James S. Wheaton,Daniel R. Herber

2024-02-21

Abstract:Traditional requirements engineering tools do not readily access the SysML-defined system architecture model, often resulting in ad-hoc duplication of model elements that lacks the connectivity and expressive detail possible in a SysML-defined model. Without that model connectivity, requirement quality can suffer due to imprecision and inconsistent terminology, frustrating communication during system development. Further integration of requirements engineering activities with MBSE contributes to the Authoritative Source of Truth while facilitating deep access to system architecture model elements for V&V activities. The Model-Based Structured Requirement SysML Profile was extended to comply with the INCOSE Guide to Writing Requirements updated in 2023 while conforming to the ISO/IEC/IEEE 29148 standard requirement statement templates. Rules, Characteristics, and Attributes were defined in SysML according to the Guide to facilitate requirements definition and requirements V&V. The resulting SysML Profile was applied in two system architecture models at NASA Jet Propulsion Laboratory, allowing us to explore its applicability and value in real-world project environments. Initial results indicate that INCOSE-derived Model-Based Structured Requirements may rapidly improve requirement expression quality while complementing the NASA Systems Engineering Handbook checklist and guidance, but typical requirement management activities still have challenges related to automation and support with the system architecture modeling software.

Systems and Control

Wojciech Dudek,Narcis Miguel,Tomasz Winiarski

2024-08-29

Abstract:Evaluating early design concepts is crucial as it impacts quality and cost. This process is often hindered by vague and uncertain design information. This article introduces the SysML-based Simulated-Physical Systems Modeling Language (SPSysML). It is a Domain-Specification Language used to evaluate component reusability in cyber-physical systems, incorporating digital twins and other simulated parts. The proposed factors assess the design quantitatively. SPSysML uses a requirement-based system structuring method to couple simulated and physical parts with requirements. SPSysML enables DTs to perceive exogenous actions in the simulated world. SPSysML validation is survey- and application-based. First, a robotic system for an assisted living project was developed. The integrity of simulated and physical parts of the system is improved using SPSysML-based quantitative evaluation. Thus, more system components are shared between the simulated and physical setups. The system was deployed on the physical robot and two simulators based on the Robot Operating System (ROS) or ROS2. SPSysML was used by a third-party developer and was assessed by him and other practitioners in a survey.

Software Engineering,Hardware Architecture,Multiagent Systems,Robotics,Systems and Control

Roopak Sinha,Cheng Pang,Gerardo Santillán Martínez,Juha Kuronen,Valeriy Vyatkin

DOI: https://doi.org/10.48550/arXiv.2108.07400

2021-08-17

Software Engineering

Abstract:Industrial cyber-physical systems require complex distributed software to orchestrate many heterogeneous mechatronic components and control multiple physical processes. Industrial automation software is typically developed in a model-driven fashion where abstractions of physical processes called plant models are co-developed and iteratively refined along with the control code. Testing such multi-dimensional systems is extremely difficult because often models might not be accurate, do not correspond accurately with subsequent refinements, and the software must eventually be tested on the real plant, especially in safety-critical systems like nuclear plants. This paper proposes a framework wherein high-level functional requirements are used to automatically generate test cases for designs at all abstraction levels in the model-driven engineering process. Requirements are initially specified in natural language and then analyzed and specified using a formalized ontology. The requirements ontology is then refined along with controller and plant models during design and development stages such that test cases can be generated automatically at any stage. A representative industrial water process system case study illustrates the strengths of the proposed formalism. The requirements meta-model proposed by the CESAR European project is used for requirements engineering while IEC 61131-3 and model-driven concepts are used in the design and development phases. A tool resulting from the proposed framework called REBATE (Requirements Based Automatic Testing Engine) is used to generate and execute test cases for increasingly concrete controller and plant models.

