Lean Thinking Inside and Outside a Software Engineering Company (Dave Jackson)

Copyright © Praxis High Integrity Systems Limited 2009 Slide 2

Lean Thinking Inside and Outside a Software Engineering Company

AdaCore Lean/Agile EventParisMarch 2009

Dave JacksonTechnical Delivery Manager

Praxis High Integrity Systems Limited


Desired Value

• To inform you of the background to Praxis’ work with Lean principles

• To give examples of how we’ve adopted Lean– In our internal business

processes– In our delivery to clients

• To identify some implications and opportunities


Praxis – Basic Facts• Established in 1983• First software company to BS5750 (now ISO 9001)• Turnover $24M• Permanent staff c. 150• Locations

– UK: Bath, London, Loughborough– International Expansion: Paris, …

• Markets– Strategic: Defence, Aerospace, ATM, Rail, Nuclear– Tactical: Automotive, Medical, Finance

• Part of the Altran Group– Since 1997– Turnover $2.5Bn– Staff of 17,000– Global: Europe, USA, Asia, South America


Desired Value






Praxis Approach to Software – Correctness by ConstructionC-by-C has the same guiding principles,

whatever the lifecycle phase:• Combine safety, security and operational

constraints in every step• Capture information completely and

precisely• Make small, well-defined, analysable steps• Document once, in the right place• Verify correctness before moving to next

step• Justify approach before moving to next step• Use the best tool for the job at each step• Use intelligence, not just “box-ticking

mentality”


Core Process & Example Techniques

Concept ofOperations

SoftwareSpec

HighLevel

Design

Code

Test Spec

SoftwareBuild

DetailedDesigns

ModuleSpec

Requirements

TestCases

TestScripts

• Requirements eg use of REVEAL (inspired by work of Professor Michael Jackson)

• High level design eg use of UML• Specifications (precise and complete black box

descriptions of behaviour) eg use of CSP, Z, etc.• Detailed design eg INFORMED (in-house Praxis proprietary

method)• Module Spec & Code eg SPARK


SPARK™• A language, toolset and design approach for the

development of ultra-reliable software.– A design and implementation technology for

high integrity software– Enables proof of correctness, and absence of

run-time errors (eg buffer overflows)– Enables deep static analysis, including

separation of safe/secure and unsafe/insecure state

• Example uses– All flight critical software on Eurofighter– Tornado, Harrier, Hawk, Hercules, Nimrod, A380– Mastercard SMART card, ALSTOM ERTMS


Example Project 1 – NATS iFACTS

• interim Future Area Control Tools Support (iFACTS)• Development of new air traffic control tools to increase

capacity in UK airspace– Trajectory prediction, Conflict detection, Flight

path monitoring• Specified and implemented by Praxis, as an addition to

existing NERC system• Joint Praxis / NATS team

– Part of wider NATS IPT– Includes training NATS staff

• SW01 (US’s ESARR 6) safety evidence provided using Praxis’ C-by-C methods Separation Monitor

Cancel Alert Lines LabelsGreenSeparation (NM)

0

5

10

15

Time to Interaction (mins)0 155 10

SAS123BAW43BE

DLH4695AMM1077

AZA292BAL547

BAW028ANZ001

UAL2SAA321

BAW225UAL3


Example Project 2 – SHOLIS

• Ship Helicopter Landing System

• First ever project delivered to Interim DEF STAN 00-55, SIL4

• Specified in Z• Written in SPARK• Formal proof of both

Z and SPARK very effective

• Demonstrated that proof is more cost effective than testing

• Demonstrated that system testing more cost effective than unit testing

• Developed for a fixed price

• 7 LOC per day• 0.22 defects per

KLOC


Desired Value






Principles of Lean Thinking

• Specify value: Value is defined by customer in terms of specific products & services

• Identify the value stream: Map out all end-to-end linked actions, processes, and functions necessary for transforming inputs to outputs to identify and eliminate waste

• Make value flow continuously: Having eliminated waste, make remaining value-creating steps “flow”

• Let customers pull value: Customer’s “pull” cascades all the way back to the lowest level supplier, enabling just-in-time production

• Pursue perfection: Pursue continuous process of improvement striving for perfection

After Murman

FOCUS


Principle 1 – Value

• Products and services defined by the customer

• Example– Independent V&V

project– Deliverables: Plan,

Process, Specifications

– Client need: Bug reports, Regression tests

• Tools– Stakeholder

analysis– Context modelling– Workshops

Does the value of a program lie in the

output, or the error messages?

