Скачать презентацию Industrial usage of VDM Dr Peter Gorm Larsen
8f8ecdd1ea6401060c141d62831a2923.ppt
- Количество слайдов: 26
Industrial usage of VDM Dr Peter Gorm Larsen Associate Professor University College of Aarhus + PGL Consult
Personal Background • Theoretical Work – VDM-SL Semantics (ISO standard) – VDM-SL Proof Rules (Ph. D work) • More Practical Work – – VDM and SA in combination IFAD VDMTools Transfer VDM to Industry Intensive use Industrially • Employed by – For 13 years: IFAD – For 3, 5 years: Systematic – Now: • University College of Aarhus and • PGL Consult Slide 2 Ingeniørhøjskolen i Århus
VDM Technology in Industry Ø Overview of VDM Concepts • Overview of VDM-SL Semantics • Industrial usage of VDM Slide 3 Ingeniørhøjskolen i Århus
Vienna Development Method • VDM-SL and VDM++ – ISO Standardisation of VDM-SL – VDM++ is an object-oriented extension • Model-oriented specification: – Simple, abstract data types – Invariants to restrict membership – Functional specification: • • • Referentially transparent functions Operations with side effects on state variables Implicit specification (pre/post) Explicit specification (functional or imperative) Underdeterminedness and non-determinism Slide 4 Ingeniørhøjskolen i Århus
VDM++ Class Outline class
What is VDMTools? • The VDM-SL Toolbox • The VDM++ Toolbox • Different experimental extensions: – Reverse engineering from Java to VDM++ – PROSPER for proof support on top of VDM-SL – VICE for support for real-time systems Slide 6 Ingeniørhøjskolen i Århus
VDMTools Overview ® Syntax & Type Checker Integrity Checker The Rose-VDM++ Link Interpreter (Debugger) Document Generator API (Corba), DL Facility Code Generators - C++, Java Slide 7 Ingeniørhøjskolen i Århus
References, World-wide More than 150 clients world-wide in 2001 France Aerospatiale Espace et Defense Dassault Aviation Dasssault Electronique CISI CEA et Defense CEA Leti Cap Gemini LAAS Matra Bae Dynamics U. K. British Aerospace Systems & Equipment British Aerospace Defense Adelard ICL Enterprise Engineering Rolls Royce Transitive Technologies Italy ENEA Ansaldo The Netherlands Dutch Dept. of Defence Origin Chess Portugal Sidereus Denmark Baan Nordic Odense Steel Shipyard DDC International Slide 8 North America Boeing Rockwell Collins Lockheed Martin DDC-I, Inc. Rational Software Corp. Formal Systems Inc. Concordia University Japan RTRI (Japan Railways) JFITS Germany GAO mb. H Ingeniørhøjskolen i Århus
VDM Technology in Industry ü Overview of VDM Concepts Ø Overview of VDM-SL Semantics • Industrial usage of VDM Slide 9 Ingeniørhøjskolen i Århus
VDM-SL Semantics Presentations • • VDM-SL Static Semantics (7 slides) VDM-SL Domain Universe (12 slides) VDM-SL Dynamic Semantics (32 slides) Unfortunately using old legacy technology Slide 10 Ingeniørhøjskolen i Århus
VDM Technology in Industry ü Overview of VDM Concepts ü Overview of VDM-SL Semantics Ø Industrial usage of VDM Slide 11 Ingeniørhøjskolen i Århus
Con. Form (1994) • Organisation: British Aerospace (UK) • Domain: Security (gateway) • Tools: The IFAD VDM-SL Toolbox • Experience: – Prevented propagation of error – Successful technology transfer – At least 4 more applications without support • Statements: – “Engineers can learn the technique in one week” – “VDMTools can be integrated gradually into a traditional existing development process” Slide 12 Ingeniørhøjskolen i Århus
Dust. Expert (1995 -7) • • Organisation: Adelard (UK) Domain: Safety (dust explosives) Tools: The IFAD VDM-SL Toolbox Experience: – Delivered on time at expected cost – Large VDM-SL specification – Testing support valuable • Statement: – “Using VDMTools we have achieved a productivity and fault density far better than industry norms for safety related systems” Slide 13 Ingeniørhøjskolen i Århus
Adelard Metrics • 31 faults in Prolog and C++ (< 1/kloc) • Most minor, only 1 safety-related • 1 (small) design error, rest in coding Slide 14 Ingeniørhøjskolen i Århus
