lecture 03 26 10 2015
play

Lecture 03 (26.10.2015) The Software Development Process Christoph - PowerPoint PPT Presentation

Nov 07, 2023 •375 likes •757 views

Systeme hoher Qualitt und Sicherheit Universitt Bremen WS 2015/2016 Lecture 03 (26.10.2015) The Software Development Process Christoph Lth Jan Peleska Dieter Hutter SSQ, WS 15/16 Your Daily Menu Models of software

  1. Systeme hoher Qualität und Sicherheit Universität Bremen WS 2015/2016 Lecture 03 (26.10.2015) The Software Development Process Christoph Lüth Jan Peleska Dieter Hutter SSQ, WS 15/16

  2. Your Daily Menu Models of software development The software development process, and its rôle in safety-  critical software development. What kind of development models are there?  Which ones are useful for safety-critical software  – and why? What do the norms and standards say?  Basic notions of formal software development What is formal software development?  How to specify: properties and hyperproperties  Structuring of the development process  SSQ, WS 15/16 2

  3. Where are we? 01: Concepts of Quality 02: Legal Requirements: Norms and Standards 03: The Software Development Process 04: Hazard Analysis 05: High-Level Design with SysML 06: Formal Modelling with SysML 07: Detailed Specification with SysML 08: Testing 09 and 10: Program Analysis 11: Model-Checking 12: Software Verification (Hoare-Calculus) 13: Software Verification (VCG) 14: Conclusions SSQ, WS 15/16 3

  4. Software Development Models SSQ, WS 15/16

  5. Software Development Process A software development process is the structure imposed on the development of a software product. We classify processes according to models which specify the artefacts of the development, such as  ► the software product itself, specifications, test documents, reports, reviews, proofs, plans etc the different stages of the development,  and the artefacts associated to each stage.  Different models have a different focus: Correctness, development time, flexibility.  What does quality mean in this context? What is the output ? Just the sofware product, or more?  (specifications, test runs, documents, proofs…) SSQ, WS 15/16 5

  6. Agile Methods Prototype-driven development E.g. Rapid Application Development  Development as a sequence of prototypes  Ever-changing safety and security requirements  Agile programming E.g. Scrum, extreme programming  Development guided by functional requirements  Process structured by rules of conduct for developers  Less support for non-functional requirements  Test-driven development Tests as executable specifications: write tests first  Often used together with the other two  SSQ, WS 15/16 6

  7. Waterfall Model (Royce 1970) Classical top-down sequential workflow with strictly separated phases. Requirement Design Implementation Verification Maintenance Unpractical as actual workflow (no feedback between phases), but even early papers did not really suggest this. SSQ, WS 15/16 7

  8. Spiral Model (Böhm, 1986) Incremental development guided by risk factors Four phases: Determine objectives  Analyse risks  Development and test  Review, plan next iteration  See e.g. Rational Unified Process (RUP)  Drawbacks: Risk identification is the key, and can be quite difficult  SSQ, WS 15/16 8

  9. Model-Driven Development (MDD, MDE) Describe problems on abstract level using a modelling language (often a domain-specific language ), and derive implementation by model transformation or run-time interpretation. Often used with UML (or its DSLs, eg. SysML) Variety of tools: Rational tool chain, Enterprise Architect, Rhapsody, Papyrus,  Artisan Studio, MetaEdit+, Matlab/Simulink/Stateflow* EMF (Eclipse Modelling Framework)  Strictly sequential development Drawbacks: high initial investment, limited flexibility * Proprietary DSL – not related to UML SSQ, WS 15/16 9

  10. V-Model Evolution of the waterfall model: Each phase is supported by a corresponding testing  phase (verification & validation) Feedback between next and previous phase  Standard model for public projects in Germany … but also a general term for models of this „ shape “  SSQ, WS 15/16 10

  11. Software Development Models Flexibility Prototype-based Agile developments Methods Spiral model V-model Waterfall Model-driven model developement Structure from S. Paulus: Sichere Software SSQ, WS 15/16 11

