requirement refinement to test case generation for embedded railway control systems
DESCRIPTION
Requirement Refinement to Test Case Generation for Embedded Railway Control Systems. by : Ying YANG 09 /0 6 / 2011. Ph.D Student French institute of science and technology for transport, development and networks (IFSTTAR) Lille, France. Content. Introduction and background - PowerPoint PPT PresentationTRANSCRIPT
![Page 1: Requirement Refinement to Test Case Generation for Embedded Railway Control Systems](https://reader035.vdocuments.net/reader035/viewer/2022070406/5681416c550346895dad4e1a/html5/thumbnails/1.jpg)
Intervenant - date
Requirement Refinement to Test Case Generation for Embedded Railway Control Systems
by : Ying YANGby : Ying YANG0909/0/066//20112011
Ph.D StudentFrench institute of science and technology for transport, development and networks (IFSTTAR)Lille, France
![Page 2: Requirement Refinement to Test Case Generation for Embedded Railway Control Systems](https://reader035.vdocuments.net/reader035/viewer/2022070406/5681416c550346895dad4e1a/html5/thumbnails/2.jpg)
Intervenant - date
Content
• Introduction and background
• Formal specification– Requirement refinement method– A case study
• Formal verification– Method of conformance testing - a framework
![Page 3: Requirement Refinement to Test Case Generation for Embedded Railway Control Systems](https://reader035.vdocuments.net/reader035/viewer/2022070406/5681416c550346895dad4e1a/html5/thumbnails/3.jpg)
Intervenant - date
Content
• Introduction and background
• Formal specification– Requirement refinement method– A case study
• Formal verification– Method of conformance testing - a framework
![Page 4: Requirement Refinement to Test Case Generation for Embedded Railway Control Systems](https://reader035.vdocuments.net/reader035/viewer/2022070406/5681416c550346895dad4e1a/html5/thumbnails/4.jpg)
Intervenant - date
FERROCOTS project
Cabling technology using relay panels
Railway command-control systems
Cabling technology Use of electronic cards with simple logic gates, transistors, diodes and analog circuits to perform logic functions.
Disadvantages Difficult to update the functions Weight Cost
Disadvantages Difficult to update the functions Weight Cost
1
![Page 5: Requirement Refinement to Test Case Generation for Embedded Railway Control Systems](https://reader035.vdocuments.net/reader035/viewer/2022070406/5681416c550346895dad4e1a/html5/thumbnails/5.jpg)
Intervenant - date
FERROCOTS project
COTS-based technology
Railway command-control systems
FPGA COTS-based technologyUse of Commercial-Off-The-Shelf (COTS) components a COTS is a programmable piece of hardware called High Speed Field-Programmable Gate Array (FPGA).
Space-, Weight-, Cost-saving, Flexible Easily maintained Reuse of components
Cabling technology using relay panels
2
![Page 6: Requirement Refinement to Test Case Generation for Embedded Railway Control Systems](https://reader035.vdocuments.net/reader035/viewer/2022070406/5681416c550346895dad4e1a/html5/thumbnails/6.jpg)
Intervenant - date
Content
• Introduction and background
• Formal specification– Requirement refinement method– A case study
• Formal verification– Method of conformance testing - a framework
![Page 7: Requirement Refinement to Test Case Generation for Embedded Railway Control Systems](https://reader035.vdocuments.net/reader035/viewer/2022070406/5681416c550346895dad4e1a/html5/thumbnails/7.jpg)
Intervenant - date
Transformation from informal to formal requirement
3
What we want:
Formal specification – Describe what the system should do– By building a rigorous mathematical model
How to get formal models:
Transformation from informal to formal requirement
Formal modelsRequirement list
Rn: R2:
R1: fonction requirement
Transformation
Traceability
![Page 8: Requirement Refinement to Test Case Generation for Embedded Railway Control Systems](https://reader035.vdocuments.net/reader035/viewer/2022070406/5681416c550346895dad4e1a/html5/thumbnails/8.jpg)
Intervenant - date
Requirement refinement method Objective and introduction
Properties
Requirement document
Raw requirements
Formalization
Refined requirements
Refinement
Analyze
Verification
Requirement refinement method:• A progressive transformation• Assure the requirement traceability
Formal verification :• model-checking • test/simulation
4
![Page 9: Requirement Refinement to Test Case Generation for Embedded Railway Control Systems](https://reader035.vdocuments.net/reader035/viewer/2022070406/5681416c550346895dad4e1a/html5/thumbnails/9.jpg)
Intervenant - date
Process1: requirement refinement process Three refinement patterns
• Refinement patterns:– «Clarify»– «Split»
AND/OR/XOR
– «Modify»«Add»
«Remove»
«Change»
Choose refinement pattern
[requirement directly formalizable]
[requirement need to be refined]
[inconsistent information or obvious errors detected]
