analysing fault-tolerant system using kaos/faust
DESCRIPTION
Analysing Fault-Tolerant System using KAOS/FAUST. C. Ponsard, P. Massonet, J.F. Molderez (CETIC) A. van Lamsweerde (UCL/INGI). Short presentation & Demo REFT’05, Newcastle (UK). Key Idea. B Method: from specification to code “correct by construction” approach - PowerPoint PPT PresentationTRANSCRIPT
![Page 1: Analysing Fault-Tolerant System using KAOS/FAUST](https://reader036.vdocuments.net/reader036/viewer/2022062815/5681301f550346895d959ee5/html5/thumbnails/1.jpg)
Analysing Fault-Tolerant System using KAOS/FAUST
C. Ponsard, P. Massonet, J.F. Molderez (CETIC)
A. van Lamsweerde (UCL/INGI)Short presentation & DemoREFT’05, Newcastle (UK)
![Page 2: Analysing Fault-Tolerant System using KAOS/FAUST](https://reader036.vdocuments.net/reader036/viewer/2022062815/5681301f550346895d959ee5/html5/thumbnails/2.jpg)
Key IdeaKey Idea
B Method:from specification to code “correct by construction” approachmoving towards requirements“System B” models of both SW/HW/environment
KAOSsimilar approach at requirements levelalso refinement approach (property based)reason the design of the composite systemexplore alternative designs, reason about agent responsibilitiesassess/improve the robustness of the systemtool support: FAUST
• based on Objectiver semi-formal RE platform (providing conceptual repository, graph edit, doc. generation,…)
• Seamless integration for optimal communication looks complementary and worth investigating current status of on-going work
![Page 3: Analysing Fault-Tolerant System using KAOS/FAUST](https://reader036.vdocuments.net/reader036/viewer/2022062815/5681301f550346895d959ee5/html5/thumbnails/3.jpg)
Structuring Properties Structuring Properties using a Goal Model (with KAOS)using a Goal Model (with KAOS)
EffectivePassengersTransportation
SafeTransportationRapidTransportation
BlockSpeed Limited
DoorsClosedWhileMoving
TrainCollision
ProgressWhen GoSignal
SignalSet ToGo
TrainProgress Delay
HOW? WHY?
MoreTrainsRunning
S2B
WorstCaseStoppingDistanceMaintained
current
TrainsOnSameBlock
On (tr, b) On (tr, next(b))
On(tr,b) Go[next(b)] On(tr,next(b))
On(tr,b) Go[next(b)]
On (tr, b) On (tr, b) W On (tr,next(b))
TrainWaiting
![Page 4: Analysing Fault-Tolerant System using KAOS/FAUST](https://reader036.vdocuments.net/reader036/viewer/2022062815/5681301f550346895d959ee5/html5/thumbnails/4.jpg)
Being PessimisticBeing Pessimistic
AccelerationCommand Not SentInTimeToTrain
WorstCaseStoppingDistanceMaintained
AccelerationCommand NotReceivedInTimeByTrain
...
NotSent SentLate SentToWrongTrain
Acceleration NotSafe
...
AccelerationSentInTimeToTrain
SafeAccelerationComputed
SentCommandReceivedByTrain
ReceivedCommandExecutedByTrain
MilestoneMilestone
ReceivedLate
CorruptedNotReceived
![Page 5: Analysing Fault-Tolerant System using KAOS/FAUST](https://reader036.vdocuments.net/reader036/viewer/2022062815/5681301f550346895d959ee5/html5/thumbnails/5.jpg)
Driving the elaboration Driving the elaboration processprocess
Goal Goal ModelModel
TrainTrain TrackSegmentTrackSegment0:10:1OnOn
Object ModelObject Model Agent ModelAgent Model
SafeAccelerSafeAcceler
OperationOperation SendCommand SendCommand DomPreDomPre ¬¬Sent (m, tr)Sent (m, tr) DomPostDomPost Sent (m, tr)Sent (m, tr) ReqPostReqPost forfor SafeAccelerSafeAcceler m.Acceler m.Acceler F(tr, tr.Preced)F(tr, tr.Preced)
Operation Operation ModelModel
NoTrainCollisionNoTrainCollision
![Page 6: Analysing Fault-Tolerant System using KAOS/FAUST](https://reader036.vdocuments.net/reader036/viewer/2022062815/5681301f550346895d959ee5/html5/thumbnails/6.jpg)
Some Derived ArtefactsSome Derived Artefacts
![Page 7: Analysing Fault-Tolerant System using KAOS/FAUST](https://reader036.vdocuments.net/reader036/viewer/2022062815/5681301f550346895d959ee5/html5/thumbnails/7.jpg)
Connection with B/RodinConnection with B/Rodin
B moving towards requirements “System B” models of both SW/HW/environmentRequirements gap is a well known problem [Abrial]
Refinement approachProperty refinements in KAOSOperational refinements in B
Benefits for direct engineering: Identifying key propertiesBuilding models easier to prove
Benefits for reverse engineering:Structuring key propertiesExplaining model to stakeholders for validation/acceptance
• semi-formal notations, animation, document generation,…Better documentation: less flat document, richer traceability, checks
![Page 8: Analysing Fault-Tolerant System using KAOS/FAUST](https://reader036.vdocuments.net/reader036/viewer/2022062815/5681301f550346895d959ee5/html5/thumbnails/8.jpg)
Agenda for “K2B”Agenda for “K2B”
Practical Scope: Composys style (Clearsy use of System-B)industrial cases (automotive/railway)
From KAOS models to B models:“Automated” generation of initial B specificationFrom set of operation assigned to agentAttach requirements/ higher level goalsAnimation tool ?
From B models to KAOS modelsGuidelines for building goal/object/agent models“B aware” document generation template
MeansApplied research at CETICCollaboration with ClearSy Student task force from UCL (Belgium)
![Page 9: Analysing Fault-Tolerant System using KAOS/FAUST](https://reader036.vdocuments.net/reader036/viewer/2022062815/5681301f550346895d959ee5/html5/thumbnails/9.jpg)
DemoDemo
during coffee break
![Page 10: Analysing Fault-Tolerant System using KAOS/FAUST](https://reader036.vdocuments.net/reader036/viewer/2022062815/5681301f550346895d959ee5/html5/thumbnails/10.jpg)
FAUST ArchitectureFAUST Architecture
![Page 11: Analysing Fault-Tolerant System using KAOS/FAUST](https://reader036.vdocuments.net/reader036/viewer/2022062815/5681301f550346895d959ee5/html5/thumbnails/11.jpg)
Interface du vérificateur de Interface du vérificateur de raffinementsraffinements
![Page 12: Analysing Fault-Tolerant System using KAOS/FAUST](https://reader036.vdocuments.net/reader036/viewer/2022062815/5681301f550346895d959ee5/html5/thumbnails/12.jpg)
Interface de l’animateurInterface de l’animateur