· ©2011 ten commandments of formal methods [j. p. bowen & m. g. hinchey: ten commandments of...
TRANSCRIPT
©2011
• 2007 3 2 au 3
– 64
• 2007 5 23 NTT
– 318 3
• 2007 5 27
– 130 4 4.5
• 2007 10 12 18 PASMO-Suica
– IC
• 2008 3 15 FG ATM
–
• 2008 7 22
– 5
©2011
• 2008 9 14 – 63 277 6 8 2 –
• 2009 3 9
– web
–
• 2009 5 18 2010 1 25 au
– MNP
– (2009) (2010)
• 2010 1 14
– 24 177
– • 2010 3 5 MDIS
– – – MDIS 6
©2011
• 2010 7 12 – ATM 26,000 1
–
• 2011 1 – 30 8
–
• 2011 3 – 3 ATM 440
–
• 2011 4 ATM
– 1
–
• 2011 4
– ATM 1000
– 7
©2011
ISO/IEC15408 (JIS X 5070)
• IEC:
International Electrotechnical Commission
•
–
–
•
•
• ISO/IEC15408 1999 6
• JIS X 5070 2000 79
©2011
EAL (Evaluation Assurance Level)
• EAL1:
• EAL2:
• EAL3:
• EAL4:
• EAL5:
• EAL6:
• EAL7: – EAL1 3
– EAL4
– EAL5 711
©2011
IEC61508 (JIS C 0508)
•
•
• IEC61508 2000
– Functional safety of electrical/electronic/
programmable electronic safety-related systems
• JIS C 0508 2000
–
12
©2011
SIL (Safety Integrity Level)
SIL
1
1 90% 10-6 10-5
2 99% 10-7 10-6
3 99.9% 10-8 10-7
4 99.99% 10-9 10-8
14
©2011
• – J. A. Hall:
Seven Myths of Formal Methods,
IEEE Software, Vol.7, No.5, pp.11-19, 1990.
– J.P. Bowen and M.G. Hinchey:
Seven More Myths of Formal Methods, IEEE Software, Vol.12, No.4, pp.34-41, 1995.
• – /
–
–
–
Formal Methods
18
©2011
• – Pre-Myths : [Araki, 1995]
• Formal Methods: – ?( )
• –
– e-Japan 2003
–
–
– ISO 26262
• – 19
©2011
• – (13.1%)
– (12.4%)
– (10.6%)
– (9.9%)
– (9.3%) – (8.7%)
– (8.1%)
– (7.5%)
• –
1 : 5 : 10 : 20 : 200
• 30 50% 21
©2011
vs. [ , 2011 5 ]
Req.
Analysis
Pre. Design Detailed
Design
Coding &
Unit Testing
Integration
& Test
System Test
9.8% 14.5% 15.8% 33.3% 15.1% 11.5%
[IPA/SEC: 2010 2011. pp.204 205 ]
23
[NIST: Planning Report 02-3, May 2002]
©2011
• 1960
• 1970
• / / – VDL(Vienna Description Language)
VDM(Vienna Development Method)
– Z Notation
– B Method
–
– etc.
•
25
©2011
• CICS: IBM Hursley Lab. & Oxford Univ.(Z)
• Rolls-Royce (VDM)
(SCR/Darlington Method)
• (B method)
& UNU/IIST (RAISE)
• NASA (theorem provers)
• A330/340 (Z)
• (Z) HP
• Tektronix (Z)
• Inmos (Z, CSP, ML)
FM8501, FM9001(Boyer-Moore) 30
©2011
CICS: Customer Information Control System
• IBM Hursley Lab. & Oxford Univ.
