Seamless Model Driven Development and Tool Support for Embedded Software-Intensive Systems

Similar documents
A Logical Basis for Component-Based Systems Engineering *

Time and Causality in Interactive Distributed Systems

2. Component Models: Interface Models by Streams

(INTER-)ACTION REFINEMENT: THE EASY WAY 1

Automated Checking of Integrity Constraints for a Model- and Pattern-Based Requirements Engineering Method (Technical Report)

Trace Refinement of π-calculus Processes

Reasoning about Time and Reliability

Formal Verification. Lecture 1: Introduction to Model Checking and Temporal Logic¹

A Model-based Approach for the Specification of a Virtual Power Plant Operating in Open Context

Linking Duration Calculus and TLA

EECS 144/244: Fundamental Algorithms for System Modeling, Analysis, and Optimization

The Montana Toolset: Formal Analysis of AADL Specifications

Causality Interfaces and Compositional Causality Analysis

Relational Interfaces and Refinement Calculus for Compositional System Reasoning

A Little Logic. Propositional Logic. Satisfiability Problems. Solving Sudokus. First Order Logic. Logic Programming

Agent-Based HOL Reasoning 1

Chapter 2 Background. 2.1 A Basic Description Logic

Automated Reasoning Lecture 5: First-Order Logic

An object-oriented design process. Weather system description. Layered architecture. Process stages. System context and models of use

The State Explosion Problem

Bounded Retransmission in Event-B CSP: a Case Study

Theoretical Foundations of the UML

Communication and Concurrency: CCS

TESTING is one of the most important parts of the

Software Verification with Abstraction-Based Methods

Alan Bundy. Automated Reasoning LTL Model Checking

CS1021. Why logic? Logic about inference or argument. Start from assumptions or axioms. Make deductions according to rules of reasoning.

Methods for the specification and verification of business processes MPB (6 cfu, 295AA)

Research Report 326 ISBN ISSN

Lecture 4 Event Systems

EE249 - Fall 2012 Lecture 18: Overview of Concrete Contract Theories. Alberto Sangiovanni-Vincentelli Pierluigi Nuzzo

Foundations of System Development

Designing and Evaluating Generic Ontologies

Lecture 05: High-Level Design with SysML. An Introduction to SysML. Where are we? What is a model? The Unified Modeling Language (UML)

Communication and Concurrency: CCS. R. Milner, A Calculus of Communicating Systems, 1980

Algebraic State Machines

Cuts. Cuts. Consistent cuts and consistent global states. Global states and cuts. A cut C is a subset of the global history of H

Abstractions and Decision Procedures for Effective Software Model Checking

Timed Test Generation Based on Timed Temporal Logic

Distributed Algorithms (CAS 769) Dr. Borzoo Bonakdarpour

CSE370: Introduction to Digital Design

Lecture (08) Synchronous Sequential Logic

Music as a Formal Language

Axiomatized Relationships Between Ontologies. Carmen Chui

SENSE: Abstraction-Based Synthesis of Networked Control Systems

Algebraic Trace Theory

Partial model checking via abstract interpretation

Model for reactive systems/software

Overview. 1 Lecture 1: Introduction. 2 Lecture 2: Message Sequence Charts. Joost-Pieter Katoen Theoretical Foundations of the UML 1/32

A Framework for. Security Analysis. with Team Automata

MSR 3.0: The Logical Meeting Point of Multiset Rewriting and Process Algebra. Iliano Cervesato. ITT Industries, NRL Washington, DC

Helsinki University of Technology Laboratory for Theoretical Computer Science Research Reports 66

Embedded Systems Development

Linear Time Logic Control of Discrete-Time Linear Systems

Towards a formal language for systemic requirements

A Context Dependent Equivalence Relation Between Kripke Structures (Extended abstract)

A Logic Primer. Stavros Tripakis University of California, Berkeley. Stavros Tripakis (UC Berkeley) EE 144/244, Fall 2014 A Logic Primer 1 / 35

Stéphane Lafortune. August 2006

University of Surrey. Bounded Retransmission in Event-B CSP: A Case Study. Steve Schneider, Helen Treharne and Heike Wehrheim

