HATS: Highly Adaptable & Trustworthy Software Using Formal - - PowerPoint PPT Presentation

hats
SMART_READER_LITE
LIVE PREVIEW

HATS: Highly Adaptable & Trustworthy Software Using Formal - - PowerPoint PPT Presentation

Jun 24, 2023 271 likes •568 views

Titlepage HATS: Highly Adaptable & Trustworthy Software Using Formal Models Reiner H ahnle Chalmers University of Technology, Gothenburg, Sweden Sophia-Antipolis, 23 October 2008 R. H ahnle HATS: Adaptable & Trustworthy

slide-1
SLIDE 1

Titlepage

HATS:

Highly Adaptable & Trustworthy Software Using Formal Models

Reiner H¨ ahnle Chalmers University of Technology, Gothenburg, Sweden Sophia-Antipolis, 23 October 2008

  • R. H¨

ahnle HATS: Adaptable & Trustworthy Software 081023 0 / 13

slide-2
SLIDE 2

Basic Facts

Hats Facts

HATS : Highly Adaptable & Trustworthy Software Using Formal Models

Proposal Data

◮ FP7 FET focused call Forever Yours ◮ Submitted 8 April 2008 ◮ Integrated Project, academically driven ◮ 8 academic partners, 2 industrial research, 1 SME ◮ 7 countries ◮ Negotiations concluded, project start 1 February or 1 March 2009 ◮ 730 PM, EC contribution 5,27 Me over 48 months

  • R. H¨

ahnle HATS: Adaptable & Trustworthy Software 081023 1 / 13

slide-3
SLIDE 3

Consortium

Consortium & Lead Researchers

H¨ ahnle (Coord.) Chalmers Tekniska H¨

  • gskola

SE Johnsen, Steffen Universitetet i Oslo NO Dam, Gurov Kungliga Tekniska H¨

  • gskolan

SE Puebla, Barthe Universidad Polit´ ecnica de Madrid / IMDEA-Sw ES Poetzsch-Heffter University of Kaiserslautern DE Sangiorgi, Zucca Universit` a di Bologna e Genova IT De Boer Centrum voor Wiskunde en Informatica NE Østvold Norsk Regnesentral NO Diakov Fredhopper NE Muthig Fraunhofer IESE DE Clarke, Piessens Katholieke Universiteit Leuven BE

  • R. H¨

ahnle HATS: Adaptable & Trustworthy Software 081023 2 / 13

slide-4
SLIDE 4

Context

Technological and Industrial Context of HATS

Software Dynamics: Adaptability

◮ Large software systems are extremely long-lived ◮ Variability: software must work in plethora of deployment scenarios ◮ Evolvability: frequent and unanticipated changes of requirements

  • R. H¨

ahnle HATS: Adaptable & Trustworthy Software 081023 3 / 13

slide-5
SLIDE 5

Context

Technological and Industrial Context of HATS

Software Dynamics: Adaptability

◮ Large software systems are extremely long-lived ◮ Variability: software must work in plethora of deployment scenarios ◮ Evolvability: frequent and unanticipated changes of requirements

Software Quality: Trustworthiness

◮ Non-functional aspects (security, resources) ever more important ◮ Challenges: product complexity, composability, concurrency ◮ Ensure and maintain intended behaviour

  • R. H¨

ahnle HATS: Adaptable & Trustworthy Software 081023 3 / 13

slide-6
SLIDE 6

Context

Technological and Industrial Context of HATS

Software Dynamics: Adaptability

◮ Large software systems are extremely long-lived ◮ Variability: software must work in plethora of deployment scenarios ◮ Evolvability: frequent and unanticipated changes of requirements

Changes rest on behavioural assumptions New functionality causes security issue

Software Quality: Trustworthiness

◮ Non-functional aspects (security, resources) ever more important ◮ Challenges: product complexity, composability, concurrency ◮ Ensure and maintain intended behaviour

  • R. H¨

ahnle HATS: Adaptable & Trustworthy Software 081023 3 / 13

slide-7
SLIDE 7

Context

Technological and Industrial Context of HATS

Software Dynamics: Adaptability

◮ Large software systems are extremely long-lived ◮ Variability: software must work in plethora of deployment scenarios ◮ Evolvability: frequent and unanticipated changes of requirements

Changes rest on behavioural assumptions New functionality causes security issue

Software Quality: Trustworthiness

◮ Non-functional aspects (security, resources) ever more important ◮ Challenges: product complexity, composability, concurrency ◮ Ensure and maintain intended behaviour

Software Economics: Cost-Efficiency

◮ Automation: far-reaching tool support is essential

  • R. H¨

ahnle HATS: Adaptable & Trustworthy Software 081023 3 / 13

slide-8
SLIDE 8

Challenges

High Adaptability + High Trustworthiness: Challenges

Technology Context

◮ Distributedness ◮ Concurrency ◮ Object-Orientation ◮ Invasive composition

Adaptability

◮ Many deployment scenarios ◮ Rapidly changing requirements ◮ Unanticipated requirements

Trustworthiness

◮ Correctness ◮ Security ◮ Reliability ◮ Efficiency

  • R. H¨

ahnle HATS: Adaptable & Trustworthy Software 081023 4 / 13

slide-9
SLIDE 9

Gap

The Modelling Gap

How to precisely model large, distributed systems? Implementation-oriented Spec#, Java+JML

? ?