[sub-requirements detected]
[ambiguity or fuzzy information detected]
Choose split type Choose modification type
Split AND Split OR Split XOR Add Remove Change
[and]
[or]
[xor] [wrong information]
[Redundant information]
[missing information]
Formalize requirement Send to verification and validation
Clarify requirement
5Activity diagram of requirement refinement process
![Page 10: Requirement Refinement to Test Case Generation for Embedded Railway Control Systems](https://reader035.vdocuments.net/reader035/viewer/2022070406/5681416c550346895dad4e1a/html5/thumbnails/10.jpg)
Intervenant - date
Process 1: requirement refinement process Intro SysML
• SysML
– Modeling for system engineering– Inspirited by UML 2
• Requirement diagram
6
![Page 11: Requirement Refinement to Test Case Generation for Embedded Railway Control Systems](https://reader035.vdocuments.net/reader035/viewer/2022070406/5681416c550346895dad4e1a/html5/thumbnails/11.jpg)
Intervenant - date
Process1: requirement refinement process New stereotypes defined
SysML profile diagram with new stereotypes and their attributes defined
7
Stereotypes
Refinement patterns
«ClarifyReq» «Clarify»
«SplitReq»AND/OR/XOR
«Split» AND/OR/XOR
«ModifyReq» add/remove/change
«Modify»add/remove»/change
![Page 12: Requirement Refinement to Test Case Generation for Embedded Railway Control Systems](https://reader035.vdocuments.net/reader035/viewer/2022070406/5681416c550346895dad4e1a/html5/thumbnails/12.jpg)
Intervenant - date
Process 2: requirement formalization process Formal framework-CTL*
• Formal framework: a temporal logic CTL*– Classical logic + operators with time– A superset of CTL (Computation Tree Logic) et LTL (Linear Time
Logic)
• Why?– For formal verification
• Model checking / test
– “Intuitive” logic Logic operators directly mapped to natural language words, like
“Globally”, “Finally”
8
![Page 13: Requirement Refinement to Test Case Generation for Embedded Railway Control Systems](https://reader035.vdocuments.net/reader035/viewer/2022070406/5681416c550346895dad4e1a/html5/thumbnails/13.jpg)
Intervenant - date
• Path operators
X (next), F (future), U (until), G (globally)…
|= Gp
• State operators
A (always)
Aφ: the formula φ must hold on every path.
R: the train doors can be opened only when the train speed ≤ 2km/h
AG(dooropen → trainspeed ≤ 2km/h).
9
Process 2: requirement formalization process Formal framework-CTL*
![Page 14: Requirement Refinement to Test Case Generation for Embedded Railway Control Systems](https://reader035.vdocuments.net/reader035/viewer/2022070406/5681416c550346895dad4e1a/html5/thumbnails/14.jpg)
Intervenant - date
Case study Train Door Control system
COTS(FPGA)
central console
series of subsystemsSensorsAlarmsFire detectionDoor (un)locking… Local
command
General command
General command
10
Inputs
when a passenger push the button to open one of the doors in the right side of train, the COTS receives a local command, then it verify whether authorization of right-hand doors is true…
![Page 15: Requirement Refinement to Test Case Generation for Embedded Railway Control Systems](https://reader035.vdocuments.net/reader035/viewer/2022070406/5681416c550346895dad4e1a/html5/thumbnails/15.jpg)
Intervenant - date
• The requirement of generating the authorization of door opening is described as follows: – 1) some buttons can allow the driver to generate the authorization for
door opening. a) A push button for cancelling the signal of closing the right-hand doors, which is located on the console. b) A push button for cancelling the signal of closing the left-hand doors, which is located on the console. c) A push button for cancelling the signal of closing the right-hand doors, which is located near the right side of the window in the driving cabin. d) A push button for cancelling the signal of closing the left-hand doors, which is located near the left side of the window in the driving cabin.
– 2) When the train speed is ≤ 2km/h, if the doors are closed and locked, the doors can be authorized to be opened.
11
Case study Train Door Control system
![Page 16: Requirement Refinement to Test Case Generation for Embedded Railway Control Systems](https://reader035.vdocuments.net/reader035/viewer/2022070406/5681416c550346895dad4e1a/html5/thumbnails/16.jpg)
Intervenant - date 12
1) some buttons can allow the driver to generate the authorization for door opening. a) A push button for cancelling the signal of closing the right-hand doors, which is located on the console. b) A push button for cancelling the signal of closing the left-hand doors, which is located on the console. c) A push button for cancelling the signal of closing the right-hand doors, which is located near the right side of the window in the driving cabin. d) A push button for cancelling the signal of closing the left-hand doors, which is located near the left side of the window in the driving cabin.
