Using Static Analysis Tools for Safety Certification

Total Page:16

File Type:pdf, Size:1020Kb

Using Static Analysis Tools for Safety Certification Software BETTER PLAY IT SAFE Using static analysis tools for safety certification By Robert Dewar, PhD, and Ben Brosgol, PhD Building reliable software is difficult but achievable. Choosing an appropriate language is important but is only the first step. The careful selection of a coordinated set of tools is just as important or perhaps even more so. For safety-critical systems, using qualified verification tools that tell as much as possible about the software as early as possible helps increase confidence in the system’s correctness while reducing the costs for the system’s certification. Complying with safety-critical standards Tool qualification and software many such optimizations but still does not such as DO-178B involves demonstrat- certification realize the full potential of the Itanium ing that a system meets its requirements Before considering specific tools that chip. Development continues at a rapid and does not introduce safety hazards. An assist in the production of safety-critical pace, but so far no compiler achieves the underlying issue is that the certification certified code, let’s first have a look at the chip’s full performance potential. evidence is based on the system’s static issue of achieving confidence in the tools source text but needs to relate to the sys- themselves. Obviously it is desirable to Not only are the compilers themselves tem’s dynamic, runtime, behavior. How use tools that are known to be 100 percent out of reach of formal safety certification does one guarantee prevention of runtime reliable and free of any errors. because of their inherent complexity, but insecurities such as misusing an integer as to make things worse, there are no formal an address, exhausting memory resources, A first view would be that the tools specifications of these languages suitable selecting a nonexistent element in a data should be certified with the same rig- for certification. International standard structure, buffer overflow, referencing a orous approach that is used for safety- documents define the languages in suf- variable before it is initialized, or access- critical applications. After all, if life ficient detail for programmers and com- ing shared data across concurrent activities safety depends on the program’s correct- piler writers, but these definitions are not without protection? ness, shouldn’t any tools that are used in at the formal complete level needed for its production also be totally reliable? certification using DO-178B or similar The programming language chosen and approaches. the set of features used are obviously Unfortunately, this is not practical. Why important in the development of safety- not? The difficulty is that large systems So that sounds bad. What do software critical systems. But even with a language are written using large and complex lan- developers do if the tools they use cannot designed for reliable programming, such guages. Experience has shown that in be shown to be completely reliable? The as Ada, it will be possible to write pro- order to develop maintainable applica- answer is that in the certification process, grams that compile but that encounter tions, languages with rich features are they either certify at the object code level, such issues at runtime. needed. It is certainly possible to design bypassing the issue of whether the com- very simple languages, but in practice piler is fully reliable, or they certify at the A solution is to use static analysis tools such languages are not suitable for build- source level and include a detailed analy- that can detect and thus prevent poten- ing large, modern, complex applications. sis showing the correspondence of the tial runtime insecurities. If such a tool is source code with the object code. Vendors being used to replace a process that would Even C now has an international standard such as Verocel provide tools that assist at otherwise be done manually during the document that is very large, and compil- the object code level. In either case, the system certification, then, in DO-178B ers for modern languages are themselves focus is on the object code, so if the com- parlance, the tool needs to be “qualified very large and complex programs. For piler fails to generate correct code, this as a verification tool.” If the tool is such example, the 1999 version exceeds 500 will be discovered during the certification that its failure could introduce errors into pages – comparable in size to the Ada process. the system, then it would need to be quali- standard. A compiler for a language fied as a development tool, a much more such as Ada can comprise a million lines The situation is similar for any tool that stringent requirement. of code or more. Furthermore, modern is involved in actual code generation. microprocessor design requires