130 likes | 209 Views
Building Dependable Systems. R1. There is a single control button available for the user of the oven. If the oven is idle with the door closed and you push the button, the oven will start cooking (this is, energize the power-tube for one minute).
E N D
R1. There is a single control button available for the user of the oven. If the oven is idle with the door closed and you push the button, the oven will start cooking (this is, energize the power-tube for one minute). R2. If the button is pushed while the oven is cooking it will cause the oven to cook for an extra minute. R1. There is a single control button available for the user of the oven. If the oven is idle with the door closed and you push the button, the oven will start cooking (this is, energize the power-tube for one minute). R2. If the button is pushed while the oven is cooking it will cause the oven to cook for an extra minute. Ambiguous Defect Removal Formalisation Incomplete Control of Complexity Inconsistent Behavior Trees Informal Requirements Complex Integration Simulation Model Checking Implementation Integrated Behavior Tree
Informal Requirements Informal Requirements Requirement Behavior Trees Requirements Translation R1. There is a single control button available for the user of the oven. If the oven is idle with the door closed and you push the button, the oven will start cooking (this is, energize the power-tube for one minute). R2. If the button is pushed while the oven is cooking it will cause the oven to cook for an extra minute. R3. Pushing the button when the door is open has no effect (because it is disabled). R4. Whenever the oven is cooking or the door is open the light in the oven will be on. R5. Opening the door stops the cooking. R6. Closing the door turns off the light. This is the normal idle state, prior to cooking when the user has placed food in the oven. R7. If the oven times-out, the light and the power-tube are turned off and then a beeper emits a sound to indicate that the cooking is finished. Simulation Integrated Behavior Tree Requirements Integration Verification Component Behavior Tree Implementation
Requirements Translation Informal Requirements Requirement Behavior Trees Requirements Translation R1. There is a single control button available for the user of the oven. If the oven is idle with the door closed and you push the button, the oven will start cooking (this is, energize the power-tube for one minute). R2. If the button is pushed while the oven is cooking it will cause the oven to cook for an extra minute. R3. Pushing the button when the door is open has no effect (because it is disabled). R4. Whenever the oven is cooking or the door is open the light in the oven will be on. R5. Opening the door stops the cooking. R6. Closing the door turns off the light. This is the normal idle state, prior to cooking when the user has placed food in the oven. R7. If the oven times-out, the light and the power-tube are turned off and then a beeper emits a sound to indicate that the cooking is finished. Simulation Integrated Behavior Tree Requirements Integration Verification Component Behavior Tree Implementation
Requirement Behavior Tree Informal Requirements Requirement Behavior Trees Requirements Translation R1. There is a single control button available for the user of the oven. If the oven is idle with the door closed and you push the button, the oven will start cooking (this is, energize the power-tube for one minute). R2. If the button is pushed while the oven is cooking it will cause the oven to cook for an extra minute. R3. Pushing the button when the door is open has no effect (because it is disabled). R4. Whenever the oven is cooking or the door is open the light in the oven will be on. R5. Opening the door stops the cooking. R6. Closing the door turns off the light. This is the normal idle state, prior to cooking when the user has placed food in the oven. R7. If the oven times-out, the light and the power-tube are turned off and then a beeper emits a sound to indicate that the cooking is finished. Simulation Integrated Behavior Tree Requirements Integration Verification Component Behavior Tree Implementation
Requirements Integration Informal Requirements Requirement Behavior Trees Requirements Translation R1. There is a single control button available for the user of the oven. If the oven is idle with the door closed and you push the button, the oven will start cooking (this is, energize the power-tube for one minute). R2. If the button is pushed while the oven is cooking it will cause the oven to cook for an extra minute. R3. Pushing the button when the door is open has no effect (because it is disabled). R4. Whenever the oven is cooking or the door is open the light in the oven will be on. R5. Opening the door stops the cooking. R6. Closing the door turns off the light. This is the normal idle state, prior to cooking when the user has placed food in the oven. R7. If the oven times-out, the light and the power-tube are turned off and then a beeper emits a sound to indicate that the cooking is finished. Simulation Integrated Behavior Tree Requirements Integration Verification Component Behavior Tree Implementation
Integrated Behavior Tree Informal Requirements Requirement Behavior Trees Requirements Translation R1. There is a single control button available for the user of the oven. If the oven is idle with the door closed and you push the button, the oven will start cooking (this is, energize the power-tube for one minute). R2. If the button is pushed while the oven is cooking it will cause the oven to cook for an extra minute. R3. Pushing the button when the door is open has no effect (because it is disabled). R4. Whenever the oven is cooking or the door is open the light in the oven will be on. R5. Opening the door stops the cooking. R6. Closing the door turns off the light. This is the normal idle state, prior to cooking when the user has placed food in the oven. R7. If the oven times-out, the light and the power-tube are turned off and then a beeper emits a sound to indicate that the cooking is finished. Simulation Integrated Behavior Tree Requirements Integration Verification Component Behavior Tree Implementation
