Software Design Tools Derek Rayside CS446 / ECE452 June 25, 2010 - PowerPoint PPT Presentation

Software Design Tools Derek Rayside CS446 / ECE452 June 25, 2010

Design Analysis Can we know properties of the design before we build it? e.g., Civil Engineers know how much a bridge will hold before they build it. Math. Discrete Math: Logic; Graph Theory.

Design Prototyping "Plan to throw one away; you will anyhow" -- Fred Brooks Plan to throw away an inexpensive prototype, rather than a complete system. e.g., UI design uses paper prototypes. c.f. "evolutionary prototype" = alpha

Design Conformance Testing Does the code match the design?

Some Software Design Tools Analysis: Prototyping: Testing: ArchStudio Alloy LSEdit Alloy Java PathFinder Korat Spin Haskell / OCaml Randoop Java PathFinder TXL ESC/Java SMV/NuSMV JESS/CLIPS JForge Prolog / Datalog Spec# Crocopat / Grok Microsoft SDV

Design Analysis Tools

Alloy Description: Useful for: first-order logic complex structures + relations protocols + transitive closure logical puzzles for reasoning about structures ASCII syntax visualizer open source http://alloy.mit.edu [D. Jackson book]

Terminology Programmers Mathematicians table relation row / record tuple single-column table unary relation two-column table binary relation What's a three-letter word for "unary relation"? Hint : it has the longest definition of any word in the Oxford English Dictionary.

Spin Description: Useful for: Linear Temporal Logic concurrent systems for reasoning about protocols sequences of events finite state machines temporal quantifiers: simple structures always, eventually, etc program in Promela flood control system property in LTL phone switch [Lucent] Lucent + NASA SIP [Pamela Zave] open source Deep Space 1 [NASA] http://spinroot.com Cassini [NASA] many text books: Mars Rovers [NASA] Holzmann Deep Impact [NASA] Ben-Ari etc.

ArchStudio Description: Useful for: when boxes & arrows a wide variety of software grow up systems Archlight analysis tool software product lines highly extensible multiple variants (e.g., UC Irvine Tektronix oscilliscope Eclipse plugin case study from open source Garlan & Shaw) [Taylor et al text book]

SMV/NuSMV Description: Useful for: Computation Tree Logic concurrent systems for reasoning about Shuttle Digital Autopilot sequences of events engines out (3E/O) like LTL but different TCAS II air traffic control http://nusmv.irst.itc.it/ open source CMU + Italy * 3 [Huth & Ryan textbook]

Java Path Finder (JPF) Description: Useful for: a special JVM concurrent systems program in Java non-deterministic systems property in Java Java prototypes NASA no I/O open source K9 Rover [NASA] http://babelfish.arc.nasa.gov/trac/jpf Livingstone 2 on EO-1 SE464 can probably support

Design Prototyping Tools

Alloy Description: Useful for: first-order logic complex structures + relations protocols + transitive closure logical puzzles for reasoning about structures NP-complete ASCII syntax computations (e.g., visualizer scheduling) open source http://alloy.mit.edu [D. Jackson book]

Java Path Finder (JPF) Description: Useful for: a special JVM concurrent systems program in Java non-deterministic systems property in Java Java prototypes NASA no I/O open source K9 Rover [NASA] http://babelfish.arc.nasa.gov/trac/jpf Livingstone 2 on EO-1 SE464 can probably support

TXL Description: Useful for: rule-based tree prototyping transformations data transformations Queens programming http://txl.ca/ languages

Haskell / OCaml Description: Useful for: functional programming prototyping symbolic languages computations with a strong type system avoid I/O http://haskell.org seL4 http://caml.inria.fr/

JESS, CLIPS, Prolog Description: Useful for: rule engines prototyping rules match facts diagnostic systems blackboard style eg, medicine NASA [CLIPS] business rules Sandia Nat. Labs [JESS] eg, JBoss Drools France [Prolog] AI http://www.jessrules.com/ http://clipsrules.sf.net/

Crocopat / Grok Description: Useful for: a relational calculator prototyping manipulations like a relational query of large datasets engine (eg, SQL) for text prototyping complex SQL files queries http://www.sosy-lab. org/~dbeyer/CrocoPat/ http://swag.uwaterloo.ca

Design Testing Tools

LSEdit architectural conformance concrete architecture vs conceptual architecture c.f.: other tools on these slides are very low-level you've already seen this in action: Bowman et al paper on the Linux Kernel Hassan et al paper on web servers (Apache, etc) guest lecture by Ian Davis

Spec#, JForge, ESC/Java Description: Useful for: check code against specs checking code vs specs first-order logic heap-manipulating static analysis computations Spec# [Microsoft] not numerical JForge [MIT] not I/O ESC/Java [DEC etc] single-threaded

Microsoft Static Driver Verifier (SDV) Testing device drivers is hard: asynchronous and massively re-entrant make complex use of kernel APIs evolve over different HW and OS versions it's hard to directly observe the driver interacting with the OS in a bad way subtle errors may only occur in exceptional situations in the field, and be hard to re-create in the lab Notes: static analysis (tests code without running it) passing SDV is required in order to ship with Windows

Korat automatically generates test inputs from invariants written in repOk() method invariants define legal states of an object Korat generates all (non-isomorphic) legal states use the generated test-inputs for your tests dynamic analysis http://korat.sourceforge.net/

Randoop creates random sequences of method calls looks for "something bad" to happen object contract violations x.equals(x) x.equals(y) <=> y.equals(x) x.equals(y) => x.hashCode()==y.hashCode() programmer-defined badness finds bugs fast! dynamic analysis http://code.google.com/p/randoop/

Some Software Design Tools Analysis: Prototyping: Testing: ArchStudio Alloy LSEdit Alloy Java PathFinder Korat Spin Haskell / OCaml Randoop Java PathFinder TXL ESC/Java SMV/NuSMV JESS/CLIPS JForge Prolog / Datalog Spec# Crocopat / Grok Microsoft SDV