Presentation is loading. Please wait.

Presentation is loading. Please wait.

Closing the Loop - Copyright © 2002 Praxis Critical Systems Limited  Peter Amey Praxis Critical Systems Closing the Loop: The Influence of Code Analysis.

Published byMartina Kelly Modified over 9 years ago

Similar presentations

Presentation on theme: "Closing the Loop - Copyright © 2002 Praxis Critical Systems Limited  Peter Amey Praxis Critical Systems Closing the Loop: The Influence of Code Analysis."— Presentation transcript:

1 Closing the Loop - Copyright © 2002 Praxis Critical Systems Limited  Peter Amey Praxis Critical Systems Closing the Loop: The Influence of Code Analysis on Design

2 Closing the Loop - Copyright © 2002 Praxis Critical Systems Limited  SPARK Goals Precise static analysis Early use of static analysis Facilitated by: –an exact language –removal of ambiguous and erroneous constructs –annotations

3 Closing the Loop - Copyright © 2002 Praxis Critical Systems Limited  Why Annotations? Annotations strengthen specifications –Ada separation of specifications/implementations too weak Allows analysis without access to implementations –which can be done early on during development –even before programs are complete or compilable Allows efficient detection of erroneous constructs

4 Closing the Loop - Copyright © 2002 Praxis Critical Systems Limited  An example procedure Inc (X : in out Integer); --# global in out Callcount; detection of function side-effect function AddOne (X : Integer) return Integer is XLocal : Integer := X; begin Inc (Xlocal); return XLocal; end AddOne; detection of aliasing Inc (CallCount);

5 Closing the Loop - Copyright © 2002 Praxis Critical Systems Limited  procedure Swap(X, Y : in out T) is begin Store.Put(X); X := Y; Y := Store.Get; end Swap;

6 Closing the Loop - Copyright © 2002 Praxis Critical Systems Limited  A Store Object package Store is procedure Put(X : in T); function Get return T; end Store;

7 Closing the Loop - Copyright © 2002 Praxis Critical Systems Limited  A Store Object package Store --# own State; is procedure Put(X : in T); --# global out State; function Get return T; --# global State; end Store;

8 Closing the Loop - Copyright © 2002 Praxis Critical Systems Limited  procedure Swap(X, Y : in out T) --# global out Store.State; is begin Store.Put(X); X := Y; Y := Store.Get; end Swap;

9 Closing the Loop - Copyright © 2002 Praxis Critical Systems Limited  An input interface package

10 Closing the Loop - Copyright © 2002 Praxis Critical Systems Limited  An input interface package

11 Closing the Loop - Copyright © 2002 Praxis Critical Systems Limited  A better solution

12 Closing the Loop - Copyright © 2002 Praxis Critical Systems Limited  Object Oriented Design Encapsulation Abstraction Loose coupling Cohesion Hierarchy

13 Closing the Loop - Copyright © 2002 Praxis Critical Systems Limited  Object Oriented Design Encapsulation Abstraction Loose coupling Cohesion Hierarchy SPARK can directly assist with achieving these design goals: e.g. Annotation size is a sensitive measure of coupling between objects.

14 Closing the Loop - Copyright © 2002 Praxis Critical Systems Limited  INFORMED Information flow oriented method for (object) design.

15 Closing the Loop - Copyright © 2002 Praxis Critical Systems Limited  Principles Application-oriented annotations Careful selection of the SPARK boundary Minimised information flow Separation of the essential from the inessential Early use of static analysis

16 Closing the Loop - Copyright © 2002 Praxis Critical Systems Limited  Design steps (simplified) Identification of system boundary, SPARK boundary and communication across them. Identification and location of system state. Handling initialization of state. Handling secondary considerations. Implementing object bodies.

17 Closing the Loop - Copyright © 2002 Praxis Critical Systems Limited  Design steps (simplified) Identification of system boundary, SPARK boundary and communication across them. Identification and location of system state. Handling initialization of state. Handling secondary considerations. Implementing object bodies.

18 Closing the Loop - Copyright © 2002 Praxis Critical Systems Limited  System and SPARK Boundaries Identification of the System Boundary –identify the boundary of the system for which INFORMED is being used to provide the software. –identify the physical inputs and outputs of the system. Identification of the SPARK boundary. –select a SPARK boundary within the overall system boundary –define boundary variables to give controlled interfaces across the SPARK boundary annotated in problem domain terms. –consider adding boundary abstraction layers.

19 Closing the Loop - Copyright © 2002 Praxis Critical Systems Limited  Parnas & Madey Model

20 Closing the Loop - Copyright © 2002 Praxis Critical Systems Limited  Design steps (simplified) Identification of system boundary, SPARK boundary and communication across them. Identification and location of system state. Handling initialization of state. Handling secondary considerations. Implementing object bodies.

21 Closing the Loop - Copyright © 2002 Praxis Critical Systems Limited  Identification and Localization of State What must be stored? Where should it be stored? –consider effect of choice on main program annotations How should it be stored? –variable package –instance of type package –concrete Ada variable

22 Closing the Loop - Copyright © 2002 Praxis Critical Systems Limited  Design steps (simplified) Identification of system boundary, SPARK boundary and communication across them. Identification and location of system state. Handling initialization of state. Handling secondary considerations. Implementing object bodies.

