Implementing Guidelines For Thyroid Nodules Hirotoshi Nakamura Kuma Hospital, Kobe, Japan.
1 A Context Analysis Method for Constructing Reliable Embedded Systems Naoyasu Ubayashi, Toshiki...
-
Upload
coleen-barrett -
Category
Documents
-
view
216 -
download
2
Transcript of 1 A Context Analysis Method for Constructing Reliable Embedded Systems Naoyasu Ubayashi, Toshiki...
![Page 1: 1 A Context Analysis Method for Constructing Reliable Embedded Systems Naoyasu Ubayashi, Toshiki Seto, Hirotoshi Kanagawa, Susumu Taniguchi, and Jun Yoshida.](https://reader036.fdocuments.in/reader036/viewer/2022062517/56649f285503460f94c41379/html5/thumbnails/1.jpg)
1
A Context Analysis Methodfor Constructing Reliable Embedded Systems
Naoyasu Ubayashi, Toshiki Seto, Hirotoshi Kanagawa,Susumu Taniguchi, and Jun Yoshida (Kyushu Institute of Technology)Takeshi Sumi and Masayuki Hirayama (Toshiba)
May 11, 2007
MISE 200 8
![Page 2: 1 A Context Analysis Method for Constructing Reliable Embedded Systems Naoyasu Ubayashi, Toshiki Seto, Hirotoshi Kanagawa, Susumu Taniguchi, and Jun Yoshida.](https://reader036.fdocuments.in/reader036/viewer/2022062517/56649f285503460f94c41379/html5/thumbnails/2.jpg)
Contexts in embedded systems
Many embedded systems not only affect their contexts through actuators but also are affected by their contexts through sensors.
However, requirements analysis is mainly conducted from the viewpoint of system functions, and contexts are only roughly analyzed.
2
Unexpected behavior might emerge in a system if a developer does not recognize any possible conflicting combinations between the system and contexts.
It is difficult to decide the boundary of contexts that should be taken into account: which contexts should be included as the targets of requirements analysis.
EmbeddedSystem
Actuator
Sensor
Contexts
Boundary ?Association ?Frame
Problem !
![Page 3: 1 A Context Analysis Method for Constructing Reliable Embedded Systems Naoyasu Ubayashi, Toshiki Seto, Hirotoshi Kanagawa, Susumu Taniguchi, and Jun Yoshida.](https://reader036.fdocuments.in/reader036/viewer/2022062517/56649f285503460f94c41379/html5/thumbnails/3.jpg)
Today’s my talk
We propose a context-dependent requirements analysis method called CAMEmb (Context Analysis Method for Embedded systems).
3
UML Profile for Context Analysis
Formal Methods( VDM++ )
CAMEmb is a systematic approach to
exploring context boundary avoiding the frame problem,
verifying whether requirements can be satisfied under the expected contexts,
changing requirements or context boundary if not satisfied.
![Page 4: 1 A Context Analysis Method for Constructing Reliable Embedded Systems Naoyasu Ubayashi, Toshiki Seto, Hirotoshi Kanagawa, Susumu Taniguchi, and Jun Yoshida.](https://reader036.fdocuments.in/reader036/viewer/2022062517/56649f285503460f94c41379/html5/thumbnails/4.jpg)
4
Outline
1. Motivation2. CAMEmb3. MDD based on CAMEmb4. Conclusions and Future work
![Page 5: 1 A Context Analysis Method for Constructing Reliable Embedded Systems Naoyasu Ubayashi, Toshiki Seto, Hirotoshi Kanagawa, Susumu Taniguchi, and Jun Yoshida.](https://reader036.fdocuments.in/reader036/viewer/2022062517/56649f285503460f94c41379/html5/thumbnails/5.jpg)
5
1. Motivation
![Page 6: 1 A Context Analysis Method for Constructing Reliable Embedded Systems Naoyasu Ubayashi, Toshiki Seto, Hirotoshi Kanagawa, Susumu Taniguchi, and Jun Yoshida.](https://reader036.fdocuments.in/reader036/viewer/2022062517/56649f285503460f94c41379/html5/thumbnails/6.jpg)
6
Example: an electric pot
water level sensor
heater
thermostat liquid
context
system
pot
The pot controls the water temperature by turning on or off the heater.
