Dependability of Software and Service
as a Key Issue to realize
Ubiquitous Networking Society
Yutaka Kasahara
Vice President
Software Business Promotion Unit, NEC
©Copyright NEC(2008) All rights reserved
1
Ubiquitous networking society
becomes close to reality
Ｐage 2
©Copyright NEC(2008) All rights reserved
Progress toward a Ubiquitous NW Society
Increase in network traffic
Expansion of
e-business markets
• Rapid penetration of Broadband
environment
• Rapid growth of data traffic to/from
mobile terminals
・Net trading
• Laws on electronic
documents
• Privacy protection
• Japanese SOX act
- Internet securities
- Net auctions
・Expansion of mobile commerce
Individuals
Companies
Society
New information
sources
Diversification of
communications
• Rapid growth of blog and SNS
users
・Use of rich contents
New integrated services
• Coordination of communication and
financial business
- Mobile wallets
• The fusion of communications and
broadcasts
Ｐage 3
Compliance
©Copyright NEC(2008) All rights reserved
•RFIDs
•GPS
•Digital home appliances
NEC’s activities toward Embedded solution domains
Provides embedded solutions with total power of Devices and Software in
domains such as Automobile, Cellular phone, Digital appliance.
Precision
Precision equipment
equipment
Automobile
Automobile
SIP
SIP
Application
IT & NW
fusional area Network
Middleware
Server
( Information system
integrated through
network )
OS
Total
power
Cellular phone
software platform
Infrastructures
for cellular phone
3G Infrastructure
Device & Software
fusional area
Chip, Embedded software
(In-vehicle, Home appliances)
Digital
Digital appliance
appliance
Device
ＬＳＩ
(Digital appliance, etc.)
*Felica: Trade Mark of SONY
Ｐage 4
©Copyright NEC(2008) All rights reserved
Computer board
Mobile
Mobile
Cellular phone
( with FeliCa, etc.)
Acceleration of New Collaboration
using Multi-functionality of embedded software
¾ New business models for collaboration among different
industries using ubiquitous terminals
¾ Provision of convenient services through collaboration
Retail stores
Train Stations
and Airports
(Cyber cash, Digital coupon)
Payment, ads
Electric ticket, Boarding pass
・更新情報・
・新着・ｸｰﾎﾟﾝ
・使えるｶｰﾄﾞ一覧・
ﾄﾞﾗｯｸﾞｽ
ﾄｱ
レンタル店A
コンビニ
スーパー
百貨店
・所有ｸｰﾎﾟﾝ一覧全てのｶｰﾄﾞを見る
・所有ｽﾀﾝﾌﾟｶｰﾄﾞ/回数券一覧
□設定情報
Online settlement
Rechargeable
using a credit card or
bank account debit
(Electric Money)
online shopping
Mobile Suica
(Mobile wallet)
*Suica: Trade Mark of JR EAST
Ｐage 5
©Copyright NEC(2008) All rights reserved
Examples of embedded software(Japan)
Embedded software size becomes larger and larger, especially in automobile,
cell phone and digital appliances.
Automobile
Cellular Phone
Digital appliances
Environment, safety
& comfort
Value added features &
user friendliness
Entertainment &
security
Software Size※１
Software Size※２
Software(DVD) Size※３
５～８ＭＬ
５～１０ＭＬ
１．８ＭＬ
５
X ｉｎ ５
５X
５ ｙｅａｒｓ
ｙｅａｒｓ
１ＭＬ
２０００
１ＭＬ
２００６
※１：ref. The Nikkei Business Daily 14/6/2005 ,etc
Ｐage 6
５
X ｉｎ
５X
ｉｎ ５
５ ｙｅａｒｓ
ｙｅａｒｓ
©Copyright NEC(2008) All rights reserved
２００１
２００６
※２：ＮＥＣ‘ｓ ｅｓｔｉｍａｔｉｏｎ
９
X ｉｎ
９X
ｉｎ ３
３ ｙｅａｒｓ
ｙｅａｒｓ
０．２ＭＬ
２００２
２００５Ｅ
※３：ref. Nikkei Electronics 10/11/2004
Embedded Software Market (Japan)
Embedded software market size is currently 35Ｂ US＄ and continuously
growing with CAGR 14%
(Ｂ US$)
（Include in-house & outsource development）
32.7
35.1
27.3
24.1
Ｃ
２００４
２００５
ref. Research and study by METI, Japan
Ｐage 7
©Copyright NEC(2008) All rights reserved
4％
１
Ｒ
ＡＧ
２００６
２００７
２００８
Fｉｓｃａｌ Ｙｅａｒ
Commoditization in product domains from a software viewpoint
Automobile and digital appliance domains, where embedded
software becomes huge, are in developing period in market
and technology
Product domains and Technical maturity
Cell phone
OA equipment
PC
Digital
appliance
Automobile
Products are value-added
by embedded software.
