May 11, 2015
Copyright © Praxis High Integrity Systems Limited 2009 Slide 2
Lean Thinking Inside and Outside a Software Engineering Company
AdaCore Lean/Agile EventParisMarch 2009
Dave JacksonTechnical Delivery Manager
Praxis High Integrity Systems Limited
Copyright © Praxis High Integrity Systems Limited 2009 Slide 3
Desired Value
• To inform you of the background to Praxis’ work with Lean principles
• To give examples of how we’ve adopted Lean– In our internal business
processes– In our delivery to clients
• To identify some implications and opportunities
Copyright © Praxis High Integrity Systems Limited 2009 Slide 4
Praxis – Basic Facts• Established in 1983• First software company to BS5750 (now ISO 9001)• Turnover $24M• Permanent staff c. 150• Locations
– UK: Bath, London, Loughborough– International Expansion: Paris, …
• Markets– Strategic: Defence, Aerospace, ATM, Rail, Nuclear– Tactical: Automotive, Medical, Finance
• Part of the Altran Group– Since 1997– Turnover $2.5Bn– Staff of 17,000– Global: Europe, USA, Asia, South America
Copyright © Praxis High Integrity Systems Limited 2009 Slide 5
Desired Value
• To inform you of the background to Praxis’ work with Lean principles
• To give examples of how we’ve adopted Lean– In our internal business
processes– In our delivery to clients
• To identify some implications and opportunities
Copyright © Praxis High Integrity Systems Limited 2009 Slide 6
Praxis Approach to Software – Correctness by ConstructionC-by-C has the same guiding principles,
whatever the lifecycle phase:• Combine safety, security and operational
constraints in every step• Capture information completely and
precisely• Make small, well-defined, analysable steps• Document once, in the right place• Verify correctness before moving to next
step• Justify approach before moving to next step• Use the best tool for the job at each step• Use intelligence, not just “box-ticking
mentality”
Copyright © Praxis High Integrity Systems Limited 2009 Slide 7
Core Process & Example Techniques
Concept ofOperations
SoftwareSpec
HighLevel
Design
Code
Test Spec
SoftwareBuild
DetailedDesigns
ModuleSpec
Requirements
TestCases
TestScripts
• Requirements eg use of REVEAL (inspired by work of Professor Michael Jackson)
• High level design eg use of UML• Specifications (precise and complete black box
descriptions of behaviour) eg use of CSP, Z, etc.• Detailed design eg INFORMED (in-house Praxis proprietary
method)• Module Spec & Code eg SPARK
Copyright © Praxis High Integrity Systems Limited 2009 Slide 8
SPARK™• A language, toolset and design approach for the
development of ultra-reliable software.– A design and implementation technology for
high integrity software– Enables proof of correctness, and absence of
run-time errors (eg buffer overflows)– Enables deep static analysis, including
separation of safe/secure and unsafe/insecure state
• Example uses– All flight critical software on Eurofighter– Tornado, Harrier, Hawk, Hercules, Nimrod, A380– Mastercard SMART card, ALSTOM ERTMS
Copyright © Praxis High Integrity Systems Limited 2009 Slide 9
Example Project 1 – NATS iFACTS
• interim Future Area Control Tools Support (iFACTS)• Development of new air traffic control tools to increase
capacity in UK airspace– Trajectory prediction, Conflict detection, Flight
path monitoring• Specified and implemented by Praxis, as an addition to
existing NERC system• Joint Praxis / NATS team
– Part of wider NATS IPT– Includes training NATS staff
• SW01 (US’s ESARR 6) safety evidence provided using Praxis’ C-by-C methods Separation Monitor
Cancel Alert Lines LabelsGreenSeparation (NM)
0
5
10
15
Time to Interaction (mins)0 155 10
SAS123BAW43BE
DLH4695AMM1077
AZA292BAL547
BAW028ANZ001
UAL2SAA321
BAW225UAL3
Copyright © Praxis High Integrity Systems Limited 2009 Slide 10
Example Project 2 – SHOLIS
• Ship Helicopter Landing System
• First ever project delivered to Interim DEF STAN 00-55, SIL4
• Specified in Z• Written in SPARK• Formal proof of both
Z and SPARK very effective
• Demonstrated that proof is more cost effective than testing