The pot changes its mode to the heat-retaining mode when the temperature becomes 100 Celsius.
The pot observes the volume from the water level.
Boil: () ==> ()Boil() == while thermostat.GetTemperature() < 100.0 do heater.On();
However, faults may occur if the expected contexts are changed.
---for example, the circumstance of the low air pressure
![Page 7: 1 A Context Analysis Method for Constructing Reliable Embedded Systems Naoyasu Ubayashi, Toshiki Seto, Hirotoshi Kanagawa, Susumu Taniguchi, and Jun Yoshida.](https://reader036.fdocuments.in/reader036/viewer/2022062517/56649f285503460f94c41379/html5/thumbnails/7.jpg)
Should air pressure be taken into account ?
7
water level sensor
heater
thermostat Liquid
context
system
pot
Non trivial !Air
PressureAir
Pressure
Boundary
? ?
This depends on user requirements.
However, it is important to check the consistency if we decide that air pressure must be taken into account.
It is also important to check the impact when air pressure is included in the expected contexts.
![Page 8: 1 A Context Analysis Method for Constructing Reliable Embedded Systems Naoyasu Ubayashi, Toshiki Seto, Hirotoshi Kanagawa, Susumu Taniguchi, and Jun Yoshida.](https://reader036.fdocuments.in/reader036/viewer/2022062517/56649f285503460f94c41379/html5/thumbnails/8.jpg)
Problems to be tackled
The boundary of contexts should be determined from user requirements.
We must take into account the influence that occurs in the cooperation among a target system and contexts within the boundary.
We must also detect defects by recognizing any possible conflicting combinations among the system and contexts.
8
Systematic way forcontext analysis
![Page 9: 1 A Context Analysis Method for Constructing Reliable Embedded Systems Naoyasu Ubayashi, Toshiki Seto, Hirotoshi Kanagawa, Susumu Taniguchi, and Jun Yoshida.](https://reader036.fdocuments.in/reader036/viewer/2022062517/56649f285503460f94c41379/html5/thumbnails/9.jpg)
2. CAMEmb
Context Analysis Methodfor Embedded systems
9
![Page 10: 1 A Context Analysis Method for Constructing Reliable Embedded Systems Naoyasu Ubayashi, Toshiki Seto, Hirotoshi Kanagawa, Susumu Taniguchi, and Jun Yoshida.](https://reader036.fdocuments.in/reader036/viewer/2022062517/56649f285503460f94c41379/html5/thumbnails/10.jpg)
CAMEmb Overview
10
Formal Methods( VDM++ )
UML Profile for Context Analysis
![Page 11: 1 A Context Analysis Method for Constructing Reliable Embedded Systems Naoyasu Ubayashi, Toshiki Seto, Hirotoshi Kanagawa, Susumu Taniguchi, and Jun Yoshida.](https://reader036.fdocuments.in/reader036/viewer/2022062517/56649f285503460f94c41379/html5/thumbnails/11.jpg)
Context modeling
11
UML profile for context analysis Steps forexploring boundary
1. Context elements (value object) observed or controlled directly by a sensor or an actuator are extracted.
2. Impact factors that affect the states (values) of these context elements are extracted using guide words.Initial
Boundary
Sensor cannot observe original data
Factor related to a specific value
Contexts that do not change the values are
ignored !The frame problem is
avoided !
