Analysing Fault-Tolerant System using KAOS/FAUST C. Ponsard, P. Massonet, J.F. Molderez (CETIC) A....
-
date post
20-Dec-2015 -
Category
Documents
-
view
215 -
download
0
Transcript of Analysing Fault-Tolerant System using KAOS/FAUST C. Ponsard, P. Massonet, J.F. Molderez (CETIC) A....
![Page 1: Analysing Fault-Tolerant System using KAOS/FAUST C. Ponsard, P. Massonet, J.F. Molderez (CETIC) A. van Lamsweerde (UCL/INGI) Short presentation & Demo.](https://reader030.fdocuments.in/reader030/viewer/2022032704/56649d445503460f94a20bef/html5/thumbnails/1.jpg)
Analysing Fault-Tolerant System using KAOS/FAUST
C. Ponsard, P. Massonet, J.F. Molderez (CETIC)
A. van Lamsweerde (UCL/INGI)
Short presentation & DemoREFT’05, Newcastle (UK)
![Page 2: Analysing Fault-Tolerant System using KAOS/FAUST C. Ponsard, P. Massonet, J.F. Molderez (CETIC) A. van Lamsweerde (UCL/INGI) Short presentation & Demo.](https://reader030.fdocuments.in/reader030/viewer/2022032704/56649d445503460f94a20bef/html5/thumbnails/2.jpg)
Key IdeaKey Idea
B Method:from specification to code “correct by construction” approachmoving towards requirements“System B” models of both SW/HW/environment
KAOSsimilar approach at requirements levelalso refinement approach (property based)reason the design of the composite systemexplore alternative designs, reason about agent responsibilitiesassess/improve the robustness of the systemtool support: FAUST
• based on Objectiver semi-formal RE platform (providing conceptual repository, graph edit, doc. generation,…)
• Seamless integration for optimal communication
looks complementary and worth investigating current status of on-going work
![Page 3: Analysing Fault-Tolerant System using KAOS/FAUST C. Ponsard, P. Massonet, J.F. Molderez (CETIC) A. van Lamsweerde (UCL/INGI) Short presentation & Demo.](https://reader030.fdocuments.in/reader030/viewer/2022032704/56649d445503460f94a20bef/html5/thumbnails/3.jpg)
Structuring Properties Structuring Properties using a Goal Model (with KAOS)using a Goal Model (with KAOS)
EffectivePassengersTransportation
SafeTransportationRapidTransportation
BlockSpeed Limited
DoorsClosedWhileMoving
TrainCollision
ProgressWhen GoSignal
SignalSet ToGo
TrainProgress Delay
HOW?WHY?
MoreTrainsRunning
S2B
WorstCaseStoppingDistanceMaintained
current
TrainsOnSameBlock
On (tr, b) On (tr, next(b))
On(tr,b) Go[next(b)] On(tr,next(b))
On(tr,b) Go[next(b)]
On (tr, b) On (tr, b) W On (tr,next(b))
TrainWaiting
![Page 4: Analysing Fault-Tolerant System using KAOS/FAUST C. Ponsard, P. Massonet, J.F. Molderez (CETIC) A. van Lamsweerde (UCL/INGI) Short presentation & Demo.](https://reader030.fdocuments.in/reader030/viewer/2022032704/56649d445503460f94a20bef/html5/thumbnails/4.jpg)
Being PessimisticBeing Pessimistic
AccelerationCommand Not SentInTimeToTrain
WorstCaseStoppingDistanceMaintained
AccelerationCommand NotReceivedInTimeByTrain
...
NotSent SentLate SentToWrongTrain
Acceleration NotSafe
...
