Industrial usage of VDM Dr Peter Gorm Larsen Associate Professor University College of Aarhus + PGL Consult.

Slides:

Advertisements

Similar presentations

October 2007Potential thesis projects1 Peter Gorm Larsen Professor (ingeniørdocent) at Engineering College of Aarhus.

Advertisements

The System and Software Development Process Instructor: Dr. Hany H. Ammar Dept. of Computer Science and Electrical Engineering, WVU.

Principles of Project Management Case Study - Programme Management: Developing a Blueprint Graham Collins University College London (UCL)

IFAD Dr Peter Gorm Larsen IFAD A/S Forskerparken 10A DK-5230 Odense M Denmark Ten Years of Historical Development “Bootstrapping” VDMTools.

Sequence Diagram Generation & Validation MSE First Presentation Samer Saleh Advisor: Bill Hankley.

JML and ESC/Java2: An Introduction Karl Meinke School of Computer Science and Communication, KTH.

© 2004 by Carnegie Mellon University The Society of Automotive Engineers (SAE) Architecture Analysis & Design Language (AADL) Standard An International.

Job No/ 1 © British Crown Copyright 2008/MOD Developing a High Integrity Code Generator Using iUML/iCCG Sam Moody AWE plc, Aldermaston, Berkshire, United.

Automated creation of verification models for C-programs Yury Yusupov Saint-Petersburg State Polytechnic University The Second Spring Young Researchers.

Shaoying Liu Department of Computer Science

Network Management Overview IACT 918 July 2004 Gene Awyzio SITACS University of Wollongong.

What is Software Engineering? And why is it so hard?

Software engineering for real-time systems

March 2006VDM Technology in Industry1 Peter Gorm Larsen.

March 2009Tools for VDM in Industry1 Professor Peter Gorm Larsen Engineering College of Aarhus Also adjunct professor at Aarhus.

Java for High Performance Computing Jordi Garcia Almiñana 14 de Octubre de 1998 de la era post-internet.

August Two courses on VDM++ for Embedded Systems: Learning by Doing Professor Peter Gorm Larsen Engineering College of Aarhus Computer Technology.

February 2008Potential thesis projects1 Peter Gorm Larsen Professor (ingeniørdocent) at Engineering College of Aarhus.

Slide 1.1 © The McGraw-Hill Companies, 2002 Object-Oriented and Classical Software Engineering Fifth Edition, WCB/McGraw-Hill, 2002 Stephen R. Schach

March 2008Tools for VDM in Industry1 Professor Peter Gorm Larsen Engineering College of Aarhus

Supplement 02CASE Tools1 Supplement 02 - Case Tools And Franchise Colleges By MANSHA NAWAZ.

Semantics in Practice Dr Peter Gorm Larsen Associate Professor University College of Aarhus + PGL Consult

1 Scenario-based Analysis of UML Design Class Models Lijun Yu October 4th, 2010 Oslo, Norway.

March 2007Tools for VDM in Industry1 Peter Gorm Larsen.

Software Verification and Validation (V&V) By Roger U. Fujii Presented by Donovan Faustino.

Basic Concepts The Unified Modeling Language (UML) SYSC System Analysis and Design.

10th TTCN-3 User Conference, 7-9 June 2011, Bled, Slovenia AUTOSAR Conformance Tests - Feedback on their development and utilization Alain Feudjio-Vouffo,

Quality of Information systems. Quality Quality is the degree on which a product satifies the requirements Quality management requires that : that requirements.

Formal Methods 1. Software Engineering and Formal Methods  Every software engineering methodology is based on a recommended development process  proceeding.

Workshop on Integrated Application of Formal Languages, Geneva J.Fischer Mappings, Use of MOF for Language Families Joachim Fischer Workshop on.

Object-Oriented Software Engineering Practical Software Development using UML and Java Chapter 1: Software and Software Engineering.

18 September Licensing for Next Generation Signalling Buddhadev Dutta Chowdhury 27 th April 2012.

SOFTWARE ENGINEERING1 Introduction. Software Software (IEEE): collection of programs, procedures, rules, and associated documentation and data SOFTWARE.

©Ian Sommerville 2000, Mejia-Alvarez 2009 Slide 1 Software Processes l Coherent sets of activities for specifying, designing, implementing and testing.

