1
play

1 Why using formal methods (FM)? 4 When there is nothing better to - PDF document

Dec 27, 2022 •256 likes •883 views

1 Last update: 2 June 2004 Programming in the large Bertrand Meyer Chair of Softw are Engineering Programming in the large - Lecture 17 2 Lecture 17: Introducing Formal Methods (with an example) By Jean-Raymond Abrial Chair of Softw are

  1. 1 Last update: 2 June 2004 Programming in the large Bertrand Meyer Chair of Softw are Engineering Programming in the large - Lecture 17 2 Lecture 17: Introducing Formal Methods (with an example) By Jean-Raymond Abrial Chair of Softw are Engineering Programming in the large - Lecture 17 Definition of Formal Methods 3 � Not given yet � Many very different definitions � Give your own at the end of this lecture! Chair of Softw are Engineering Programming in the large - Lecture 17 1

  2. Why using formal methods (FM)? 4 � When there is nothing better to do. � When the risk is too high. � When people have already suffered enough. � When people question their development process. � Decision of using FM is always strategic. Chair of Softw are Engineering Programming in the large - Lecture 17 Which formal method? 5 � This is a difficult question. � Today many formal methods vendors. � FM has becom e a meaningless buzz word. � “Formal” alone does not mean anything. Chair of Softw are Engineering Programming in the large - Lecture 17 Questions to be asked to FM vendors 6 � Is there a theory behind your FM? � What kind of language is your FM using? � Does there exist any REFINEMENT mechanism in your FM? � Do you PROVE anything when using your FM? � Have you got an efficient automatic prover? Chair of Softw are Engineering Programming in the large - Lecture 17 2

  3. Claimed difficulties in using FM 7 � You have to be a mathematician. � Formalism is hard to master. � Not visual enough (no boxes, arrows, etc.). � People will not be able to do formal proofs. Chair of Softw are Engineering Programming in the large - Lecture 17 Genuine difficulties (my own view) 8 � You have to think a lot before final coding. � Incorporation in development process. � Model building is an elaborate activity. � Prover technology has to improve. � Making proofs a design criterium. � Poor quality of requirement documents. Chair of Softw are Engineering Programming in the large - Lecture 17 Application areas 9 � Train system s � Car systems � Avionics and Space � Power station control � Telecom � Defense � Complex databases � Large business network � SmartCard applications � Machine tools � … Chair of Softw are Engineering Programming in the large - Lecture 17 3

  4. Complex systems (1/ 2) 10 � QUESTION: What is common to � an electronic circuit � a file transfer protocol � an airline booking system � a PC operating system � a nuclear plant control system � a SmartCard electronic purse � a launch vehicle flight controller � ANSWER: They are all complex. Chair of Softw are Engineering Programming in the large - Lecture 17 Complex systems (2/ 2) 11 � They are made of many parts. � They interact with a possibly hostile environment. � They involve several executing agents. � They require a high degree of correctness. � Their construction spreads over several years. � Their specifications are subjected to many changes. � Their construction process requires a talented team. Chair of Softw are Engineering Programming in the large - Lecture 17 Discrete systems 12 � These system s operate in an discrete fashion. � Their dynam ical behavior can be abstracted by: � A succession of steady states � Interm ixed with sudden jumps. � The possibility of state changes is enormous. � The change frequency is unthinkable. � Such systems are called transition systems. Chair of Softw are Engineering Programming in the large - Lecture 17 4

  5. Reasoning about (discrete) systems 13 � Two broad categories: � Test reasoning (98% ) � Blue Print reasoning (10% ) Chair of Softw are Engineering Programming in the large - Lecture 17 Test reasoning 14 � Based on laboratory execution. � Obvious incompleteness. � The oracle is usually m issing. � Often implies postponing serious thinking. � Re-adapting and re-shaping after testing. � Reveals an imm ature technology. Chair of Softw are Engineering Programming in the large - Lecture 17 “Blue Print” reasoning 15 � Based on a model: the “blue print”. � Describing the system with the required precision. � Completeness can be approached. � Serious thinking made on the m odel, not on the final system. � This is validated by proofs. � Reveals a mature technology. Chair of Softw are Engineering Programming in the large - Lecture 17 5