AccelerationSentInTimeToTrain
SafeAccelerationComputed
SentCommandReceivedByTrain
ReceivedCommandExecutedByTrain
MilestoneMilestone
ReceivedLate
CorruptedNotReceived
![Page 5: Analysing Fault-Tolerant System using KAOS/FAUST C. Ponsard, P. Massonet, J.F. Molderez (CETIC) A. van Lamsweerde (UCL/INGI) Short presentation & Demo.](https://reader030.fdocuments.in/reader030/viewer/2022032704/56649d445503460f94a20bef/html5/thumbnails/5.jpg)
Driving the elaboration Driving the elaboration processprocess
Goal Goal ModelModel
TrainTrain TrackSegmentTrackSegment0:10:1
OnOn
Object ModelObject Model Agent ModelAgent Model
SafeAccelerSafeAcceler
OperationOperation SendCommand SendCommand DomPreDomPre ¬¬Sent (m, tr)Sent (m, tr) DomPostDomPost Sent (m, tr)Sent (m, tr) ReqPostReqPost forfor SafeAccelerSafeAcceler m.Acceler m.Acceler F(tr, tr.Preced)F(tr, tr.Preced)
Operation Operation ModelModel
NoTrainCollisionNoTrainCollision
![Page 6: Analysing Fault-Tolerant System using KAOS/FAUST C. Ponsard, P. Massonet, J.F. Molderez (CETIC) A. van Lamsweerde (UCL/INGI) Short presentation & Demo.](https://reader030.fdocuments.in/reader030/viewer/2022032704/56649d445503460f94a20bef/html5/thumbnails/6.jpg)
Some Derived ArtefactsSome Derived Artefacts
![Page 7: Analysing Fault-Tolerant System using KAOS/FAUST C. Ponsard, P. Massonet, J.F. Molderez (CETIC) A. van Lamsweerde (UCL/INGI) Short presentation & Demo.](https://reader030.fdocuments.in/reader030/viewer/2022032704/56649d445503460f94a20bef/html5/thumbnails/7.jpg)
Connection with B/RodinConnection with B/Rodin
B moving towards requirements “System B” models of both SW/HW/environmentRequirements gap is a well known problem [Abrial]
Refinement approachProperty refinements in KAOSOperational refinements in B
Benefits for direct engineering: Identifying key propertiesBuilding models easier to prove
Benefits for reverse engineering:Structuring key propertiesExplaining model to stakeholders for validation/acceptance
• semi-formal notations, animation, document generation,…Better documentation: less flat document, richer traceability, checks
![Page 8: Analysing Fault-Tolerant System using KAOS/FAUST C. Ponsard, P. Massonet, J.F. Molderez (CETIC) A. van Lamsweerde (UCL/INGI) Short presentation & Demo.](https://reader030.fdocuments.in/reader030/viewer/2022032704/56649d445503460f94a20bef/html5/thumbnails/8.jpg)
Agenda for “K2B”Agenda for “K2B”
Practical Scope: Composys style (Clearsy use of System-B)industrial cases (automotive/railway)
From KAOS models to B models:“Automated” generation of initial B specificationFrom set of operation assigned to agentAttach requirements/ higher level goalsAnimation tool ?
From B models to KAOS modelsGuidelines for building goal/object/agent models“B aware” document generation template
MeansApplied research at CETICCollaboration with ClearSy Student task force from UCL (Belgium)
![Page 9: Analysing Fault-Tolerant System using KAOS/FAUST C. Ponsard, P. Massonet, J.F. Molderez (CETIC) A. van Lamsweerde (UCL/INGI) Short presentation & Demo.](https://reader030.fdocuments.in/reader030/viewer/2022032704/56649d445503460f94a20bef/html5/thumbnails/9.jpg)
DemoDemo
during coffee break
![Page 10: Analysing Fault-Tolerant System using KAOS/FAUST C. Ponsard, P. Massonet, J.F. Molderez (CETIC) A. van Lamsweerde (UCL/INGI) Short presentation & Demo.](https://reader030.fdocuments.in/reader030/viewer/2022032704/56649d445503460f94a20bef/html5/thumbnails/10.jpg)
FAUST ArchitectureFAUST Architecture
![Page 11: Analysing Fault-Tolerant System using KAOS/FAUST C. Ponsard, P. Massonet, J.F. Molderez (CETIC) A. van Lamsweerde (UCL/INGI) Short presentation & Demo.](https://reader030.fdocuments.in/reader030/viewer/2022032704/56649d445503460f94a20bef/html5/thumbnails/11.jpg)
Interface du vérificateur de Interface du vérificateur de raffinementsraffinements
![Page 12: Analysing Fault-Tolerant System using KAOS/FAUST C. Ponsard, P. Massonet, J.F. Molderez (CETIC) A. van Lamsweerde (UCL/INGI) Short presentation & Demo.](https://reader030.fdocuments.in/reader030/viewer/2022032704/56649d445503460f94a20bef/html5/thumbnails/12.jpg)
Interface de l’animateurInterface de l’animateur