ESA/ESTEC, TEC-QQS August 8, 2005 SAS_05_ESA SW PA R&D_Winzer,Prades Slide 1 Software Product Assurance (PA) R&D Road mapping Activities ESA/ESTEC TEC-QQS.

VDM++ Tutorial Overview John Fitzgerald Peter Gorm Larsen Paul Mukherjee Nico Plat.

 CS 5380 Software Engineering Chapter 2 – Software Processes Chapter 2 Software Processes1.

Slide 1V&V 10/2002 Software Quality Assurance Dr. Linda H. Rosenberg Assistant Director For Information Sciences Goddard Space Flight Center, NASA

Framework for the Development and Testing of Dependable and Safety-Critical Systems IKTA 065/ Supported by the Information and Communication.

University of Southern California Center for Systems and Software Engineering Model-Based Software Engineering Supannika Koolmanojwong Spring 2013.

Object-Oriented Software Engineering Practical Software Development using UML and Java Chapter 1: Software and Software Engineering.

Middleware for FIs Apeego House 4B, Tardeo Rd. Mumbai Tel: Fax:

© Fraunhofer IAO, IAT Universität Stuttgart Message based propagation of changes in VO membership in a Grid environment Change Propagation in a heterogeneous.

1 Context-dependent Product Line Practice for Constructing Reliable Embedded Systems Naoyasu UbayashiKyushu University, Japan Shin NakajimaNational Institute.

Model Checking and Model-Based Design Bruce H. Krogh Carnegie Mellon University.

Software Production ( ) First Semester 2011/2012 Dr. Samer Odeh Hanna (PhD)

FDT Foil no 1 On Methodology from Domain to System Descriptions by Rolv Bræk NTNU Workshop on Philosophy and Applicablitiy of Formal Languages Geneve 15.

SOFTWARE ENGINEERING1 Introduction. SOFTWARE ENGINEERING2 Software Q : If you have to write a 10,000 line program in C to solve a problem, how long will.

Cmpe 589 Spring 2006 Lecture 2. Software Engineering Definition –A strategy for producing high quality software.

Software Architecture Risk Assessment (SARA) Tool Khader Shaik, Wallid Abdelmoez, Dr. Hanny Ammar Lane Department of Computer Science and Electrical Engineering,

Formal Methods.

Toulouse, September 2003 Page 1 JOURNEE ALTARICA Airbus ESACS  ISAAC.

CASE (Computer-Aided Software Engineering) Tools Software that is used to support software process activities. Provides software process support by:- –

COMPGZ07 Project Management The Effectiveness of Workshops Graham Collins University College London (UCL)

HNDIT23082 Lecture 06:Software Maintenance. Reasons for changes Errors in the existing system Changes in requirements Technological advances Legislation.

The System and Software Development Process Instructor: Dr. Hany H. Ammar Dept. of Computer Science and Electrical Engineering, WVU.

Winter 2011SEG Chapter 11 Chapter 1 (Part 1) Review from previous courses Subject 1: The Software Development Process.

Developing Product Line Components Jan Bosch Professor of Software Engineering University of Groningen, Netherlands

Prof. Hany H. Ammar, CSEE, WVU, and

Ontologies Reasoning Components Agents Simulations An Overview of Model-Driven Engineering and Architecture Jacques Robin.

Chapter 8: Maintenance and Software Evolution Ronald J. Leach Copyright Ronald J. Leach, 1997, 2009, 2014,

Slide #18-1 Introduction to Assurance CS461/ECE422 Fall 2008 Based on slides provided by Matt Bishop for use with Computer Security: Art and Science.

Team 8: SAE AADL Simulation and Modeling Tools. Members Chaz Beck Software Engineering Shaun Brockhoff Software Engineering Jason Lackore Software Engineering.

An Iterative Method For System Integration

Integrating MBSE into a Multi-Disciplinary Engineering Environment A Software Engineering Perspective Mark Hoffman 20 June 2011 Copyright © 2011 by Lockheed.

Definition CASE tools are software systems that are intended to provide automated support for routine activities in the software process such as editing.

Computer Aided Software Engineering (CASE)

Introduction SOFTWARE ENGINEERING.

