Formal Methods For System/Software Engineering: NASA .

3y ago
29 Views
3 Downloads
732.76 KB
22 Pages
Last View : 11d ago
Last Download : 2m ago
Upload by : Camryn Boren
Transcription

Formal Methods for System/SoftwareEngineering: NASA & ArmyExperiencesDr. Mike Hinchey/GSFCCaroline Wang/MSFCJosh McNeil/ARMY

IntroductionFormal Methods What are Formal uture Plans2

Formal Methods- Dr. Mike HincheyFormal MethodsFormal Methods Formal methods are mathematically based techniques for specification,development and verification of systems, both hardware and software. The use of formal methods approaches can help to eliminate errors earlyin the design process. Practitioners have also recognized that they can make searching forreusable components more effective by having formal specifications ofcomponents.Current Formal Methods activities within NASA/Army, and InternationalFormal Methods community. Pockets of expertise within NASA (specifically ARC, JPL, LaRC) andArmy. Tools and techniques in use within NASA and Army but not widely usedon projects and missions. International Formal Methods Community8/16/20113

Problem/ApproachFormal MethodsGeneral ProblemApproach System/Hardware/Software complexity Provide accurate and appropriatespecifications of required system behaviorusing Formal Methods Inadequate requirements specifications /misinterpretation of natural languageSignificant number of problems introduceddue to vague requirements Develop requirement specification as FormalSpecification (using formal semantics) toeliminate misinterpretation of vague andincomplete natural language requirementsSignificant number of safety and reliabilityproblems are traced to incorrectperformance or behavior specifications, orincorrect interfaces Use Formal methods to prove safetyproperties derived from safety analysesUse Formal Methods and deductiveapparatus to prove correctness of systembehavior and interfaces 4

Problem/ApproachFormal MethodsSpecific ProblemApproach Formal Methods Learning ProcessDifficult for new users Develop specific project related case studies andprovide examples for potential users Select development toolsNo time to learn all the toolsInadequate resource Based on the project size and resources available,select appropriate Formal Methods developmenttechniques and tools Budget and Schedule constraints Support program development and in parallel provepotential savings Differences in priorities betweenResearch and Productionenvironments Many researchers focus on development of newtechniques and toolsProduction or development programs are concernedwith delivery of a productNeed to build bridges between the research andproduction environments 5

ChallengesFormal Methods High cost of some commercial development tools. Open source free tools do not have adequate trainingmaterial and support. Formal Methods tools require extensive learning process. Die-hard Systems and Hardware Engineers are notconvinced of the importance of software.6

Developing TripleVoter ModelFormal Methods Double-click the TripleVoter operator to begin modeling.Select all variables (speedSensor1, speedSensor2, speedSensor3,speedOut, minorError, majorError, and compareThreshold). Drag them ontothe diagram.Select the compareThreshold local variable, modify it through Properties Use, and change its use to Out.7

Implementing Model LogicFormal Methods Connect speedSensorX to the “ ” input and speedSensorX to the “-“ input ofthe New Minus operator.Connect speedSensor1, speedSensor2, and speedSensor3 to the first inputof each New Minus operator.Connect all outputs of the New Minus operators to the inputs of the Absoperators.8

Completing The Model LogicFormal Methods Complete other logic components by drag and drop or connections.Add new If.Then.Else operators ( ) to the diagram.Add comments to model for readabilityDesign Verification – Design Verifier can be used to develop propertiesthat can be proven by formal methods.9

Army’s experience and Return on InvestmentFormal Methods Formal methods approach using SCADE method found144 defects their traditional IV&V would miss (73% of alldefects found) Estimating it would cost approximately3500 man hours at 100 per man hour tofix the 144 defects later in the lifecycle Early defect removal savings is 350K The cost to perform formal methodsanalysis: - 137K Net savings of 213K or 5% of the totalprojectSavings could be even higher if defect detected earlier10

The Army “V” conceptWhere are faults introduced, discovered and cost for gAcceptanceTest0%, 9%26xSystemDesign70%, 3.5%SoftwareArchitecturalDesignSystemTest10%, 50.5%1x10xIntegrationTest20%, 16%ComponentSoftwareDesignSource: NIST Planning report 02-3,“The Economic Impacts of InadequateInfrastructure for Software Testing”,May 2002.UnitTest5xCodeDevelopment

NASA Cost overrunsFormal Methods12

NASA MSFC Experience in this studyFormal Methods Using open source development environments––––B-Tool kitRodin Event BEA UMLIntegrated Rodin Event B and UML B Currently migrating all the work to the integrated Rodin EventB and UML B. Developed top level diagram and state machine in UML B,and used auto translator to translate into Rodin Event B. Using Rodin Event B platform for detailed refinement. The community is working on auto coding from Event B.13

