1 / 54

Tools for VDM in Industry

Tools for VDM in Industry. Peter Gorm Larsen. Personal Background. Theoretical Work VDM-SL Semantics (ISO standard) VDM-SL Proof Rules (PhD work) More Practical Work VDM and SA in combination IFAD VDMTools Transfer VDM to Industry Intensive use Industrially Employed by

pierce
Download Presentation

Tools for VDM in Industry

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Tools for VDM in Industry Peter Gorm Larsen Tools for VDM in Industry

  2. Personal Background • Theoretical Work • VDM-SL Semantics (ISO standard) • VDM-SL Proof Rules (PhD work) • More Practical Work • VDM and SA in combination • IFAD VDMTools • Transfer VDM to Industry • Intensive use Industrially • Employed by • For 13 years: IFAD • For 3,5 years: Systematic • For 2 years: Engineering College of Aarhus Tools for VDM in Industry

  3. Tools for VDM in Industry • IFAD Clients Experiences • ”Bootstrapping” VDMTools • Overview of VDMTools • The Overture/Eclipse Initiative • Vision for the future Tools for VDM in Industry

  4. References, World-wide, 2001 More than 150 VDMTools clients world-wide France Aerospatiale Espace et Defense Dassault Aviation Dasssault Electronique CISI CEA et Defense CEA Leti Cap Gemini LAAS Matra Bae Dynamics U.K. British Aerospace Systems & Equipment British Aerospace Defense Adelard ICL Enterprise Engineering Rolls Royce Transitive Technologies North America Boeing Rockwell Collins Lockheed Martin DDC-I, Inc. Rational Software Corp. Formal Systems Inc. Concordia University Japan RTRI (Japan Railways) JFITS Felica Networks Germany GAO mbH Italy ENEA Ansaldo The Netherlands Dutch Dept. of Defence Origin Chess Portugal Sidereus Denmark Baan Nordic Odense Steel Shipyard DDC International Tools for VDM in Industry

  5. ConForm (1994) • Organisation: British Aerospace (UK) • Domain: Security (gateway) • Tools: The CSK VDM-SL Toolbox • Experience: • Prevented propagation of error • Successful technology transfer • At least 4 more applications without support • Statements: • “Engineers can learn the technique in one week” • “VDMTools can be integrated gradually into a traditional existing development process” Tools for VDM in Industry

  6. DustExpert (1995-7) • Organisation: Adelard (UK) • Domain: Safety (dust explosives) • Tools: The CSK VDM-SL Toolbox • Experience: • Delivered on time at expected cost • Large VDM-SL specification • Testing support valuable • Statement: • “Using VDMTools we have achieved a productivity and fault density far better than industry norms for safety related systems” Tools for VDM in Industry

  7. Adelard Metrics • 31 faults in Prolog and C++ (< 1/kloc) • Most minor, only 1 safety-related • 1 (small) design error, rest in coding Tools for VDM in Industry

  8. CAVA (1998-) • Organisation: Baan (Denmark) • Domain: Constraint solver (Sales Configuration) • Tools: The CSK VDM-SL Toolbox • Experience: • Common understanding • Faster route to prototype • Earlier testing • Statement: • “VDMTools has been used in order to increase quality and reduce development risks on high complexity products” Tools for VDM in Industry

  9. Dutch DoD (1997-8) • Organisation: Origin, The Netherlands • Domain: Military • Tools: The CSK VDM-SL Toolbox • Experience: • Higher level of assurance • Mastering of complexity • Delivered at expected cost and on schedule • No errors detected in code after delivery • Statement: • “We chose VDMToolsbecause of high demands on maintainability, adaptability and reliability” Tools for VDM in Industry

  10. DoD, NL Metrics (1) • Estimated 12 C++ loc/h with manual coding! Tools for VDM in Industry

  11. Traditional: 900 2000 700 CODING TESTING ANALYSIS & DESIGN VDMTools®: 1200 500 600 ANALYSIS & DESIGN CODING TESTING 100% 64% 0% Cost DoD - Comparative Metrics Tools for VDM in Industry

  12. BPS 1000 (1997-) • Organisation: GAO, Germany • Domain: Bank note processing • Tools: The CSK VDM-SL Toolbox • Experience: • Better understanding of sensor data • Errors identified in other code • Savings on maintenance • Statement: • VDMTools provides unparalleled support for design abstraction ensuring quality and control throughout the development life cycle. Tools for VDM in Industry

  13. Flower Auction (1998) • Organisation: Chess, The Netherlands • Domain: Financial transactions • Tools: The CSK VDM++ Toolbox • Experience: • Successful combination of UML and VDM++ • Use iterative process to gain client commitment • Implementers did not even have a VDM course • Statement: • “The link between VDMTools and Rational Rose is essential for understanding the UML diagrams” Tools for VDM in Industry

  14. SPOT 4 (1999) • Organisation: CS-CI, France • Domain: Space (payload for SPOT4 satellite) • Tools: The CSK VDM-SL Toolbox • Experience: • 38 % less lines of source code • 36 % less overall effort • Use of automatic C++ code generation • Statement: The cost of applying Formal methods is significantly lower than without them. Tools for VDM in Industry

