Presentation is loading. Please wait.

Presentation is loading. Please wait.

FORMALIZING REQUIREMENTS Hartmut Lackner, 16 th July 2011, VINO‘11.

Published byEugene Richard Modified over 9 years ago

Similar presentations

Presentation on theme: "FORMALIZING REQUIREMENTS Hartmut Lackner, 16 th July 2011, VINO‘11."— Presentation transcript:

1 FORMALIZING REQUIREMENTS Hartmut Lackner, 16 th July 2011, VINO‘11

2 The Role of Requirements  Requirements are the building blocks for developing a software product.  Detecting errors early saves costs.  Requirements can be considered as the contract between stakeholder and developer.  Tests can „show“ that the requirements are met.  How to formalize requirements for test generation?

3 Contents  Introduction to a Single Requirements Document  Possible Formalizations in  UPPAAL  (UML)  (MS SpecExplorer)  What is this going to be?  (Interactive) Modeling Session

4 The Requirements Document  ECU: Protect a valve to freeze, by killing the engine. The valve controls the gas flow from the tank to the engine.  Definitions  Temperature Sensor reads: invalid, warm, cold, too cold  Time Window: Short (3s), Long (15s)  Initial values  Time Window: Short  Temperature: invalid

5 Rules  If the temperature sensor is more than 3s (short delay) "too cold" a quick stop occurs and the engine is shut off.  If the temperature sensor was invalid and switches to valid again and during the following 3s the temperature is not warm a long delay of 15s is activated. In this state a "too cold" triggers the quick-stop after 15s (long delay). (Long delay replaces the initial short delay).  If the temperature is “warm" then the 3s (short delay) is valid again.  If the valid temperature switches to invalid the 3s (short delay) is valid again.  If during the delay the valid temperature is not "too cold" for more than 0.2s the delay timer is reset to start a new delay period. Definitions Temperature Sensor reads: invalid, warm, cold, too cold Time Window: Short (3s), Long (15s)

6 Modeling: UPPAAL

7 Rule 1 If the temperature sensor is more than 3s (short delay) "too cold" a quick stop occurs and the engine is shut off.  Design Decisions:  One template for each rule  Global Declarations  Channels: changeTemp, quickstop;  clock x;  int[-1,2] temp;  int[3,15] delay; Temperature SensorEngine Rule 1

8 Rule 2  Attention: Clock x is reused  Bad Design?  This Template is dependent on Rule 3 + 4! If the temperature sensor was invalid and switches to valid again and during the following 3s the temperature is not warm a long delay of 15s is activated. In this state a "too cold" triggers the quick-stop after 15s (long delay). (Long delay replaces the initial short delay).

9 Rule 3 + 4 3. If the temperature is “warm" then the 3s (short delay) is valid again. 4. If the valid temperature switches to invalid the 3s (short delay) is valid again. Rule 3Rule 4

10 Rule 5  Local Declaration:  clock y; If during the delay the valid temperature is not "too cold" for more than 0.2s the delay timer is reset to start a new delay period.

11 Next Steps

12 Future Work  Design the UML model  Compare the models to the requirements  Is modeling „straight-forward“?  Generate tests from the models  How strong is the „fault detection capability“ for each model?  Mutation analysis

13 Thanks for your Attention! Questions?

Download ppt "FORMALIZING REQUIREMENTS Hartmut Lackner, 16 th July 2011, VINO‘11."

Similar presentations

IGCSE ICT Control Systems.

IGCSE ICT Control Systems.
Operating Functions.

Operating Functions.
Daikin Altherma™ Troubling Shooting

Daikin Altherma™ Troubling Shooting
(PLEASE SWITCH TO THE SLIDE SHOW MODE)

(PLEASE SWITCH TO THE SLIDE SHOW MODE)
Part 2.2 Well Control. Objectives After reading the chapter and reviewing the materials presented the students will be able to: Understand well control.