Robots for
consumer use
Early period
Developing period
Maturation period
Stabilized period
Source: Editing IPA-SEC material
Ｐage 8
©Copyright NEC(2008) All rights reserved
Broader use of embedded software causes the
increase of system troubles
Quality problems caused by software become marked, mainly
due to rapid increase of embedded software size and complexity
＜ Cases of embedded software failures (Japan)＞ ＜Ratio of defects after shipment＞
„Company A: Cell phone (May 2005)
Not displaying the incoming call history when pushing
termination key in succession. Unable to overwrite software
when users do a certain action during updating software.
„Company B: Automobile (Oct.2005)
Defect of engine ECU program stops the engine while
vehicle is moving (160 thousands cars)
Operations, Others
Maintenance 5.0%
3.7%
Product plan,
specification
Manufacturing
17.9%
12.7%
Hardware
16.9%
„Company C: HDD & DVD recorder (Jul.2006)
Display becomes blacked out while watching TV through the
tuner of the recorder.
Software
43.8%
„Company D: Automatic ticket gate (Oct.2007)
Automatic termination works when information of invalid IC
cards satisfies certain conditions. (Affects 2.6 million people)
Source: Nikkei Sangyo Newspaper 19 Nov. 2007
Nikkei computer 29 Oct. 2007, Web sites of some companies, etc.
Ｐage 9
©Copyright NEC(2008) All rights reserved
Study result of cause-specific defects in
embedded product domain by METI (IPA)
Source: IPA FY2007 Study report of embedded software industries
Importance of Embedded Software
and it’s dependability
¾ Everyone can access information network environment
anytime and anywhere by using handy terminals, cell phone,
and other appliances in the society
¾ Role of embedded software becomes more and more important
- Software on those terminals and equipments becomes large in
size and involves many highly-sophisticated functions.
- Software bugs may cause serious troubles and accidents.
- Usability is also an important issue to make it usable for
everyone and to avoid human errors
¾ To realize real ubiquitous networking society, dependability and
human-centricity are key issues for embedded software design
and development.
Ｐage 10
©Copyright NEC(2008) All rights reserved
Critical social infrastructures are
highly depending on ICT
Ｐage 11
©Copyright NEC(2008) All rights reserved
Further progress of Critical Infrastructure
► IT and network establish new social infrastructure.
► They will accelerate real-time distributions of money, commerce,
commodity and information across countries, institutions and companies.
Physical
distribution
bases
Branches
Suppliers
Production
Production
Banking
Banking
Logistics
Logistics
Local
Government
Units
Sales
Sales
Real-time distributions of money,
commerce, commodity and information
Government
Government
Consumers
Consumers
Medical
Medical
Clinics
Marketing,
Marketing,Sales
Sales
Accounting,
Accounting,Personnel
Personnelaffairs,
affairs,
General
affairs
General affairs
Ｐage 12
Support
Support
Companies
©Copyright NEC(2008) All rights reserved
Development
Development
Software on critical infrastructure requires
high level dependability
¾The importance of software is remarkably increasing in
constructing and operating critical infrastructures such as
utility systems, road/railroad system, telecommunication,
logistics, medical care and etc.
¾Total system quality and performance are highly depending on
those of software
¾In specific vertical domain such as aerospace, defense and
other areas affecting people’s lives, super high dependability
is required to the systems.
