• No results found

Thierry Lecomte.

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "Thierry Lecomte."

Copied!
41
0
0

Loading.... (view fulltext now)

Download now ( 41 Page )

Full text

(1)

Thierry Lecomte

(2)

A quick summary of the last 15 years

2

1994

2010

2000

1998

4.0

Bart

4.0 Clic’n’prove

COPPILOT PARIS, SAO PAULO

PEKIN ROISSY

(3)
(4)

4

4

1990 2000 2010 METEOR L14 Paris San Juan Airport Express Hong Kong Mexico Delhi Madrid KVB 6000 trains France L2 Budapest L9 Seoul SHUTTLE ROISSY AIRPORT Paris New York Canarsie Metro Lausanne Metro L10 Beijing L9 Barcelona L3 Paris L1 Paris L1 Algiers L2 L3 Sao Paulo L5 Milano Circle Line Singapore L1 L2 Malaga Toronto Instanbul Lyon NY Flushing

Some implementations (B)

(5)

5

(6)

6

Some (external) experimentations

Automotive:

Banking:

Space:

Microelectronics

Nuclear

Industry

Diagnosis (Peugeot)

Contactless keycard (Renault)

Reconciliation (Société Générale)

Ariane 5 flight software (EADS)

Smartcard (STMicroelectronics)

Control System Design (EDF)

(7)

7

Some (external) experimentations: REX

Automotive:

Banking:

Space:

Microelectronics

Nuclear

Industry

Diagnosis (Peugeot)

Contactless keycard (Renault)

Reconciliation (Société Générale)

Ariane 5 flight software (EADS)

Smartcard (STMicroelectronics)

Control System Design (EDF)

Pneumatic Press (CNAM)

Industrial

application

(8)

Some implementations (microelectronics)

8

1998 2000 2002 2004 2006 2008 2010 Microcircuit ST22L128 EAL5+ ST Microcircuits ST19WP ST19WL EAL5+ ST Secure microcontroler ST19WR08 ST19WR66 ST19NR66 EAL5+ ST Secure microcontrolers ATS90SC6404 ATS90SC12872 EAL5+ Atmel Secure microcontrolers ATS90SC6404A ATS90SC12872A EAL5+ Atmel Secure microcontroler ST19NA18 ST19NT66A EAL5+ ST Secure microcontrolers ATS90SC12872R ATS90SC12836R EAL5+ Atmel Secure microcontroler ST23YL80 ST23YL18 EAL5+ ST Secure microcontroler ST23YR80 SA23YR80 EAL5+ ST Secure microcontrolers AT90SC20818 AT90SC13612 AT90SC24036 EAL5+ Atmel
(9)

Some (internal) experimentations

Platform screen doors

Safety critical systems (SIL3/SIL4)

Opening and closing doors

Event-B system level specification

PLC code generated

(10)

Development cycle

10

Qualified for

SIL3/SIL4 systems

(11)

Some implementations

11

1998 2000 2002 2004 2006 2008 2010

Platform Screen Doors L13

Paris L13

Automatic Gap Filler Paris PSD L1 Paris Metro L3 Cairo 2011 ? PSD L2 L3 Sao Paulo

Platform Screen Doors Demonstrator

L13 Paris

(12)
(13)

13

R & D

Development of the Rodin platform supporting Event-B Automatic refinement, as developed by Siemens TS in Atelier B Deployment of Event-B in industry Development of the Rodin platform Event-B applied to Microelectronics Atelier B natively supporting Event-B First definition of Event-B First attempt to Apply Event-B to microelectronics Code generator specific to smartcard
(14)
(15)
(16)
(17)

Tooling

17

Automatic

Prover

Predicate

Prover

Automatic

Prover

Predicate

Prover

Convention B

(18)

Tooling

18

Automatic

Prover

Predicate

Prover

Brama

Animator

Automatic

Prover

Predicate

Prover

Brama

Animator

Rodin

(19)

Tooling

19

Automatic

Prover

Predicate

Prover

Brama

Animator

Bart

Automatic

Refiner

Automatic

Prover

Predicate

Prover

Brama

Animator

ANR Rimel

(20)

Tooling

20

Automatic

Prover

Predicate

Prover

Brama

Animator

Bart

Automatic

Refiner

Automatic

Prover

Predicate

Prover

Brama

Animator

ComenC

Code

Generator

RNTL BOM

(21)

Tooling

21

Automatic

Prover

Predicate

Prover

Brama

Animator

Bart

Automatic

Refiner

Automatic

Prover

Predicate

Prover

Brama

Animator

ComenC

Code

Generator

B

4

SYN

Code

Generator

Forcoment

(22)

Downloads

22

monthly downloads since January 2009

# downloads (samples)

Rodin 1.0:

608

Rodin 1.3:

449

Atelier B 4.0:

3 877

(23)

Specific Events: B Dissemination Days

Rodin Industry Day

Aix en Provence

Apr 2006

Rodin Industry day

Paris

Sep 2007

B Dissemination day

Salvador de Bahia

Aug 2008

Satellite event of SMBF conference

B Dissemination day

Sao Paulo

Aug 2008

First technical workshop organised by IPT new lab on Requirements

(24)

Specific Events: B Dissemination Days

RIAB

Eindhoven

Nov 2009

Satellite event of FM conference

B Dissemination Day

Tokyo

Mar 2010

Satellite event of GRACE symposium on advanced software engineering

24

An original book on SW development in B

(25)

