Presentation is loading. Please wait.

Presentation is loading. Please wait.

Model Checking Early Requirements Specifications in Tropos Presented by Chin-Yi Tsai.

Published byAndrew Bennett Bradford Modified over 8 years ago

Similar presentations

Presentation on theme: "Model Checking Early Requirements Specifications in Tropos Presented by Chin-Yi Tsai."— Presentation transcript:

1 Model Checking Early Requirements Specifications in Tropos Presented by Chin-Yi Tsai

2 2 Outline Introduction Introduction The i* Modeling Language The i* Modeling Language The Formal Tropos Language The Formal Tropos Language Formal Analysis Formal Analysis From Formal Tropos to Model Checking From Formal Tropos to Model Checking Conclusions Conclusions

3 3 Introduction Early requirement Early requirement Understanding the organizational context for an information system Understanding the organizational context for an information system The goal and social dependencies of its stakeholders The goal and social dependencies of its stakeholders Misunderstanding??? Misunderstanding??? Formal Method Formal Method Formal analysis Formal analysis Automatic Automatic difficult difficult To provide a framework for the effective use of formal methods in the early requirements phase To provide a framework for the effective use of formal methods in the early requirements phase

4 4 Introduction (cont’d) The gap between early requirements specification and formal methods. The gap between early requirements specification and formal methods. A new specification language A new specification language Formal Tropos Formal Tropos Primitive concept of early requirements framework Primitive concept of early requirements framework Actor, goal, strategic dependency Actor, goal, strategic dependency Rich temporal analysis technique Rich temporal analysis technique Formal analysis technique Formal analysis technique Model checking to allow for an automatic verification Model checking to allow for an automatic verification i* KAOS NuSMV

5 5 Introduction (cont’d) T-Tool T-Tool Extend i* modeling language into a formal specification language called Formal Tropos Extend i* modeling language into a formal specification language called Formal Tropos KAOS for a rich temporal specification KAOS for a rich temporal specification Extend an existing formal verification technique, model checking Extend an existing formal verification technique, model checking T-Tool is built on top of NuSMV T-Tool is built on top of NuSMV NuSMV: symbolic model checking NuSMV: symbolic model checking

6 6 The i* Modeling Language I* modeling language I* modeling language For the description of early requirements For the description of early requirements Understand and model social settings (actor, goal) Understand and model social settings (actor, goal)

7 7 The Formal Tropos Language

8 8 Adding “class” layer “Classes” Entity Dependencies Attributes are associated to the instances of actors and dependencies (e. g. a customer wants her car to be repaired)

9 9 Modeling the Temporal Aspects Formal Tropos places special emphasis in modeling the strategic aspects of the evolution of the dependencies Formal Tropos places special emphasis in modeling the strategic aspects of the evolution of the dependencies Operationalization? Operationalization? The focus on the two central moments in the life of dependencies and entities The focus on the two central moments in the life of dependencies and entities Creation Creation Fulfillment Fulfillment Formal Tropos allows the designer Formal Tropos allows the designer To specify different modalities for the fulfillment of the dependencies To specify different modalities for the fulfillment of the dependencies To specify temporal constraints on the creation of fulfillment of dependencies and goals To specify temporal constraints on the creation of fulfillment of dependencies and goals

10 10 Goal Modalities

11 11 Behavior Properties

12 12 Constraint Properties Constraint properties determine the possible evolution of the object in the specification Constraint properties determine the possible evolution of the object in the specification Three kinds of properties Three kinds of properties Creation Creation Invariant Invariant fulfillment fulfillment Creation and fulfillment properties may express Creation and fulfillment properties may express Necessary condition Necessary condition Sufficient conditions, or triggers Sufficient conditions, or triggers Necessary and sufficient condition, or definitions Necessary and sufficient condition, or definitions Creation properties should hold at the time of creation of a new instance of the dependency. Fulfillment properties should hold when a dependency is satisfied. Invariant properties should be true throughout the lifetime of the dependency

