Presentation is loading. Please wait.

Presentation is loading. Please wait.

March 2006VDM Technology in Industry1 Peter Gorm Larsen.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "March 2006VDM Technology in Industry1 Peter Gorm Larsen."— Presentation transcript:

1 March 2006VDM Technology in Industry1 Peter Gorm Larsen

2 March 2006VDM Technology in Industry2 Personal Background Theoretical Work VDM-SL Semantics (ISO standard) VDM-SL Proof Rules (PhD work) More Practical Work VDM and SA in combination IFAD VDMTools Transfer VDM to Industry Intensive use Industrially Employed by For 13 years: IFAD For 3,5 years: Systematic For ¾ year: Engineering College of Aarhus

3 March 2006VDM Technology in Industry3  Where does VDM fit in? IFAD Clients Experiences ”Bootstrapping” VDMTools Overview of VDMTools Vision for the future

4 March 2006VDM Technology in Industry4 The Life-cycle Model CodingUnit Test Software Design Module Test System Analysis System Test Where does the VDM technology fit in?

5 March 2006VDM Technology in Industry5 VDM for Requirements Analysis CodingUnit Test Software Design Module Test System Analysis System Test VDM Model Test Cases Animation Modelling & Validation

6 March 2006VDM Technology in Industry6 VDM for Analysis & Design Coding Software Design Module Test System Analysis System Test VDM Model Test Cases Animation Modelling & Validation Unit Test

7 March 2006VDM Technology in Industry7 VDM for the Full Life-cycle Model Unit Test Software Design Module Test System Analysis System Test VDM Model Test Cases Animation Code Generation Modelling & Validation

8 March 2006VDM Technology in Industry8 Where does VDM fit in?  IFAD Clients Experiences ”Bootstrapping” VDMTools Overview of VDMTools Vision for the future

9 March 2006VDM Technology in Industry9 References, World-wide, 2001 France Aerospatiale Espace et Defense Dassault Aviation Dasssault Electronique CISI CEA et Defense CEA Leti Cap Gemini LAAS Matra Bae Dynamics U.K. British Aerospace Systems & Equipment British Aerospace Defense Adelard ICL Enterprise Engineering Rolls Royce Transitive Technologies ItalyENEAAnsaldo The Netherlands Dutch Dept. of Defence OriginChessPortugalSidereusDenmark Baan Nordic Odense Steel Shipyard DDC International North America Boeing Rockwell Collins Lockheed Martin DDC-I, Inc. Rational Software Corp. Formal Systems Inc. Concordia University Japan RTRI (Japan Railways) JFITSGermany GAO mbH More than 150 clients world-wide

10 March 2006VDM Technology in Industry10 ConForm (1994) Organisation: British Aerospace (UK) Domain: Security (gateway) Tools: The IFAD VDM-SL Toolbox Experience: Prevented propagation of error Successful technology transfer At least 4 more applications without support Statements: “Engineers can learn the technique in one week” “VDMTools  can be integrated gradually into a traditional existing development process”

11 March 2006VDM Technology in Industry11 DustExpert (1995-7) Organisation: Adelard (UK) Domain: Safety (dust explosives) Tools: The IFAD VDM-SL Toolbox Experience: Delivered on time at expected cost Large VDM-SL specification Testing support valuable Statement: “Using VDMTools  we have achieved a productivity and fault density far better than industry norms for safety related systems”

12 March 2006VDM Technology in Industry12 Adelard Metrics 31 faults in Prolog and C++ (< 1/kloc) Most minor, only 1 safety-related 1 (small) design error, rest in coding

13 March 2006VDM Technology in Industry13 CAVA (1998-) Organisation: Baan (Denmark) Domain: Constraint solver (Sales Configuration) Tools: The IFAD VDM-SL Toolbox Experience: Common understanding Faster route to prototype Earlier testing Statement: “VDMTools  has been used in order to increase quality and reduce development risks on high complexity products”

14 March 2006VDM Technology in Industry14 Dutch DoD (1997-8) Organisation: Origin, The Netherlands Domain: Military Tools: The IFAD VDM-SL Toolbox Experience: Higher level of assurance Mastering of complexity Delivered at expected cost and on schedule No errors detected in code after delivery Statement: “We chose VDMTools  because of high demands on maintainability, adaptability and reliability”

15 March 2006VDM Technology in Industry15 DoD, NL Metrics (1) Estimated 12 C++ loc/h with manual coding!

16 March 2006VDM Technology in Industry16 DoD - Comparative Metrics CODINGTESTING CODINGTESTING ANALYSIS & DESIGNTraditional: VDMTools ® : Cost ANALYSIS & DESIGN 9002000700 1200500600 0% 64% 100%

17 March 2006VDM Technology in Industry17 BPS 1000 (1997-) Organisation: GAO, Germany Domain: Bank note processing Tools: The IFAD VDM-SL Toolbox Experience: Better understanding of sensor data Errors identified in other code Savings on maintenance Statement: VDMTools provides unparalleled support for design abstraction ensuring quality and control throughout the development life cycle.