Maria Spichkova,Heinrich Schmidt,Ian Peake

DOI: https://doi.org/10.48550/arXiv.1403.1005

2014-03-05

Software Engineering

Abstract:An appropriate system model gives developers a better overview, and the ability to fix more inconsistencies more effectively and earlier in system development, reducing overall effort and cost. However, modelling assumes abstraction of several aspects of the system and its environment, and this abstraction should be not overlooked, but properly taken into account during later development phases. This is especially especially important for the cases of remote integration, testing/verification, and manufacturing of cyber-physical systems. For this reason we introduce a development methodology for cyber-physical systems (CPS) with a focus on the abstraction levels of the system representation, based on the idea of refinement-based development of complex, interactive systems.

Alessandro Mignogna,Leonardo Mangeruca,Benoît Boyer,Axel Legay,Alexandre Arnold

DOI: https://doi.org/10.4204/EPTCS.133.7

2013-11-15

Abstract:Exhaustive formal verification for systems of systems (SoS) is impractical and cannot be applied on a large scale. In this paper we propose to use statistical model checking for efficient verification of SoS. We address three relevant aspects for systems of systems: 1) the model of the SoS, which includes stochastic aspects; 2) the formalization of the SoS requirements in the form of contracts; 3) the tool-chain to support statistical model checking for SoS. We adapt the SMC technique for application to heterogeneous SoS. We extend the UPDM/SysML specification language to express the SoS requirements that the implemented strategies over the SoS must satisfy. The requirements are specified with a new contract language specifically designed for SoS, targeting a high-level English- pattern language, but relying on an accurate semantics given by the standard temporal logics. The contracts are verified against the UPDM/SysML specification using the Statistical Model Checker (SMC) PLASMA combined with the simulation engine DESYRE, which integrates heterogeneous behavioral models through the functional mock-up interface (FMI) standard. The tool-chain allows computing an estimation of the satisfiability of the contracts by the SoS. The results help the system architect to trade-off different solutions to guide the evolution of the SoS.

Software Engineering

Carsten Wiecher,Constantin Mandel,Matthias Günther,Jannik Fischbach,Joel Greenyer,Matthias Greinert,Carsten Wolff,Roman Dumitrescu,Daniel Mendez,Albert Albers

2023-11-16

Abstract:The specification of requirements and tests are crucial activities in automotive development projects. However, due to the increasing complexity of automotive systems, practitioners fail to specify requirements and tests for distributed and evolving systems with complex interactions when following traditional development processes. To address this research gap, we propose a technique that starts with the early identification of validation concerns from a stakeholder perspective, which we use to systematically design tests that drive a scenario-based modeling and analysis of system requirements. To ensure complete and consistent requirements and test specifications in a form that is required in automotive development projects, we develop a Model-Based Systems Engineering (MBSE) methodology. This methodology supports system architects and test designers in the collaborative application of our technique and in maintaining a central system model, in order to automatically derive the required specifications. We evaluate our methodology by applying it at KOSTAL (Tier1 supplier) and within student projects as part of the masters program Embedded Systems Engineering. Our study corroborates that our methodology is applicable and improves existing requirements and test specification processes by supporting the integrated and stakeholder-focused modeling of product and validation systems, where the early definition of stakeholder and validation concerns fosters a problem-oriented, iterative and test-driven requirements modeling.

Software Engineering

Sergej Japs,Harald Anacker

DOI: https://doi.org/10.1017/pds.2021.517

2021-07-27

Proceedings of the Design Society

Abstract:Abstract Cyber-physical systems (CPS), like autonomous vehicles, are intelligent and networked. The development of such systems and its components requires interdisciplinary cooperation between different stakeholders. A lack of system understanding between stakeholders can lead to unidentified and unresolved security threats & safety hazards in early engineering phases, resulting in high costs in product development and potentially compromises compliance with the safety of CPS. Model-based systems engineering (MBSE) improves the system understanding between stakeholders by using models. However, MBSE approaches only partially address security threats & safety hazards. In particular, their integrative consideration is not taken into account. Established security & safety approaches are either only applicable to specific disciplines or only partially consider security threats & safety hazards. In the context of this paper we present a method for the resolution of safety relevant security threats in the system architecture design phase using design patterns. We illustrate our approach with the example of the automotive sector. Finally, we present an evaluation of the method, based on an 8 week project with 67 master students.

