![Page 1: 1 A Modularity Assessment Framework for Context-dependent Formal Specifications Naoyasu Ubayashi (Kyushu University, Japan) September 14, 2010 ACoM 2010](https://reader035.vdocuments.us/reader035/viewer/2022062718/56649e7d5503460f94b800d1/html5/thumbnails/1.jpg)
1
A Modularity Assessment Frameworkfor Context-dependent Formal Specifications
Naoyasu Ubayashi (Kyushu University, Japan)
September 14, 2010
ACoM 2010
![Page 2: 1 A Modularity Assessment Framework for Context-dependent Formal Specifications Naoyasu Ubayashi (Kyushu University, Japan) September 14, 2010 ACoM 2010](https://reader035.vdocuments.us/reader035/viewer/2022062718/56649e7d5503460f94b800d1/html5/thumbnails/2.jpg)
Contexts in embedded systems
Many embedded systems not only affect their contexts through actuators but also are affected by their contexts through sensors.
However, traditional PLE is mainly conducted from the viewpoint of system functions, and contexts are only roughly analyzed.
2
Unexpected behavior might emerge in a system if a developer does not recognize any possible conflicting combinations between the system and contexts.
EmbeddedSystem
Actuator
Sensor
Contexts
![Page 3: 1 A Modularity Assessment Framework for Context-dependent Formal Specifications Naoyasu Ubayashi (Kyushu University, Japan) September 14, 2010 ACoM 2010](https://reader035.vdocuments.us/reader035/viewer/2022062718/56649e7d5503460f94b800d1/html5/thumbnails/3.jpg)
3
Our approachCD-PLP (context-dependent product line practicewith lightweight formal approaches)
We proposed a new style of PLE that focuses on constructing embedded systems that take into account the contexts.
CD-PLP
Described in a formal specification language (VDM++)
A configuration can be formally checked!
Naoyasu Ubayashi, et al. :Context-dependent Product Line Practice for Constructing Reliable Embedded Systems, SPLC2010
Core assets described in formal languages are effective for constructing reliable product lines.
However, it is not clear which modularity is adequate from the viewpoint of
Context asset descriptioncrosscutting over system assets
Formal specification vs. V&VModel structures are different when the
purpose of the modeling is V&V
![Page 4: 1 A Modularity Assessment Framework for Context-dependent Formal Specifications Naoyasu Ubayashi (Kyushu University, Japan) September 14, 2010 ACoM 2010](https://reader035.vdocuments.us/reader035/viewer/2022062718/56649e7d5503460f94b800d1/html5/thumbnails/4.jpg)
Today’s my talk-- Next step of CD-PLP
4
Modularity Assessment Framework
forAdequate Core
Asset Descriptions
Formal specification
V & V
Refinement
Which modularity is adequate ?
![Page 5: 1 A Modularity Assessment Framework for Context-dependent Formal Specifications Naoyasu Ubayashi (Kyushu University, Japan) September 14, 2010 ACoM 2010](https://reader035.vdocuments.us/reader035/viewer/2022062718/56649e7d5503460f94b800d1/html5/thumbnails/5.jpg)
Outline
CD-PLP with VDM++ Lesson learned Modularity assessment framework Conclusion
5
![Page 6: 1 A Modularity Assessment Framework for Context-dependent Formal Specifications Naoyasu Ubayashi (Kyushu University, Japan) September 14, 2010 ACoM 2010](https://reader035.vdocuments.us/reader035/viewer/2022062718/56649e7d5503460f94b800d1/html5/thumbnails/6.jpg)
CD-PLP WITH VDM++-- QUICK OVERVIEW --
6
![Page 7: 1 A Modularity Assessment Framework for Context-dependent Formal Specifications Naoyasu Ubayashi (Kyushu University, Japan) September 14, 2010 ACoM 2010](https://reader035.vdocuments.us/reader035/viewer/2022062718/56649e7d5503460f94b800d1/html5/thumbnails/7.jpg)
7
Example: an electric pot
water level sensor
heater
thermistor liquid
context
system
pot
The pot controls the water temperature by turning on or off the heater.