compil- However, there is a brighter side to this Among the static analysis tools applica- ers to perform extensive optimizations. picture. Software developers also use ble in a DO-178B certification context, a Indeed the requirement for sophisticated tools that are not directly involved in code stack usage analyzer is particularly impor- optimization is becoming more stringent generation, but instead provide informa- tant for data space predictability. This tool as time goes on; for example, reasonable tion about the program. Such analysis calculates the maximum amount of stack performance on the Itanium, ia64, micro- tools have a completely different sta- space that a program would ever need. processor architecture is only possible for tus from the compiler generating object Such information is especially relevant in compilers carrying out advanced opti- code. An error in an analysis tool does not memory-constrained environments such mization algorithms. The Free Software directly cause any error in the resulting as VMEbus systems. Foundation’s GCC compiler implements program. At worst, the tool may complain Reprinted from VMEbus Systems / April 2006 Copyright 2006 Software BETTER PLAY IT SAFE about a nonexistent problem, which can be ignored, or it may miss something it Does the tool replace processes otherwise required by DO-178B? should have caught, which will be found later during object code certification. Yes No DO-178B recognizes the difference between a tool such as a compiler, which No need to qualify generates code that is part of the opera- tional system, and an analysis tool that does not generate code. The differences between the qualification requirements Does the tool produce output that is part of the airborne software Can the tools fail to detect errors? for these tools are illustrated in Figure 1. (i.e., can the tool introduce errors?) The qualification procedure for analysis tools or verification tools still requires Yes Yes careful generation of objectives, and thor- ough testing, but does not operate at the same stringent level as certification of the avionics application code itself. Need to qualify as development tool Need to qualify as verification tool Qualified tools can be an important com- Figure 1 ponent in the production of safety-critical code. By using analysis tools, the software Ada, however, the two variables have dis- language is only as good as the software developer can find errors earlier, which tinct types. Since Ada’s predefined “>” development environment that supports it. reduces development expense. By using operation requires operands of the same A compiler that correctly implements the qualified analysis tools, the developer can type, the error would be detected at com- language is important but is not sufficient. get credit for some of the automated veri- pile time in Ada, and the compiler would Let’s now look at some other important fication work that otherwise would need reject the program. It is, of course, much attributes for a compiler in the context to be done manually, which reduces the cheaper when the compiler detects such of safety-critical development, and then certification expense. errors than if time is spent debugging to consider the role of static analysis tools track them down. in general and a stack usage analyzer in Programming language choice particular. Although they cannot be certified with Although the compiler cannot be abso- regard to object code accuracy, compil- lutely trusted to generate correct code, in The compiler as a static analysis ers actually do far more than just generate practice it is safe to rely on the compiler tool code. Modern languages have been care- to reject incorrect programs, and to make Although compilers are usually thought fully designed so that the compiler can use of these error messages to find prob- of as tools for generating code, they can detect many problems before a program is lems early. If an incorrect error message often perform much more extensive tasks even run. Most notably, the strong typing is generated, then that’s annoying but of program analysis. In addition to the system of a language like Ada can find does not compromise safety. If a message detection of incorrect programs, a good many errors early on. As an example, sup- is missed, that’s also annoying because compiler can provide extensive warnings pose a program needs to deal with physi- the error won’t be found until later in the about suspicious code that is not actually cal units; in Ada, this might be expressed certification process, but still there is no wrong but which represents likely errors as follows, using distinct types: compromise to safety. or at least code that should be reviewed. type Temperature is range 20 .. In the case of Ada, there is a formal As an example, consider an Ada program 30; -- Celsius validation process for Ada compilers that contains: type Pressure is range 0 .. 1000; that was initially supervised by the U.S.
