CIS 771: Software Specifications. Lecture 1: Course Overview



Similar documents
Rigorous Software Development CSCI-GA

Object-Oriented Design Lecture 4 CSU 370 Fall 2007 (Pucella) Tuesday, Sep 18, 2007

Design by Contract beyond class modelling

Rigorous Software Development CSCI-GA

Introducing Formal Methods. Software Engineering and Formal Methods

Requirements for Software Deployment Languages and Schema

Appendix... B. The Object Constraint

Execution of A Requirement Model in Software Development

Testing, Debugging, and Verification

Requirements / Use Case Specification

Rigorous Software Development CSCI-GA

Software Specification and Testing

Rigorous Software Engineering Hoare Logic and Design by Contracts

Enhance Production in 6 Steps Using Preventive Maintenance

A methodology for secure software design

The Course.

Model Driven Security: Foundations, Tools, and Practice

Debugging. Common Semantic Errors ESE112. Java Library. It is highly unlikely that you will write code that will work on the first go

Using Alloy and UML/OCL to Specify Run-Time Configuration Management: A Case Study

Formal Verification and Linear-time Model Checking

Software Model Checking: Theory and Practice

Chap 1. Introduction to Software Architecture

Structure of Presentation. The Role of Programming in Informatics Curricula. Concepts of Informatics 2. Concepts of Informatics 1

User experience storyboards: Building better UIs with RUP, UML, and use cases

Enterprise Application Development Using UML, Java Technology and XML

TouchDevelop App Development on Mobile Devices

Semantic Analysis: Types and Type Checking

A comparison of BON and Hodge-Mock. oriented software development methodologies

Writing in the Computer Science Major

Home Assignment 4 OCL

Case studies: Outline. Requirement Engineering. Case Study: Automated Banking System. UML and Case Studies ITNP090 - Object Oriented Software Design

Squashing the Bugs: Tools for Building Better Software

Model Driven Business Architecture. Pete Rivett CTO, Adaptive

Datacenter Management Optimization with Microsoft System Center

Managing Successful Software Development Projects Mike Thibado 12/28/05

Functional Programming. Functional Programming Languages. Chapter 14. Introduction

Four strategies to help move beyond lean and build a competitive advantage

Title: Topic 3 Software process models (Topic03 Slide 1).

Lecture 3. Linear Programming. 3B1B Optimization Michaelmas 2015 A. Zisserman. Extreme solutions. Simplex method. Interior point method

22C:22 (CS:2820) Object-Oriented Software Development

1. What are Data Structures? Introduction to Data Structures. 2. What will we Study? CITS2200 Data Structures and Algorithms

An Automated Development Process for Interlocking Software that. Cuts Costs and Provides Improved Methods for Checking Quality.

Formally speaking: How to apply OCL

Construct by Contract: Construct by Contract: An Approach for Developing Reliable Software

Data Modeling Basics

Relational Databases

CMSC 435: Software Engineering Course overview. Topics covered today

The Software Process. The Unified Process (Cont.) The Unified Process (Cont.)

From Workflow Design Patterns to Logical Specifications

.NET and J2EE Intro to Software Engineering

Software Engineering Reference Framework

Introduction to Software Engineering. Adopted from Software Engineering, by Ian Sommerville

Software Code Quality Checking (SCQC) No Clearance for This Secret: Information Assurance is MORE Than Security

Ensure Merge Accuracy in Continuous Integration Development Environments

Software Process for QA

Service Oriented Architecture

Compiler I: Syntax Analysis Human Thought

Software Engineering. What is SE, Anyway? Based on Software Engineering, 7 th Edition by Ian Sommerville

Lecture 1. Basic Concepts of Set Theory, Functions and Relations

Model Checking based Software Verification

Mastering Microsoft Project 2013

Getting started with API testing

Requirements engineering

UNDERGRADUATE COMPUTER SCIENCE EDUCATION: A NEW CURRICULUM PHILOSOPHY & OVERVIEW

An Introduction to Software Engineering

An Introduction to Software Engineering. Ian Sommerville 2004 Software Engineering, 7th edition. Chapter 1 Slide 1

SE464/CS446/ECE452 Software Life-Cycle and Process Models. Instructor: Krzysztof Czarnecki

Software Engineering. Introduction. Software Costs. Software is Expensive [Boehm] ... Columbus set sail for India. He ended up in the Bahamas...