23 Closing the Loop - Copyright © 2002 Praxis Critical Systems Limited  State Initialization Initialized prior to program execution –implicitly by environment –explicitly in package elaboration or declarations Initialized during program execution –by executable statement

24 Closing the Loop - Copyright © 2002 Praxis Critical Systems Limited  Design steps (simplified) Identification of system boundary, SPARK boundary and communication across them. Identification and location of system state. Handling initialization of state. Handling secondary considerations. Implementing object bodies.

25 Closing the Loop - Copyright © 2002 Praxis Critical Systems Limited  Design steps (simplified) Identification of system boundary, SPARK boundary and communication across them. Identification and location of system state. Handling initialization of state. Handling secondary considerations. Implementing object bodies.

26 Closing the Loop - Copyright © 2002 Praxis Critical Systems Limited  Implementing Objects May identify sub-systems which can be tackled in INFORMED way Otherwise essentially top-down refinement; but: –defer implementation using hide directive –use Examiner regularly –use annotations as a guide to partitioning.

27 Closing the Loop - Copyright © 2002 Praxis Critical Systems Limited  INFORMED Components (ASM) (ADT)

28 Closing the Loop - Copyright © 2002 Praxis Critical Systems Limited  A Cycle Computer The cycle computer consists of a display/control unit to mount on the handlebars of a bicycle and a sensor that detects each complete revolution of the front wheel. The display unit shows the current instantaneous speed on a primary display and has a secondary display showing one of: total distance, distance since last reset, average speed and time since last reset. The display/control unit has two buttons: the first clears the time, average speed and trip values; and the second switches between the various secondary display modes. Unfortunately, but typically of many software projects, the hardware has already been designed: There is a clock that provides a regular tick (but not time of day) and the sensor, a reed relay operated by a magnet on the bicycle wheel, provides a pulse each time the wheel completes a revolution.

29 Closing the Loop - Copyright © 2002 Praxis Critical Systems Limited  Boundary Considerations Identification of system boundary, selection of SPARK boundary and definition of boundary variables.

30 Closing the Loop - Copyright © 2002 Praxis Critical Systems Limited  Implementation as Two SPARK Sub-systems

31 Closing the Loop - Copyright © 2002 Praxis Critical Systems Limited  Boundary Variables and Abstractions

32 Closing the Loop - Copyright © 2002 Praxis Critical Systems Limited  Boundary Variables and Abstractions

33 Closing the Loop - Copyright © 2002 Praxis Critical Systems Limited  Location of State Where and how to store: wheel size total numbers of pulses received averages of pulse intervals clock values for stopwatch function

34 Closing the Loop - Copyright © 2002 Praxis Critical Systems Limited  Location of State Where and how to store: wheel size total numbers of pulses received averages of pulse intervals clock values for stopwatch function

35 Closing the Loop - Copyright © 2002 Praxis Critical Systems Limited  Location of State Where and how to store: wheel size total numbers of pulses received averages of pulse intervals clock values for stopwatch function

36 Closing the Loop - Copyright © 2002 Praxis Critical Systems Limited  Location of State (1)

37 Closing the Loop - Copyright © 2002 Praxis Critical Systems Limited  Location of State (1)

38 Closing the Loop - Copyright © 2002 Praxis Critical Systems Limited  Location of State Where and how to store: wheel size total numbers of pulses received averages of pulse intervals clock values for stopwatch function

39 Closing the Loop - Copyright © 2002 Praxis Critical Systems Limited  Location of State (2)

40 Closing the Loop - Copyright © 2002 Praxis Critical Systems Limited  Location of State (2)

41 Closing the Loop - Copyright © 2002 Praxis Critical Systems Limited  Complete Design

42 Closing the Loop - Copyright © 2002 Praxis Critical Systems Limited  Complete Design --# global --# in Clock.State, --# Pulse_Queue.State, --# Buttons.State, --# Wheel.Size; --# out Display.State; --# derives --# Display.State --# from --# Clock.State, --# Pulse_Queue.State, --# Button.State, --# Wheel.Size;

43 Closing the Loop - Copyright © 2002 Praxis Critical Systems Limited  Design with unnecessary state --# global --# in Clock.State, --# Pulse_Queue.State, --# Buttons.State, --# Wheel.Size; --# out Display.State; --# in out Pulse_Handler.State; --# derives --# Display.State --# from --# Clock.State, --# Pulse_Queue.State, --# Pulse_Handler.State, --# Button.State, --# Wheel.Size & --# Pulse_Handler.State --# from --# Pulse_Handler.State, --# Pulse_Queue.State, --# Buttons.State;

44 Closing the Loop - Copyright © 2002 Praxis Critical Systems Limited  Conclusions Static analysis is not just a V&V activity: –early error detection saves money –analysis provides powerful design quality indicators Loose coupling is achieved by minimising information flow –SPARK annotations provide a sensitive measure of information flow Designs can be “re-factored” based on early analysis results Good design provides an on-going pay off throughout the entire life of a system

45 Closing the Loop - Copyright © 2002 Praxis Critical Systems Limited  Resources www.sparkada.com sparkinfo@praxis-cs.co.uk Addison Wesley Longman, ISBN : 0-201-17517-7.