FinalBoundary
Factor that determines the upper limit
![Page 12: 1 A Context Analysis Method for Constructing Reliable Embedded Systems Naoyasu Ubayashi, Toshiki Seto, Hirotoshi Kanagawa, Susumu Taniguchi, and Jun Yoshida.](https://reader036.fdocuments.in/reader036/viewer/2022062517/56649f285503460f94c41379/html5/thumbnails/12.jpg)
Translation to VDM++
12
![Page 13: 1 A Context Analysis Method for Constructing Reliable Embedded Systems Naoyasu Ubayashi, Toshiki Seto, Hirotoshi Kanagawa, Susumu Taniguchi, and Jun Yoshida.](https://reader036.fdocuments.in/reader036/viewer/2022062517/56649f285503460f94c41379/html5/thumbnails/13.jpg)
13
VDM++ Specification
class Software
instance variables heater : Heater; thermostat : Thermostat; liquid_level_sensor : LiquidLevelSensor;
operations public Setup: RealWorld ==> () Setup(realworld) == (heater := new Heater(); heater.Setup(realworld); thermostat := new Thermostat(); thermostat.Setup(realworld); liquid_level_sensor := new LiquidLevelSensor(); liquid_level_sensor.Setup(realworld); );
public Boil: () ==> () Boil() == while thermostat.GetTemperature() <= 100.0 and liquid_level_sensor.IsOn() = true
do heater.On()
pre liquid_level_sensor.IsOn() = true post liquid_level_sensor.IsOn() = true;
end Software
Constraints
From user requirements(water should not be empty)
![Page 14: 1 A Context Analysis Method for Constructing Reliable Embedded Systems Naoyasu Ubayashi, Toshiki Seto, Hirotoshi Kanagawa, Susumu Taniguchi, and Jun Yoshida.](https://reader036.fdocuments.in/reader036/viewer/2022062517/56649f285503460f94c41379/html5/thumbnails/14.jpg)
Context Validation
14
Formal Methods( VDM++ )
Lightweight Formal Methods
![Page 15: 1 A Context Analysis Method for Constructing Reliable Embedded Systems Naoyasu Ubayashi, Toshiki Seto, Hirotoshi Kanagawa, Susumu Taniguchi, and Jun Yoshida.](https://reader036.fdocuments.in/reader036/viewer/2022062517/56649f285503460f94c41379/html5/thumbnails/15.jpg)
15
VDM++ test execution
Specification can be validated by VDM++ test execution
System Specification
Context A
Context B
Normal Air pressureCONTEXT-atmospheric-air-pressureplace-normalCONTEXT-liquid-water
Low Air PressureCONTEXT-atmospheric-air-pressureplace-lowCONTEXT-liquid-water
![Page 16: 1 A Context Analysis Method for Constructing Reliable Embedded Systems Naoyasu Ubayashi, Toshiki Seto, Hirotoshi Kanagawa, Susumu Taniguchi, and Jun Yoshida.](https://reader036.fdocuments.in/reader036/viewer/2022062517/56649f285503460f94c41379/html5/thumbnails/16.jpg)
Results of test execution
16
Error !We must reconsider whether air pressure should be included in
the expected contexts.
![Page 17: 1 A Context Analysis Method for Constructing Reliable Embedded Systems Naoyasu Ubayashi, Toshiki Seto, Hirotoshi Kanagawa, Susumu Taniguchi, and Jun Yoshida.](https://reader036.fdocuments.in/reader036/viewer/2022062517/56649f285503460f94c41379/html5/thumbnails/17.jpg)
Requirements refinement
17
water level sensor
heater
thermistor Liquid
contextsystem
pot
Air Pressure
Air Pressure
Boundary
Out of ScopeReconsider Hardware Requirements
Fixed to1.0 ATM
Model-based testing based on lightweight formal methods is effective forexploring context boundary andrefining requirements.
