Embed Size (px)
Citation preview
Problem Frame Transformations:Deriving Specifications from Requirements
May 23rd, 20062nd International Workshop on Applications and Advances in Problem Frames
(IWAAPF'06, part of ICSE'06)
Robert SeaterDaniel Jackson
Software Design GroupMassachusetts Institute of Technology
History
● tool for understanding proton therapy machine● understand & analyze existing system● handle arbitrary topologies● local reasoning (local understanding)● record reasoning (tracability, communication)● experts on hand
Requirements & Specifications
● does the spec enforce the requirement?
Requirements & Specifications
● does the spec enforce the requirement?
● relies on domain domain assumptionsassumptions
Requirements & Specifications
● does the spec enforce the requirement?
● relies on domain domain assumptionsassumptions
● conventional solution: catalogue of frame frame concernsconcerns derived from prior experience
● template for correctness argument, list of relevant assumptions
Key Observations
● requirement is not a spec onlyonly because it references phenomena not controlled by the machine
● domain assumption justifies constraining p1 instead of p2
● can incrementally transform requirement into spec plus set of domain assumptions
Transformation Toolkit
● addadd a breadcrumb
● rephraserephrase the goal
● pushpush an arc
● splitsplit/mergemerge arcs
● heuristicheuristic: walk the requirement towards the machine
Transformation Toolkit
● addadd a breadcrumb
● rephraserephrase the goal
● pushpush an arc
● splitsplit/mergemerge arcs
● heuristicheuristic: walk the requirement towards the machine
Transformation Toolkit
● addadd a breadcrumb
● rephraserephrase the goal
● pushpush an arc
● splitsplit/mergemerge arcs
● heuristicheuristic: walk the requirement towards the machine
re la te re ferenced p henom to other p henom
Transformation Toolkit
● addadd a breadcrumb
● rephraserephrase the goal
● pushpush an arc
● splitsplit/mergemerge arcs
● heuristicheuristic: walk the requirement towards the machine
re la te referenced p henom to other p henom
Transformation Toolkit
● addadd a breadcrumb
● rephraserephrase the goal
● pushpush an arc
● splitsplit/mergemerge arcs
● heuristicheuristic: walk the requirement towards the machine
Brea d crum b ^ Rep hra sed Goa l = > Pr ior Goa l
re la te re ferenced p henom to other p henom
Transformation Toolkit
● addadd a breadcrumb
● rephraserephrase the goal
● pushpush an arc
● splitsplit/mergemerge arcs
● heuristicheuristic: walk the requirement towards the machine
Brea d crum b ^ Rep hra sed Goa l = > Pr ior Goa l
re la te re ferenced p henom to other p henom
Transformation Toolkit
● addadd a breadcrumb
● rephraserephrase the goal
● pushpush an arc
● splitsplit/mergemerge arcs
● heuristicheuristic: walk the requirement towards the machine
Brea d crum b ^ Rep hra sed Goa l = > Pr ior Goa l
p henom on tha t a rc m ust b e sha red
re la te re ferenced p henom to other p henom
Transformation Toolkit
● addadd a breadcrumb
● rephraserephrase the goal
● pushpush an arc
● splitsplit/mergemerge arcs
● heuristicheuristic: walk the requirement towards the machine
p henom on tha t a rc m ust b e sha red
Brea d crum b ^ Rep hra sed Goa l = > Pr ior Goa l
re la te re ferenced p henom to other p henom
Transformation Toolkit
● addadd a breadcrumb
● rephraserephrase the goal
● pushpush an arc
● splitsplit/mergemerge arcs
● heuristicheuristic: walk the requirement towards the machine
p henom on tha t a rc m ust b e sha red
Brea d crum b ^ Rep hra sed Goa l = > Pr ior Goa l
nothing e lse cha ng es
re la te re ferenced p henom to other p henom
Two-Way Traffic Light
Two-Way Traffic Light
Northward
Southward
Two-Way Traffic Light
Northward
Southward
Two-Way Traffic Light
Northward
Southward
Two-Way Traffic LightNGpulse
NGobserve
Northward
Southward
Two-Way Traffic Light
Northward
Southward
SRpulse
SRobserve
NGobserve
Two-Way Traffic LightNGpulse
Northward
Southward
SRobserve
Two-Way Traffic LightNRpulse
Northward
Southward
SRobserve
NRobserve
Two-Way Traffic Light
Northward
Southward
SRobserve
NRobserve
NGpulse
NGobserve
Problem Frame Description
Breadcrumb 1
Rephrase 1
Rephrase 1
Push 1
Breadcrumb 2
Rephrase 2
Rephrase 2
Push 2
Provides
● systematic local reasoning
● global guarantee
● tracability: trail of breadcrumbs● identify unused phenomena● handle general topologies● formalize use of frame concern● local patterns replace global patterns
Breadcru m b ^ Reph rased Goal => Prior Goal
Breadcru m b_0 ^ ... ^ Breadcru m b_n ^ Specif ica tion => Requ irem en t
Difficulties
● systematic not automatic (inescapable)● readability, implementability, consistency● which breadcrumb/rewrite?● which push? split?● get stuck later on?
Cartoon of Big Example
Cartoon of Big Example
Cartoon of Big Example
Cartoon of Big Example
Cartoon of Big Example
Cartoon of Big Example
Cartoon of Big Example
Cartoon of Big Example
Cartoon of Big Example
Cartoon of Big Example
Cartoon of Big Example
Cartoon of Big Example
Cartoon of Big Example
Cartoon of Big Example
Future Work
● patterns for local steps, concurrent steps● proton therapy case study / safety case● example/error progression
Related Work on Problem Frames
● Jackson, Zave (1995) turnstyle example● Jackson (2001) problem progression● Rapanotti, Hall, Li (2006) causal reasoning● Hall, Rapanotti (2006) requirement progression● Hall, Jackson, Laney, Nuseibeh, Rapanotti (2002,
2004) modeling architectural decisions
(end)
Problem Frames
– problem-oriented descriptions
– phenomena: observable
– domains: collections of phenomena
– requirement references phenomena
– machine controls phenomena to enforce requirement
– specification references controlled phenomena
Typical Transformation
● need to constrain p1 instead of p2
Typical Transformation
● need to constrain p1 instead of p2
● addadd a breadcrumb assumption relating p1 and p2
Typical Transformation
● need to constrain p1 instead of p2
● addadd a breadcrumb assumption relating p1 and p2
● rephraserephrase the goal to reference p1 instead of p2 such thatBreadcru m b ^ Reph rased Goal => Prior Goal
Typical Transformation
● need to constrain p1 instead of p2
● addadd a breadcrumb assumption relating p1 and p2
● rephraserephrase the goal to reference p1 instead of p2 such that
● pushpush the goal towards the machine
Breadcru m b ^ Reph rased Goal => Prior Goal
