Incremental Modeling of System Architecture Satisfying SysML - - PowerPoint PPT Presentation

Incremental Modeling of System Architecture Satisfying SysML Functional Requirements

• O. Carrillo, S. Chouali, and H. Mountassir

Institut Femto-ST Université de Franche-Comté, France

Conférence francophone sur l’Architecture Logicielle - CAL 2014 Work originally presented in FACS 2013 June 11, 2014

Oscar Carrillo System Architecture from SysML Requirements 1 / 21

Context Our Approach Conclusion

Context

Functional Requirements Functional properties that the system must satisfy to fulfill user needs Component Based Systems

◮ Components are only described by their interfaces ◮ Built by assembling the components ◮ Architecture described by the connections between the

components

A A B AB

Oscar Carrillo System Architecture from SysML Requirements 2 / 21

Context Our Approach Conclusion

Our Motivation

Requirements R1 R... Ri R... Rn

A A B B C C

S A B C AB AC BC

To propose an approach to model and verify Component-Based Systems directly from system requirements and a component library

Oscar Carrillo System Architecture from SysML Requirements 3 / 21

Context Our Approach Conclusion

Difficulties to overcome

Requirements R1 R... Ri R... Rn

A A B B C C

S A B C AB AC BC

◮ How to specify the requirements and component interfaces ? ◮ How to ensure requirement validation ?

Oscar Carrillo System Architecture from SysML Requirements 4 / 21

Context Our Approach Conclusion

Difficulties to overcome

Requirements R1 R... Ri R... Rn

A A B B C C

S A B C AB AC BC

◮ How to guarantee consistency between components ? ◮ How to avoid combinatorial explosion of the system states ?

Oscar Carrillo System Architecture from SysML Requirements 4 / 21

Context Our Approach Conclusion . . . Propositions

Our Propositions

• 1. How to specify the requirements ?

◮ SysML Requirement Diagrams

• 2. How to specify the component interfaces ?

◮ SysML Sequences Diagrams

• 3. How to ensure requirement validation ?

◮ Verification by model-checking

• 4. How to guarantee consistency between components ?

◮ Interface automata theory

• 5. How to specify the architecture ?

◮ SysML BDD and IBD Diagrams

• 6. How to avoid combinatorial explosion of the system states ?

◮ Incremental methodology Oscar Carrillo System Architecture from SysML Requirements 5 / 21

Context Our Approach Conclusion . . . Approach Steps

Approach Steps

select atomic requirements requirement diagram S = ∅ for each atomic

• req. R

link R to a component C such that C R (Use SD, Pro- mela, SPIN) component library Verify that S C = ∅ (use IA and preser- vation of actions) let S = S C and generate par- tial BDD and IBD Generate sys- tem architecture next yes no end

Oscar Carrillo System Architecture from SysML Requirements 6 / 21

Context Our Approach Conclusion . . . Case Study

A Car Safety System

Airbag and seat-belts protecting passenger lives

Oscar Carrillo System Architecture from SysML Requirements 7 / 21

Context Our Approach Conclusion . . . Case Study

A Car Safety System

Requirements Refinement for a Safety System

Oscar Carrillo System Architecture from SysML Requirements 8 / 21

Context Our Approach Conclusion . . . Atomic Requirements

Selection and Specification of Atomic Requirements.

R1.1.1 : Sensors Always get the sensor values and send them to the ACU. ((sensors && receive && msg_get_sensor_values) → ♦ (sensors && send && msg_sensor_values)) R1.1.2 : Airbag Control Unit Decide whether or not to deploy the airbag and/or lock the seat-belts

• nce the sensors report new values.

((acu && receive && msg_sensor_values) → ♦ (acu && send && (msg_act_sb || msg_act_ab))) Connected Requirements R1.1.1 and R1.1.2 share input and output actions.

Oscar Carrillo System Architecture from SysML Requirements 9 / 21

Context Our Approach Conclusion . . . Component Interfaces

Component Library

Component interfaces are described by SysML Sequence Diagrams

SD for sensors block SD for the ACU block

Oscar Carrillo System Architecture from SysML Requirements 10 / 21

Context Our Approach Conclusion . . . Component Interfaces

From SD to Promela

SD element Promela Element Promela Statement Lifeline Process proctype{...} Message Message mtype{m1,...,mn} Connector Communication channel for each message arrow chan chanName = [1] of {mtype} Send and receive events Send and receive operations Send ⇒ ab!m, Receive ⇒ ab?m Alt combined frag- ment if condition if ::(guard)->ab_p?p; :: else -> ab_q?q; fi; Loop combined fragment do operator do ::ab_p?p;

• d

Mapping of basic concepts from Sequence Diagrams to Promela Lima et al. 2009

Oscar Carrillo System Architecture from SysML Requirements 11 / 21

Context Our Approach Conclusion . . . Component Interfaces

Component i=0, Sensors

SD for sensors block

... proctype proc_sensors(){ do sensors_environment_get_sensor_values?get_sensor_values; sensors_environment_sensor_values!sensor_values;

