Correctness by Construction(CByC) Maturity of Approach Fundamental Principles Achieving the Fundamental Principles Requirements Engineering Formal Specification and Design Development Results Correctness by Construction: A Manifesto for High-Integrity Software – p.
Maturity of Approach There are two primary goals: Deliver software with defect rates an order of magnitude lower than current best commercial practices in a cost-effective manner. Deliver durable software that is resilient to change throughout its life cycle. Correctness by Construction: A Manifesto for High-Integrity Software – p.
Fundamental Principles Key is to introduce sufficient precision at each step of the software development to enable reasoning about the correctness of that step. Software development approaches endure a lack of precision that makes it very easy to introduce errors. Rigor and precision of this approach means that the requirements are more likely to be correct, the system is more likely to be the correct system to meet the requirements, the implementation is more likely to be defect free, and upgrades are more likely to retain the original correctness properties. Correctness by Construction: A Manifesto for High-Integrity Software – p.
Impact of CByC The requirements are more likely to be correct. The system is more likely to be the correct system to meet the requirements. The implementation is more likely to be defect-free. Upgrades are more likely to retain the original correctness properties. Correctness by Construction: A Manifesto for High-Integrity Software – p.
Achieving Fundamentals Principles Achieved by a combination of the following six strategies: Using a sound, formal notation for all deliverables. Using strong, tool-supported methods to validate each deliverable. Carrying out small steps and validating the deliverable from each step. Saying things only once. Designing software that is easy to validate. Doing the hard things first. Correctness by Construction: A Manifesto for High-Integrity Software – p.
Requirements Engineering A clear distinction at the requirements stage must be made between User requirements System specifications Domain knowledge Correctness by Construction: A Manifesto for High-Integrity Software – p.
Formal Specification and Design Using matematical ( or formal ) methods and notations to define the specification and high-level design provide both a precise description of behavior model of its characteristics Correctness by Construction: A Manifesto for High-Integrity Software – p.
Development The CByC approach applies rigor to all software development phases, including detailed design, implementation and verification. It defines a software design methodology based on information flow that can be expressed using the unambigious notation. It works best with programming languages that mathematically verifiable. Correctness by Construction: A Manifesto for High-Integrity Software – p.
Results CByC is effective due to: Defects are removed early in the process when changes are cheap. Evidence for safety or security certification is produced naturally as a byproduct of the process. Early iterations produce software that carries out useful functions and builds confidence in the project. Correctness by Construction: A Manifesto for High-Integrity Software – p.
Graphs Correctness by Construction: A Manifesto for High-Integrity Software – p. 1
Graphs Correctness by Construction: A Manifesto for High-Integrity Software – p. 1
Barriers to Adoption Two kinds of barriers found: Cultural mindset or awareness barrier. Practical barriers How to acquire the necessary capability or expertise How to introduce the changes necessary to make the improvements Correctness by Construction: A Manifesto for High-Integrity Software – p. 1
Overcoming the barriers Requires effort from suppliers, procurers, and regulators Requires involvment at the individual, project and organizational level. Requires strong motivation and leadership in senior management level where the costs of poor quality are most likely experienced. Correctness by Construction: A Manifesto for High-Integrity Software – p. 1
Maximizing the benefits Use CByC with other software processes Team Software Process (TSP) Personal Software Process (PSP) Correctness by Construction: A Manifesto for High-Integrity Software – p. 1
Conclusions Critical software subsystems are now large enough such that conventional development processes cannot get anywhere near reducing defect rates to tolerable levels. A mature approach is attainable while maintaining productivity levels and overall cost effectiveness. Low-defect rates needed for high-integrity software can be achieved for many million lines of code. Correctness by Construction: A Manifesto for High-Integrity Software – p. 1
References “Correctness by Construction: A Manifesto for High-Integrity Software”; Croxford, M. Chapman, R.; CrossTalk, Dec. 2005 “Providing trusted components to the industry”; Myers, B. Mingins, C. Schmidt, H.; IEEE, Computer, Vol. 31, Issue 5, May, 1998, pages 104-105 “Automating the Object-Oriented Software Development Process”; Aksit, M. Tekinerdogan, B.; Lectures in Computer Science, Springer-Verlag, Vol. 1543 / 1998, Object Oriented Technology - ECOOP’98 Workshop, July 1998. Correctness by Construction: A Manifesto for High-Integrity Software – p. 1
Recommend
More recommend
