Architecture Modeling - SPES 2020
Architecture Modeling - SPES 2020
Architecture Modeling - SPES 2020
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
<strong>Architecture</strong> <strong>Modeling</strong><br />
4.3.2 Establishing Real-Time Contracts<br />
In fact, real-time contracts can be established by employing the same techniques as for functional<br />
contracts. However, establishing real-time requirements is the traditional domain of realtime<br />
scheduling theory. Implementations of the involved components, usually called tasks, are<br />
taken in order to calculate execution times for invocations of the respective components. Due<br />
to a characterization of the underlying (computational) resource, scheduling analysis calculates<br />
worst-case scenarios in order to verify whether the requirements about maximal delays are satisfied.<br />
Since real-time contracts usually define activation scenarios for components, and maximal<br />
delays, real-time scheduling scheduling theory fits well to establish real-time contracts. For<br />
more complex real-time contracts, and at higher abstraction levels where no detailed characterization<br />
of the underlying resources exist, more involved analysis techniques can be applied<br />
such as combination of scheduling analysis and model-checking. In order to improve efficiency,<br />
model-checking techniques can be combined with testing approaches [14].<br />
4.3.3 Establishing Safety Contracts<br />
One possible way to establish safety contracts is to perform a traditional safety analysis (like<br />
fault tree analysis) on an implementation model of the system enriched with failures. The<br />
enriched model contains the nominal as well as the dysfunctional behavior of the system. This<br />
allows to formalize the causality between failures resp. failure combinations and their effects.<br />
As a consequence, notions of (minimal) cut sets and fault trees can be formally related with a<br />
given implementation of the system.<br />
4.3.3.1 Establish safety specification with testing<br />
Based on the enriched model, both the nominal and dysfunctional behavior may be simulated.<br />
Equipped with coverage notions that address that all failures and their combinations need to be<br />
covered, test strategies can be designed to check that the expected safety contracts hold.<br />
4.3.3.2 Establish safety specification with symbolic methods<br />
Similar to the approach for functional specifications, safety contracts can also be established<br />
by symbolic methods that compute the causality between failure combinations and their effect.<br />
Here again, the crucial property of these methods is that they are complete (with respect to the<br />
model enriched with failures). A detailed example for this approach is given ins Section 5.1.3.4.<br />
4.4 Deployment<br />
While the design steps discussed before reason about components of a particular design, two<br />
further design steps are important with respect to different perspectives and abstraction levels,<br />
that is, for the interfaces between whole models.<br />
Perspectives At a certain abstraction level, a system may be designed “from left to right”.<br />
Starting with the operational perspective, requirements engineering results in identifying the<br />
system boundaries and interfaces, and some top-level requirements, often called goals. In the<br />
functional perspective, the functions of the system are identified that are needed to achieve these<br />
goals. In the logical perspective, components are identified that perform the identified functions,<br />
61/ 156