micon 2000 f ormal methods for design methodology by luigi logrippo with d. amyot, r. chan, l....
DESCRIPTION
What does this buy us n Validation and Verification Feature Interaction Detection n Semi-automatic derivation of functional test cases n Semi-automatic derivation of implementations n The design process extends itself into implementation and testingTRANSCRIPT
MICON 2000
Formal methods for design methodology
by Luigi Logrippo with D. Amyot, R. Chan, L. Charfi, N. Gorse, J.Sincennes, R. Plesa,...
SCHOOL OF INFORMATION TECHNOLOGY AND ENGINEERING
UNIVERSITY OF OTTAWA
Basic Idea Use Case Maps provide a good basis for high-
level description and design of many aspects of telecom systems
LOTOS is a formal language that matches UCMs in level of abstraction
Translate UCMs into LOTOS and then use LOTOS formal methodology
The LOTOS spec is a ‘formal prototype’ for the UCM requirements
What does this buy us
Validation and Verification� Feature Interaction Detection
Semi-automatic derivation of functional test cases
Semi-automatic derivation of implementations
The design process extends itself into implementation and testing
From UCMs to LOTOSStart/end pointsResponsibilitiesAgents/componentsStubs
Plug-insInter-path causality
Databases, conditions
Visible gatesHidden gatesProcessesProcesses (implement selection policies)ProcessesHidden inter-processsynchronization (msg)Abstract Data Types
Interprocess Communication
LOTOS process synchronization concept can be implemented as a blackboard system
Establishing a relation with a methodology already in place at Mitel
UCM to LOTOS example
Process Agent[A_U, U_A, A_A, req]: (a:Agent, u:User):= U_A !u !a !conReq ?dU:User; req !dU ?dA; A_A !a !dA !conReq !dU; ( A_A !dA !a !conConf !ring; A_U !a !u !conConf !ring; exit [] (* - OR - *) A_A !dA !a !conConf !busy; A_U !a !u !conConf !busy; exit )endproc
Process User[ dial, U_A, A_U, ringBack, busyTone ]:(a:Agent, u:User):= dial !u ?dU:User; U_A !u !a !conReq !dU; ( A_U !a !u !conConf !ring; ringBack; exit [] (* - OR - *) A_U !a !u !conConf !busy; busyTone; exit )endproc
How to use LOTOS methodology
LOTOS can be used to ‘execute’ UCMs� Scenarios for the UCMs can be obtained� Validation tools can be applied to detect
errors� Functional test cases can be obtained
Detection of feature interactions
New, more efficient methods developed Have both static and dynamic feature
interaction detection Proven performance:
� second place (very near to 1st) in 2000 Feature Interaction contest (Glasgow, Scotland)
Feature Interaction Detection Using Predicate Logic, UCM and LOTOS
Feature Interaction Filtering at requirement stage using Prolog
• Identification of possible interactions• Based on requirements
Based on the UCM model• Validation of the global model
Rapid methodNicolas Gorse Master Thesis
Feature Interaction Detection Using Predicate Logic, UCM and LOTOS (cont’d)
Derivation of a LOTOS specification• Provides an executable model• Provides information for scenario generation
Scenario Generation for possible Interactions identified
• Using information on the structure of the feature• Based on possible interactions identified
Feature Interaction Detection Using Predicate Logic, UCM and LOTOS (cont’d)
Feature Interaction scenario-based validation of the LOTOS specification
• Allows to verify whether the possible interactions identified are present in the LOTOS spec
• Method only identifies possible interactions, however experimental study showed very high hit rate
• Scenarios derived can be reused at final system testing stage
Representation of features� Pre-conditions
• CFA: {subs(B, cfa), concerns(B, cfb), cfa(C)}• CFB: {subs(B, cfb), concerns(B, cfb), busy(A), cfb(D)
� Triggering Events• CFA: {call(A, B)} Same triggering events• CFB: {call(A, B)} for both features
� Results• CFA: {call(A, C)} Different results, • CFB: {call(A, D)} non determinism
Feature Interaction Filtering Using Predicate Logic
Feature Interaction Filtering Using Predicate Logic (cont’d)
Mitel Project• 22 feature descriptions (484 pairs), 4 users• 43 possible interactions found in 84.14 secs
Feature Interaction Contest• 97 feature descriptions (9409 pairs), 4 users• 149 possible interactions found in 1299.93 secs
The representation of features is fairly quick to obtain
Another application:
Derivation of Test Cases
The Big Picture
UCMS
LOTOSspecification
test purposes
mappingM
mappingM
LOTOSscenarios
Validationwith LOLA
TGV
TTCNtest suites
MSCgeneration
LOTOS scenarios used for :(1) the spec validation(2) the TTCN test suite generation
(1)
(2)
Leila Charfi’s Master thesis
Several Tools used:
• LOLA
• CAESAR
• TGV (in CAESAR)
• lot2msc
• . . .
