© Software Engineering Research Group, Heinz Nixdorf Institute, University of Paderborn HEINZ...
-
Upload
chase-orourke -
Category
Documents
-
view
215 -
download
0
Transcript of © Software Engineering Research Group, Heinz Nixdorf Institute, University of Paderborn HEINZ...
© S
oftw
are
Eng
inee
ring
Res
earc
h G
roup
, H
einz
Nix
dorf
Ins
titut
e, U
nive
rsity
of
Pad
erbo
rn
HEINZ NIXDORF INSTITUTEUniversity of PaderbornSoftware Engineering
Prof. Dr. Wilhelm Schäfer
Developing Safe Software for Robots
PG SafeBots III
Stefan Dziwok
Christian Heinzemann
Jörg Holtmann
Oliver Sudmann
© S
oftw
are
Eng
inee
ring
Res
earc
h G
roup
, H
einz
Nix
dorf
Ins
titut
e, U
nive
rsity
of
Pad
erbo
rn
HEINZ NIXDORF INSTITUTEUniversity of PaderbornSoftware Engineering
Prof. Dr. Wilhelm Schäfer
Software Engineering Group
Our fields of research: Model-based software engineering
Safety analyses
Tool development
Numerous industrial cooperations,e.g. with
Prof. Dr. Wilhelm Schäfer
2
Projektgruppe Entwurfstechnik Mechatronik
August 17, 2011PG SafeBots III
© S
oftw
are
Eng
inee
ring
Res
earc
h G
roup
, H
einz
Nix
dorf
Ins
titut
e, U
nive
rsity
of
Pad
erbo
rn
HEINZ NIXDORF INSTITUTEUniversity of PaderbornSoftware Engineering
Prof. Dr. Wilhelm Schäfer
Kneading Factory
Goal: knead dough automatically At present: carrier to transport the tubs
3August 17, 2011PG SafeBots III
Source: Kemper
Source: Kemper
Source: W
ikipediaP
ublished under GN
U F
ree D
ocumentation License V
1.2F
ir0002/Flagstaffotos
Dough
Tub
© S
oftw
are
Eng
inee
ring
Res
earc
h G
roup
, H
einz
Nix
dorf
Ins
titut
e, U
nive
rsity
of
Pad
erbo
rn
HEINZ NIXDORF INSTITUTEUniversity of PaderbornSoftware Engineering
Prof. Dr. Wilhelm Schäfer
Kneading Factory
At present: carrier to transport the tubs
New idea: autonomously acting tubs Allows flexible design of the facility and faster processing
4August 17, 2011PG SafeBots III
Source: Kemper
© S
oftw
are
Eng
inee
ring
Res
earc
h G
roup
, H
einz
Nix
dorf
Ins
titut
e, U
nive
rsity
of
Pad
erbo
rn
HEINZ NIXDORF INSTITUTEUniversity of PaderbornSoftware Engineering
Prof. Dr. Wilhelm Schäfer
Specify the new Kneading Factory
Specification of old carrier system exists Informally and in our modeling language
MechatronicUML
Some requirements for the new tubs: Drive to a specific station Do not collide with other moving tubs Do not collide with the surroundings Agree upon further actions with other
tubs
BeBots represent the new autonomously acting tubs
5August 17, 2011PG SafeBots III
Source: Kemper
© S
oftw
are
Eng
inee
ring
Res
earc
h G
roup
, H
einz
Nix
dorf
Ins
titut
e, U
nive
rsity
of
Pad
erbo
rn
HEINZ NIXDORF INSTITUTEUniversity of PaderbornSoftware Engineering
Prof. Dr. Wilhelm Schäfer
BeBot Demonstrator
BeBots Scan environment by using sensors Interaction with environment with
different tools Wireless communication
Challenges: Autonomous system Coordinated actions required Possibly great number of BeBots
involved
Goal: specified software should finally run on the BeBots
6August 17, 2011PG SafeBots III
© S
oftw
are
Eng
inee
ring
Res
earc
h G
roup
, H
einz
Nix
dorf
Ins
titut
e, U
nive
rsity
of
Pad
erbo
rn
HEINZ NIXDORF INSTITUTEUniversity of PaderbornSoftware Engineering
Prof. Dr. Wilhelm Schäfer
Develop the new BeBot Software