CAVA (1998 -2000) • Organisation: Baan (Denmark) • Domain: Constraint solver (Sales Configuration) • Tools: The IFAD VDM-SL Toolbox • Experience: – Common understanding – Faster route to prototype – Earlier testing • Statement: – “VDMTools has been used in order to increase quality and reduce development risks on high complexity products” Slide 15 Ingeniørhøjskolen i Århus
Dutch Do. D (1997 -8) • Organisation: Origin, The Netherlands • Domain: Military • Tools: The IFAD VDM-SL Toolbox • Experience: – Higher level of assurance – Mastering of complexity – Delivered at expected cost and on schedule – No errors detected in code after delivery • Statement: – “We chose VDMTools because of high demands on maintainability, adaptability and reliability” Slide 16 Ingeniørhøjskolen i Århus
Do. D, NL Metrics (1) • Estimated 12 C++ loc/h with manual coding! Slide 17 Ingeniørhøjskolen i Århus
Do. D - Comparative Metrics Traditional: 900 2000 ANALYSIS & DESIGN CODING 700 TESTING VDMTools®: 1200 ANALYSIS & DESIGN 500 CODING 600 TESTING 100% 64% 0% Slide 18 Cost Ingeniørhøjskolen i Århus
BPS 1000 (1997 -) • • Organisation: GAO, Germany Domain: Bank note processing Tools: The IFAD VDM-SL Toolbox Experience: – Better understanding of sensor data – Errors identified in other code – Savings on maintenance • Statement: – VDMTools provides unparalleled support for design abstraction ensuring quality and control throughout the development life cycle. Slide 19 Ingeniørhøjskolen i Århus
Flower Auction (1998) • Organisation: Chess, The Netherlands • Domain: Financial transactions • Tools: The IFAD VDM++ Toolbox • Experience: – Successful combination of UML and VDM++ – Use iterative process to gain client commitment – Implementers did not even have a VDM course • Statement: – “The link between VDMTools and Rational Rose is essential for understanding the UML diagrams” Slide 20 Ingeniørhøjskolen i Århus
SPOT 4 (1999) • Organisation: CS-CI, France • Domain: Space (payload for SPOT 4 satellite) • Tools: The IFAD VDM-SL Toolbox • Experience: – 38 % less lines of source code – 36 % less overall effort – Use of automatic C++ code generation • Statement: The cost of applying Formal methods is significantly lower than without them. Slide 21 Ingeniørhøjskolen i Århus
Japanese Railways (2000 -2001) • Domain: Railways (database and interlocking) • Experience: – Prototyping important – Now also using it for ATC system • Engineer working at IFAD for two years with PROSPER proof support Slide 22 Ingeniørhøjskolen i Århus
Stock-options (2000 - ) • • Organisation: JFITS (CSK group company), Japan Domain: Financial Tools: The IFAD VDM++ Toolbox Reason for CSK to purchase VDMTools Tax exemption COCOMO Effort 38, 5 person months Realized 14 person months Schedule 9 months 3, 5 months Options Effort COCOMO Realized 147, 2 person months 60, 1 person months Schedule 14, 3 months Slide 23 7 months Ingeniørhøjskolen i Århus
Reverse Engineering (2001) • • Organisation: Boeing Domain: Avionics Tools: The IFAD VDM++ Toolbox Included development of Java to VDM++ reverse engineering feature Slide 24 Ingeniørhøjskolen i Århus
Optimisation (2001) • • Organisation: Transitive Technologies, UK Domain: Embedded Tools: The IFAD VDM-SL Toolbox Making software independent of hardware platform Slide 25 Ingeniørhøjskolen i Århus
Further Information • Applying Formal Specification in Industry. P. G. Larsen, J. Fitzgerald and T. Brookes. Published in "IEEE Software" vol. 13, no. 3, May 1996 • A Lightweight Approach to Formal Methods S. Agerholm and P. G. Larsen. In Proceedings of the International Workshop on Current Trends in Applied Formal Methods, Boppard, Germany, Springer-Verlag, October 1998. • Applications of VDM in Banknote Processing P. Smith and P. G. Larsen. + Application of VDM-SL to the Development of the SPOT 4 Programming Messages Generator, A. Puccetti and J. Y. Tixadou + Formal Specification of an Auctioning System Using VDM++ and UML, M. Verhoef et. al. Published at the First VDM Workshop: VDM in Practice with the FM'99 Symposium, Toulouse, France, September 1999. Slide 26 Ingeniørhøjskolen i Århus