Download ppt "Closing the Loop - Copyright © 2002 Praxis Critical Systems Limited  Peter Amey Praxis Critical Systems Closing the Loop: The Influence of Code Analysis."

Similar presentations

Ch:8 Design Concepts S.W Design should have following quality attribute: Functionality Usability Reliability Performance Supportability (extensibility,

Ch:8 Design Concepts S.W Design should have following quality attribute: Functionality Usability Reliability Performance Supportability (extensibility,
Copyright © 1998 by Addison Wesley Longman, Inc. 1 Chapter One Preliminaries, including –Why study PL concepts? –Programming domains –PL evaluation criteria.

Copyright © 1998 by Addison Wesley Longman, Inc. 1 Chapter One Preliminaries, including –Why study PL concepts? –Programming domains –PL evaluation criteria.
SIGAda 2001 - Copyright © 2001 Praxis Critical Systems Limited  Peter Amey Praxis Critical Systems A Language for Systems not Just Software.

SIGAda Copyright © 2001 Praxis Critical Systems Limited  Peter Amey Praxis Critical Systems A Language for Systems not Just Software.
Design The goal is to design a modular solution, using the techniques of: Decomposition Abstraction Encapsulation In Object Oriented Programming this is.

Design The goal is to design a modular solution, using the techniques of: Decomposition Abstraction Encapsulation In Object Oriented Programming this is.
Chapter 1 Software Development. Copyright © 2005 Pearson Addison-Wesley. All rights reserved. 1-2 Chapter Objectives Discuss the goals of software development.

Chapter 1 Software Development. Copyright © 2005 Pearson Addison-Wesley. All rights reserved. 1-2 Chapter Objectives Discuss the goals of software development.
1 Objectives To introduces the concept of software Design. To introduce the concept of Object- Oriented Design (OOD). To Define various aspects about object.

1 Objectives To introduces the concept of software Design. To introduce the concept of Object- Oriented Design (OOD). To Define various aspects about object.
Establishing the overall structure of a software system

Establishing the overall structure of a software system
Chapter 1 Principles of Programming and Software Engineering.

Chapter 1 Principles of Programming and Software Engineering.
Chapter 10 Class and Method Design

Chapter 10 Class and Method Design
Objectives Explain the purpose and objectives of object- oriented design Develop design class diagrams Develop interaction diagrams based on the principles.

Objectives Explain the purpose and objectives of object- oriented design Develop design class diagrams Develop interaction diagrams based on the principles.
1 ES 314 Advanced Programming Lec 2 Sept 3 Goals: Complete the discussion of problem Review of C++ Object-oriented design Arrays and pointers.

1 ES 314 Advanced Programming Lec 2 Sept 3 Goals: Complete the discussion of problem Review of C++ Object-oriented design Arrays and pointers.
© 2006 Pearson Addison-Wesley. All rights reserved2-1 Chapter 2 Principles of Programming & Software Engineering.

© 2006 Pearson Addison-Wesley. All rights reserved2-1 Chapter 2 Principles of Programming & Software Engineering.
Software Issues Derived from Dr. Fawcett’s Slides Phil Pratt-Szeliga Fall 2009.

Software Issues Derived from Dr. Fawcett’s Slides Phil Pratt-Szeliga Fall 2009.
Copyright © 1998 by Addison Wesley Longman, Inc. 1 Concepts of Programming Languages Chapter 1.

Copyright © 1998 by Addison Wesley Longman, Inc. 1 Concepts of Programming Languages Chapter 1.
Introduction to Software Design Chapter 1. Chapter 1: Introduction to Software Design2 Chapter Objectives To become familiar with the software challenge.

Introduction to Software Design Chapter 1. Chapter 1: Introduction to Software Design2 Chapter Objectives To become familiar with the software challenge.
CSC 8310 Programming Languages Meeting 2 September 2/3, 2014.

CSC 8310 Programming Languages Meeting 2 September 2/3, 2014.
Copyright © 2012 Pearson Education, Inc. Publishing as Prentice Hall 1.1.

Copyright © 2012 Pearson Education, Inc. Publishing as Prentice Hall 1.1.
These courseware materials are to be used in conjunction with Software Engineering: A Practitioner’s Approach, 6/e and are provided with permission by.

These courseware materials are to be used in conjunction with Software Engineering: A Practitioner’s Approach, 6/e and are provided with permission by.
DCT 1123 PROBLEM SOLVING & ALGORITHMS INTRODUCTION TO PROGRAMMING.

DCT 1123 PROBLEM SOLVING & ALGORITHMS INTRODUCTION TO PROGRAMMING.
The Design Discipline.

The Design Discipline.

Similar presentations

Ads by Google