Скачать презентацию Diffusion of Formal Methods situation from 1993 Скачать презентацию Diffusion of Formal Methods situation from 1993

d9bf0506f5264e703a0fcb959263a6ca.ppt

  • Количество слайдов: 8

Diffusion of Formal Methods – situation from 1993 An International Survey of Industrial Applications Diffusion of Formal Methods – situation from 1993 An International Survey of Industrial Applications of Formal Methods • An exemplary article was made by Craigen, Gerhart and Ralston for U. S. Department of Commerce – National Institute of Standards and Technology • This slideset tells some of their findings (from 1993… Situation has changed!) • “The primary use of formal methods … are re-engineering existing systems; stabilizing system requirements…. ; Communication between and among various levels of system stakeholders (design team & QA managers); as evidence of “best practice” (regulations and standards) Company Confidential 1 © 2005 Nokia V 1 -Filename. ppt / yyyy-mm-dd / Initials

Diffusion of Formal Methods – situation from 1993 (2) • “Tool support … has Diffusion of Formal Methods – situation from 1993 (2) • “Tool support … has been found neither necessary nor sufficient for the successful application of formal methods…. Tools can be developed as needed…. The presence of a tool did not stimulate the choice to use a particular method” RECOMMENDATIONS for R&D • A need for improved integration of formal methods techniques with other sw engineering practices • Industry needs ruggedized versions of formal method tools; not research prototypes • There needs to be a notation suitable to use by individuals not expert in formal methods or mathematical logic Company Confidential 2 © 2005 Nokia V 1 -Filename. ppt / yyyy-mm-dd / Initials

Diffusion of Formal Methods – situation from 1993 (3) RECOMMENDATIONS…. • Improved automated deduction Diffusion of Formal Methods – situation from 1993 (3) RECOMMENDATIONS…. • Improved automated deduction support is required (especially for cases requiring regulatory approval) • Expansion of FM capabilities to real-time, concurrency, and asynchronous processes • Easing of transition of Formal Methods to broader user base Company Confidential 3 © 2005 Nokia V 1 -Filename. ppt / yyyy-mm-dd / Initials

Diffusion of Formal Methods – situation from 1993 (4) SUMMARY of CASES Darlington: Trip Diffusion of Formal Methods – situation from 1993 (4) SUMMARY of CASES Darlington: Trip Computer Software (DNGS) • Ontario Hydro and AECL developed computer-controlled shutdown systems for Darlington Nuclear Generation Station (DNGS). • Atomic Energy Board of Canada (AEBC) wanted more assurance on the correctness of sw before issuing the license. • Plenty of proofs (25 binders) for the correctness were produced, and license was granted • Formalism Used: SCR (Software Cost Reduction) – Excel tool that compares program functional tables with the original specifications Company Confidential 4 © 2005 Nokia V 1 -Filename. ppt / yyyy-mm-dd / Initials

Diffusion of Formal Methods – situation from 1993 (5) MGS (Multinet Gateway System) • Diffusion of Formal Methods – situation from 1993 (5) MGS (Multinet Gateway System) • Internet device providing protocol-based datagram service for the secure delivery of datagrams • 10 pages of (written) specifications described the security model • Gypsy Verification Environment (GVE) was used in verification (80 pages of formal specification) • Underlying operating system had 6000 lines of code SACEM • Program developed certified safety-critical railway signaling system. • This was profitable effort: reduced train separation from 2 min 30 seconds to 2 min while maintaining safety requirements this meant that a third railway line in Paris did not have to be constructed Company Confidential 5 © 2005 Nokia V 1 -Filename. ppt / yyyy-mm-dd / Initials

Diffusion of Formal Methods – situation from 1993 (6) SACEM • B method and Diffusion of Formal Methods – situation from 1993 (6) SACEM • B method and Hoare logic were used in verification • System consists of 9000 lines of verified code; 120 000 hours were spent on formal methods effort • System is real: it allows 60 000 passengers to be carried per hour TCAS (Traffic Alert and Collision Avoidance System) • Purpose of TCAS was to reduce risk of midair collisions between aircraft • Functions as separate system from air traffic control • Consists of 2 components: Collision Avoidance System (CAS) and surveillance system. • CAS has been formally specified (7000 lines of pseudocode). Surveillance system was work in progress at the time of writing Company Confidential 6 © 2005 Nokia V 1 -Filename. ppt / yyyy-mm-dd / Initials

Diffusion of Formal Methods – situation from 1993 (7) SSADM Toolset (Structured Systems Analysis Diffusion of Formal Methods – situation from 1993 (7) SSADM Toolset (Structured Systems Analysis and Design Method) • Z language was used to develop a formal specification of toolset infrastructure. • This resulted in 37000 lines of Objective C, and a 350 page specification Customer Information Control System (CICS) • CICS is a large transaction processing system developed by IBM. • Recent release was re-engineered using Z method. (kloc = 1000 lines of code) • CICS is about 800 kloc before the changes. 50 kloc were added to the new release • 37 kloc of the new 50 kloc were specified completely with Z; 11 kloc of the new code were partially specified with Z • IBM says that use of Z reduced development cost and error rates Company Confidential 7 © 2005 Nokia V 1 -Filename. ppt / yyyy-mm-dd / Initials

Diffusion of Formal Methods – situation from 1993 (8) Software Architecture for Oscilloscopes using Diffusion of Formal Methods – situation from 1993 (8) Software Architecture for Oscilloscopes using Z (Tektronix) • Tektronix used Z language to develop a reusable software architecture to be shared among oscilloscope products. • Z was used as a mathematical modelling language for exploring design ideas. • Software architecture is 200 kloc, and 30 pages of Z Company Confidential 8 © 2005 Nokia V 1 -Filename. ppt / yyyy-mm-dd / Initials