Various MechatronicUML models of the BeBots already exist
Development environments for the BeBots exist
You can use the „Telewerkbank“ to test your software
7August 17, 2011PG SafeBots III
Sou
rce:
HN
I
© S
oftw
are
Eng
inee
ring
Res
earc
h G
roup
, H
einz
Nix
dorf
Ins
titut
e, U
nive
rsity
of
Pad
erbo
rn
HEINZ NIXDORF INSTITUTEUniversity of PaderbornSoftware Engineering
Prof. Dr. Wilhelm Schäfer
MechatronicUML Overview
Adaptation of the UML for mechatronic systems, i.e. systems containing parts of Electrical engineering Mechanical engineering Control engineering Software engineering
MechatronicUML provides techniques for Modeling Verification Code generation
Provides support for real-time constraints
8August 17, 2011PG SafeBots III
© S
oftw
are
Eng
inee
ring
Res
earc
h G
roup
, H
einz
Nix
dorf
Ins
titut
e, U
nive
rsity
of
Pad
erbo
rn
HEINZ NIXDORF INSTITUTEUniversity of PaderbornSoftware Engineering
Prof. Dr. Wilhelm Schäfer
Model-based Software Engineering
9August 17, 2011
Development ProcessSystem Model
Analysis
Counterexample
OK
Verfication
Textual RequirementsFormal Requirements
sd bypassObstacle
:Environment :BeBot
obstacleFront
turnRight
noObstacleLeft
turnLeft
...
sd bypassObstacle
:Environment :BeBot
obstacleFront
turnRight
noObstacleLeft
turnLeft
...
sd bypassObstacle
:Environment :BeBot
obstacleFront
turnRight
noObstacleLeft
turnLeft
...
PG SafeBots III
© S
oftw
are
Eng
inee
ring
Res
earc
h G
roup
, H
einz
Nix
dorf
Ins
titut
e, U
nive
rsity
of
Pad
erbo
rn
HEINZ NIXDORF INSTITUTEUniversity of PaderbornSoftware Engineering
Prof. Dr. Wilhelm Schäfer
Scenario-based Requirements Engineering
Requirements Engineering (RE) Typically first stage of development process Elicitate, document, and validate requirements Errors in requirements lead to wrong systems!
Problems Often: informal, textual requirements in proseCannot be analyzed automatically
Scenario-based RE Scenarios specify interactions between
the system and its environment E.g., UML Sequence Diagrams
10August 17, 2011PG SafeBots III
sd bypassObstacle
:Environment :BeBot
obstacleFront
turnRight
noObstacleLeft
turnLeft
...
© S
oftw
are
Eng
inee
ring
Res
earc
h G
roup
, H
einz
Nix
dorf
Ins
titut
e, U
nive
rsity
of
Pad
erbo
rn
HEINZ NIXDORF INSTITUTEUniversity of PaderbornSoftware Engineering
Prof. Dr. Wilhelm Schäfer
Modal Sequence Diagrams (MSDs)
Extend UML Sequence Diagrams Distinction between possible and mandatory behavior Formal foundation Not just exemplary interactions
11August 17, 2011PG SafeBots III
obstacleFront
noObstacleLeft
OturnRight
turnLeft
:Environment :BeBot
obstacleFront
turnRight
noObstacleLeft
turnLeft
...
msd bypassObstacle
© S
oftw
are
Eng
inee
ring
Res
earc
h G
roup
, H
einz
Nix
dorf
Ins
titut
e, U
nive
rsity
of
Pad
erbo
rn
HEINZ NIXDORF INSTITUTEUniversity of PaderbornSoftware Engineering
Prof. Dr. Wilhelm Schäfer
Former PG ScenarioTools
12August 17, 2011PG SafeBots III
© S
oftw
are
Eng
inee
ring
Res
earc
h G
roup
, H
einz
Nix
dorf
Ins
titut
e, U
nive
rsity
of
Pad
erbo
rn
HEINZ NIXDORF INSTITUTEUniversity of PaderbornSoftware Engineering
Prof. Dr. Wilhelm Schäfer
Aim of SafeBots III
Enhancement of ScenarioTools simulation E.g., at present no timing supported
What happens if message turnRight is sent too late?
