Presentation is loading. Please wait.

Presentation is loading. Please wait.

CATSY: Catalogue of System and Software Properties

Published byPiers Bryant Modified over 6 years ago

Similar presentations

Presentation on theme: "CATSY: Catalogue of System and Software Properties"— Presentation transcript:

1 CATSY: Catalogue of System and Software Properties
Harold Bruintjes (RWTH) Fondazione Bruno Kesseler (FBK) Space Systems Finland (SSF)

2 Introduction CSSP Catalogue of System and Software Properties
Objective: Define a catalogue of the properties used for early Verification and Validation activities; Provide a systematic way for derivation, specification and flow-down through different architectural levels and across different design phases, and provide technologies for a cohesive environment for the specification and validation activities CATSY: Catalogue of System and Software Properties | Harold Bruintjes | RWTH Aachen, FBK, SSF |

3 CSSP Methodology Three phases:
Informal Analysis: Classification of requirements. Given a requirement taxonomy (in CATSY based on ECSS standards), determine class of individual requirements (not necessarily 1:1 mapping). Formalization: Based on properties (design attributes) associated with taxonomy classes, determine formalization. Formal Validation: Use formal techniques to validate the formalized requirements using formal verification engines. This may find errors in requirements specification or formalization. CATSY: Catalogue of System and Software Properties | Harold Bruintjes | RWTH Aachen, FBK, SSF |

4 CSSP Informal Analysis: Requirement Taxonomy
Derived from ECSS standards For each class, design attributes (properties) are defined Focus is on Technical requirements CATSY: Catalogue of System and Software Properties | Harold Bruintjes | RWTH Aachen, FBK, SSF |

5 CSSP Informal Analysis: Requirement Taxonomy
Derived from ECSS standards For each class, design attributes (properties) are defined Focus is on Technical requirements CATSY: Catalogue of System and Software Properties | Harold Bruintjes | RWTH Aachen, FBK, SSF |

6 CSSP Informal Analysis: Requirement Taxonomy Three types of attributes
Non-formalized Formalized in design model (modes/configuration, subcomponents) SLIM Formalized by property (behavior)  CSSP AADL properties CATSY: Catalogue of System and Software Properties | Harold Bruintjes | RWTH Aachen, FBK, SSF |

7 CSSP Formalization Design attributes are encoded as property values from the CSSP property set One or more property values make up a formal property Formal property can be validated directly, or embedded into a contract CATSY: Catalogue of System and Software Properties | Harold Bruintjes | RWTH Aachen, FBK, SSF |

8 CSSP Formalization: CSSP Property set example
-- Monitoring properties. -- for every input event data port p of numeric type -- if MonitorRange(p) and MonitorResponse(p) are defined, -- the following formal property is defined -- MonitorProperty(p) := "G ((p & mode in MonitorEnabled(p) & -- !(data(p) in MonitorRange(p))) -> F_I MonitorResponse(p))" -- if MonitorEnabled(p) is defined -- where I=[0,MonitorDelay(p)] if MonitorDelay(p) is defined -- else I=[0,+infinity) MonitorRange: range of aadlinteger applies to (event data port); MonitorResponse: reference(event port, event data port) MonitorDelay: Time MonitorEnabled: list of reference(mode) CATSY: Catalogue of System and Software Properties | Harold Bruintjes | RWTH Aachen, FBK, SSF |

9 CSSP Formalization: Contract Based Refinement
Formal properties are specified at component interface level (event and data ports). This allows for a neat definition of refinement, which can be specified at the implementation in terms of subcomponent contracts Contracts: Pair of assumption and guarantee Contract refinements: List of subcomponent contracts CATSY: Catalogue of System and Software Properties | Harold Bruintjes | RWTH Aachen, FBK, SSF |

10 CSSP Formalization: Pattern Based & Generic Properties
Pattern based properties: Formulate property based on patterns using 5 scopes and 8 classes Scopes: Global, Existence, Before, After, Between, After-Until Classes: Universality, Absence, Existence, Recurrence, Precedence, Response, Response Invariance, Until Optionally timed Optionally probabilistic Generic properties: Enter properties directly CATSY: Catalogue of System and Software Properties | Harold Bruintjes | RWTH Aachen, FBK, SSF |

11 CSSP Formalization: Summary of Possible Properties CSSP property set
Generic and pattern properties Contracts and Contract Refinements CATSY: Catalogue of System and Software Properties | Harold Bruintjes | RWTH Aachen, FBK, SSF |

12 Example EagleEye: System structure
CATSY: Catalogue of System and Software Properties | Harold Bruintjes | RWTH Aachen, FBK, SSF |

13 Example CSSP Properties
CATSY: Catalogue of System and Software Properties | Harold Bruintjes | RWTH Aachen, FBK, SSF |

