Discussion KIT University of the State of Baden-Wuerttemberg and - - PowerPoint PPT Presentation

discussion
SMART_READER_LITE
LIVE PREVIEW

Discussion KIT University of the State of Baden-Wuerttemberg and - - PowerPoint PPT Presentation

Apr 01, 2023 287 likes •400 views

Combining Formal & Agile Methods KeY Symposium 2010 25. May 2010 David Farag, LFM Motivation and Introduction Discussion KIT University of the State of Baden-Wuerttemberg and www.kit.edu National Research Center of the Helmholtz

slide-1
SLIDE 1

Motivation and Introduction Discussion

KIT – University of the State of Baden-Wuerttemberg and National Research Center of the Helmholtz Association

David Faragó, LFM

www.kit.edu

Combining Formal & Agile Methods

KeY Symposium 2010

  • 25. May 2010
slide-2
SLIDE 2

2 25.05.2010

www.kit.edu

Intro: AM

Iterative software development: requirements and solutions evolve set of engineering best practices rapid delivery of high-quality software Agile values defined in the Agile Manifesto [Fowler, Martin et al. 2001]

individuals and interactions over processes and tools working software over comprehensive documentation customer collaboration over contract negotiation responding to change over following a plan

Key requirements

rapid delivery of working software flexible towards changes

David Faragó – FM & AM

slide-3
SLIDE 3

3 25.05.2010

www.kit.edu

Motivation

FM & AM: two major means for better quality of software FM can improve AM and vice versa, see below Fraction of organizations that adopted AM: 2/3 [Ambler, Scott 2008]; 1/3 [Forrester 2009] Events: 2007: Reiner‘s talk at the KeY-Symposium 2007 about FM & AM: „FM align very well with some AM principles― 2009: FM+AM workshop founded; Agile Conference: 40% growth [Rainsberger, J.B. 2009]: „Contract-based testing should replace integration tests in agile development― [OpenDO 2009]: Project AGILE about agile development of safety critical software; certifications for DO178B and others mentioned in [Black, Sue et al. 2008]

David Faragó – FM & AM

slide-4
SLIDE 4

4 25.05.2010

www.kit.edu

Intro: Agile process (Scrum & XP example)

David Faragó – FM & AM

task sprint

rough analysis & design tasks b a c k l o g s products sprints potentially shippable, incremented product

done 1-2 man-days 1-4 weeks

Continuous Integration (CI) via regression testing and simple static analysis (refactor) tests detailed (re-)design (refactor) implementation debug (refactor) specification symbolic exec. debugger and counterexample generation Continuous Integration (CI) via regression testing and FM, e.g. JMLUnit,FindBugs, VBT,MBT,B, simple static analysis

slide-5
SLIDE 5

5 25.05.2010

www.kit.edu

AM deficits

Too little specification and documentation

no knowledge of purpose and direction while navigating through code (e.g. in pair programming) difficult to distribute and re-use components

Refactoring code often causes defects Tracing back from low level artifact to high level requirements Deceptive and insufficient test coverage Test cases are unflexible and require high maintenance

David Faragó – FM & AM

Contracts; Assertions; LTSs Refactoring & JML [Kiniry, Joseph 2009] RAC JMLUnit FindBugs SBMC MBT VBT Counterexample generation Symbolic exececution debugger

exemplary FM

slide-6
SLIDE 6

6 25.05.2010

www.kit.edu

FM deficits

Often do not scale; infeasible Many faults during verification are caused by errors in specification Heavy-weight: unflexible & restricted application areas; big design up front;

David Faragó – FM & AM

  • high modularization
  • restricted, small

increments

  • cleaner code
  • continuous conformance checks of spec and code
  • pair programming
  • reviews
  • validation via customer feedback

rapid delivery of increments also applied to specification

AM

slide-7
SLIDE 7

7 25.05.2010

www.kit.edu

To boldly go agile, KeY must address:

Strong modularization and abstraction (for flexibility and rapid delivery) Proof re-use (for ten-minute build) VBT, counterexample generation, symbolic execution debugger Tool integration (e.g. into Eclipse)

JML (refactoring, TDD, contract-based testing, debugging) high degree of automation (for light-weight FM) Flexible tool chaining and language support (full Java with generics, soon closures; other languages)

Most of them are being addressed already 

David Faragó – FM & AM

slide-8
SLIDE 8

8 25.05.2010

www.kit.edu

Thank you for your attention

David Faragó – FM & AM

slide-9
SLIDE 9

9 25.05.2010

www.kit.edu

References

Ambler, Scott (2008). Has agile peaked? Dr. Dobb's, May 07, 2008 http://www.ddj.com/architecture-and-design/207600615 Black, Sue et al. (2008). Formal Versus Agile: Survival of the Fittest. IEEE Computer, vol. 42.9, 37—45, IEEE Computer Society Press. C3 Team (1998). Chrysler goes to „Extremes“, Distributed Computing, October 1998, 24—26. Forrester (2009). Agile Development Method Growing in Popularity. http://www.internetnews.com/dev-news/print.php/3841571 Fowler, Martin et al. (2001). Agile Manifesto. http://agilemanifesto.org Jeffries, Ron et al. (2000). Extreme Programming Installed. Addison-Wesley. Kiniry, Joseph (2009). MSc proposal: Automated Refactoring of Java

  • Contracts. http://secure.ucd.ie/documents/proposals/msc_proposals/Hull09.pdf

OpenDO (2009). Project AGILE. http://www.open-do.org/projects/agile/ Rainsberger, J.B. (2009). Integration Tests are a Scam. Agile 2009 Conference. Takeuchi, Hirotaka and Nonaka, Ikujiro (1986). The New New Product Development Game. Harvard Business Review.

David Faragó – FM & AM

slide-10
SLIDE 10

10 25.05.2010

www.kit.edu

Example: MBT & AM

MBT for CI, TDD and communication using only one kind of spec. (e.g. symbolic transition systems) MBT must be flexible and without BDUF: underspecification must be comfortable, efficiently handled, flexible → AM also for the specifications

David Faragó – FM & AM