes.

“Computers are supposed to be perfect; they’re supposed to be able to reason flawlessly,” he said. “That particular aspect of software has always intrigued me, and that got me into trying to develop methods first to prevent mistakes from being made, and then later, methods for catching mistakes.”

Related Search Term(s): security

Share this link: http://www.sdtimes.com/link/33450

RSA keynote: Lack of security in the cloud breeds distrust Experts say that until cloud security standards mature and are adopted more widely, adoption will be tepid

Fortify, HP give hybrid view of app security By correlating results of dynamic testing and static code analysis, Hybrid 2.0 offers improved vulnerability resolution

Application security, IBM style Jack Danahy, founder of Ounce Labs, discusses acquisitions by IBM and what he sees in the security space

Add comment

Name*
Email*
Country

Comment
Preview

News on Monday
more>>
SharePoint Tech Report
more>>

Download Current Issue
ISSUE 3/15/2010 PDF

Need Back Issues?
DOWNLOAD HERE

Receive the print Edition?

Google Code turns 5
Google Code Turns 5, and adds a Paxos Algorithm to make the system more stable and reliable.
03/17/2010 11:16 AM EST

Test your Visual Studio 2010 know-how
Microsoft is offering free beta certification exams for Visual Studio 2010.
03/17/2010 11:08 AM EST

Microsoft lifts the hood on IE9
Microsoft is previewing IE9.
03/16/2010 01:10 PM EST