Skip to main content

Rigorous Approach to Industrial Software Engineering

Objective

The RAISE project aimed to create a formally based software development method together with a comprehensive support environment. RAISE is an enhancement of the VDM method, and maintains several intrinsic properties of this, such as model-based specification techniques and the "Invent and Verify" development strategy.
The development process, described by "project graphs", was to be mathematically modelled in terms of logical systems (institutions eg equational logic, temporal logic), their transformations, system descriptions in various logical systems, and transformations of descriptions. Operational models of the project graphs were to be related to the activities of project managers, software engineers, programmers and project librarians.
A wide-spectrum language supporting specification design was to be defined. Extensions of the model-based VDM method, particularly for the specification of concurrent systems, were to be considered, together with property-based methods and other model-based methods.
Tools supporting the RAISE methodology were to be built (first in prototype form, then in production quality form), several industrial applications undertaken, and training and educational material produced.
The project produced the following results. Firstly, a specification language. This is a wide spectrum language suitable for expressive high level abstract specifications as well as low level detailed designs. The specification language offers facilities for specifying sequential and parallel systems and for structuring specifications, and it supports applicative and imperative styles combined with axiomatic, implicit or explicit specification techniques. The specification language is equipped with a formal semantics enabling proofs of and reasoning about properties of specifications. Secondly, a development method. This is based on the notion of stepwise refinement in which software development proceeds in a number of increasingly concrete steps. The method is rigorous in the sense that it supports a completely formal development but it does not insist on formality. The level of formality appropriate to each particular development can be chosen. Thirdly a tool set supporting method and language. The heart of the tool set is a library for storing specifications and developments. Version control and configuration management is integrated with the library, as well as browsing tools for navigating and querying. Other tools are language and method specific: a type checking syntax directed editor for the specification language a pretty printing tool for it; translators from the specification language to various programming languages; and cross referencing tools and proof tools. The proof tools include a proof obligation generator, a simplifier to discharge proof obligations automatically, and a proof editor to assist in dealing with those left. Many tools were generated by the Cornell synthesiser generator (a tool that generates structure editors from attribute grammars). This in itself ensures a uniform interface of the tools, but careful planning of available functionality and online help led to the creation of an integrated tool set. The tools run on Unix workstations using the X Window system. Fourthly, technology transfer material which includes courses and seminars on all aspects of the project, with a target audience ranging from high level managers to development and maintenance engineers, and encompassing 1 to 2 hour overview seminars, educational courses of a few days, and week long training courses.
The RAISE project produced the following results:
-Specification Language. This is a wide-spectrum language suitable for expressive high-level abstract specifications as well as low-level detailed designs. The specification language offers facilities for specifying sequential and parallel systems and fo r structuring specifications, and it supports applicative and imperative styles combined with axiomatic, implicit or explicit specification techniques. The specification language is equipped with a formal semantics enabling proofs of and reasoning about properties of specifications.
-Development Method. This is based on the notion of stepwise refinement in which software development proceeds in a number of increasingly concrete steps. The method is rigorous in the sense that it supports a completely formal development - one in which each step in a development is proven correct with respect to the former step - but it does not insist on formality. The level of formality appropriate to each particular development can be chosen.
-Tool-Set Supporting Method and Language. The heart of the tool-set is a library for storing specifications and developments. Version control and configuration management is integrated with the library, as well as browsing tools for navigating and queryi ng.
Other tools are language and method specific: a type-checking syntax-directed editor for the specification language and a pretty-printing tool for it; translators from the specification language to various programming languages; and cross-referencing too ls and proof tools. The proof tools include a proof obligation generator, a simplifier to automatically discharge proof obligations, and a proof editor to assist in dealing with those left.
Many tools were generated by the Cornell Synthesiser Generator (a tool that generates structure editors from attribute grammars). This in itself ensures a uniform interface of the tools, but careful planning of available functionality and online help led to the creation of an integrated tool-set. The tools run on Unix workstations using the X Window system.
-Technology Transfer material. Includes courses and seminars on all aspects of RAISE, with a target audience ranging from high-level managers to development and maintenance engineers, and encompassing 1-2 hour overview seminars, educational courses of afew days, and week-long in-depth training courses.
-A book on RAISE is to be published.
Exploitation
The tool-set is being used by ICL and Asea Brown Boveri.
The emphasis of the entire RAISE project was on industrial usability. This has been ensured by undertaking, as a part of the project, realistic trials in industrial environments of the resulting product. One trial has been the formal specification of an X-ray telescope control system using RSL.
RAISE will enhance the possibility of large-scale use of VDM-based methods in industrial applications. Large-scale use of RSL is also intended to be realised within the ESPRIT project LACOS (number 5383).
The technology transfer process will be supported by the provision of educational material.

Coordinator

CRI-COMPUTER RESOURCES INTL. A/S
Address
Bregnerodvej 144
3460 Birkerod
Denmark

Participants (2)

BROWN BOVERI & CIE.
Denmark
Address
Ved Vesterport 6
1612 Koebenhavn
International Computers Ltd (ICL)
United Kingdom
Address
Six Hills House
SG1 1YB Stevenage