Ondřej Vašíček,Joaquin Arias,Jan Fiedor,Gopal Gupta,Brendan Hall,Bohuslav Křena,Brian Larson,Sarat Chandra Varanasi,Tomáš Vojnar

2024-08-19

Abstract:This paper proposes a new methodology for early validation of high-level requirements on cyber-physical systems with the aim of improving their quality and, thus, lowering chances of specification errors propagating into later stages of development where it is much more expensive to fix them. The paper presents a transformation of a real-world requirements specification of a medical device$-$a PCA pump$-$into an Event Calculus model that is then evaluated using answer set programming and the s(CASP) system. The evaluation under s(CASP) allowed deductive as well as abductive reasoning about the specified functionality of the PCA pump on the conceptual level with minimal implementation or design dependent influences, and led to fully-automatically detected nuanced violations of critical safety properties. Further, the paper discusses scalability and non-termination challenges that had to be faced in the evaluation and techniques proposed to (partially) solve them. Finally, ideas for improving s(CASP) to overcome its evaluation limitations that still persist as well as to increase its expressiveness are presented.

Logic in Computer Science,Software Engineering

Emmanuel Ledinot

DOI: https://doi.org/10.48550/arXiv.2104.13210

2021-04-26

Abstract:Virtualization of computing and networking, IT-OT convergence, cybersecurity and AI-based enhancement of autonomy are significantly increasing the complexity of CPS and CPSoS. New challenges have emerged to demonstrate that these systems are safe and secure. We emphasize the role of control and emerging fields therein, like symbolic control or set-based fault-tolerant and decentralized control, to address safety. We have chosen three open verification problems we deem central in cost-effective development and certification of safety critical CPSoS. We review some promising threads of research that could lead in the long term to a scalable and powerful verification strategy. Its main components are set-based and invariant-based design, contracts, adversarial testing, algorithmic geometry of dynamics, and probabilistic estimation derived from compositional massive testing. To explore these orientations in collaborative projects, and to promote them in certification arenas, we propose to continue and upgrade an open innovation drone-based use case that originated from a collaborative research project in aeronautic certification reformation

Systems and Control,Symbolic Computation

Antonio Bucchiarone,Davide Di Ruscio,Henry Muccini,Patrizio Pelliccione

DOI: https://doi.org/10.48550/arXiv.0910.0493

2009-10-03

Abstract:When engineering complex and distributed software and hardware systems (increasingly used in many sectors, such as manufacturing, aerospace, transportation, communication, energy, and health-care), quality has become a big issue, since failures can have economics consequences and can also endanger human life. Model-based specifications of a component-based system permit to explicitly model the structure and behaviour of components and their integration. In particular Software Architectures (SA) has been advocated as an effective means to produce quality systems. In this chapter by combining different technologies and tools for analysis and development, we propose an architecture-centric model-driven approach to validate required properties and to generate the system code. Functional requirements are elicited and used for identifying expected properties the architecture shall express. The architectural compliance to the properties is formally demonstrated, and the produced architectural model is used to automatically generate the Java code. Suitable transformations assure that the code is conforming to both structural and behavioural SA constraints. This chapter describes the process and discusses how some existing tools and languages can be exploited to support the approach.

