Скачать презентацию C L E A R S Y Formalized Скачать презентацию C L E A R S Y Formalized

3feafb03d6e8a5b19ad8c822a26de2dd.ppt

  • Количество слайдов: 13

C L E A R S Y Formalized Operation Principles Denis SABATIER C L E A R S Y Formalized Operation Principles Denis SABATIER

The PEUGEOT project : principle Source documents : design specifications DS STE Interviews, mails The PEUGEOT project : principle Source documents : design specifications DS STE Interviews, mails & phone B Modelizations B Event-driven B CLEARSY/PRES/COP Re-translation into natural language B Formalized Operation Principles (FOP)

Expected benefits Pressing the remote control button should unlock the doors Door state(i) : Expected benefits Pressing the remote control button should unlock the doors Door state(i) : {locked, unlocked} handle state(i) : {raised, normal} HF event = Door state(i) : = unlocked for i = ? ? ? Trunk ? Works if handle raised ? Consistency Completeness No ambiguous statements Uniform level of detail B Remove ambiguous statements discover missing information CLEARSY/PRES/COP

The chosen level of detail : replacable units Divide the car into Replacable Units The chosen level of detail : replacable units Divide the car into Replacable Units Define the behavior of each Replacable Unit What it should do in every situation Interfaces : define the semantics, not the format FOP + Interface format documents = you can predict what messages and signals are exchanged in every situation CLEARSY/PRES/COP

Proof Standart use of B: Abstract B model (specification) Less abstract B model (design) Proof Standart use of B: Abstract B model (specification) Less abstract B model (design) B invariants (consistency, simple functionnal properties) B model (design specification) The B theory tells what predicates must be proven Theorem prover (Atelier B) CLEARSY/PRES/COP

Size & Costs Project duration : from june 99 to dec 01 2 vehicles Size & Costs Project duration : from june 99 to dec 01 2 vehicles (307, 206 mux) About 2 x 150, 000 lines of documents produced All domains From motor to radio player 1 st vehicle ~ 14 man. year, 2 nd ~ 5. 6 m. y. CLEARSY/PRES/COP

Key points Directive sentences No pseudo programming! « Write models that are the best Key points Directive sentences No pseudo programming! « Write models that are the best way you find to describe (predict) how the system reacts » « Your models should be usable to predict the system's reactions without pseudo executing the models » « Do not use any abstract variable that don't represent something in real life » Link the model to reality « whatever the real situation is, you should always be able to tell what are the values of the abstract variables corresponding to this situation, and what are the B events corresponding to the observed events » Even if such a valuation would require unfeasible measurements or unknown key values. . . CLEARSY/PRES/COP

Results Very efficient to find missing information Formalization forces consistent definition of each detail Results Very efficient to find missing information Formalization forces consistent definition of each detail from the specifications Can be done by a complete team of engineers Efficent questions for domain experts interviews When information is missing, B Models are completed using hypotheses; hypotheses become questions But. . . Formalized documents made afterward are difficult to insert in the product's process Formalization quality depends upon capacity of abstraction Model quality cannot be checked by compiling and running CLEARSY/PRES/COP

Model accuracy No automated tests between source documents and B models Because source documents Model accuracy No automated tests between source documents and B models Because source documents are informal No automated tests between the real device and B models Tests can be done, but won't be exhaustive Next step: early formalization and formal development More proofs ! CLEARSY/PRES/COP

Next Find true functions' laws at car level Car level B models First models: Next Find true functions' laws at car level Car level B models First models: level = replacable units Replacable units level B models as refinements Many people asked for a more global level of description Replacable unit level necessary for car diagnosys Global descriptions done informally difficult. . . FOP engineers want to prove their models against an more global level CLEARSY/PRES/COP

Industrial point of view Goal = « the project & product must be a Industrial point of view Goal = « the project & product must be a commercial success » « product 100% functionnal » is not directly a goal Sub-goal 1: time & cost of the project to minimum required Sub-goal 2: product satisfies the customer's needs The rôle of formal methods : Master the complexity To control projects' time & costs To obtain products that meet customer needs Formal methods payback Difficult to measure Measurements exists (ex: METEOR), but discussion also exists Still perceived as a matter of conviction Need to gather more and more industrial success stories CLEARSY/PRES/COP

Trends (now) Abstract Formal Methods Concrete =Manual =Automated CLEARSY/PRES/COP Marketing studies High level requirements Trends (now) Abstract Formal Methods Concrete =Manual =Automated CLEARSY/PRES/COP Marketing studies High level requirements Research General design Architecture design Detailed requirements Module requirements Interfaces Code generation Tests / Compiling Hardware design

Trends (next) Abstract Formal Methods Concrete =Manual =Automated CLEARSY/PRES/COP Marketing studies High level requirements Trends (next) Abstract Formal Methods Concrete =Manual =Automated CLEARSY/PRES/COP Marketing studies High level requirements Research General design Architecture design Detailed requirements Module requirements Interfaces Code generation Tests / Compiling Hardware design