© Software Engineering Research Group, Heinz Nixdorf Institute, University of Paderborn HEINZ...

© S

oftw

are

Eng

inee

ring

Res

earc

h G

roup

, H

einz

Nix

dorf

Ins

titut

e, U

nive

rsity

of

Pad

erbo

rn

HEINZ NIXDORF INSTITUTEUniversity of PaderbornSoftware Engineering

Prof. Dr. Wilhelm Schäfer

Developing Safe Software for Robots

PG SafeBots III

Stefan Dziwok

Christian Heinzemann

Jörg Holtmann

Oliver Sudmann

© S

oftw

are

Eng

inee

ring

Res

earc

h G

roup

, H

einz

Nix

dorf

Ins

titut

e, U

nive

rsity

of

Pad

erbo

rn



Software Engineering Group

Our fields of research: Model-based software engineering

Safety analyses

Tool development

Numerous industrial cooperations,e.g. with


2

Projektgruppe Entwurfstechnik Mechatronik

August 17, 2011PG SafeBots III

© S

oftw

are

Eng

inee

ring

Res

earc

h G

roup

, H

einz

Nix

dorf

Ins

titut

e, U

nive

rsity

of

Pad

erbo

rn



Kneading Factory

Goal: knead dough automatically At present: carrier to transport the tubs

3August 17, 2011PG SafeBots III

Source: Kemper

Source: Kemper

Source: W

ikipediaP

ublished under GN

U F

ree D

ocumentation License V

1.2F

ir0002/Flagstaffotos

Dough

Tub

© S

oftw

are

Eng

inee

ring

Res

earc

h G

roup

, H

einz

Nix

dorf

Ins

titut

e, U

nive

rsity

of

Pad

erbo

rn



Kneading Factory

At present: carrier to transport the tubs

New idea: autonomously acting tubs Allows flexible design of the facility and faster processing


Source: Kemper

© S

oftw

are

Eng

inee

ring

Res

earc

h G

roup

, H

einz

Nix

dorf

Ins

titut

e, U

nive

rsity

of

Pad

erbo

rn



Specify the new Kneading Factory

Specification of old carrier system exists Informally and in our modeling language

MechatronicUML

Some requirements for the new tubs: Drive to a specific station Do not collide with other moving tubs Do not collide with the surroundings Agree upon further actions with other

tubs

BeBots represent the new autonomously acting tubs


Source: Kemper

© S

oftw

are

Eng

inee

ring

Res

earc

h G

roup

, H

einz

Nix

dorf

Ins

titut

e, U

nive

rsity

of

Pad

erbo

rn



BeBot Demonstrator

BeBots Scan environment by using sensors Interaction with environment with

different tools Wireless communication

Challenges: Autonomous system Coordinated actions required Possibly great number of BeBots

involved

Goal: specified software should finally run on the BeBots


© S

oftw

are

Eng

inee

ring

Res

earc

h G

roup

, H

einz

Nix

dorf

Ins

titut

e, U

nive

rsity

of

Pad

erbo

rn



Develop the new BeBot Software

Various MechatronicUML models of the BeBots already exist

Development environments for the BeBots exist

You can use the „Telewerkbank“ to test your software


Sou

rce:

HN

I

© S

oftw

are

Eng

inee

ring

Res

earc

h G

roup

, H

einz

Nix

dorf

Ins

titut

e, U

nive

rsity

of

Pad

erbo

rn



MechatronicUML Overview

Adaptation of the UML for mechatronic systems, i.e. systems containing parts of Electrical engineering Mechanical engineering Control engineering Software engineering

MechatronicUML provides techniques for Modeling Verification Code generation

Provides support for real-time constraints


© S

oftw

are

Eng

inee

ring

Res

earc

h G

roup

, H

einz

Nix

dorf

Ins

titut

e, U

nive

rsity

of

Pad

erbo

rn



Model-based Software Engineering

9August 17, 2011

Development ProcessSystem Model

Analysis

Counterexample

OK

Verfication

Textual RequirementsFormal Requirements

sd bypassObstacle

:Environment :BeBot

obstacleFront

turnRight

noObstacleLeft

turnLeft

...

sd bypassObstacle

:Environment :BeBot

obstacleFront

turnRight

noObstacleLeft

turnLeft

...

sd bypassObstacle

:Environment :BeBot

obstacleFront

turnRight

noObstacleLeft

turnLeft

...