Software Engineering

Oldrich Faldik,Richard Payne,John Fitzgerald,Barbora Buhnova

DOI: https://doi.org/10.4204/EPTCS.245.1

2017-03-21

Abstract:A key challenge in System of Systems (SoS) engineering is the analysis and maintenance of global properties under SoS evolution, and the integration of new constituent elements. There is a need to model the constituent systems composing a SoS in order to allow the analysis of emergent behaviours at the SoS boundary. The Contract pattern allows the engineer to specify constrained behaviours to which constituent systems are required to conform in order to be a part of the SoS. However, the Contract pattern faces some limitations in terms of its accessibility and suitability for verifying contract compatibility. To address these deficiencies, we propose the enrichment of the Contract pattern, which hitherto has been defined using SysML and the COMPASS Modelling Language (CML), by utilising SysML and Object Constraint Language (OCL). In addition, we examine the potential of interface automata, a notation for improving loose coupling between interfaces of constituent systems defined according to the contract, as a means of enabling the verification of contract compatibility. The approach is demonstrated using a case study in audio/video content streaming.

Software Engineering,Formal Languages and Automata Theory

Philipp Berger,Johanna Nellen,Joost-Pieter Katoen,Erika Abraham,Md Tawhid Bin Waez,Thomas Rambow

DOI: https://doi.org/10.48550/arXiv.1906.07083

2019-06-17

Logic in Computer Science

Abstract:In industrial model-based development (MBD) frameworks, requirements are typically specified informally using textual descriptions. To enable the application of formal methods, these specifications need to be formalized in the input languages of all formal tools that should be applied to analyse the models at different development levels. In this paper we propose a unified approach for the computer-assisted formal specification of requirements and their fully automated translation into the specification languages of different verification tools. We consider a two-stage MBD scenario where first Simulink models are developed from which executable code is generated automatically. We (i) propose a specification language and a prototypical tool for the formal but still textual specification of requirements, (ii) show how these requirements can be translated automatically into the input languages of Simulink Design Verifier for verification of Simulink models and BTC EmbeddedValidator for source code verification, and (iii) show how our unified framework enables besides automated formal verification also the automated generation of test cases.

Anastasia Mavridou,Hamza Bourbouh,Dimitra Giannakopoulou,Thomas Pressburger,Mohammad Hejase,Pierre-Loic Garoche,Johann Schumann

DOI: https://doi.org/10.1109/re48521.2020.00040

2020-08-01

Abstract:Capturing and analyzing requirements of Cyber-Physical Systems (CPS) can be challenging, since CPS models typically involve time-varying and real-valued variables, physical system dynamics, or even adaptive behavior. MATLAB/Simulink is a development and simulation framework that is widely used in industry to capture such systems. In this paper, we report on the application of NASA Ames tools to perform end-to-end analysis of the Ten Lockheed Martin Challenge Problems (LMCPS). LMCPS is a set of industrial Simulink model benchmarks and natural language requirements developed by domain experts. Our framework, which integrates the tools FRET and COCOSIM, is used to: 1) elicit, explain, and formalize the semantics of the given natural language requirements; 2) generate verification code and monitors that can be automatically attached to the Simulink models; 3) perform verification by using SMT-based model checkers. FRET and COCOS1M are open source, and can be used by other researchers and practitioners to replicate our case study. We provide a categorization of recurring patterns in the formalization of the requirements and discuss the strengths and weaknesses of our automated verification approach.

Jiawan Wang,Wenxia Liu,Muzimiao Zhang,Jiaqi Wei,Yuhui Shi,Lei Bu,Xuandong Li

DOI: https://doi.org/10.1007/978-3-031-65633-0_15

2024-01-01

Abstract:Cyber-physical systems (CPSs) are used in many safety-critical areas, making it crucial to ensure their safety. However, with CPSs increasingly dynamically deployed and reconfigured during run-time, their safety analysis becomes challenging. For one thing, reconfigurable CPSs usually consist of multiple agents dynamically connected during runtime. Their highly dynamic system topologies are too intricate for traditional modeling languages, which, in turn, hinders formal analysis. For another, due to the growing size and uncertainty of reconfigurable CPSs, their system models can be huge and even unavailable at design time. This calls for runtime analysis approaches with better scalability and efficiency. To address these challenges, we propose a scenario-based hierarchical modeling language for reconfigurable CPS. It provides template models for agent inherent features, together with an instantiation mechanism to activate single agent's runtime behavior, communication configurations for multiple agents' connected behaviors, and scenario task configurations for their dynamic topologies. We also present a path-oriented falsification approach to falsify system requirements. It employs classification-model-based optimization to explore search space effectively and cut unnecessary system simulations and robustness calculations for efficiency. Our modeling and falsification are implemented in a tool called SNIFF. Experiments have shown that it can largely reduce modeling time and improve modeling accuracy, and perform scalable CPS falsification with high success rates in seconds.