• 800,000 300,000
– 37000 Z
– 11000 Z ( )
• 2000
• 9%
31
©2011
• Correct by Construction –
–
–
• –
–
• – B Ada
– 14 (1998 )
– (2006 )
[Jean-Raymond Abrial: Formal Methods in Industry: Achievements, Problems, Future, Proc. ICSE 2006]
32
©2011
FeliCa IC [ FeliCa IC
, , Vol.49, No.5, pp.506-513, 2008 5 ]
•
– 2004 1
• VDM++ : 10
•
– 677
– 383
• C/C++ : 11
• 1 2 [2009.7]36
©2011
[Miller, et al., Commun. ACM, Vol.53, No.2, Feb. 2010]
• Rockwell Collins & Univ. Minnesota
•
• – MATLAB, Simulink, SCADE, ...
– NuSMV, SAL, PVS, ...
– C, Ada
• – 10**120
– 10**37; 563 , 98
– 10**13; 62 , 12 39
©2011
Ten Commandments of Formal Methods [J. P. Bowen & M. G. Hinchey: Ten Commandments of Formal
Methods, IEEE Computer, Vol.28, No.4, pp.56-63, 1995]
#1: Thou shalt choose an appropriate notation.
#2: Thou shalt formalize but not overformalize.
#3: Thou shalt estimate costs.
#4: Thou shalt have a formal methods guru on call.
#5: Thou shalt not abandon thy traditional
development methods.
#6: Thou shalt document sufficiently.
#7: Thou shalt not compromise thy quality standards.
#8: Thou shalt not be dogmatic.
#9: Thou shalt test, test, and test again.
#10: Thou shalt reuse. 46
©2011
[Bowen & Hinchey: Ten Commandments of Formal
Methods, IEEE Computer, Vol.12, No.4, pp.34-41, 1995] •
•
•
•
•
•
•
•
•
•47
©2011
• FM Wiki (Jonathan Bowen)
– http://formalmethods.wikia.com/wiki/
Formal_methods
– 100
• Formal Methods Europe
– Choosing a Formal Method
http://www.fmeurope.org/?page_id=264
–
53
©2011
• , , 2002 11
– http://dontaku.csce.kyushu-u.ac.jp/books/ProgramSpecification/
•
, , 2003 2
[John Fitzgerald and Peter Larsen: Modelling Systems : Practical Tools
and Techniques in Software Development, Cambridge University Press,
1998]
• VDM++
, , 2010 8
[John Fitzgerald, Peter Larsen, Peter Gorm Larsen, Paul Mukherjee and
Nico Plat : Modelling Systems : Validated Designs for Object-oriented
Systems, Springer-Verlag, 2004]
• VDM++ ,
, 2011 59
©2011
• B , , 2007
• SPIN , , 2008
• , , , SPIN, , 2008
•
, , 2008
• [
] 4 , , , 2009 11
•
, , , 2010 2
•
, , 2010 3 60
©2011
• J. A. Hall: Seven Myths of Formal Methods, IEEE Software, Vol.7, No.5, pp.11-19, 1990.
• J.P. Bowen and M.G. Hinchey: Seven More Myths of Formal Methods, IEEE Software, Vol.12, No.4, pp.34-41, 1995.
• J. P. Bowen & M. G. Hinchey: Ten Commandments of Formal Methods, IEEE Computer, Vol.28, No.4, pp.56-63, 1995.
• J. P. Bowen & M. G. Hinchey: Ten Commandments of Formal Methods ... Ten Years Later, IEEE Computer, Vol.39, No.1, pp.40-48, 2006.
• Keijiro Araki: Are Formal Methods Relevant? – How to Explode the Seven Myths in Japan -, Proc. APSEC ‘95, pp.514-515, 1995.
• Keijiro Araki and Han-Myung Chang: Formal Methods in Japan – Current State, Problems and Challenges -, Proc. VDM 2002, Third VDM Workshop, 2002.
61
©2011
• , , no.915, 2005 12 19
• , , no.933,
2006 8 28
• FeliCa
, , 2007 2 12, pp.133-152, 2007 2
• VDM+
+ VDMTools, , Vol.24, No.2,
pp.14-20, 2007 4 .
• 2007
, 2008
http://sec.ipa.go.jp/reports/20080904.html 63