The Software Development Process

Similar documents
Classical Software Life Cycle Models

Development models. 1 Introduction. 2 Analyzing development models. R. Kuiper and E.J. Luit

CS4507 Advanced Software Engineering

Software Engineering

Software Engineering Reference Framework

Questions? Assignment. Techniques for Gathering Requirements. Gathering and Analysing Requirements

Automotive System and Software Architecture

IBM Rational systems and software solutions for the medical device industry

TRADITIONAL VS MODERN SOFTWARE ENGINEERING MODELS: A REVIEW

ABHINAV NATIONAL MONTHLY REFEREED JOURNAL OF RESEARCH IN SCIENCE & TECHNOLOGY

CSE 435 Software Engineering. Sept 16, 2015

Requirement Management with the Rational Unified Process RUP practices to support Business Analyst s activities and links with BABoK

Karunya University Dept. of Information Technology

Chapter 4 Software Lifecycle and Performance Analysis

Agile Software Engineering Practice to Improve Project Success

Software Development Life Cycle (SDLC)

IT3203 Fundamentals of Software Engineering (Compulsory) BIT 2 nd YEAR SEMESTER 3

Software Development Process and Activities. CS 490MT/5555, Fall 2015, Yongjie Zheng

VAIL-Plant Asset Integrity Management System. Software Development Process

Syllabus. REQB Certified Professional for Requirements Engineering. Advanced Level Requirements Manager

Principles of Software Engineering: Software Methodologies. COSI 120b, Spring 2005

Execution of A Requirement Model in Software Development

Unit 1 Learning Objectives

Acknowledgement. Software Engineering. CS 3141: Team Software Project Introduction

To introduce software process models To describe three generic process models and when they may be used

The Software Life Cycle. CSE 308: Software Engineering

IT3205: Fundamentals of Software Engineering (Compulsory)

Surveying and evaluating tools for managing processes for software intensive systems

Software Engineering. Software Processes. Based on Software Engineering, 7 th Edition by Ian Sommerville

Engineering. Software. Eric J. Braude. Michael E. Bernstein. Modern Approaches UNIVERSITATSBIBLIOTHEK HANNOVER ' TECHNISCHE INFORM ATIONSBIBLIOTHEK

CS 1632 SOFTWARE QUALITY ASSURANCE. 2 Marks. Sample Questions and Answers

1. Software Engineering Overview

Verifying Semantic of System Composition for an Aspect-Oriented Approach

Testing of safety-critical software some principles

COSC 3351 Software Design. Recap for the first quiz. Edgar Gabriel. Spring For the 1 st Quiz

Chapter 8 Approaches to System Development

What is a life cycle model?

The Role of CM in Agile Development of Safety-Critical Software

Object-Oriented Systems Analysis and Design

Software Development Processes. Software Life-Cycle Models

Umbrella: A New Component-Based Software Development Model

Decomposition into Parts. Software Engineering, Lecture 4. Data and Function Cohesion. Allocation of Functions and Data. Component Interfaces

3C05: Unified Software Development Process

How To Understand Software Engineering

Title: Topic 3 Software process models (Topic03 Slide 1).

Chap 1. Introduction to Software Architecture

Agile Software Development compliant to Safety Standards?

Software Engineering Question Bank

Software Development Processes. Software Life-Cycle Models. Process Models in Other Fields. CIS 422/522 Spring

CS 389 Software Engineering. Lecture 2 Chapter 2 Software Processes. Adapted from: Chap 1. Sommerville 9 th ed. Chap 1. Pressman 6 th ed.

In this Lecture you will Learn: Development Process. Unified Software Development Process. Best Practice

SOFTWARE DEVELOPMENT SD

Software Process for QA

Contents. Introduction and System Engineering 1. Introduction 2. Software Process and Methodology 16. System Engineering 53

Establishing Great Software Development Process(es) for Your Organization. By Dale Mayes

Software Development Process Models and their Impacts on Requirements Engineering Organizational Requirements Engineering

Model-Driven Development of a Biosignal Analysis Framework: Benefits and Impacts on Processes. Nikolas Hofmann

Rigorous Methods for Software Engineering (F21RS1) High Integrity Software Development

DO-178B compliance: turn an overhead expense into a competitive advantage

Announcements. SE 1: Software Requirements Specification and Analysis. Review: Use Case Descriptions

10/4/2013. Sharif University of Technology. Session # 3. Contents. Systems Analysis and Design

A Framework for the Semantics of Behavioral Contracts

Verifying Specifications with Proof Scores in CafeOBJ

Frank Tsui. Orlando Karam. Barbara Bernal. State. University. Polytechnic. Ail of Southern JONES & BARTLETT LEARNING

In this Lecture you will Learn: Systems Development Methodologies. Why Methodology? Why Methodology?

