Finding All Potential Run-Time Errors and Data Races in Automotive Software

Daniel Kaestner, Antoine Miné, André Schmidt, Heinz Hille, Laurent Mauborgne, Stephan Wilhelm, Xavier Rival, Jérôme Feret, Patrick Cousot, Christian Ferdinand

Research output: Contribution to journalConference articlepeer-review


Safety-critical embedded software has to satisfy stringent quality requirements. All contemporary safety standards require evidence that no data races and no critical run-time errors occur, such as invalid pointer accesses, buffer overflows, or arithmetic overflows. Such errors can cause software crashes, invalidate separation mechanisms in mixed-criticality software, and are a frequent cause of errors in concurrent and multi-core applications. The static analyzer Astrée has been extended to soundly and automatically analyze concurrent software. This novel extension employs a scalable abstraction which covers all possible thread interleavings, and reports all potential run-time errors, data races, deadlocks, and lock/unlock problems. When the analyzer does not report any alarm, the program is proven free from those classes of errors. Dedicated support for ARINC 653 and OSEK/AUTOSAR enables a fully automatic OS-aware analysis. In this article we give an overview of the key concepts of the concurrency analysis and report on experimental results obtained on concurrent automotive software. The experiments confirm that the novel analysis can be successfully applied to real automotive software projects.

Original languageEnglish (US)
JournalSAE Technical Papers
Issue numberMarch
StatePublished - Mar 28 2017
EventSAE World Congress Experience, WCX 2017 - Detroit, United States
Duration: Apr 4 2017Apr 6 2017

ASJC Scopus subject areas

  • Automotive Engineering
  • Safety, Risk, Reliability and Quality
  • Pollution
  • Industrial and Manufacturing Engineering


Dive into the research topics of 'Finding All Potential Run-Time Errors and Data Races in Automotive Software'. Together they form a unique fingerprint.

Cite this