Propositional Definite Clause Logic: Syntax, Semantics and Bottom-up Proofs

Logic in Computer Science. Frank Wolter

Benefits of Interval Temporal Logic for Specification of Concurrent Systems

Part I. Principles and Techniques

CSE 1400 Applied Discrete Mathematics Definitions

Models of Concurrency

Probabilistic Model Checking and Strategy Synthesis for Robot Navigation

Lecture 3: Semantics of Propositional Logic

Testing Distributed Systems

A Logic Primer. Stavros Tripakis University of California, Berkeley

cis32-ai lecture # 18 mon-3-apr-2006

Formal Verification of Systems-on-Chip

One Year Later. Iliano Cervesato. ITT Industries, NRL Washington, DC. MSR 3.0:

Design of Embedded Systems: Models, Validation and Synthesis (EE 249) Lecture 9

Description Logics. an introduction into its basic ideas

arxiv: v1 [cs.lo] 29 May 2014

Models for Concurrency

Timo Latvala. March 7, 2004

Automata-based Verification - III

EAHyper: Satisfiability, Implication, and Equivalence Checking of Hyperproperties

Automata, Logic and Games: Theory and Application

Decomposing Specifications of Concurrent Systems

Let s now begin to formalize our analysis of sequential machines Powerful methods for designing machines for System control Pattern recognition Etc.

Automata-based Verification - III

The Underlying Semantics of Transition Systems

Industrial-Strength Model-Based Testing - State of the Art and Current Challenges

Software Verification

7. Queueing Systems. 8. Petri nets vs. State Automata

A subtle problem. An obvious problem. An obvious problem. An obvious problem. No!

Bridging the Gap between Reactive Synthesis and Supervisory Control

Slicing Petri Nets. Astrid Rakow. Department für Informatik, Univeristät Oldenburg

Part 1: Fundamentals

Overview. Discrete Event Systems Verification of Finite Automata. What can finite automata be used for? What can finite automata be used for?

The TLA + proof system

Formal Methods in Software Engineering

Component-Interaction Automata as a Verification-Oriented Component-Based System Specification

High Performance Computing

Feedback Refinement Relations for the Synthesis of Symbolic Controllers

Timed Automata VINO 2011

Digital Logic Design ENEE x. Lecture 14

Finite-State Model Checking

Transcription:

Seamless Model Driven Development and Tool Support for Embedded Software-Intensive Systems Computer Journal Lecture - 22nd June 2009 Manfred Broy Technische Universität München Institut für Informatik D-80290 Munich, Germany

The role of modelling in software & systems engineering Software & systems engineering means capturing the requirements domain specific functional, logical, technical, methodological specification of the system s overall functionality design of a solution in terms of an architecture specifying the components implementing the components verification of the components and integrating them into the system and verifying the integration verification of the system further evolution These are complex error prone tasks! Manfred Broy 2

The role of modelling in software & systems engineering (S&SE) Modelling helps for: expressing and documenting the requirements specifying the system describing the architecture specifying the components their composition and interaction modelling the components verifying of the components and integrating them into the system and verifying the verifying the system further evolution Manfred Broy 3

The roots of modelling in S&SE Graphical description: Early approaches: SADT, Structured Analysis (SA) Later: SDL, ADLs, OOA/D, ROOM Today: UML, SysML Programming and programming languages Programming concepts: types (as basis for data models) Programming logics Object oriented programming concepts Formal description techniques as modelling concepts Predicate Logic Based Specification Abstract Data Types State Machines (Mealy,... ) Temporal Logic Process Algebras (CCS, CSP,... ) Models of distributed concurrent systems (Unity, TLA,... ) Manfred Broy 4

On models and modelling What is a model? An abstraction! What kind of models? Informal: language, informal diagrams,... Semiformal: formalized graphical or textual presentation languages Mathematical: in terms of mathematical theories Formal models: formalized syntax, semantics and logics How do we use models? for understanding - Gedankenmodell for specification, design and documentation for analysis, validation, simulation, verification, certification for generation of implementation, tests, for reuse Manfred Broy 5

What do we model Domain specific tautologies, ontologies, data models,... laws, rules,...... System specific data interface behaviour architecture state temporal... Technical Protocols CPUs... We concentrate on digital (discrete) models in the following Manfred Broy 6

Modelling and engineering Support of development processes support in various phases of development integrated support between phases of development Support of engineering principles levels of abstraction separation of concerns encapsulation modularity Tool support Manfred Broy 7

The five areas of modelling Mathematical Models Logical Theories Methodology Description Techniques Tools Manfred Broy 8