RUP for Software Development Projects

Engineering Process Software Qualities Software Architectural Design

Model-Driven Software Development for Robotics: an overview

How To Design An Information System

Chapter 2 Software Processes

SOMA, RUP and RMC: the right combination for Service Oriented Architecture

Model-Based Conceptual Design through to system implementation Lessons from a structured yet agile approach

Increasing Development Knowledge with EPFC

An Introduction to the UML and the Unified Process

Structure of Presentation. The Role of Programming in Informatics Curricula. Concepts of Informatics 2. Concepts of Informatics 1

Managing TM1 Projects

Quality Assurance of Software Models within Eclipse using Java and OCL

Course 4 27 October Adrian Iftene adiftene@info.uaic.ro

Software Life Cycles and Configuration Management

Achieving ISO 9001 Certification for an XP Company

Challenges and Opportunities for formal specifications in Service Oriented Architectures

Software Development Process

IBM Rational Rhapsody

Software Development Life Cycle at SSPL. An Summary of Methodologies We Offer

A Capability Maturity Model (CMM)

Introduction of ISO/DIS (ISO 26262) Parts of ISO ASIL Levels Part 6 : Product Development Software Level

A. Waterfall Model - Requirement Analysis. System & Software Design. Implementation & Unit Testing. Integration & System Testing.

Software Life Cycle. Management of what to do in what order

A Comparison of SOA Methodologies Analysis & Design Phases

Semantics and Verification of Software

Systems Engineering Interfaces: A Model Based Approach

An Agile Formal Development Methodology

Business Analysis From Yes-M Systems LLC Length: Approx 7 weeks/55 hours Audience: Students with or without IT experience or knowledge Student

11 Tips to make the requirements definition process more effective and results more usable

Transcription:

Systeme hoher Qualität und Sicherheit Universität Bremen WS 2015/2016 Lecture 03 (26.10.2015) The Software Development Process Christoph Lüth Jan Peleska Dieter Hutter

Your Daily Menu Models of software development The software development process, and its rôle in safetycritical software development. What kind of development models are there? Which ones are useful for safety-critical software and why? What do the norms and standards say? Basic notions of formal software development What is formal software development? How to specify: properties and hyperproperties Structuring of the development process 2

Where are we? 01: Concepts of Quality 02: Legal Requirements: Norms and Standards 03: The Software Development Process 04: Hazard Analysis 05: High-Level Design with SysML 06: Formal Modelling with SysML 07: Detailed Specification with SysML 08: Testing 09 and 10: Program Analysis 11: Model-Checking 12: Software Verification (Hoare-Calculus) 13: Software Verification (VCG) 14: Conclusions 3

Software Development Models

Software Development Process A software development process is the structure imposed on the development of a software product. We classify processes according to models which specify the artefacts of the development, such as the software product itself, specifications, test documents, reports, reviews, proofs, plans etc the different stages of the development, and the artefacts associated to each stage. Different models have a different focus: Correctness, development time, flexibility. What does quality mean in this context? What is the output? Just the sofware product, or more? (specifications, test runs, documents, proofs ) 5

Agile Methods Prototype-driven development E.g. Rapid Application Development Development as a sequence of prototypes Ever-changing safety and security requirements Agile programming E.g. Scrum, extreme programming Development guided by functional requirements Process structured by rules of conduct for developers Less support for non-functional requirements Test-driven development Tests as executable specifications: write tests first Often used together with the other two 6

Waterfall Model (Royce 1970) Classical top-down sequential workflow with strictly separated phases. Requirement Design Implementation Verification Maintenance Unpractical as actual workflow (no feedback between phases), but even early papers did not really suggest this. 7