18 March 2006VDM Technology in Industry18 Flower Auction (1998) Organisation: Chess, The Netherlands Domain: Financial transactions Tools: The IFAD VDM++ Toolbox Experience: Successful combination of UML and VDM++ Use iterative process to gain client commitment Implementers did not even have a VDM course Statement: “The link between VDMTools and Rational Rose is essential for understanding the UML diagrams”

19 March 2006VDM Technology in Industry19 SPOT 4 (1999) Organisation: CS-CI, France Domain: Space (payload for SPOT4 satellite) Tools: The IFAD VDM-SL Toolbox Experience: 38 % less lines of source code 36 % less overall effort Use of automatic C++ code generation Statement: The cost of applying Formal methods is significantly lower than without them.

20 March 2006VDM Technology in Industry20 K-LINE Organisation: Sidereus, Portugal Domain: reverse engineering of database systems Tools: The IFAD VDM-SL/++ Toolbox Experience: Development of a tool for FM-based data-intensive operations (data-migration and data-quality) Semi-automatic generation of ISO/IEC 13817-1 abstract descriptions out of informal or poorly structured meta-data. Statement: Formal properties of data provide a firm basis for quality control in maintaining legacy information systems, thus saving costs in data cleansing/reverse specification contracts.

21 March 2006VDM Technology in Industry21 IFAD VDM Applications VDMTools VDM interpreter VDM static semantics VDM to C++ code generator Specification manager UML mapper Java static semantics Java VDM++ translator MUSTER: Emergency response training

22 March 2006VDM Technology in Industry22 Japanese Railways (2000-2001) Domain: Railways (database and interlocking) Experience: Prototyping important Now also using it for ATC system Engineer working at IFAD for two years

23 March 2006VDM Technology in Industry23 Stock-options (2000- ) Organisation: JFITS, Japan Domain: Financial Tools: The IFAD VDM++ Toolbox Ongoing and still expanding

24 March 2006VDM Technology in Industry24 Further Information Applying Formal Specification in Industry. P.G. Larsen, J. Fitzgerald and T. Brookes. Published in "IEEE Software" vol. 13, no. 3, May 1996 A Lightweight Approach to Formal Methods S.Agerholm and P.G. Larsen. In Proceedings of the International Workshop on Current Trends in Applied Formal Methods, Boppard, Germany, Springer-Verlag, October 1998. Applications of VDM in Banknote Processing P. Smith and P.G. Larsen. + Application of VDM-SL to the Development of the SPOT4 Programming Messages Generator, A. Puccetti and J.Y. Tixadou + Formal Specification of an Auctioning System Using VDM++ and UML, M.Verhoef et. al. Published at the First VDM Workshop: VDM in Practice with the FM'99 Symposium, Toulouse, France, September 1999.

25 March 2006VDM Technology in Industry25 VDM Technology in Industry Where does VDM fit in? IFAD Clients Experiences  ”Bootstrapping” VDMTools Overview of VDMTools Vision for the future

26 March 2006VDM Technology in Industry26 Development Choices Taken Executable models þTesting and animation Partial “analysis” (validation) þSystem level testing Code generation þVDM for source code  Formal refinement and formal verification

27 March 2006VDM Technology in Industry27 Staff Overview PGL PBL MA ETN HC HV NK JNJ SA LTO JWT OS JKP KS PM 91929394959697989900 NP MV KdB CABFBA SN JKP VSJKP WS JSF GWOO +JR+ML+RM

28 March 2006VDM Technology in Industry28 Development Environment GNU C++/Visual C++ Generic VDM C++ library GUI: Previously:Tcl/Tk, Now: Qt flex and bison CVS/Ediff version control OSs: Windows, Linux, Unix Test environments Development procedures

29 March 2006VDM Technology in Industry29 VDM++ The “Bootstrapping” Process VDM-SL DS spec VDM-SL DS impl VDM-SL SM spec VDM-SL SM impl VDM-SL PM spec VDM-SL PM impl VDM-SL CG spec VDM-SL CG impl VDM-SL SS spec VDM-SL SS impl Implicit time line