Z26 Project Management The Effectiveness of Workshops Graham Collins University College London (UCL)

Chapter 2 – Software Processes

Presentation transcript:

Industrial usage of VDM Dr Peter Gorm Larsen Associate Professor University College of Aarhus + PGL Consult

Ingeniørhøjskolen i Århus Slide 2 Personal Background Theoretical Work –VDM-SL Semantics (ISO standard) –VDM-SL Proof Rules (PhD work) More Practical Work –VDM and SA in combination –IFAD VDMTools –Transfer VDM to Industry –Intensive use Industrially Employed by –For 13 years: IFAD –For 3,5 years: Systematic –Now: University College of Aarhus and PGL Consult

Ingeniørhøjskolen i Århus Slide 3 VDM Technology in Industry  Overview of VDM Concepts Overview of VDM-SL Semantics Industrial usage of VDM

Ingeniørhøjskolen i Århus Slide 4 Vienna Development Method VDM-SL and VDM++ –ISO Standardisation of VDM-SL –VDM++ is an object-oriented extension Model-oriented specification: –Simple, abstract data types –Invariants to restrict membership –Functional specification: Referentially transparent functions Operations with side effects on state variables Implicit specification (pre/post) Explicit specification (functional or imperative) Underdeterminedness and non-determinism

Ingeniørhøjskolen i Århus Slide 5 VDM++ Class Outline class class end end instance variables typesvaluesfunctionsoperations thread sync Internal object state Definitions Dynamic behaviour Synchronization control

Ingeniørhøjskolen i Århus Slide 6 What is VDMTools? The VDM-SL Toolbox The VDM++ Toolbox Different experimental extensions: –Reverse engineering from Java to VDM++ –PROSPER for proof support on top of VDM-SL –VICE for support for real-time systems

Ingeniørhøjskolen i Århus Slide 7 VDMTools ® Overview The Rose-VDM++ Link Document Generator Code Generators - C++, Java Syntax & Type Checker API (Corba), DL Facility Interpreter (Debugger)Integrity Checker

Ingeniørhøjskolen i Århus Slide 8 References, World-wide France Aerospatiale Espace et Defense Dassault Aviation Dasssault Electronique CISI CEA et Defense CEA Leti Cap Gemini LAAS Matra Bae Dynamics U.K. British Aerospace Systems & Equipment British Aerospace Defense Adelard ICL Enterprise Engineering Rolls Royce Transitive Technologies ItalyENEAAnsaldo The Netherlands Dutch Dept. of Defence OriginChessPortugalSidereusDenmark Baan Nordic Odense Steel Shipyard DDC International North America Boeing Rockwell Collins Lockheed Martin DDC-I, Inc. Rational Software Corp. Formal Systems Inc. Concordia University Japan RTRI (Japan Railways) JFITSGermany GAO mbH More than 150 clients world-wide in 2001

Ingeniørhøjskolen i Århus Slide 9 VDM Technology in Industry Overview of VDM Concepts  Overview of VDM-SL Semantics Industrial usage of VDM

Ingeniørhøjskolen i Århus Slide 10 VDM-SL Semantics Presentations VDM-SL Static Semantics (7 slides) VDM-SL Domain Universe (12 slides) VDM-SL Dynamic Semantics (32 slides) Unfortunately using old legacy technology

Ingeniørhøjskolen i Århus Slide 11 VDM Technology in Industry Overview of VDM Concepts Overview of VDM-SL Semantics  Industrial usage of VDM

Ingeniørhøjskolen i Århus Slide 12 ConForm (1994) Organisation: British Aerospace (UK) Domain: Security (gateway) Tools: The IFAD VDM-SL Toolbox Experience: –Prevented propagation of error –Successful technology transfer –At least 4 more applications without support Statements: –“Engineers can learn the technique in one week” –“VDMTools  can be integrated gradually into a traditional existing development process”

Ingeniørhøjskolen i Århus Slide 13 DustExpert (1995-7) Organisation: Adelard (UK) Domain: Safety (dust explosives) Tools: The IFAD VDM-SL Toolbox Experience: –Delivered on time at expected cost –Large VDM-SL specification –Testing support valuable Statement: –“Using VDMTools  we have achieved a productivity and fault density far better than industry norms for safety related systems”

Ingeniørhøjskolen i Århus Slide 14 Adelard Metrics 31 faults in Prolog and C++ (< 1/kloc) Most minor, only 1 safety-related 1 (small) design error, rest in coding