• d

} proctype proc_environment(){ do sensors_environment_get_sensor_values!get_sensor_values; sensors_environment_sensor_values?sensor_values;

• d

} init{ atomic{run proc_sensors(); run proc_environment();} }

Promela code for sensors block

Oscar Carrillo System Architecture from SysML Requirements 12 / 21

Context Our Approach Conclusion . . . Component Interfaces

Component i=1, ACU

SD for the ACU block

... proctype proc_acu(){ do ::acu_environment_sensor_values? sensor_values; if ::(val_acc>=60)−> {acu_environment_act_sb!act_sb; acu_environment_act_ab!act_ab;} ::((val_acc<60) && (val_acc>=3))−> acu_environment_act_sb!act_sb; ::else{acu_reset!reset; acu_reset?reset;} fi;

• d}

Promela code for ACU block

Oscar Carrillo System Architecture from SysML Requirements 13 / 21

Context Our Approach Conclusion . . . Component Interfaces

Component i=1, ACU

SD for the ACU block

... proctype proc_environment(){ do ::acu_environment_sensor_values! sensor_values; if ::((val_acc<60) && (val_acc>=3))−> acu_environment_act_sb?act_sb; ::(val_acc>=60)−> {acu_environment_act_sb?act_sb; acu_environment_act_ab?act_ab;} fi;

• d}

init{ if ::(true) −>val_acc=0; ::(true) −>val_acc=10; ::(true) −>val_acc=60; fi; atomic{run proc_acu(); run proc_environment();} }

Promela code for ACU block

Oscar Carrillo System Architecture from SysML Requirements 14 / 21

Context Our Approach Conclusion . . . Requirement Verification

Verification with SPIN

◮ Promela description must keep track of who is

sending/receiving what message at any time of the execution. Flags for sensor component

◮ send, receive ◮ msg_get_sensor_values, msg_send_sensor_values ◮ sensors, environment ◮ All flags updated by d_step

LTL Property with flags ((sensors && receive && msg_get_sensor_values) → ♦ (sensors && send && msg_sensor_values))

Oscar Carrillo System Architecture from SysML Requirements 15 / 21

Context Our Approach Conclusion . . . Compatibility Verification

Compatibility Verification and Requirement Preservation

1

get_sensor_values? sensor_values! get_sensor _values sensor _values

IA for the Sensors block

1 2

sensor_values? act_sb! reset; act_sb! act_ab! sensor _values act_sb act_ab

IA for the ACU

1 2 3

get_sensor_values? sensor_values; reset; act_sb! act_sb! act_ab! get_sensor _values act_sb act_ab

IA composition generated by Ptolemy (Lee et al. 2004)

Oscar Carrillo System Architecture from SysML Requirements 16 / 21

Context Our Approach Conclusion . . . Architecture

Partial Architecture, i=1

BDD for the second iteration

Oscar Carrillo System Architecture from SysML Requirements 17 / 21

Context Our Approach Conclusion . . . Architecture

Partial Architecture, i=1

IBD for the second iteration

Oscar Carrillo System Architecture from SysML Requirements 18 / 21

Context Our Approach Conclusion

Conclusion

◮ SysML Requirement Diagram was exploited to specify the

requirements of CBS

◮ LTL formulae was used to specify SysML requirements for

their verification on components, thanks to their SD translated to Promela

◮ Component compatibility and requirement preservation were

verified by exploiting the interface automata obtained from SD

• f components

◮ An incremental approach was proposed to avoid the problem

• f combinatorial explosion of the number of states of the

verified components

Oscar Carrillo System Architecture from SysML Requirements 19 / 21

Context Our Approach Conclusion

Future Work

Plugin for TopCased

◮ Tool to generate Promela code from Sequence Diagrams ◮ Tool to generate interface automata for Ptolemy

Requirements

◮ Treat non-functional requirements ◮ Extract formal properties directly from SysML requirements

Oscar Carrillo System Architecture from SysML Requirements 20 / 21

Context Our Approach Conclusion . . . The End

Any questions ?

Thank you for your attention

Oscar Carrillo System Architecture from SysML Requirements 21 / 21

Context Our Approach Conclusion . . . The End

Final Architecture for the Vehicle Safety System

1 2 3 5 7 4 6

get_sensor_values? sensor_values; reset; act_sb; act_sb; act_ab; lock_sb; lock_sb; inflate_ab; inflate_ab; lock_sb; act_ab; get_sensor_values act_sb act_ab

IA for the fourth iteration

Oscar Carrillo System Architecture from SysML Requirements 21 / 21

Context Our Approach Conclusion . . . The End

Final Architecture for the Vehicle Safety System

Oscar Carrillo System Architecture from SysML Requirements 21 / 21