intTypePromotion=1
zunia.vn Tuyển sinh 2024 dành cho Gen-Z zunia.vn zunia.vn
ADSENSE
 » 
 » 

Chương 15: A goaloriented modelbuilding method in action

Chia sẻ: Võ Hoàng Nhật Khánh | Ngày: | Loại File: PPT | Số trang:27

Thêm vào BST
Báo xấu
51
lượt xem 5
download
 
  Download Vui lòng tải xuống để xem tài liệu đầy đủ

Miners are exposed to multiple hazards while working inside a mine. These include life-threatening levels of percolating water, carbon monoxide, methane, and airflow.

Chủ đề:

Bình luận(0) Đăng nhập để gửi bình luận!

Lưu

Nội dung Text: Chương 15: A goaloriented modelbuilding method in action

  1. Building System Models for RE Chapter 15 A goal­oriented model­building method in  action www.wileyeurope .com/college/van lamsweerde Chap.15: A goal oriented model building method in action © 2009 John Wiley and Sons
  2. A goal­oriented model­building method in action :  outline Overview and case study introduction  Modelling the system­as­is  – S1: Build a preliminary goal model illustrated by scenarios – S2: Derive a preliminary object model Modelling the system­to­be  – S3: Update the goal model with new goals… – S4: Derive the updated object model – S5: Analyse obstacles, threats and conflicts – S6: Analyse responsibilities and build the agent model –… Handling model variants for product lines  www.wileyeurope .com/college/van lamsweerde Chap.14: Integrating multiple system views © 2009 John Wiley and Sons 2
  3. Main steps of a model building method for RE Modeling the Build a preliminary goal model Derive a preliminary system-as-is illustrated by scenarios object model Modeling the system-to-be Update the goal model with new Derive the updated goals illustrated by scenarios object model Analyze obstacles, threats, Analyze responsibilities and conflicts and build the agent model Make choices among alternative options Operationalize goals in the operation model data dependency Build and analyze the backtracking behavior model Figure 15.1 – Main steps of a model building method for RE www.wileyeurope .com/college/van lamsweerde Chap.14: Integrating multiple system views © 2009 John Wiley and Sons 3
  4. Case study: Mine safety control . Mine safety control [System as-is.] Miners are exposed to multiple hazards while working inside a mine. These include life-threatening levels of percolating water, carbon monoxide, methane, and airflow. Currently, dedicated supervisors have to alert miners inside the mine for prompt evacuation when any of those levels is estimated to be dangerous. Sumps are placed at selected places in the mine for water collection. Each sump is equipped with a pump. The water level in each sump is regularly checked by dedicated operators to see if the water level is not too high. When this level is too high, the corresponding pump must be turned on to pump the water out of the mine. To avoid the risk of explosion, pumps may not be operated when the methane level exceeds some critical threshold. The current situation results in unacceptable exposure to risks, due to possible human unawareness or misjudgement of potentially dangerous situations; sudden flows of gas or water without operators at the right place to act upon; or pump functioning problems. On the other hand, lack of accurate assessment sometimes results in unnecessary evacuations. The cost of manpower for safety control is another concern. www.wileyeurope .com/college/van lamsweerde Chap.14: Integrating multiple system views © 2009 John Wiley and Sons 4
  5. Case study: Mine safety control (2) . [System to-be.] To address these problems, a ubiquitous Safety Control system will be installed. Each sump will be equipped with water level sensors to detect when the water is above a high or below a low level, respectively. A software-based controller shall turn a pump on whenever the water in the corresponding sump is reaching the high water level, and off whenever the water is reaching the low water level. The mine will also be equipped with sensors at selected places to monitor the carbon monoxide, methane, and airflow levels. An alarm shall be raised, and the operator informed within one second, whenever any of these levels is reaching a critical threshold, so that the mine can be evacuated promptly. Human operators can also control the operation of the pump, like previously, but within limits. An operator can turn the pump on or off if the water is between the low and high water levels. A special operator, the supervisor, can turn the pump on or off without this restriction. The Safety Control system shall also maintain sensor readings and pump operation records for history tracking and analysis of anomalies. www.wileyeurope .com/college/van lamsweerde Chap.14: Integrating multiple system views © 2009 John Wiley and Sons 5
