Architecture Modeling - SPES 2020
Architecture Modeling - SPES 2020
Architecture Modeling - SPES 2020
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
4.3 Satisfaction<br />
<strong>Architecture</strong> <strong>Modeling</strong><br />
Although implementation aspects are not considered here 2 , implementing identified components<br />
is a primitive design step, and thus the necessary proof obligations shall be discussed.<br />
Formally, the contracts of a component characterize allowed behavior of the component. Thus,<br />
any implementation of a component must satisfy its contracts. In other words, an implementation<br />
of a component satisfies its specification if its behavior does not violates its specified one,<br />
or, it must not behave other than proposed by its specification. That way, the behavior of a<br />
component defined by its implementation can be seen as a refinement which has to be shown:<br />
M is a correct implementation of C if and only if [[M]] ⊆ [[C]]<br />
where M denotes an implementation of the respective component.<br />
<strong>SPES</strong>MM provides concepts to specify implementations for components employing the same<br />
underlying formal semantics as for contracts. This is however convenient only for some special<br />
cases and thus <strong>SPES</strong>MM does not rely on it. It rather provides an open and extensible approach<br />
to integrate any kind of implementations such as Real-Time StateCharts, MatLab models and<br />
even C-Code. That way, it is left to the needs of the respective design processes to reason<br />
about satisfaction, and to define sufficient and necessary conditions based on the needs, e.g., for<br />
certification.<br />
4.3.1 Establishing Functional Specifications<br />
At least two different approaches can be distinguished to establish functional specification:<br />
formal verification due to model-checking, and testing.<br />
4.3.1.1 Establish functional specifications with model-checking<br />
Formal verification of functional behavior is a well-established research area, and various formalisms<br />
and model-checking techniques have been developed so far. The AutoFocus and the<br />
FUJABA Real-Time tool suites for example provide effective functional verification. Formal<br />
verification techniques for Real-Time StateCharts and also for MatLab Simulink models exist.<br />
Exhaustive verification is indeed a challenging task due to complexity reasons. There are however<br />
industrial relevant approaches. For example, C-Code verification by model-checking is<br />
known to be effectively applicable for a number of years.<br />
4.3.1.2 Establish functional specifications with testing<br />
Another way to establish functional contracts is due to HIL-testing. To this end, the implementation<br />
is executed on a prototyping platform, and execution traces are captured while running<br />
the system. In a subsequent hosted simulation, the traces are checked against the (executable)<br />
contract specifications. Indeed also other ways exist for testing, such as the implementation of<br />
the specification which runs in parallel to the implementation code. Also often more abstract<br />
implementations are considered, which is the domain of simulation.<br />
2 see for example Sections 3 and 6.2<br />
60/ 156