13August 17, 2011PG SafeBots III
obstacleFront
OturnRight
:Environment :BeBot
obstacleFront
turnRight
noObstacleLeft
turnLeft
...
msd bypassObstacle
:Environment :BeBot
obstacleFront
noObstacleLeft
...
msd bypassObstacle
c = 0
turnRight
c ≤ 50
turnLeft
Extension of the scenario simulation by timing concept!
© S
oftw
are
Eng
inee
ring
Res
earc
h G
roup
, H
einz
Nix
dorf
Ins
titut
e, U
nive
rsity
of
Pad
erbo
rn
HEINZ NIXDORF INSTITUTEUniversity of PaderbornSoftware Engineering
Prof. Dr. Wilhelm Schäfer
Formal Requirements – Your Part
TasksExtend the MSD simulation by
Timing concept Parameterized messages …
Optionally: Interpret results from formal synthesis Develop concept for refinement of MSD scenarios
Requirements:Learn MSDs and its timing extensionsUnderstand the present simulation of conventional MSDsStudy features of similar approaches
14August 17, 2011PG SafeBots III
© S
oftw
are
Eng
inee
ring
Res
earc
h G
roup
, H
einz
Nix
dorf
Ins
titut
e, U
nive
rsity
of
Pad
erbo
rn
HEINZ NIXDORF INSTITUTEUniversity of PaderbornSoftware Engineering
Prof. Dr. Wilhelm Schäfer
Model-based Software Engineering
15August 17, 2011
Development ProcessSystem Model
Analysis
Counterexample
OK
Verfication
Textual RequirementsFormal Requirements
sd bypassObstacle
:Environment :BeBot
obstacleFront
turnRight
noObstacleLeft
turnLeft
...
sd bypassObstacle
:Environment :BeBot
obstacleFront
turnRight
noObstacleLeft
turnLeft
...
sd bypassObstacle
:Environment :BeBot
obstacleFront
turnRight
noObstacleLeft
turnLeft
...
PG SafeBots III
© S
oftw
are
Eng
inee
ring
Res
earc
h G
roup
, H
einz
Nix
dorf
Ins
titut
e, U
nive
rsity
of
Pad
erbo
rn
HEINZ NIXDORF INSTITUTEUniversity of PaderbornSoftware Engineering
Prof. Dr. Wilhelm Schäfer
Communication in Mechatronic Systems
Modern mechatronic systems: Amount and complexity of communication between
components (& systems) are growing, e.g.• Cooperation between BeBots• Component-Interaction within a BeBot
MechatronicUML For component-based software development Separates communication behavior of a component from
its internal behavior• Complexity of the system is manageable.
Communication behavior is specified by reusable Real-Time Coordination Patterns
16August 17, 2011PG SafeBots III
© S
oftw
are
Eng
inee
ring
Res
earc
h G
roup
, H
einz
Nix
dorf
Ins
titut
e, U
nive
rsity
of
Pad
erbo
rn
HEINZ NIXDORF INSTITUTEUniversity of PaderbornSoftware Engineering
Prof. Dr. Wilhelm Schäfer
Example: Component Diagram including Real-Time Coordination Patterns
17August 17, 2011PG SafeBots III
© S
oftw
are
Eng
inee
ring
Res
earc
h G
roup
, H
einz
Nix
dorf
Ins
titut
e, U
nive
rsity
of
Pad
erbo
rn
HEINZ NIXDORF INSTITUTEUniversity of PaderbornSoftware Engineering
Prof. Dr. Wilhelm Schäfer
Real-Time Coordination Pattern PositionTransmission
18August 17, 2011PG SafeBots III
© S
oftw
are
Eng
inee
ring
Res
earc
h G
roup
, H
einz
Nix
dorf
Ins
titut
e, U
nive
rsity
of
Pad
erbo
rn
HEINZ NIXDORF INSTITUTEUniversity of PaderbornSoftware Engineering
Prof. Dr. Wilhelm Schäfer
Reusing Real-Time Coordination Patterns
Goal: reuse Real-Time Coordination Patterns as often as possible Saves time and money
Problem: finding appropriate patterns that fulfill the requirements
Simple Solution: store knowledge about patterns within a normal database (e.g., MySQL) But:
• How to verify your knowledge?• How to support synonyms?• How to retrieve patterns based on
formal requirements?
