cse p503
play

CSE P503: Requirements and Specifications or Principles of Man is - PowerPoint PPT Presentation

Mar 21, 2023 •156 likes •776 views

CSE P503: Requirements and Specifications or Principles of Man is the only animal whose desires increase as Software they are fed; the only animal that is never satisfied. --Henry George Engineering The designer of a new kind of system

  1. CSE P503: Requirements and Specifications … or Principles of Man is the only animal whose desires increase as Software they are fed; the only animal that is never satisfied. --Henry George Engineering The designer of a new kind of system must participate fully in the implementation. David Notkin --Donald Knuth Autumn 2007 I have yet to see any problem, however complicated, which, when you looked at it in right way, did not become still more complicated. --Poul Anderson

  2. Some announcements and reminders • If you are not receiving email from the class list, then make sure to let Jonathan or me know so we can add you – and messages are now being archived • I will start to place more material on the wiki – again, if you cannot access it, let Jonathan or me know – In particular, I’ll try to place material that is likely to be ―discussable‖ there, in an attempt to encourage an exchange of viewpoints • Format and citations for essay and papers: I don’t really care, as long as it is reasonable – as a very rough guide, you might consider articles in IEEE Software and in CACM for this David Notkin ● Autumn 2007 UW CSE P503 2

  3. Our plan of attack: this week • Analysis of state machine based specifications (model checking) • Michael Jackson on video: ―The World and the Machine‖ David Notkin ● Autumn 2007 UW CSE P503 3

  4. Interlude: but what should we do ? • A student writes (roughly): – ― Software engineering seems very good at telling me what not to do. – “How *do* you do things, instead of what *doesn’t* work properly.” • Back at you: take two minutes with another student or two and produce one or two imaginable ―actionable‖ principles that would be of the form you’d like to have – Example: ―The application of test -driven development has been shown in some studies to reduce bug counts by an _order of magnitude_ over standard techniques where tests are written after the fact.‖ [from a student in class] – Your examples don’t have to be ―true‖ – just in a form that captures what you’d like to see David Notkin ● Autumn 2007 UW CSE P503 4

  5. What is dependability • Based on experience as part of a large NASA-funded project on dependability, it became clear to me that – Dependability is different things to different people – There are two camps • Use technology to improve dependability • Build a ―culture of dependability‖ • Without a ―designation‖ of dependability, surely efforts to increase dependability will be complicated and perhaps compromised • Surely it’s a combination of culture and of technology; we’ll focus on one technology tonight David Notkin ● Autumn 2007 UW CSE P503 5

  6. Finite state machines • There is a large class of specification languages based on finite state machines – A finite set of states – A finite alphabet of symbols – A start state and zero or more final states – A transition relation • Often used for describing the control aspects of reactive systems (and much, much more!) • The theoretical basis is very firm • Many models including Petri nets, communicating finite state machines, statecharts, RSML, … David Notkin ● Autumn 2007 UW CSE P503 6

  7. State machines: event-driven • External events (actions in the external environment, such as ―button pushed‖, ―door opened‖, ―nuclear core above safe temperature‖, etc.) • Internal events (actions defined in the internal system to cause needed actions) • Can generate external events that may drive actuators in the environment (valves may be opened, alarms may be rung, etc.) • Transitions can have guards and conditions that control whether or not they are taken David Notkin ● Autumn 2007 UW CSE P503 7

  8. Walkman example (due to Alistair Kilgour, Heriot-Watt University) David Notkin ● Autumn 2007 UW CSE P503 8

  9. A common problem • It is often the case that conventional finite state machines blow-up in size for big problems, in two senses – The actual description of the machine can get very large – The state space represented by the machine can get to be enormous • This is especially true for – deterministic machines (which are usually desirable) and – machines capturing concurrency (because of the potential interleavings that must be captured) David Notkin ● Autumn 2007 UW CSE P503 9

  10. Statecharts (Harel) • A visual formalism for defining finite state machines • A hierarchical mechanism allows for complex machines to be defined by smaller descriptions – Parallel states (AND decomposition) – Conventional OR decomposition • Now part of UML David Notkin ● Autumn 2007 UW CSE P503 10

  12. Tools • Statecharts have a set of supporting tools from i- Logix (STATEMATE, Rhapsody) – Editors – Simulators – Code generators • C, Ada, Verilog, VHDL – Some analysis support • UML tools and environments… David Notkin ● Autumn 2007 UW CSE P503 12

  13. Classic examples • Specifying a cruise control • Specifying the traffic lights at an intersection • Specifying trains on shared tracks – Could be managing the bus tunnel in Seattle • Etc. David Notkin ● Autumn 2007 UW CSE P503 13

