Presentation is loading. Please wait.

Presentation is loading. Please wait.

EUROPARC de Pichaury Bâtiment C2 1330, av. Guillibert de la Lauzière 13 856 Aix en Provence Cedex 3 Téléphone : 04.42.37.12.70 Télécopie : 04.42.37.12.71.

Similar presentations


Presentation on theme: "EUROPARC de Pichaury Bâtiment C2 1330, av. Guillibert de la Lauzière 13 856 Aix en Provence Cedex 3 Téléphone : 04.42.37.12.70 Télécopie : 04.42.37.12.71."— Presentation transcript:

1 EUROPARC de Pichaury Bâtiment C2 1330, av. Guillibert de la Lauzière Aix en Provence Cedex 3 Téléphone : Télécopie : C L E A R S Y C L E A R S Y Formalized Operation Principles Denis SABATIER

2 CLEARSY/PRES/COP The PEUGEOT project : principle Source documents : design specifications STEDSSTEDSSTEDS Interviews, mails & phone B Modelizations B B Formalized Operation Principles (FOP) Re-translation into natural language Event-driven B

3 CLEARSY/PRES/COP Expected benefits Pressing the remote control button should unlock the doors B Door state(i) : {locked, unlocked} handle state(i) : {raised, normal} HF event = Door state(i) := unlocked for i = ??? Trunk ? Works if handle raised ? Remove ambiguous statements discover missing information  Consistency  Completeness  No ambiguous statements  Uniform level of detail

4 CLEARSY/PRES/COP The chosen level of detail : replacable units  Divide the car into Replacable Units  Define the behavior of each Replacable Unit  What it should do in every situation  Interfaces : define the semantics, not the format  FOP + Interface format documents = you can predict what messages and signals are exchanged in every situation

5 CLEARSY/PRES/COP Proof Abstract B model (specification) Less abstract B model (design) The B theory tells what predicates must be proven Theorem prover (Atelier B)  Standart use of B: B invariants (consistency, simple functionnal properties) B model (design specification) Theorem prover (Atelier B)

6 CLEARSY/PRES/COP Size & Costs  Project duration : from june 99 to dec 01  2 vehicles (307, 206 mux)  About 2 x 150,000 lines of documents produced  All domains  From motor to radio player  1 st vehicle ~ 14 man.year, 2 nd ~ 5.6 m.y.

7 CLEARSY/PRES/COP Key points Directive sentences  No pseudo programming!  « Write models that are the best way you find to describe (predict) how the system reacts »  « Your models should be usable to predict the system's reactions without pseudo executing the models »  « Do not use any abstract variable that don't represent something in real life »  Link the model to reality  « whatever the real situation is, you should always be able to tell what are the values of the abstract variables corresponding to this situation, and what are the B events corresponding to the observed events »  Even if such a valuation would require unfeasible measurements or unknown key values...

8 CLEARSY/PRES/COP Results  Very efficient to find missing information  Formalization forces consistent definition of each detail from the specifications  Can be done by a complete team of engineers  Efficent questions for domain experts interviews  When information is missing, B Models are completed using hypotheses; hypotheses become questions  But...  Formalized documents made afterward are difficult to insert in the product's process  Formalization quality depends upon capacity of abstraction  Model quality cannot be checked by compiling and running

9 CLEARSY/PRES/COP Model accuracy  No automated tests between source documents and B models  Because source documents are informal  No automated tests between the real device and B models  Tests can be done, but won't be exhaustive  Next step: early formalization and formal development  More proofs !

10 CLEARSY/PRES/COP Next  Many people asked for a more global level of description  Replacable unit level necessary for car diagnosys  Global descriptions done informally  difficult...  FOP engineers want to prove their models against an more global level First models: level = replacable units Find true functions' laws at car level Car level B models Replacable units level B models as refinements

11 CLEARSY/PRES/COP Industrial point of view  Goal = « the project & product must be a commercial success »  « product 100% functionnal » is not directly a goal  Sub-goal 1: time & cost of the project to minimum required  Sub-goal 2: product satisfies the customer's needs  The rôle of formal methods : Master the complexity  To control projects' time & costs  To obtain products that meet customer needs  Formal methods payback  Difficult to measure  Measurements exists (ex: METEOR), but discussion also exists  Still perceived as a matter of conviction  Need to gather more and more industrial success stories

12 CLEARSY/PRES/COP Trends (now) Marketing studies High level requirements Research General design Architecture design Detailed requirements Module requirements Interfaces Code generation Tests / Compiling Hardware design Abstract Concrete =Manual=Automated Formal Methods

13 CLEARSY/PRES/COP Trends (next) Marketing studies High level requirements Research General design Architecture design Detailed requirements Module requirements Interfaces Code generation Tests / Compiling Hardware design Abstract Concrete =Manual=Automated Formal Methods


Download ppt "EUROPARC de Pichaury Bâtiment C2 1330, av. Guillibert de la Lauzière 13 856 Aix en Provence Cedex 3 Téléphone : 04.42.37.12.70 Télécopie : 04.42.37.12.71."

Similar presentations


Ads by Google