Bi-Directional Safety Analysis for Product-Line, Multi-Agent Systems

Abstract. Safety-critical systems composed of highly similar, semi-autonomous agents are being developed in several application domains. An example of such multi-agent systems is a fleet, or “constellation ” of satellites. In constellations of satellites, each satellite is commonly treated as a distinct autonomous agent that must cooperate to achieve higher-level constellation goals. In previous work, we have shown that modeling a constellation of satellites or spacecraft as a product line of agents (where the agents have many shared commonalities and a few key differences) enables reuse of software analysis and design assets. We have also previously developed efficient safety analysis techniques for product lines. We now propose the use of Bi-Directional Safety Analysis (BDSA) to aid in system certification. We extend BDSA to product lines of multi-agent systems and show how the analysis artifacts thus produced contribute to the software’s safety case for certification purposes. The product-line approach lets us reuse portions of the safety analysis for multiple agents, significantly reducing the burden of certification. We motivate and illustrate this work through a specific application, a product-line, multi-agent satellite constellation

Safety analysis of software product lines using state-based modeling and compositional model checking

Software product lines are widely used due to their advantageous reuse of shared features while still allowing optional and alternative features in the individual products. In high-integrity product lines such as pacemakers, flight control systems, and medical imaging systems, ensuring that common and variable safety requirements hold as each new product is built or existing products are evolved is key to the safe operations of those systems. However, this goal is currently hampered by the complexity of identifying the interactions among common and variable features that may undermine system safety. This is largely due to (1) the fact that the available safety analysis techniques lack sufficient support for analyzing the combined effects of different features, and (2) existing techniques for identifying feature interactions do not adequately accommodate the presence of common features and results in repeated checking across different products. The work described here addresses the first problem by systematically exploring the relationships between behavioral variations and potential hazardous states through scenario guided executions of the state model over the variations. It contributes to a solution to the second problem by generating formal obligations at the interfaces between features, so that sequentially composed features can be verified in a way that allows reuse for subsequent products. The main contributions of this work are an approach to perform safety analysis on the variations in a product line using state-based modeling, a tool-supported technique that guides and manages the generation of model-checkable properties from product-line requirements, and a formal framework for model checking product-line features that removes restrictions on how the features can be sequentially composed. The techniques and their implementations are demonstrated in the context of a medical-device product line

Including functional and non-technical requirements in a software requirement patterns catalogue

Taking into account the drawbacks presented above for each asset in the PABRE framework, the objectives of this thesis are: 1. Do a systematic review of the existent published works on reuse in Requirements Engineering stage, particularly on the use of patterns to achieve the reuse of requirements during Requirements Engineering. 2. Construction of a complete set of non-technical SRP that can be obtained from the Software Requirement Specifications (SRSs) corresponding to 6 real projects. 3. Study of the Content Management System domain and construction of some examples of functional SRP for this domain from the same 6 SRSs. 4. Check the validity of the current SRP metamodel for its suitability for non-technical and functional SRPs. 5. Validate the structure of SRPs (as it is the base of this thesis) and construct a survey which will be used to know what requirements engineers think about the usability of SRP catalogues in real projects in their different enterprises or organizations and if it will be applicable or not

