The University of Southampton
University of Southampton Institutional Repository

Domain-specific scenarios for refinement-based methods

Domain-specific scenarios for refinement-based methods
Domain-specific scenarios for refinement-based methods
Formal methods use abstraction and rigorously verified refinement to manage the design of complex systems, ensuring that they satisfy important invariant properties. However, formal verification is not sufficient: models must also be tested to ensure that they behave according to the informal requirements and validated by domain experts who may not be expert in formal modelling. This can be satisfied by scenarios that complement the requirements specification. The model can be animated to check whether the scenario is feasible in the model and that the model reaches the states expected in the scenario. However, there are two problems with this approach. 1) The natural language used to describe the scenarios is often verbose, ambiguous and therefore difficult to understand; especially if the modeller is not a domain expert. 2) Provided scenarios are typically at the most concrete level corresponding to the full requirements and cannot be used until all the refinements have been completed in the model. We show by example how a precise and concise domain specific language can be used for writing these abstract scenarios in a style that can be easily understood by the domain expert (for validation purposes) as well as the modeller (for behavioural verification) and can be used as the persistence for automated tool support. We propose two alternative approaches to using scenarios during formal modelling: A method of refining scenarios before the model is refined so that the scenarios guide the modelling, and a method of abstracting scenarios from provided concrete ones so that they can be used to test early refinements of the model. We illustrate the two approaches on the ‘Tokeneer’ secure enclave example and the ERTMS/ETCS Hybrid Level 3 specification for railway controls. We base our approach on the Cucumber framework for scenarios and the Event-B modelling language and tool set. We have developed a new ‘Scenario Checker’ plugin to manage the animation of scenarios.
Event-B, Cucumber, Validation, Domain Specific Language
1383-7621
Snook, Colin
b2055316-9f7a-4b31-8aa1-be0710046af2
Hoang, Thai Son
dcc0431d-2847-4e1d-9a85-54e4d6bab43f
Dghaym, Dana
b7b69fe2-c9ff-43ad-a6ba-8b41d6fd19fc
Salehi Fathabadi, Asieh
b799ee35-4032-4e7c-b4b2-34109af8aa75
Butler, Michael
54b9c2c7-2574-438e-9a36-6842a3d53ed0
Snook, Colin
b2055316-9f7a-4b31-8aa1-be0710046af2
Hoang, Thai Son
dcc0431d-2847-4e1d-9a85-54e4d6bab43f
Dghaym, Dana
b7b69fe2-c9ff-43ad-a6ba-8b41d6fd19fc
Salehi Fathabadi, Asieh
b799ee35-4032-4e7c-b4b2-34109af8aa75
Butler, Michael
54b9c2c7-2574-438e-9a36-6842a3d53ed0

Snook, Colin, Hoang, Thai Son, Dghaym, Dana, Salehi Fathabadi, Asieh and Butler, Michael (2020) Domain-specific scenarios for refinement-based methods. Journal of Systems Architecture. (In Press)

Record type: Article

Abstract

Formal methods use abstraction and rigorously verified refinement to manage the design of complex systems, ensuring that they satisfy important invariant properties. However, formal verification is not sufficient: models must also be tested to ensure that they behave according to the informal requirements and validated by domain experts who may not be expert in formal modelling. This can be satisfied by scenarios that complement the requirements specification. The model can be animated to check whether the scenario is feasible in the model and that the model reaches the states expected in the scenario. However, there are two problems with this approach. 1) The natural language used to describe the scenarios is often verbose, ambiguous and therefore difficult to understand; especially if the modeller is not a domain expert. 2) Provided scenarios are typically at the most concrete level corresponding to the full requirements and cannot be used until all the refinements have been completed in the model. We show by example how a precise and concise domain specific language can be used for writing these abstract scenarios in a style that can be easily understood by the domain expert (for validation purposes) as well as the modeller (for behavioural verification) and can be used as the persistence for automated tool support. We propose two alternative approaches to using scenarios during formal modelling: A method of refining scenarios before the model is refined so that the scenarios guide the modelling, and a method of abstracting scenarios from provided concrete ones so that they can be used to test early refinements of the model. We illustrate the two approaches on the ‘Tokeneer’ secure enclave example and the ERTMS/ETCS Hybrid Level 3 specification for railway controls. We base our approach on the Cucumber framework for scenarios and the Event-B modelling language and tool set. We have developed a new ‘Scenario Checker’ plugin to manage the animation of scenarios.

Text
JSA - Accepted Manuscript
Restricted to Repository staff only until 24 June 2022.
Request a copy

More information

Accepted/In Press date: 24 June 2020
Keywords: Event-B, Cucumber, Validation, Domain Specific Language

Identifiers

Local EPrints ID: 442450
URI: http://eprints.soton.ac.uk/id/eprint/442450
ISSN: 1383-7621
PURE UUID: c29a43ee-9f98-42e2-843f-9ff46e554752
ORCID for Colin Snook: ORCID iD orcid.org/0000-0002-0210-0983
ORCID for Thai Son Hoang: ORCID iD orcid.org/0000-0003-4095-0732
ORCID for Dana Dghaym: ORCID iD orcid.org/0000-0002-2196-2749
ORCID for Michael Butler: ORCID iD orcid.org/0000-0003-4642-5373

Catalogue record

Date deposited: 15 Jul 2020 16:31
Last modified: 29 Jul 2020 01:46

Export record

Contributors

Author: Colin Snook ORCID iD
Author: Thai Son Hoang ORCID iD
Author: Dana Dghaym ORCID iD
Author: Asieh Salehi Fathabadi
Author: Michael Butler ORCID iD

University divisions

Download statistics

Downloads from ePrints over the past year. Other digital versions may also be available to download e.g. from the publisher's website.

View more statistics

Atom RSS 1.0 RSS 2.0

Contact ePrints Soton: eprints@soton.ac.uk

ePrints Soton supports OAI 2.0 with a base URL of http://eprints.soton.ac.uk/cgi/oai2

This repository has been built using EPrints software, developed at the University of Southampton, but available to everyone to use.

We use cookies to ensure that we give you the best experience on our website. If you continue without changing your settings, we will assume that you are happy to receive cookies on the University of Southampton website.

×