discussion
play

Discussion KIT University of the State of Baden-Wuerttemberg and - PowerPoint PPT Presentation

Combining Formal & Agile Methods KeY Symposium 2010 25. May 2010 David Farag, LFM Motivation and Introduction Discussion KIT University of the State of Baden-Wuerttemberg and www.kit.edu National Research Center of the Helmholtz


  1. Combining Formal & Agile Methods KeY Symposium 2010 25. May 2010 David Faragó, LFM Motivation and Introduction Discussion KIT – University of the State of Baden-Wuerttemberg and www.kit.edu National Research Center of the Helmholtz Association

  2. Intro: AM Iterative software development: requirements and solutions evolve set of engineering best practices rapid delivery of high-quality software Agile values defined in the Agile Manifesto [Fowler, Martin et al. 2001] individuals and interactions over processes and tools working software over comprehensive documentation customer collaboration over contract negotiation responding to change over following a plan  Key requirements rapid delivery of working software flexible towards changes David Faragó – FM & AM 2 25.05.2010 www.kit.edu

  3. Motivation FM & AM: two major means for better quality of software FM can improve AM and vice versa, see below Fraction of organizations that adopted AM: 2/3 [Ambler, Scott 2008]; 1/3 [Forrester 2009] mentioned in [Black, Sue et al. 2008] Events: 2007: Reiner‘s talk at the KeY -Symposium 2007 about FM & AM: „FM align very well with some AM principles― 2009: FM+AM workshop founded; Agile Conference: 40% growth [Rainsberger, J.B. 2009]: „Contract -based testing should replace integration tests in agile development― [OpenDO 2009]: Project AGILE about agile development of safety critical software; certifications for DO178B and others David Faragó – FM & AM 3 25.05.2010 www.kit.edu

  4. Intro: Agile process (Scrum & XP example) Continuous Integration (CI) via regression testing and Continuous Integration (CI) via regression testing and FM, simple static analysis e.g. JMLUnit,FindBugs, VBT,MBT,B, simple static analysis (refactor) implementation (refactor) tests (refactor) specification debug detailed (re-)design symbolic exec. debugger and counterexample generation task rough analysis & design 1-2 man-days b a c k l o g s sprint 1-4 weeks tasks products potentially shippable, done sprints incremented product David Faragó – FM & AM 4 25.05.2010 www.kit.edu

  5. AM deficits exemplary FM Too little specification and documentation Contracts; Assertions; LTSs no knowledge of purpose and direction while navigating through code (e.g. in pair programming) Refactoring & JML difficult to distribute and re-use components [Kiniry, Joseph 2009] Refactoring code often causes defects RAC Tracing back from low level artifact to JMLUnit high level requirements FindBugs Deceptive and insufficient test coverage SBMC Test cases are unflexible and require MBT high maintenance VBT Counterexample generation Symbolic exececution debugger David Faragó – FM & AM 5 25.05.2010 www.kit.edu

  6. FM deficits AM • high modularization Often do not scale; infeasible • restricted, small increments • cleaner code Many faults during verification are caused by errors in specification • continuous conformance checks of spec and code • pair programming • reviews • validation via customer feedback Heavy-weight: unflexible & restricted application areas; big design up front; rapid delivery of increments also applied to specification David Faragó – FM & AM 6 25.05.2010 www.kit.edu

  7. To boldly go agile, KeY must address: Strong modularization and abstraction (for flexibility and rapid delivery) Proof re-use (for ten-minute build) VBT, counterexample generation, symbolic execution debugger Tool integration (e.g. into Eclipse) JML (refactoring, TDD, contract-based testing, debugging) high degree of automation (for light-weight FM) Flexible tool chaining and language support (full Java with generics, soon closures; other languages) Most of them are being addressed already  David Faragó – FM & AM 7 25.05.2010 www.kit.edu

  8. Thank you for your attention David Faragó – FM & AM 8 25.05.2010 www.kit.edu

  9. References Ambler, Scott (2008). Has agile peaked? Dr. Dobb's, May 07, 2008 http://www.ddj.com/architecture-and-design/207600615 Black, Sue et al. (2008). Formal Versus Agile: Survival of the Fittest . IEEE Computer, vol. 42.9, 37 — 45, IEEE Computer Society Press. C3 Team (1998). Chrysler goes to „Extremes“ , Distributed Computing, October 1998, 24 — 26. Forrester (2009). Agile Development Method Growing in Popularity. http://www.internetnews.com/dev-news/print.php/3841571 Fowler, Martin et al. (2001). Agile Manifesto. http://agilemanifesto.org Jeffries, Ron et al. (2000). Extreme Programming Installed. Addison-Wesley. Kiniry, Joseph (2009). MSc proposal: Automated Refactoring of Java Contracts. http://secure.ucd.ie/documents/proposals/msc_proposals/Hull09.pdf OpenDO (2009). Project AGILE . http://www.open-do.org/projects/agile/ Rainsberger, J.B. (2009). Integration Tests are a Scam . Agile 2009 Conference. Takeuchi, Hirotaka and Nonaka, Ikujiro (1986). The New New Product Development Game. Harvard Business Review. David Faragó – FM & AM 9 25.05.2010 www.kit.edu

  10. Example: MBT & AM MBT for CI, TDD and communication using only one kind of spec. (e.g. symbolic transition systems) MBT must be flexible and without BDUF: underspecification must be comfortable, efficiently handled, flexible → AM also for the specifications David Faragó – FM & AM 10 25.05.2010 www.kit.edu

Recommend


More recommend