View
219
Download
3
Category
Preview:
Citation preview
IFAD
IFAD
www.ifad.dkwww.ifad.dk
Dr Peter Gorm LarsenDr Peter Gorm LarsenIFAD A/SIFAD A/SForskerparken 10AForskerparken 10ADK-5230 Odense MDK-5230 Odense MDenmarkDenmark
Ten Years of Ten Years of Historical Historical DevelopmentDevelopment
““Bootstrapping” Bootstrapping” VDMToolsVDMTools®®
2IFAD
IFAD““Bootstrapping” Bootstrapping” VDMToolsVDMTools®®
What is IFAD? VDMTools overview Staff overview Development environment The “Bootstrapping” process Perspectives
3IFAD
IFADIFAD CapabilitiesIFAD Capabilities
IFAD providesIFAD providesProfessional software development tools that assist Professional software development tools that assist engineers in producing high-quality softwareengineers in producing high-quality software
IFAD ensuresIFAD ensuresTechnology transfer by offering training courses,Technology transfer by offering training courses,customer-specific consultancy, and by organising customer-specific consultancy, and by organising seminarsseminars
IFAD offersIFAD offersSubcontracted software specification and development Subcontracted software specification and development performed by highly qualified and experienced performed by highly qualified and experienced personnelpersonnel
4IFAD
IFADIFAD Organisation ChartIFAD Organisation Chart
Henrik Voss
Management
MarketingQA
Admin.Systems
SubcontractingConsultancy
Sales
Services Projects
Sales
Tools
R&D
VDMTools
Products
MUSTER
R&D
Methods & Tools Training & Simulation
5IFAD
IFADBoeing/Joint Strike Boeing/Joint Strike FighterFighter
6IFAD
IFAD““Bootstrapping” Bootstrapping” VDMToolsVDMTools®®
What is IFAD? VDMTools overview Staff overview Development environment The “Bootstrapping” process Perspectives
7IFAD
IFADVDMToolsVDMTools
8IFAD
IFADIFAD VDMTools IFAD VDMTools AlliancesAlliances
IFAD
ISPRAS,Russia
Sidereus,Portugal
Rational,USA
JFITS,Japan
DDC-I,USA
Aichernig,Austria
Alagar,Canada
SofTools,USA
9IFAD
IFADReferences, World-References, World-widewide
FranceFranceAerospatiale Espace et DefenseAerospatiale Espace et DefenseDassault AviationDassault AviationDasssault ElectroniqueDasssault ElectroniqueCISI CEA et DefenseCISI CEA et DefenseCEA LetiCEA LetiCap GeminiCap GeminiLAASLAASMatra Bae DynamicsMatra Bae Dynamics
U.K.U.K.British Aerospace Systems & British Aerospace Systems & EquipmentEquipmentBritish Aerospace DefenseBritish Aerospace DefenseAdelardAdelardICL Enterprise EngineeringICL Enterprise EngineeringRolls RoyceRolls RoyceTransitive TechnologiesTransitive Technologies
ItalyItalyENEAENEAAnsaldoAnsaldoAlstromAlstrom
The NetherlandsThe NetherlandsDutch Dept. of DefenceDutch Dept. of DefenceOriginOriginChessChess
DenmarkDenmarkDanish RailwaysDanish RailwaysBaan NordicBaan NordicOdense Steel ShipyardOdense Steel ShipyardDDC InternationalDDC International
North AmericaNorth AmericaBoeingBoeingRockwell CollinsRockwell CollinsLockheed MartinLockheed MartinDDC-I, Inc.DDC-I, Inc.Rational Software Corp.Rational Software Corp.Formal Systems Inc.Formal Systems Inc.