http://farm3.static.flickr.com/2218/2180467051_0202df7e4f.jpg


Principle 2 – Waste

• Anything which does not contribute to value

• Many forms of waste– Delay– Rework– Nugatory work– Overstretch

• Tools– Product

breakdown structure

– Right-to-left planning

– Correctness by Construction

Example:Re-planning a major railway upgrade programme to identify essential dependencies identified a 30% saving


Principle 3 – Flow

• Processes linked by sequential dependencies progress at the rate of the slowest

• Example: Waterfall software lifecycle (Requirements, Architecture, HLD, LLD, Code, Test)

• Tools: R-to-L planning, Spiral / Parallel lifecycles, Takt time, Theory of Constraints

Kanban - a token carrying the information

necessary to produce a desired item


Desired Value






Lean Inside the Company

• Praxis sees lean principles as a key part of its own business processes

• Process improvement approach suggested by the principles:– Identify value– Seek & eliminate waste– Maximise forward flow of value– Pull through self-explanatory tokens

• Examples:– Recruitment– Project initiation– Also used in staff performance review,

…


Lean Recruitment

• Problem environment– Recruitment was taking too long– Senior staff were spending lots of

time reviewing CVs and interviewing• Analysis

– Value: a suitable employee starts work at the right time on a package which motivates them

– Waste: inappropriate interviews, offers declined, renegotiation of package, delays


Lean Recruitment

• Vacancy token drives advertising and selection– Interview dates

specified in advertising

– Management approval of package

• Candidate token drives recruitment of an individual– Carries all personal

details– Provides guidance

on each action (review, interview, offer)

• Outcome– Able to increase

permanent and contract staff by around 50% in 12 months

– CV review effort down by a significant factor


Lean Project Start-up

• Problem environment– Opportunities developed by

business managers and bid teams•Focussed on winning work

– Projects delivered by operational organisation•Focussed on successful delivery

• Project initiation perceived as taking unnecessary time / effort


Lean Project Start-up

• Action– Bid token tracks

opportunity from prospect to project

– Includes bid strategy, initial plans

– Automatically identifies necessary approvals (inc specialist review)

– Make plan and assumptions available to project team

• Outcome– Reduced change– Many project plans

now subsumed by simple project brief


Desired Value






Lean Outside

• Above examples are internal• As consultants we offer our

successful experiences to our clients

• Skills delivered through both– Adoption on fee-earning

projects– Skills transfer in consultancy

engagements


Lean Modification Process

• Problem Environment– Substantial software project

enters new delivery phase on completion of a milestone

– Outstanding modification backlog grows

• Analysis– Most changes are made

quickly– Small selection subject to very

long negotiation


Lean Modification Process

• Improve quality of modifications on entry into change process– Review checklist– Early rejection of

inappropriate or inadequately characterised change

• Action and result– Significant

reduction in modification backlog

Backlog

Time

Change


White Box Safety

• Context– Safety-critical

systems subject to rigorous assessment

– Prescriptive standards for documentation and evidence

– Large quantities of evidence

– Changes in environment may invalidate parts of argument / evidence

Safety standards are traditionally prescriptive,Not targeted at product

(only process),Wasteful


White Box Safety• Approach

– Value: Acceptable argument of fitness for purpose

– Evidence not directly required for this is waste

• Outcome– Smaller cheaper

and more compelling safety cases & products

– Change only requires rework where it matters for the safety of the product

Context-dependent safety arguments captured, eg, in Goal Structured

Notation (GSN)

Modern and emerging safety standards strongly supportive of this approach


Desired Value






Implications

• High integrity systems traditionally inflexible– Legacy standards– Heavyweight processes

• Lean has useful lessons– Concentrate process on where it

adds value– Reduce waste: lower cost, improved

timescales, profit.• And it helps your company run

smoothly too!


Opportunities

• There is a Lean route to good product

• And it can be cheaper than traditional means

• Focus on– Defect elimination (value)– Early defect removal (waste)– Minimise dependencies

between outputs– Capture evidence as it’s

needed, if it’s needed


Praxis High Integrity Systems Limited

20 Manvers StreetBath BA1 1PXUnited KingdomTelephone: +44 (0) 1225 466991Facsimile: +44 (0) 1225 469006Website: www.praxis-his.com

Email: [email protected]: +44 (0) 7920 151391

Lean Thinking Inside and Outside a Software Engineering Company (Dave Jackson)

Technology

Transcript of Lean Thinking Inside and Outside a Software Engineering Company (Dave Jackson)