hats
play

HATS: Highly Adaptable & Trustworthy Software Using Formal - PowerPoint PPT Presentation

Titlepage HATS: Highly Adaptable & Trustworthy Software Using Formal Models Reiner H ahnle Chalmers University of Technology, Gothenburg, Sweden Sophia-Antipolis, 23 October 2008 R. H ahnle HATS: Adaptable & Trustworthy


  1. Titlepage HATS: Highly Adaptable & Trustworthy Software Using Formal Models Reiner H¨ ahnle Chalmers University of Technology, Gothenburg, Sweden Sophia-Antipolis, 23 October 2008 R. H¨ ahnle HATS: Adaptable & Trustworthy Software 081023 0 / 13

  2. Basic Facts Hats Facts HATS : Highly Adaptable & Trustworthy Software Using Formal Models Proposal Data ◮ FP7 FET focused call Forever Yours ◮ Submitted 8 April 2008 ◮ Integrated Project, academically driven ◮ 8 academic partners, 2 industrial research, 1 SME ◮ 7 countries ◮ Negotiations concluded, project start 1 February or 1 March 2009 ◮ 730 PM, EC contribution 5,27 M e over 48 months R. H¨ ahnle HATS: Adaptable & Trustworthy Software 081023 1 / 13

  3. Consortium Consortium & Lead Researchers H¨ ahnle (Coord.) Chalmers Tekniska H¨ ogskola SE Johnsen, Steffen Universitetet i Oslo NO Dam, Gurov Kungliga Tekniska H¨ ogskolan SE Puebla, Barthe Universidad Polit´ ecnica de Madrid / IMDEA-Sw ES Poetzsch-Heffter University of Kaiserslautern DE Sangiorgi, Zucca Universit` a di Bologna e Genova IT De Boer Centrum voor Wiskunde en Informatica NE Østvold Norsk Regnesentral NO Diakov Fredhopper NE Muthig Fraunhofer IESE DE Clarke, Piessens Katholieke Universiteit Leuven BE R. H¨ ahnle HATS: Adaptable & Trustworthy Software 081023 2 / 13

  4. Context Technological and Industrial Context of HATS Software Dynamics: Adaptability ◮ Large software systems are extremely long-lived ◮ Variability: software must work in plethora of deployment scenarios ◮ Evolvability: frequent and unanticipated changes of requirements R. H¨ ahnle HATS: Adaptable & Trustworthy Software 081023 3 / 13

  5. Context Technological and Industrial Context of HATS Software Dynamics: Adaptability ◮ Large software systems are extremely long-lived ◮ Variability: software must work in plethora of deployment scenarios ◮ Evolvability: frequent and unanticipated changes of requirements Software Quality: Trustworthiness ◮ Non-functional aspects (security, resources) ever more important ◮ Challenges: product complexity, composability, concurrency ◮ Ensure and maintain intended behaviour R. H¨ ahnle HATS: Adaptable & Trustworthy Software 081023 3 / 13

  6. Context Technological and Industrial Context of HATS Software Dynamics: Adaptability ◮ Large software systems are extremely long-lived ◮ Variability: software must work in plethora of deployment scenarios ◮ Evolvability: frequent and unanticipated changes of requirements Changes rest on behavioural assumptions New functionality causes security issue Software Quality: Trustworthiness ◮ Non-functional aspects (security, resources) ever more important ◮ Challenges: product complexity, composability, concurrency ◮ Ensure and maintain intended behaviour R. H¨ ahnle HATS: Adaptable & Trustworthy Software 081023 3 / 13

  7. Context Technological and Industrial Context of HATS Software Dynamics: Adaptability ◮ Large software systems are extremely long-lived ◮ Variability: software must work in plethora of deployment scenarios ◮ Evolvability: frequent and unanticipated changes of requirements Changes rest on behavioural assumptions New functionality causes security issue Software Quality: Trustworthiness ◮ Non-functional aspects (security, resources) ever more important ◮ Challenges: product complexity, composability, concurrency ◮ Ensure and maintain intended behaviour Software Economics: Cost-Efficiency ◮ Automation: far-reaching tool support is essential R. H¨ ahnle HATS: Adaptable & Trustworthy Software 081023 3 / 13

  8. Challenges High Adaptability + High Trustworthiness: Challenges Technology Context ◮ Distributedness ◮ Concurrency ◮ Object-Orientation ◮ Invasive composition Adaptability ◮ Many deployment scenarios ◮ Rapidly changing requirements ◮ Unanticipated requirements Trustworthiness ◮ Correctness ◮ Security ◮ Reliability ◮ Efficiency R. H¨ ahnle HATS: Adaptable & Trustworthy Software 081023 4 / 13

  9. Gap The Modelling Gap How to precisely model large, distributed systems? Specification level Modeling formalisms Design-oriented UML, FDL ? ? Implementation-oriented Spec#, Java+JML