Informal requirements formalisation S Specification, Sverification, architecture... Requirements Engineering Validation Formalized system requirements in terms of service taxonomies architecture S1 S2 S3 S4 System delivery System verification R S Integration R = R1 R2 R3 R4 R1 R deliver R2 R4 R3 S1 Architecture design Architecture verification S S1 S2 S3 S4 S4 S2 S3 realization R1 integration R2 R4 R3 Component implementation verification R1 S1 R2 S2 R3 S3 R4 S4 Manfred Broy 9

Ingredients for Integration Coherent Theory Modelling (data/interface/state/interaction/architecture) Refinement Verification Consistent Terminology Tractable Description Techniques Formulas/Logics Diagrams/Graphics Tables Comprehensive Architecture Structuring Flexible Development Process Phases (Requirements/Design/Implementation/Test/Integration) Artefact Model (concept) Methods Process models Powerful Tools Artefact Model (tool support) Automation for documentation, analysis, verification, generation Manfred Broy 10

The Big Picture Tool Development Process Artefact Model Terminology Architecture Methods Description Techniques Theory Manfred Broy 11

What has to be modelled? Data states and their attributes messages, events, signals Requirements and specifcations Functional Nonfunctional - Quality Models System Architecture Structure Components/interfaces Hierarchy Hardware/Software/Deployment Software Architecture Modules Tasks Test Cases Development Processes Development Steps Refactoring Code generation Quality attributes Systems Manfred Broy 12

Abstraction Abstraction Towards a comprehensive theory of system modelling: meta model Abstraction Composition Refinement Time Feature model Interface model: components Input and output uses Implementation uses Composition Refinement Time Process transition model: Events, actions and causal relations Implementation State transition model: States and state machines uses Data model: Types/sorts and characteristic functions Is sub-feature Composition Refinement Time Hierarchy and architecture Composition Refinement Time Manfred Broy 13

What is a (discrete) system? A system has a scope a behavior a structure and distribution a black box view: an interface and an interface behaviour input and output via ports, channels, events, messages, signals a glass/white box view: architecture state and state transition quality profile Manfred Broy 14

Towards a uniform model: Basic system model component System class: distributed, reactive systems kc LM lc cl Control cr rc RM component name channel channel name System consists of named components (with local state) named channels driven by global, discrete clock Manfred Broy 15

Basic Model Timed Streams: Semantic Model for Black-Box-Behavior eq E qe Q Message set: M = {a, b, c,...} t t+1 t+2 t+3 infinite channel history <a,d,a,b> <> Messages transmitted at time t Manfred Broy 16

The Basic Behaviour Model: Streams and Functions C set of channels Type: C TYPE type assignment x : C (IN\{0} ) channel history for messages of type M r C or IH[C] set of channel histories for channels in C Manfred Broy 17

System interface model Channel: Identifier of Type stream I = { x 1, x 2,... } set of typed inpu t channels O = { y 1, y 2,... } set of typed outpu t channels Interface behavior f : I r r O x 1 : S 1 x n : S n Set of interfaces: IF[I O] M f M y 1 : T 1 y m : T m Manfred Broy 18

System interfaces (I O) syntactic interface with set of input channels I and of output channels O F : I r ( O r ) semantic interface for (I O) with timing prop erty addressing causality (let x, z I r, y O r, t IN): x t = z t {y t+1: y F(x)} = {y t+1: y F(z)} x t prefix of history x with t finite sequences A system is a total behavior I O Component interface Manfred Broy 19

Example: Component interface specification A transmission component TMC TMC in x: T out y: T x ~ y Spec name Input channel x:t Output channel x ~ y ( m T: {m} x = {m} y ) TMC x ~ y y:t Specifying assertion Manfred Broy 20

State model for systems/components Σ set of states, initial state σ Σ State transition function: State machine (infinite Moore automaton): (Δ, σ) Interface abstraction Abs : SM IF Δ: (Σ (I M * )) (Σ (O M * )) Abs(, ) = F wher e The state machine concept has to fit to the interface model F ( z ˆx) = { s ˆy: y F (x) ( ', s) (, z) } Set of all states machines: SM Manfred Broy 21