  12. Development Models for Critical Systems SSQ, WS 15/16 12

  13. Development Models for Critical Systems Ensuring safety/security needs structure. …but too much structure makes developments  bureaucratic, which is in itself a safety risk. Cautionary tale: Ariane-5  Standards put emphasis on process . Everything needs to be planned and documented.  Key issues: auditability, accountability, traceability.  Best suited development models are variations of the V- model or spiral model. A new trend? V-Model for initial developments of a new product  Agile models (e.g. SCRUM) for maintenance and product  extensions SSQ, WS 15/16 13

  14. The Safety Life Cycle (IEC 61508) Planning Realisation Operation E/E/PES: Electrical/Electronic/Programmable Electronic Safety-related Systems SSQ, WS 15/16 14

  15. Development Model in IEC 61508 IEC 61508 prescribes certain activities for each phase of the life cycle. Development is one part of the life cycle. IEC 61508 recommends V-model. SSQ, WS 15/16 15

  16. Development Model in DO-178B DO-178B defines different processes in the SW life cycle: Planning process  Development process, structured in turn into  ► Requirements process Design process ► Coding process ► Integration process ► Verification process  Quality assurance process  Configuration management process  Certification liaison process  There is no conspicuous diagram, but the Development Process has sub-processes suggesting the phases found in the V-model as well. Implicit recommendation of the V-model.  SSQ, WS 15/16 16

  17. Traceability The idea of being able to follow requirements (in particular, safety requirements) from requirement spec to the code (and possibly back). On the simplest level, an Excel sheet with (manual) links to the program. More sophisticated tools include DOORS. Decompose requirements, hierarchical requirements  Two-way traceability: from code, test cases, test  procedures, and test results back to requirements Eg. DO-178B requires all code derives from requirements  SSQ, WS 15/16 20

  18. Artefacts in the Development Process Planning : Document plan Possible formats : • V&V plan Word documents • • QM plan Excel sheets • • Test plan Wiki text • • Project manual Database (Doors) • • Specifications : UML/SysML diagrams • Safety requirement spec. • Formal languages: • System specification • Z, HOL, etc. • Detail specification • Statecharts or • User document (safety • similar diagrams reference manual) Implementation : Source code • Code • Verification & validation: Documents must be identified and Code review protocols • reconstructable . Test cases, procedures, • Revision control and configuration • and test results, management mandatory . Proofs • SSQ, WS 15/16 21

  19. Basic Notions of Formal Software Development SSQ, WS 15/16

  20. Formal Software Development In formal development, properties are stated in a rigorous way with a precise mathematical semantics. These formal specifications can be proven . Advantages: Errors can be found early in the development process, saving  time and effort and hence costs. There is a higher degree of trust in the system.  Hence, standards recommend use of formal methods for high  SILs/EALs. Drawback: Higher effort  Requires qualified personnel (that would be you ).  There are tools which can help us by finding (simple) proofs for us, or  checking our (more complicated) proofs.  SSQ, WS 15/16 23

  21. Formal Software Development informal specification abstract Mathematical notions specification Horizontal Proofs Verification by Programming Test • Program analysis Implemen- • Model checking tation • Formal proof • SSQ, WS 15/16 24

  22. A General Notion of Properties Defn: a property is a set of infinite execution traces (i.e. infinite sequences of states) … Trace t satisfies property P, written 𝑢 ⊨ 𝑄 , iff 𝑢 ∈ 𝑄 t: b: b ≤ t iff ∃𝑢 ′ . 𝑢 = 𝑐 ⋅ 𝑢′ t‘ :  i.e. b is a finite prefix of t SSQ, WS 15/16 25

  23. Safety and Liveness Properties Alpen & Schneider (1985, 1987) Safety properties  Nothing bad happens  partial correctness, program safety, access control Liveness properties  Something good happens  Termination, guaranteed service, availability Theorem :  P . P = Safe P  Live P  Each property can be represented as a combination of safety and liveness properties. SSQ, WS 15/16 26