Steve Tueno,Régine Laleau,Amel Mammar,Marc Frappier

DOI: https://doi.org/10.48550/arXiv.1710.00903

2017-10-02

Software Engineering

Abstract:A means of building safe critical systems consists of formally modeling the requirements formulated by stakeholders and ensuring their consistency with respect to application domain properties. This paper proposes a metamodel for an ontology modeling formalism based on OWL and PLIB. This modeling formalism is part of a method for modeling the domain of systems whose requirements are captured through SysML/KAOS. The formal semantics of SysML/KAOS goals are represented using Event-B specifications. Goals provide the set of events, while domain models will provide the structure of the system state of the Event-B specification. Our proposal is illustrated through a case study dealing with a Cycab localization component specification. The case study deals with the specification of a localization software component that uses GPS,Wi-Fi and sensor technologies for the realtime localization of the Cycab vehicle, an autonomous ground transportation system designed to be robust and completely independent.

Carsten Wiecher,Constantin Mandel,Matthias Günther,Jannik Fischbach,Joel Greenyer,Matthias Greinert,Carsten Wolff,Roman Dumitrescu,Daniel Mendez,Albert Albers

DOI: https://doi.org/10.1002/sys.21748

IF: 2.034

2024-02-10

Systems Engineering

Abstract:The specification of requirements and tests are crucial activities in automotive development projects. However, due to the increasing complexity of automotive systems, practitioners fail to specify requirements and tests for distributed and evolving systems with complex interactions when following traditional development processes. To address this research gap, we propose a technique that starts with the early identification of validation concerns from a stakeholder perspective, which we use to systematically design tests that drive a scenario‐based modeling and analysis of system requirements. To ensure complete and consistent requirements and test specifications in a form that is required in automotive development projects, we develop a Model‐Based Systems Engineering (MBSE) methodology. This methodology supports system architects and test designers in the collaborative application of our technique and in maintaining a central system model, in order to automatically derive the required specifications. We evaluate our methodology by applying it at KOSTAL (Tier1 supplier) and within student projects as part of the masters program Embedded Systems Engineering. Our study corroborates that our methodology is applicable and improves existing requirements and test specification processes by supporting the integrated and stakeholder‐focused modeling of product and validation systems, where the early definition of stakeholder and validation concerns fosters a problem‐oriented, iterative and test‐driven requirements modeling.

engineering, industrial,operations research & management science

Rafael Rosales,Michael Paulitsch

DOI: https://doi.org/10.1145/3386244

2021-01-28

Abstract:Time plays a major role in the specification of Cyber-physical Systems (CPS) behavior with concurrency, timeliness, asynchrony, and resource limits as their main characteristics. In addition to timeliness , the specification of CPS needs to assess and unambiguously define its behavior with respect to the other Quality-of-Information (QoI) properties: (1) Correctness, (2) Completeness, (3) Consistency, and (4) Accuracy. Very often, CPS need to handle these QoI properties, and any combination thereof, multiple times when performing computation and communication processes. However, a model-driven and systematic approach to specify CPS behavior that jointly considers combined QoI aspects is possible but missing in existing methodologies. As the first contribution of this work, we provide an extension to an established model of computation (MoC) based on “Functions driven by Finite State Machine” (FunState) to enable a model-driven composition mechanism to create CPS behavior specifications from reusable components. Second, we present a novel set of design patterns to illustrate the modeling of QoI-aware CPS specifications that can be applied in several state-of-the-art Electronic System Level (ESL) methodologies. The time semantics of the MoC are formalized using the tagged-signal-model, and the presented model-driven approach enables the composition of multiple design patterns. The main benefits of the presented model-driven approach and design patterns to create CPS specifications are as follows: (a) reduce modeling effort, errors, and time through the reuse of known recipes to re-incurring tasks and allow to automatically generate repetitive control flows based on extended Finite State Machines; (b) increase system robustness and facilitate the creation of holistic QoI management allowing to unambiguously define system behavior for scenarios with single/multiple QoI requirement violations in different models of computation; (c) dynamically validate timing behavior of system implementations to enable a multi-objective optimization of nonfunctional properties that influence CPS timing. We demonstrate the aforementioned benefits through the modeling and evaluation of an infrastructure-assisted automated driving case study using Infrastructure-to-Vehicle (I2V) communications to distribute QoI critical road environment information.