Spiral Model (Böhm, 1986) Incremental development guided by risk factors Four phases: Determine objectives Analyse risks Development and test Review, plan next iteration See e.g. Rational Unified Process (RUP) Drawbacks: Risk identification is the key, and can be quite difficult 8

Model-Driven Development (MDD, MDE) Describe problems on abstract level using a modelling language (often a domain-specific language), and derive implementation by model transformation or run-time interpretation. Often used with UML (or its DSLs, eg. SysML) Variety of tools: Rational tool chain, Enterprise Architect, Rhapsody, Papyrus, Artisan Studio, MetaEdit+, Matlab/Simulink/Stateflow* EMF (Eclipse Modelling Framework) Strictly sequential development Drawbacks: high initial investment, limited flexibility * Proprietary DSL not related to UML 9

V-Model Evolution of the waterfall model: Each phase is supported by a corresponding testing phase (verification & validation) Feedback between next and previous phase Standard model for public projects in Germany but also a general term for models of this shape 10

Software Development Models Flexibility Prototype-based developments Agile Methods Spiral model V-model Waterfall model Model-driven developement Structure from S. Paulus: Sichere Software 11

Development Models for Critical Systems SSQ, 12 WS 15/16

Development Models for Critical Systems Ensuring safety/security needs structure. but too much structure makes developments bureaucratic, which is in itself a safety risk. Cautionary tale: Ariane-5 Standards put emphasis on process. Everything needs to be planned and documented. Key issues: auditability, accountability, traceability. Best suited development models are variations of the V- model or spiral model. A new trend? V-Model for initial developments of a new product Agile models (e.g. SCRUM) for maintenance and product extensions 13

The Safety Life Cycle (IEC 61508) Planning Realisation Operation E/E/PES: Electrical/Electronic/Programmable Electronic Safety-related Systems 14

Development Model in IEC 61508 IEC 61508 prescribes certain activities for each phase of the life cycle. Development is one part of the life cycle. IEC 61508 recommends V-model. 15

Development Model in DO-178B DO-178B defines different processes in the SW life cycle: Planning process Development process, structured in turn into Requirements process Design process Coding process Integration process Verification process Quality assurance process Configuration management process Certification liaison process There is no conspicuous diagram, but the Development Process has sub-processes suggesting the phases found in the V-model as well. Implicit recommendation of the V-model. 16

Traceability The idea of being able to follow requirements (in particular, safety requirements) from requirement spec to the code (and possibly back). On the simplest level, an Excel sheet with (manual) links to the program. More sophisticated tools include DOORS. Decompose requirements, hierarchical requirements Two-way traceability: from code, test cases, test procedures, and test results back to requirements Eg. DO-178B requires all code derives from requirements 20

Artefacts in the Development Process Planning: Document plan V&V plan QM plan Test plan Project manual Specifications: Safety requirement spec. System specification Detail specification User document (safety reference manual) Implementation: Code Verification & validation: Code review protocols Test cases, procedures, and test results, Proofs Possible formats: Word documents Excel sheets Wiki text Database (Doors) UML/SysML diagrams Formal languages: Z, HOL, etc. Statecharts or similar diagrams Source code Documents must be identified and reconstructable. Revision control and configuration management mandatory. 21

Basic Notions of Formal Software Development

Formal Software Development In formal development, properties are stated in a rigorous way with a precise mathematical semantics. These formal specifications can be proven. Advantages: Errors can be found early in the development process, saving time and effort and hence costs. There is a higher degree of trust in the system. Hence, standards recommend use of formal methods for high SILs/EALs. Drawback: Higher effort Requires qualified personnel (that would be you). There are tools which can help us by finding (simple) proofs for us, or checking our (more complicated) proofs. 23

Formal Software Development informal specification abstract specification Horizontal Implementation Proofs Verification by Test Program analysis Model checking Formal proof Mathematical notions Programming 24

A General Notion of Properties Defn: a property is a set of infinite execution traces (i.e. infinite sequences of states) Trace t satisfies property P, written t P, iff t P t: b t iff t. t = b t i.e. b is a finite prefix of t b: t : 25

