6 Feb 08

Deploying Rodin

Michael Butler

Dependable Systems and Software Engineering

University of Southampton

6 Feb 08

Overview

• RODIN Project (€5M)– Event-B and Rodin philosophy– Tool platform and plug-ins – Rodin case studies and – Methodological results

• DEPLOY Project (€18M)– Project goals and partners– Deployment strategies and outcomes– Why was it funded?

6 Feb 08

EU 2004-2007

• Goal: methodology and open tool platform for development of dependable software systems.– Formal methods +

fault tolerance

Partners

rodin.cs.ncl.ac.uk

ClearSy

Nokia

Praxis-CS

ATEC

Newcastle

Åbo Akademi

Southampton

ETH Zürich

6 Feb 08

Rodin Philosophy

• System level modelling is essential for understanding and reasoning about complex systems (Event-B)

• Development requires formal modelling at multiple levels of abstraction forming refinement chains

• Importance of proof: helps to improve understanding and improve models

• Construction and proof of refinement chains requires strong incremental tool support

6 Feb 08

Key Tool Decisions (I)

• Support incremental development– Support strong interplay between modelling

and proof – model can be changed during a proof

– Reactive: analysis tools are automatically invoked in the background whenever a change is made

– Differential: analytical impact of changes is minimised as much as possible

6 Feb 08

Key Tool Decisions (II)

• The platform provides a repository of structured modelling elements– the only concrete language is set theory and

logic

• Extensibility support: – extend modelling elements– extend functionality through plugins

6 Feb 08

Rodin platform development team

– Jean-Raymond Abrial (ETH)– Laurent Voisin (Systerel)– Stefan Hallerstede (Southampton)– Farhad Mehta (ETH)– Thai Son Hoang (ETH)– Francois Terrier (ETH)

6 Feb 08

Rodin Open Tool Platform

• Extension of Eclipse IDE (Java based)• Repository of structured modelling

elements (Java objects and XML files)• Rodin Eclipse Builder manages:

– Well-formedness + type checker– Consistency/refinement PO generator– Proof manager– Propagation of changes

• Extension points

6 Feb 08

RODIN Plug-ins

• UML-B: linking UML and Event-B – Colin Snook (Southampton)

• ProB: consistency and refinement checking– Michael Leuschel + team (Düsseldorf)

• Brama: graphical model animation – Clearsy

• B2latex – Kriangsak Damchoom + Pasha Jam (Southampton)

6 Feb 08

Rodin case studies• failure management system for an engine

controller (ATEC)

• part of a platform for mobile Internet technology (NOKIA)

• engineering of communications protocols (NOKIA)

• air-traffic display system (Praxis)

• ambient campus application (Newcastle)

6 Feb 08

Methodological Results

• Methods for formal development of fault tolerance

• Layering of requirements and specifications

• Complex data types in layered refinement

• Mixing UML and formal notation

• Proof and invariant discovery guidelines

6 Feb 08

RODIN results summary

• Rodin tool platform

• Plug-ins

• Case studies

• Methodological results

6 Feb 08

Rodin Coordination Committee

• Ensure the coordinated evolution of the Rodin platform at a strategic level

• Ensure that the platform releases and platform website are properly managed

• Support users and plug-in developers– Tutorials– Library of developments– Plug-in developer support

• Provide stability for industrial users

6 Feb 08

DEPLOY Integrated Project

Industrial deployment of advanced system engineering methods for high

productivity and dependability

Strategic Objective ICT-2007.1.2: Service and Software Architectures,

Infrastructures and Engineering

www.deploy-project.eu

6 Feb 08

The industrial deployment will be in five sectors

• Bosch: automotive

• Siemens: rail transportation

• Space Systems Finland: space systems

• SAP: business information

• NOKIA: pervasive telecoms

Industrial deployment partners

6 Feb 08

Technology providers

• Newcastle University (Coordinator)• Aabo Akademi University• ETH Zurich• Heinrich-Heine Universität Düsseldorf• University of Southampton• Systerel (FR)• CETIC (BE)• ClearSy (FR)

6 Feb 08

• Understand and justify the role of formal

engineering methods in building dependable

software-intensive systems

• Address the barriers to deploying formal

engineering methods in industry

• Scale and professionalise Rodin technology

DEPLOY Challenges

6 Feb 08

• Training of the engineers involved in the deployment

•Identification of the specific projects

•Close integration of methods into company development processes

•Devoting significant resources to early development phases

•Define and collect of the metrics for evaluation of productivity and dependability

•Ensuring resilience and security by application of the appropriate development patterns

•Provision of expert support in deployment of advanced engineering technologies and in analysis of results

Strategies for deployment

6 Feb 08

Success factors• Have provided engineering solutions to specific problems

experienced by the industrial deployment partners. Problems include:– Difficulty of requirements validation– The impossibility of comprehensive system testing

because of rapidly growing complexity– Difficulty of maintaining quality and safety of systems

under evolution– Difficulties caused by trying to reuse and integrate

components of diverse origin

• Demonstrate successful deployment of the methods and tools in developing real industrial systems

6 Feb 08

Success factors• Achieve acceptance of the DEPLOY methods and tools

by the industrial deployment partners, both research and business units.

• Acceptance requires convincing evidence that the proposed development approach:– Solves real engineering problems– Is economically viable– Integrates with existing industrial engineering practice

(strategies for deployment)

Acceptance will mean that the competencies built up during the project by each industrial partner will be maintained and spread beyond DEPLOY

6 Feb 08

• WP1 Deployment in the automotive sector• WP2 Deployment in the transportation sector• WP3 Deployment in the space sector• WP4 Deployment in the business information sector• WP5 Deployment in the pervasive telecom sector

• WP6 Requirements validation and evolution• WP7 Productivity through reuse• WP8 Achieving and demonstrating dependability• WP9 Tooling research and development

• WP10 Technology transfer• WP11 Measurements• WP12 Consortium management• WP13 Assessment and quality control• WP14 Dissemination of the results• WP15 Exploitation of the results

Workpackages

6 Feb 08

DEPLOY outcomes

• Real deployment of formal engineering methods

• Each industrial partner will become self sufficient in the use of formal engineering methods

• Provide scientifically valuable artefacts and a thorough assessment of formal engineering methods

• research advances in complex systems engineering methods

• professional open development platform based on Rodin

6 Feb 08

Why was DEPLOY funded?

• Success of RODIN• Industrial partners recognise the need to

improve their design processes– Focus on early stage development / system level

modelling and analysis

• Balance of technology transfer and technology development driven by industry

• Clear, justified collaboration between industry and academia

• Key sectors and players