Gong Zhang,Tao Yue,Shaukat Ali,Ji Wu

2013-01-01

Abstract:The transition from requirements expressed in natural language (NL) to a structured, formalized specification is an important issue to support requirements analysis and to generate an (initial) analysis model. Use case diagrams are commonly used to capture system requirements as use cases, relationships among them and interactions with actors. Using template and restriction rules is a common feature of NL analysis for reducing imprecision and incompleteness in use case specifications. Use case diagrams, together with template and restriction rules, form a use case modeling approach, which helps achieve better understandability of use cases and improved quality of derived analysis models. In this paper, we extend a general use case approach (RUCM) for Cyber-Physical Systems (CPSs) with specific characteristics of being network-based, distributed and real-time embedded (NDRTE), which usually contains redundant/crosscutting properties. Two RUCM extensions are proposed to achieve this objective: RUCM-NDRTE and AO-RUCM (for modeling crosscutting behaviors).

Jiawei Chen,José Luiz Vargas de Mendonça,Bereket Shimels Ayele,Bereket Ngussie Bekele,Shayan Jalili,Pranjal Sharma,Nicholas Wohlfeil,Yicheng Zhang,Jean-Baptiste Jeannin

2024-09-04

Abstract:Cyber-Physical Systems (CPS) consist of software interacting with the physical world, such as robots, vehicles, and industrial processes. CPS are frequently responsible for the safety of lives, property, or the environment, and so software correctness must be determined with a high degree of certainty. To that end, simply testing a CPS is insufficient, as its interactions with the physical world may be difficult to predict, and unsafe conditions may not be immediately obvious. Formal verification can provide stronger safety guarantees but relies on the accuracy of the verified system in representing the real system. Bringing together verification and implementation can be challenging, as languages that are typically used to implement CPS are not easy to formally verify, and languages that lend themselves well to verification often abstract away low-level implementation details. Translation between verification and implementation languages is possible, but requires additional assurances in the translation process and increases software complexity; having both in a single language is desirable. This paper presents a formalization of MARVeLus, a CPS language which combines verification and implementation. We develop a metatheory for its synchronous refinement type system and demonstrate verified synchronous programs executing on real systems.

Programming Languages

Xiaohong Chen,Ling Yin,Yijun Yu,Zhi Jin

DOI: https://doi.org/10.1007/978-3-319-68690-5_4

2017-01-01

Abstract:The timing requirements of embedded cyber-physical systems (CPS) constrain CPS behaviors made by scheduling analysis. Lack of physical entity properties modeling and the need of scheduling analysis require a systematic approach to specify timing requirements of CPS at the early phase of requirements engineering. In this work, we extend the Problem Frames notations to capture timing properties of both cyber and physical domain entities into Clock Constraint Specification Language (CCSL) constraints which is more explicit that LTL for scheduling analysis. Interpreting them using operational semantics as finite state machines, we are able to transform these timing requirements into CCSL scheduling constraints, and verify their consistency on NuSMV. Our TimePF tool-supported approach is illustrated through the verification of timing requirements for a representative problem in embedded CPS.