  15. IFAD VDM Applications • VDMTools • VDM interpreter • VDM static semantics • VDM to C++ code generator • Specification manager • UML mapper • Java static semantics • Java VDM++ translator • MUSTER: Emergency response training Tools for VDM in Industry

  16. Japanese Railways (2000-2001) • Domain: Railways (database and interlocking) • Experience: • Prototyping important • Subsequent also using it for ATC system • Engineer working at IFAD for two years Tools for VDM in Industry

  17. Stock-options (2000- ) • Organisation: JFITS, Japan • Domain: Financial • Tools: The CSK VDM++ Toolbox • Ongoing and still expanding Tools for VDM in Industry

  18. Mass producted chicps (2005- ) • Organisation: Felica Networks (Sony), Japan • Domain: Used inside mobile phones • Tools: The CSK VDM++ Toolbox • Status: • Over 100000 lines (677 pages) of VDM++ • More than 10 million test cases • 110000 lines of C++ in firmware • 56 members (did not know FM in advance) • Project on schedule (3 years) • More than 10 million chips shipped in 2006 • Not a single bug discovered so far Tools for VDM in Industry

  19. Further Information • Applying Formal Specification in Industry. P.G. Larsen, J. Fitzgerald and T. Brookes. Published in "IEEE Software" vol. 13, no. 3, May 1996 • A Lightweight Approach to Formal Methods S.Agerholm and P.G. Larsen. In Proceedings of the International Workshop on Current Trends in Applied Formal Methods, Boppard, Germany, Springer-Verlag, October 1998. • Applications of VDM in Banknote Processing P. Smith and P.G. Larsen. + Application of VDM-SL to the Development of the SPOT4 Programming Messages Generator, A. Puccetti and J.Y. Tixadou + Formal Specification of an Auctioning System Using VDM++ and UML, M.Verhoef et. al. Published at the First VDM Workshop: VDM in Practice with the FM'99 Symposium, Toulouse, France, September 1999. Tools for VDM in Industry

  20. Tools for VDM in Industry • IFAD Clients Experiences • ”Bootstrapping” VDMTools • Overview of VDMTools • The Overture/Eclipse Initiative • Vision for the future Tools for VDM in Industry

  21. Development Choices Taken • Executable models • Testing and animation • Partial “analysis” (validation) • System level testing • Code generation • VDM for source code • Formal refinement and formal verification Tools for VDM in Industry

  22. Staff Overview 91 92 93 94 95 96 97 98 99 00 MV CA BF BA OO GW PGL KdB NP SN JKP ETN PBL MA HC VS JKP HV NK JNJ SA WS LTO JWT OS JKP KS JSF +JR +ML +RM PM Tools for VDM in Industry

  23. Development Environment • GNU C++/Visual C++ • Generic VDM C++ library • GUI: Previously:Tcl/Tk, Now: Qt • flex and bison • CVS/Ediff version control • OSs: Windows, Linux, Unix • Test environments • Development procedures Tools for VDM in Industry

  24. VDM++ VDM++ VDM++ VDM++ VDM-SL SS spec VDM-SL CG spec VDM-SL SM spec VDM-SL PM spec VDM++ VDM++ VDM++ VDM++ VDM-SL SS impl VDM-SL CG impl VDM-SL SM impl VDM-SL PM impl The “Bootstrapping” Process VDM-SL DS spec VDM-SL DS impl Implicit time line Tools for VDM in Industry

  25. Specification Sizes Tools for VDM in Industry

  26. Component Categories • Purely hand-coded • VDM + hand coding • VDM + code generation Tools for VDM in Industry

  27. Purely Hand-coded Components • Scanner/parser (lex/yacc) • pretty-printer (simple C++ component) • GUI (previously: Tcl/Tk, now: Qt) • Interface to third party tools • Rational Rose • Corba for API • ML for HOL • Generic VDM C++ library Tools for VDM in Industry

  28. VDM + Hand Coding • Dynamic semantics (SL and ++) • Static semantics (SL and ++) • Java/C++ Code generators (SL and ++) • Test environments for each component • Reused at implementation level • Java/C++ code generators now themselves partially code generated Tools for VDM in Industry

  29. Maintenance Approach • Bugs first reproduced at specification level • Tested using the VDM debugger • Check that all tests are satisfactory • Implement changes of specification • Rerun all tests at implementation level Tools for VDM in Industry

  30. VDM + code generation • Animator for SA/RT • Specification Manager (SL and ++) • VDM++ to/from UML translation • Proof support (SL) • Parts of GUI now code generated • VDM model becomes source • Trade-off with abstraction Tools for VDM in Industry

