7f966bcef2ac1e876c6941d8f68253d0.ppt
- Количество слайдов: 24
VDM++ Tutorial Industrial Experience with VDM++
Overview l l VDMTools References The Trade. One Project l l l The VDM++ Architecture Metrics from Trade. One Summary
VDMTools References More than 150 clients world-wide France Aerospatiale Espace et Defense Dassault Aviation Dasssault Electronique CISI CEA et Defense CEA Leti Cap Gemini LAAS Matra BAe Dynamics U. K. British Aerospace Systems & Equipment British Aerospace Defense Adelard ICL Enterprise Engineering Rolls Royce Transitive Technologies Italy ENEA Ansaldo The Netherlands Dutch Dept. of Defence Origin Chess Portugal Sidereus Denmark Danish Railways Baan Nordic Odense Steel Shipyard DDC International North America Boeing Rockwell Collins Lockheed Martin DDC-I, Inc. Rational Software Corp. Formal Systems Inc. Concordia University Japan RTRI (Japan Railways) JFITS Germany GAO mb. H
Further Information l l Applying Formal Specification in Industry. P. G. Larsen, J. Fitzgerald and T. Brookes. Published in "IEEE Software" vol. 13, no. 3, May 1996 A Lightweight Approach to Formal Methods S. Agerholm and P. G. Larsen. In Proceedings of the International Workshop on Current Trends in Applied Formal Methods, Boppard, Germany, Springer -Verlag, October 1998. Applications of VDM in Banknote Processing P. Smith and P. G. Larsen. + Application of VDM-SL to the Development of the SPOT 4 Programming Messages Generator, A. Puccetti and J. Y. Tixadou + Formal Specification of an Auctioning System Using VDM++ and UML, M. Verhoef et. al. Published at the First VDM Workshop: VDM in Practice with the FM'99 Symposium, Toulouse, France, September 1999. Most accessible from http: //www. ifad. dk/publications. htm
Overview l l VDMTools References The Trade. One Project l l l The VDM++ Architecture Metrics from Trade. One Summary
The Trade. One Project l l Organisation: JFITS, Japan VDM++ Champion: Shin Sahara Back-office for trading securities Two subsystems developed using VDM++ l l Tax exemption subsystem Options subsystem
Understanding the Domain l l l Security: ownership of stocks, options, bonds. . . Option: Contract that entitles owner to buy/sell a security before a certain date Bond: Contract to pay a sum of money at a fixed interest
Overview of Trade. One
Trade. One Overall Architecture
Databases and Business Logics class Trade. One. . . instance variables protected db 1 : Data. Base 1; . . . protected db. N : Data. Base. N; operations public Business. Logic 1: . . . ==> (). . . public Business. Logic. M: . . . ==> () end Trade. One
A Layered Approach Layer Satisfying test case scenario regression test post-condition business logic business application designation + environment information hiding of DB practical DB access append, select, delete, update basic DB access undo, old value access, diff basic record structure data needed
Class Diagram with Layers
The Basic Record Structure class Record. Definition types public Key : : . . . ; public Attribute : : . . . ; public Record : : key : Key attr : Attr. Part; functions public Key. Match: Key * Record -> bool Key. Match(key, rec) ==. . . ; end Record. Definition
Basic Database Structure class Data. Base. Basic is subclass of Record. Definition. . . instance variables protected true. Set : Record. Set : = {}; protected delete. Set : Record. Set : = {}; protected append. Set : Record. Set : = {}; inv forall rec 1, rec 2 in set true. Set & rec 1. key = rec 2. key => rec 1 = rec 2; operations public Select: Key ==> Record. Set Select(key) ==. . . ; public Insert: Record ==> () Insert(rec) ==. . . ; public Delete: Key ==> () Delete(key) ==. . . ; public Update: Record ==> () Update(rec) ==. . . ; . . . end Data. Base. Basic
Practical Database Interfaces class Tax. Exemption. DBPractical is subclass of Tax. Exemption. DBBasic. . . operations public Register. Apply. Amt: Key * Money ==> () Register. Apply. Amt(key, apl. Amt) == def new. Record = mk. Record(key, apl. Amt, normal) in Insert(new. Record) pre true post Apply. Amt. Registered(key, apl. Amt); . . . end Tax. Exemption. DBPractical
A Business Logic Example class Register. Tax. Exemption. Apply. Amt is subclass of Tax. Exemption. Designation operations public Apply: Tax. Exemption. DBPractical * Key * Money ==> () Apply(DB, key, apl. Amt) == if Proper. Tax. Exemption. Apply. Amt(apl. Amt) then def rec. Set = DB. Select(key) in cases card rec. Set: (0) -> DB. Register. Apply. Amt(key, apl. Amt), (1) -> let old. Rec in set rec. Set in if Abolished. Client(old. Rec) then DB. Register. Apply. Amt(key, apl. Amt) else exit
An Example Scenario class Register. Tax. Exemption. Apply. Amt_1 is subclass of Tax. Exemption. Designation operation public Observe: Register. Tax. Exemption. Apply. Amt *Tax. Exemption. DBPractical *Key * Money ==> bool Observe(BL, DB, key, apl. Amt) == always return false in (BL. Apply(DB, key, apl. Amt); return true ) pre DB. Ready() and Proper. Tax. Exemption. Apply. Amt(apl. Amt) and def rec. Set = DB. Select(key) in rec. Set = {} post RESULT = true and DB. Apply. Amt. Registered(key, apl. Amt); . . . end Register. Tax. Exemption. Apply. Amt_1
General Test Cases class Test. Case. . . operations public Run: Scenario * Business. Logic *. . . ==> () Run(SN, BL, . . . ) == let Data. Declaration in def result = SN. Observe(BL, . . . ) in Closing; . . . end Test. Case
Overview l l VDMTools References The Trade. One Project l l l The VDM++ Archtiecture Metrics from Trade. One Summary
Overall Size of Trade. One System Total Trade. One Number of DSI (C++) 1, 342, 858 Tax exemption subsystem 18, 431 Option subsystem 60, 206
Defect Metrics What are defect ratios elsewhere? The Tax Exemption subsystem Number of defects 12 l Defect ratio 0. 65/KDSI l l l The Option subsystem l Number of defects 43 l Defect ratio 0. 71/KDSI l Measured at integration test level Overall defect ratio for Trade. One: 1. 12 Defect ratio at NASA for critical code: 0. 1/KDSI Highly tested code: 1/KDSI High quality code: 3/KDSI Normal commercial code: 30/KDSI After release (7 th May): no defects in VDM++ sub-systems!! About 350 defects in overall Trade. One system.
Productivity Metrics The Tax Exemption subsystem Estimate Realised Estimate/ Realised Effort Schedule 38. 5 MM 14 MM 36% 9 M 3. 5 M 39% The Option subsystem Estimate Realised. Estimate/ Realised Effort Schedule 147. 2 MM 60. 1 MM 14. 3 M 7 M 41% 49% • COCOMO Estimates • Based on DSI • Additional parameters • For example experience
Overview l l VDMTools References The Trade. One Project l l l The VDM++ Architecture Metrics from Trade. One Summary
Summary l Trade. One has promising results l l l Defect rates Productivity It will be interesting to follow this in the future More in the new VDM++ book Discussion