  14. A snippet of cruise control Cruise Pause Cruise Pause OnButtonPushed OnButtonPushed Resume Resume OffButtonPushed OffButtonPushed • Completely incomplete • There should be guards and conditions on transitions • Lots of other information left out David Notkin ● Autumn 2007 UW CSE P503 14

  15. More cruise control • What if your state machine also tracked speed? – Maybe the cruise control doesn’t work at low speeds – Anyway, it needs to remember a speed so it can resume properly • What if it also interacted with the door locking system? • You might have to modify almost every state to track not only the state on the previous slide, but the speed, too – Essentially, you need to build a cross product of all combinations of states • This is the kind of issue that can cause the machine to blowup in size – It’s not the best example, but it’s adequate David Notkin ● Autumn 2007 UW CSE P503 15

  16. Statecharts • The idea of statecharts [Harel] is to provide a rich, visual representation for defining finite state machines that capture the essence of complex, reactive systems • There isn’t a simple, easy -to-get, reference – ―The‖ statecharts paper, but long and a bit hard to find D. Harel, "Statecharts: A Visual Formalism for Complex Systems, " Science of Computer Programming (1987) – A general paper on statechart-like formalisms D. Harel. "On Visual Formalisms," Comm. of the ACM (1988) David Notkin ● Autumn 2007 UW CSE P503 16

  17. Key idea: hierarchy Exceed25MPH LockButtonPushed … >25MPH Cruise Pause OnButtonPushed Resume OffButtonPushed David Notkin ● Autumn 2007 UW CSE P503 17

  18. Parallel AND-machines • The state of the overall machine is represented by one state from each of the parallel AND machines – In a cruise control state AND in a speed state AND in a door lock state • Transitions can take place in all substates in parallel – Events in one substate can cause transitions in another substate David Notkin ● Autumn 2007 UW CSE P503 18

  19. A few statechart features • Default entry states for each substate – Indicated by an arrow with no initial state • When any of the parallel machines is exited, the entire machine is exited • You can have ―history‖ states, which remember where you were the last time you were in a machine • The ―STATEMATE semantics‖ are the standard semantics – This is largely a question of which enabled transitions are taken, and when – At this level, you surely don’t care David Notkin ● Autumn 2007 UW CSE P503 19

  20. Leap of faith • Statecharts (and variants) can be used to specify important, complex systems • (Not all software-based systems, nor all aspects of many software-based systems) David Notkin ● Autumn 2007 UW CSE P503 20

  21. Question • So we have a big statecharts-like specification • How do we know it has properties we want it to have? – Ex: is it deterministic? – Ex: can you ever have the doors unlock by themselves while the car is moving? – Ex: can you ever cause an emergency descent when you are under 500 feet above ground level? • Three main approaches – Human inspection – Simulation – Analysis: the most promising of these is model checking David Notkin ● Autumn 2007 UW CSE P503 21

  22. Model checking • Evaluate temporal properties of finite state systems – Guarantee a property is true Temporal Logic Finite State or return a counterexample Formula Machine – Ex: Is it true that we can never enter an error state? – Ex: Are we able to handle a reset from any state? Model • Checker Extremely successfully for hardware verification – Intel got into the game after Yes No the FDIV error • Open question: applicable to software specifications? David Notkin ● Autumn 2007 UW CSE P503 22

  23. State Transition Graph • One way to represent a finite state machine is as a state transition graph – S is a finite set of states – R is a binary relation that defines the possible transitions between states in S – P is a function that assigns atomic propositions to each state in S (e.g., that a specific process holds a lock) • Other representations include regular expressions, etc. David Notkin ● Autumn 2007 UW CSE P503 23

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

CSE P503: Requirements and Specifications or Principles of You can't always get what you

CSE P503: Requirements and Specifications or Principles of You can't always get what you

CSE P503: Requirements and Specifications or Principles of You can't always get what you want Software But if you try sometime, yeah, Engineering You just might find you get what you need! --Jagger & Richards David Notkin When I

932 views • 68 slides
CSE P503: Evolution Principles of There is in the worst of fortune the best of Software

CSE P503: Evolution Principles of There is in the worst of fortune the best of Software

CSE P503: Evolution Principles of There is in the worst of fortune the best of Software chances for a happy change. --Euripides Engineering He who cannot dance will say, The drum is bad --Ashanti proverb David Notkin The ruling power

1.45k views • 119 slides
CSE P503: Principles of Where do architects and designers get their ideas? The answer, of

CSE P503: Principles of Where do architects and designers get their ideas? The answer, of

Design CSE P503: Principles of Where do architects and designers get their ideas? The answer, of course, is mainly from other architects Software and designers, so is it mere casuistry to distinguish between tradition and plagiarism?

