D.3.3 ALGORITHMS FOR INCREMENTAL ... - SecureChange
D.3.3 ALGORITHMS FOR INCREMENTAL ... - SecureChange
D.3.3 ALGORITHMS FOR INCREMENTAL ... - SecureChange
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
18 F. Massacci and L.M.S. Tran<br />
When propagated upward, depend on the kinds of predecessor nodes and the<br />
kinds of connections among nodes, suitable operation (join or concat) will<br />
be applied. join is used to generate the DAT of a compound node where the<br />
semantic is that all child node are chosen. Whereas, concat is used to generate<br />
the DAT of a goal node or observable node where the semantic is the selection of<br />
one among its successor.<br />
8 M “<br />
map〈x,i,pi<br />
〉 i)”<br />
DAT(g<br />
∀〈g i ,x,p i 〉∈E<br />
>< M<br />
DAT(c<br />
DAT (x) ←<br />
i )<br />
∀〈c i ,x,1〉∈E<br />
O<br />
DAT(x i )<br />
>:<br />
∀〈x i ,x,p i 〉∈E<br />
x is an observable node,<br />
x is a goal node.<br />
x is a compound node.<br />
(9)<br />
where map 〈x,i,pi 〉 DAT(x) = [ j<br />
{〈S j , p i · mb j , 1 − p i · rr j , 〈x, i〉 ‖T j 〉}. The operator ‘‖’<br />
denotes the string concatenation operation e.g., a‖ {b, c} = {ab, ac}.<br />
We assume that there are only one top goal in the goal model. Even though it is<br />
not the case in practice, we are always able to introduce a new phantom root goal<br />
which is AND-decomposed to all existing top goals. This trick ensures that there<br />
is only one root DAT generated. Once the DAT of root node is generated, it is used<br />
to calculate the max belief and residual risk of an arbitrary configuration C.<br />
To this end, given an evolutionary goal model eGM with root node is x 0 , the<br />
following formulae calculate the max belief and residual risk of a configuration C.<br />
where<br />
MaxB(C) = max mb i<br />
∀〈S i ,mb i ,rr i ,T i 〉∈SDA(C)<br />
X<br />
(10)<br />
RRisk(C) = 1 −<br />
rr i<br />
∀〈S i ,mb i ,rr i ,T i 〉∈SDA(C)<br />
∀ 〈S i , mb i , rr i , T i 〉 ∈ DAT(x 0 ).C ⊇ S i ∧∄ 〈·, ·, ·, T i 〉 ∈ SDA(C) ⇒ 〈S i , mb i , rr i , T i 〉 ∈ SDA(C)<br />
Notice that two or more tuples in an DAT which have a same T i determine that<br />
they are design alternatives fulfilling a same observable evolution possibility. Thus,<br />
when calculating residual risk, only one of them is taken into account.<br />
Algo. 1 presents the algorithm that generates DATs for every node in a given<br />
evolutionary hypergraph. The algorithm comprise two procedures, generateDAT<br />
and initializeDAT. The later (line 23–34) initializes DATs for every nodes<br />
in accordance to Formula 5. This procedure also initializes two data structures,<br />
REACH and Q. The later holds list of ready-to-process nodes which have their<br />
successors DATs properly generated, whereas the former holds the number of unprocessed<br />
child nodes of an arbitrary node. In other words, REACH[x] is 0 if and<br />
only if x is ready to process. Initially, all leaf nodes are enqueued as they are ready<br />
to process.<br />
The former procedure, generateDAT, generates DATs of non-leaf nodes by<br />
synthesizing successors’ DATs. The basic idea of the procedure is as follows. First,