  24. Safety Properties Safety property S: „Nothing bad happens “ A bad thing is finitely observable and irremediable S is a safety property iff ∀𝑢. 𝑢 ∉ 𝑇 → ∃𝑐. finite 𝑐 ∧ 𝑐 ≤ 𝑢 → ∀𝑣. 𝑐 ≤ 𝑣 → 𝑣 ∉ 𝑇  t : b : a finite prefix b always causes the bad thing  Safety is typically proven by induction. Safety properties may be enforced by run-time monitors.  Safety is testable (i.e. we can test for non-safety)  SSQ, WS 15/16 27

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

CS173 Lecture B, November 3, 2015 Tandy Warnow November 10, 2015 CS 173, Lecture B November 3,

CS173 Lecture B, November 3, 2015 Tandy Warnow November 10, 2015 CS 173, Lecture B November 3,

CS173 Lecture B, November 3, 2015 Tandy Warnow November 10, 2015 CS 173, Lecture B November 3, 2015 Tandy Warnow Problem 1 Prove (by induction on n , the number of vertices in G ) that every simple graph G can be properly vertex-colored using

612 views • 27 slides
Approximation Algorithms Lecture 8 September 17, 2015 Sariel (UIUC) New CS473 1 Fall 2015 1

Approximation Algorithms Lecture 8 September 17, 2015 Sariel (UIUC) New CS473 1 Fall 2015 1

NEW CS 473: Theory II, Fall 2015 Approximation Algorithms Lecture 8 September 17, 2015 Sariel (UIUC) New CS473 1 Fall 2015 1 / 39 Todays Lecture Dont give up on NP-Hard problems: (A) Faster exponential time algorithms: n O ( n ) , 3 n

2.01k views • 160 slides
ECON4910 Environmental economics, Spring 2015 Michael Hoel: Lecture 12: International

ECON4910 Environmental economics, Spring 2015 Michael Hoel: Lecture 12: International

ECON4910 Environmental economics, Spring 2015 Michael Hoel: Lecture 12: International environmental agreements Updated March 16, 2015 Please bring lecture note to lecture. Reading: Perman et al. (2011): Sections 9.1-9.3 Barrett (2005) Hoel:

827 views • 34 slides
Lecture 3 Last mile data collection and Tracking Winter 2015 Richard Anderson 1/21/2015

Lecture 3 Last mile data collection and Tracking Winter 2015 Richard Anderson 1/21/2015

Computing and Global Health Lecture 3 Last mile data collection and Tracking Winter 2015 Richard Anderson 1/21/2015 University of Washington, Winter 2015 1 Todays topics Readings and assignments Cold chain assignment review

621 views • 42 slides
Lecture 5 Logistics Winter 2015 Richard Anderson 1/28/2015 University of Washington, Winter

Lecture 5 Logistics Winter 2015 Richard Anderson 1/28/2015 University of Washington, Winter

Computing and Global Health Lecture 5 Logistics Winter 2015 Richard Anderson 1/28/2015 University of Washington, Winter 2015 1 Todays topics Ron Pankiewicz, Village Reach GAVI Supply Chain Strategy Logistics requirements

590 views • 36 slides
ECON 4910 Environmental economics; spring 2015 Michael Hoel: Lecture note 10: Climate policy I

ECON 4910 Environmental economics; spring 2015 Michael Hoel: Lecture note 10: Climate policy I

ECON 4910 Environmental economics; spring 2015 Michael Hoel: Lecture note 10: Climate policy I (taxes, quotas) Updated April 7, 2015 Please bring lecture note and EEAG report to lecture. Reading: Perman et al. (2011). Sections 9.5 and 16.1

104 views • 7 slides
Intro INF4140 - Models of concurrency Intro, lecture 1 Hsten 2015 24. 08. 2015 2 / 44

Intro INF4140 - Models of concurrency Intro, lecture 1 Hsten 2015 24. 08. 2015 2 / 44

Intro INF4140 - Models of concurrency Intro, lecture 1 Hsten 2015 24. 08. 2015 2 / 44 Todays agenda Introduction overview motivation simple examples and considerations Start a bit about concurrent programming with critical sections