Safety and Liveness Properties Safety properties Alpen & Schneider (1985, 1987) Nothing bad happens partial correctness, program safety, access control Liveness properties Something good happens Termination, guaranteed service, availability Theorem: P. P = Safe P Live P Each property can be represented as a combination of safety and liveness properties. 26

Safety Properties Safety property S: Nothing bad happens A bad thing is finitely observable and irremediable S is a safety property iff t. t S b. finite b b t u. b u u S t : b : a finite prefix b always causes the bad thing Safety is typically proven by induction. Safety properties may be enforced by run-time monitors. Safety is testable (i.e. we can test for non-safety) 27

Liveness Properties Liveness property L: Good things will happen A good thing is always possible and possibly infinite: L is a liveness property iff t. finite t g. t g g L t : g : i.e. all finite traces t can be extended to a trace g in L. Liveness is typically proven by well-foundedness. 28

Underspecification and Nondeterminism A system S is characterised by a set of traces, S A system S satisfies a property P, written S P iff S P Why more than one trace? Difference between: Underspecification or loose specification we specify several possible implementations, but each implementation should be deterministic. Non-determinism different program runs might result in different traces. Example: a simple can vending machine. Insert coin, chose brand, dispense drink. Non-determinisim due to internal or external choice. 29

Security Policies Many security policies are not properties! Examples: Non-Interference (Goguen & Meseguer 1982) Commands of high users have no effect on observations of low users Average response time is lower than k. Security policies are examples of hyperproperties. A hyperproperty H is a set of properties i.e. a set of set of traces. System S satisfies H, S H, iff S H. 31

Structuring the Development SSQ, 36 WS 15/16

Structure in the Development Horizontal structuring Modularization into components Composition and Decomposition Aggregation Vertical structuring Abstraction and refinement from design specification to implementation Declarative vs. imparative specification Inheritence Layers / Views Adresses multiple aspects of a system Behavioral model, performance model, structural model, analysis model(e.g. UML, SysML) 37

Horizontal Structuring (informal) Composition of components Dependent on the individual layer of abstraction E.g. modules, procedures, functions, Example: 38

Horizontal Structuring: Composition Given two systems S 1, S 2, their sequential composition is defined as S 1 ; S 2 = s t s S 1, t S 2 } All traces from S 1, followed by all traces from S 2. Given two traces s, t, their interleaving is defined (recursively) as <> t = t s <> = s a s b t = a u u s b t } { b u u a s t} Given two systems S 1, S 2, their parallel composition is defined as S 1 S 2 = { s t s S 1, t S 2 } Traces from S 1 interleaved with traces from S 2. 39

Vertical Structure - Refinement Data refinement Abstract datatype is implemented in terms of the more concrete datatype Simple example: define stack with lists Process refinement Process is refined by excluding certain runs Refinement as a reduction of underspecification by eliminating possible behaviours Action refinement Action is refined by a sequence of actions E.g. a stub for a procedure is refined to an executable procedure 40

Refinement and Properties Refinement typically preserves safety properties. This means if we start with an abstract specification which we can show satisfies the desired properties, and refine it until we arrive at an implementation, we have a system for the properties hold by construction: SP SP 1 SP 2 Imp However, security is typically not preserved by refinement nor by composition! 43

Security and Composition Only complete bicycles are allowed to pass the gate. Secure! Secure! 44

Security and Composition Only complete bicycles are allowed to pass the gate. Insecure! 45

A Formal Treatment of Refinement Def: T is a refinement of S if S T T S Remark: a bit too general, but will do here. Theorem: Refinement preservers properties: If S P and S T, then T P. Proof: Recall S P S P, and S T T S, hence T P T P. However, refinement does not preserve hyperproperties. Why? S H S H, but H not closed under subsets. 46

Conclusion & Summary Software development models: structure vs. flexibility Safety standards such as IEC 61508, DO-178B suggest development according to V-model. Specification and implementation linked by verification and validation. Variety of artefacts produced at each stage, which have to be subjected to external review. Properties: sets of traces hyperproperties: sets of properties Structuring of the development: Horizontal e.g. composition Vertical refinement (data, process and action ref.) Refinement preserves properties (safety), but not hyperproperties (security). 47

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information