busy idle
incomingCallinitiateCall
onHook
disconnection
Phone 1 Switch Phone 2
offHook
ringStub
Callerdisconnection Calleedisconnection
onHook onHookdisconndisconn
busy
offHooktalk
ringringBack
A coverage algorithm uses the internal
representation of the UCM to cover all possible paths at least once
phone1: startpoint ‘offHook’ ;phone1: resp ‘initiateCall’;phone2: resp ‘incomingCall’;phone2: point ‘busy’;phone1: point ‘busy’;phone1: endpoint ‘onHook’;
phone1: startpoint ‘offHook’ ;phone1: resp ‘initiateCall’;phone2: resp ‘incomingCall’;phone2: point ‘idle’;(phone2: resp ‘ring’;exit |||phone1: resp ‘ringBack’;exit) >>phone2: resp ‘offHook’;switch: point ‘talk’;phone2: startpoint ‘onHook’;switch: resp ‘disconn’;
phone1: startpoint ‘offHook’ ;phone1: resp ‘initiateCall’;phone2: resp ‘incomingCall’;phone2: point ‘idle’;(phone2: resp ‘ring’;exit|||phone1: resp ‘ringBack’;exit) >>phone2: resp ‘offHook’;switch: point ‘talk’;phone1: startpoint ‘onHook’;switch: resp ‘disconn’;
user_to_phone !A !offHook; phone_to_user !A !dialTone; user_to_phone !A !dial !B;( phone_to_user !B !ringingOn; exit ||| phone_to_user !A !ringBackTone; exit) user_to_phone !B !offHook; phone_to_user !A !ringBackToneOff; user_to_phone !B !onHook; phone_to_user !A !disconnectTone; user_to_phone !A !onHook;
lotos scenario
scenarioBusyCallee scenarioForwardTakeDown scenarioBackwardTakeDown
des (0, 14, 14)(0, "USER_TO_PHONE !A !OFFHOOK", 1)(1, "PHONE_TO_USER !A !DIALTONE", 2)(2, "USER_TO_PHONE !A !DIAL !B", 3)(3, "PHONE_TO_USER !B !RINGINGON", 4)(3, "PHONE_TO_USER !A !RINGBACKTONE", 5)(4, "PHONE_TO_USER !A !RINGBACKTONE", 6)(5, "PHONE_TO_USER !B !RINGINGON", 6)(6, i, 7)(7, "USER_TO_PHONE !B !OFFHOOK", 8)(8, "PHONE_TO_USER !A !RINGBACKTONEOFF", 9)(9, "USER_TO_PHONE !B !ONHOOK", 10)(10, "PHONE_TO_USER !A !DISCONNECTTONE", 11)(11, "USER_TO_PHONE !A !ONHOOK", 12)(12, ACCEPT, 12)
scenario Aldebaran format
ADT ADT
lotos spec
scenarios from UCMUCM
TGV
test suite
lotos scenario
bcg_min scenario
CAESAR ENVIRONMENT
Choose scenarios to cover all UCM
scenarioForwardTakeDown Test suite generated with TGV
New Topics: CPL and SIP
CPL, the SIP Call Processing Language� CPL has a logic somewhat similar to the
one of LOTOS: communicating processes, with no explicit notion of state
• Develop formal semantics for CPL based on LOTOS
• Develop FI detection methods for CPL based on LOTOS
New Topics: The whole method
Exploring the relation between � interaction resolution methods (e.g. OPI)� UCMs, � LOTOS-based methods
Three methodologies that must work together but are not (yet) clearly coordinated� where do we start, how to use them together
Proof of concept has been provided,but many challenges are ahead...