Upload
gavin
View
35
Download
0
Embed Size (px)
DESCRIPTION
Requirement Refinement to Test Case Generation for Embedded Railway Control Systems. by : Ying YANG 09 /0 6 / 2011. Ph.D Student French institute of science and technology for transport, development and networks (IFSTTAR) Lille, France. Content. Introduction and background - PowerPoint PPT Presentation
Citation preview
Intervenant - date
Requirement Refinement to Test Case Generation for Embedded Railway Control Systems
by : Ying YANGby : Ying YANG0909/0/066//20112011
Ph.D StudentFrench institute of science and technology for transport, development and networks (IFSTTAR)Lille, France
Intervenant - date
Content
• Introduction and background
• Formal specification– Requirement refinement method– A case study
• Formal verification– Method of conformance testing - a framework
Intervenant - date
Content
• Introduction and background
• Formal specification– Requirement refinement method– A case study
• Formal verification– Method of conformance testing - a framework
Intervenant - date
FERROCOTS project
Cabling technology using relay panels
Railway command-control systems
Cabling technology Use of electronic cards with simple logic gates, transistors, diodes and analog circuits to perform logic functions.
Disadvantages Difficult to update the functions Weight Cost
Disadvantages Difficult to update the functions Weight Cost
1
Intervenant - date
FERROCOTS project
COTS-based technology
Railway command-control systems
FPGA COTS-based technologyUse of Commercial-Off-The-Shelf (COTS) components a COTS is a programmable piece of hardware called High Speed Field-Programmable Gate Array (FPGA).
Space-, Weight-, Cost-saving, Flexible Easily maintained Reuse of components
Cabling technology using relay panels
2
Intervenant - date
Content
• Introduction and background
• Formal specification– Requirement refinement method– A case study
• Formal verification– Method of conformance testing - a framework
Intervenant - date
Transformation from informal to formal requirement
3
What we want:
Formal specification – Describe what the system should do– By building a rigorous mathematical model
How to get formal models:
Transformation from informal to formal requirement
Formal modelsRequirement list
Rn: R2:
R1: fonction requirement
Transformation
Traceability
Intervenant - date
Requirement refinement method Objective and introduction
Properties
Requirement document
Raw requirements
Formalization
Refined requirements
Refinement
Analyze
Verification
Requirement refinement method:• A progressive transformation• Assure the requirement traceability
Formal verification :• model-checking • test/simulation
4
Intervenant - date
Process1: requirement refinement process Three refinement patterns
• Refinement patterns:– «Clarify»– «Split»
AND/OR/XOR
– «Modify»«Add»
«Remove»
«Change»
Choose refinement pattern
[requirement directly formalizable]
[requirement need to be refined]
[inconsistent information or obvious errors detected]
[sub-requirements detected]
[ambiguity or fuzzy information detected]
Choose split type Choose modification type
Split AND Split OR Split XOR Add Remove Change
[and]
[or]
[xor] [wrong information]
[Redundant information]
[missing information]
Formalize requirement Send to verification and validation
Clarify requirement
5Activity diagram of requirement refinement process
Intervenant - date
Process 1: requirement refinement process Intro SysML
• SysML
– Modeling for system engineering– Inspirited by UML 2
• Requirement diagram
6
Intervenant - date
Process1: requirement refinement process New stereotypes defined
SysML profile diagram with new stereotypes and their attributes defined
7
Stereotypes
Refinement patterns
«ClarifyReq» «Clarify»
«SplitReq»AND/OR/XOR
«Split» AND/OR/XOR
«ModifyReq» add/remove/change
«Modify»add/remove»/change
Intervenant - date
Process 2: requirement formalization process Formal framework-CTL*
• Formal framework: a temporal logic CTL*– Classical logic + operators with time– A superset of CTL (Computation Tree Logic) et LTL (Linear Time
Logic)
• Why?– For formal verification
• Model checking / test
– “Intuitive” logic Logic operators directly mapped to natural language words, like
“Globally”, “Finally”
8
Intervenant - date
• Path operators
X (next), F (future), U (until), G (globally)…
|= Gp
• State operators
A (always)
Aφ: the formula φ must hold on every path.
R: the train doors can be opened only when the train speed ≤ 2km/h
AG(dooropen → trainspeed ≤ 2km/h).
