Analysing Fault-Tolerant System using KAOS/FAUST C. Ponsard, P. Massonet, J.F. Molderez (CETIC) A....
-
date post
20-Dec-2015 -
Category
Documents
-
view
220 -
download
0
Transcript of Analysing Fault-Tolerant System using KAOS/FAUST C. Ponsard, P. Massonet, J.F. Molderez (CETIC) A....
Analysing Fault-Tolerant System using KAOS/FAUST
C. Ponsard, P. Massonet, J.F. Molderez (CETIC)
A. van Lamsweerde (UCL/INGI)
Short presentation & DemoREFT’05, Newcastle (UK)
Key IdeaKey Idea
B Method:from specification to code “correct by construction” approachmoving towards requirements“System B” models of both SW/HW/environment
KAOSsimilar approach at requirements levelalso refinement approach (property based)reason the design of the composite systemexplore alternative designs, reason about agent responsibilitiesassess/improve the robustness of the systemtool support: FAUST
• based on Objectiver semi-formal RE platform (providing conceptual repository, graph edit, doc. generation,…)
• Seamless integration for optimal communication
looks complementary and worth investigating current status of on-going work
Structuring Properties Structuring Properties using a Goal Model (with KAOS)using a Goal Model (with KAOS)
EffectivePassengersTransportation
SafeTransportationRapidTransportation
BlockSpeed Limited
DoorsClosedWhileMoving
TrainCollision
ProgressWhen GoSignal
SignalSet ToGo
TrainProgress Delay
HOW?WHY?
MoreTrainsRunning
S2B
WorstCaseStoppingDistanceMaintained
current
TrainsOnSameBlock
On (tr, b) On (tr, next(b))
On(tr,b) Go[next(b)] On(tr,next(b))
On(tr,b) Go[next(b)]
On (tr, b) On (tr, b) W On (tr,next(b))
TrainWaiting
Being PessimisticBeing Pessimistic
AccelerationCommand Not SentInTimeToTrain
WorstCaseStoppingDistanceMaintained
AccelerationCommand NotReceivedInTimeByTrain
...
NotSent SentLate SentToWrongTrain
Acceleration NotSafe
...
AccelerationSentInTimeToTrain
SafeAccelerationComputed
SentCommandReceivedByTrain
ReceivedCommandExecutedByTrain
MilestoneMilestone
ReceivedLate
CorruptedNotReceived
Driving the elaboration Driving the elaboration processprocess
Goal Goal ModelModel
TrainTrain TrackSegmentTrackSegment0:10:1
OnOn
Object ModelObject Model Agent ModelAgent Model
SafeAccelerSafeAcceler
OperationOperation SendCommand SendCommand DomPreDomPre ¬¬Sent (m, tr)Sent (m, tr) DomPostDomPost Sent (m, tr)Sent (m, tr) ReqPostReqPost forfor SafeAccelerSafeAcceler m.Acceler m.Acceler F(tr, tr.Preced)F(tr, tr.Preced)
Operation Operation ModelModel
NoTrainCollisionNoTrainCollision
Some Derived ArtefactsSome Derived Artefacts
Connection with B/RodinConnection with B/Rodin
B moving towards requirements “System B” models of both SW/HW/environmentRequirements gap is a well known problem [Abrial]
Refinement approachProperty refinements in KAOSOperational refinements in B
Benefits for direct engineering: Identifying key propertiesBuilding models easier to prove
Benefits for reverse engineering:Structuring key propertiesExplaining model to stakeholders for validation/acceptance
• semi-formal notations, animation, document generation,…Better documentation: less flat document, richer traceability, checks
Agenda for “K2B”Agenda for “K2B”
Practical Scope: Composys style (Clearsy use of System-B)industrial cases (automotive/railway)
From KAOS models to B models:“Automated” generation of initial B specificationFrom set of operation assigned to agentAttach requirements/ higher level goalsAnimation tool ?
From B models to KAOS modelsGuidelines for building goal/object/agent models“B aware” document generation template
MeansApplied research at CETICCollaboration with ClearSy Student task force from UCL (Belgium)
DemoDemo
during coffee break
FAUST ArchitectureFAUST Architecture
Interface du vérificateur de Interface du vérificateur de raffinementsraffinements
Interface de l’animateurInterface de l’animateur