Continuous integration for databases using

Static Analysis. Find the Bug! : Analysis of Software Artifacts. Jonathan Aldrich. disable interrupts. ERROR: returning with interrupts disabled

Federated, Generic Configuration Management for Engineering Data

Applying 4+1 View Architecture with UML 2. White Paper

What makes a good process?

Using Simulation to teach project management skills. Dr. Alain April, ÉTS Montréal

Lecture 3 Topics on Requirements Engineering

Semantic Errors in SQL Queries: A Quite Complete List

Advanced Software Engineering ( -Formal specification, verification, transformation, and application-

Chapter 13 Configuration Management

Interface Design Rules

TECH. Requirements. Why are requirements important? The Requirements Process REQUIREMENTS ELICITATION AND ANALYSIS. Requirements vs.

ONTOLOGY FOR MOBILE PHONE OPERATING SYSTEMS

[Refer Slide Time: 05:10]

IV. The (Extended) Entity-Relationship Model

Questions? Assignment. Techniques for Gathering Requirements. Gathering and Analysing Requirements

Specification and Analysis of Contracts Lecture 1 Introduction

An Approach for Generating Concrete Test Cases Utilizing Formal Specifications of Web Applications

Introduction to Software Engineering

A Software Engineering Senior Design Project Inherited From a Partially Implemented Software Engineering Class Project

Transcription:

CIS 771: Software Specifications Lecture 1: Course Overview Copyright 2001, Matt Dwyer, John Hatcliff, and Rod Howell. The syllabus and all lectures for this course are copyrighted materials and may not be used in other course settings outside of Kansas State University in their current form or modified form without the express written permission of one of the copyright holders. During this course, students are prohibited from selling notes to or being paid for taking notes by any person or commercial firm without the express written permission of one of the copyright holders. Software is... one of the most complex man made artifacts I believe the [spreadsheet product] I m working on now is far more complex than a 747 (jumbo jet airliner) -- Chris Peters (Microsoft, 1992) It s different [from other engineering disciplines] in that we take on novel tasks every time. The number of times [civil engineers] make mistakes is very small. And at first you think, what s wrong with us? It s because it s like we re building the first skyscraper every time. -- Bill Gates (Microsoft, 1992) CIS 771 --- Course Overview 2 1

Software is... one of the most complex man made artifacts Microsoft Word is Microsoft NT 1 million lines of code 16 million lines of code Even pacemakers have 100 thousand lines of code but perhaps software complexity shouldn t even be measured in terms of lines of code, but instead, in terms of number of states CIS 771 --- Course Overview 3 States >> SLOC The size of a system is sometimes more accurately expressed using a semantic point of view the number of different states a system can reach an integer has 4.2 billion possible values an object with 2 ints and a boolean field has 40 thousand quadrillion values How about Windows NT? CIS 771 --- Course Overview 4 2

Software is critical to the conduct of modern life. Process Control (oil, gas, water, ) Transportation (air traffic control, ) Health Care (patient monitoring, device control ) Finance (automatic trading, bank security ) Defense (intelligence, weapons control, ) Manufacturing (precision milling, assembly, ) Failing software costs money and lives! CIS 771 --- Course Overview 5 Failing Software Costs Money Thousands of dollars for each minute of factory down-time Huge losses of monetary and intellectual investment Rocket boost failure (e.g., Arianne 5) Business failures associated with buggy software (Ashton-Tate dbase) CIS 771 --- Course Overview 6 3