9
Process 2: requirement formalization process Formal framework-CTL*
Intervenant - date
Case study Train Door Control system
COTS(FPGA)
central console
series of subsystemsSensorsAlarmsFire detectionDoor (un)locking… Local
command
General command
General command
10
Inputs
when a passenger push the button to open one of the doors in the right side of train, the COTS receives a local command, then it verify whether authorization of right-hand doors is true…
Intervenant - date
• The requirement of generating the authorization of door opening is described as follows: – 1) some buttons can allow the driver to generate the authorization for
door opening. a) A push button for cancelling the signal of closing the right-hand doors, which is located on the console. b) A push button for cancelling the signal of closing the left-hand doors, which is located on the console. c) A push button for cancelling the signal of closing the right-hand doors, which is located near the right side of the window in the driving cabin. d) A push button for cancelling the signal of closing the left-hand doors, which is located near the left side of the window in the driving cabin.
– 2) When the train speed is ≤ 2km/h, if the doors are closed and locked, the doors can be authorized to be opened.
11
Case study Train Door Control system
Intervenant - date 12
1) some buttons can allow the driver to generate the authorization for door opening. a) A push button for cancelling the signal of closing the right-hand doors, which is located on the console. b) A push button for cancelling the signal of closing the left-hand doors, which is located on the console. c) A push button for cancelling the signal of closing the right-hand doors, which is located near the right side of the window in the driving cabin. d) A push button for cancelling the signal of closing the left-hand doors, which is located near the left side of the window in the driving cabin.
2) When the train speed is ≤ 2km/h, if the doors are closed and locked, the doors can be authorized to be opened.
1) some buttons can allow the driver to generate the authorization for door opening. a) A push button for cancelling the signal of closing the right-hand doors, which is located on the console. b) A push button for cancelling the signal of closing the left-hand doors, which is located on the console. c) A push button for cancelling the signal of closing the right-hand doors, which is located near the right side of the window in the driving cabin. d) A push button for cancelling the signal of closing the left-hand doors, which is located near the left side of the window in the driving cabin.
2) When the train speed is ≤ 2km/h, if the doors are closed and locked, the doors can be authorized to be opened.
Intervenant - date
R1.1.3 is formalized by P1.1.3 its variables:• PB(C-CD-R)_1: push button 1 for
cancelling the signal of closing the right-hand doors
• PB(C-CD-R)_2 : push button 2 for cancelling the signal of closing the right-hand doors
• AU-OD-R : authorization for opening right-hand doors
P1.1.3 :
))2_)RCDC(PB1_)RCDC(PB(
R)-OD-AU((
AG
13
Case study Train Door Control system
Intervenant - date
P1.1.4 similar to P1.1.3
14
Case study Train Door Control system
))2_)LCDC(PB1_)LCDC(PB(
L)-OD-AU((
AG
Intervenant - date
R1.3.1 is formalized by P1.3.1its variables :• TS: the train speed is ≤ 2km/h• door_R: the set of all the right-hand
doors• close_R and lock_R: the state of right-
hand doors• AU-OD-R : authorization for opening
right-hand doors
P1.3.1 :
P1.3.2 :
)))(_)(_(
)_door((
TB R)-OD-AU((
xRlockxRclose
Rx
AG
15
Case study Train Door Control system
)))(L_)(L_(
)L_door((
TB L)-OD-AU((
xlockxclose
x
AG
Intervenant - date
))2_)(1_)((
)))(_)(_)(door_R((
TB R)-OD-AU((
RODCPBRODCPB
xRlockxRclosex
AG
16
Case study Train Door Control system
))2_)L(1_)L((
)))(L_)(L_)(door_L((
TB L)-OD-AU((
ODCPBODCPB
xlockxclosex
AG
Intervenant - date
Content
• Introduction and background
• Formal specification– Requirement refinement method– A case study
• Formal verification– Method of conformance testing - a framework
Intervenant - date
test generation
EFSM specification
s
test executionvia simultion
test suite Ts
IUT (VDHL) i
test suite tranformation
VDHL test benchTb
conforms to
test verdict log
Conformance testing - a framework
Verification Phase
17
Properties
Formalization
Refined requirements
Testing process
Specification Phase
Model-checking
Testing
Intervenant - date
JING YANG
IFSTTAR, ESTAS, F-59650 Villeneuve d’Ascq, France
Email: [email protected]