Specific Events: B Dissemination Days

Satellite event of SBMF 2010

Day 1: DEPLOY speakers

Day 2: external papers (Cfp)

25

(26)
(27)

Courses

27

«

Applications industrielles de B

»

IRIT Toulouse – master 2

«

Spécification et conception sécurisées

»

ENSI Bourges – 3

ème

année option sécurité logicielle

«

Méthodes formelles

»

ENSMSE Gardanne – 3

ème

année

«

Développement de logiciels critiques

»

(28)

Courses

Specification in B and Event-B

Design and software development in B

Examples issued from/inspired by industrial

applications:

Smartcard security policy

Event-B specification

Railway Switch

B specification and design

Fuel level

B specification and design

Block

B specification

Virtual machine

B specification and design

Stack

B specification and design

(29)

Smartcard security policy

29

CPU

Protection

Memory

Mémoire

unit

Bus de données Bus d’adresses interruption Donnée disponible Security property MEMORY_TYPE(currentCell)=ROM_SECURE &

currentOperation = OP_READ &

currentMode = USER =>

currentResult = NOT_GRANTED

RAM read access control

executeRAM = SELECT

MEMORY_TYPE(currentCell) = RAM &

MEMORY_CONTENT(currentCell) = CODE & currentOperation = OP_EXECUTE

THEN

currentResult := GRANTED END

(30)

Fuel level

30

Services: compute_initial_level, estimate_remaining_fuel

safety property: « make the pilot aware of any fuel shortage »

Complete development: specification, design, implementation (including context machine), basic machine, code generation (ComenC) and execution

(31)

Fuel level

31

fuel0

fuel_i

ctx

ctx_i

utils

utils_i

measure

sees

sees

imports

VARIABLES estimated_level, estimated_consumption, status CONCRETE_VARIABLES estimated_level, estimated_consumption, status
(32)

Block

(33)

Block

(34)

Block

(35)

Block

35

Services: specify which blocks are occupied and which are free, according to (faulty) sensors

Simplification: no switch

Unmask_blocks:

This function unmasks some blocks (for TDL alarm). Blocks which do not become unmasked remain unchanged.

A block is unmasked when the block is free or when all of the following conditions are true: 1) The upward block has a free trackside detector or the upward block is free.

2) The downward block has a free trackside detector or the downward block is free.

(36)

Return of experience

Easier to teach B when code is generated

First exercice was guided, following almost unguided

Students admit that proof is valuable

When discovering errors, even if a.k.o. black box

… but are puzzled when a 100% model is faulty

Miracles, copy/paste specification and design

Model animation

Data or algorithmic refinement difficult to handle

(37)
(38)

Future directions

Dedicated modelling environments

PLC based system development

• Safety critical products

• Tool qualification

• Automatic refinement

• Code generation

• Test case generation

Microelectronics

• Smartcard domain

• Automatic refinement

• Code generation

(39)

Future directions (cnt’d)

Improvements

Provers (last major step in 1999)

• ProB fine-grain integration

• Distributed processing (cloud)

Code generation

• C (without safety critical constraints)

• VHDL, Ladder

Support for real numbers & floating point

Generic proof obligation generator

(40)

C

L E A R

S

Y

(41)

Tools

References

Download now ( PDF - 41 Page - 2.85 MB )

Related documents

Major British Bank performance over the Business cycle

It is clear from the fig (4) above that ROA follow a cyclical pattern which increases from 2004- 2005 which is an expansionary phase of the cycle and reach to the boom of

NATURAL GAS AND WATER RESOURCES CONSORTIUM PRINCIPAL MEMBER AGREEMENT. Terms and Conditions

Nothing contained in this Agreement shall prevent either a Non-Academic Member, University, or Foundation from entering into research projects with third parties which are similar

The influence of humic acid and water hardness on the partitioning of silver ions and nanoparticles between fresh water and freshwater algae

Ferguson, Matthew D., "The influence of humic acid and water hardness on the partitioning of silver ions and nanoparticles between fresh water and freshwater algae"

City of Crestview Hills, Kentucky. Comprehensive Annual Financial Report For year ending June 30, 2009

In our opinion, the financial statements referred to above present fairly, in all material re- spects, the financial position of the governmental activities, each major fund and

GETTING READY FOR COLLEGE: ADVISING HIGH SCHOOL STUDENTS WITH LEARNING DISABILITIES

Successful college students with learning disabilities, college advisors, as well as campus Disability Support Services staff agree that developing knowledge about one's self the

An Inter-Comparison of Techniques for Determining Velocities of Maritime Arctic Glaciers, Svalbard, Using Radarsat-2 Wide Fine Mode Data

The RS-2 WF mode combines the advantages of the large spatial coverage of the Wide mode (150 x 150 km) and the high pixel resolution (9m) of the Fine mode and thus has a

A matter of focus: power-holders feel more responsible after adopting a cognitive other-focus, rather than a self-focus

In three experiments, adopting a cognitive focus on another person (vs. on the self or taking over another person’s perspective) promoted perceived responsibility among

COMPARISON OF ANSI/IEEE AND IEC REQUIREMENTS FOR LOW- VOLTAGE SWITCHGEAR

The voltage rating as defined by ANSI “is the highest rms voltage for which the equipment is designed, and is the upper limit for operation”. This rating as defined by ANSI