• Demonstrated that system testing more cost effective than unit testing
• Developed for a fixed price
• 7 LOC per day• 0.22 defects per
KLOC
Copyright © Praxis High Integrity Systems Limited 2009 Slide 11
Desired Value
• To inform you of the background to Praxis’ work with Lean principles
• To give examples of how we’ve adopted Lean– In our internal business
processes– In our delivery to clients
• To identify some implications and opportunities
Copyright © Praxis High Integrity Systems Limited 2009 Slide 12
Principles of Lean Thinking
• Specify value: Value is defined by customer in terms of specific products & services
• Identify the value stream: Map out all end-to-end linked actions, processes, and functions necessary for transforming inputs to outputs to identify and eliminate waste
• Make value flow continuously: Having eliminated waste, make remaining value-creating steps “flow”
• Let customers pull value: Customer’s “pull” cascades all the way back to the lowest level supplier, enabling just-in-time production
• Pursue perfection: Pursue continuous process of improvement striving for perfection
After Murman
FOCUS
Copyright © Praxis High Integrity Systems Limited 2009 Slide 13
Principle 1 – Value
• Products and services defined by the customer
• Example– Independent V&V
project– Deliverables: Plan,
Process, Specifications
– Client need: Bug reports, Regression tests
• Tools– Stakeholder
analysis– Context modelling– Workshops
Does the value of a program lie in the
output, or the error messages?
http://farm3.static.flickr.com/2218/2180467051_0202df7e4f.jpg
Copyright © Praxis High Integrity Systems Limited 2009 Slide 14
Principle 2 – Waste
• Anything which does not contribute to value
• Many forms of waste– Delay– Rework– Nugatory work– Overstretch
• Tools– Product
breakdown structure
– Right-to-left planning
– Correctness by Construction
Example:Re-planning a major railway upgrade programme to identify essential dependencies identified a 30% saving
Copyright © Praxis High Integrity Systems Limited 2009 Slide 15
Principle 3 – Flow
• Processes linked by sequential dependencies progress at the rate of the slowest
• Example: Waterfall software lifecycle (Requirements, Architecture, HLD, LLD, Code, Test)
• Tools: R-to-L planning, Spiral / Parallel lifecycles, Takt time, Theory of Constraints
Kanban - a token carrying the information
necessary to produce a desired item
Copyright © Praxis High Integrity Systems Limited 2009 Slide 16
Desired Value
• To inform you of the background to Praxis’ work with Lean principles
• To give examples of how we’ve adopted Lean– In our internal business
processes– In our delivery to clients
• To identify some implications and opportunities
Copyright © Praxis High Integrity Systems Limited 2009 Slide 17
Lean Inside the Company
• Praxis sees lean principles as a key part of its own business processes
• Process improvement approach suggested by the principles:– Identify value– Seek & eliminate waste– Maximise forward flow of value– Pull through self-explanatory tokens
• Examples:– Recruitment– Project initiation– Also used in staff performance review,
…
Copyright © Praxis High Integrity Systems Limited 2009 Slide 18
Lean Recruitment
• Problem environment– Recruitment was taking too long– Senior staff were spending lots of
time reviewing CVs and interviewing• Analysis
– Value: a suitable employee starts work at the right time on a package which motivates them
– Waste: inappropriate interviews, offers declined, renegotiation of package, delays
Copyright © Praxis High Integrity Systems Limited 2009 Slide 19
Lean Recruitment
• Vacancy token drives advertising and selection– Interview dates
specified in advertising
– Management approval of package
• Candidate token drives recruitment of an individual– Carries all personal
details– Provides guidance
on each action (review, interview, offer)
• Outcome– Able to increase
permanent and contract staff by around 50% in 12 months
– CV review effort down by a significant factor
Copyright © Praxis High Integrity Systems Limited 2009 Slide 20
