omg astah gsn demonstration
DESCRIPTION
At OMG meeting on Dec. 12, 2014, we presented astah GSN. We have been developing a new GSN(Goal Structuring Notation) tool on top of our UML/SysML tool "Astah" to covert both system's Design Model(as UML/SysML) and Assurance Case Model(as GSN) together. In this session, we will demonstrate and explain how we have integrated the two models in the same user interface.TRANSCRIPT
Integrating UML/SysML and
GSN/Assurance Case:
New Tool Demonstration
Kenji Hiranabe (Change Vision, Inc)Kenji Taguchi (AIST)
Agenda
• Introduction
• Background and Goals
• Our GSN Demo
• Conclusion
• Future Ideas
Change Vision, Inc. Overview
• Founded February 22, 2006
• Representative- President and CEO : Kenji Hiranabe
• Locations– US Office
66 Front St, Berea, Ohio, 44017, USA
– HeadquartersUeno HS Building 8th floor, 2-7-7, Ueno, Taito-ku, Tokyo 110-0005 Japan
– Fukui Office3-111 Toiyacho, Fukui City, Fukui 918-8231 Japan
Fukui
Tokyo
Astah
Community
Lightweight, easy-to-use, and free UML modeler,
For free.
Astah
Professional
Full-featured edition with UML, ERD, DFD, Flowchart, CRUD,
Mind Maps and Requirements Table integrated together.
Astah
SysML
Simple SysML Edition
Astah
GSN
Simple GSN Edition (αααα)
Astah Family
June, 2013
NEW
Dec, 2013
NEW
Germany 10486
Taiwan 7480
India 5278
Poland 4505
France 4235
UK 3435
Others 50737
Japan41%
Taiwan2%
UK1%
Others14%
France1%Poland
1%India1%
USA3%China3%
Brazil30%
Germany3%
There is a big user community in Brazil .
Half of the non-JP users are in Brazil.
wide acceptance in Brazil
Our Projects
Noriaki Ando
Kenji Hiranabe
Toshihiro Okamura
Geoffrey Biggs
Kenji Taguchi
SysML to RTC
GSN/Assurance Case
Last Year
Today!
Example GSN(and Legend)
Control System is
acceptably safe to operate
G1
Operating Role and Context
C1
Control System Definition
C2
Tolerability targets (Ref Z)
C3
All identified hazards have been eliminated or sufficiently mitigated
G2
Hazards identified
from FHA (Ref Y)
C4
Argument over each identified hazards
S1
Hazard H1 has been
eliminated
G4
Probability of Hazard H2
occuring < 1x10-6 per year
G5
Formal
Verification
Sn1
A
All hazards have been identified
A1
Goal
(Claim) Context
Assumption
Solution
(Evidence)
Strategy
SupportedBy
InContextOf
Probability of Hazard H3 occuring < 1x10-3
per year
M2
Module
Astah GSN
•Conformance to “GSN COMMUNITY STANDARD V1”
•“Yorkish” style diagram
•Focus on Usability
•Multi-Platform
– Mac/Linux/Win
•Integration
with UML/SysML
•SACM XMI import/export
Demo
�Demonstrate the movements
(Spiral and Back-and-Forth) by
controlling multiple autonomous
robots from externally. Operator
can switch between the
autonomous mode and
demonstration mode.
�Hardware architecture is
already known, we use Roomba
with PC that can control it using
Wi-Fi and use Kinect to switch
the mode.
Problem Description
kinect
OperatorController PC
Receiver PC
Roomba
Wi-Fi
SysML: Overview
SysML: req [Core requirements]
SysML: req [Robot requirements]
SysML: req [Controller requirements]
SysML: bdd [Context diagram]
SysML: bdd System Struture&Interface
GSN for the system
System is acceptably safe to operate
G1
System Definition(BDD: Demo components)
C1
Argument over each component
S1
Robot is acceptably safe
Robot Module
Control System is acceptably safe
Control module
GSN – UML/SysML
Drag & Drop
UML/SysML Diagrams
on GSN Elements
You can jump to
the diagram
Module
You can create GSN
inside Modules.
Robot Module
Robot is acceptably safe
G2
Max speed is lower
than 10cm/sec
G3
Operator can stop
Robot anytime
G4
Everyone can stop
Robot by pushing the power button anytime
G5
Safety
functional requirements
Sn1
(Req: Stop immediately)
C1
Import/Export XMI
SACM ver 1.0
(Structured
Assurance Case
Metamodel)
with some
restrictions
Conclusion
• We have developed a new GSN tool.
• GSN and SysML/UML in one solution, and implemented links between each other.
• An Easy-to-use tool(Astah GSN) boosts effectiveness of assurance case modeling.
• Need standard to exchange GSN models (hope to see SACM 2.0).
Difficulties
• Relationship between GSN models and SACM’s
is not known for some elements
• Difficult to adopt SACM as the data format for
GSN tools because SACM is still under
development
• Hard part in using SACM(ARM) as GSN tools
– Can not recognize the kind of a element before
adding a relationship. (Ex. Solution)
GSN - SACM
GSN Ver. 1.0 SACM Ver1.0
Goal Claim
Context InformationElement
Strategy ArgumentReasoning
Solution InformationElement linked using
an AssertedEvidence instance
SupportedBy AssertedInference(Or
AssertedEvidence when linked
to Solution). The arrow head
attaches to the source element.
InContextOf AssertedContext. The arrow
head attaches to the source
element.
Undeveloped ToBeSupported = true
Assumption Claim linked using an XXRelation
instance?
Justification Claim linked using an
YYRelation instance?
GSN Ver. 1.0 SACM Ver1.0
Module Argumentation?
Contract ?
Away Goal CitationElement?
Away Solution CitationElement?
Away Context CitationElement?
ToBeSupporte
dByContract
?
Elements of
Argument
Patterns
?
SACM 1.0 is not ready for GSN Extensions
Future Topics
• Traceability and impact analysis from/to GSN to SysML via the tool.
• Further support for modular extensions and pattern extensions.
• SACM XMI with modular extensions
and pattern extensions.
Thank you
Kenji Hiranabe
Toshihiro Okamura
We are exhibiting the
tools. Please visit us.
Michael Jesse Chonoles
Free Trial Download:
astah.net/gsn
Free Trial Download:
astah.net/gsn