Part 2.2 Well Control. Objectives After reading the chapter and reviewing the materials presented the students will be able to: Understand well control.
Jeff Bilger - CSE P 590TU - Winter 2006 The Role of Cryptography in Combating Software Piracy.

Jeff Bilger - CSE P 590TU - Winter 2006 The Role of Cryptography in Combating Software Piracy.
8086 Interrupts. Interrupt Normal prog execution is interrupted by – Some external signal, or – A special instruction in the prog.

8086 Interrupts. Interrupt Normal prog execution is interrupted by – Some external signal, or – A special instruction in the prog.
® IBM Software Group © 2014 IBM Corporation Innovation for a smarter planet MBSE for Complex Systems Development Dr. Bruce Powel Douglass, Ph.D. Chief.

® IBM Software Group © 2014 IBM Corporation Innovation for a smarter planet MBSE for Complex Systems Development Dr. Bruce Powel Douglass, Ph.D. Chief.
1 Introduction to Software Engineering Lecture 42 – Communication Skills.

1 Introduction to Software Engineering Lecture 42 – Communication Skills.
Quality is about testing early and testing often Joe Apuzzo, Ngozi Nwana, Sweety Varghese Student/Faculty Research Day CSIS Pace University May 6th, 2005.

Quality is about testing early and testing often Joe Apuzzo, Ngozi Nwana, Sweety Varghese Student/Faculty Research Day CSIS Pace University May 6th, 2005.
DeltaV Sequence Function Block Tutorial. Introduction For this tutorial, you will gain some skill at building a discrete control function. Our objective.

DeltaV Sequence Function Block Tutorial. Introduction For this tutorial, you will gain some skill at building a discrete control function. Our objective.
TEST CASE DESIGN Prepared by: Fatih Kızkun. OUTLINE Introduction –Importance of Test –Essential Test Case Development A Variety of Test Methods –Risk.

TEST CASE DESIGN Prepared by: Fatih Kızkun. OUTLINE Introduction –Importance of Test –Essential Test Case Development A Variety of Test Methods –Risk.
„ Save Energy and Resources with BRAUMAT Analysis and Options.

„ Save Energy and Resources with BRAUMAT Analysis and Options.
Gas Alarm System 4th Floor, Kjemi V If Gas Alarm, What to do? 1.There is 1 min delay before signal goes to the fire brigades (if high alarm) 2.Hurry to.

Gas Alarm System 4th Floor, Kjemi V If Gas Alarm, What to do? 1.There is 1 min delay before signal goes to the fire brigades (if high alarm) 2.Hurry to.
Timed UML State Machines Ognyana Hristova Tutor: Priv.-Doz. Dr. Thomas Noll June, 2007.

Timed UML State Machines Ognyana Hristova Tutor: Priv.-Doz. Dr. Thomas Noll June, 2007.
-Nikhil Bhatia 28 th October 2009. What is RUP? Central Elements of RUP Project Lifecycle Phases Six Engineering Disciplines Three Supporting Disciplines.

-Nikhil Bhatia 28 th October What is RUP? Central Elements of RUP Project Lifecycle Phases Six Engineering Disciplines Three Supporting Disciplines.
Rapid Application Development (RAD) Software Development Approaches.

Rapid Application Development (RAD) Software Development Approaches.
Renesas Electronics Europe GmbH 00000-A © 2010 Renesas Electronics Corporation. All rights reserved. RL78 Clock Generator.

Renesas Electronics Europe GmbH A © 2010 Renesas Electronics Corporation. All rights reserved. RL78 Clock Generator.
 P&I Diagram  Gas Room Controls  Gas Panels Controls in the Hall  GUI  Oxygen Sensor Cart.

 P&I Diagram  Gas Room Controls  Gas Panels Controls in the Hall  GUI  Oxygen Sensor Cart.
IP2.25.6 Other safety devices © Oxford University Press 2011 Other safety devices.

IP Other safety devices © Oxford University Press 2011 Other safety devices.

Similar presentations

Ads by Google