Formal methods for a system of systems analysis framework applied to traffic management

Formal methods for systems and system of systems engineering (SoSE) can bring precision to architecting and design, and increased trustworthiness in verification; but they require the use of formal languages that are not broadly comprehensible to the various stakeholders. The evolution of Model Based Systems Engineering (MBSE) using the Systems Modeling Language (SysML) lies in a middle ground between legacy document-based SoSE and formal methods. SysML is a graphical language but not a formal language. Initiatives in the Object Management Group (OMG), such as the development of the Foundational Unified Modeling Language (fUML) seek to bring precise semantics to object-oriented modeling languages. Following the philosophy of fUML, we offer a framework for associating precise semantics with Unified Modeling Language (UML) and SysML models essential for SoSE architecting and design. Straightforward methods are prescribed to develop the essential models and to create semantic transformations between them. Matrix representations can be used to perform analyses that are concordant with the system of UML or SysML models that represent the system or SoS. The framework and methods developed in this paper are applied to a Traffic Management system of systems (TMSoS) that has been a subject of research presented at previous IEEE SoSE conferences

SafeSlice: A model slicing and design safety inspection tool for SysML

Software safety certification involves checking that the software design meets the (software) safety requirements. In practice, inspections are one of the primary vehicles for ensuring that safety requirements are satisfied by the design. Unless the safety-related aspects of the design are clearly delineated, the inspections conducted by safety assessors would have to consider the entire design, although only small fragments of the design may be related to safety. In a model-driven development context, this means that the assessors have to browse through large models, understand them, and identify the safety-related fragments. This is time-consuming and error-prone, specially noting that the assessors are often third-party regulatory bodies who were not involved in the design. To address this problem, we describe in this paper a prototype tool called, SafeSlice, that enables one to automatically extract the safety-related slices (fragments) of design models. The main enabler for our slicing technique is the traceability between the safety requirements and the design, established by following a structured design methodology that we propose. Our work is grounded on SysML, which is being increasingly used for expressing the design of safety-critical systems. We have validated our work through two case studies and a control experiment which we briefly outline in the paper. © 2011 ACM

Towards Automatic Model Completion: from Requirements to SysML State Machines

Even if model-driven techniques have been enabled the centrality of the models in automated development processes, the majority of the industrial settings does not embrace such a paradigm due to the procedural complexity of managing model life cycle. This paper proposes a semi-automatic approach for the completion of high-level models of critical systems. The proposal suggests a specification guidelines that starts from a partial SysML (Systems Modeling Language) model of a system and on a set of requirements, expressed in the well-known Behaviour-Driven Design paradigm. On the base of such requirements, the approach enables the automatic generation of SysML state machines fragments. Once completed, the approach also enables the modeller to check the results improving the quality of the model and avoiding errors both coming from the mis-interpretation of the tool and from the modeller himself/herself. An example taken from the railway domain shows the approach.Comment: Editor: Ib\'eria Medeiros. 18th European Dependable Computing Conference (EDCC 2022), September 12-15, 2022, Zaragoza, Spain. Student Forum Proceedings - EDCC 202

Modeling and verification of Functional and Non-Functional Requirements of ambient Self-Adaptive Systems

International audienceSelf-Adaptive Systems modify their behavior at run-time in response to changing environmental conditions. For these systems, Non-Functional Requirements play an important role, and one has to identify as early as possible the requirements that are adaptable. We propose an integrated approach for modeling and verify- ing the requirements of Self-Adaptive Systems using Model Driven Engineering techniques. For this, we use Relax, which is a Requirements Engineering language which introduces flexibility in Non-Functional Require- ments. We then use the concepts of Goal-Oriented Requirements Engineering for eliciting and modeling the requirements of Self-Adaptive Systems. For properties verification, we use OMEGA2/IFx profile and toolset. We illustrate our proposed approach by applying it on an academic case study

ASSESSING INTEROPERABILITY BETWEEN BEHAVIOR DIAGRAMS CONSTRUCTED WITH SYSTEMS MODELING LANGUAGE (SYSML) AND MONTEREY PHOENIX (MP)

Systems engineers have long struggled to identify and understand system behaviors in the operational environment. System Modeling Language (SysML) is a graphical language used among systems engineers to relay details of the system’s design to various stakeholders. Monterey Phoenix (MP) is a behavioral modeling approach and tool utilizing a lightweight formal method and language to generate diagrams and display expected and unexpected emergent system behaviors. Through systematic analysis of SysML and MP behavior models, this research presents recommendations for improving MP in future releases to accommodate SysML compliance. The ability to merge MP’s scope complete event trace generation into a SysML compliant format would provide great insights and benefits into the DOD acquisition process. Findings from this research include several simple additions to MP diagrams that will better align them with SysML standards while preserving MP’s capability to enable identification of emergent behavior early in the design process, when the risks can be addressed before system design features are ever manufactured or tested.National Security Agency (NSA)Outstanding ThesisCivilian, Missile Defense AgencyCivilian, Department of the NavyCivilian, Department of the NavyCivilian, Department of the ArmyApproved for public release. Distribution is unlimited

(User-friendly) formal requirements verification in the context of ISO26262

Abstract In order to achieve the highest safety integrity levels, ISO26262 recommends the use of formal methods for various verification activities, throughout the lifecycle of safety-related embedded systems for road vehicles. Since formal methods are known to be difficult to use, one of the main challenges raised by these ISO26262 requirements is to find cost-effective approaches for being compliant with them. This paper proposes an approach for requirements formal verification where formal methods, languages, and tools are only minimally exposed to the user, and are integrated into one of the commonly used system modeling environments based on SysML. This approach does not require particular expertise in formal methods still allowing to apply them. Hence, personnel training costs and development costs should be kept limited. The proposed approach has been implemented as a plugin of the Topcased environment. Although it is limited to discrete system models, it has been successfully experimented on an industrial use case

Clafer: Lightweight Modeling of Structure, Behaviour, and Variability

Embedded software is growing fast in size and complexity, leading to intimate mixture of complex architectures and complex control. Consequently, software specification requires modeling both structures and behaviour of systems. Unfortunately, existing languages do not integrate these aspects well, usually prioritizing one of them. It is common to develop a separate language for each of these facets. In this paper, we contribute Clafer: a small language that attempts to tackle this challenge. It combines rich structural modeling with state of the art behavioural formalisms. We are not aware of any other modeling language that seamlessly combines these facets common to system and software modeling. We show how Clafer, in a single unified syntax and semantics, allows capturing feature models (variability), component models, discrete control models (automata) and variability encompassing all these aspects. The language is built on top of first order logic with quantifiers over basic entities (for modeling structures) combined with linear temporal logic (for modeling behaviour). On top of this semantic foundation we build a simple but expressive syntax, enriched with carefully selected syntactic expansions that cover hierarchical modeling, associations, automata, scenarios, and Dwyer's property patterns. We evaluate Clafer using a power window case study, and comparing it against other notations that substantially overlap with its scope (SysML, AADL, Temporal OCL and Live Sequence Charts), discussing benefits and perils of using a single notation for the purpose

AMADEOS SysML Profile for SoS Conceptual Modeling

International audienc