Scenario Synthesis from Imprecise Requirements

1
Scenario Synthesis from Imprecise Requirements

• Bill Mitchell, Robert Thomson, Paul Bristow

2
Enterprise Development Process
3
Telecoms Example

• Network provider deploying 3G.
• Placing order for handsets.
• One of the many features included will be access
  to network Java game repository.

4
Initial Customer Requirements
5
Technical Marketing Scenarios
Customer Scenariobroken down intosequence of
atomicevents, which changeinterface
functionality.
Default ScreenDisplay
Ph. Bk
Menu
Hold
Power
Java
Ack
B1
B2
B3
B4
B5
B6
6
Functional Requirements
7
Technical Marketing Scenarios

• Normative scenarios are very focused on isolated
  behaviour of feature in these requirements
• What if voice or data call received during
  download?
• If memory is expandable (as with some PIM-phone
  hybrids) how should the mem-full error be handled
  if the user could add extra memory with, say, a
  USB flash memory stick?
• What if during the download the network service
  provider tries to update the phone configuration
  via the air interface for enhanced game play?

• Need to synthesise model of system from all MSC
  requirements scenarios for simulation and
  analysis.
• Problem
• Practitioners use states imprecisely
• Different engineering groups define scenarios
  differently
• Legacy requirements

8
Deadlock example from TETRA PPT
ruthless pre-empt
A
B
FSA for A
S0
S0
S0
!a
!b
a
S1
S1
S1
!c
?d
c
S2
S2
S3
S2
FSA for B
A
B
S0
S0
S0
?a
?b
b
S1
S1
S1
?c
!d
d
S3
S2
S3
S3
agreed pre-empt
9
Example Deadlock Avoided

• Composite States
• Anonymous internal states
• Multiple entry/exit states

ruthless pre-empt
A
B
A
B
Extended DFSA for A
S0
S0
S0
a
a
S0
S3
S1
S1
S1
c
c
S2
S2
S2
!a
!b
?d
S1
S2
A
B
A
B
S0
S0
S0
!c
b
b
S1
S1
S1
d
d
Too Weak to ever give any interactions!
S3
S3
S3
agreed pre-empt
10
Example, Call Waiting from paper in FIW 2000
Sys
B
C
D
call_activeB,C
call_setupB
idle
call_activeB,D
11
Example, RBWF, from paper in FIW 2000
A
Sys
B
call_setupB
call_activeB,C
call(B)
rbwf(B)
hang_up_on(C)
idle
ring(A,B)
ring(A,B)
rbwf_call_progressingA,B
12
Example, FI from paper in FIW 2000
A
Sys
B
C
D
call_activeB,C
call_setupB
call_setupB
call_activeB,C
idle
13
Trace semantics for states
S0
S2
S1
!a
?b
?d
!c
u
v
w
x
y
State x is (In, Out), where In and Out are sets
of traces.
14
Deterministic trace semantics
S0
S2
S1
!a
?b
?d
!c
u
v
w
x
y
15
MSC trace semantics for exit/entry states
S0
S2
S1
!a
?b
?d
!c
u
v
w
x
y
Every MSC trace t can be split into pairs (t1,t2)
where t1 leads to exit state.
16
State semantics
S0 ?b
S0 !c
S1 ?e
S0
S1
?b
!c
v
w
x
17
Overlapping Processes, continued
Scenario 1, machine for A
S0
S2
S1
!a
?b
?d
!c
u
v
w
x
y
Scenario 2, machine for A
S0
S1
S3
?b
?e
!c
v
w
x
y
18
Overlapping Composition of Processes
19
Livelock from naive composite state semantics
DFSA for A
A
B
!a
S0
S0
a
?b
b
!a
x
y
S0
a
?b
b
S1
S1
S1
20
Exit State transition matching
P trace simulates Q when given any (state
annotated) execution traces t1 and t2
where t1 matches t2, and t1, t2 have reached
exit states then P1 must be able to simulate Q1.
where t1 matches t2, and t1, t2 have reached
entry states then P1 must be able to simulate
Q1.
21
Temporal contexts for defining matching traces
LTL semantics for execution trace
LTL formula defining context
Composite state
Event
22
Download File with Browser
23
Overlap of Java Game and Browser Download
24
Error Check
25
Overlap Java App Browser Error Check
26
Questions