2) When the train speed is ≤ 2km/h, if the doors are closed and locked, the doors can be authorized to be opened.
1) some buttons can allow the driver to generate the authorization for door opening. a) A push button for cancelling the signal of closing the right-hand doors, which is located on the console. b) A push button for cancelling the signal of closing the left-hand doors, which is located on the console. c) A push button for cancelling the signal of closing the right-hand doors, which is located near the right side of the window in the driving cabin. d) A push button for cancelling the signal of closing the left-hand doors, which is located near the left side of the window in the driving cabin.
2) When the train speed is ≤ 2km/h, if the doors are closed and locked, the doors can be authorized to be opened.
![Page 17: Requirement Refinement to Test Case Generation for Embedded Railway Control Systems](https://reader035.vdocuments.net/reader035/viewer/2022070406/5681416c550346895dad4e1a/html5/thumbnails/17.jpg)
Intervenant - date
R1.1.3 is formalized by P1.1.3 its variables:• PB(C-CD-R)_1: push button 1 for
cancelling the signal of closing the right-hand doors
• PB(C-CD-R)_2 : push button 2 for cancelling the signal of closing the right-hand doors
• AU-OD-R : authorization for opening right-hand doors
P1.1.3 :
))2_)RCDC(PB1_)RCDC(PB(
R)-OD-AU((
AG
13
Case study Train Door Control system
![Page 18: Requirement Refinement to Test Case Generation for Embedded Railway Control Systems](https://reader035.vdocuments.net/reader035/viewer/2022070406/5681416c550346895dad4e1a/html5/thumbnails/18.jpg)
Intervenant - date
P1.1.4 similar to P1.1.3
14
Case study Train Door Control system
))2_)LCDC(PB1_)LCDC(PB(
L)-OD-AU((
AG
![Page 19: Requirement Refinement to Test Case Generation for Embedded Railway Control Systems](https://reader035.vdocuments.net/reader035/viewer/2022070406/5681416c550346895dad4e1a/html5/thumbnails/19.jpg)
Intervenant - date
R1.3.1 is formalized by P1.3.1its variables :• TS: the train speed is ≤ 2km/h• door_R: the set of all the right-hand
doors• close_R and lock_R: the state of right-
hand doors• AU-OD-R : authorization for opening
right-hand doors
P1.3.1 :
P1.3.2 :
)))(_)(_(
)_door((
TB R)-OD-AU((
xRlockxRclose
Rx
AG
15
Case study Train Door Control system
)))(L_)(L_(
)L_door((
TB L)-OD-AU((
xlockxclose
x
AG
![Page 20: Requirement Refinement to Test Case Generation for Embedded Railway Control Systems](https://reader035.vdocuments.net/reader035/viewer/2022070406/5681416c550346895dad4e1a/html5/thumbnails/20.jpg)
Intervenant - date
))2_)(1_)((
)))(_)(_)(door_R((
TB R)-OD-AU((
RODCPBRODCPB
xRlockxRclosex
AG
16
Case study Train Door Control system
))2_)L(1_)L((
)))(L_)(L_)(door_L((
TB L)-OD-AU((
ODCPBODCPB
xlockxclosex
AG
![Page 21: Requirement Refinement to Test Case Generation for Embedded Railway Control Systems](https://reader035.vdocuments.net/reader035/viewer/2022070406/5681416c550346895dad4e1a/html5/thumbnails/21.jpg)
Intervenant - date
Content
• Introduction and background
• Formal specification– Requirement refinement method– A case study
• Formal verification– Method of conformance testing - a framework
![Page 22: Requirement Refinement to Test Case Generation for Embedded Railway Control Systems](https://reader035.vdocuments.net/reader035/viewer/2022070406/5681416c550346895dad4e1a/html5/thumbnails/22.jpg)
Intervenant - date
test generation
EFSM specification
s
test executionvia simultion
test suite Ts
IUT (VDHL) i
test suite tranformation
VDHL test benchTb
conforms to
test verdict log
Conformance testing - a framework
Verification Phase
17
Properties
Formalization
Refined requirements
Testing process
Specification Phase
Model-checking
Testing
![Page 23: Requirement Refinement to Test Case Generation for Embedded Railway Control Systems](https://reader035.vdocuments.net/reader035/viewer/2022070406/5681416c550346895dad4e1a/html5/thumbnails/23.jpg)
Intervenant - date
JING YANG
IFSTTAR, ESTAS, F-59650 Villeneuve d’Ascq, France
Email: [email protected]