Failing Software Costs Lives Potential problems are obvious: Software used to control nuclear power plants Air-traffic control systems Spacecraft launch vehicle control. A well-known and tragic example Therac-25 radiation machine failures CIS 771 --- Course Overview 7 Software is... becoming the dominant component of society s infrastructure. In the future Everything will be monitored/controlled networked watches, clothes, autonomous vehicles, intelligent highways, virtual X rather than physical X These systems may not have manual backup no workarounds for y2k-like problems Failures will be very costly and dangerous CIS 771 --- Course Overview 8 4

Priorities are changing From: Bill Gates Sent: Tuesday, January 15, 2002 2:22 PM To: Microsoft and Subsidiaries: All FTE Subject: Trustworthy computing Trustworthy Computing is computing that is as available, reliable and secure as electricity, water services and telephony. In the past, we've made our software and services more compelling for users by adding new features and functionality We've done a terrific job at that, but all those great features won't matter unless customers trust our software. So now, when we face a choice between adding features and resolving security issues, we need to choose security. These principles should apply at every stage of the development cycle of every kind of software we create Bill CIS 771 --- Course Overview 9 Software is... what you ll be building after graduation. You ll be developing systems in 2020+ in the context we just mentioned Given the importance of software you may be regulated, licensed you may be liable for errors your job may depend on your ability to produce reliable systems CIS 771 --- Course Overview 10 5

Software Development Cycle Requirements Analysis Design Code and Unit Test Subsystem Test System Test CIS 771 --- Course Overview 11 Rigorous/Iterative Development Requirements Planning Design Implementation Evaluation Testing Deployment CIS 771 --- Course Overview 12 6

Current Software Development Methods Are Insufficient Testing samples execution behavior, misses some Systematic Inspections don t scale very well, although they are thorough Rigorous development processes helping but most organizations don t apply them Formal methods are becoming more popular CIS 771 --- Course Overview 13 A Formal Specification is The expression in some formal language and at some level of abstraction of a collection of properties that some system should satisfy [van Lamsweerde] Formal language syntax can be mechanically checked for correctness Abstraction above the level of source code (e.g., C is a formal language) many useful levels of abstraction CIS 771 --- Course Overview 14 7

A Formal Specification is The expression in some formal language and at some level of abstraction of a collection of properties that some system should satisfy [van Lamsweerde] Properties often expressed in some logic, but not necessarily must have a well-defined semantics to be useful Satisfaction generally, should be able to tell if system satisfies the specification ideally (but not usually), satisfaction is decided mechanically CIS 771 --- Course Overview 15 Beware! The notion of formality is often misunderstood (formal vs. rigorous) The definition of formal method varies (see Jacky p. 5) The effectiveness of formal methods is highly debated The application of formal methods in industry is spotty CIS 771 --- Course Overview 16 8

Why Use Formal Methods? A number of reasons (see [van Lamsweerde]) Forces you to think about issues in a systematic way Leads to better design Earlier detection of inconsistencies and flaws A precise reference to see if requirements are satisfied Gives direction to latter development phases (leading to coding) Provide a basis for reuse via specification matching Precise documentation within a team of developers CIS 771 --- Course Overview 17 Formal Methods: Our Perspective Specifications should not be write-only Too often, specs are not consulted after initial writing Specifications should be leveragable in multiple ways At the very least, checked for syntactic well-formedness Used to generate test cases Used as input for specs coming later in the development Semantically analyzable If my system satisfies a spec, can a tool automatically infer that it satisfies some additional properties or invariants We are mainly interested in strong formal methods -- formal methods with tool-supported semantic analysis CIS 771 --- Course Overview 18 9

Iterative Artifact Development Specification Artifact/Information Evaluation CIS 771 --- Course Overview 19 Possible Development Cycle Requirements Design Code CIS 771 --- Course Overview 20 10

In this course... You will study 3 specification languages Alloy: high-level semantic design UML/Statecharts/OCL: code structure and simple behavioral properties ESC/Java: a code-level spec language for specifying Pre/post conditions, invariants, simple data constraints You will use tools for each language to check syntax, simulate, and verify semantic properties properties You will apply each one of these language/tool approaches to a realistic software problem CIS 771 --- Course Overview 21 Formal Methods in Cycle Requirements Alloy Alloy, UML/OCL Design ESC/Java Code CIS 771 --- Course Overview 22 11

