1 / 13

Building Dependable Systems

Building Dependable Systems. R1. There is a single control button available for the user of the oven. If the oven is idle with the door closed and you push the button, the oven will start cooking (this is, energize the power-tube for one minute).

mahon
Télécharger la présentation

Building Dependable Systems

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Building Dependable Systems

  2. R1. There is a single control button available for the user of the oven. If the oven is idle with the door closed and you push the button, the oven will start cooking (this is, energize the power-tube for one minute). R2. If the button is pushed while the oven is cooking it will cause the oven to cook for an extra minute. R1. There is a single control button available for the user of the oven. If the oven is idle with the door closed and you push the button, the oven will start cooking (this is, energize the power-tube for one minute). R2. If the button is pushed while the oven is cooking it will cause the oven to cook for an extra minute. Ambiguous Defect Removal Formalisation Incomplete Control of Complexity Inconsistent Behavior Trees Informal Requirements Complex Integration Simulation Model Checking Implementation Integrated Behavior Tree

  3. Informal Requirements Informal Requirements Requirement Behavior Trees Requirements Translation R1. There is a single control button available for the user of the oven. If the oven is idle with the door closed and you push the button, the oven will start cooking (this is, energize the power-tube for one minute). R2. If the button is pushed while the oven is cooking it will cause the oven to cook for an extra minute. R3. Pushing the button when the door is open has no effect (because it is disabled). R4. Whenever the oven is cooking or the door is open the light in the oven will be on. R5. Opening the door stops the cooking. R6. Closing the door turns off the light. This is the normal idle state, prior to cooking when the user has placed food in the oven. R7. If the oven times-out, the light and the power-tube are turned off and then a beeper emits a sound to indicate that the cooking is finished. Simulation Integrated Behavior Tree Requirements Integration Verification Component Behavior Tree Implementation

  4. Requirements Translation Informal Requirements Requirement Behavior Trees Requirements Translation R1. There is a single control button available for the user of the oven. If the oven is idle with the door closed and you push the button, the oven will start cooking (this is, energize the power-tube for one minute). R2. If the button is pushed while the oven is cooking it will cause the oven to cook for an extra minute. R3. Pushing the button when the door is open has no effect (because it is disabled). R4. Whenever the oven is cooking or the door is open the light in the oven will be on. R5. Opening the door stops the cooking. R6. Closing the door turns off the light. This is the normal idle state, prior to cooking when the user has placed food in the oven. R7. If the oven times-out, the light and the power-tube are turned off and then a beeper emits a sound to indicate that the cooking is finished. Simulation Integrated Behavior Tree Requirements Integration Verification Component Behavior Tree Implementation

  5. Requirement Behavior Tree Informal Requirements Requirement Behavior Trees Requirements Translation R1. There is a single control button available for the user of the oven. If the oven is idle with the door closed and you push the button, the oven will start cooking (this is, energize the power-tube for one minute). R2. If the button is pushed while the oven is cooking it will cause the oven to cook for an extra minute. R3. Pushing the button when the door is open has no effect (because it is disabled). R4. Whenever the oven is cooking or the door is open the light in the oven will be on. R5. Opening the door stops the cooking. R6. Closing the door turns off the light. This is the normal idle state, prior to cooking when the user has placed food in the oven. R7. If the oven times-out, the light and the power-tube are turned off and then a beeper emits a sound to indicate that the cooking is finished. Simulation Integrated Behavior Tree Requirements Integration Verification Component Behavior Tree Implementation

  6. Requirements Integration Informal Requirements Requirement Behavior Trees Requirements Translation R1. There is a single control button available for the user of the oven. If the oven is idle with the door closed and you push the button, the oven will start cooking (this is, energize the power-tube for one minute). R2. If the button is pushed while the oven is cooking it will cause the oven to cook for an extra minute. R3. Pushing the button when the door is open has no effect (because it is disabled). R4. Whenever the oven is cooking or the door is open the light in the oven will be on. R5. Opening the door stops the cooking. R6. Closing the door turns off the light. This is the normal idle state, prior to cooking when the user has placed food in the oven. R7. If the oven times-out, the light and the power-tube are turned off and then a beeper emits a sound to indicate that the cooking is finished. Simulation Integrated Behavior Tree Requirements Integration Verification Component Behavior Tree Implementation

  7. Integrated Behavior Tree Informal Requirements Requirement Behavior Trees Requirements Translation R1. There is a single control button available for the user of the oven. If the oven is idle with the door closed and you push the button, the oven will start cooking (this is, energize the power-tube for one minute). R2. If the button is pushed while the oven is cooking it will cause the oven to cook for an extra minute. R3. Pushing the button when the door is open has no effect (because it is disabled). R4. Whenever the oven is cooking or the door is open the light in the oven will be on. R5. Opening the door stops the cooking. R6. Closing the door turns off the light. This is the normal idle state, prior to cooking when the user has placed food in the oven. R7. If the oven times-out, the light and the power-tube are turned off and then a beeper emits a sound to indicate that the cooking is finished. Simulation Integrated Behavior Tree Requirements Integration Verification Component Behavior Tree Implementation