19August 17, 2011PG SafeBots III
?
© S
oftw
are
Eng
inee
ring
Res
earc
h G
roup
, H
einz
Nix
dorf
Ins
titut
e, U
nive
rsity
of
Pad
erbo
rn
HEINZ NIXDORF INSTITUTEUniversity of PaderbornSoftware Engineering
Prof. Dr. Wilhelm Schäfer
Store Knowledge of Patterns within the SemanticWeb
Better Solution: Store not just the knowledge,
but the meaning of the knowledge by using the SemanticWeb as knowledge base
• Verifies your knowledge• Infers new knowledge• Supports synonyms• Supports various formal
search queries
20August 17, 2011PG SafeBots III
!
© S
oftw
are
Eng
inee
ring
Res
earc
h G
roup
, H
einz
Nix
dorf
Ins
titut
e, U
nive
rsity
of
Pad
erbo
rn
HEINZ NIXDORF INSTITUTEUniversity of PaderbornSoftware Engineering
Prof. Dr. Wilhelm Schäfer
Reusing existing Protocols for Communication – Your Part
TasksDevelop concepts to store and search knowledge about Real-Time Coordination Patterns within the SemanticWebMake access to the pattern knowledge as easy as possible for the user
E.g., the tool should suggest patterns based on the given formal requirements.
Requirements:Learn MechatronicUML and especially Real-Time Coordination PatternsStudy specification and application of the SemanticWeb
21August 17, 2011PG SafeBots III
© S
oftw
are
Eng
inee
ring
Res
earc
h G
roup
, H
einz
Nix
dorf
Ins
titut
e, U
nive
rsity
of
Pad
erbo
rn
HEINZ NIXDORF INSTITUTEUniversity of PaderbornSoftware Engineering
Prof. Dr. Wilhelm Schäfer
Model-based Software Engineering
22August 17, 2011
Development ProcessSystem Model
Analysis
Counterexample
OK
Verfication
Textual RequirementsFormal Requirements
sd bypassObstacle
:Environment :BeBot
obstacleFront
turnRight
noObstacleLeft
turnLeft
...
sd bypassObstacle
:Environment :BeBot
obstacleFront
turnRight
noObstacleLeft
turnLeft
...
sd bypassObstacle
:Environment :BeBot
obstacleFront
turnRight
noObstacleLeft
turnLeft
...
PG SafeBots III
© S
oftw
are
Eng
inee
ring
Res
earc
h G
roup
, H
einz
Nix
dorf
Ins
titut
e, U
nive
rsity
of
Pad
erbo
rn
HEINZ NIXDORF INSTITUTEUniversity of PaderbornSoftware Engineering
Prof. Dr. Wilhelm Schäfer
Refine Coordination Pattern on Reuse
Pattern is independent of components No component specific details in a pattern Need to be added after application
=> Correctness of changes must be ensured
23August 17, 2011PG SafeBots III
φ = no deadlock
|= φ
|= φ?
