Correctness by Construction(CByC) Maturity of Approach Fundamental - - PowerPoint PPT Presentation

Correctness by Construction(CByC)

Maturity of Approach Fundamental Principles Achieving the Fundamental Principles Requirements Engineering Formal Specification and Design Development Results

Correctness by Construction: A Manifesto for High-Integrity Software – p.

Maturity of Approach

There are two primary goals: Deliver software with defect rates an order of magnitude lower than current best commercial practices in a cost-effective manner. Deliver durable software that is resilient to change throughout its life cycle.

Correctness by Construction: A Manifesto for High-Integrity Software – p.

Fundamental Principles

Key is to introduce sufficient precision at each step of the software development to enable reasoning about the correctness of that step. Software development approaches endure a lack of precision that makes it very easy to introduce errors. Rigor and precision of this approach means that the requirements are more likely to be correct, the system is more likely to be the correct system to meet the requirements, the implementation is more likely to be defect free, and upgrades are more likely to retain the

• riginal correctness properties.

Correctness by Construction: A Manifesto for High-Integrity Software – p.

Impact of CByC

The requirements are more likely to be correct. The system is more likely to be the correct system to meet the requirements. The implementation is more likely to be defect-free. Upgrades are more likely to retain the original correctness properties.

Correctness by Construction: A Manifesto for High-Integrity Software – p.

Achieving Fundamentals Principles

Achieved by a combination of the following six strategies: Using a sound, formal notation for all deliverables. Using strong, tool-supported methods to validate each deliverable. Carrying out small steps and validating the deliverable from each step. Saying things only once. Designing software that is easy to validate. Doing the hard things first.

Correctness by Construction: A Manifesto for High-Integrity Software – p.

Requirements Engineering

A clear distinction at the requirements stage must be made between User requirements System specifications Domain knowledge

Correctness by Construction: A Manifesto for High-Integrity Software – p.

Formal Specification and Design

Using matematical ( or formal ) methods and notations to define the specification and high-level design provide both a precise description of behavior model of its characteristics

Correctness by Construction: A Manifesto for High-Integrity Software – p.

Development

The CByC approach applies rigor to all software development phases, including detailed design, implementation and verification. It defines a software design methodology based on information flow that can be expressed using the unambigious notation. It works best with programming languages that mathematically verifiable.

Correctness by Construction: A Manifesto for High-Integrity Software – p.

Results

CByC is effective due to: Defects are removed early in the process when changes are cheap. Evidence for safety or security certification is produced naturally as a byproduct of the process. Early iterations produce software that carries

• ut useful functions and builds confidence in

the project.

Correctness by Construction: A Manifesto for High-Integrity Software – p.

Graphs

Correctness by Construction: A Manifesto for High-Integrity Software – p. 1

Graphs

Correctness by Construction: A Manifesto for High-Integrity Software – p. 1

Barriers to Adoption

Two kinds of barriers found: Cultural mindset or awareness barrier. Practical barriers How to acquire the necessary capability or expertise How to introduce the changes necessary to make the improvements

Correctness by Construction: A Manifesto for High-Integrity Software – p. 1

Overcoming the barriers

Requires effort from suppliers, procurers, and regulators Requires involvment at the individual, project and organizational level. Requires strong motivation and leadership in senior management level where the costs of poor quality are most likely experienced.

Correctness by Construction: A Manifesto for High-Integrity Software – p. 1

Maximizing the benefits

Use CByC with other software processes Team Software Process (TSP) Personal Software Process (PSP)

Correctness by Construction: A Manifesto for High-Integrity Software – p. 1

Conclusions

Critical software subsystems are now large enough such that conventional development processes cannot get anywhere near reducing defect rates to tolerable levels. A mature approach is attainable while maintaining productivity levels and overall cost effectiveness. Low-defect rates needed for high-integrity software can be achieved for many million lines of code.

Correctness by Construction: A Manifesto for High-Integrity Software – p. 1

References

“Correctness by Construction: A Manifesto for High-Integrity Software”; Croxford, M. Chapman, R.; CrossTalk, Dec. 2005 “Providing trusted components to the industry”; Myers, B. Mingins, C. Schmidt, H.; IEEE, Computer, Vol. 31, Issue 5, May, 1998, pages 104-105 “Automating the Object-Oriented Software Development Process”; Aksit, M. Tekinerdogan, B.; Lectures in Computer Science, Springer-Verlag, Vol. 1543 / 1998, Object Oriented Technology - ECOOP’98 Workshop, July 1998.

Correctness by Construction: A Manifesto for High-Integrity Software – p. 1