Checking consistency between architectural models using SPIN Requirements and Software Architectures Begin Paola Inverardi, Henry Muccini, Patrizio Pelliccione University of L’Aquila (Italy) {inverard, muccini,

2 Requirements and Software Architectures HenryMuccini   Objective: To validate Software Architectural models with respect to Requirements Objective: To validate Software Architectural models with respect to Requirements   How to do this: How to do this: 1)defining a development process that explicitily identifies and manages coordination. [Coordination2000] 2)validating consistency among scenarios and statecharts… validating SA models of dynamics (statecharts) with respect to the expected behaviors (scenarios) for instance

3 Requirements and Software Architectures HenryMuccini Our approach to gain objective 1   Software Development Process Specifications Software Architecture Step4:drives Step2:drives Step3:validates Step1 Requirement Engineering Unified The Unified + Coordination Software Architecture Requirement Engineering + Coordination Specifications

4 Requirements and Software Architectures HenryMuccini In detail (1/4) Use Case Diagram Analysis model Interaction Diagrams dynamic view static view Activity Diagrams Requirements Specifications SA + drives validates Coordination Specifications Step1: Identification and representation of Coordination Requirements

5 Requirements and Software Architectures HenryMuccini In detail (2/4) Step2: From Requirements to Software Architectures RequirementsSoftware Architecture Analysis model Interaction Diagrams SA description LTS model static view dynamic view drives dynamic view static view Activity Diagrams drives Specifications drives Coordination Specifications

6 Requirements and Software Architectures HenryMuccini In detail (3/4) Step3: Validating Software Architectures RequirementsSoftware Architecture LTS model dynamic view Interaction Diagrams dynamic view Activity Diagrams validates Specifications drives Coordination Specifications drives ???

7 Requirements and Software Architectures HenryMuccini   Is the SA model correct with respect to the Requirements? I.e., is the SA dynamics conform to the Coordination Requirements? SA level scenarios User i Check Coordinator Router sendCheck receiveCheck User Alarm ReqUI Alarm Handl Alarm Input SendAlarm Router User Dbase Exists? Yes Receive Alarm AlarmAck Log File write Alarm Req. level scenarios

8 In detail (4/4) Step4: From SA to Coordination Models Requirements and Software Architectures HenryMuccini Software Architecture SA description LTS model static view dynamic view Coordination Models IWIM Specification drives validates Requirement Engineering + Coordination

9 Requirements and Software Architectures HenryMuccini Our approach to gain objective 2... Validate statecharts with respect to the scenarios Statecharts, LTS, Automaton UML Sequence, MSC, Scenarios P Promela Specification m1 m2 m3 m2 m5 Q Q P Scenarios y b c ?ch1 !ch2 a ?ch2 !ch1 x LTL Formulae SPINSPIN Process P Process Q

10 Requirements and Software Architectures HenryMuccini In detail (1/2) Step1: State -> Promela Statecharts

11 Requirements and Software Architectures HenryMuccini In detail (2/2) Step2: Scenario -> LTL Formula P m1 Q m2 m1 (ch[ch1_s].pos[0] < ch[ch2_s].pos[0] < ch[ch2_r].pos[0] < ch[ch1_r].pos[0]) && (ch[ch1_s].pos[0] = 1) && (ch[ch2_s].pos[0] = 2) && (ch[ch2_r].pos[0] = 3) && (ch[ch1_r].pos[0] = 4) P sends m1 before P sends m2 before Q receives m2 before Q receives m1 AND Send m1 is the first operation AND Send m2 is the second operation AND Receive m2 is the third operation AND Reveice m1 is the fourth operation Scenarios

12 Requirements and Software Architectures HenryMuccini Integrating the approaches RequirementsSoftware Architecture Use Case Diagram Analysis model Interaction Diagrams SA description LTS model static view dynamic view drives dynamic view static view Coordination Models IWIM Specification drives Validates using SPIN LTL Formulae Promela Spec.

13 Requirements and Software Architectures HenryMuccini Applying the Approach TRMCS Case Study

14 Requirements and Software Architectures HenryMuccini User AlarmRequest UI AlarmHandler CheckRequest UICheckHandler Router Server sendAlarm sendCheck receiveCheck receiveAlarm UserDbase RouterDbase Log File write&read write read ErrorHandler AlarmInput User Alarm Handler Router Alarm1 Ack1 Alarm Handler Server Ack1 Check Handler Check Alarm1 Analysis model Dynamics LTL Formula

15 Requirements and Software Architectures HenryMuccini SA topology User i Router Server Alarm Coordinator Check Coordinator sendCheck sendAlarm receiveAlarm receiveCheck sendAlarm receiveAlarm sendAck receiveAck sendAck receiveAck Timer Coordinator Clock SA dynamics Promela

16 Requirements and Software Architectures HenryMuccini An architectural Error we found: Req: An User can send Alarms and Checks whenever he wants SA statechart: SA statechart: An User can send a second check (Check2) only if the first check (Check1) as been forwarded to the Router Component UserRouter Check Handler Check1 Check2 UserRouter Check Coord Check1 Check2

17 Ongoing and Future Works   Tool Support   Step1 Refinement (in [ConCoord’01])   Enriched Statecharts and Scenarios   Mapping   Case StudyTimePerformance Requirements and Software Architectures HenryMuccini

18 Requirements and Software Architectures HenryMuccini … and after your presentations...   Use Case Diagrams Vs. Actors and Goals   Our process Vs. Goal Oriented Req.

Requirements and Software Architectures Henry Muccini Henry Muccini Ph-D Student in Computer Science University of L’Aquila - Italy