Refinement Refinement
sender receiver
PositionTransmission
b2:BeBot
receiver
b1:BeBot
sender
© S
oftw
are
Eng
inee
ring
Res
earc
h G
roup
, H
einz
Nix
dorf
Ins
titut
e, U
nive
rsity
of
Pad
erbo
rn
HEINZ NIXDORF INSTITUTEUniversity of PaderbornSoftware Engineering
Prof. Dr. Wilhelm Schäfer
Developer Assistance
Refinement check returns counterexample for incorrect refinement
Assist developer by visualizing the counterexample Example for visualization:
UPPAAL
24August 17, 2011PG SafeBots III
© S
oftw
are
Eng
inee
ring
Res
earc
h G
roup
, H
einz
Nix
dorf
Ins
titut
e, U
nive
rsity
of
Pad
erbo
rn
HEINZ NIXDORF INSTITUTEUniversity of PaderbornSoftware Engineering
Prof. Dr. Wilhelm Schäfer
Synthesis
Combination of several coordination patterns in one component introduces dependencies
Internal component behavior must resolve them Goal:
Annotate the restrictions Synthesize the internal behavior
25August 17, 2011PG SafeBots III
CollisionControl distributor
client
sender
receiver
ConflictData Transfer
© S
oftw
are
Eng
inee
ring
Res
earc
h G
roup
, H
einz
Nix
dorf
Ins
titut
e, U
nive
rsity
of
Pad
erbo
rn
HEINZ NIXDORF INSTITUTEUniversity of PaderbornSoftware Engineering
Prof. Dr. Wilhelm Schäfer
Refinement and Synthesis – Your Part
TasksExtend refinement check procedure to 1:n communicationProvide visualization for counterexample analysisExtend existing synthesis approach
Requirements:Learn or know verification of graph transformation systemsLearn or know verification of timed automataStudy different refinement definitionsUnderstand synthesis of real-time behavior
26August 17, 2011PG SafeBots III
© S
oftw
are
Eng
inee
ring
Res
earc
h G
roup
, H
einz
Nix
dorf
Ins
titut
e, U
nive
rsity
of
Pad
erbo
rn
HEINZ NIXDORF INSTITUTEUniversity of PaderbornSoftware Engineering
Prof. Dr. Wilhelm Schäfer
Model-based Software Engineering
27August 17, 2011
Development ProcessSystem Model
Analysis
Counterexample
OK
Verfication
Textual RequirementsFormal Requirements
sd bypassObstacle
:Environment :BeBot
obstacleFront
turnRight
noObstacleLeft
turnLeft
...
sd bypassObstacle
:Environment :BeBot
obstacleFront
turnRight
noObstacleLeft
turnLeft
...
sd bypassObstacle
:Environment :BeBot
obstacleFront
turnRight
noObstacleLeft
turnLeft
...
PG SafeBots III
© S
oftw
are
Eng
inee
ring
Res
earc
h G
roup
, H
einz
Nix
dorf
Ins
titut
e, U
nive
rsity
of
Pad
erbo
rn
HEINZ NIXDORF INSTITUTEUniversity of PaderbornSoftware Engineering
Prof. Dr. Wilhelm Schäfer
Model-based Software Engineering
28August 17, 2011
Development ProcessSystem Model
Analysis
Counterexample
OK
Verfication
Textual RequirementsFormal Requirements
sd bypassObstacle
:Environment :BeBot
obstacleFront
turnRight
noObstacleLeft
turnLeft
...
sd bypassObstacle
:Environment :BeBot
obstacleFront
turnRight
noObstacleLeft
turnLeft
...
sd bypassObstacle
:Environment :BeBot
obstacleFront
turnRight
noObstacleLeft
turnLeft
...
PG SafeBots III
derive initial component
model
derive requirements
for each communication
model coordination
pattern
determine component‘s
behavior
© S
oftw
are
Eng
inee
ring
Res
earc
h G
roup
, H
einz
Nix
dorf
Ins
titut
e, U
nive
rsity
of
Pad
erbo
rn
HEINZ NIXDORF INSTITUTEUniversity of PaderbornSoftware Engineering
Prof. Dr. Wilhelm Schäfer
Process Support – Motivation
29August 17, 2011PG SafeBots III
derive initial component
model
derive requirements
for each communication
model coordination
pattern
determine component‘s
behavior
derive rolesderive
message interfaces specify
connector properties
specify roles‘
behavior adapt roles‘
behavior to connector properties
specify connector properties
specify roles‘
behavior adapt roles‘
behavior to connector properties
set of message interfaces
set of roles
set of connectors Real-Time Statecharts
Real-Time Statecharts
Real-Time Statecharts
model coordination pattern
set of structured components
Process steps depend on the system under development Process must be adapted to changes in the environment
Organizational goals (e.g., time-to-market) Available developers
© S
oftw
are
Eng
inee
ring
Res
earc
h G
roup
, H
einz
Nix
dorf
Ins
titut
e, U
nive
rsity
of
Pad
erbo
rn
HEINZ NIXDORF INSTITUTEUniversity of PaderbornSoftware Engineering
Prof. Dr. Wilhelm Schäfer
Process Support – Motivation
30August 17, 2011PG SafeBots III
derive initial component
model
derive requirements
for each communication
model coordination
pattern
determine component‘s
behavior
derive rolesderive
message interfaces
specify connector properties
specify roles‘
behavior
set of message interfaces
set of roles set of connectors
Real-Time Statecharts
model coordination pattern
set of structured components
Real-Time Statecharts
Process steps depend on the system under development Process must be adapted to changes in the environment
Available developers Organizational goals (e.g., time-to-market)
Such a complex process is hard to manage manually!