JapanJapanRTRI (Japan Railways)RTRI (Japan Railways)JFITSJFITS
GermanyGermanyGAO mbHGAO mbH
More than 150 clients world-wide
10IFAD
IFADVDMToolsVDMTools®® Overview Overview
The Rose-VDM++ Link
Document Generator
Code Generators- C++, Java
Syntax & Type Checker
API (Corba), DL Facility
Interpreter (Debugger)
11IFAD
IFADVDM for Analysis & VDM for Analysis & DesignDesign
Coding Unit Test
SoftwareDesign
Module Test
SystemAnalysis
System TestVDMModel
TestCases
AnimationAnimation
Modelling & ValidationModelling & Validation
Requirements
Final Product
12IFAD
IFADDevelopment Choices Development Choices TakenTaken
Executable modelsTesting and animation
Partial “analysis” (validation)System level testing
Code generationVDM for source code
Formal refinement and formal verification
13IFAD
IFAD““Bootstrapping” Bootstrapping” VDMToolsVDMTools®®
What is IFAD? VDMTools overview Staff overview Development environment The “Bootstrapping” process Perspectives
14IFAD
IFADStaff OverviewStaff Overview
PGL
PBLMA
ETN
HCHVNKJNJSALTOJWTOSJKPKSPM
91 92 93 94 95 96 97 98 99 00
NPMV KdB CA BF BA
SN JKP
VS JKP
WS
JSF
15IFAD
IFAD““Bootstrapping” Bootstrapping” VDMToolsVDMTools®®
What is IFAD? VDMTools overview Staff overview Development environment The “Bootstrapping” process Perspectives
16IFAD
IFADDevelopment Development EnvironmentEnvironment
GNU C++/Visual C++ Generic VDM C++ library GUI: Previously:Tcl/Tk, Now: Qt flex and bison CVS/Ediff version control OSs: Windows, Linux, Unix Test environments Development procedures
17IFAD
IFAD““Bootstrapping” Bootstrapping” VDMToolsVDMTools®®
What is IFAD? VDMTools overview Staff overview Development environment The “Bootstrapping” process Perspectives
18IFAD
IFAD
VDM++VDM++VDM++VDM++
VDM++VDM++VDM++VDM++
The “Bootstrapping” The “Bootstrapping” ProcessProcess
VDM-SL
DS spec
VDM-SL
DS impl
VDM-SL
SS spec
VDM-SL
SS impl
VDM-SL
SM spec
VDM-SL
SM impl
VDM-SL
PM spec
VDM-SL
PM impl
VDM-SL
CG spec
VDM-SL
CG impl
Implicit time line
19IFAD
IFADSpecification SizesSpecification Sizes
Component Number of VDM linesAbstract Syntax etc 3020Static Semantics 17686Interpreter 25068Code generators 31524Specification Manager 3693Dependency 792Rose-VDM++ Link 1512Proof Support 28355In total 111650
20IFAD
IFADComponent CategoriesComponent Categories
Purely hand-coded VDM + hand coding VDM + code generation
21IFAD
IFADPurely Hand-coded Purely Hand-coded ComponentsComponents
Scanner/parser (lex/yacc) pretty-printer (simple C++ component) GUI (previously: Tcl/Tk, now: Qt) Interface to third party tools
Rational Rose Corba for API ML for HOL
Generic VDM C++ library
22IFAD
IFADVDM + Hand CodingVDM + Hand Coding
Dynamic semantics (SL and ++) Static semantics (SL and ++) Java/C++ Code generators (SL and ++) Test environments for each component Reused at implementation level Java/C++ code generators now
themselves partially code generated
23IFAD
IFADMaintenance ApproachMaintenance Approach
Bugs first reproduced at specification level
Tested using the VDM debugger Check that all tests are satisfactory Implement changes of specification Rerun all tests at implementation level
24IFAD
IFADVDM + code VDM + code generationgeneration
Animator for SA/RT Specification Manager (SL and ++) VDM++ to/from UML translation Proof support (SL) VDM model becomes source Trade-off with abstraction
25IFAD
IFADAbstraction in modelsAbstraction in models
Initial abstract syntax
Abstract syntax for code generator
Final abstract syntax
BinaryExpr:: left : Expr opr : BinaryOp right : Expr
BinaryExpr:: left : Expr opr : BinaryOp right : Expr ti : [TypeRep]
BinaryExpr:: left : Expr opr : BinaryOp right : Expr extra : Key
26IFAD
IFAD““Bootstrapping” Bootstrapping” VDMToolsVDMTools®®
What is IFAD? VDMTools overview Staff overview Development environment The “Bootstrapping” process Perspectives
27IFAD
IFADFuture IdeasFuture Ideas
Expect higher use of code generation Test case generation (ISPRAS, Russia) Data Cleaning (Sidereus, Portugal) Reverse Engineering Mission-critical web development More on proof support More academic collaboration More user-friendliness
28IFAD
IFADConcluding RemarksConcluding Remarks
Taking ones “own medicine” helps Use when worthwhile Use inside lifecycle Using VDM helps us master complexity It is FUN!
Recommended