PG SafeBots III

© S

oftw

are

Eng

inee

ring

Res

earc

h G

roup

, H

einz

Nix

dorf

Ins

titut

e, U

nive

rsity

of

Pad

erbo

rn



Scenario-based Requirements Engineering

Requirements Engineering (RE) Typically first stage of development process Elicitate, document, and validate requirements Errors in requirements lead to wrong systems!

Problems Often: informal, textual requirements in proseCannot be analyzed automatically

Scenario-based RE Scenarios specify interactions between

the system and its environment E.g., UML Sequence Diagrams


sd bypassObstacle

:Environment :BeBot

obstacleFront

turnRight

noObstacleLeft

turnLeft

...

© S

oftw

are

Eng

inee

ring

Res

earc

h G

roup

, H

einz

Nix

dorf

Ins

titut

e, U

nive

rsity

of

Pad

erbo

rn



Modal Sequence Diagrams (MSDs)

Extend UML Sequence Diagrams Distinction between possible and mandatory behavior Formal foundation Not just exemplary interactions


obstacleFront

noObstacleLeft

OturnRight

turnLeft

:Environment :BeBot

obstacleFront

turnRight

noObstacleLeft

turnLeft

...

msd bypassObstacle

© S

oftw

are

Eng

inee

ring

Res

earc

h G

roup

, H

einz

Nix

dorf

Ins

titut

e, U

nive

rsity

of

Pad

erbo

rn



Former PG ScenarioTools


© S

oftw

are

Eng

inee

ring

Res

earc

h G

roup

, H

einz

Nix

dorf

Ins

titut

e, U

nive

rsity

of

Pad

erbo

rn



Aim of SafeBots III

Enhancement of ScenarioTools simulation E.g., at present no timing supported

What happens if message turnRight is sent too late?


obstacleFront

OturnRight

:Environment :BeBot

obstacleFront

turnRight

noObstacleLeft

turnLeft

...

msd bypassObstacle

:Environment :BeBot

obstacleFront

noObstacleLeft

...

msd bypassObstacle

c = 0

turnRight

c ≤ 50

turnLeft

Extension of the scenario simulation by timing concept!

© S

oftw

are

Eng

inee

ring

Res

earc

h G

roup

, H

einz

Nix

dorf

Ins

titut

e, U

nive

rsity

of

Pad

erbo

rn



Formal Requirements – Your Part

TasksExtend the MSD simulation by

Timing concept Parameterized messages …

Optionally: Interpret results from formal synthesis Develop concept for refinement of MSD scenarios

Requirements:Learn MSDs and its timing extensionsUnderstand the present simulation of conventional MSDsStudy features of similar approaches


© S

oftw

are

Eng

inee

ring

Res

earc

h G

roup

, H

einz

Nix

dorf

Ins

titut

e, U

nive

rsity

of

Pad

erbo

rn




15August 17, 2011


Analysis

Counterexample

OK

Verfication


sd bypassObstacle

:Environment :BeBot

obstacleFront

turnRight

noObstacleLeft

turnLeft

...

sd bypassObstacle

:Environment :BeBot

obstacleFront

turnRight

noObstacleLeft

turnLeft

...

sd bypassObstacle

:Environment :BeBot

obstacleFront

turnRight

noObstacleLeft

turnLeft

...

PG SafeBots III

© S

oftw

are

Eng

inee

ring

Res

earc

h G

roup

, H

einz

Nix

dorf

Ins

titut

e, U

nive

rsity

of

Pad

erbo

rn



Communication in Mechatronic Systems

Modern mechatronic systems: Amount and complexity of communication between

components (& systems) are growing, e.g.• Cooperation between BeBots• Component-Interaction within a BeBot

MechatronicUML For component-based software development Separates communication behavior of a component from

its internal behavior• Complexity of the system is manageable.

Communication behavior is specified by reusable Real-Time Coordination Patterns


© S

oftw

are

Eng

inee

ring

Res

earc

h G

roup

, H

einz

Nix

dorf

Ins

titut

e, U

nive

rsity

of

Pad

erbo

rn



Example: Component Diagram including Real-Time Coordination Patterns


© S

oftw

are

Eng

inee

ring

Res

earc

h G

roup

, H

einz

Nix

dorf

Ins

titut

e, U

nive

rsity

of

Pad

erbo

rn



Real-Time Coordination Pattern PositionTransmission


© S

oftw

are

Eng

inee

ring

Res

earc

h G

roup

, H

einz

Nix

dorf

Ins

titut

e, U

nive

rsity

of

Pad

erbo

rn



Reusing Real-Time Coordination Patterns

Goal: reuse Real-Time Coordination Patterns as often as possible Saves time and money

Problem: finding appropriate patterns that fulfill the requirements

Simple Solution: store knowledge about patterns within a normal database (e.g., MySQL) But:

• How to verify your knowledge?• How to support synonyms?• How to retrieve patterns based on

formal requirements?


