1
play

1 Why using formal methods (FM)? 4 When there is nothing better to - PDF document

Dec 27, 2022 •256 likes •883 views

1 Last update: 2 June 2004 Programming in the large Bertrand Meyer Chair of Softw are Engineering Programming in the large - Lecture 17 2 Lecture 17: Introducing Formal Methods (with an example) By Jean-Raymond Abrial Chair of Softw are

  1. 1 Last update: 2 June 2004 Programming in the large Bertrand Meyer Chair of Softw are Engineering Programming in the large - Lecture 17 2 Lecture 17: Introducing Formal Methods (with an example) By Jean-Raymond Abrial Chair of Softw are Engineering Programming in the large - Lecture 17 Definition of Formal Methods 3 � Not given yet � Many very different definitions � Give your own at the end of this lecture! Chair of Softw are Engineering Programming in the large - Lecture 17 1

  2. Why using formal methods (FM)? 4 � When there is nothing better to do. � When the risk is too high. � When people have already suffered enough. � When people question their development process. � Decision of using FM is always strategic. Chair of Softw are Engineering Programming in the large - Lecture 17 Which formal method? 5 � This is a difficult question. � Today many formal methods vendors. � FM has becom e a meaningless buzz word. � “Formal” alone does not mean anything. Chair of Softw are Engineering Programming in the large - Lecture 17 Questions to be asked to FM vendors 6 � Is there a theory behind your FM? � What kind of language is your FM using? � Does there exist any REFINEMENT mechanism in your FM? � Do you PROVE anything when using your FM? � Have you got an efficient automatic prover? Chair of Softw are Engineering Programming in the large - Lecture 17 2

  3. Claimed difficulties in using FM 7 � You have to be a mathematician. � Formalism is hard to master. � Not visual enough (no boxes, arrows, etc.). � People will not be able to do formal proofs. Chair of Softw are Engineering Programming in the large - Lecture 17 Genuine difficulties (my own view) 8 � You have to think a lot before final coding. � Incorporation in development process. � Model building is an elaborate activity. � Prover technology has to improve. � Making proofs a design criterium. � Poor quality of requirement documents. Chair of Softw are Engineering Programming in the large - Lecture 17 Application areas 9 � Train system s � Car systems � Avionics and Space � Power station control � Telecom � Defense � Complex databases � Large business network � SmartCard applications � Machine tools � … Chair of Softw are Engineering Programming in the large - Lecture 17 3

  4. Complex systems (1/ 2) 10 � QUESTION: What is common to � an electronic circuit � a file transfer protocol � an airline booking system � a PC operating system � a nuclear plant control system � a SmartCard electronic purse � a launch vehicle flight controller � ANSWER: They are all complex. Chair of Softw are Engineering Programming in the large - Lecture 17 Complex systems (2/ 2) 11 � They are made of many parts. � They interact with a possibly hostile environment. � They involve several executing agents. � They require a high degree of correctness. � Their construction spreads over several years. � Their specifications are subjected to many changes. � Their construction process requires a talented team. Chair of Softw are Engineering Programming in the large - Lecture 17 Discrete systems 12 � These system s operate in an discrete fashion. � Their dynam ical behavior can be abstracted by: � A succession of steady states � Interm ixed with sudden jumps. � The possibility of state changes is enormous. � The change frequency is unthinkable. � Such systems are called transition systems. Chair of Softw are Engineering Programming in the large - Lecture 17 4

  5. Reasoning about (discrete) systems 13 � Two broad categories: � Test reasoning (98% ) � Blue Print reasoning (10% ) Chair of Softw are Engineering Programming in the large - Lecture 17 Test reasoning 14 � Based on laboratory execution. � Obvious incompleteness. � The oracle is usually m issing. � Often implies postponing serious thinking. � Re-adapting and re-shaping after testing. � Reveals an imm ature technology. Chair of Softw are Engineering Programming in the large - Lecture 17 “Blue Print” reasoning 15 � Based on a model: the “blue print”. � Describing the system with the required precision. � Completeness can be approached. � Serious thinking made on the m odel, not on the final system. � This is validated by proofs. � Reveals a mature technology. Chair of Softw are Engineering Programming in the large - Lecture 17 5