13 13 Temporal Formulas Properties are specified with formulas given in a first-order linear-time temporal logic Properties are specified with formulas given in a first-order linear-time temporal logic Special predicates “JustCreated(obj)”, Fulfilled(dep)” identify particular moments in the life of the object Special predicates “JustCreated(obj)”, Fulfilled(dep)” identify particular moments in the life of the object Past and future temporal operator can be used in the formulas Past and future temporal operator can be used in the formulas

14 14 Formal Analysis Formal Tropos allows for the following kinds of formal analysis Formal Tropos allows for the following kinds of formal analysis Consistency check Consistency check It aims to verify that there is at least one scenario of the system that respects all the constraints enforced by the requirement specification. It aims to verify that there is at least one scenario of the system that respects all the constraints enforced by the requirement specification. Assertion validation Assertion validation Represent expected behavior of the system through assertion properties Represent expected behavior of the system through assertion properties Possibility check Possibility check There are some scenarios for the system that respects certain possibility properties There are some scenarios for the system that respects certain possibility properties Animation Animation An effective way of communicating with the stakeholder An effective way of communicating with the stakeholder Gives immediate feedback Gives immediate feedback

15 15 Assertion Validation An assertion An assertion Describes expected condition for all the valid scenarios Describes expected condition for all the valid scenarios Is used to guarantee that the specification does not allow for unwanted scenarios Is used to guarantee that the specification does not allow for unwanted scenarios

16 16

17 17 Possibility Check A possibility A possibility Describes expected, valid scenario of specification Describes expected, valid scenario of specification Is used to guarantee that the specification does not rule out any wanted execution of the system Is used to guarantee that the specification does not rule out any wanted execution of the system

18 18 The Technical Details The approach consists of the following 3 steps The approach consists of the following 3 steps The analyst writes a Formal Tropos specification The analyst writes a Formal Tropos specification T-Tool automatically translates the specification into an Intermediate Language T-Tool automatically translates the specification into an Intermediate Language NuSMV performs the formal analysis on the Intermediate Language specification NuSMV performs the formal analysis on the Intermediate Language specification The Intermediate Language The Intermediate Language Small core language with clean semantic Small core language with clean semantic Independent from the specification of Formal Tropos (the Intermediate Language may be applied to other requirement language) Independent from the specification of Formal Tropos (the Intermediate Language may be applied to other requirement language) Independent from any particular analysis techniques (model checking, TLT satisfiability, theorem proving) Independent from any particular analysis techniques (model checking, TLT satisfiability, theorem proving) Formal Tropos Spec. NuSMV IL T-Tool

19 19 The Intermediate Language The strategic flavor of Formal Tropos is lost The strategic flavor of Formal Tropos is lost Focus on the dynamic aspects of the system Focus on the dynamic aspects of the system IL consists of four parts IL consists of four parts Class declarations Class declarations Constraints Constraints Assertions Assertions Possibility properties Possibility properties Entity, actor, dependencies

20 20 Conclusions To define To define Formal Tropos, a formal language for specifying early requirements Formal Tropos, a formal language for specifying early requirements a methodology to extend the requirements with assertions on expected behaviors of the system a methodology to extend the requirements with assertions on expected behaviors of the system a prototype tool (based on NuSMV) to support the proposed approach a prototype tool (based on NuSMV) to support the proposed approach

21 21 Future Work Extend the scope of the approach Extend the scope of the approach Later development phase Later development phase Goal decomposition Goal decomposition Enhance the tool Enhance the tool Better interaction with user Better interaction with user Improve the animation techniques Improve the animation techniques Real case studies Real case studies

Download ppt "Model Checking Early Requirements Specifications in Tropos Presented by Chin-Yi Tsai."

Similar presentations

Design by Contract.

Design by Contract.
2009 – E. Félix Security DSL Toward model-based security engineering: developing a security analysis DSML Véronique Normand, Edith Félix, Thales Research.