783 views • 44 slides
attention, memory & reasoning 12.06.2015 MGK Lecture N.Lewandowski SoSe 2015 What is

attention, memory & reasoning 12.06.2015 MGK Lecture N.Lewandowski SoSe 2015 What is

Topics in Cognitive Science attention, memory & reasoning 12.06.2015 MGK Lecture N.Lewandowski SoSe 2015 What is attention? Experiment: Try to notice all the objects and people that surround you here in this room: all the shapes,

507 views • 34 slides
Lecture 4 Medical Record Systems Winter 2015 Richard Anderson 1/28/2015 University of

Lecture 4 Medical Record Systems Winter 2015 Richard Anderson 1/28/2015 University of

Computing and Global Health Lecture 4 Medical Record Systems Winter 2015 Richard Anderson 1/28/2015 University of Washington, Winter 2015 1 Todays topics Paper to Digital, Nicki Dell Readings and assignments Medical Records in

976 views • 33 slides
Presentation of XML Patryk Czarnik XML and Applications 2014/2015 Lecture 11 12.01.2015

Presentation of XML Patryk Czarnik XML and Applications 2014/2015 Lecture 11 12.01.2015

Presentation of XML Patryk Czarnik XML and Applications 2014/2015 Lecture 11 12.01.2015 Separation of content and formatting According to best XML practices: Documents consist of content / data. T ags are for structure and meaning

1.11k views • 74 slides
Lecture 7 Treatment support and mobile devices Winter 2015 Richard Anderson 2/18/2015

Lecture 7 Treatment support and mobile devices Winter 2015 Richard Anderson 2/18/2015

Computing and Global Health Lecture 7 Treatment support and mobile devices Winter 2015 Richard Anderson 2/18/2015 University of Washington, Winter 2015 1 Todays topics Aditya Vashistha Voice based messaging Treatment Support

497 views • 34 slides
Lecture 6 Patient Support Winter 2015 Richard Anderson 2/11/2015 University of Washington,

Lecture 6 Patient Support Winter 2015 Richard Anderson 2/11/2015 University of Washington,

Computing and Global Health Lecture 6 Patient Support Winter 2015 Richard Anderson 2/11/2015 University of Washington, Winter 2015 1 Todays topics Trevor Perrier, SMS Phone messaging Messaging technologies Example Projects

425 views • 38 slides
The two film theory p g p i Interface c i c l David Reckhow CEE 577 #32 2 1 CEE 577

The two film theory p g p i Interface c i c l David Reckhow CEE 577 #32 2 1 CEE 577

CEE 577 Lecture #32 12/28/2015 Updated: 28 December 2015 Print version Lecture #32 Toxics: Volatilization, Photolysis, Hydrolysis and Biodegradation: Recapitulation and Simplified Forms (Chapra, L41, L42, L43 & L44) David Reckhow CEE 577

123 views • 9 slides
EC476 Contracts and Organizations, Part III: Lecture 1 Leonardo Felli 32L.G.06 12 January 2015

EC476 Contracts and Organizations, Part III: Lecture 1 Leonardo Felli 32L.G.06 12 January 2015

EC476 Contracts and Organizations, Part III: Lecture 1 Leonardo Felli 32L.G.06 12 January 2015 Course Outline Law and Economics Lecture 1: Contracts what are they? The Coase Theorem. Lecture 2: Principal Agent: Hidden Information and

730 views • 52 slides
Lecture 07 (23-11-2015) Detailed Specification with SysML Christoph Lth Jan Peleska

Lecture 07 (23-11-2015) Detailed Specification with SysML Christoph Lth Jan Peleska

Systeme hoher Qualitt und Sicherheit Universitt Bremen WS 2015/2016 Lecture 07 (23-11-2015) Detailed Specification with SysML Christoph Lth Jan Peleska Dieter Hutter SSQ, WS 15/16 Where are we? 01: Concepts of Quality 02:

468 views • 18 slides
Computing and Global Health Lecture 2, Surveillance Winter 2015 Richard Anderson 1/14/2015