  6. Incorporation within the development process 16 � Carefully rewriting the requirem ent document. � Develop models by successive refinement. � Prove each refinement step. � Use efficient tools for: � Analyzing formal texts. � Generating proof statem ents. � Proving (as much as possible automatically). Chair of Softw are Engineering Programming in the large - Lecture 17 Example: a mechanical press 17 � Presenting the rewritten requirement document. � Partial development of models by successive refinem ent. Chair of Softw are Engineering Programming in the large - Lecture 17 Mechanical press schema 18 MOTOR ROD SLI DE TOOL PART Chair of Softw are Engineering Programming in the large - Lecture 17 6

  7. Basic equipment 19 � A vertical slide with a tool at its lower extrem ity. � An electrical rotating motor. � A connecting rod transform ing rotary movem ent to vertical movem ent of slide. � A clutch engaging or disengaging the m otor on the rod. � When the clutch is disengaged, the slide stops “immediately”. Chair of Softw are Engineering Programming in the large - Lecture 17 Initial situation 20 Chair of Softw are Engineering Programming in the large - Lecture 17 Starting the motor 21 Chair of Softw are Engineering Programming in the large - Lecture 17 7

  8. The motor works 22 Chair of Softw are Engineering Programming in the large - Lecture 17 The motor works 23 Chair of Softw are Engineering Programming in the large - Lecture 17 The motor works 24 Chair of Softw are Engineering Programming in the large - Lecture 17 8

  9. Adding a tool 25 Chair of Softw are Engineering Programming in the large - Lecture 17 The motor works 26 Chair of Softw are Engineering Programming in the large - Lecture 17 The motor works 27 Chair of Softw are Engineering Programming in the large - Lecture 17 9

  10. Putting a part 28 Chair of Softw are Engineering Programming in the large - Lecture 17 The motor works 29 Chair of Softw are Engineering Programming in the large - Lecture 17 The motor works 30 Chair of Softw are Engineering Programming in the large - Lecture 17 10

  11. The motor works 31 Chair of Softw are Engineering Programming in the large - Lecture 17 The motor works 32 Chair of Softw are Engineering Programming in the large - Lecture 17 The motor works 33 Chair of Softw are Engineering Programming in the large - Lecture 17 11

  12. The motor works 34 Chair of Softw are Engineering Programming in the large - Lecture 17 The motor works 35 Chair of Softw are Engineering Programming in the large - Lecture 17 The motor works 36 Chair of Softw are Engineering Programming in the large - Lecture 17 12

  13. The motor works 37 Chair of Softw are Engineering Programming in the large - Lecture 17 Engaging the clutch 38 Chair of Softw are Engineering Programming in the large - Lecture 17 The press works 39 Chair of Softw are Engineering Programming in the large - Lecture 17 13

  14. The press works 40 Chair of Softw are Engineering Programming in the large - Lecture 17 The press works 41 Chair of Softw are Engineering Programming in the large - Lecture 17 The press works 42 Chair of Softw are Engineering Programming in the large - Lecture 17 14

  15. The press works 43 Chair of Softw are Engineering Programming in the large - Lecture 17 The press works 44 Chair of Softw are Engineering Programming in the large - Lecture 17 The press works 45 Chair of Softw are Engineering Programming in the large - Lecture 17 15

  16. The press works 46 Chair of Softw are Engineering Programming in the large - Lecture 17 The press works 47 Chair of Softw are Engineering Programming in the large - Lecture 17 The press works 48 Chair of Softw are Engineering Programming in the large - Lecture 17 16

  17. The press works 49 Chair of Softw are Engineering Programming in the large - Lecture 17 The press works 50 Chair of Softw are Engineering Programming in the large - Lecture 17 The press works 51 Chair of Softw are Engineering Programming in the large - Lecture 17 17

