MICON 2000 F ormal methods for design methodology by Luigi Logrippo with D. Amyot, R. Chan, L. Charfi, N. Gorse, J.Sincennes, R. Plesa,... S CHOOL OF I NFORMATION T ECHNOLOGY AND E NGINEERING U NIVERSITY OF O TTAWA

Basic Idea n Use Case Maps provide a good basis for high-level description and design of many aspects of telecom systems n LOTOS is a formal language that matches UCMs in level of abstraction n Translate UCMs into LOTOS and then use LOTOS formal methodology n The LOTOS spec is a ‘formal prototype’ for the UCM requirements

What does this buy us n Validation and Verification Feature Interaction Detection n Semi-automatic derivation of functional test cases n Semi-automatic derivation of implementations n The design process extends itself into implementation and testing

From UCMs to L OTOS Start/end points Responsibilities Agents/components Stubs Plug-ins Inter-path causality Databases, conditions Visible gates Hidden gates Processes Processes (implement selection policies) Processes Hidden inter-process synchronization (msg) Abstract Data Types

Interprocess Communication n LOTOS process synchronization concept can be implemented as a blackboard system n Establishing a relation with a methodology already in place at Mitel

UCM to LOTOS example Process Agent[A_U, U_A, A_A, req]: (a:Agent, u:User):= U_A !u !a !conReq ?dU:User; req !dU ?dA; A_A !a !dA !conReq !dU; ( A_A !dA !a !conConf !ring; A_U !a !u !conConf !ring; exit [] (* - OR - *) A_A !dA !a !conConf !busy; A_U !a !u !conConf !busy; exit ) endproc Process User[ dial, U_A, A_U, ringBack, busyTone ]:(a:Agent, u:User):= dial !u ?dU:User; U_A !u !a !conReq !dU; ( A_U !a !u !conConf !ring; ringBack; exit [] (* - OR - *) A_U !a !u !conConf !busy; busyTone; exit ) endproc

How to use LOTOS methodology n LOTOS can be used to ‘execute’ UCMs  Scenarios for the UCMs can be obtained Validation tools can be applied to detect errors Functional test cases can be obtained

Detection of feature interactions n New, more efficient methods developed n Have both static and dynamic feature interaction detection n Proven performance: second place (very near to 1st) in 2000 Feature Interaction contest (Glasgow, Scotland)

Feature Interaction Detection Using Predicate Logic, UCM and LOTOS n Feature Interaction Filtering at requirement stage using Prolog Identification of possible interactions Based on requirements n Based on the UCM model Validation of the global model n Rapid method Nicolas Gorse Master Thesis

Feature Interaction Detection Using Predicate Logic, UCM and LOTOS (cont’d) n Derivation of a LOTOS specification Provides an executable model Provides information for scenario generation n Scenario Generation for possible Interactions identified Using information on the structure of the feature Based on possible interactions identified

Feature Interaction Detection Using Predicate Logic, UCM and LOTOS (cont’d) n Feature Interaction scenario-based validation of the LOTOS specification Allows to verify whether the possible interactions identified are present in the LOTOS spec Method only identifies possible interactions, however experimental study showed very high hit rate Scenarios derived can be reused at final system testing stage

n Representation of features Pre-conditions CFA: {subs(B, cfa), concerns(B, cfb), cfa(C)} CFB: {subs(B, cfb), concerns(B, cfb), busy(A), cfb(D) Triggering Events CFA: {call(A, B)} Same triggering events CFB: {call(A, B)} for both features Results CFA: {call(A, C)} Different results, CFB: {call(A, D)} non determinism Feature Interaction Filtering Using Predicate Logic

Feature Interaction Filtering Using Predicate Logic (cont’d) n Mitel Project 22 feature descriptions (484 pairs), 4 users 43 possible interactions found in secs n Feature Interaction Contest 97 feature descriptions (9409 pairs), 4 users 149 possible interactions found in secs n The representation of features is fairly quick to obtain