Design-oriented UML, FDL Specification level Modeling formalisms

slide-10
SLIDE 10

Gap

The Modelling Gap

How to precisely model large, distributed systems? Implementation-oriented Spec#, Java+JML

? ?

Design-oriented UML, FDL Specification level Modeling formalisms Abstract behavioral HATS ABS language

  • R. H¨

ahnle HATS: Adaptable & Trustworthy Software 081023 5 / 13

slide-11
SLIDE 11

Solution

Proposed Solution

A tool-supported formal method for building highly adaptable and trustworthy software

  • R. H¨

ahnle HATS: Adaptable & Trustworthy Software 081023 6 / 13

slide-12
SLIDE 12

Solution

Proposed Solution

A tool-supported formal method for building highly adaptable and trustworthy software

Ingredients

1

Executable modeling language for adaptable software: Abstract Behavioral Specification(ABS) language

2

Integrated framework and tool architecture

3

Tool suite for analysis and development: Hard feature consistency, data integrity, security, correctness, code generation Soft visualization, test case generation, specification mining, type checking

  • R. H¨

ahnle HATS: Adaptable & Trustworthy Software 081023 6 / 13

slide-13
SLIDE 13

Approach

Formalising Software Family-Based Development

Domain Feature model Existing Formal Methods

SPEC#, JML, UML, OCL, State Diagrams, ... models models

Software Family describes variability parameter space temporal evolution spatial variability System Product System Product system derivation and customization ABS Modeling Language

  • R. H¨

ahnle HATS: Adaptable & Trustworthy Software 081023 7 / 13

slide-14
SLIDE 14

Approach

Scaling Formal Methods to Adaptable Systems

Domain Feature model Existing Formal Methods

SPEC#, JML, UML, OCL, State Diagrams, ... models models

Software Family describes variability parameter space temporal evolution spatial variability System Product System Product system derivation and customization ABS Modeling Language

x

  • R. H¨

ahnle HATS: Adaptable & Trustworthy Software 081023 7 / 13

slide-15
SLIDE 15

Methodology

Methodology

Advanced software validation tools need rigouros and unambigous models

  • R. H¨

ahnle HATS: Adaptable & Trustworthy Software 081023 8 / 13

slide-16
SLIDE 16

Methodology

Methodology

Advanced software validation tools need rigouros and unambigous models

Abstract Behavioral Specification Language

◮ Adaptability concerns drive its design ◮ Formalises successful SWPF development method ◮ Behavioral model: concurrency, composability, modularity, deployment ◮ Abstract away from programming languages, system architecture

  • R. H¨

ahnle HATS: Adaptable & Trustworthy Software 081023 8 / 13

slide-17
SLIDE 17

Methodology

Methodology

Advanced software validation tools need rigouros and unambigous models

Abstract Behavioral Specification Language

◮ Adaptability concerns drive its design ◮ Formalises successful SWPF development method ◮ Behavioral model: concurrency, composability, modularity, deployment ◮ Abstract away from programming languages, system architecture

Implementation-oriented Spec#, Java+JML Design-oriented UML, FDL Abstract behavioral HATS ABS language

  • R. H¨

ahnle HATS: Adaptable & Trustworthy Software 081023 8 / 13

slide-18
SLIDE 18

Methodology

Methodology

Advanced software validation tools need rigouros and unambigous models

Abstract Behavioral Specification Language

◮ Adaptability concerns drive its design ◮ Formalises successful SWPF development method ◮ Behavioral model: concurrency, composability, modularity, deployment ◮ Abstract away from programming languages, system architecture

Validation/verification methods developed in tandem with ABS

◮ Verification exploits ABS language features ◮ Native support of variability ◮ Evolvability: incremental algorithms, code generation, specification mining

  • R. H¨

ahnle HATS: Adaptable & Trustworthy Software 081023 8 / 13

slide-19
SLIDE 19

Model vs Code

System Derivation and Tool Architecture

Executable code ABS model and policy

Our Approach: ABS models annotated with a policy

1

Does the ABS model comply with the policy?

  • security: confidentiality, application-specific policies
  • resource consumption limitations
  • correctness properties

2

Does the code comply with the ABS model, and the policy?