Computing and Global Health Lecture 2, Surveillance Winter 2015 Richard Anderson 1/14/2015

Computing and Global Health Lecture 2, Surveillance Winter 2015 Richard Anderson 1/14/2015 University of Washington, Winter 2015 1 Todays topics Surveillance problem Issues Health Information systems HISP/DHIS2

607 views • 59 slides
Gitify your life web, blog, configs, data, and backups Richard Hartmann, RichiH@ {

Gitify your life web, blog, configs, data, and backups Richard Hartmann, RichiH@ {

Intro ikiwiki etckeeper vcsh git-annex bup Zsh mr Outro Gitify your life web, blog, configs, data, and backups Richard Hartmann, RichiH@ { freenode,OFTC,IRCnet } , richih.mailinglist@gmail.com 2012-03-11 Richard Hartmann, RichiH@ {

979 views • 45 slides
Clean Code 1 / 24 Clean Code What is clean code? Elegant and efficient. Bjarne

Clean Code 1 / 24 Clean Code What is clean code? Elegant and efficient. Bjarne

Clean Code 1 / 24 Clean Code What is clean code? Elegant and efficient. Bjarne Stroustrup Simple and direct. Readable. Grady Booch Understandable by others, tested, literate. Dave Thomas Code works pretty much as

351 views • 24 slides
CICM 2016, OpenMath workshop Implicit Content Dictionaries in the NIST Digital Repository of

CICM 2016, OpenMath workshop Implicit Content Dictionaries in the NIST Digital Repository of

CICM 2016, OpenMath workshop Implicit Content Dictionaries in the NIST Digital Repository of Mathematical Formulae Moritz Schubotz with material from Howard Cohl 31/07/2016 www.formulasearchengine.com 1 NIST Digital Repository of

403 views • 13 slides
Scalaris: Scalable Web Applications with a Transactional Key-Value Store Nico Kruber Michael

Scalaris: Scalable Web Applications with a Transactional Key-Value Store Nico Kruber Michael

Scalaris Wiki on Scalaris Optimisations Questions Scalaris: Scalable Web Applications with a Transactional Key-Value Store Nico Kruber Michael Berlin Zuse Institut Berlin Parallel and Distributed Systems 5th June @ Berlin Buzzwords 2012

440 views • 32 slides
Gitify your life web, blog, configs, data, and backups Richard Hartmann, RichiH@ {

Gitify your life web, blog, configs, data, and backups Richard Hartmann, RichiH@ {

Intro etckeeper bup ikiwiki git-annex vcsh mr Zsh Outro Gitify your life web, blog, configs, data, and backups Richard Hartmann, RichiH@ { freenode,OFTC,IRCnet } , richih.mailinglist@gmail.com 2013-05-22 Richard Hartmann, RichiH@ {

698 views • 54 slides
Principles of Software Construction: Objects, Design, and Concurrency An Introduction to

Principles of Software Construction: Objects, Design, and Concurrency An Introduction to

Principles of Software Construction: Objects, Design, and Concurrency An Introduction to Object-oriented Programming, Continued. Modules and Inheritance Spring 2014 Charlie Garrod Christian Kstner School of Computer Science

1.13k views • 39 slides
STM32 Ecosystem workshop T.O.M.A.S Team 2 There is right time for some theory We will

STM32 Ecosystem workshop T.O.M.A.S Team 2 There is right time for some theory We will

STM32 Ecosystem workshop T.O.M.A.S Team 2 There is right time for some theory We will demonstrate how to configure SW4STM32 in Release mode to have the final code ready to be programmed in the final application. You can follow this

270 views • 11 slides
Wisdom of the Crowd CS 278 | Stanford University | Michael Bernstein Last time Our major units

Wisdom of the Crowd CS 278 | Stanford University | Michael Bernstein Last time Our major units

Wisdom of the Crowd CS 278 | Stanford University | Michael Bernstein Last time Our major units thus far: Basic ingredients: contribution and norms Scales: starting small, and growing large Groups: strong ties, weak ties, and collaborators

743 views • 55 slides

More recommend