2009 – E. Félix Security DSL Toward model-based security engineering: developing a security analysis DSML Véronique Normand, Edith Félix, Thales Research.
Semantics Static semantics Dynamic semantics attribute grammars

Semantics Static semantics Dynamic semantics attribute grammars
Introducing Formal Methods, Module 1, Version 1.1, Oct., 1998 1 Formal Specification and Analytical Verification L 5.

Introducing Formal Methods, Module 1, Version 1.1, Oct., Formal Specification and Analytical Verification L 5.
Identifying, Modifying, Creating, and Removing Monitor Rules for SOC Ricardo Contreras Andrea Zisman

Identifying, Modifying, Creating, and Removing Monitor Rules for SOC Ricardo Contreras Andrea Zisman
Goal and Scenario Validation: a Fluent Combination Chin-Yi Tsai.

Goal and Scenario Validation: a Fluent Combination Chin-Yi Tsai.
1 Semantic Description of Programming languages. 2 Static versus Dynamic Semantics n Static Semantics represents legal forms of programs that cannot be.

1 Semantic Description of Programming languages. 2 Static versus Dynamic Semantics n Static Semantics represents legal forms of programs that cannot be.
Formal Methods in Software Engineering Credit Hours: 3+0 By: Qaisar Javaid Assistant Professor Formal Methods in Software Engineering1.

Formal Methods in Software Engineering Credit Hours: 3+0 By: Qaisar Javaid Assistant Professor Formal Methods in Software Engineering1.
OASIS Reference Model for Service Oriented Architecture 1.0

OASIS Reference Model for Service Oriented Architecture 1.0
L4-1-S1 UML Overview © M.E. Fayad 2000 -- 2005 SJSU -- CmpE Software Architectures Dr. M.E. Fayad, Professor Computer Engineering Department, Room #283I.

L4-1-S1 UML Overview © M.E. Fayad SJSU -- CmpE Software Architectures Dr. M.E. Fayad, Professor Computer Engineering Department, Room #283I.
Chapter 6 Methodology Conceptual Databases Design Transparencies © Pearson Education Limited 1995, 2005.

Chapter 6 Methodology Conceptual Databases Design Transparencies © Pearson Education Limited 1995, 2005.
Temporal Logic of Actions (TLA) Leslie Lamport

Temporal Logic of Actions (TLA) Leslie Lamport
UML CASE Tool. ABSTRACT Domain analysis enables identifying families of applications and capturing their terminology in order to assist and guide system.

UML CASE Tool. ABSTRACT Domain analysis enables identifying families of applications and capturing their terminology in order to assist and guide system.
Formalizing an Adaptive Security Infrastructure in Mob adtl Laura Semini & Carlo Montangero dip. Informatica, Pisa Outline Mob adtl instance ASI Mob adtl.

Formalizing an Adaptive Security Infrastructure in Mob adtl Laura Semini & Carlo Montangero dip. Informatica, Pisa Outline Mob adtl instance ASI Mob adtl.
Lecture Fourteen Methodology - Conceptual Database Design

Lecture Fourteen Methodology - Conceptual Database Design
Requirement Engineering – A Roadmap

Requirement Engineering – A Roadmap
CS 330 Programming Languages 09 / 16 / 2008 Instructor: Michael Eckmann.

CS 330 Programming Languages 09 / 16 / 2008 Instructor: Michael Eckmann.
Describing Syntax and Semantics

Describing Syntax and Semantics
School of Computer ScienceG53FSP Formal Specification1 Dr. Rong Qu Introduction to Formal Specification

School of Computer ScienceG53FSP Formal Specification1 Dr. Rong Qu Introduction to Formal Specification
AOSE-2003, Melbourne July 15 th 1 Agent Oriented modeling by interleaving formal and informal analysis Anna Perini 1, Marco Pistore 2,1, Marco Roveri 1,

AOSE-2003, Melbourne July 15 th 1 Agent Oriented modeling by interleaving formal and informal analysis Anna Perini 1, Marco Pistore 2,1, Marco Roveri 1,

Similar presentations

Ads by Google