  6. Incorporation within the development process 16 � Carefully rewriting the requirem ent document. � Develop models by successive refinement. � Prove each refinement step. � Use efficient tools for: � Analyzing formal texts. � Generating proof statem ents. � Proving (as much as possible automatically). Chair of Softw are Engineering Programming in the large - Lecture 17 Example: a mechanical press 17 � Presenting the rewritten requirement document. � Partial development of models by successive refinem ent. Chair of Softw are Engineering Programming in the large - Lecture 17 Mechanical press schema 18 MOTOR ROD SLI DE TOOL PART Chair of Softw are Engineering Programming in the large - Lecture 17 6

  7. Basic equipment 19 � A vertical slide with a tool at its lower extrem ity. � An electrical rotating motor. � A connecting rod transform ing rotary movem ent to vertical movem ent of slide. � A clutch engaging or disengaging the m otor on the rod. � When the clutch is disengaged, the slide stops “immediately”. Chair of Softw are Engineering Programming in the large - Lecture 17 Initial situation 20 Chair of Softw are Engineering Programming in the large - Lecture 17 Starting the motor 21 Chair of Softw are Engineering Programming in the large - Lecture 17 7

  8. The motor works 22 Chair of Softw are Engineering Programming in the large - Lecture 17 The motor works 23 Chair of Softw are Engineering Programming in the large - Lecture 17 The motor works 24 Chair of Softw are Engineering Programming in the large - Lecture 17 8

  9. Adding a tool 25 Chair of Softw are Engineering Programming in the large - Lecture 17 The motor works 26 Chair of Softw are Engineering Programming in the large - Lecture 17 The motor works 27 Chair of Softw are Engineering Programming in the large - Lecture 17 9

  10. Putting a part 28 Chair of Softw are Engineering Programming in the large - Lecture 17 The motor works 29 Chair of Softw are Engineering Programming in the large - Lecture 17 The motor works 30 Chair of Softw are Engineering Programming in the large - Lecture 17 10

  11. The motor works 31 Chair of Softw are Engineering Programming in the large - Lecture 17 The motor works 32 Chair of Softw are Engineering Programming in the large - Lecture 17 The motor works 33 Chair of Softw are Engineering Programming in the large - Lecture 17 11

  12. The motor works 34 Chair of Softw are Engineering Programming in the large - Lecture 17 The motor works 35 Chair of Softw are Engineering Programming in the large - Lecture 17 The motor works 36 Chair of Softw are Engineering Programming in the large - Lecture 17 12

  13. The motor works 37 Chair of Softw are Engineering Programming in the large - Lecture 17 Engaging the clutch 38 Chair of Softw are Engineering Programming in the large - Lecture 17 The press works 39 Chair of Softw are Engineering Programming in the large - Lecture 17 13

  14. The press works 40 Chair of Softw are Engineering Programming in the large - Lecture 17 The press works 41 Chair of Softw are Engineering Programming in the large - Lecture 17 The press works 42 Chair of Softw are Engineering Programming in the large - Lecture 17 14

  15. The press works 43 Chair of Softw are Engineering Programming in the large - Lecture 17 The press works 44 Chair of Softw are Engineering Programming in the large - Lecture 17 The press works 45 Chair of Softw are Engineering Programming in the large - Lecture 17 15

  16. The press works 46 Chair of Softw are Engineering Programming in the large - Lecture 17 The press works 47 Chair of Softw are Engineering Programming in the large - Lecture 17 The press works 48 Chair of Softw are Engineering Programming in the large - Lecture 17 16

  17. The press works 49 Chair of Softw are Engineering Programming in the large - Lecture 17 The press works 50 Chair of Softw are Engineering Programming in the large - Lecture 17 The press works 51 Chair of Softw are Engineering Programming in the large - Lecture 17 17

  18. The press works 52 Chair of Softw are Engineering Programming in the large - Lecture 17 The press works 53 Chair of Softw are Engineering Programming in the large - Lecture 17 The press works 54 Chair of Softw are Engineering Programming in the large - Lecture 17 18

  19. The press works 55 Chair of Softw are Engineering Programming in the large - Lecture 17 The press works 56 Chair of Softw are Engineering Programming in the large - Lecture 17 The press works 57 Chair of Softw are Engineering Programming in the large - Lecture 17 19

  20. Disengaging the clutch 58 Chair of Softw are Engineering Programming in the large - Lecture 17 The motor works 59 Chair of Softw are Engineering Programming in the large - Lecture 17 The motor works 60 Chair of Softw are Engineering Programming in the large - Lecture 17 20

Recommend

More recommend