IFAD

IFAD

www.ifad.dkwww.ifad.dk

Dr Peter Gorm LarsenDr Peter Gorm LarsenIFAD A/SIFAD A/SForskerparken 10AForskerparken 10ADK-5230 Odense MDK-5230 Odense MDenmarkDenmark

Ten Years of Ten Years of Historical Historical DevelopmentDevelopment

““Bootstrapping” Bootstrapping” VDMToolsVDMTools®®

2IFAD

IFAD““Bootstrapping” Bootstrapping” VDMToolsVDMTools®®

What is IFAD? VDMTools overview Staff overview Development environment The “Bootstrapping” process Perspectives

3IFAD

IFADIFAD CapabilitiesIFAD Capabilities

IFAD providesIFAD providesProfessional software development tools that assist Professional software development tools that assist engineers in producing high-quality softwareengineers in producing high-quality software

IFAD ensuresIFAD ensuresTechnology transfer by offering training courses,Technology transfer by offering training courses,customer-specific consultancy, and by organising customer-specific consultancy, and by organising seminarsseminars

IFAD offersIFAD offersSubcontracted software specification and development Subcontracted software specification and development performed by highly qualified and experienced performed by highly qualified and experienced personnelpersonnel

4IFAD

IFADIFAD Organisation ChartIFAD Organisation Chart

Henrik Voss

Management

MarketingQA

Admin.Systems

SubcontractingConsultancy

Sales

Services Projects

Sales

Tools

R&D

VDMTools

Products

MUSTER

R&D

Methods & Tools Training & Simulation

5IFAD

IFADBoeing/Joint Strike Boeing/Joint Strike FighterFighter

6IFAD

IFAD““Bootstrapping” Bootstrapping” VDMToolsVDMTools®®

What is IFAD? VDMTools overview Staff overview Development environment The “Bootstrapping” process Perspectives

7IFAD

IFADVDMToolsVDMTools

8IFAD

IFADIFAD VDMTools IFAD VDMTools AlliancesAlliances

IFAD

ISPRAS,Russia

Sidereus,Portugal

Rational,USA

JFITS,Japan

DDC-I,USA

Aichernig,Austria

Alagar,Canada

SofTools,USA

9IFAD

IFADReferences, World-References, World-widewide

FranceFranceAerospatiale Espace et DefenseAerospatiale Espace et DefenseDassault AviationDassault AviationDasssault ElectroniqueDasssault ElectroniqueCISI CEA et DefenseCISI CEA et DefenseCEA LetiCEA LetiCap GeminiCap GeminiLAASLAASMatra Bae DynamicsMatra Bae Dynamics

U.K.U.K.British Aerospace Systems & British Aerospace Systems & EquipmentEquipmentBritish Aerospace DefenseBritish Aerospace DefenseAdelardAdelardICL Enterprise EngineeringICL Enterprise EngineeringRolls RoyceRolls RoyceTransitive TechnologiesTransitive Technologies

ItalyItalyENEAENEAAnsaldoAnsaldoAlstromAlstrom

The NetherlandsThe NetherlandsDutch Dept. of DefenceDutch Dept. of DefenceOriginOriginChessChess

DenmarkDenmarkDanish RailwaysDanish RailwaysBaan NordicBaan NordicOdense Steel ShipyardOdense Steel ShipyardDDC InternationalDDC International

North AmericaNorth AmericaBoeingBoeingRockwell CollinsRockwell CollinsLockheed MartinLockheed MartinDDC-I, Inc.DDC-I, Inc.Rational Software Corp.Rational Software Corp.Formal Systems Inc.Formal Systems Inc.

JapanJapanRTRI (Japan Railways)RTRI (Japan Railways)JFITSJFITS

GermanyGermanyGAO mbHGAO mbH

More than 150 clients world-wide

10IFAD

IFADVDMToolsVDMTools®® Overview Overview

The Rose-VDM++ Link

Document Generator

Code Generators- C++, Java

Syntax & Type Checker

API (Corba), DL Facility

Interpreter (Debugger)