![Page 18: 1 A Context Analysis Method for Constructing Reliable Embedded Systems Naoyasu Ubayashi, Toshiki Seto, Hirotoshi Kanagawa, Susumu Taniguchi, and Jun Yoshida.](https://reader036.fdocuments.in/reader036/viewer/2022062517/56649f285503460f94c41379/html5/thumbnails/18.jpg)
3. MDD based on CAMEmb
18
![Page 19: 1 A Context Analysis Method for Constructing Reliable Embedded Systems Naoyasu Ubayashi, Toshiki Seto, Hirotoshi Kanagawa, Susumu Taniguchi, and Jun Yoshida.](https://reader036.fdocuments.in/reader036/viewer/2022062517/56649f285503460f94c41379/html5/thumbnails/19.jpg)
DSL construction using AspectM
19
AspectM metamodel
AspectM model
introducea new kind of
domain-specificmodel element
modifythe AspectMmetamodel
reflect
reify
MMAP
extensionpoint
new modelelement
protocols
Base level
Meta level
Editing-timestructuralreflection
[Ubayashi 2007]
![Page 20: 1 A Context Analysis Method for Constructing Reliable Embedded Systems Naoyasu Ubayashi, Toshiki Seto, Hirotoshi Kanagawa, Susumu Taniguchi, and Jun Yoshida.](https://reader036.fdocuments.in/reader036/viewer/2022062517/56649f285503460f94c41379/html5/thumbnails/20.jpg)
Model editor for CAMEmb
20
Context model of a line trace car
![Page 21: 1 A Context Analysis Method for Constructing Reliable Embedded Systems Naoyasu Ubayashi, Toshiki Seto, Hirotoshi Kanagawa, Susumu Taniguchi, and Jun Yoshida.](https://reader036.fdocuments.in/reader036/viewer/2022062517/56649f285503460f94c41379/html5/thumbnails/21.jpg)
Model transformation
21
Total code size: 223 LOCAutomatic generated code size: 174 LOC
78 %
Context Model
SystemModel
Java
Analysis Model Design Model Code
![Page 22: 1 A Context Analysis Method for Constructing Reliable Embedded Systems Naoyasu Ubayashi, Toshiki Seto, Hirotoshi Kanagawa, Susumu Taniguchi, and Jun Yoshida.](https://reader036.fdocuments.in/reader036/viewer/2022062517/56649f285503460f94c41379/html5/thumbnails/22.jpg)
4. Conclusions and Future work
22
![Page 23: 1 A Context Analysis Method for Constructing Reliable Embedded Systems Naoyasu Ubayashi, Toshiki Seto, Hirotoshi Kanagawa, Susumu Taniguchi, and Jun Yoshida.](https://reader036.fdocuments.in/reader036/viewer/2022062517/56649f285503460f94c41379/html5/thumbnails/23.jpg)
Conclusions
A context-dependent requirements analysis method is proposed.
Our approach is a new kind of MDD that explicitly takes into account the existence of contexts.
23
![Page 24: 1 A Context Analysis Method for Constructing Reliable Embedded Systems Naoyasu Ubayashi, Toshiki Seto, Hirotoshi Kanagawa, Susumu Taniguchi, and Jun Yoshida.](https://reader036.fdocuments.in/reader036/viewer/2022062517/56649f285503460f94c41379/html5/thumbnails/24.jpg)
Future work --- CAMEmb and Problem Frame
In problem frames, relations between a machine (a system to be developed) and the real-world are explicitly described.
We are now exploring the possibility of integrating CAMEmb with problem frames.
We found that there was the similarity between our UML profile and frame patterns.
24
![Page 25: 1 A Context Analysis Method for Constructing Reliable Embedded Systems Naoyasu Ubayashi, Toshiki Seto, Hirotoshi Kanagawa, Susumu Taniguchi, and Jun Yoshida.](https://reader036.fdocuments.in/reader036/viewer/2022062517/56649f285503460f94c41379/html5/thumbnails/25.jpg)
Context analysis with problem frames
25
TraceController( TC )
AABody( BD
)
LineTrace
C
a: TC! { Right, Left} BD! { Line detected, Linemissed}b: LP! { On, Off}c: LC! { Ground Color}d: LS! { Reflected Light}r: BD! { Run, Return to Course}
r
b
ControlMachine
ControlledDomain
RequiredBehavior
AALight
Sensor( LS )X
Line recognitionController
(LC)
AALine
Position( LP )X
TransformationMachine
Output
Input
Required Behavior Frame
Transformation Frame
c
a
d
On if ground color is black