  31. Further Information • An Executable Subset of Meta-IV with Loose Specification, P.G. Larsen, P.B. Lassen, VDM '91: Formal Software Development Methods, 1991 • The IFAD VDM-SL Toolbox: A Practical Approach to Formal Specifications, R. Elmstrøm, P.G. Larsen, P.B. Lassen, ACM Sigplan Notices, September 1994 • Computer-aided Validation of Formal Specifications, P. Mukherjee, Software Engineering Journal, July 1995 • Ten Years of Historical Development - ”Bootstrapping” VDMTools, P.G. Larsen, Journal of Universal Computer Science, 2001 Tools for VDM in Industry

  32. Tools for VDM in Industry • IFAD Clients Experiences • ”Bootstrapping” VDMTools • Overview of VDMTools • The Overture/Eclipse Initiative • Vision for the future Tools for VDM in Industry

  33. The Rose-VDM++ Link Document Generator Code Generators- C++, Java Syntax & Type Checker API (Corba), DL Facility Interpreter (Debugger) Integrity Checker Java to VDM++ VDMTools® Overview Tools for VDM in Industry

  34. Japanese Support via Unicode Tools for VDM in Industry

  35. Validation with VDMTools® VDM specs Actual results Comparison Execution Test cases Expected results Tools for VDM in Industry

  36. Documentation in MS Word/RTF One compound document: • Documentation • Specification • Test coverage • Test coverage statistics Tools for VDM in Industry

  37. Architecture of the Rose VDM++ Link VDM++ Toolbox Rational Rose 2000 UML Diagrams Class Repository Class Repository Merge Tool UML model file VDM++ Files Tools for VDM in Industry

  38. Integrity checker Tools for VDM in Industry

  39. Reference Material • The VDM++ Language for VICE, CSK, 2005 • The VDM++ User Manual, CSK, 2005 • The VDM++ Installation Guide, CSK, 2005 • Rational Rose Link Plug-in Installation and User Guide, CSK, 2005 Tools for VDM in Industry

  40. Further Information • An Executable Subset of Meta-IV with Loose Specification, P.G. Larsen, P.B. Lassen, VDM '91: Formal Software Development Methods, 1991 • The IFAD VDM-SL Toolbox: A Practical Approach to Formal Specifications, R. Elmstrøm, P.G. Larsen, P.B. Lassen, ACM Sigplan Notices, September 1994 • Computer-aided Validation of Formal Specifications, P. Mukherjee, Software Engineering Journal, July 1995 • Ten Years of Historical Development - ”Bootstrapping” VDMTools, P.G. Larsen, Journal of Universal Computer Science, 2001 Tools for VDM in Industry

  41. Tools for VDM in Industry • IFAD Clients Experiences • ”Bootstrapping” VDMTools • Overview of VDMTools • The Overture/Eclipse Initiative • Vision for the future Tools for VDM in Industry

  42. Overture versus VDMTools • VDMTools (http://www.vdmtools.jp/en) • Closed source, proprietary (available under NDA) • Monolithic architecture (single binary), C++ • Optimized for performance, industry strength • Overture Tool project (http://www.overturetool.org) • Open source, GPL license • Plug-in architecture, Eclipse, Java • Optimized for flexibility, targets academic use • (partly) developed using VDMTools Tools for VDM in Industry

  43. Overture – an open-source initiative • Based on the Eclipse platform • Extendible open VDM++ tool support • Initial tool support produced in MSc project in NL • MSc project carried out at TUD • Jacob Porsborg Nielsen and Jens Kielsgaard Hansen • MSc project at Aarhus University • Thomas Christensen • New MSc projects at Engineering College of Aarhus • Hugo Macedo, Minho University • Sander Vermolen, University of Nijmegen Tools for VDM in Industry

  44. Connection to standard development environments Code Generators- C++, Java Reverse Engineering support GUI generators UML, SysML AADL Visualisation Support Overture Architecture Overview Validation support Basic automatic checks and GUI Refactoring support OML editor With syntax highlighting Syntax Check Type Check Interpreter (Debugger) With API capabilities Test Generation support AST Eclipse Visualization Support for Execution traces Verification support Pretty Printing With coverage Model Checking support Interactive Proof support Automatic Proof support Proof Obligation generation Currently under development Planned Not yet available Tools for VDM in Industry

  45. modified java classes JAVA interfaces sed script ASTGEN sed VDM++ classes java classes VDMTools Automatic AST generation • specified in VDM++ • code generated “implements” OVERTURE AST spec (VDM-SL subset) other users can use these specs to specify their own OVERTURE extensions (in VDM++) Tools for VDM in Industry

  46. Tracefile Viewer (1) Tools for VDM in Industry

  47. Tracefile Viewer (2) Tools for VDM in Industry

  48. Tracefile Viewer (3) Tools for VDM in Industry

  49. Tools for VDM in Industry • IFAD Clients Experiences • ”Bootstrapping” VDMTools • Overview of VDMTools • The Overture/Eclipse Initiative • Vision for the future Tools for VDM in Industry

  50. VDMTools future • IFAD went bankrupt April 2004 • CSK (mother company for JFITS) from Japan bought the IPR for VDMTools from the bankruptcy • VDMTools executable and documentation is available again • Academic version • Non-commercial version • Commercial version • All freely available!! • A new book on VDM++ was released January 2005 Tools for VDM in Industry

More Related