?

© S

oftw

are

Eng

inee

ring

Res

earc

h G

roup

, H

einz

Nix

dorf

Ins

titut

e, U

nive

rsity

of

Pad

erbo

rn



Store Knowledge of Patterns within the SemanticWeb

Better Solution: Store not just the knowledge,

but the meaning of the knowledge by using the SemanticWeb as knowledge base

• Verifies your knowledge• Infers new knowledge• Supports synonyms• Supports various formal

search queries


!

© S

oftw

are

Eng

inee

ring

Res

earc

h G

roup

, H

einz

Nix

dorf

Ins

titut

e, U

nive

rsity

of

Pad

erbo

rn



Reusing existing Protocols for Communication – Your Part

TasksDevelop concepts to store and search knowledge about Real-Time Coordination Patterns within the SemanticWebMake access to the pattern knowledge as easy as possible for the user

E.g., the tool should suggest patterns based on the given formal requirements.

Requirements:Learn MechatronicUML and especially Real-Time Coordination PatternsStudy specification and application of the SemanticWeb


© S

oftw

are

Eng

inee

ring

Res

earc

h G

roup

, H

einz

Nix

dorf

Ins

titut

e, U

nive

rsity

of

Pad

erbo

rn




22August 17, 2011


Analysis

Counterexample

OK

Verfication


sd bypassObstacle

:Environment :BeBot

obstacleFront

turnRight

noObstacleLeft

turnLeft

...

sd bypassObstacle

:Environment :BeBot

obstacleFront

turnRight

noObstacleLeft

turnLeft

...

sd bypassObstacle

:Environment :BeBot

obstacleFront

turnRight

noObstacleLeft

turnLeft

...

PG SafeBots III

© S

oftw

are

Eng

inee

ring

Res

earc

h G

roup

, H

einz

Nix

dorf

Ins

titut

e, U

nive

rsity

of

Pad

erbo

rn



Refine Coordination Pattern on Reuse

Pattern is independent of components No component specific details in a pattern Need to be added after application

=> Correctness of changes must be ensured


φ = no deadlock

|= φ

|= φ?

Refinement Refinement

sender receiver

PositionTransmission

b2:BeBot

receiver

b1:BeBot

sender

© S

oftw

are

Eng

inee

ring

Res

earc

h G

roup

, H

einz

Nix

dorf

Ins

titut

e, U

nive

rsity

of

Pad

erbo

rn



Developer Assistance

Refinement check returns counterexample for incorrect refinement

Assist developer by visualizing the counterexample Example for visualization:

UPPAAL


© S

oftw

are

Eng

inee

ring

Res

earc

h G

roup

, H

einz

Nix

dorf

Ins

titut

e, U

nive

rsity

of

Pad

erbo

rn



Synthesis

Combination of several coordination patterns in one component introduces dependencies

Internal component behavior must resolve them Goal:

Annotate the restrictions Synthesize the internal behavior


CollisionControl distributor

client

sender

receiver

ConflictData Transfer

© S

oftw

are

Eng

inee

ring

Res

earc

h G

roup

, H

einz

Nix

dorf

Ins

titut

e, U

nive

rsity

of

Pad

erbo

rn



Refinement and Synthesis – Your Part

TasksExtend refinement check procedure to 1:n communicationProvide visualization for counterexample analysisExtend existing synthesis approach

Requirements:Learn or know verification of graph transformation systemsLearn or know verification of timed automataStudy different refinement definitionsUnderstand synthesis of real-time behavior


© S

oftw

are

Eng

inee

ring

Res

earc

h G

roup

, H

einz

Nix

dorf

Ins

titut

e, U

nive

rsity

of

Pad

erbo

rn




27August 17, 2011


Analysis

Counterexample

OK

Verfication


sd bypassObstacle

:Environment :BeBot

obstacleFront

turnRight

noObstacleLeft

turnLeft

...

sd bypassObstacle

:Environment :BeBot

obstacleFront

turnRight

noObstacleLeft

turnLeft

...

sd bypassObstacle

:Environment :BeBot

obstacleFront

turnRight

noObstacleLeft

turnLeft

...