Composition and Decomposition of Systems F 1 IF[I 1 O 1 ] F 2 IF[I 2 O 2 ] I 1 \C 2 C F 1 1 F 2 O 2 \C 2 C 1 = O 1 I 2 C 2 = O 2 I 1 I = I 1 \C 2 I 2 \C 1 O = O 1 \C 1 O 2 \C 2 O 1 \C 1 C 2 I 2 \C 1 F 1 F 2 IF[I O], (F 1 F 2 ).x = {z O: x = z I z O 1 F 1 (z I 1 ) z O 2 F 2 (z I 2 )} Manfred Broy 22

Interface specification composition rule x1 F1 F2 F1 z12 F2 y2 y1 z21 x2 F1 in x1, z21: T out y1, z12: T P1 F2 in x2, z12: T out y2, z21: T P2 F1 F2 in x1, x2: T out y1, y2: T z12, z21: P1 P2 Manfred Broy 23

Composition of Specifications into Architectures Input channels Composed component spec in x 1 : M 1, x 2 : M 2,... out y 1 : N 1, y 2 : N 2,... Composed Component P 1 Output channels Internal channels x 1 : M 1 y 1 : N 1 c 1, c 2,... : P 1... P n c 1 : T 1 c 2 : T 2 P 3 P 2 P 4 y 2 : N 2 x 2 : M 2 y 2 : N 2 x 3 : M 3 System composition = logical und Channel Hiding = existential quantification Manfred Broy 24

An example of an essential property... Interface abstraction distributes for state machines over composition Abs((Δ1, σ1) (Δ2, σ2) ) = Abs((Δ1, σ1)) Abs((Δ2, σ2)) Manfred Broy 25

Vertical Refinement r r F: I ( Compositionality O ) of refinement is refined by a behavior k: F k -> IF F ˆ r r F ˆ : I ( O ) if we write x r I : ˆ F.x F.x F -> IF ˆ F ˆ F Manfred Broy 26

Levels of abstraction I F 1 O 1... A I...... I 2 O 2 abstract level R Property refinement O implies interaction refinement... F concrete level ˆ Compositionality of interaction refinement Given refinement pairs Refinement of State Machines Α Ι : I r 2 ( I r r Given two state machine (Δ k, Λ k ) for k := 1, 2 where Λ k is a set Λ k of pairs 1 )(σ R I : I r O 2 ( O r 0, y 0 ) and Δ k is a state transition function composition 1 ) R O : O r Δ k : (Σ k (I k M * )) (Σ k (O k M* )) we call Δ 2 a refinement of Δ 1 if there exists a mapping F ˆ r I r O abs: Σ 2 Σ 1 such that Theorems Interaction refinement distributes over Abstractions of interaction refinements of implementations are interaction refinements of abstractions r r I O Time abstraction is interaction abstraction Interaction abstraction is a Galois connection {(abs.σ, A O.y 0 ) : (σ 0, y 0 ) Λ 2 } Λ 1 F ˆ and for each reachable state σ Σ 2 of the state machine (Δ 2, Λ 2 ) we have B Δ2 (σ, y 0 ) A I Þ B Δ1(abs.σ, A O.y 0 ) Þ R O r I r O Manfred Broy 27

The comprehensive model Usage function hierarchy service taxonomy Logical architecture Technical architecture Software architecture conceptional architecture Tasks T1 T2 T3 T4... Deployment T1... T2... T3 T4... Hardware architecture Manfred Broy 28

The overall goal Provide a formal model for the comprehensive architecture and all of its views In this talk: concentration on the conceptional architecture The foundation The basic system model: components System specification and verification System composition Service taxonomy Logical architecture Relationship between service taxonomy and logical architecture Manfred Broy 29

A screen shot from AutoFocus Manfred Broy 30

What we got Formal notion of a system with input and output represented by a relation between input and output histories are specified by history assertions can be used as a component to form a large system can be de-composed into an architecture of components Formal notion of a service/feature/system function with input and output represented by a relation between input and output histories are specified by history assertions can be used as a sub-service to form a large system can be de-combined into an taxonomy of services Every component can be de-combined into its taxonomy of its sub-services the sub-services can be related by service dependency relations Manfred Broy 31

Concluding Remarks Today software & systems engineering is too much orientated towards the technical architecture and solutions/implemention in the beginning We need a comprehensive architectural model-based view onto systems including requirements for dealing with complex multi-functional systems The models allow for Separation of concerns Separation technical aspects from application aspects Technical architectures are modelled along the same theory Code and test cases can be generated from the models Manfred Broy 32

2024 © sciencedocbox.com Privacy Policy | Terms of Service | Feedback