  6. Modeling the system­as­is Purpose:  – Structuring the goals and concepts – Analyse the system­as­is to extract:  preliminary goal model Devive conceptual objects Two steps:  – Step 1: Build a preliminary goal model illustrated by scenarios – Step 2: Derive a preliminary object model www.wileyeurope .com/college/van lamsweerde Chap.14: Integrating multiple system views © 2009 John Wiley and Sons 6
  7. Step 1: Build a preliminary goal model illustrated by scenarios WHAT:  – Analysing any available material to identify stable goals – Each goal is defined and classified in term of type and category. – The goals are refined to get sub­goals – The goals are abstracted until the sys’s boundary is reached HOW:  – Search for prescriptive or intentional keywords. – Ask HOW and WHY questions about such statements – Check for responsibility assignments in prescriptive statements. – Elicit illutrative scenarios of current ways of doing thing. – Use goal refinement patterns to restructure the model www.wileyeurope .com/college/van lamsweerde Chap.14: Integrating multiple system views © 2009 John Wiley and Sons 7
  8. Step 1: Build a preliminary goal model illustrated by scenarios “… supervisors have to alert miners inside the mine for prompt evacuation when…” Def The mine must be evacuated promptly when Achieve [MineEvacuatedIfCriticalLevel] the level of methane, carbon monoxide, or airflow is estimated critical. … Def Miners inside the mine must be alerted when Achieve [MinersAlertedIfCriticalLevel] the level of methane, carbon monoxide, or airflow Supervisor is estimated critical. “The water level in each sump is regularly checked by dedicated operators to see if the water level is not too high.” Def A too high water level in a sump must Operator Maintain [HighWaterDetected] be detected at any time. “When ..., the pump must be turned on to pump the water out …” Def When the water level in a sump is too high, Maintain [SumpPumpedOutIfHighWater] the water must be pumped out of the mine . … Def When the water level in a sump is too high, Maintain [PumpOnIfHighWater] Operator the corresponding pump must be turned on. “…To avoid the risk of explosion, pumps may not be operated when …” Def Risks of explosion inside the mine must Avoid [Explosion] be prevented at any time. … Def Pumps may never be operated when the Maintain [PumpOffIfHighMethane] methane level exceeds some critical threshold . Operator Figure 15.2 – Preliminary identification of stable goals and refinements in the system-as-is www.wileyeurope .com/college/van lamsweerde Chap.14: Integrating multiple system views © 2009 John Wiley and Sons 8
  9. Step 1: Build a preliminary goal model illustrated by scenarios : Operator : PumpActuator W aterTooHigh? pumpOn pumpStart W aterOK? pumpOff pumpStop Figure 15.3 – Scenario illustrating the goal Maintain[PumpOnIfHighWater] www.wileyeurope .com/college/van lamsweerde Chap.14: Integrating multiple system views © 2009 John Wiley and Sons 9
  10. Step 1: Build a preliminary goal model illustrated by scenarios Avoid[MinersInFloodedMine] HOW ? Achieve[MineEvacuatedIfCriticalLevel] SumpsWell Maintain[SumpPumpedOut IfHighWater] Distributed by cases ... NoExcessive W aterFlow MineEvacuated MineEvacuated If HighAirflow If HighMethane Sufficient PumpOn If HighWater WaterPumped PumpCapacity Out If PumpOn ... milestone-driven MineEvacuated MinersAlerted HighMethane If HMAlert If HMDetected Detected PumpOnIfHighWaterDetected HighWaterDetected WHY ? Supervisor Miner Operator Operator Figure 15.4 – Goal model fragment for the system-as-is www.wileyeurope .com/college/van lamsweerde Chap.14: Integrating multiple system views © 2009 John Wiley and Sons 10