The pot changes its mode to the heat-retaining mode when the temperature becomes 100 Celsius.
The pot observes the volume from the water level.
![Page 8: 1 A Modularity Assessment Framework for Context-dependent Formal Specifications Naoyasu Ubayashi (Kyushu University, Japan) September 14, 2010 ACoM 2010](https://reader035.vdocuments.us/reader035/viewer/2022062718/56649e7d5503460f94b800d1/html5/thumbnails/8.jpg)
8
CD-PLPStep 1: Analyze features:
Boil: () ==> ()Boil() == while thermistor.GetTemperature() <= 100.0 do heater.On();
Step 3: Validate a composed system specification
VDM++
System Line Context Line
Step2: Select a set of features
ControllerHeaterThermistorWater level sensorAir Pressure Low
VDMTools test execution
The boiling point of the water is below 100 Celsius.The controller continues to heat the water.As a result, its volume will be empty.
![Page 9: 1 A Modularity Assessment Framework for Context-dependent Formal Specifications Naoyasu Ubayashi (Kyushu University, Japan) September 14, 2010 ACoM 2010](https://reader035.vdocuments.us/reader035/viewer/2022062718/56649e7d5503460f94b800d1/html5/thumbnails/9.jpg)
LESSON LEARNED
9
![Page 10: 1 A Modularity Assessment Framework for Context-dependent Formal Specifications Naoyasu Ubayashi (Kyushu University, Japan) September 14, 2010 ACoM 2010](https://reader035.vdocuments.us/reader035/viewer/2022062718/56649e7d5503460f94b800d1/html5/thumbnails/10.jpg)
CD-PLP with VDM++/VDMTool
10
Context assets are formally described !A configuration of system and context assets
can be checked !
However, …
Really modular ?
![Page 11: 1 A Modularity Assessment Framework for Context-dependent Formal Specifications Naoyasu Ubayashi (Kyushu University, Japan) September 14, 2010 ACoM 2010](https://reader035.vdocuments.us/reader035/viewer/2022062718/56649e7d5503460f94b800d1/html5/thumbnails/11.jpg)
Core asset developmentusing VDM++
11
Funct
ional
Decom
positio
n !
![Page 12: 1 A Modularity Assessment Framework for Context-dependent Formal Specifications Naoyasu Ubayashi (Kyushu University, Japan) September 14, 2010 ACoM 2010](https://reader035.vdocuments.us/reader035/viewer/2022062718/56649e7d5503460f94b800d1/html5/thumbnails/12.jpg)
Context asset descriptionin VDM++
12
-- CONTEXT-liquid
class Liquidinstance variables protected aap : AtmosphericAirPressure; protected boiling_point : map real to real; protected temperature : real; protected amount : real;
operations public GetAap: () ==> AtmosphericAirPressure GetAap() == return aap;
public SetAap: AtmosphericAirPressure ==> () SetAap(a) == aap := a;
public GetBoilingPoint: real ==> real GetBoilingPoint(atm) == return boiling_point(atm);
public GetTemperature: () ==> real GetTemperature() == return temperature;
public SetTemperature: real ==> () SetTemperature(t) == temperature := t;
public AddTemperature: () ==> () AddTemperature() == if temperature < boiling_point(aap.GetAtm()) then temperature := temperature + 1.0 else (temperature := boiling_point(aap.GetAtm()); amount := amount - 1.0 --- evaporation ) pre temperature <= boiling_point(aap.GetAtm()) post temperature <= boiling_point(aap.GetAtm());
public GetAmount: () ==> real GetAmount() == return amount;
public SetAmount: real ==> () SetAmount(a) == amount := a;
end Liquid
Contexts are abstracted as a set of functions (methods).
Is a functional module adequate for describing contexts ?
Additional constraints are introduced to validate a configuration.
These constraints are needed to execute test facilities supported by VDMTool.
![Page 13: 1 A Modularity Assessment Framework for Context-dependent Formal Specifications Naoyasu Ubayashi (Kyushu University, Japan) September 14, 2010 ACoM 2010](https://reader035.vdocuments.us/reader035/viewer/2022062718/56649e7d5503460f94b800d1/html5/thumbnails/13.jpg)
Lesson learned
13
VDM++ is useful for asset descriptions.
