MICON%202000%20Formal%20methods%20for%20design%20methodology%20by%20Luigi%20Logrippo%20with%20D.%20Amyot,%20R.%20Chan,%20L.%20Charfi,%20N.%20Gorse,%20J.Sincennes,%20R.%20Plesa,...

1
MICON 2000Formal methods for design
methodologyby Luigi Logrippo with D. Amyot, R.
Chan, L. Charfi, N. Gorse, J.Sincennes, R.
Plesa,...
SCHOOL OF INFORMATION TECHNOLOGY AND
ENGINEERING UNIVERSITY OF OTTAWA
2
Basic Idea

• Use Case Maps provide a good basis for high-level
  description and design of many aspects of telecom
  systems
• LOTOS is a formal language that matches UCMs in
  level of abstraction
• Translate UCMs into LOTOS and then use LOTOS
  formal methodology
• The LOTOS spec is a formal prototype for the
  UCM requirements

3
What does this buy us

• Validation and Verification
• Feature Interaction Detection
• Semi-automatic derivation of functional test
  cases
• Semi-automatic derivation of implementations
• The design process extends itself into
  implementation and testing

4
From UCMs to LOTOS

• Start/end points
• Responsibilities
• Agents/components
• Stubs
• Plug-ins
• Inter-path causality
• Databases, conditions

Visible gates Hidden gates Processes Processes
(implement selection policies) Processes Hidden
inter-process synchronization (msg) Abstract Data
Types
5
Interprocess Communication

• LOTOS process synchronization concept can be
  implemented as a blackboard system
• Establishing a relation with a methodology
  already in place at Mitel

6
UCM to LOTOS example
Process AgentA_U, U_A, A_A, req
(aAgent, uUser) U_A !u !a !conReq
?dUUser req !dU ?dA A_A !a !dA !conReq
!dU ( A_A !dA !a !conConf !ring A_U
!a !u !conConf !ring exit ( - OR
- ) A_A !dA !a !conConf !busy A_U !a
!u !conConf !busy exit ) endproc
Process User dial, U_A, A_U, ringBack,
busyTone (aAgent, uUser) dial !u
?dUUser U_A !u !a !conReq !dU ( A_U !a
!u !conConf !ring ringBack exit
( - OR - ) A_U !a !u !conConf !busy
busyTone exit ) endproc
7
How to use LOTOS methodology

• LOTOS can be used to execute UCMs
• Scenarios for the UCMs can be obtained
• Validation tools can be applied to detect errors
• Functional test cases can be obtained

8
Detection of feature interactions

• New, more efficient methods developed
• Have both static and dynamic feature interaction
  detection
• Proven performance
• second place (very near to 1st) in 2000 Feature
  Interaction contest (Glasgow, Scotland)

9
Feature Interaction Detection Using Predicate
Logic, UCM and LOTOS

• Feature Interaction Filtering at requirement
  stage using Prolog
• Identification of possible interactions
• Based on requirements
• Based on the UCM model
• Validation of the global model
• Rapid method

Nicolas Gorse Master Thesis
10
Feature Interaction Detection Using Predicate
Logic, UCM and LOTOS (contd)

• Derivation of a LOTOS specification
• Provides an executable model
• Provides information for scenario generation
• Scenario Generation for possible Interactions
  identified
• Using information on the structure of the feature
• Based on possible interactions identified

11
Feature Interaction Detection Using Predicate
Logic, UCM and LOTOS (contd)

• Feature Interaction scenario-based validation of
  the LOTOS specification
• Allows to verify whether the possible
  interactions identified are present in the LOTOS
  spec
• Method only identifies possible interactions,
  however experimental study showed very high hit
  rate
• Scenarios derived can be reused at final system
  testing stage

12
Feature Interaction Filtering Using Predicate
Logic

• Representation of features
• Pre-conditions
• CFA subs(B, cfa), concerns(B, cfb), cfa(C)
• CFB subs(B, cfb), concerns(B, cfb), busy(A),
  cfb(D)
• Triggering Events
• CFA call(A, B) Same triggering events
• CFB call(A, B) for both features
• Results
• CFA call(A, C) Different results,
• CFB call(A, D) non determinism