1.04k views • 76 slides
CSE P503: Principles of Shoes must Software be worn Engineering David Notkin Autumn 2007

CSE P503: Principles of Shoes must Software be worn Engineering David Notkin Autumn 2007

CSE P503: Principles of Shoes must Software be worn Engineering David Notkin Autumn 2007 Dogs must be carried [Example from Michael Jackson] Principle 0: Establish communication Tommy, can you hear me? Do you copy? Can you hear me

999 views • 62 slides
QUO VADIS, SLD? REASONING ABOUT THE TRENDS AND CHALLENGES OF SYSTEM LEVEL DESIGN Alberto

QUO VADIS, SLD? REASONING ABOUT THE TRENDS AND CHALLENGES OF SYSTEM LEVEL DESIGN Alberto

1 QUO VADIS, SLD? REASONING ABOUT THE TRENDS AND CHALLENGES OF SYSTEM LEVEL DESIGN Alberto Sangiovanni-Vincentelli Presentation by Michael Zimmer September 21 st , 2010 Current Problems 2 Exponentially rising complexity in circuits and

703 views • 44 slides
Rhapsody in Green: Jazz Pharma Corporate migration into Ireland & impact on equity incentives

Rhapsody in Green: Jazz Pharma Corporate migration into Ireland & impact on equity incentives

Rhapsody in Green: Jazz Pharma Corporate migration into Ireland & impact on equity incentives Keavy Ryan, Rosaleen Boyle, Larissa Schwartz 21 November 2013 Overview Jazz Pharma history & background to migration Role of

248 views • 10 slides
Digital Bridge Governance Principles Transparency: Stakeholders will have Utility: The

Digital Bridge Governance Principles Transparency: Stakeholders will have Utility: The

Digital Bridge Governance Principles Transparency: Stakeholders will have Utility: The governance body will prioritize visibility into the governance bodys work use of existing information technology and opportunities to provide

590 views • 20 slides
Model-Driven Software Development for Robotics: an overview IEEE-ICRA2011 Workshop on Software

Model-Driven Software Development for Robotics: an overview IEEE-ICRA2011 Workshop on Software

Model-Driven Software Development for Robotics: an overview IEEE-ICRA2011 Workshop on Software Development and Integration in Robotics Jan F. Broenink , Maarten M. Bezemer Control Engineering, University of Twente, The Netherlands Contents

509 views • 21 slides
The 7th International Workshop on Java Technologies for Real-time and Embedded Systems September

The 7th International Workshop on Java Technologies for Real-time and Embedded Systems September

The 7th International Workshop on Java Technologies for Real-time and Embedded Systems September 24, 2009 Jean-Pierre Talpin, INRIA Virtual prototyping Simulation Verification Virtual machines Models of architectures Models of concurrency Plan Why

785 views • 34 slides
Modeling and Verification OUTLINE of Real Time Systems A Brief Introduction Historical

Modeling and Verification OUTLINE of Real Time Systems A Brief Introduction Historical

Modeling and Verification OUTLINE of Real Time Systems A Brief Introduction Historical remarks, what are the problems to solve Untimed Systems Transition systems, and composition Basic model-checking algorithms: CTL and

309 views • 10 slides
Anti-Semitism, Conspiracy Theories, & the Left Behind in Europe Caleb J. McCarthy

Anti-Semitism, Conspiracy Theories, & the Left Behind in Europe Caleb J. McCarthy

Anti-Semitism, Conspiracy Theories, & the Left Behind in Europe Caleb J. McCarthy Politics, Philosophy, Economics Michael Forman University of Washington Tacoma Primary ry Question There is currently a reenergizing of

118 views • 7 slides
GLOBAL RHETORIC AND GLOBAL RHETORIC AND LOCAL REALITIES LOCAL REALITIES Zimbabwean Land Reform

GLOBAL RHETORIC AND GLOBAL RHETORIC AND LOCAL REALITIES LOCAL REALITIES Zimbabwean Land Reform

GLOBAL RHETORIC AND GLOBAL RHETORIC AND LOCAL REALITIES LOCAL REALITIES Zimbabwean Land Reform Zimbabwean Land Reform By By Ivan Farayi Muzondo Ivan Farayi Muzondo IN THIS PRESENTATION IN THIS PRESENTATION Introduction Brief

296 views • 10 slides
The rhetoric of the London Missionary Society in Tuvalu 1 / 14 00001 - 00:00:01 The rhetoric of

The rhetoric of the London Missionary Society in Tuvalu 1 / 14 00001 - 00:00:01 The rhetoric of

The rhetoric of the London Missionary Society in Tuvalu 1 / 14 00001 - 00:00:01 The rhetoric of the London Missionary Society in Tuvalu 2 / 14 00002 - 00:16:50 The rhetoric of the London Missionary Society in Tuvalu 3 / 14 00003 - 00:17:10

612 views • 14 slides
G20 S G20 Summits substance behind i b b hi d the rhetoric? the rhetoric? Mik C ll Mike