Component Behavior Tree Informal Requirements Requirement Behavior Trees Requirements Translation R1. There is a single control button available for the user of the oven. If the oven is idle with the door closed and you push the button, the oven will start cooking (this is, energize the power-tube for one minute). R2. If the button is pushed while the oven is cooking it will cause the oven to cook for an extra minute. R3. Pushing the button when the door is open has no effect (because it is disabled). R4. Whenever the oven is cooking or the door is open the light in the oven will be on. R5. Opening the door stops the cooking. R6. Closing the door turns off the light. This is the normal idle state, prior to cooking when the user has placed food in the oven. R7. If the oven times-out, the light and the power-tube are turned off and then a beeper emits a sound to indicate that the cooking is finished. Simulation Integrated Behavior Tree Requirements Integration Verification Component Behavior Tree Implementation
Simulation Informal Requirements Requirement Behavior Trees Requirements Translation R1. There is a single control button available for the user of the oven. If the oven is idle with the door closed and you push the button, the oven will start cooking (this is, energize the power-tube for one minute). R2. If the button is pushed while the oven is cooking it will cause the oven to cook for an extra minute. R3. Pushing the button when the door is open has no effect (because it is disabled). R4. Whenever the oven is cooking or the door is open the light in the oven will be on. R5. Opening the door stops the cooking. R6. Closing the door turns off the light. This is the normal idle state, prior to cooking when the user has placed food in the oven. R7. If the oven times-out, the light and the power-tube are turned off and then a beeper emits a sound to indicate that the cooking is finished. Simulation Integrated Behavior Tree Requirements Integration Verification Component Behavior Tree Implementation
Verification Informal Requirements Requirement Behavior Trees Requirements Translation R1. There is a single control button available for the user of the oven. If the oven is idle with the door closed and you push the button, the oven will start cooking (this is, energize the power-tube for one minute). R2. If the button is pushed while the oven is cooking it will cause the oven to cook for an extra minute. R3. Pushing the button when the door is open has no effect (because it is disabled). R4. Whenever the oven is cooking or the door is open the light in the oven will be on. R5. Opening the door stops the cooking. R6. Closing the door turns off the light. This is the normal idle state, prior to cooking when the user has placed food in the oven. R7. If the oven times-out, the light and the power-tube are turned off and then a beeper emits a sound to indicate that the cooking is finished. Simulation Integrated Behavior Tree Requirements Integration Verification Component Behavior Tree Implementation
Automatically Generated Implementation Informal Requirements Requirements Translation R1. There is a single control button available for the user of the oven. If the oven is idle with the door closed and you push the button, the oven will start cooking (this is, energize the power-tube for one minute). R2. If the button is pushed while the oven is cooking it will cause the oven to cook for an extra minute. R3. Pushing the button when the door is open has no effect (because it is disabled). R4. Whenever the oven is cooking or the door is open the light in the oven will be on. R5. Opening the door stops the cooking. R6. Closing the door turns off the light. This is the normal idle state, prior to cooking when the user has placed food in the oven. R7. If the oven times-out, the light and the power-tube are turned off and then a beeper emits a sound to indicate that the cooking is finished. Simulation Integrated Behavior Tree Verification Component Behavior Tree Implementation
Building Dependable Systems Informal Requirements Requirement Behavior Trees Requirements Translation R1. There is a single control button available for the user of the oven. If the oven is idle with the door closed and you push the button, the oven will start cooking (this is, energize the power-tube for one minute). R2. If the button is pushed while the oven is cooking it will cause the oven to cook for an extra minute. R3. Pushing the button when the door is open has no effect (because it is disabled). R4. Whenever the oven is cooking or the door is open the light in the oven will be on. R5. Opening the door stops the cooking. R6. Closing the door turns off the light. This is the normal idle state, prior to cooking when the user has placed food in the oven. R7. If the oven times-out, the light and the power-tube are turned off and then a beeper emits a sound to indicate that the cooking is finished. Simulation Integrated Behavior Tree Requirements Integration Verification Component Behavior Tree Implementation
Building Dependable Systems 1. Control of Complexity Avoids short-term memory overflow Quality, verified software 2. Early Defect Detection Building right system, right 3. Rigorous Translation 4. Ease of Simulation, Model checking Dependable systems 5. Productivity gains for teams Parallel working, Co-operative editing 6. Wide applicability Command and Control, Enterprise Systems