11IFAD

IFADVDM for Analysis & VDM for Analysis & DesignDesign

Coding Unit Test

SoftwareDesign

Module Test

SystemAnalysis

System TestVDMModel

TestCases

AnimationAnimation

Modelling & ValidationModelling & Validation

Requirements

Final Product

12IFAD

IFADDevelopment Choices Development Choices TakenTaken

Executable modelsTesting and animation

Partial “analysis” (validation)System level testing

Code generationVDM for source code

Formal refinement and formal verification

13IFAD

IFAD““Bootstrapping” Bootstrapping” VDMToolsVDMTools®®

What is IFAD? VDMTools overview Staff overview Development environment The “Bootstrapping” process Perspectives

14IFAD

IFADStaff OverviewStaff Overview

PGL

PBLMA

ETN

HCHVNKJNJSALTOJWTOSJKPKSPM

91 92 93 94 95 96 97 98 99 00

NPMV KdB CA BF BA

SN JKP

VS JKP

WS

JSF

15IFAD

IFAD““Bootstrapping” Bootstrapping” VDMToolsVDMTools®®

What is IFAD? VDMTools overview Staff overview Development environment The “Bootstrapping” process Perspectives

16IFAD

IFADDevelopment Development EnvironmentEnvironment

GNU C++/Visual C++ Generic VDM C++ library GUI: Previously:Tcl/Tk, Now: Qt flex and bison CVS/Ediff version control OSs: Windows, Linux, Unix Test environments Development procedures

17IFAD

IFAD““Bootstrapping” Bootstrapping” VDMToolsVDMTools®®

What is IFAD? VDMTools overview Staff overview Development environment The “Bootstrapping” process Perspectives

18IFAD

IFAD

VDM++VDM++VDM++VDM++

VDM++VDM++VDM++VDM++

The “Bootstrapping” The “Bootstrapping” ProcessProcess

VDM-SL

DS spec

VDM-SL

DS impl

VDM-SL

SS spec

VDM-SL

SS impl

VDM-SL

SM spec

VDM-SL

SM impl

VDM-SL

PM spec

VDM-SL

PM impl

VDM-SL

CG spec

VDM-SL

CG impl

Implicit time line

19IFAD

IFADSpecification SizesSpecification Sizes

Component Number of VDM linesAbstract Syntax etc 3020Static Semantics 17686Interpreter 25068Code generators 31524Specification Manager 3693Dependency 792Rose-VDM++ Link 1512Proof Support 28355In total 111650

20IFAD

IFADComponent CategoriesComponent Categories

Purely hand-coded VDM + hand coding VDM + code generation

21IFAD

IFADPurely Hand-coded Purely Hand-coded ComponentsComponents

Scanner/parser (lex/yacc) pretty-printer (simple C++ component) GUI (previously: Tcl/Tk, now: Qt) Interface to third party tools

Rational Rose Corba for API ML for HOL

Generic VDM C++ library

22IFAD

IFADVDM + Hand CodingVDM + Hand Coding

Dynamic semantics (SL and ++) Static semantics (SL and ++) Java/C++ Code generators (SL and ++) Test environments for each component Reused at implementation level Java/C++ code generators now

themselves partially code generated

23IFAD

IFADMaintenance ApproachMaintenance Approach

Bugs first reproduced at specification level

Tested using the VDM debugger Check that all tests are satisfactory Implement changes of specification Rerun all tests at implementation level

24IFAD

IFADVDM + code VDM + code generationgeneration

Animator for SA/RT Specification Manager (SL and ++) VDM++ to/from UML translation Proof support (SL) VDM model becomes source Trade-off with abstraction

25IFAD

IFADAbstraction in modelsAbstraction in models

Initial abstract syntax

Abstract syntax for code generator

Final abstract syntax

BinaryExpr:: left : Expr opr : BinaryOp right : Expr

BinaryExpr:: left : Expr opr : BinaryOp right : Expr ti : [TypeRep]

BinaryExpr:: left : Expr opr : BinaryOp right : Expr extra : Key

26IFAD

IFAD““Bootstrapping” Bootstrapping” VDMToolsVDMTools®®

What is IFAD? VDMTools overview Staff overview Development environment The “Bootstrapping” process Perspectives

27IFAD

IFADFuture IdeasFuture Ideas

Expect higher use of code generation Test case generation (ISPRAS, Russia) Data Cleaning (Sidereus, Portugal) Reverse Engineering Mission-critical web development More on proof support More academic collaboration More user-friendliness

28IFAD

IFADConcluding RemarksConcluding Remarks

Taking ones “own medicine” helps Use when worthwhile Use inside lifecycle Using VDM helps us master complexity It is FUN!