Formal Methods Integration in Software Engineering Isabelle Perseil, Laurent Pautet Workshop UML&FM 2009 / ICFEM 2009 Rio de Janeiro, Brazil, December, the 8th, 2009
Contents Objectives of the C-Method (a new software engineering method) Issues: from non formal to semi-formal, from semi-formal to formal, from formal to semi-formal General approach Define the abstraction levels Introduce intermediate languages to allow the management of the overall process (seamless process, understandable) Make a round-trip between formal and semi-formal notations Conclusions page 1
Objectives of the C-Method 1. A well-defined software development life-cycle with a seamless flow 2. A software development process adapted for DRES 3. A set of (standards) modeling notations (for each purpose, requirements capture, architecture design, etc..) 4. A compositionality of these different notations to ensure they fit together 5. The availability of real-time notations as to describe concurrency, synchronization, etc 6. An early binding of software components to hardware components 7. A possible decomposition of the software architecture that is amenable to processor allocation, schedulability and timing analysis 8. The integration of non-functional requirements 9. The integration of scheduling paradigms within the design process 10. Ease of use of the method, CASE tool support page 2
Starting with the elements of a metamethod The elements identification ensure the exhaustiveness of all the necessary steps page 3
Issues: dealing with heterogeneous languages and their abstraction levels abstraction page 4
Non Functional Functional C-Method and its lifecycle guided by the abstraction levels Proofs / Verification page 5
Detailing the abstraction phase (on the functional part) UseCase Diagram Sequence Diagram Actor Class A cognitive means to deal with complexity (Jeff Kramer) Removing detail Identification of generalizations or common features Use Case Use Cases Model + a controlled language (RDL) informal requirement consistency Dictionary Initial Requirements Document page 6
Realizing the Implementation phase MDD approach (ACCORD/UML) on descending phase of lifecycle Real-time PIM Model Transformation RegulatScre en Test generation Phase d'introduction Phase de croissance Temps Phase de maturité Verification Phase de déclin Total des ventes Scheduling & WCET analysis Concrete techniques: From MARTE to AADL Mapping MARTE AADL ATL Transformations ATL : coding the transformations rules inside modules «component» SpeedRegulator Platform Specific Models Code generation C 1 p «component» RegulatScreen» «compone» ControlRegul C 2 p Plateform Models «component» Syst1 «component» Syst2 CORBA CCM, EJB, XML/SOAP, MW dédié Subset of xuml (fuml) + Action semantics (concrete syntax) +CAL algorithm language ANTLR Ada code generation techniques page 7
Enforcing the formal methods integration: a formal use-case driven method formal uc while ( ( Rank [ q ] / = 0) /\ ( ( Rank [ q ], q ) < (Rank [a_process], a_process ) ) ) do ; done; Why specification Complex S q => Z q PVS proof safety_property : THEOREM invariant(lambda(s:state) : (NOT (s`pi2 = critical AND s`pi1 = critical))) +CAL specification while ( ( Rank [ q ] / = 0) /\ ( ( Rank [ q ], q ) < (Rank [a_process], a_process ) ) ) do skip ; end while ; simple integration MARTE specification SRM modeling framework SW_interaction package SwMutualExclusionResource proofs repository Ada program exit when (Rank ( q )=0) or (Rank (a_process)> (Rank ( q ) ) or (a_process > q ) MARTE2AADL Ocarina AADL specification Concurrency_Control_Protocol property thread enters a critical region : Get_Resource (on the shared data component) exit from a critical region: Release_Resource page 8
PBSE approach: the proof tree page 9
Proof-based use cases: a sub-objectives technique z Root specification sub-problem specification «include» «include» «include»...... Z(a 2 ) Z(k 2 ) Z(n 2 ) «include» «include»......... «include» Z(a h ) z(k t ) z(n u ) [S 1 ] [S j ] [S q ] [S] = i {1,q} [S i ] proofs repository page 10
Proof-based use cases: a sub-objectives technique Approach: the sequent logic eases the sub-proofs representation page 11
Conclusions and future works The C-Method is based upon the use of three standards: +CAL/TAL+ for formal specification MARTE at the Analysis level AADL at the design level Model transformation and code generation seamless process Formal methods are part of the transformation Understandable by the average engineer reuse Other integration techniques: Hybridization ( as used for modeling discrete and continuous time with the Chi language) page 12