Recommended publications
  • GNAT for Cross-Platforms
    GNAT User’s Guide Supplement for Cross Platforms GNAT, The GNU Ada Compiler GNAT GPL Edition, Version 2012 Document revision level 247113 Date: 2012/03/28 AdaCore Copyright c 1995-2011, Free Software Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.1 or any later version published by the Free Software Foundation; with the Invariant Sections being “GNU Free Documentation License”, with the Front-Cover Texts being “GNAT User’s Guide Supplement for Cross Platforms”, and with no Back-Cover Texts. A copy of the license is included in the section entitled “GNU Free Documentation License”. About This Guide This guide describes the use of GNAT, a compiler and software development toolset for the full Ada programming language, in a cross compilation environ- ment. It supplements the information presented in the GNAT User’s Guide. It describes the features of the compiler and tools, and details how to use them to build Ada applications that run on a target processor. GNAT implements Ada 95 and Ada 2005, and it may also be invoked in Ada 83 compatibility mode. By default, GNAT assumes Ada 2005, but you can override with a compiler switch to explicitly specify the language version. (Please refer to the section “Compiling Different Versions of Ada”, in GNAT User’s Guide, for details on these switches.) Throughout this manual, references to “Ada” without a year suffix apply to both the Ada 95 and Ada 2005 versions of the language. This guide contains some basic information about using GNAT in any cross environment, but the main body of the document is a set of Appendices on topics specific to the various target platforms.
    [Show full text]
  • SETL for Internet Data Processing
    SETL for Internet Data Processing by David Bacon A dissertation submitted in partial fulfillment of the requirements for the degree of Doctor of Philosophy Computer Science New York University January, 2000 Jacob T. Schwartz (Dissertation Advisor) c David Bacon, 1999 Permission to reproduce this work in whole or in part for non-commercial purposes is hereby granted, provided that this notice and the reference http://www.cs.nyu.edu/bacon/phd-thesis/ remain prominently attached to the copied text. Excerpts less than one PostScript page long may be quoted without the requirement to include this notice, but must attach a bibliographic citation that mentions the author’s name, the title and year of this disser- tation, and New York University. For my children ii Acknowledgments First of all, I would like to thank my advisor, Jack Schwartz, for his support and encour- agement. I am also grateful to Ed Schonberg and Robert Dewar for many interesting and helpful discussions, particularly during my early days at NYU. Terry Boult (of Lehigh University) and Richard Wallace have contributed materially to my later work on SETL through grants from the NSF and from ARPA. Finally, I am indebted to my parents, who gave me the strength and will to bring this labor of love to what I hope will be a propitious beginning. iii Preface Colin Broughton, a colleague in Edmonton, Canada, first made me aware of SETL in 1980, when he saw the heavy use I was making of associative tables in SPITBOL for data processing in a protein X-ray crystallography laboratory.
    [Show full text]
  • Automated Testing of Debian Packages
    Introduction Lintian and Linda Rebuilding packages Piuparts Structuring QA Conclusion Automated Testing of Debian Packages Holger Levsen – [email protected] Lucas Nussbaum – [email protected] Holger Levsen and Lucas Nussbaum Automated Testing of Debian Packages 1 / 31 Introduction Lintian and Linda Rebuilding packages Piuparts Structuring QA Conclusion Summary 1 Introduction 2 Lintian and Linda 3 Rebuilding packages 4 Piuparts 5 Structuring QA 6 Conclusion Holger Levsen and Lucas Nussbaum Automated Testing of Debian Packages 2 / 31 Introduction Lintian and Linda Rebuilding packages Piuparts Structuring QA Conclusion Debian’s Quality Popcon data Automated Testing Summary 1 Introduction Debian’s Quality Popcon data Automated Testing 2 Lintian and Linda 3 Rebuilding packages 4 Piuparts 5 Structuring QA 6 ConclusionHolger