  18. The press works 52 Chair of Softw are Engineering Programming in the large - Lecture 17 The press works 53 Chair of Softw are Engineering Programming in the large - Lecture 17 The press works 54 Chair of Softw are Engineering Programming in the large - Lecture 17 18

  19. The press works 55 Chair of Softw are Engineering Programming in the large - Lecture 17 The press works 56 Chair of Softw are Engineering Programming in the large - Lecture 17 The press works 57 Chair of Softw are Engineering Programming in the large - Lecture 17 19

  20. Disengaging the clutch 58 Chair of Softw are Engineering Programming in the large - Lecture 17 The motor works 59 Chair of Softw are Engineering Programming in the large - Lecture 17 The motor works 60 Chair of Softw are Engineering Programming in the large - Lecture 17 20

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

UP and Security: Penetrate-and-patch Overview of UMLsec (aka banana strategy): Jan

UP and Security: Penetrate-and-patch Overview of UMLsec (aka banana strategy): Jan

2 Software Engineering & Security UP and Security: Penetrate-and-patch Overview of UMLsec (aka banana strategy): Jan Jrjens insecure Competence Center for IT Security disruptive Software & Systems Engineering

219 views • 7 slides
Electronic PRO Monitoring in Duke Oncology Clinics World Cancer Congress Presentation Bradford

Electronic PRO Monitoring in Duke Oncology Clinics World Cancer Congress Presentation Bradford

Electronic PRO Monitoring in Duke Oncology Clinics World Cancer Congress Presentation Bradford Hirsch, MD, MBA August 28 rd , 2012 Medicine at Transition Point Medicine at Transition Point Care Redesign Patient Quality Centered Data

457 views • 20 slides
Contactless Mobile Services February 2010 1 Introduction (1/2) The next generation of

Contactless Mobile Services February 2010 1 Introduction (1/2) The next generation of

Contactless Mobile Services February 2010 1 Introduction (1/2) The next generation of telephones will provide contactless services. Mobile usages Emulation of other smartcards NFC Technology Transport Transport Payment Payment

473 views • 26 slides
zyxwvutsrqponmlkjihgfedcbaZYXWVUTSRQPONMLKJIHGFEDCBA API Safe Lifting Conference Brian Salerno,

zyxwvutsrqponmlkjihgfedcbaZYXWVUTSRQPONMLKJIHGFEDCBA API Safe Lifting Conference Brian Salerno,

zyxwvutsrqponmlkjihgfedcbaZYXWVUTSRQPONMLKJIHGFEDCBA API Safe Lifting Conference Brian Salerno, Director July 14, 2015 To promote safety, protect the environment and conserve resources offshore through vigorous regulatory oversight and

296 views • 5 slides
A resource-control model based on deadlock avoidance Antoine Galland Mathieu Baudet

A resource-control model based on deadlock avoidance Antoine Galland Mathieu Baudet

A resource-control model based on deadlock avoidance Antoine Galland Mathieu Baudet antoine.galland@gemplus.com mathieu.baudet@lsv.ens-cachan.fr Gemplus Research Labs LIP6 ENS Cachan INRIA Futurs A resource-control model based on

250 views • 22 slides
Verification of Security Protocols eronique Cortier 1 V July 2nd, 2010 Movep 2010 1 LORIA,

Verification of Security Protocols eronique Cortier 1 V July 2nd, 2010 Movep 2010 1 LORIA,

Introduction on security protocols Formal models Going further Towards more guarantees Verification of Security Protocols eronique Cortier 1 V July 2nd, 2010 Movep 2010 1 LORIA, CNRS - INRIA Cassis project, Nancy Universities 1/102 V

2.12k views • 160 slides
Testing, Installation, Integration and Performance Studies of a Cosmic Ray Tagging System for the

Testing, Installation, Integration and Performance Studies of a Cosmic Ray Tagging System for the

Testing, Installation, Integration and Performance Studies of a Cosmic Ray Tagging System for the Short Baseline Neutrino Program Far Detector (ICARUS) Chris Hilgenberg Colorado State University New Perspectives 5 June 2017 Outline 1) ICARUS