30 March 2006VDM Technology in Industry30 Specification Sizes

31 March 2006VDM Technology in Industry31 Component Categories Purely hand-coded VDM + hand coding VDM + code generation

32 March 2006VDM Technology in Industry32 Purely Hand-coded Components Scanner/parser (lex/yacc) pretty-printer (simple C++ component) GUI (previously: Tcl/Tk, now: Qt) Interface to third party tools Rational Rose Corba for API ML for HOL Generic VDM C++ library

33 March 2006VDM Technology in Industry33 VDM + Hand Coding Dynamic semantics (SL and ++) Static semantics (SL and ++) Java/C++ Code generators (SL and ++) Test environments for each component Reused at implementation level Java/C++ code generators now themselves partially code generated

34 March 2006VDM Technology in Industry34 Maintenance Approach Bugs first reproduced at specification level Tested using the VDM debugger Check that all tests are satisfactory Implement changes of specification Rerun all tests at implementation level

35 March 2006VDM Technology in Industry35 VDM + code generation Animator for SA/RT Specification Manager (SL and ++) VDM++ to/from UML translation Proof support (SL) Parts of GUI now code generated VDM model becomes source Trade-off with abstraction

36 March 2006VDM Technology in Industry36 Further Information An Executable Subset of Meta-IV with Loose Specification, P.G. Larsen, P.B. Lassen, VDM '91: Formal Software Development Methods, 1991 The IFAD VDM-SL Toolbox: A Practical Approach to Formal Specifications, R. Elmstrøm, P.G. Larsen, P.B. Lassen, ACM Sigplan Notices, September 1994 Computer-aided Validation of Formal Specifications, P. Mukherjee, Software Engineering Journal, July 1995 Ten Years of Historical Development - ”Bootstrapping” VDMTools, P.G. Larsen, Journal of Universal Computer Science, 2001

37 March 2006VDM Technology in Industry37 VDM Technology in Industry Where does VDM fit in? IFAD Clients Experiences ”Bootstrapping” VDMTools  Overview of VDMTools Vision for the future

38 March 2006VDM Technology in Industry38 VDMTools ® Overview The Rose-VDM++ Link Document Generator Code Generators - C++, Java Syntax & Type Checker API (Corba), DL Facility Interpreter (Debugger)Integrity CheckerJava to VDM++

39 March 2006VDM Technology in Industry39 Japanese Support via Unicode

40 March 2006VDM Technology in Industry40 Validation with VDMTools ® VDM specs Test cases Expected results Actual results Comparison Execution

41 March 2006VDM Technology in Industry41 Documentation in MS Word/RTF One compound document: Documentation Specification Test coverage Test coverage statistics

42 March 2006VDM Technology in Industry42 Architecture of the Rose VDM++ Link VDM++ Toolbox Rational Rose 2000 ClassRepositoryClassRepository Merge Tool VDM++ Files UMLDiagrams UML model file

43 March 2006VDM Technology in Industry43 Integrity checker

44 March 2006VDM Technology in Industry44 Reference Material The VDM++ Language for VICE, CSK, 2005 The VDM++ User Manual, CSK, 2005 The VDM++ Installation Guide, CSK, 2005 Rational Rose Link Plug-in Installation and User Guide, CSK, 2005

45 March 2006VDM Technology in Industry45 Further Information An Executable Subset of Meta-IV with Loose Specification, P.G. Larsen, P.B. Lassen, VDM '91: Formal Software Development Methods, 1991An Executable Subset of Meta-IV with Loose Specification The IFAD VDM-SL Toolbox: A Practical Approach to Formal Specifications, R. Elmstrøm, P.G. Larsen, P.B. Lassen, ACM Sigplan Notices, September 1994The IFAD VDM-SL Toolbox: A Practical Approach to Formal Specifications Computer-aided Validation of Formal Specifications, P. Mukherjee, Software Engineering Journal, July 1995 Ten Years of Historical Development - ”Bootstrapping” VDMTools, P.G. Larsen, Journal of Universal Computer Science, 2001Ten Years of Historical Development - ”Bootstrapping” VDMTools

46 March 2006VDM Technology in Industry46 VDM Technology in Industry Where does VDM fit in? IFAD Clients Experiences ”Bootstrapping” VDMTools Overview of VDMTools  Vision for the future