  10. Gap The Modelling Gap How to precisely model large, distributed systems? Specification level Modeling formalisms Design-oriented UML, FDL Abstract behavioral ? HATS ABS language ? Implementation-oriented Spec#, Java+JML R. H¨ ahnle HATS: Adaptable & Trustworthy Software 081023 5 / 13

  11. Solution Proposed Solution A tool-supported formal method for building highly adaptable and trustworthy software R. H¨ ahnle HATS: Adaptable & Trustworthy Software 081023 6 / 13

  12. Solution Proposed Solution A tool-supported formal method for building highly adaptable and trustworthy software Ingredients Executable modeling language for adaptable software: 1 Abstract Behavioral Specification(ABS) language Integrated framework and tool architecture 2 Tool suite for analysis and development: 3 Hard feature consistency, data integrity, security, correctness, code generation Soft visualization, test case generation, specification mining, type checking R. H¨ ahnle HATS: Adaptable & Trustworthy Software 081023 6 / 13

  13. Approach Formalising Software Family-Based Development Software Family models describes ABS Modeling Language variability parameter space Domain Feature model system derivation and customization spatial variability Existing Formal Methods models System SPEC#, JML, UML, System Product OCL, State Diagrams, ... Product temporal evolution R. H¨ ahnle HATS: Adaptable & Trustworthy Software 081023 7 / 13

  14. Approach Scaling Formal Methods to Adaptable Systems Software Family models describes ABS Modeling Language variability parameter space Domain Feature model system derivation and customization spatial variability Existing Formal Methods models System SPEC#, JML, UML, System Product OCL, State Diagrams, ... Product temporal evolution x R. H¨ ahnle HATS: Adaptable & Trustworthy Software 081023 7 / 13

  15. Methodology Methodology Advanced software validation tools need rigouros and unambigous models R. H¨ ahnle HATS: Adaptable & Trustworthy Software 081023 8 / 13

  16. Methodology Methodology Advanced software validation tools need rigouros and unambigous models Abstract Behavioral Specification Language ◮ Adaptability concerns drive its design ◮ Formalises successful SWPF development method ◮ Behavioral model: concurrency, composability, modularity, deployment ◮ Abstract away from programming languages, system architecture R. H¨ ahnle HATS: Adaptable & Trustworthy Software 081023 8 / 13

  17. Methodology Methodology Advanced software validation tools need rigouros and unambigous models Abstract Behavioral Specification Language ◮ Adaptability concerns drive its design ◮ Formalises successful SWPF development method ◮ Behavioral model: concurrency, composability, modularity, deployment ◮ Abstract away from programming languages, system architecture Design-oriented UML, FDL HATS ABS language Abstract behavioral Implementation-oriented Spec#, Java+JML R. H¨ ahnle HATS: Adaptable & Trustworthy Software 081023 8 / 13

  18. Methodology Methodology Advanced software validation tools need rigouros and unambigous models Abstract Behavioral Specification Language ◮ Adaptability concerns drive its design ◮ Formalises successful SWPF development method ◮ Behavioral model: concurrency, composability, modularity, deployment ◮ Abstract away from programming languages, system architecture Validation/verification methods developed in tandem with ABS ◮ Verification exploits ABS language features ◮ Native support of variability ◮ Evolvability: incremental algorithms, code generation, specification mining R. H¨ ahnle HATS: Adaptable & Trustworthy Software 081023 8 / 13

  19. Model vs Code System Derivation and Tool Architecture Our Approach: ABS models annotated with a policy Does the ABS model comply with the policy? 1 • security: confidentiality, application-specific policies ABS model • resource consumption limitations and policy • correctness properties Does the code comply with the ABS model, and the policy? 2 • Much stronger guarantees possible! • Hard to show for hand-written (legacy) code Our Proposal: compilation and mining Executable code ◮ Policy-preserving code generators ◮ Mining ABS specifications from legacy code ◮ Compile variability of ABS model into code-level verification heuristics R. H¨ ahnle HATS: Adaptable & Trustworthy Software 081023 9 / 13

  20. Novelty Novel Aspects Adaptability as the driver and touchstone for a formal method ◮ First-class support (primitives) in the specification language ◮ Determines architecture and portfolio of verification methods R. H¨ ahnle HATS: Adaptable & Trustworthy Software 081023 10 / 13

  21. Novelty Novel Aspects Adaptability as the driver and touchstone for a formal method ◮ First-class support (primitives) in the specification language ◮ Determines architecture and portfolio of verification methods Leverage successful adaptive approach to formal setting ◮ Rigorous models of software product families (SWPFs) ◮ Enable tool-supported validation for SWPF R. H¨ ahnle HATS: Adaptable & Trustworthy Software 081023 10 / 13

Recommend


More recommend