394 views • 15 slides
SEPT 6, 2015 SERMON NOTES Liberating News (With No Footnotes) 1 Timothy 2:1-7 Pastor John Sloan

SEPT 6, 2015 SERMON NOTES Liberating News (With No Footnotes) 1 Timothy 2:1-7 Pastor John Sloan

SEPT 6, 2015 SERMON NOTES Liberating News (With No Footnotes) 1 Timothy 2:1-7 Pastor John Sloan Introduction : Its diffjcult to tune in to drive-time radio for fjve minutes without hearing advertising spots containing dozens of disclaimers:

156 views • 3 slides
On the Science of Power Management: Encouraging Sustainability R&D Erez Zadok Dept. of

On the Science of Power Management: Encouraging Sustainability R&D Erez Zadok Dept. of

On the Science of Power Management: Encouraging Sustainability R&D Erez Zadok Dept. of Computer Science Stony Brook University http://www.fsl.cs.sunysb.edu/ 2/22/2010 1 Zadok - SustainIT'10 - Science of Power Management NSF SciPM

259 views • 15 slides
loaded cajeput oil against Staphylococcus aureus and Pseudomonas aeruginosa -mediated infections

loaded cajeput oil against Staphylococcus aureus and Pseudomonas aeruginosa -mediated infections

Combinatory action of chitosan-based blended films and loaded cajeput oil against Staphylococcus aureus and Pseudomonas aeruginosa -mediated infections Title of the Presentation Joana C. Antunes *, Natlia C. Homem, Marta A. Teixeira, M. Teresa

526 views • 17 slides
Introduction to GIS gis@umd.edu University of Maryland, College Park 2014 Workshop Outline 1.

Introduction to GIS gis@umd.edu University of Maryland, College Park 2014 Workshop Outline 1.

Introduction to GIS gis@umd.edu University of Maryland, College Park 2014 Workshop Outline 1. Introduction What is GIS? 2. What does GIS do and who uses it? 3. ArcGIS software discussion and demonstration. 4. You use ArcGIS and make a

824 views • 25 slides
CSE543 - Introduction to Computer and Network Security Module: Intrusion Detection Professor

CSE543 - Introduction to Computer and Network Security Module: Intrusion Detection Professor

311 views • 18 slides
RANSOMWARE IN ANZ Noushin Shabab Senior Security Researcher at Global Research and Analysis Team

RANSOMWARE IN ANZ Noushin Shabab Senior Security Researcher at Global Research and Analysis Team

RANSOMWARE IN ANZ Noushin Shabab Senior Security Researcher at Global Research and Analysis Team ANZ 1 We believe that everyone from home computer users through to large corporations and governments should be able to protect what

792 views • 34 slides
WORLDWIDE CYBER-ATTACKS: THEIR IMPACT ON THE INTERNATIONAL HEALTH SERVICES AND THEIR ANSWER IN

WORLDWIDE CYBER-ATTACKS: THEIR IMPACT ON THE INTERNATIONAL HEALTH SERVICES AND THEIR ANSWER IN

MOL2NET 2017, International Conference on Multidisciplinary Sciences, 3rd edition. Section 08: LAWSCI-01: Wokshop on Challenges in Law, Technology, Life, and Social Sciences. 25 30 July, 2017. Bilbao, Spain. WORLDWIDE CYBER-ATTACKS: THEIR

78 views • 5 slides
for Security and Services Antonio Rizzo, Alessandro Rossi, Francesco Montefoschi, Giovanni

for Security and Services Antonio Rizzo, Alessandro Rossi, Francesco Montefoschi, Giovanni

CyberPhysical systems for Security and Services Antonio Rizzo, Alessandro Rossi, Francesco Montefoschi, Giovanni Burresi Carlo Festucci, Maurizio Caporali Siena, 14 Sett 2018 Case of study: ATM-Sense TREND Rapine vs Attacchi ATM - Fonte

275 views • 27 slides
International developments in public/private financial information- sharing partnerships

International developments in public/private financial information- sharing partnerships