Definition and use of software requirement patterns in requirements engineering

The final quality of software products and services depends on the requirements stated in the Software Requirements Specifications (SRSs). However, some problems like ambiguity, incompleteness and inconsistency have been reported in the writing of SRSs, especially when natural language is used. Requirements reuse has been proposed as a key asset for requirements engineers to efficiently elicit, validate and document software requirements and, as a consequence, obtain SRSs of better quality through more effective engineering processes. Among all the possible techniques to achieve reuse, patterns hold a prominent position. In their most classical form, patterns describe problems that occur over and over again, and then describe the core of the solution to these problems. Software engineering practitioners have adopted the notion of pattern in several contexts, remarkably related to software design (e.g., design patterns and software architectural patterns), but also in other software development phases, both earlier and later. Following this strategy, requirement patterns emerge as a natural way to reuse knowledge during the Requirements Engineering (RE) stage. Although there have been several techniques proposed to reuse requirements, it has been observed that no concrete proposal has achieved a wide acceptance, neither any covered all the necessary elements to encourage organizations to adopt requirements reuse. As a consequence, this thesis proposes the use of Software Requirement Patterns (SRPs) as a means to capture and reuse requirements knowledge in the context of information technology projects. Following the typical context-problem-solution structure of patterns, an SRP mainly consists of: a template (solution) that may generate one or more requirements when applied in a certain project, and some information (context-problem) to identify its applicability in that project. To facilitate their use, SRPs are encapsulated inside the PABRE (PAttern-Based Requirements Elicitation) framework. The framework covers all the elements that could be critical for the adoption of a requirements reuse technique. Specifically, the framework includes: - A metamodel that describes the structure and semantics of SRPs and their organization inside a catalogue. - An SRP catalogue composed by non-functional, non-technical and functional SRPs, the functional ones being specific for the content management system domain. - A method for guiding the use of an SRP catalogue during requirements elicitation and specification, as well as another one for constructing and updating it. - An economic model to perform cost-benefit analysis on the adoption of SRPs based on return-on-investment. - The PABRE system as technological support. In order to analyse the benefits and drawbacks of the SRPs proposed in this thesis, two empirical studies have been carried out to investigate the perception of participants about requirement patterns in general and SRPs in particular. The first one is an exploratory survey addressed to information technology people with industrial experience in RE, which analyses the current state of the practice of requirement patterns approaches. The second one corresponds to a set of semi-structured interviews, focussed on the SRP approach, conducted to requirements engineers of Swedish organizations. Moreover, as it has been discovered that there are few empirical studies showing the state of the practice of requirements reuse in industry, the first study also explores the current situation of requirements reuse practices in organizations.La qualitat final dels productes i serveis de software depèn del requisits definits en l’especificació de Requisits Software (ERS). Tot i així, alguns problemes com la ambigüitat, incompletesa i inconsistència han sigut detectats en la escriptura dels ERS, especialment quan el llenguatge natural és usat per escriure’ls. La reutilització de requisits ha sigut proposada com un recurs clau pels enginyers de requisits per tal d’obtenir, validar i documentar requisits software i, com a conseqüència, obtenir ERS de millor qualitat usant processos d’enginyeria més efectius. Entre totes les tècniques possibles per aconseguir la reutilització, els patrons tenen una posició destacada. En la seva forma més clàssica, els patrons descriuen problemes que ocorren sovint, i després descriuen la part central de la solució a aquests problemes. Els professionals de la enginyeria del software han adoptat la noció de patró en diferents àmbits, especialment en els relacionats amb el disseny del software (per exemple, els patrons de disseny i els patrons d’arquitectura del software), però també en altres etapes del desenvolupament del software, tant abans com després del seu disseny. Seguint aquesta estratègia, els patrons de requisits emergeixen com una manera natural de reutilitzar coneixement durant l’etapa d’enginyeria de requisits. Tot i que hi ha hagut varies tècniques proposades per reutilitzar requisits, s’ha observat que no hi ha cap proposta concreta que hagi aconseguit una àmplia acceptació, ni cap proposta completa que cobreixi tots els elements necessaris per animar a les organitzacions a adoptar la reutilització de requisits. Com a conseqüència, aquesta tesis proposa l’ús de Patrons de Requisits Software (en anglès Software Requirement Patterns o SRPs) com un medi per capturar i reutilitzar coneixement de requisits en l’àmbit de projectes de tecnologia de la informació. Seguint la estructura típica dels patrons de context-problema-solució, un SRP consisteix en: una plantilla (solució) que pot generar un o més requisits quan és aplicat en un projecte específic, i informació relacionada (context-problema) per identificar la seva aplicabilitat en un projecte. Per facilitar el seu ús, els SRP han sigut encapsulats dintre del framework PABRE (de l’anglès PAttern-Based Requirements Elicitation). El framework cobreix tots els elements que podrien ser crítics per adoptar una tècnica de reutilització de requisits. Més detalladament, el framework inclou: - Un meta model que descriu la estructura i semàntica dels SRPs i la seva organització dintre d’un catàleg.Postprint (published version