Ingeniørhøjskolen i Århus Slide 15 CAVA ( ) Organisation: Baan (Denmark) Domain: Constraint solver (Sales Configuration) Tools: The IFAD VDM-SL Toolbox Experience: –Common understanding –Faster route to prototype –Earlier testing Statement: –“VDMTools  has been used in order to increase quality and reduce development risks on high complexity products”

Ingeniørhøjskolen i Århus Slide 16 Dutch DoD (1997-8) Organisation: Origin, The Netherlands Domain: Military Tools: The IFAD VDM-SL Toolbox Experience: –Higher level of assurance –Mastering of complexity –Delivered at expected cost and on schedule –No errors detected in code after delivery Statement: –“We chose VDMTools  because of high demands on maintainability, adaptability and reliability”

Ingeniørhøjskolen i Århus Slide 17 DoD, NL Metrics (1) Estimated 12 C++ loc/h with manual coding!

Ingeniørhøjskolen i Århus Slide 18 DoD - Comparative Metrics CODINGTESTING CODINGTESTING ANALYSIS & DESIGNTraditional: VDMTools ® : Cost ANALYSIS & DESIGN % 64% 100%

Ingeniørhøjskolen i Århus Slide 19 BPS 1000 (1997-) Organisation: GAO, Germany Domain: Bank note processing Tools: The IFAD VDM-SL Toolbox Experience: –Better understanding of sensor data –Errors identified in other code – Savings on maintenance Statement: –VDMTools provides unparalleled support for design abstraction ensuring quality and control throughout the development life cycle.

Ingeniørhøjskolen i Århus Slide 20 Flower Auction (1998) Organisation: Chess, The Netherlands Domain: Financial transactions Tools: The IFAD VDM++ Toolbox Experience: –Successful combination of UML and VDM++ –Use iterative process to gain client commitment –Implementers did not even have a VDM course Statement: –“The link between VDMTools and Rational Rose is essential for understanding the UML diagrams”

Ingeniørhøjskolen i Århus Slide 21 SPOT 4 (1999) Organisation: CS-CI, France Domain: Space (payload for SPOT4 satellite) Tools: The IFAD VDM-SL Toolbox Experience: –38 % less lines of source code –36 % less overall effort –Use of automatic C++ code generation Statement: The cost of applying Formal methods is significantly lower than without them.

Ingeniørhøjskolen i Århus Slide 22 Japanese Railways ( ) Domain: Railways (database and interlocking) Experience: –Prototyping important –Now also using it for ATC system Engineer working at IFAD for two years with PROSPER proof support

Ingeniørhøjskolen i Århus Slide 23 Stock-options (2000- ) Organisation: JFITS (CSK group company), Japan Domain: Financial Tools: The IFAD VDM++ Toolbox Reason for CSK to purchase VDMTools Tax exemptionCOCOMORealized Effort38,5 person months14 person months Schedule9 months3,5 months OptionsCOCOMORealized Effort147,2 person months60,1 person months Schedule14,3 months7 months

Ingeniørhøjskolen i Århus Slide 24 Reverse Engineering (2001) Organisation: Boeing Domain: Avionics Tools: The IFAD VDM++ Toolbox Included development of Java to VDM++ reverse engineering feature

Ingeniørhøjskolen i Århus Slide 25 Optimisation (2001) Transitive Technologies, UKOrganisation: Transitive Technologies, UK Domain:EmbeddedDomain:Embedded Tools: The IFAD VDM-SL ToolboxTools: The IFAD VDM-SL Toolbox Making software independent of hardware platformMaking software independent of hardware platform

Ingeniørhøjskolen i Århus Slide 26 Further Information Applying Formal Specification in Industry. P.G. Larsen, J. Fitzgerald and T. Brookes. Published in "IEEE Software" vol. 13, no. 3, May 1996 A Lightweight Approach to Formal Methods S.Agerholm and P.G. Larsen. In Proceedings of the International Workshop on Current Trends in Applied Formal Methods, Boppard, Germany, Springer-Verlag, October Applications of VDM in Banknote Processing P. Smith and P.G. Larsen. + Application of VDM-SL to the Development of the SPOT4 Programming Messages Generator, A. Puccetti and J.Y. Tixadou + Formal Specification of an Auctioning System Using VDM++ and UML, M.Verhoef et. al. Published at the First VDM Workshop: VDM in Practice with the FM'99 Symposium, Toulouse, France, September 1999.