G20 S G20 Summits substance behind i b b hi d the rhetoric? the rhetoric? Mik C ll Mike

G20 S G20 Summits substance behind i b b hi d the rhetoric? the rhetoric? Mik C ll Mike Callaghan h 4 AUGUST 2014 4 AUGUST 2014 1 The St Petersburg Summit 2013 g 2 G20 Engagement Groups g g p 3 APEC Leaders Meeting g 2007 Sydney

342 views • 19 slides
Electronic Tools and Resources for Multi-Word Unit detection and research in Serbian Jelena

Electronic Tools and Resources for Multi-Word Unit detection and research in Serbian Jelena

Electronic Tools and Resources for Multi-Word Unit detection and research in Serbian Jelena Mitrovic, University of Belgrade Serbian is one of the under-resourced languages when it comes to NLP many resources and tools are still being

378 views • 3 slides
Lecture 22: Consensus 2, Experiment 1 "The important thing is to not stop questioning."

Lecture 22: Consensus 2, Experiment 1 "The important thing is to not stop questioning."

HPSC 1001/1901/2101/2901 WHAT IS THIS THING CALLED SCIENCE? Semester 2, 2020 Lecture 22: Consensus 2, Experiment 1 "The important thing is to not stop questioning." Albert Einstein Echoed by Peter Duesberg. Consensus: the ending of

601 views • 23 slides
Types of Questions Question Oxford Dictionary Definition noun a sentence worded or expressed so

Types of Questions Question Oxford Dictionary Definition noun a sentence worded or expressed so

Types of Questions Question Oxford Dictionary Definition noun a sentence worded or expressed so as to elicit information: we hope this leaflet has been helpful in answering your questions verb [with object] ask questions of (someone),

47 views • 4 slides
2 nd semester Topic 21: Advantage for and against essay. 1) Begin your essay by introducing your

2 nd semester Topic 21: Advantage for and against essay. 1) Begin your essay by introducing your

2 nd semester Topic 21: Advantage for and against essay. 1) Begin your essay by introducing your topic and explaining that you are exploring the advantages and disadvantages of this topic. You do not need a thesis because this is not a

91 views • 7 slides
Plan for Today (June Session One) Land Acknowledgment Zoom Breakout Option The

Plan for Today (June Session One) Land Acknowledgment Zoom Breakout Option The

Plan for Today (June Session One) Land Acknowledgment Zoom Breakout Option The Stockbridge Indians 5-minute break at halftime Lewis Henry Morgan Answers to Questions from Chat messages 1 Part 2 Fridays in June

463 views • 25 slides
TDDD89 Introductions Workshop Pamela Vang Overview Structure Language Motivation Johan

TDDD89 Introductions Workshop Pamela Vang Overview Structure Language Motivation Johan

TDDD89 Introductions Workshop Pamela Vang Overview Structure Language Motivation Johan berg Not a heading Describe the problem and put it in a context that shows its importance. WHY should this be studied? This is the motivation for

416 views • 18 slides
What is scale? @catswetel #qconlondon How a system How things responds change when its

What is scale? @catswetel #qconlondon How a system How things responds change when its

V A R i E t Y The Spice of Life and the Secret to Scale @catswetel #qconlondon What is scale? @catswetel #qconlondon How a system How things responds change when its size with size changes Santa Fe Institute How a

982 views • 64 slides
Collective Annotation: Applying Voting Theory to Computational Linguistics Ulle Endriss

Collective Annotation: Applying Voting Theory to Computational Linguistics Ulle Endriss

Collective Annotation FNWI Student Colloquium 2015 Collective Annotation: Applying Voting Theory to Computational Linguistics Ulle Endriss Institute for Logic, Language and Computation University of Amsterdam joint work with Raquel

461 views • 7 slides
Authentication and Identity Systems Brad Hill Me iSEC Partners: 2005 Mid-April 2011

Authentication and Identity Systems Brad Hill Me iSEC Partners: 2005 Mid-April 2011

Common Flaws of Distributed Authentication and Identity Systems Brad Hill Me iSEC Partners: 2005 Mid-April 2011 PayPal ISG: Mid-May 2011 - ??? Reminder: This workshops RFP close: Early April 2011 My position paper does not

343 views • 11 slides
7-Speech Quality Assessment Quality Levels Subjective Tests Objective Tests Intelligibility

7-Speech Quality Assessment Quality Levels Subjective Tests Objective Tests Intelligibility

7-Speech Quality Assessment Quality Levels Subjective Tests Objective Tests Intelligibility Naturalness Quality Levels Synthetic Quality (Under 4.8 kbps) Communication Quality (4.8 to 13 kbps) Toll Quality (13 to 64 kbps) Broadcast Quality

548 views • 27 slides

More recommend