14 Example CSSP Properties
CSSP::PeriodInterval => 10 Sec applies to send_picture_to_ground; CSSP::Function => "compress(picture(EarthImage(AboveEspoo)))" applies to send_picture_to_ground; Trigger send_picture_to_ground every 10 seconds. The value of send_picture_to_ground matches a compressed picture CATSY: Catalogue of System and Software Properties | Harold Bruintjes | RWTH Aachen, FBK, SSF |

15 Example Generic Properties
CATSY: Catalogue of System and Software Properties | Harold Bruintjes | RWTH Aachen, FBK, SSF |

16 Example Generic Properties
SLIMpropset::GenericProperties => ([Name => "system_assumption"; Formula => "always (attitude=EarthAttitude(position) implies image=EarthImage(position))"; ]); CATSY: Catalogue of System and Software Properties | Harold Bruintjes | RWTH Aachen, FBK, SSF |

17 Example Contracts CATSY: Catalogue of System and Software Properties | Harold Bruintjes | RWTH Aachen, FBK, SSF |

18 Example Contracts SLIMpropset::Contracts => ([Name => "system_contract"; Assumption => " system_assumption"; Guarantee => "FunctionProperty(send_picture_to_ground)"; ]); Reuse of both the generic property and CSSP property CATSY: Catalogue of System and Software Properties | Harold Bruintjes | RWTH Aachen, FBK, SSF |

19 Example Contract Refinements
SLIMpropset::ContractRefinements => ([Contract => "system_contract"; SubContracts => ("aocs.control_attitude", "obc.send_picture", "payload.take_picture"); ]); CATSY: Catalogue of System and Software Properties | Harold Bruintjes | RWTH Aachen, FBK, SSF |

20 Example Pattern Properties
CATSY: Catalogue of System and Software Properties | Harold Bruintjes | RWTH Aachen, FBK, SSF |

21 Example Pattern Properties Patterns => (
[ Name => "Property 2"; Pattern => "Globally, {sensors.sensor1.error = error:Dead} holds eventually between 1 and 50 with probability > 0"; ], [ Name => "Property 3"; Pattern => "Globally, {sensors.sensor2.error = error:Dead} holds eventually between 1 and 5 with probability > 0"; ], [ Name => "Property 4"; Pattern => "Globally, {sensors.sensor2.error = error:OK} holds without interruption until {sensors.sensor2.error = error:Glitched} holds between 0 and 10 with probability > 0"; ], [ Name => "Property 5"; Pattern => "Globally, it is always the case that {sensors.sensor2.error = error:OK} holds between 0 and 1 with probability > 0"; ], [ Name => "Property 6"; Pattern => "Globally, if {sensors.sensor2.error = error:OK} holds then it must be the case that {sensors.sensor2.error = error:Glitched} has occurred before between 0 and 10 with probability > 0"; ], [ Name => "Property 7"; Pattern => "Globally, if {sensors.sensor1.error = error:Dead} has occurred then in response {sensors.sensor2.error = error:OK} eventually holds between 0 and 10 with probability > 0"; ] ); CATSY: Catalogue of System and Software Properties | Harold Bruintjes | RWTH Aachen, FBK, SSF |

22 Changes in SLIM Modes and States
system Car end Car; system implementation Car.Impl subcomponents -- subcomponent configuration determined by modes battery : device Battery.Impl in modes (nominal); battery2 : device Battery.Impl in modes (backup); modes -- mode transitions describe configuration changes nominal : initial mode; backup : mode; nominal –[ battery.discharged ]-> backup; end Car.Impl; device Battery features discharged : event port; end Battery; device implementation Battery.Impl charge : data continuous default 100.0; states -- states describe behaviour discharge : initial state while charge’ := -1 and charge >= 0; empty : state; transitions discharge –[ discharged when charge == 0 ]-> empty; end Battery.Impl; Modes and States Separation of configuration and behavior Modes closer to AADL (no invariants, No guards on transitions) States closer to BA CATSY: Catalogue of System and Software Properties | Harold Bruintjes | RWTH Aachen, FBK, SSF |

23 Changes in SLIM Abstract components Input enabled
Provide any possible output (Can also be selected as root) system Car features battery_status : out data port enum(OK, DEAD); end Car; system implementation Car.Impl subcomponents battery : device Battery; flows battery_status := case battery.output > 0 : OK otherwise DEAD end; end Car.Impl; device Battery output : data port real {Default => “12.8”;}; end Battery; CATSY: Catalogue of System and Software Properties | Harold Bruintjes | RWTH Aachen, FBK, SSF |

24 End of Presentation See also

Download ppt "CATSY: Catalogue of System and Software Properties"

Similar presentations

[ §4 : 1 ] 4. Requirements Processes I Overview 4.1Fundamentals 4.2Elicitation 4.3Specification 4.4Verification 4.5Validation Requirements Definition Document.