Another application: Derivation of Test Cases

The Big Picture UCMS LOTOS specification test purposes mapping M mapping M LOTOS scenarios Validation with LOLA TGV TTCN test suites MSC generation LOTOS scenarios used for : (1) the spec validation (2) the TTCN test suite generation (1) (2) Leila Charfi’s Master thesis Several Tools used: LOLA CAESAR TGV (in CAESAR ) lot2msc...

busy idle incomingCall initiateCall onHook disconnection Phone 1 Switch Phone 2 offHook ringStub CallerdisconnectionCalleedisconnection onHook disconn busy offHook talk ring ringBack

A coverage algorithm uses the internal representation of the UCM to cover all possible paths at least once

phone1: startpoint ‘offHook’ ; phone1: resp ‘initiateCall’; phone2: resp ‘incomingCall’; phone2: point ‘busy’; phone1: point ‘busy’; phone1: endpoint ‘onHook’; phone1: startpoint ‘offHook’ ; phone1: resp ‘initiateCall’; phone2: resp ‘incomingCall’; phone2: point ‘idle’; ( phone2: resp ‘ring’; exit ||| phone1: resp ‘ringBack’; exit ) >> phone2: resp ‘offHook’; switch: point ‘talk’; phone2: startpoint ‘onHook’; switch: resp ‘disconn’; phone1: startpoint ‘offHook’ ; phone1: resp ‘initiateCall’; phone2: resp ‘incomingCall’; phone2: point ‘idle’; ( phone2: resp ‘ring’; exit ||| phone1: resp ‘ringBack’; exit ) >> phone2: resp ‘offHook’; switch: point ‘talk’; phone1: startpoint ‘onHook’; switch: resp ‘disconn’; user_to_phone !A !offHook; phone_to_user !A !dialTone; user_to_phone !A !dial !B; ( phone_to_user !B !ringingOn; exit ||| phone_to_user !A !ringBackTone; exit ) user_to_phone !B !offHook; phone_to_user !A !ringBackToneOff; user_to_phone !B !onHook; phone_to_user !A !disconnectTone; user_to_phone !A !onHook; lotos scenario scenarioBusyCalleescenarioForwardTakeDownscenarioBackwardTakeDown des (0, 14, 14) (0, "USER_TO_PHONE !A !OFFHOOK", 1) (1, "PHONE_TO_USER !A !DIALTONE", 2) (2, "USER_TO_PHONE !A !DIAL !B", 3) (3, "PHONE_TO_USER !B !RINGINGON", 4) (3, "PHONE_TO_USER !A !RINGBACKTONE", 5) (4, "PHONE_TO_USER !A !RINGBACKTONE", 6) (5, "PHONE_TO_USER !B !RINGINGON", 6) (6, i, 7) (7, "USER_TO_PHONE !B !OFFHOOK", 8) (8, "PHONE_TO_USER !A !RINGBACKTONEOFF", 9) (9, "USER_TO_PHONE !B !ONHOOK", 10) (10, "PHONE_TO_USER !A !DISCONNECTTONE", 11) (11, "USER_TO_PHONE !A !ONHOOK", 12) (12, ACCEPT, 12) scenario Aldebaran format

ADT lotos spec scenarios from UCMUCM TGV test suite lotos scenario bcg_min scenario CAESAR ENVIRONMENT Choose scenarios to cover all UCM

scenarioForwardTakeDown Test suite generated with TGV

New Topics: CPL and SIP n CPL, the SIP Call Processing Language CPL has a logic somewhat similar to the one of LOTOS: communicating processes, with no explicit notion of state Develop formal semantics for CPL based on LOTOS Develop FI detection methods for CPL based on LOTOS

New Topics: The whole method n Exploring the relation between interaction resolution methods (e.g. OPI) UCMs, LOTOS-based methods n Three methodologies that must work together but are not (yet) clearly coordinated where do we start, how to use them together

Proof of concept has been provided, but many challenges are ahead...