Levsen and Lucas Nussbaum Automated Testing of Debian Packages 3 / 31 Introduction Lintian and Linda Rebuilding packages Piuparts Structuring QA Conclusion Debian’s Quality Popcon data Automated Testing Debian’s Quality Ask around : considered quite good compared to other distros A lot of packages, all supported in the same way : 10316 source packages in etch/main 18167 binary packages in etch/main Holger Levsen and Lucas Nussbaum Automated Testing of Debian Packages 4 / 31 Introduction Lintian and Linda Rebuilding packages Piuparts Structuring QA Conclusion Debian’s Quality Popcon data Automated Testing Packages installations according to popcon 1 0.9 0.8 0.7 0.6 0.5 0.4 0.3 percentage of packages 0.2 0.1 0 0 5000 10000
    [Show full text]
  • January–June 2018 New GNAT Pro Product Lines GNAT Pro Assurance
    tech corner newsflash calendar highlights / January –June 2018 MHI Aerospace Systems Corporation For up-to-date information on conferences where AdaCore is New Product Release participating, please visit www.adacore.com/events/. AdaCore’s annual Q1 release cycle brings across-the-board enhance- new rules, with supporting qualification material available for DO-178C; Selects QGen 2 ments, many of which stem from customer suggestions. Below is a sam- GNATcoverage’s tool qualification material has been adapted to DO-178C MHI Aerospace Systems Corporation (MASC), a member of the Mitsubishi ERTS 2018 pling of new features in the V18 products; details may be found on-line and Ada 2012, and support has been introduced for Lauterbach probes; Heavy Industries Group, has selected the QGen toolset to develop the (Embedded Real Time Software and Systems) in AdaCore’s “New Features” pages: and the GNATtest unit testing framework has added several new options. software for the Throttle Quadrant Assembly (TQA) system. This avionics January 31–February 2, 2018 Inside The GNAT Programming Studio (GPS) IDE has incorporated performance Toulouse, France GNAT Pro base technology: docs.adacore.com/R/relnotes/features-18 research project is being conducted to meet the Level C objectives in the and user interface improvements, for example in the C/C++ navigation DO-178C safety standard for airborne software and its DO-331 supplement AdaCore is exhibiting at this conference, and AdaCore personnel are presenting papers on docs.adacore.com/R/relnotes/features-gps-18 software safety, avionics certification, drone autopilot software, and lightweight semantic GPS and GNATbench IDEs: engine, and GNATbench supports Eclipse 4.8 Oxygen as well as Wind on Model-Based Development and Verification.
    [Show full text]
  • GNAT User's Guide
    GNAT User's Guide GNAT, The GNU Ada Compiler For gcc version 4.7.4 (GCC) AdaCore Copyright c 1995-2009 Free Software Foundation, Inc. Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.3 or any later version published by the Free Software Foundation; with no Invariant Sections, with no Front-Cover Texts and with no Back-Cover Texts. A copy of the license is included in the section entitled \GNU Free Documentation License". About This Guide 1 About This Guide This guide describes the use of GNAT, a compiler and software development toolset for the full Ada programming language. It documents the features of the compiler and tools, and explains how to use them to build Ada applications. GNAT implements Ada 95 and Ada 2005, and it may also be invoked in Ada 83 compat- ibility mode. By default, GNAT assumes Ada 2005, but you can override with a compiler switch (see Section 3.2.9 [Compiling Different Versions of Ada], page 78) to explicitly specify the language version. Throughout this manual, references to \Ada" without a year suffix apply to both the Ada 95 and Ada 2005 versions of the language. What This Guide Contains This guide contains the following chapters: • Chapter 1 [Getting Started with GNAT], page 5, describes how to get started compiling and running Ada programs with the GNAT Ada programming environment. • Chapter 2 [The GNAT Compilation Model], page 13, describes the compilation model used by GNAT. • Chapter 3 [Compiling Using gcc], page 41, describes how to compile Ada programs with gcc, the Ada compiler.
