Presentation is loading. Please wait.

Presentation is loading. Please wait.

John D. McGregor Session 6 Preparing for Architecture V & V

Published bySucianty Kusuma Modified over 6 years ago

Similar presentations

Presentation on theme: "John D. McGregor Session 6 Preparing for Architecture V & V"— Presentation transcript:

1 John D. McGregor Session 6 Preparing for Architecture V & V
CPSC 873 John D. McGregor Session 6 Preparing for Architecture V & V

2 Modern development techniques
verification architecture requirements

3 So far Use cases Requirements Decomposition reconsider Idea
Architecture Implementation Retire Scope review feedback Configuration management Process/ notations Infrastructure

4 Decomposition

5 Hazards In identifying hazards there are two principal considerations: exceptional conditions within architecture elements (characterized using the EMV2 error ontology) and mismatched assumptions (mismatched assumption-guarantee contracts between systems) about their interactions. We will handle both

6 Hazard Analysis

7 Traceability As we build the requirements model we have traceability in the form of references to the entity constrained by the requirement. We also have traceability via requirements categories.

8 Agree model checking An annex to AADL that allows the specification of guarantees and checks their correctness. annex agree {** guarantee ”dummy” : true ; **}; Inserted into an AADL component specification We need to replace dummy and true

9 2. Select .impl and right click and select all levels 1. insert 3. Read results

10 Agree example-1 system top_level features
Input: in data port Base_Types::Integer; Output: out data port Base_Types::Integer; annex agree {** assume "System input range " : Input < 10; guarantee "System output range" : Output < 50; **}; end top_level;

11 Agree example-2 A B subcomponents A_sub : system A ;
B_sub : system B ; C_sub : system C ; connections IN_TO_A : port Input -> A_sub.Input {Communication_Properties::Timing => immediate;}; A_TO_B : port A_sub.Output -> B_sub.Input A_TO_C : port A_sub.Output -> C_sub.Input1 B_TO_C : port B_sub.Output -> C_sub.Input2 C_TO_Output : port C_sub.Output -> Output end top_level.Impl; C

12 Agree example-3 system A features
Input: in data port Base_Types::Integer; Output: out data port Base_Types::Integer; annex agree {** assume "A input range" : Input < 20; guarantee "A output range" : Output < 2*Input; **}; end A ;

13 In-line agree models

14 Function Hazard Analysis
Failure Condition (hazard description) Phase Effect of Failure Condition on Aircraft/Crew Classification Reference to supporting material Verification Control Thrust Engine provides no thrust Engine provides too little thrust Engine provides too much thrust Engine is slow to provide commanded thrust (increase or decrease) Engine will not shutdown when commanded Engine cannot be controlled - Loss of Engine Thrust Control (LOTC) Taxi, Takeoff, Landing , and Flight

15 System-Level (operational) Hazards
Accident System-Level (operational) Hazards A-1: Loss of life or serious injury due to aircraft engine A-2: Catastrophic damage to aircraft or other property due to aircraft engine H0: Ineffective thrust to maintain controlled flight or safe taxi H1: Engine provides no thrust H2: Engine provides too little thrust H3: Engine provides too much thrust H4: Engine is slow to provide thrust (increase or decrease) H5: Engine will not shutdown when commanded H6: Complete Loss of Engine Thrust Control (LOTC)

16 Hazards Safety Requirements H1: Engine provides no thrust SC1: Thrust must be provided at all times when commanded H2: Engine provides too little thrust H3: Engine provides too much thrust SC2: Thrust level must be provided at the commanded level. H4: Engine is slow to provide commanded thrust SC3: Engine must provide commanded thrust in xxx seconds. H5: Engine will not shutdown when commanded [The relevant safety constraints arising out of this include SC1, SC2, and SC4] H6: Engine cannot be controlled - Loss of Engine Thrust Control (LOTC) SC4: Engine must respond to all commands SC4.1: Engine must start when commanded SC4.2: Engine must shutdown when commanded

17 Error handling

18 Resolute SumForThread(t: component) : real =
let executions_per_minute : real = (60.0 * 60.0 * ) / property(t, Period, (60.0 * 60.0 * )); let milliwats_per_execution : real = property(t, Power_Properties::PowerBudget, 0.0); milliwats_per_execution *executions_per_minute

19 Resolute Example Resolute models

20 PCA Shutoff Valve

Download ppt "John D. McGregor Session 6 Preparing for Architecture V & V"

Similar presentations

KAIS T The Vision of Autonomic Computing Jeffrey O. Kephart, David M Chess IBM Watson research Center IEEE Computer, Jan. 2003 발표자 : 이승학.