[ §4 : 1 ] 4. Requirements Processes I Overview 4.1Fundamentals 4.2Elicitation 4.3Specification 4.4Verification 4.5Validation Requirements Definition Document.
Background information Formal verification methods based on theorem proving techniques and model­checking –to prove the absence of errors (in the formal.

Background information Formal verification methods based on theorem proving techniques and model­checking –to prove the absence of errors (in the formal.
® IBM Software Group © 2006 IBM Corporation Rational Software France Object-Oriented Analysis and Design with UML2 and Rational Software Modeler 04. Other.

® IBM Software Group © 2006 IBM Corporation Rational Software France Object-Oriented Analysis and Design with UML2 and Rational Software Modeler 04. Other.
Architectural Design Principles. Outline  Architectural level of design The design of the system in terms of components and connectors and their arrangements.

Architectural Design Principles. Outline  Architectural level of design The design of the system in terms of components and connectors and their arrangements.
Major Exam II Reschedule 5:30 – 7:30 pm in Tue Dec 5 th.

Major Exam II Reschedule 5:30 – 7:30 pm in Tue Dec 5 th.
1 REQUIREMENTS ENGINEERING and SYSTEMS ANALYSIS Elements and Definitions.

1 REQUIREMENTS ENGINEERING and SYSTEMS ANALYSIS Elements and Definitions.
The Software Product Life Cycle. Views of the Software Product Life Cycle  Management  Software engineering  Engineering design  Architectural design.

The Software Product Life Cycle. Views of the Software Product Life Cycle  Management  Software engineering  Engineering design  Architectural design.
SOFTWARE DESIGN (SWD) Instructor: Dr. Hany H. Ammar

SOFTWARE DESIGN (SWD) Instructor: Dr. Hany H. Ammar
WXGE6103 Software Engineering Process and Practice Formal Specification.

WXGE6103 Software Engineering Process and Practice Formal Specification.
Fall 2004EE 3563 Digital Systems Design EE 3563 VHSIC Hardware Description Language  Required Reading: –These Slides –VHDL Tutorial  Very High Speed.

Fall 2004EE 3563 Digital Systems Design EE 3563 VHSIC Hardware Description Language  Required Reading: –These Slides –VHDL Tutorial  Very High Speed.
Deriving Operational Software Specification from System Goals Xin Bai EEL 5881 Course Fall, 2003.

Deriving Operational Software Specification from System Goals Xin Bai EEL 5881 Course Fall, 2003.
Software Requirements: A More Rigorous Look 1. Features and Use Cases at a High Level of Abstraction  Helps to better understand the main characteristics.

Software Requirements: A More Rigorous Look 1. Features and Use Cases at a High Level of Abstraction  Helps to better understand the main characteristics.
© 2006 Pearson Addison-Wesley. All rights reserved 2-1 Chapter 2 Principles of Programming & Software Engineering.

© 2006 Pearson Addison-Wesley. All rights reserved 2-1 Chapter 2 Principles of Programming & Software Engineering.
MEMORY GENERATORS MEMPRO Instructor: Dr. Anthony Johnson Presented by: Rajesh Natarajan Motheeswara Salla.

MEMORY GENERATORS MEMPRO Instructor: Dr. Anthony Johnson Presented by: Rajesh Natarajan Motheeswara Salla.
Architecture Analysis and Design Language: An Overview Drew Gardner.

Architecture Analysis and Design Language: An Overview Drew Gardner.
Formal Verification. Background Information Formal verification methods based on theorem proving techniques and model­checking –To prove the absence of.

Formal Verification. Background Information Formal verification methods based on theorem proving techniques and model­checking –To prove the absence of.
Motivation FACE architecture encourages modularity of components on data boundaries Transport Services Segment interface is centered on sending and receiving.

Motivation FACE architecture encourages modularity of components on data boundaries Transport Services Segment interface is centered on sending and receiving.
OOD-1 11. OO Design. OOD-2 OO Development Requirements Use case analysis OO Analysis –Models from the domain and application OO Design –Mapping of model.

OOD OO Design. OOD-2 OO Development Requirements Use case analysis OO Analysis –Models from the domain and application OO Design –Mapping of model.
Complexity Relief Techniques for Model Checking METU, Aug. 2002 SOFTWARE VERIFICATION WORKSHOP Hüsnü Yenigün Sabanci University Informatics Institute,

Complexity Relief Techniques for Model Checking METU, Aug SOFTWARE VERIFICATION WORKSHOP Hüsnü Yenigün Sabanci University Informatics Institute,
Principles of Programming & Software Engineering

Principles of Programming & Software Engineering

Similar presentations

Ads by Google