    [Show full text]
  • Alire Ada Library Repository Manager
    View metadata, citation and similar papers at core.ac.uk brought to you by CORE provided by Repositorio Universidad de Zaragoza 189 Alire: a Library Repository Manager for the Open Source Ada Ecosystem Alejandro R. Mosteo Instituto de Investigación en Ingeniería de Aragón, Mariano Esquillor s/n, 50018, Zaragoza, Spain Centro Universitario de la Defensa de Zaragoza, 50090, Zaragoza, Spain; email: [email protected] Abstract unmaintained (a form of bit rot [3]) and incompatibilities be- tween versions of a same library, or among different libraries Open source movements are main players in today’s being used simultaneously. software landscape. Communities spring around pro- To address those problems, one of the most notable efforts in gramming languages, providing compilers, tooling and, the open source world are the different Linux distributions. chiefly, libraries built with these languages. Once a Either based on distribution of source code, like Gentoo [4], community reaches a certain critical mass, management or of binaries, like Debian [5], these communities have since of available libraries becomes a point of contention. Op- long dealt with the problem of packaging consistent systems erating system providers and distributions often support for different architectures. The difficulty of such a task is but the most significant or mature libraries so, usually, captured in the dependency or DLL hell expressions [6], and language communities develop their own cross-platform one of the most dreaded experiences is ending in a broken software management tools. Examples abound with configuration during an upgrade. languages such as Python, OCaml, Rust, Haskell and others. Programmers, however, do not all use the same distribution, nor even the same operating system, since today they can The Ada community has been an exception to date, per- resort to about half a dozen generalist operating systems.
    [Show full text]
  • Tiny Runtime to Run Model-Based Software on Cubesats
    Tiny Runtime to Run Model-Based Software on CubeSats Model Based Space Systems and Software Engineering - MBSE2020 2020 Agenda • Project background and objectives • Implementation • Kazoo code patterns • PolyORB removal • Optimizations and fixes • Validation (DemoSat) • Ada support 2020 2 BACKGROUND AND OBJECTIVES 2020 TASTE by ESA • "A tool-chain targeting heterogeneous embedded systems, using a model- based development approach" • System architecture – AADL • Data – ASN.1 (with ACN) • Behaviour – SDL (but can also be C, Ada...) • Can generate executables targeting: • x86 • SPARC (e.g. Leon3) • ARM (e.g. STM32F407) • and now MSP430 (MSP430FR5969)! • https://taste.tools and https://taste.tuxfamily.org/wiki/ 2020 4 MSP430 by Texas Instruments • General purpose, ultra-low-power, affordable, mixed-signal MCUs • Radiation hardened versions available (50krad for MSP430FR5969-SP) • Good choice for certain subsystems and CubeSats • But also challenging: • 16-bit ISA • low memory (e.g. 64 kB) • low speed (e.g. 16 MHz) • https://www.ti.com/microcontrollers/msp430-ultra-low-power-mcus/overview.html 2020 5 N7 Space • N7 Space develops both ground support and flight software • TASTE is used extensively: • PROBA3 • ASN.1/ACN Modelling IDE • PUS C deployment • ARM BSP • CoreSight • MBSE Implement • N7 Space is a member of the TASTE Steering Commitee • http://n7space.com/ 2020 6 Goal • Provide support for MSP430 in TASTE • Validate it using a realistic (CubeSat class) use-case • An (intended) by-product: various optimizations which enable targeting
    [Show full text]
  • Final Minutes of the 3. ARG Meeting Bennington, VT, USA, 7-9 October 1996
    Final Minutes of the 3. ARG Meeting Bennington, VT, USA, 7-9 October 1996 Attendance: Barnes, Cohen, Dewar, Dismukes, Duff, Eachus, Ishihata, Kamrad, Leroy, Michell, Ploedereder, Schonberg (for days 1 & 2). Host facilities were graciously supplied by Robert Dewar and ACT. The ARG expressed its appreciation. These minutes first summarize the voting results on the AIs that were discussed, then present all procedural issues that came up during the meeting and the action items assigned. The record of the detailed discussions on AIs is appended in AI order for easier reference. This order does not correspond to the chronological order in which the AIs were discussed. Summary of the action taken on the AIs: Approved in final form (some with minor editorial changes): AI95-00004/02 -- Conversions to types derived from remote access types Approved (12-0-0) AI95-00031/00 -- Unpacking a record type with primitive subprograms Approved (11-0-0) AI95-00035/01 -- Type descriptors can be laid out at compile time Approved (12-0-0) AI95-00037/04 -- In Interfaces.C, nul and wide_nul represent zero Approved (12-0-0) AI95-00040/02 -- Does <> for a formal subprogram default freeze the actual ? Approved (11-0-1) with change to title AI95-00041/04 -- Program unit pragmas in generic units Approved (12-0-0) AI95-00044/01 -- Overriding of Declarations Approved (11-1-0) with change to title AI95-00048/04 -- Can an RCI unit be a library subprogram? Approved (12-0-0) with change to title AI95-00071/01 -- Correction to the Valid function in COBOL Interface Approved
    [Show full text]
  • GNAT User's Guide for Native Platforms
    GNAT User’s Guide for Native Platforms Release 23.0w AdaCore Sep 29, 2021 GNAT User’s Guide for Native Platforms 23.0w This page is intentionally left blank. 2 of 332 GNAT User’s Guide for Native Platforms GNAT User’s Guide for Native Platforms 23.0w GNAT, The GNU Ada Development Environment GNAT Pro Edition Version 23.0w Date: Sep 29, 2021 AdaCore Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.3 or any later version published by the Free Software Foundation; with no Invariant Sections, with the Front-Cover Texts being “GNAT Reference Manual”, and with no Back-Cover Texts. A copy of the license is included in the section entitled GNU Free Documentation License. GNAT User’s Guide for Native Platforms 3 of 332 GNAT User’s Guide for Native Platforms 23.0w This page is intentionally left blank. 4 of 332 GNAT User’s Guide for Native Platforms GNAT User’s Guide for Native Platforms 23.0w CONTENTS 1 About This Guide 13 1.1 What This Guide Contains........................................ 13 1.2 What You Should Know before Reading This Guide........................... 14 1.3 Related Information............................................ 14 1.4 Conventions................................................ 14 2 Getting Started with GNAT 15 2.1 System Requirements........................................... 15 2.2 Running GNAT.............................................. 15 2.3 Running a Simple Ada Program..................................... 16 2.4 Running a Program with Multiple Units................................. 17 3 The GNAT Compilation Model 19 3.1 Source Representation.......................................... 19 3.2 Foreign Language Representation.................................... 20 3.2.1 Latin-1.............................................
    [Show full text]
  • Ada User Journal 66 Editorial 67 Quarterly News Digest 69 Conference Calendar 97 Forthcoming Events 103 Articles from the Industrial Track of Ada-Europe 2011 R
    ADA Volume 32 USER Number 2 June 2011 JOURNAL Contents Page Editorial Policy for Ada User Journal 66 Editorial 67 Quarterly News Digest 69 Conference Calendar 97 Forthcoming Events 103 Articles from the Industrial Track of Ada-Europe 2011 R. Bridges, F. Dordowsky, H. Tschöpe “Implementing a Software Product Line for a complex Avionics System in Ada 83” 107 Ada Gems 116 Ada-Europe Associate Members (National Ada Organizations) 128 Ada-Europe 2011 Sponsors Inside Back Cover Ada User Journal Volume 32, Number 2, June 2011 66 Editorial Policy for Ada User Journal Publication Original Papers Commentaries Ada User Journal — The Journal for Manuscripts should be submitted in We publish commentaries on Ada and the international Ada Community — is accordance with the submission software engineering topics. These published by Ada-Europe. It appears guidelines (below). may represent the views either of four times a year, on the last days of individuals or of organisations. Such March, June, September and All original technical contributions are articles can be of any length – December. Copy date is the last day of submitted to refereeing by at least two inclusion is at the discretion of the the month of publication. people. Names of referees will be kept Editor. confidential, but their comments will Opinions expressed within the Ada Aims be relayed to the authors at the discretion of the Editor. User Journal do not necessarily Ada User Journal aims to inform represent the views of the Editor, Ada- readers of developments in the Ada The first named author will receive a Europe or its directors.