KEYNOTE ADDRESS: International developments in public/private financial information- sharing partnerships Southern Africa Anti-Money Laundering & Financial Crime Conference 23 & 24 October 2019 at the Indaba Hotel, Johannesburg Nick

453 views • 23 slides
Water tershed ed p plan anning from a g from a water ut er utili ility ty per perspecti

Water tershed ed p plan anning from a g from a water ut er utili ility ty per perspecti

Water tershed ed p plan anning from a g from a water ut er utili ility ty per perspecti ective Jo John hn Kounts Water Program Director Washington Public Utility Districts Association Wh Why ut utili iliti ties need eed water

644 views • 8 slides
V I S U A L I Z A T I O N F O R I T - S E C U R I T Y L . A a r o n K a p l a n (

V I S U A L I Z A T I O N F O R I T - S E C U R I T Y L . A a r o n K a p l a n (

V I S U A L I Z A T I O N F O R I T - S E C U R I T Y L . A a r o n K a p l a n ( k a p l a n @ c e r t . a t ) h t t p : / / C E R T . A T OVERVIEW Motivation Target Group 5 Minutes of design background for techies

855 views • 66 slides
Lec02: x86_64 / Shellcode / Tools Taesoo Kim 2 Administrivia Survey: how many hours did

Lec02: x86_64 / Shellcode / Tools Taesoo Kim 2 Administrivia Survey: how many hours did

1 Lec02: x86_64 / Shellcode / Tools Taesoo Kim 2 Administrivia Survey: how many hours did you spend? (<3h, 6h, 10h, >20h) Please join Piazza An optional recitation at 5-7pm on every Wed (in CoC 052 ) Lab02 is already

394 views • 26 slides
Probabilistic Computation Lecture 15 Computing with Less Randomness, or with Imperfect

Probabilistic Computation Lecture 15 Computing with Less Randomness, or with Imperfect

Probabilistic Computation Lecture 15 Computing with Less Randomness, or with Imperfect Randomness 1 Soundness Amplification for BPP 2 Soundness Amplification for BPP Repeat M(x) t times and take majority 2 Soundness Amplification for

1.78k views • 125 slides
Logistics Project IOStreams III Part 2 (water) due Sunday, Oct 16 th Feedback by

Logistics Project IOStreams III Part 2 (water) due Sunday, Oct 16 th Feedback by

Logistics Project IOStreams III Part 2 (water) due Sunday, Oct 16 th Feedback by Monday Part 3 (block) due Sunday, Oct 30 Inserters and Extractors, Questions? Manipulators, and friends Exam Exam 2 Exam 2 What

368 views • 8 slides
Disclosures High Bleeding Risk Patient with AF Research support VA, NIH, AHA, Janssen,

Disclosures High Bleeding Risk Patient with AF Research support VA, NIH, AHA, Janssen,

12/3/17 Treatment of the Low Stroke Risk or Disclosures High Bleeding Risk Patient with AF Research support VA, NIH, AHA, Janssen, Medtronic, iRhythm, Cardiva, MINTU TURAKHIA, MD MAS AstraZeneca, Boehringer Ingelheim Associate Professor

298 views • 15 slides
Privacy Aspects of Social Graphs Joseph Bonneau Stanford Security Seminar, July 14 2009

Privacy Aspects of Social Graphs Joseph Bonneau Stanford Security Seminar, July 14 2009

Privacy Aspects of Social Graphs Joseph Bonneau Stanford Security Seminar, July 14 2009 University of Cambridge Computer Laboratory Social Context And The Web Everything's Better With Friends... Hyper-presence of friends

1.02k views • 89 slides
U N Landforms in Remote-Sensing Data I P O T S D A M U N I P O T S D A M U N

U N Landforms in Remote-Sensing Data I P O T S D A M U N I P O T S D A M U N

GeoViz Hamburg 2011 Automated Object-Identification for Isolated Transient U N Landforms in Remote-Sensing Data I P O T S D A M U N I P O T S D A M U N I P O Changes in the size and distribution of thermokarst lakes T

295 views • 10 slides

More recommend