Supporting the automated generation of modular product line safety cases

Abstract The effective reuse of design assets in safety-critical Software Product Lines (SPL) would require the reuse of safety analyses of those assets in the variant contexts of certification of products derived from the SPL. This in turn requires the traceability of SPL variation across design, including variation in safety analysis and safety cases. In this paper, we propose a method and tool to support the automatic generation of modular SPL safety case architectures from the information provided by SPL feature modeling and model-based safety analysis. The Goal Structuring Notation (GSN) safety case modeling notation and its modular extensions supported by the D-Case Editor were used to implement the method in an automated tool support. The tool was used to generate a modular safety case for an automotive Hybrid Braking System SPL

Managing design variety, process variety and engineering change: a case study of two capital good firms

Many capital good firms deliver products that are not strictly one-off, but instead share a certain degree of similarity with other deliveries. In the delivery of the product, they aim to balance stability and variety in their product design and processes. The issue of engineering change plays an important in how they manage to do so. Our aim is to gain more understanding into how capital good firms manage engineering change, design variety and process variety, and into the role of the product delivery strategies they thereby use. Product delivery strategies are defined as the type of engineering work that is done independent of an order and the specification freedom the customer has in the remaining part of the design. Based on the within-case and cross-case analysis of two capital good firms several mechanisms for managing engineering change, design variety and process variety are distilled. It was found that there exist different ways of (1) managing generic design information, (2) isolating large engineering changes, (3) managing process variety, (4) designing and executing engineering change processes. Together with different product delivery strategies these mechanisms can be placed within an archetypes framework of engineering change management. On one side of the spectrum capital good firms operate according to open product delivery strategies, have some practices in place to investigate design reuse potential, isolate discontinuous engineering changes into the first deliveries of the product, employ ‘probe and learn’ process management principles in order to allow evolving insights to be accurately executed and have informal engineering change processes. On the other side of the spectrum capital good firms operate according to a closed product delivery strategy, focus on prevention of engineering changes based on design standards, need no isolation mechanisms for discontinuous engineering changes, have formal process management practices in place and make use of closed and formal engineering change procedures. The framework should help managers to (1) analyze existing configurations of product delivery strategies, product and process designs and engineering change management and (2) reconfigure any of these elements according to a ‘misfit’ derived from the framework. Since this is one of the few in-depth empirical studies into engineering change management in the capital good sector, our work adds to the understanding on the various ways in which engineering change can be dealt with

Procedure-modular specification and verification of temporal safety properties

This paper describes ProMoVer, a tool for fully automated procedure-modular verification of Java programs equipped with method-local and global assertions that specify safety properties of sequences of method invocations. Modularity at the procedure-level is a natural instantiation of the modular verification paradigm, where correctness of global properties is relativized on the local properties of the methods rather than on their implementations. Here, it is based on the construction of maximal models for a program model that abstracts away from program data. This approach allows global properties to be verified in the presence of code evolution, multiple method implementations (as arising from software product lines), or even unknown method implementations (as in mobile code for open platforms). ProMoVer automates a typical verification scenario for a previously developed tool set for compositional verification of control flow safety properties, and provides appropriate pre- and post-processing. Both linear-time temporal logic and finite automata are supported as formalisms for expressing local and global safety properties, allowing the user to choose a suitable format for the property at hand. Modularity is exploited by a mechanism for proof reuse that detects and minimizes the verification tasks resulting from changes in the code and the specifications. The verification task is relatively light-weight due to support for abstraction from private methods and automatic extraction of candidate specifications from method implementations. We evaluate the tool on a number of applications from the domains of Java Card and web-based application

Urban Farming in Inner-City Multi-Storey Car-Parking Structures: Adaptive Reuse Potential

The future direction of transport and new global concepts of low-carbon mobility are likely to increase the number of obsolete inner-city multi-storey car-parking structures. The adaptive reuse of these garages is challenged through the continuity of urban change and the need for new mixed-use typologies. The development of technologically advanced farming in these structures could become an innovative strategy that as an interim solution justifies renovation versus demolition and new construction. The paper presents findings from the first stage of the multiple-site case study research on car-parking structures strategically selected in 3 UK cities (Portsmouth, Bristol and Brighton). In order to develop a better understanding of the conditions that enable the implementation of urban hydroponic farming in selected structures planning and technical limitations and opportunities have been identified through the analysis of policies, exploration of layouts using Revit software, field observation and photography. The analysis demonstrated that there is a range of possible uses that may be developed in the process of up-cycling of inner-city car-parking structures, of which one might be hydroponics. Looking at three multi-storey garages has shown that these have similar problems for adaptive reuse, which can be overcome with appropriate architectural strategies. Converting these structures for farming could support addressing social, environmental and economic problems. However, the proposed development requires innovations in planning documents. Further analysis needs to be conducted to assess whether the amount of food that could be produced in such a structure is efficient and comparable with other means of achieving it

Application of Decomposition and Generic Instantiation

It is believed that reusability in formal development should reduce the time and cost of formal modelling within a production environment. Event-B is a formal method that allows modelling and refinement of systems. Generic instantiation and decomposition are techniques that simplify formal developments by reusing existing models and avoiding re-proofs. We apply these techniques in Event-B for the development of a metro system case study based on safety properties. This work aims to be give some guidelines of a practical way to develop large systems by instantiation of generic models and (shared event) decompose components into smaller sub-components

Pattern languages in HCI: A critical review

This article presents a critical review of patterns and pattern languages in human-computer interaction (HCI). In recent years, patterns and pattern languages have received considerable attention in HCI for their potential as a means for developing and communicating information and knowledge to support good design. This review examines the background to patterns and pattern languages in HCI, and seeks to locate pattern languages in relation to other approaches to interaction design. The review explores four key issues: What is a pattern? What is a pattern language? How are patterns and pattern languages used? and How are values reflected in the pattern-based approach to design? Following on from the review, a future research agenda is proposed for patterns and pattern languages in HCI