KAIS T The Vision of Autonomic Computing Jeffrey O. Kephart, David M Chess IBM Watson research Center IEEE Computer, Jan 발표자 : 이승학.
Conquering Complex and Changing Systems Object-Oriented Software Engineering Chapter 4, Requirements Elicitation.

Conquering Complex and Changing Systems Object-Oriented Software Engineering Chapter 4, Requirements Elicitation.
CPSC 872 John D. McGregor Session 22 Architecture Design, cont’d.

CPSC 872 John D. McGregor Session 22 Architecture Design, cont’d.
Page 1 Building Reliable Component-based Systems Chapter 13 -Components in Real-Time Systems Chapter 13 Components in Real-Time Systems.

Page 1 Building Reliable Component-based Systems Chapter 13 -Components in Real-Time Systems Chapter 13 Components in Real-Time Systems.
©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 23 Slide 1 Software testing.

©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 23 Slide 1 Software testing.
Ensuring Non-Functional Properties. What Is an NFP?  A software system’s non-functional property (NFP) is a constraint on the manner in which the system.

Ensuring Non-Functional Properties. What Is an NFP?  A software system’s non-functional property (NFP) is a constraint on the manner in which the system.
©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 23 Slide 1 Software testing.

©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 23 Slide 1 Software testing.
©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 10 Slide 1 Critical Systems Specification 3 Formal Specification.

©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 10 Slide 1 Critical Systems Specification 3 Formal Specification.
©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 10 Slide 1 Formal Specification.

©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 10 Slide 1 Formal Specification.
Software Dependability CIS 376 Bruce R. Maxim UM-Dearborn.

Software Dependability CIS 376 Bruce R. Maxim UM-Dearborn.
©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 23 Slide 1 Software testing.

©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 23 Slide 1 Software testing.
Romaric GUILLERM Hamid DEMMOU LAAS-CNRS Nabil SADOU SUPELEC/IETR.

Romaric GUILLERM Hamid DEMMOU LAAS-CNRS Nabil SADOU SUPELEC/IETR.
CPSC 871 John D. McGregor MSumS2 Summary – technical issues in software engineering.

CPSC 871 John D. McGregor MSumS2 Summary – technical issues in software engineering.
Chapter 6 Software Implementation Process Group

Chapter 6 Software Implementation Process Group
8.1.2003Software Engineering 2003 Jyrki Nummenmaa 1 REQUIREMENT SPECIFICATION Today: Requirements Specification Requirements tell us what the system should.

Software Engineering 2003 Jyrki Nummenmaa 1 REQUIREMENT SPECIFICATION Today: Requirements Specification Requirements tell us what the system should.
SE-02 SOFTWARE ENGINEERING LECTURE 3 Today: Requirements Analysis Requirements tell us what the system should do - not how it should do it. Requirements.

SE-02 SOFTWARE ENGINEERING LECTURE 3 Today: Requirements Analysis Requirements tell us what the system should do - not how it should do it. Requirements.
An Introduction to Software Architecture

An Introduction to Software Architecture
CPSC 875 John D. McGregor Vehicle Technologies. Modern vehicles – 10 years of effort

CPSC 875 John D. McGregor Vehicle Technologies. Modern vehicles – 10 years of effort
© Copyright 2014 Rockwell Collins, Inc. All rights reserved. Resolute: An Assurance Case Language for Architecture Models Andrew Gacek, John Backes, Darren.

© Copyright 2014 Rockwell Collins, Inc. All rights reserved. Resolute: An Assurance Case Language for Architecture Models Andrew Gacek, John Backes, Darren.
Software Engineering – University of Tampere, CS DepartmentJyrki Nummenmaa REQUIREMENT SPECIFICATION Today: Requirements Specification.

Software Engineering – University of Tampere, CS DepartmentJyrki Nummenmaa REQUIREMENT SPECIFICATION Today: Requirements Specification.

Similar presentations

Ads by Google