  8. Component Behavior Tree Informal Requirements Requirement Behavior Trees Requirements Translation R1. There is a single control button available for the user of the oven. If the oven is idle with the door closed and you push the button, the oven will start cooking (this is, energize the power-tube for one minute). R2. If the button is pushed while the oven is cooking it will cause the oven to cook for an extra minute. R3. Pushing the button when the door is open has no effect (because it is disabled). R4. Whenever the oven is cooking or the door is open the light in the oven will be on. R5. Opening the door stops the cooking. R6. Closing the door turns off the light. This is the normal idle state, prior to cooking when the user has placed food in the oven. R7. If the oven times-out, the light and the power-tube are turned off and then a beeper emits a sound to indicate that the cooking is finished. Simulation Integrated Behavior Tree Requirements Integration Verification Component Behavior Tree Implementation

  9. Simulation Informal Requirements Requirement Behavior Trees Requirements Translation R1. There is a single control button available for the user of the oven. If the oven is idle with the door closed and you push the button, the oven will start cooking (this is, energize the power-tube for one minute). R2. If the button is pushed while the oven is cooking it will cause the oven to cook for an extra minute. R3. Pushing the button when the door is open has no effect (because it is disabled). R4. Whenever the oven is cooking or the door is open the light in the oven will be on. R5. Opening the door stops the cooking. R6. Closing the door turns off the light. This is the normal idle state, prior to cooking when the user has placed food in the oven. R7. If the oven times-out, the light and the power-tube are turned off and then a beeper emits a sound to indicate that the cooking is finished. Simulation Integrated Behavior Tree Requirements Integration Verification Component Behavior Tree Implementation

  10. Verification Informal Requirements Requirement Behavior Trees Requirements Translation R1. There is a single control button available for the user of the oven. If the oven is idle with the door closed and you push the button, the oven will start cooking (this is, energize the power-tube for one minute). R2. If the button is pushed while the oven is cooking it will cause the oven to cook for an extra minute. R3. Pushing the button when the door is open has no effect (because it is disabled). R4. Whenever the oven is cooking or the door is open the light in the oven will be on. R5. Opening the door stops the cooking. R6. Closing the door turns off the light. This is the normal idle state, prior to cooking when the user has placed food in the oven. R7. If the oven times-out, the light and the power-tube are turned off and then a beeper emits a sound to indicate that the cooking is finished. Simulation Integrated Behavior Tree Requirements Integration Verification Component Behavior Tree Implementation

  11. Automatically Generated Implementation Informal Requirements Requirements Translation R1. There is a single control button available for the user of the oven. If the oven is idle with the door closed and you push the button, the oven will start cooking (this is, energize the power-tube for one minute). R2. If the button is pushed while the oven is cooking it will cause the oven to cook for an extra minute. R3. Pushing the button when the door is open has no effect (because it is disabled). R4. Whenever the oven is cooking or the door is open the light in the oven will be on. R5. Opening the door stops the cooking. R6. Closing the door turns off the light. This is the normal idle state, prior to cooking when the user has placed food in the oven. R7. If the oven times-out, the light and the power-tube are turned off and then a beeper emits a sound to indicate that the cooking is finished. Simulation Integrated Behavior Tree Verification Component Behavior Tree Implementation

  12. Building Dependable Systems Informal Requirements Requirement Behavior Trees Requirements Translation R1. There is a single control button available for the user of the oven. If the oven is idle with the door closed and you push the button, the oven will start cooking (this is, energize the power-tube for one minute). R2. If the button is pushed while the oven is cooking it will cause the oven to cook for an extra minute. R3. Pushing the button when the door is open has no effect (because it is disabled). R4. Whenever the oven is cooking or the door is open the light in the oven will be on. R5. Opening the door stops the cooking. R6. Closing the door turns off the light. This is the normal idle state, prior to cooking when the user has placed food in the oven. R7. If the oven times-out, the light and the power-tube are turned off and then a beeper emits a sound to indicate that the cooking is finished. Simulation Integrated Behavior Tree Requirements Integration Verification Component Behavior Tree Implementation

  13. Building Dependable Systems 1. Control of Complexity Avoids short-term memory overflow Quality, verified software 2. Early Defect Detection Building right system, right 3. Rigorous Translation 4. Ease of Simulation, Model checking Dependable systems 5. Productivity gains for teams Parallel working, Co-operative editing 6. Wide applicability Command and Control, Enterprise Systems

More Related