    [Show full text]
  • GNAT User's Guide for Native Platforms
    GNAT User's Guide for Native Platforms GNAT User's Guide for Native Platforms , Dec 05, 2018 AdaCore Copyright c 2008-2019, Free Software Foundation i Table of Contents 1 About This Guide :::::::::::::::::::::::::::::: 2 1.1 What This Guide Contains ::::::::::::::::::::::::::::::::::::: 2 1.2 What You Should Know before Reading This Guide :::::::::::: 2 1.3 Related Information :::::::::::::::::::::::::::::::::::::::::::: 3 1.4 A Note to Readers of Previous Versions of the Manual :::::::::: 3 1.5 Conventions:::::::::::::::::::::::::::::::::::::::::::::::::::: 4 2 Getting Started with GNAT ::::::::::::::::::: 5 2.1 Running GNAT :::::::::::::::::::::::::::::::::::::::::::::::: 5 2.2 Running a Simple Ada Program :::::::::::::::::::::::::::::::: 5 2.3 Running a Program with Multiple Units :::::::::::::::::::::::: 6 2.4 Using the gnatmake Utility ::::::::::::::::::::::::::::::::::::: 7 3 The GNAT Compilation Model ::::::::::::::: 9 3.1 Source Representation:::::::::::::::::::::::::::::::::::::::::: 9 3.2 Foreign Language Representation:::::::::::::::::::::::::::::: 10 3.2.1 Latin-1::::::::::::::::::::::::::::::::::::::::::::::::::: 10 3.2.2 Other 8-Bit Codes:::::::::::::::::::::::::::::::::::::::: 10 3.2.3 Wide Character Encodings ::::::::::::::::::::::::::::::: 11 3.2.4 Wide Wide Character Encodings ::::::::::::::::::::::::: 12 3.3 File Naming Topics and Utilities :::::::::::::::::::::::::::::: 13 3.3.1 File Naming Rules ::::::::::::::::::::::::::::::::::::::: 13 3.3.2 Using Other File Names :::::::::::::::::::::::::::::::::: 14 3.3.3 Alternative
    [Show full text]
  • Stevesn Indicator Spring-Summer 2021
    34 MILE SQUARE CITY YESTERDAY AND TODAY DEPARTMENTS A walk through Hoboken in photos 36-46 COMMUNITY FRONTIERS 2 PRESIDENT’S LETTER 37 DUCK DATA: STEVENS ALUMNI IN BRIEF 3 LETTER FROM THE EDITORS Vital statistics and interesting facts about 74 CAMPAIGN STORY our graduates 76 ALUMNI NEWS/CLASS LOGS 38 ACES HELPS LEVEL THE PLAYING FIELD 77 SAA PRESIDENT’S LETTER Underrepresented minorities with STEM talent find support at Stevens 95 VITALS 40 SATURDAYS AT STEVENS Art Harper Saturday Academy introduces high school students to a world of possibilities in STEM FEATURES 42 A STEP CONVERSATION 4 150 YEARS OF EXPLORING NEW FRONTIERS Two generations share memories from the In this special anniversary issue, we celebrate esteemed, long-standing program frontiers explored by the Stevens community 44 FIRST-CLASS WOMEN 6 STEVENS THROUGH THE YEARS Stevens’ first female undergraduates reflect Highlights from the first 150 years of Stevens history on arriving at Castle Point 50 years ago 12-23 PERSONAL FRONTIERS 47-60 INNOVATION FRONTIERS 13 JAMES BRAXTON ’37 HON. D.ENG. ’87 48 12 STEVENS INNOVATORS AND GAME CHANGERS Building a more equitable world through Alumni who have made a lasting impact through affordable housing systems extraordinary careers 16 SHARING THEIR WORDS OF WISDOM 50 STALKING THE ‘GHOST PARTICLE’ Advice and insights from beloved Stevens The revolutionary work of Nobel Prize winner faculty and staff Frederick Reines ’39 M.S. ’41 Hon. D.Eng. ’84 18 CLOSE UP WITH AIMI SELA ’04 52 THE SCIENCE OF FINANCE Her journey from foster child to
    [Show full text]