UML-B StatemachineFormal Methods

Auto Translation to Event BFormal Methods

Event B EditorFormal Methods

Event B prettyprintFormal Methods

NASA/Army Experience-Learning curveFormal Methods Unlike other tools, Formal Methods requires serious study– Formal Methods Language (B, Z )– Formal Methods Development platform (Rodin, Event – B UML,UML-B )– Mathematical symbols, rules, logic Training on Formal Methods is necessary––––Engineers with better understanding of the projectEliminate errorsReduce Design complications and timeEncourage Engineers with better mathematics and science Easy is not the best solution for NASA and Army– Easy tools are easy to sell, but not able to solve our real problems18

RecommendationsFormal Methods High cost tool– Powerful, but not affordable to most of the organizations– Army used SCADE and Simulink with Design Verifier as a modeling tool.Open Source– No cost, but high learning curve and lack of support– Training program will significantly reduce the learning curve, this can be usedfor large community.Recommendations:– Project requiring immediate results may need to use high cost tools.– Continue monitoring open source tools (e.g. Integrated Rodin Event B andUML B) which will likely become more advanced in the future.19

ResultsFormal Methods Formal methods can have significant cost savings. Defects can be found earlier when easier and cheaper to fix(cf. Army experience). While FMs are difficult to use and learn, a typical engineercan use them successfully when given appropriate support. Numerous tools are available. Choice is determined by:– Cost– Support– Deadlines Free (or cheap) is not necessarily best.20

Future PlansFormal Methods Continue monitoring new and emerging Formal Methods techniquesfor practical usefulness and applicability to critical NASA/Armysystems and software development activities. Complete Case study for both NASA/Army subsystems. Army is utilizing Formal Methods techniques for current programs. Complete Guidebook with road maps for future users. Pursue training opportunities with NASA STEP training office. Continue to emphasize awareness in Formal Methods and relatedtraining program21

Contact InformationFormal Methods Caroline K. Wang– Caroline.k.wang@nasa.gov Dr. Mike Hinchey– mike.hinchey@lero.ie Josh McNeil– Josh.McNeil@us.army.mil22

Formal Methods Army’s experience and Return on Investment Formal methods approach using SCADE method found 144 defects their traditional IV&V would miss (73% of all defects found) Estimating it would cost approximately 3500 man hours at 100 per man hour to fix the 144 defects later in the lifecycle

Related Documents:

Bruksanvisning för bilstereo . Bruksanvisning for bilstereo . Instrukcja obsługi samochodowego odtwarzacza stereo . Operating Instructions for Car Stereo . 610-104 . SV . Bruksanvisning i original

10 tips och tricks för att lyckas med ert sap-projekt 20 SAPSANYTT 2/2015 De flesta projektledare känner säkert till Cobb’s paradox. Martin Cobb verkade som CIO för sekretariatet för Treasury Board of Canada 1995 då han ställde frågan

service i Norge och Finland drivs inom ramen för ett enskilt företag (NRK. 1 och Yleisradio), fin ns det i Sverige tre: Ett för tv (Sveriges Television , SVT ), ett för radio (Sveriges Radio , SR ) och ett för utbildnings program (Sveriges Utbildningsradio, UR, vilket till följd av sin begränsade storlek inte återfinns bland de 25 största

Hotell För hotell anges de tre klasserna A/B, C och D. Det betyder att den "normala" standarden C är acceptabel men att motiven för en högre standard är starka. Ljudklass C motsvarar de tidigare normkraven för hotell, ljudklass A/B motsvarar kraven för moderna hotell med hög standard och ljudklass D kan användas vid

LÄS NOGGRANT FÖLJANDE VILLKOR FÖR APPLE DEVELOPER PROGRAM LICENCE . Apple Developer Program License Agreement Syfte Du vill använda Apple-mjukvara (enligt definitionen nedan) för att utveckla en eller flera Applikationer (enligt definitionen nedan) för Apple-märkta produkter. . Applikationer som utvecklas för iOS-produkter, Apple .

Formal Methods: Analogy with Engineering Math (ctd.) Formal methods: same idea, applied to computational systems The applied math of Computer Science is formal logic So the models are formal descriptions in some logical system E.g., a program reinterpreted as a mathematical formula rather than instructions to a machine And calculation is mechanized by automated deduction:

och krav. Maskinerna skriver ut upp till fyra tum breda etiketter med direkt termoteknik och termotransferteknik och är lämpliga för en lång rad användningsområden på vertikala marknader. TD-seriens professionella etikettskrivare för . skrivbordet. Brothers nya avancerade 4-tums etikettskrivare för skrivbordet är effektiva och enkla att

Den kanadensiska språkvetaren Jim Cummins har visat i sin forskning från år 1979 att det kan ta 1 till 3 år för att lära sig ett vardagsspråk och mellan 5 till 7 år för att behärska ett akademiskt språk.4 Han införde två begrepp för att beskriva elevernas språkliga kompetens: BI