PG SafeBots III

© S

oftw

are

Eng

inee

ring

Res

earc

h G

roup

, H

einz

Nix

dorf

Ins

titut

e, U

nive

rsity

of

Pad

erbo

rn




28August 17, 2011


Analysis

Counterexample

OK

Verfication


sd bypassObstacle

:Environment :BeBot

obstacleFront

turnRight

noObstacleLeft

turnLeft

...

sd bypassObstacle

:Environment :BeBot

obstacleFront

turnRight

noObstacleLeft

turnLeft

...

sd bypassObstacle

:Environment :BeBot

obstacleFront

turnRight

noObstacleLeft

turnLeft

...

PG SafeBots III

derive initial component

model

derive requirements

for each communication

model coordination

pattern

determine component‘s

behavior

© S

oftw

are

Eng

inee

ring

Res

earc

h G

roup

, H

einz

Nix

dorf

Ins

titut

e, U

nive

rsity

of

Pad

erbo

rn



Process Support – Motivation



model

derive requirements


model coordination

pattern


behavior

derive rolesderive

message interfaces specify

connector properties

specify roles‘

behavior adapt roles‘

behavior to connector properties

specify connector properties

specify roles‘

behavior adapt roles‘

behavior to connector properties

set of message interfaces

set of roles

set of connectors Real-Time Statecharts

Real-Time Statecharts


model coordination pattern

set of structured components

Process steps depend on the system under development Process must be adapted to changes in the environment

Organizational goals (e.g., time-to-market) Available developers

© S

oftw

are

Eng

inee

ring

Res

earc

h G

roup

, H

einz

Nix

dorf

Ins

titut

e, U

nive

rsity

of

Pad

erbo

rn



Process Support – Motivation



model

derive requirements


model coordination

pattern


behavior

derive rolesderive

message interfaces


specify roles‘

behavior

set of message interfaces

set of roles set of connectors


model coordination pattern

set of structured components


Process steps depend on the system under development Process must be adapted to changes in the environment

Available developers Organizational goals (e.g., time-to-market)

Such a complex process is hard to manage manually!

© S

oftw

are

Eng

inee

ring

Res

earc

h G

roup

, H

einz

Nix

dorf

Ins

titut

e, U

nive

rsity

of

Pad

erbo

rn



Process Support – Goals

Guide the developer through the process Modeling the Process:

Easy modeling of processes Modeling of dependencies to the system model and organizational goals Enable adaptation of process during development


quality

max.

cost

min.

duration

min.

derive rolesderive

message interfaces


derive rolesspecify

connector properties

derive message interfaces

component model coordination pattern

message interface connector propertiesroles

© S

oftw

are

Eng

inee

ring

Res

earc

h G

roup

, H

einz

Nix

dorf

Ins

titut

e, U

nive

rsity

of

Pad

erbo

rn



Process Support – Your Part

TasksIntegrate an adaptive process engine into the IDE

Process Modeling: support for the process engineer to model the process in a declarative manner

Process Enactment: • Execute the specified process

• Propose steps to the developer depending on the current development situation (e.g. state of the system model)

Requirements:Understand the MechatronicUML processLearn about declarative process modeling Learn about process management


© S

oftw

are

Eng

inee

ring

Res

earc

h G

roup

, H

einz

Nix

dorf

Ins

titut

e, U

nive

rsity

of

Pad

erbo

rn



Registration Details

Register in the Paul system during the first registration period: August 22 - September 16

Register at the central examination office (Zentrales Prüfungssekretariat) during the first examination registration period Typically starting in the middle of October

You have to be registered in the Master degree programme by the end of October Please let us know if this is not possible, we will try to find a

solution with the examination office.


© S

oftw

are

Eng

inee

ring

Res

earc

h G

roup

, H

einz

Nix

dorf

Ins

titut

e, U

nive

rsity

of

Pad

erbo

rn



SafeBots III - Your Part

Work as a team Self-organized learning:

Learn to understand concepts you do not know yet Help each other

Work regularly, i.e. min 20 hours each week We recommend: visit the lecture „Model-driven Software

Development“ (Jun.-Prof. Steffen Becker)


© S

oftw

are

Eng

inee

ring

Res

earc

h G

roup

, H

einz

Nix

dorf

Ins

titut

e, U

nive

rsity

of

Pad

erbo

rn



Questions?


© Software Engineering Research Group, Heinz Nixdorf Institute, University of Paderborn HEINZ...

Documents

Transcript of © Software Engineering Research Group, Heinz Nixdorf Institute, University of Paderborn HEINZ...