Study about Application of Formal Methods in Consideration of Convenience by the Example of the Electric Pot

Transcription

1 ,,, Study about Application of Formal Methods in Consideration of Convenience by the Example of the Electric Pot Abstract: It had been emphasized that formal methods in software development are verification techniques reducing risk to 0, such as mathematical proof model checking. However, modern software development accepts risks in order to achieve more complex functions shorter development period, which could not be achieved by conventional techniques. In this paper, we propose a method for efficient software development by changing the application intention of formal methods, depending on the risks. We analyzed risks on the requirements in a natural language for safety by the goal analysis, considered how to deal convenience in formal specification which often appears in the specification of end-user product. in particular it was subjected to risk assessment based on Specifically, for the example of buzz pot, consider the procedure for applying this method. Keywords: Formal method, Requirement Analysis, Specification Description, Pre-formal process 1. (Time To Market TTM) TTM 1 Faculty of Information Science Electrical Engineering, Kyushu Univ ersity c 2015 Information Processing Society of Japan 1

2 [3] [1] (safety). 2.1 Dependable Case ( 1 )... ( 2 )... ( 3 )... ( 4 )... [10] 3 4 1, 2 Dependable Case (D-Case) [8] D-Case D-Case Goal Structuring Notation (GSN) [5] (Goal) (Strategy) (Context) (Evidence) (Undeveloped) (Monitor) (External) D-Case D-Case c 2015 Information Processing Society of Japan 2

3 ( 1 ) Goal Rank ( 2 ) Root Cause Analysis (RCA) ( 3 ) RCA ( 4 ) ( 5 ) Rank ( 6 ) rank 2.2 Goal Oriented Analysis GSN GSN GSN [4][12] G G 1, G 2,... G n G G G P re G 1, G 2,... G n G P re = (G 1 G 2... G n G) (1) 1 Goal Rank ( dependability/tools/assurancecase/ ) 1 Goal Rank Goal Rank Rank 0 Goal Rank KAOS Liner Temporal Logic [11] 1 GSN [2] KAOS D-Case GSN Propositional Logic [7] 2.3 Functional Hazard Analysis FTA FMEA Root Cause Analysis RCA RCA [9] RCA c 2015 Information Processing Society of Japan 3

4 2.4 VDM D-Case 2.1 VDM++ VDM++ VDM [6] VDM 2.2 D-Case VDM D-Case VDM 3. (SESSAME: Society of Embedded Software Skill Acquisition for Managers Engineers) GOMA-1015 ( ) D-Case VDM++ [13] 3.1 D-Case 2 D-Case 2 2 don t care 3 POT-500: PID c 2015 Information Processing Society of Japan 4

5 3 c 2015 Information Processing Society of Japan 5

6 Goal Rank 2 Goal Rank VDM VDM++ VDM++ VDM VDM-SL OOA/OOD OOA/OOD 4 4 PID PID VDM++ ( 1 ) ( 2 ) ( 3 ) 5 VDM c 2015 Information Processing Society of Japan 6

7 5. D-Case D-Case GSN Goal Rank RCA Goal Rank Goal Rank Rank 0 Goal Rank - (GOMA-1015 ) 7 NPO (SESSAME) JSPS (S) c 2015 Information Processing Society of Japan 7

8 [1] Boehm, B. W. Basili, V. R.: Software Defect Reduction Top 10 List, IEEE Computer, Vol. 34, No. 1, pp (2001). [2] Denney, E., Pai, G. Whiteside, I.: Formal Foundations for Hierarchical Safety Cases, the 16th IEEE International Symposium on High Assurance Systems Engineering, pp (2015). [3] Jones, C. B.: Software Development based on Formal Methods, Proceedings of the CRAI Workshop on Software Factories Ada, LNCS, Vol. 275, Springer- Verlag, pp (1987). [4] Kelly, T. McDermid, J.: Safety case patterns-reusing successful arguments, Proceedings of IEE Colloquium on Understing Patterns Their Application to Systems Engineering, pp. 1 9 (1998). [5] Kelly, T. Weaver, R.: The Goal Structuring Notation A Safety Argument Notation, Proceedings of Dependable Systems Networks 2004 Workshop on A ssurance Cases (2004). [6] Larsen, P. G. Mukherjee, P. Plat, N. Verhoef, M. Fitzgerald, J. ( ) VDM++ (2010). [7] Matsuno, Y.: Design Implementation of GSN Patterns: A Step toward Assurance Case Language, Information Media Technologies, Vol. 9, No. 3, pp (2014). [8] Matsuno, Y., Nakazawa, J., Takeyama, M., Sugaya, M. Ishikawa, Y.: Toward a language for communication among stakeholders, Proceedings of the 16th IEEE Pacific Rim Inernational Symposium on Dependable Computing, pp (2010). [9] Reifer, D.: Software Failure Modes Effects Analysis, IEEE Transactions on Reliability, Vol. R-28, No. 3, pp (1979). [10] Sommerville, I.: Software Engineering, John Wiley & Sons (2010). [11] van Lamsweerde, A.: Requirements Engineering - From System Goals to UML Models to Software Specifications, Wiley (2009). [12] Yamamoto, S. Matsuno, Y.: An evaluation of argument patterns to reduce pitfalls of applying assurance case, The 1st International Workshop on Assurance Cases for Software-Intensive Systems, pp (2013). [13] GOMA POT Specification.htm. class instance variables -- --nil private : [< > < > < > < >] := nil; nil private : [< > <> <>] := nil; nil private : [< > < > < >]; ON/OFF PID -- off private : < > < > < ONOFF > <PID >; -- public : := new (< >); public : := new (< >); public : := new (< >); -- --ON OFF -- off private : := new (<OFF>); -- ON -- OFF private : := new (<OFF>); -- private 1 : := new (<OFF>); private 2 : := new (<OFF>); private 3 : := new (<OFF>); private 4 : := new (<OFF>); private : seq1 of := [ 1, 2, 3, 4 ]; private : [< > < > <> <> < > < >] := < >; -- private : < > < > := < >; -- public : := new (); nil private : [< >] := < >; -- --nil private : < > < > < > := < >; inv if (. () = <OFF>) then ( = < >. = < >) -- else ( /* 2 */ /* */ ( = < > => forall s in set elems & s. () = <OFF>) ( = < > =>. () = <ON>) /**/ /* */ if(. () = <ON> <> < >) then(. = < >) /* */ elseif(forall s in set elems & s. () = <OFF> <> < >) then(. = < >) /**/ else(. = < >) ) /* */ ( <> < > =>. = < >) (( = < > or () = < > or. () = <OFF> or = < > or <> nil or <> < >) =>. = < >) /* */ (( = < >) => ( = < >)) -- public : () ==> () () == ( cases : < > ->( := < >; (< >) ), < > ->( := < >; (< >) ), < > ->( := < >; (< >) ), others -> := nil end;. (, ) ) pre. () = <ON>; 5 VDM++ c 2015 Information Processing Society of Japan 8