47 March 2006VDM Technology in Industry47 VDMTools future IFAD went bankrupt April 2004 CSK (mother company for JFITS) from Japan bought the IPR for VDMTools from the bankruptcy VDMTools executable and documentation is available again Academic version Non-commercial version Commercial version A new book on VDM++ was released January 2005

48 March 2006VDM Technology in Industry48 Overture – an open-source initiative Based on the Eclipse platform Extendible open VDM++ tool support Initial tool support produced in MSc project in NL MSc project carried out at TUD Jacob Porsborg Nielsen and Jens Kielsgaard Hansen New MSc project at Aarhus University Thomas Christensen Aimed for Academic research around the globe Eventually industrial quality support If this succeeds VDMTools may stop Workshop about Overture was held at FM’05

49 March 2006VDM Technology in Industry49 Extending VDM++ with better support for distributed real-time Today embedded real-time systems are increasingly distributed Hard to master complexity within tight time schedules Current research work extend VDM++ with better support for describing and analyzing this Possibility to use CPU’s and BUS’es inside system Deployment of objects to CPUs Setting priorities of operations Introduction of asynchronous operations Cycles statement in addition to duration statement

50 March 2006VDM Technology in Industry50 Volume Knob Transmit TMC environment model system model HandleKeyPress AdjustVolume UpdateVolume HandleTMC DecodeTMC CPU1 CPU2 CPU3 stimulus response stimulus response application view deployment view computation view communication view UpdateTMC Case study overview

51 March 2006VDM Technology in Industry51 In-car navigation case study system RadNavSys instance variables -- create an MMI class instance static public mmi : MMI := new MMI(); -- define the first CPU with fixed priority scheduling and 22E6 MIPS CPU1 : CPU := new CPU (, 22E6); -- create an Radio class instance static public radio : Radio := new Radio(); -- define the second CPU with fixed priority scheduling and 11E6 MIPS CPU2 : CPU := new CPU (, 11E6); -- create an Navigation class instance static public navigation : Navigation := new Navigation(); -- define the third CPU with fixed priority scheduling and 113 MIPS CPU3 : CPU := new CPU (, 113E6); -- create a communication bus that links the three CPU's together BUS1 : BUS := new BUS (, 72E3, {CPU1, CPU2, CPU3})...

52 March 2006VDM Technology in Industry52 In-car navigation case study operations public RadNavSys: () ==> RadNavSys RadNavSys () == ( -- deploy mmi on CPU1 CPU1.deploy(mmi,"MMIT"); CPU1.setPriority("HandleKeyPress",100); CPU1.setPriority("UpdateScreen",90); -- deploy radio on CPU2 CPU2.deploy(radio,"RadioT"); CPU2.setPriority("AdjustVolume",100); CPU2.setPriority("DecodeTMC",90); -- deploy navigation on CPU3 CPU3.deploy(navigation,"NavT"); CPU3.setPriority("DatabaseLookup", 100); CPU3.setPriority("DecodeTMC", 90) ); end RadNavSys

53 March 2006VDM Technology in Industry53 An email from an old (very good) student … At that time I understood that a formal specification would be an advantage for big projects but I had no idea how desperately this is also needed in smaller projects when there are many people involved. Today I do know: At the moment I am working at BMW in the communications department. We work on the integration of the car telephone (including a telematics unit with GPS coordinates) into the overall car. There is a lot of interaction between the telephone and the HMI of the car and there are different versions and types of all the involved devices. There are also five companies (BMW, Motorola, Siemens VDO, Harmann-becker, Alpine) who develop the different units. The system should not be so complex because many of the devices should (!) behave similarly. But the specifications we write are English plain text (hundreds of pages), in our department more than 10 people are involved and we do not know anymore how the devices will behave ourselves...every external company has an own interpretation of the specs and this interpretation changes over time. If you ask the same person twice you get different answers (I frankly admit that I am no exception)... You can imagine how "efficient" everything is and its a miracle that the system still works (with a number of bugs though)...

54 March 2006VDM Technology in Industry54 Go out and use the principles at least!

Download ppt "March 2006VDM Technology in Industry1 Peter Gorm Larsen."

Similar presentations

October 2007Potential thesis projects1 Peter Gorm Larsen Professor (ingeniørdocent) at Engineering College of Aarhus.

October 2007Potential thesis projects1 Peter Gorm Larsen Professor (ingeniørdocent) at Engineering College of Aarhus.
© Chinese University, CSE Dept. Software Engineering / 1 - 1 Software Engineering Topic 1: Software Engineering: A Preview Your Name: ____________________.