13
Feature Interaction Filtering Using Predicate
Logic (contd)

• Mitel Project
• 22 feature descriptions (484 pairs), 4 users
• 43 possible interactions found in 84.14 secs
• Feature Interaction Contest
• 97 feature descriptions (9409 pairs), 4 users
• 149 possible interactions found in 1299.93 secs
• The representation of features is fairly quick to
  obtain

14
Another application

• Derivation of Test Cases

15
The Big Picture
MSC generation

• Several Tools used
• LOLA
• CAESAR
• TGV (in CAESAR)
• lot2msc
• . . .

test purposes
UCMS
LOTOS specification
LOTOS scenarios
(1)
Validation with LOLA
(2)
TGV
LOTOS scenarios used for (1) the spec
validation (2) the TTCN test suite
generation
Leila Charfis Master thesis
TTCN test suites
16
Switch
Phone 2
Phone 1
initiateCall
incomingCall
offHook
busy
idle
busy
onHook
ringStub
talk
offHook
disconnection
onHook
onHook
disconn
disconn
ring
ringBack
Callerdisconnection
Calleedisconnection
17
A coverage algorithm uses the internal
representation of the UCM to cover all possible
paths at least once
18
scenarioBusyCallee
scenarioForwardTakeDown
scenarioBackwardTakeDown
phone1 startpoint offHook phone1 resp
initiateCall phone2 resp incomingCall phone
2 point busy phone1 point busy phone1
endpoint onHook
phone1 startpoint offHook phone1 resp
initiateCall phone2 resp incomingCall phone
2 point idle ( phone2 resp ring exit
phone1 resp ringBack exit ) gtgt phone2
resp offHook switch point talk phone2
startpoint onHook switch resp disconn
phone1 startpoint offHook phone1 resp
initiateCall phone2 resp incomingCall phone
2 point idle ( phone2 resp
ring exit phone1 resp ringBack exit )
gtgt phone2 resp offHook switch point
talk phone1 startpoint onHook switch resp
disconn
lotos scenario
scenario Aldebaran format
user_to_phone !A !offHook phone_to_user !A
!dialTone user_to_phone !A !dial !B (
phone_to_user !B !ringingOn exit
phone_to_user !A !ringBackTone exit )
user_to_phone !B !offHook phone_to_user !A
!ringBackToneOff user_to_phone !B !onHook
phone_to_user !A !disconnectTone
user_to_phone !A !onHook
des (0, 14, 14) (0, "USER_TO_PHONE !A !OFFHOOK",
1) (1, "PHONE_TO_USER !A !DIALTONE", 2) (2,
"USER_TO_PHONE !A !DIAL !B", 3) (3,
"PHONE_TO_USER !B !RINGINGON", 4) (3,
"PHONE_TO_USER !A !RINGBACKTONE", 5) (4,
"PHONE_TO_USER !A !RINGBACKTONE", 6) (5,
"PHONE_TO_USER !B !RINGINGON", 6) (6, i, 7) (7,
"USER_TO_PHONE !B !OFFHOOK", 8) (8,
"PHONE_TO_USER !A !RINGBACKTONEOFF", 9) (9,
"USER_TO_PHONE !B !ONHOOK", 10) (10,
"PHONE_TO_USER !A !DISCONNECTTONE", 11) (11,
"USER_TO_PHONE !A !ONHOOK", 12) (12, ACCEPT, 12)
19
scenarios from UCM
UCM
Choose scenarios to cover all UCM
CAESAR ENVIRONMENT
lotos spec
lotos scenario
ADT
ADT
bcg_min
scenario
TGV
test suite
20
Test suite generated with TGV
scenarioForwardTakeDown
21
New Topics CPL and SIP

• CPL, the SIP Call Processing Language
• CPL has a logic somewhat similar to the one of
  LOTOS communicating processes, with no explicit
  notion of state
• Develop formal semantics for CPL based on LOTOS
• Develop FI detection methods for CPL based on
  LOTOS

22
New Topics The whole method

• Exploring the relation between
• interaction resolution methods (e.g. OPI)
• UCMs,
• LOTOS-based methods
• Three methodologies that must work together but
  are not (yet) clearly coordinated
• where do we start, how to use them together

23
Proof of concept has been provided,but many
challenges are ahead...