Alloy object model describes set of configurations each has a value for each set relation an odd instance Daniel Jackson s family An Alloy model Name mum! name daniel Man wife Person wife Woman An instance of the above Alloy model?? mum claudia mum! judy judy From Daniel Jackson mum tim wife emily mum CIS 771 --- Course Overview 23 Alloy Textual Constraints Syntax Example Constraints formulas e1 in e2 e1 = e2 subset equality all v: S F F true when any atom in S substituted for v expressions all exprs denote sets e1 + e2 e1 & e2 e. r navigation e. +r From Daniel Jackson union intersection transitive closure no incest all p: Person p.wife.mum!= p.mum nobody s her own (grand)mother no p: Woman p in p.+mum our family some daniel, tim: Person daniel.mum = tim.mum && daniel.wife.mum = tim.wife.mum CIS 771 --- Course Overview 24 12

UML, OCL, and USE Unified Modeling Language Class diagrams describe structure of object model Object Constraint Language Enrich class diagrams constrain field values and associations UML-based Specification Environment Define object models Generate model instances Check for constraint violations CIS 771 --- Course Overview 25 Class Diagram with Constraints Student public int ID; public int gpa; 0..* teaches 0..* Faculty public int ID; 1 3..5 Undergraduate Graduate advisor/advisee 0..* 0..* committee CIS 771 --- Course Overview 26 13

USE Specification model Academia class Student attributes ID : Integer gpa : Integer End class Undergraduate < Student class Graduate < Student class Faculty attributes ID : Integer End association teaches between Student[*] Faculty[*] End association advisor between Graduate[*] Faculty[1] end association committee between Graduate[*] Faculty[3-5] end constraints context Student inv gpabound: self.gpa >= 0 & self.gpa <= 4 inv uniqueid: Student.allInstances->forAll( s1, s2 s1!=s1 implies s1.id!= s2.id) context Graduate inv advoncommittee: self.committee->includesall( self.advisee) CIS 771 --- Course Overview 27 Extended Static Checking Specifications of behavior in terms of code Java fields, methods, parameters Trades off expressiveness for automation Halting is undecideable in general Lots of properties can be checked in a reasonable amount of time Introduce specifications as ESC annotations into the code base CIS 771 --- Course Overview 28 14

ESC/Java class Bag { /*@ non_null */ int[] a; int n; //@ invariant 0 <= n && //@ n <= a.length; //@ requires input!= null; Bag(int[] input) { n = input.length; a = new int[n]; System.arraycopy(input, 0, a, 0, n); } } //@ requires n >= 1; int extractmin() { int m = Integer.MAX_VALUE; int mindex = 0; for (int i = 0; i < n; i++) { if (a[i] < m) { mindex = i; m = a[i]; } } n--; a[mindex] = a[n]; return m; } CIS 771 --- Course Overview 29 Summary Software is becoming pervasive and very complex Current development techniques are inadequate Formal methods are not a panacea, but we believe they will be necessary We will learn to use several different formal methods each for different development stages We will emphasize strong formal methods because they are leveragable in multiple ways, and thus more likely to be used in practice. CIS 771 --- Course Overview 30 15

Acknowledgements The quotes on slide 2 are from The Way of Z, by Jonathan Jacky, Cambridge University Press, 1997. The definition of formal specification on slide 11 and 12 is taken from Formal Specification: a Roadmap, by Axel van Lamsweerde, in Future of Software Engineering (Limerick, Ireland). June, 2000. ACM Press. Slides 17 and 18 showing Alloy examples are adapted from Daniel Jackson s slides used in a talk given at Kansas State in Spring 2000. The JML examples are taken from the examples distributed with ESC/Java. CIS 771 --- Course Overview 31 16

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information