Incremental Modeling of System Architecture Satisfying SysML Functional Requirements O. Carrillo, S. Chouali, and H. Mountassir Institut Femto-ST Université de Franche-Comté, France Conférence francophone sur l’Architecture Logicielle - CAL 2014 Work originally presented in FACS 2013 June 11, 2014 Oscar Carrillo System Architecture from SysML Requirements 1 / 21
Context Our Approach Conclusion Context Functional Requirements Functional properties that the system must satisfy to fulfill user needs Component Based Systems ◮ Components are only described by their interfaces ◮ Built by assembling the components ◮ Architecture described by the connections between the components A A B AB Oscar Carrillo System Architecture from SysML Requirements 2 / 21
Context Our Approach Conclusion Our Motivation Requirements R 1 S R ... R i C R ... R n AC BC A A B A B AB B C C To propose an approach to model and verify Component-Based Systems directly from system requirements and a component library Oscar Carrillo System Architecture from SysML Requirements 3 / 21
Context Our Approach Conclusion Difficulties to overcome Requirements R 1 S R ... R i C R ... R n AC BC A A A B AB B B C C ◮ How to specify the requirements and component interfaces ? ◮ How to ensure requirement validation ? Oscar Carrillo System Architecture from SysML Requirements 4 / 21
Context Our Approach Conclusion Difficulties to overcome Requirements R 1 S R ... R i C R ... R n AC BC A A B A B AB B C C ◮ How to guarantee consistency between components ? ◮ How to avoid combinatorial explosion of the system states ? Oscar Carrillo System Architecture from SysML Requirements 4 / 21
Context Our Approach Conclusion � . . . Propositions Our Propositions 1. How to specify the requirements ? ◮ SysML Requirement Diagrams 2. How to specify the component interfaces ? ◮ SysML Sequences Diagrams 3. How to ensure requirement validation ? ◮ Verification by model-checking 4. How to guarantee consistency between components ? ◮ Interface automata theory 5. How to specify the architecture ? ◮ SysML BDD and IBD Diagrams 6. How to avoid combinatorial explosion of the system states ? ◮ Incremental methodology Oscar Carrillo System Architecture from SysML Requirements 5 / 21
Context Our Approach Conclusion � . . . Approach Steps Approach Steps requirement select atomic diagram requirements = ∅ S for each atomic end Generate sys- req. R tem architecture next link R to a component component no C such that C � R (Use SD, Pro- library mela, SPIN) Verify that S � C � = ∅ (use IA and preser- vation of actions) yes let S = S � C and generate par- tial BDD and IBD Oscar Carrillo System Architecture from SysML Requirements 6 / 21
Context Our Approach Conclusion � . . . Case Study A Car Safety System Airbag and seat-belts protecting passenger lives Oscar Carrillo System Architecture from SysML Requirements 7 / 21
Context Our Approach Conclusion � . . . Case Study A Car Safety System Requirements Refinement for a Safety System Oscar Carrillo System Architecture from SysML Requirements 8 / 21
Context Our Approach Conclusion � . . . Atomic Requirements Selection and Specification of Atomic Requirements. R1.1.1 : Sensors Always get the sensor values and send them to the ACU. � ((sensors && receive && msg_get_sensor_values) → ♦ (sensors && send && msg_sensor_values)) R1.1.2 : Airbag Control Unit Decide whether or not to deploy the airbag and/or lock the seat-belts once the sensors report new values. � ((acu && receive && msg_sensor_values) → ♦ (acu && send && (msg_act_sb || msg_act_ab))) Connected Requirements R1.1.1 and R1.1.2 share input and output actions. Oscar Carrillo System Architecture from SysML Requirements 9 / 21
Context Our Approach Conclusion � . . . Component Interfaces Component Library Component interfaces are described by SysML Sequence Diagrams SD for sensors block SD for the ACU block Oscar Carrillo System Architecture from SysML Requirements 10 / 21
Context Our Approach Conclusion � . . . Component Interfaces From SD to Promela SD element Promela Element Promela Statement Lifeline Process proctype{...} Message Message mtype{m1,...,mn} Connector Communication channel for chan chanName = [1] of {mtype} each message arrow Send and receive Send and receive operations Send ⇒ ab!m , Receive ⇒ ab?m events Alt combined frag- if condition if ment ::(guard)->ab_p?p; :: else -> ab_q?q; fi; Loop combined do operator do fragment ::ab_p?p; od Mapping of basic concepts from Sequence Diagrams to Promela Lima et al. 2009 Oscar Carrillo System Architecture from SysML Requirements 11 / 21