Ｐage 13
©Copyright NEC(2008) All rights reserved
¾Some serious system troubles caused by software bugs and
human operation error are reported. Those troubles influence
so many people’s everyday lives, and the amount of societal
loss sometimes become so large.
Dependability including human operator aspect and social
aspect is a key factor to design and develop secure and
reliable systems
Ｐage 14
©Copyright NEC(2008) All rights reserved
Changes in Software Businesses
based on changes in Technologies
Ｐage 15
©Copyright NEC(2008) All rights reserved
Solution Services provided through Cloud computing
Desktop Cloud
Hardware Cloud
user community
（＋marketplace）
vendor services
（SaaS Cloud ＋ α）
Services Cloud
Partner services
（Hardware Cloud ＋ α）
Solution Cloud
communication
Collaboration
Enterprise mashup
Enterprise mashup
Existing system
Cloud Computing
ＳＯＡ
Ｗｅｂ2.0
ＢＩ2.0
Gadget
Enterprise mashup
Digital cockpit
User
Partner
Enterprise IT
Access
Out of office
Ｐage 16
©Copyright NEC(2008) All rights reserved
Access
Office
Access
Home
From Outsourcing to SaaS
- Proportion of common use increases
- Number of tenants per a certain capacity of infrastructure
increases
Conventional
Outsourcing
system
Giant
Specific data companies
Big
Big companies
companies
ASP
PaaS
Small
Small and
and medium
medium
companies
companies
(several
(severalhundreds
hundredsof)
of)
Small
and
medium
Small and medium
companies
companies
Each company
use common
infrastructure
Common
usage increase
and functions
Common
parts
Own IT infrastructure by
itself.
SaaS
…
Small
Smalland
andmedium
medium
companies
companies
…
Data center
Operation
outsourcin
g
SaaS providers
and Paas
providers are
separated.
PaaS: Platform as a Service
Ｐage 17
©Copyright NEC(2008) All rights reserved
Dependability is also critical in creating services
・Services are realized and provided with combination of
service elements such as SOA and Mash-Up
-Dependability of each service elements and their interoperability are so critical to establish the dependability of
total services
-Service value is decided through the interaction between
service providers and receivers
•The following innovative technologies are so important
- Metrics for dependability of services including human
and social factors
- Technologies to build up services according to the
expected dependability
Ｐage 18
©Copyright NEC(2008) All rights reserved
How to design and develop
dependable software
- Formal method is a direction to solve the issue -
Ｐage 19
©Copyright NEC(2008) All rights reserved
Dependability, Formal methods
and CxC（Correctness by Construction）
Formal method is one of the core technologies to achieve dependability
Dependability
Safety
Reliability
Security
Availability
Integrity
Maintainability ・・・
・・・・・
Formal Methods
Requirement
Analysis
Architecture
Design
Primary technical factors
for ＣｘＣ
ＭＤＡ
Model Driven Architecture
Reengineering ・・・
ＣｘＣ related systemized technologies
Ｐage 20
©Copyright NEC(2008) All rights reserved
What is Formal methods ?
Collective term for techniques based on mathematics (logic,
set theory, algebra), which describe and verify system
and/or software rigorously and accurately.
Dependability
Formal methods
•Formal description
•Theorem proving
•Model checking
•Tools
Design methods
Mathematics
Domain knowledge
•No execution
•Target : model, program
•No test data
•Able to re-use design
Ｐage 21
©Copyright NEC(2008) All rights reserved
Complementary
Contrasting
characteristics
Testing
•Equivalence partitioning
•Boundary-value analysis
•Decision table
•Cause-result graph
•Need execution
•Target : program
•Depends on test data
•Back to previous phase by Defects
•Hard to re-use design
Research trend of Formal methods
‹ From proving to error-finding ; Light-weight Formal Methods
¾ Emerged from the evolution of model checking
¾ Find inherent errors in design descriptions and programs by
automatic verification
Change towards practical use
Pursue automation with
sacrifice of expressiveness
Supposing full application
in all development phases
→ Not practical
Pursue expressiveness with
sacrifice of automation
Research
Systematic detection of defects
Trend
(Auto check)→ High automation rate
Model checking, program checker,...
