1ARO PI Meeting May 2002 I am not Jeannette M. Wing

The Question

• How can we integrate our methods and tools into software development processes seamlessly?– we have to have a good understanding of what

industrial people (those building safety & mission critical software) want and need

2ARO PI Meeting May 2002 I am not Jeannette M. Wing

Our group

• Carl Gunter• Jaime Lee• Kang Shin• James Widmaier• Bruce Krogh• Matt Dwyer

3ARO PI Meeting May 2002 I am not Jeannette M. Wing

Vision For The (near) Future

• Industry/govt perspective– Build on existing methods (cleanroom, specware)

1. Requirement Document + Operational Profiles2. Formalize Requirements (identify state variables)3. State transition diagrams4. Automate code generation5. Testing driven from operational profiles

– Missing tool support for several transitions (1->2, 2->3)

• Observations– “process metrics” lead to confidence in product (mismatch from “product-based” methods we’ve

discussed)– “reliability” in terms of numbers of 9s (Is reliability sensible? Should it be a question of

existence of stimuli in the profile that lead to failure?)

4ARO PI Meeting May 2002 I am not Jeannette M. Wing

Standard and Certification

• Standardization of development processes– want a standard way of building HCES software– From requirements to code (and back)– Can we build on existing standards

• General standards ISO 12207 • Layers of domains specific standards

– Security common criteria, …

• Certification– regulatory standards (e.g., FAA)– procurement standards (e.g., NSA, FDA)

• specify metrics about process & product metrics• need technologies to provide those metrics

5ARO PI Meeting May 2002 I am not Jeannette M. Wing

Technology Assessment

• Lots of popular processes– XP (in embedded systems?)– RUP, UML-based methods– These are not focused on high-confidence as the goal

• They have some useful ideas– Higher-level descriptions (but weak semantics – UML)– Early feedback (co-develop tests/code – XP)

• Some methods seem effective– Cleanroom, specware– Designed for production of reliable software– Anecdotal evidence that they can support

development of high-confidence system

6ARO PI Meeting May 2002 I am not Jeannette M. Wing

Required Technologies (for embedded systems?)• Requirements are the key

– Need support for eliciting requirements• Did I account for all the corner cases?• Closing the “detail gaps” in requirements• Automated guidance in the form of a “wizard” (domain specific)

– Need support for formalizing requirements• Identification of state variables• (semi) automated methods for developing state diagrams

• Test generation tools– From formal specifications

• Code generation from models– Some support exists– Is it sufficiently general?– Correctness of code is more important than speed

• As long as you can meet your deadlines, extra performance is irrelevant

• Proof generating translators (to verify translation)• Scalability and usability of existing formal tools is in question?

– Can they be applied to realistic systems?– Can they be used by practitioners?

7ARO PI Meeting May 2002 I am not Jeannette M. Wing

Integrating Technologies (within HCES teams)

• Common conceptual framework/process– To plug ideas/technologies into– To get see a path through technologies from reqts to

code• Map those paths onto the “vision”

• Technological integration– Standardization of languages/APIs– Make tools available to other team members– Targeted interactions

• e.g., HERMES -> Bandera for mixed design/code checking

• e.g., pub/sub research from CMU and K-state

8ARO PI Meeting May 2002 I am not Jeannette M. Wing

Technology Transfer

• Initiated by the academia– Students as carriers of technologies internships/employees– Requires that students are trained in appropriate methods and

technologies– Publication

• Initiated by industry– Driven by needs of emerging projects

• Small demonstration projects– From industry/govt. research organization to development groups– Prototype a real system, if succesful move to have it required on

upcoming contracts• Robustness of tool support

– Tools need to be scalable, documented, …– Insufficient resources in academia, not the focus– Many organizations want a company “on the hook”

• Challenge problems from industry– Can be lots of work to document reqts for external people– Need to get in at the beginning of a project

• Long time scale for effective transfer– 15-20 year time scale from idea formation to fielded technology

• Can we view follow on applied research be viewed as tech transfer?

9ARO PI Meeting May 2002 I am not Jeannette M. Wing

Ways to Sell To Program

• Current research is helping current DOD projects (e.g., F18, CARA, secure kernel, …)– Having impact on specific artifacts, stages of development– [more specifics here]

• Prospects for greater impact by better coverage of– Development artifacts– Steps in development process

• Because we don’t have a complete solution– Missing important tools that will enable more dependable

solutions (e.g., requirements -> state var/diagrams)• Spin-off technology to private sector

– Create COTS technology that can be taken up by DOD more cheaply

• University Research Initiatives – Research to lay the foundation for the future applied

research and applications– Training of researchers (“human resources development”)

10ARO PI Meeting May 2002 I am not Jeannette M. Wing

Misc

• What is ARO’s vision for embedded software?– Application domains– Commonality among programs/projects