© S
oftw
are
Eng
inee
ring
Res
earc
h G
roup
, H
einz
Nix
dorf
Ins
titut
e, U
nive
rsity
of
Pad
erbo
rn
HEINZ NIXDORF INSTITUTEUniversity of PaderbornSoftware Engineering
Prof. Dr. Wilhelm Schäfer
Process Support – Goals
Guide the developer through the process Modeling the Process:
Easy modeling of processes Modeling of dependencies to the system model and organizational goals Enable adaptation of process during development
31August 17, 2011PG SafeBots III
quality
max.
cost
min.
duration
min.
derive rolesderive
message interfaces
specify connector properties
derive rolesspecify
connector properties
derive message interfaces
component model coordination pattern
message interface connector propertiesroles
© S
oftw
are
Eng
inee
ring
Res
earc
h G
roup
, H
einz
Nix
dorf
Ins
titut
e, U
nive
rsity
of
Pad
erbo
rn
HEINZ NIXDORF INSTITUTEUniversity of PaderbornSoftware Engineering
Prof. Dr. Wilhelm Schäfer
Process Support – Your Part
TasksIntegrate an adaptive process engine into the IDE
Process Modeling: support for the process engineer to model the process in a declarative manner
Process Enactment: • Execute the specified process
• Propose steps to the developer depending on the current development situation (e.g. state of the system model)
Requirements:Understand the MechatronicUML processLearn about declarative process modeling Learn about process management
32August 17, 2011PG SafeBots III
© S
oftw
are
Eng
inee
ring
Res
earc
h G
roup
, H
einz
Nix
dorf
Ins
titut
e, U
nive
rsity
of
Pad
erbo
rn
HEINZ NIXDORF INSTITUTEUniversity of PaderbornSoftware Engineering
Prof. Dr. Wilhelm Schäfer
Registration Details
Register in the Paul system during the first registration period: August 22 - September 16
Register at the central examination office (Zentrales Prüfungssekretariat) during the first examination registration period Typically starting in the middle of October
You have to be registered in the Master degree programme by the end of October Please let us know if this is not possible, we will try to find a
solution with the examination office.
33August 17, 2011PG SafeBots III
© S
oftw
are
Eng
inee
ring
Res
earc
h G
roup
, H
einz
Nix
dorf
Ins
titut
e, U
nive
rsity
of
Pad
erbo
rn
HEINZ NIXDORF INSTITUTEUniversity of PaderbornSoftware Engineering
Prof. Dr. Wilhelm Schäfer
SafeBots III - Your Part
Work as a team Self-organized learning:
Learn to understand concepts you do not know yet Help each other
Work regularly, i.e. min 20 hours each week We recommend: visit the lecture „Model-driven Software
Development“ (Jun.-Prof. Steffen Becker)
34August 17, 2011PG SafeBots III
© S
oftw
are
Eng
inee
ring
Res
earc
h G
roup
, H
einz
Nix
dorf
Ins
titut
e, U
nive
rsity
of
Pad
erbo
rn
HEINZ NIXDORF INSTITUTEUniversity of PaderbornSoftware Engineering
Prof. Dr. Wilhelm Schäfer
Questions?
35August 17, 2011PG SafeBots III