© Chinese University, CSE Dept. Software Engineering / Software Engineering Topic 1: Software Engineering: A Preview Your Name: ____________________.
Software Processes Coherent sets of activities for specifying, designing, implementing and testing software systems.

Software Processes Coherent sets of activities for specifying, designing, implementing and testing software systems.
Software Modeling SWE5441 Lecture 3 Eng. Mohammed Timraz

Software Modeling SWE5441 Lecture 3 Eng. Mohammed Timraz
IFAD www.ifad.dk Dr Peter Gorm Larsen IFAD A/S Forskerparken 10A DK-5230 Odense M Denmark Ten Years of Historical Development “Bootstrapping” VDMTools.

IFAD Dr Peter Gorm Larsen IFAD A/S Forskerparken 10A DK-5230 Odense M Denmark Ten Years of Historical Development “Bootstrapping” VDMTools.
Sequence Diagram Generation & Validation MSE First Presentation Samer Saleh Advisor: Bill Hankley.

Sequence Diagram Generation & Validation MSE First Presentation Samer Saleh Advisor: Bill Hankley.
Demonstration of VDMTools®

Demonstration of VDMTools®
Software Engineering 1 Evolutionary Processes Lesson 11.

Software Engineering 1 Evolutionary Processes Lesson 11.
Software Engineering COMP 201

Software Engineering COMP 201
Software Quality Metrics

Software Quality Metrics
Requirements Analysis 5. 1 CASE - 2005b505.ppt © Copyright De Montfort University 2000 All Rights Reserved INFO2005 Requirements Analysis CASE Computer.

Requirements Analysis 5. 1 CASE b505.ppt © Copyright De Montfort University 2000 All Rights Reserved INFO2005 Requirements Analysis CASE Computer.
March 2009Tools for VDM in Industry1 Professor Peter Gorm Larsen Engineering College of Aarhus Also adjunct professor at Aarhus.

March 2009Tools for VDM in Industry1 Professor Peter Gorm Larsen Engineering College of Aarhus Also adjunct professor at Aarhus.
August 2006 1 Two courses on VDM++ for Embedded Systems: Learning by Doing Professor Peter Gorm Larsen Engineering College of Aarhus Computer Technology.

August Two courses on VDM++ for Embedded Systems: Learning by Doing Professor Peter Gorm Larsen Engineering College of Aarhus Computer Technology.
February 2008Potential thesis projects1 Peter Gorm Larsen Professor (ingeniørdocent) at Engineering College of Aarhus.

February 2008Potential thesis projects1 Peter Gorm Larsen Professor (ingeniørdocent) at Engineering College of Aarhus.
Industrial usage of VDM Dr Peter Gorm Larsen Associate Professor University College of Aarhus + PGL Consult.

Industrial usage of VDM Dr Peter Gorm Larsen Associate Professor University College of Aarhus + PGL Consult.
Copyright  2001 - Larry Dribin, Ph.D. SE470_EngFlows_v1.ppt SE470 EngFlows - 1 Excellence in Software Engineering Repeatable Level Defined Level Manage.

Copyright  Larry Dribin, Ph.D. SE470_EngFlows_v1.ppt SE470 EngFlows - 1 Excellence in Software Engineering Repeatable Level Defined Level Manage.
March 2008Tools for VDM in Industry1 Professor Peter Gorm Larsen Engineering College of Aarhus

March 2008Tools for VDM in Industry1 Professor Peter Gorm Larsen Engineering College of Aarhus
Software Engineering Module 1 -Components Teaching unit 3 – Advanced development Ernesto Damiani Free University of Bozen - Bolzano Lesson 2 – Components.

Software Engineering Module 1 -Components Teaching unit 3 – Advanced development Ernesto Damiani Free University of Bozen - Bolzano Lesson 2 – Components.
Supplement 02CASE Tools1 Supplement 02 - Case Tools And Franchise Colleges By MANSHA NAWAZ.

Supplement 02CASE Tools1 Supplement 02 - Case Tools And Franchise Colleges By MANSHA NAWAZ.
Department of Computer Science & Engineering College of Engineering Dr. Betty H.C. Cheng, Laura A. Campbell, Sascha Konrad The demand for distributed real-time.

Department of Computer Science & Engineering College of Engineering Dr. Betty H.C. Cheng, Laura A. Campbell, Sascha Konrad The demand for distributed real-time.

Similar presentations

Ads by Google