However, VDM++ is not always satisfactory.
At the same time, there are no formal languages that satisfy all of our needs.
Modularity Assessment Frameworkfor
selecting appropriateformal languages
![Page 14: 1 A Modularity Assessment Framework for Context-dependent Formal Specifications Naoyasu Ubayashi (Kyushu University, Japan) September 14, 2010 ACoM 2010](https://reader035.vdocuments.us/reader035/viewer/2022062718/56649e7d5503460f94b800d1/html5/thumbnails/14.jpg)
MODULARITY ASSESSMENT FRAMEWORK
14
![Page 15: 1 A Modularity Assessment Framework for Context-dependent Formal Specifications Naoyasu Ubayashi (Kyushu University, Japan) September 14, 2010 ACoM 2010](https://reader035.vdocuments.us/reader035/viewer/2022062718/56649e7d5503460f94b800d1/html5/thumbnails/15.jpg)
Criteria for assessment
Specifications Expressiveness Composability
V & V Testability Abstraction
Refinement from formal specifications to implementation Traceability
15
Check priority !
1. Expressiveness2. Composability3. Testability4. Abstraction5. Traceability
![Page 16: 1 A Modularity Assessment Framework for Context-dependent Formal Specifications Naoyasu Ubayashi (Kyushu University, Japan) September 14, 2010 ACoM 2010](https://reader035.vdocuments.us/reader035/viewer/2022062718/56649e7d5503460f94b800d1/html5/thumbnails/16.jpg)
Application to CD-PLP with VDM++
16
Although the adoption of VDMTools/VDM++ has several problems, we think that this selection is valid because a configuration can be tested functionally.
High priority
<Our decision>Functional decompositionOO-based modularity
<Drawback>Not easy to express crosscutting
features of contextsOnly functional checking
![Page 17: 1 A Modularity Assessment Framework for Context-dependent Formal Specifications Naoyasu Ubayashi (Kyushu University, Japan) September 14, 2010 ACoM 2010](https://reader035.vdocuments.us/reader035/viewer/2022062718/56649e7d5503460f94b800d1/html5/thumbnails/17.jpg)
17
Major drawback
System features(VDM++)
Context features(VDM++)
featurecomposition
crosscutting
VDM++ cannot modularize a crosscutting feature.
![Page 18: 1 A Modularity Assessment Framework for Context-dependent Formal Specifications Naoyasu Ubayashi (Kyushu University, Japan) September 14, 2010 ACoM 2010](https://reader035.vdocuments.us/reader035/viewer/2022062718/56649e7d5503460f94b800d1/html5/thumbnails/18.jpg)
In case of Alloy …
18
Not Acceptable !Traceability
Testability
However, Alloy is a good tool if the traceability is not important.
![Page 19: 1 A Modularity Assessment Framework for Context-dependent Formal Specifications Naoyasu Ubayashi (Kyushu University, Japan) September 14, 2010 ACoM 2010](https://reader035.vdocuments.us/reader035/viewer/2022062718/56649e7d5503460f94b800d1/html5/thumbnails/19.jpg)
CONCLUSION
19
![Page 20: 1 A Modularity Assessment Framework for Context-dependent Formal Specifications Naoyasu Ubayashi (Kyushu University, Japan) September 14, 2010 ACoM 2010](https://reader035.vdocuments.us/reader035/viewer/2022062718/56649e7d5503460f94b800d1/html5/thumbnails/20.jpg)
Conclusion & Future work
We proposed a modularity assessment framework for selecting appropriate formal languages.
Future work: integrated usage of multiple formal languages.
20
![Page 21: 1 A Modularity Assessment Framework for Context-dependent Formal Specifications Naoyasu Ubayashi (Kyushu University, Japan) September 14, 2010 ACoM 2010](https://reader035.vdocuments.us/reader035/viewer/2022062718/56649e7d5503460f94b800d1/html5/thumbnails/21.jpg)
21
Thank you for your attention.