Clear design specification by
rigorous language (Formal specification)
Domain model, Design assets,
Standard documents, ...
Guarantee no errors with mathematical proofs (Formal verification)
Trade off between expressiveness and automation
Strong relationship
Ultimate dream
Systematic development with verifying correctness (Correctness by Construction)
Ｐage 22
©Copyright NEC(2008) All rights reserved
Source: Material of NEC
internal seminar by
Prof. Nakajima of NII
Source code Verification Tool for C: VARVEL
„ Statically detect typical run-time error for C from source code.
„ With bounded model checking, check variable values and paths exhaustively.
„ Currently in practical in-house use for commercial product software.
No test programs.
No test data.
List of results.
Trace for each error.
Trace working with
source code viewer.
Source
Sourcefiles
files
ininCC
VARVEL
VARVEL
Assumption
Assumption
Approximation
Approximation
Control flow
graph
Control flow
graph
Program
Program
analysis
analysis
Static analysis techniques
similarly used in compilers
Ｐage 23
©Copyright NEC(2008) All rights reserved
Model
Model Checking
Checking
Exhaustive
search
Post
Postprocessing
processing
Counter
examples
(Execution) Path
to result in error.
Checker example: Invalid pointer dereferencing
„ Point out lines where dereferencing through invalid pointer occurs.
z Check lines with “*<pointer>” expressions.
z valid pointer = address of variable && address derived from valid pointer
through pointer arithmetic
No errors
Errors detected
int
int array[]={1,2,3,4,5};
array[]={1,2,3,4,5};
int*
int* p=array;
p=array; //Set
//Set variable
variable address
address
p=p+4;
//Pointer
p=p+4;
//Pointer arithmetic
arithmetic
*p=4;
//OK
*p=4;
//OK
Pointer arithmetic
is handled.
Dynamic memory management
is handled.
Ｐage 24
©Copyright NEC(2008) All rights reserved
void
void setPointerNull(
setPointerNull( int**
int** pp
pp ){
){
*pp
*pp == NULL;
NULL;
}}
Inter-procedural analysis
void
void foo(){
foo(){
is supported.
int*
int* p;
p;
setPointerNull(
setPointerNull( &p
&p ););
*p
*p == 0;
0; //NG;
//NG; NULL
NULL pointer
pointer dereferencing
dereferencing
}}
int*
int* p=malloc(10);
p=malloc(10); //Dynamic
//Dynamic memory
memory
if(p)
if(p) free(p);
free(p);
*p=0;
*p=0; //NG;
//NG; Freed
Freed pointer
pointer dereferencing
dereferencing
Output GUI
„ Display verification results on Eclipse (Open source IDE).
z Selection of result list or trace changes editor and variable view.
z Highlight related trace-steps for specified variable on trace view.
Variable view
assignment
Trace view
referencing
Editor / Viewer (CDT)
Location corresponding to
selected result in result list, or
selected step in trace
selection of
step/variable
Result list view (shrunk now)
Ｐage 25
©Copyright NEC(2008) All rights reserved
VARVEL: it’s effectiveness and future direction
„ Application of model checking to source code is useful.
z
Effective as typical bug detection tool
9
z
Able to detect bugs which skipped through review and testing.
After model-checking, developers can concentrate on functional
review and testing. (No review / testing for careless mistakes)
„ Plan to promote assertion programming with VARVEL.
z
Enhance accuracy, performance and scalability of typical bug
detection.
z Detect violations of assertion (pre/post-conditions, invariant, etc.).
„ NEC group uses VARVEL in-house and achieves quality
improvement of software products. Application of model
checking to source code is now at practical level.
Next challenge will be using formal methods for design.
Ｐage 26
©Copyright NEC(2008) All rights reserved
Summary
¾To realize ubiquitous networking society, software and service
will become more and more important
¾The importance of dependability concept is described from
three viewpoints, i.e., embedded software, critical infrastructure,
and service creation and interoperability
¾Possibility of formal method was introduced as an example
to achieve dependable software development
Dependability of software and service including human and
social aspects is a key issues for software and service
innovation. More discussion and activities are required to
in this area.
Ｐage 27
©Copyright NEC(2008) All rights reserved