  • Much stronger guarantees possible!
  • Hard to show for hand-written (legacy) code

Our Proposal: compilation and mining

◮ Policy-preserving code generators ◮ Mining ABS specifications from legacy code ◮ Compile variability of ABS model into code-level verification

heuristics

  • R. H¨

ahnle HATS: Adaptable & Trustworthy Software 081023 9 / 13

slide-20
SLIDE 20

Novelty

Novel Aspects

Adaptability as the driver and touchstone for a formal method

◮ First-class support (primitives) in the specification language ◮ Determines architecture and portfolio of verification methods

  • R. H¨

ahnle HATS: Adaptable & Trustworthy Software 081023 10 / 13

slide-21
SLIDE 21

Novelty

Novel Aspects

Adaptability as the driver and touchstone for a formal method

◮ First-class support (primitives) in the specification language ◮ Determines architecture and portfolio of verification methods

Leverage successful adaptive approach to formal setting

◮ Rigorous models of software product families (SWPFs) ◮ Enable tool-supported validation for SWPF

  • R. H¨

ahnle HATS: Adaptable & Trustworthy Software 081023 10 / 13

slide-22
SLIDE 22

Novelty

Novel Aspects

Adaptability as the driver and touchstone for a formal method

◮ First-class support (primitives) in the specification language ◮ Determines architecture and portfolio of verification methods

Leverage successful adaptive approach to formal setting

◮ Rigorous models of software product families (SWPFs) ◮ Enable tool-supported validation for SWPF

A formal basis for development of “eternal systems”

◮ Prepared to integrate unforeseen requirements ◮ Incremental — model-centric — abstract, yet behavioural

  • R. H¨

ahnle HATS: Adaptable & Trustworthy Software 081023 10 / 13

slide-23
SLIDE 23

Advances

Advancing the State of the Art

◮ Formal basis for SWPF-based development ◮ Precise behavioural specification of compositional, distributed systems ◮ Reduced cost of creating and maintaining formal specifications

  • Modeling variability (deployment space)
  • Modularity and compositionality (reusability upon dynamic change)
  • Specification mining, white-box test case generation, visualization
  • Formal models of self∗ properties

◮ Verification of compositional and concurrent systems ◮ Verification of end-to-end properties: security, resources, correctness

  • R. H¨

ahnle HATS: Adaptable & Trustworthy Software 081023 11 / 13

slide-24
SLIDE 24

Expected Impact

Expected Impact

Scientific Technological End-of-project Long term – Formal methods ready to specify and verify behaviour

  • f adaptive software

– Incremental and modular methods – Formal basis for the conver- gence of programming lan- guages and control theory – Routine verification of the implementation of large, dis- tributed, adaptable systems – Integrated tool architecture for wide range of analysis and verification methods – Formalized SWPF-based development clearly showing the benefits of FM – Routine usage of formal methods in development of long-lived software – Can ensure far-reaching correctness, security and re- source guarantees – Multitude of component li- braries specified with ABS

  • R. H¨

ahnle HATS: Adaptable & Trustworthy Software 081023 12 / 13

slide-25
SLIDE 25

Questions

Questions?

  • R. H¨

ahnle HATS: Adaptable & Trustworthy Software 081023 13 / 13

slide-26
SLIDE 26

Why ABS?

The Case for a new Behavioural Specification Language

Essential language features to realize goals

◮ Formal and integrated semantics ◮ Layered architecture: simplicity, separation of concerns ◮ Executability: rapid prototyping, visualization ◮ Abstraction: underspecification, non-determinism, feature model ◮ Variation points in the behavioural interfaces of components ◮ Behavioural types (concurrency/ownership/session) ◮ Module concept for dealing with invasive composition ◮ Realistic, yet language-independent concurrency model

Usability, industry-strength tools demand first-class support of features

  • R. H¨

ahnle HATS: Adaptable & Trustworthy Software 081023 14 / 13

slide-27
SLIDE 27

Why ABS?

Technology Basis of ABS

No existing language fulfills these requirements . . .

  • R. H¨

ahnle HATS: Adaptable & Trustworthy Software 081023 15 / 13

slide-28
SLIDE 28

Why ABS?

Technology Basis of ABS

No existing language fulfills these requirements . . .

. . . but we build on existing work mainly done by consortium members:

◮ The concurrency model of Creol ◮ Behavioural type systems for OO languages and concurrency ◮ Logic-based modeling of resources and security ◮ The CoBox model for modular components ◮ Verification of open, distributed systems ◮ The idea of variation points taken from SWPFs ◮ The Feature Description Language (FDL)

  • R. H¨

ahnle HATS: Adaptable & Trustworthy Software 081023 15 / 13