Lean Project Start-up
• Problem environment– Opportunities developed by
business managers and bid teams•Focussed on winning work
– Projects delivered by operational organisation•Focussed on successful delivery
• Project initiation perceived as taking unnecessary time / effort
Copyright © Praxis High Integrity Systems Limited 2009 Slide 21
Lean Project Start-up
• Action– Bid token tracks
opportunity from prospect to project
– Includes bid strategy, initial plans
– Automatically identifies necessary approvals (inc specialist review)
– Make plan and assumptions available to project team
• Outcome– Reduced change– Many project plans
now subsumed by simple project brief
Copyright © Praxis High Integrity Systems Limited 2009 Slide 22
Desired Value
• To inform you of the background to Praxis’ work with Lean principles
• To give examples of how we’ve adopted Lean– In our internal business
processes– In our delivery to clients
• To identify some implications and opportunities
Copyright © Praxis High Integrity Systems Limited 2009 Slide 23
Lean Outside
• Above examples are internal• As consultants we offer our
successful experiences to our clients
• Skills delivered through both– Adoption on fee-earning
projects– Skills transfer in consultancy
engagements
Copyright © Praxis High Integrity Systems Limited 2009 Slide 24
Lean Modification Process
• Problem Environment– Substantial software project
enters new delivery phase on completion of a milestone
– Outstanding modification backlog grows
• Analysis– Most changes are made
quickly– Small selection subject to very
long negotiation
Copyright © Praxis High Integrity Systems Limited 2009 Slide 25
Lean Modification Process
• Improve quality of modifications on entry into change process– Review checklist– Early rejection of
inappropriate or inadequately characterised change
• Action and result– Significant
reduction in modification backlog
Backlog
Time
Change
Copyright © Praxis High Integrity Systems Limited 2009 Slide 26
White Box Safety
• Context– Safety-critical
systems subject to rigorous assessment
– Prescriptive standards for documentation and evidence
– Large quantities of evidence
– Changes in environment may invalidate parts of argument / evidence
Safety standards are traditionally prescriptive,Not targeted at product
(only process),Wasteful
Copyright © Praxis High Integrity Systems Limited 2009 Slide 27
White Box Safety• Approach
– Value: Acceptable argument of fitness for purpose
– Evidence not directly required for this is waste
• Outcome– Smaller cheaper
and more compelling safety cases & products
– Change only requires rework where it matters for the safety of the product
Context-dependent safety arguments captured, eg, in Goal Structured
Notation (GSN)
Modern and emerging safety standards strongly supportive of this approach
Copyright © Praxis High Integrity Systems Limited 2009 Slide 28
Desired Value
• To inform you of the background to Praxis’ work with Lean principles
• To give examples of how we’ve adopted Lean– In our internal business
processes– In our delivery to clients
• To identify some implications and opportunities
Copyright © Praxis High Integrity Systems Limited 2009 Slide 29
Implications
• High integrity systems traditionally inflexible– Legacy standards– Heavyweight processes
• Lean has useful lessons– Concentrate process on where it
adds value– Reduce waste: lower cost, improved
timescales, profit.• And it helps your company run
smoothly too!
Copyright © Praxis High Integrity Systems Limited 2009 Slide 30
Opportunities
• There is a Lean route to good product
• And it can be cheaper than traditional means
• Focus on– Defect elimination (value)– Early defect removal (waste)– Minimise dependencies
between outputs– Capture evidence as it’s
needed, if it’s needed
Copyright © Praxis High Integrity Systems Limited 2009 Slide 31
Praxis High Integrity Systems Limited
20 Manvers StreetBath BA1 1PXUnited KingdomTelephone: +44 (0) 1225 466991Facsimile: +44 (0) 1225 469006Website: www.praxis-his.com
Email: [email protected]: +44 (0) 7920 151391