Context Our Approach Conclusion � . . . Component Interfaces Component i=0, Sensors ... proctype proc_sensors(){ do sensors_environment_get_sensor_values?get_sensor_values; sensors_environment_sensor_values!sensor_values; od } proctype proc_environment(){ do sensors_environment_get_sensor_values!get_sensor_values; sensors_environment_sensor_values?sensor_values; od } init { atomic { run proc_sensors(); run proc_environment();} } SD for sensors block Promela code for sensors block Oscar Carrillo System Architecture from SysML Requirements 12 / 21
Context Our Approach Conclusion � . . . Component Interfaces Component i=1, ACU ... proctype proc_acu(){ do ::acu_environment_sensor_values? sensor_values; if ::(val_acc>=60) − > {acu_environment_act_sb!act_sb; acu_environment_act_ab!act_ab;} ::((val_acc<60) && (val_acc>=3)) − > acu_environment_act_sb!act_sb; :: else {acu_reset!reset; acu_reset?reset;} fi ; od } SD for the ACU block Promela code for ACU block Oscar Carrillo System Architecture from SysML Requirements 13 / 21
Context Our Approach Conclusion � . . . Component Interfaces Component i=1, ACU ... proctype proc_environment(){ do ::acu_environment_sensor_values! sensor_values; if ::((val_acc<60) && (val_acc>=3)) − > acu_environment_act_sb?act_sb; ::(val_acc>=60) − > {acu_environment_act_sb?act_sb; acu_environment_act_ab?act_ab;} fi ; od } init { if ::( true ) − >val_acc=0; ::( true ) − >val_acc=10; ::( true ) − >val_acc=60; fi ; atomic { run proc_acu(); run proc_environment();} } SD for the ACU block Promela code for ACU block Oscar Carrillo System Architecture from SysML Requirements 14 / 21
Context Our Approach Conclusion � . . . Requirement Verification Verification with SPIN ◮ Promela description must keep track of who is sending/receiving what message at any time of the execution. Flags for sensor component ◮ send, receive ◮ msg_get_sensor_values, msg_send_sensor_values ◮ sensors, environment ◮ All flags updated by d_step LTL Property with flags � ((sensors && receive && msg_get_sensor_values) → ♦ (sensors && send && msg_sensor_values)) Oscar Carrillo System Architecture from SysML Requirements 15 / 21
Context Our Approach Conclusion � . . . Compatibility Verification Compatibility Verification and Requirement Preservation act _ ab ! act _ sb sensor _ values sensor _ values ? act _ sb ! sensor _ values ! get _ sensor 0 1 2 sensor act _ ab _ values _ values 0 1 reset ; get _ sensor _ values ? act _ sb ! IA for the Sensors block IA for the ACU act _ ab ! 3 act _ sb act _ sb ! get _ sensor _ values get _ sensor _ values ? sensor _ values ; 0 1 2 act _ ab reset ; act _ sb ! IA composition generated by Ptolemy (Lee et al. 2004) Oscar Carrillo System Architecture from SysML Requirements 16 / 21
Context Our Approach Conclusion � . . . Architecture Partial Architecture, i=1 BDD for the second iteration Oscar Carrillo System Architecture from SysML Requirements 17 / 21
Context Our Approach Conclusion � . . . Architecture Partial Architecture, i=1 IBD for the second iteration Oscar Carrillo System Architecture from SysML Requirements 18 / 21
Context Our Approach Conclusion Conclusion ◮ SysML Requirement Diagram was exploited to specify the requirements of CBS ◮ LTL formulae was used to specify SysML requirements for their verification on components, thanks to their SD translated to Promela ◮ Component compatibility and requirement preservation were verified by exploiting the interface automata obtained from SD of components ◮ An incremental approach was proposed to avoid the problem of combinatorial explosion of the number of states of the verified components Oscar Carrillo System Architecture from SysML Requirements 19 / 21
Context Our Approach Conclusion Future Work Plugin for TopCased ◮ Tool to generate Promela code from Sequence Diagrams ◮ Tool to generate interface automata for Ptolemy Requirements ◮ Treat non-functional requirements ◮ Extract formal properties directly from SysML requirements Oscar Carrillo System Architecture from SysML Requirements 20 / 21
Context Our Approach Conclusion � . . . The End Any questions ? Thank you attention your for Oscar Carrillo System Architecture from SysML Requirements 21 / 21
Recommend
More recommend