  11. Step 2: Derive a preliminary object model WHAT:  – Identifying the stable concepts. – Each concept is defined and classified as an entity, assciation, attribute, agent or  event. HOW:  – Take any conceptual object referred to by the goals identified in the previous step. – Identify associations and participating objects. – Identify generalization from objects characterized by similar attributes,  associations or domain descriptions. – Elicit prescriptive statements about conceptual objects if they really seem  relevant. Drop them otherwise. www.wileyeurope .com/college/van lamsweerde Chap.14: Integrating multiple system views © 2009 John Wiley and Sons 11
  12. Step 2: Derive a preliminary object model Def Miners inside the mine must be alerted whenever Achieve [MinersAlertedIfHMDetected] the level of methane is estimated too hi gh. Each sump is Def When the water level in a sump is too high, Maintain [PumpOnIfHighWater] the corresponding pump must be on. equipped with a pump Def Electrical device regulating the Def Container placed at 1 1 Pump Sump level in each sump by water selected bottom places Regulation evacuation out of the mine. of the mine to collect W aterLevel 1..* … Motor: {on, off} percolating water. the corresponding 1..* Location waterEvacuation pump must be on. Operator Miner Mine … Inspection Inside MethaneLevel … … CO-Level Def Person in charge of Airflow safe working conditions. Figure 15.5 – Deriving a preliminary object model from goals and domain descriptions www.wileyeurope .com/college/van lamsweerde Chap.14: Integrating multiple system views © 2009 John Wiley and Sons 12
  13. Modeling the system­to­be Purpose:  – Expanding the preliminary structure of stable goals and domain concepts  towards a model for system­to­be. – Considering alternative goal refinements and assignments Two steps:  – Step 3: Update the goal model with new goals… – Step 4: Derive the updated object model – Step 5: Analyse obstacles, threats and conflicts – Step 6: Analyse responsibilities and build the agent model – Step 7: Make choices among alternative options – Step 8: Operationalize goals in the operation model – Step 9: Build and analyse the behaviour model www.wileyeurope .com/college/van lamsweerde Chap.14: Integrating multiple system views © 2009 John Wiley and Sons 13
  14. Step 3: Update the goal model with new goals WHAT:  – Replay step 1 on system­to­be.  – Goal model in step1 is expanded with alternative sub­goals and assignments specific to  system­to­be. HOW:  – For each problem identified in the system­as­is, derive an goal for the system­to­be. – Search for prescriptive, intentional keywords in statements about system­to­be. – Ask HOW/WHY questions about goals already identified. – Explore illustrative scenarios of alternative, better ways of doing things. – Split responsibilities among agents. –… www.wileyeurope .com/college/van lamsweerde Chap.14: Integrating multiple system views © 2009 John Wiley and Sons 14
  15. Step 3: Update the goal model with new goals Avoid[MinersInFloodedMine] Avoid[PumpBurnedOut] SumpsWell SumpPumpedOutIfHighWater Distributed … NoExcessive W aterFlow PumpingEngine Avoid[PumpOn WHY ? W henNoWater] Sufficient W aterPumped PumpOn If HighWater PumpCapacity Out If PumpOn milestone-driven HOW ? PumpOff If LowWater PumpOn If HighWaterDetected HighWaterDetected uncontrollability-driven PumpOff If LowWaterDetected PumpSwitchOn PumpOn highWaterSensor LowWaterDetected Iff SwitchOn If HighWaterDetected … lowWaterSensor … SafetyController PumpActuator Figure 15.6 – Expanded goal model fragment for the system-to-be www.wileyeurope .com/college/van lamsweerde Chap.14: Integrating multiple system views © 2009 John Wiley and Sons 15
  16. Step 4: Derive the updated object model WHAT:  – Replay step 2 on system­to­be.  – The object model in step 2 is expanded by identifying the new conceptual objects  specific to the system­to­be. – Each new conceptual object is defined, classified and linked to others base on the  new goal definitions. HOW:  – Use all heuristics for object model derivation in step 2. – Identify tracking associations between environment objects and software  counterpart. – Check the goal­object inter­view consistency rules in S[14.2] www.wileyeurope .com/college/van lamsweerde Chap.14: Integrating multiple system views © 2009 John Wiley and Sons 16
  17. Step 4: Derive the updated object model Pump 1 1 highWater Sump Motor: {on, off} Sensor Regulation WaterSensor Tracking WaterLevel … Switch: {on, off} highWaterSignal highThreshold Location Capacity Readings lowThreshold 1..* 1..* lowWater waterEvacuation Operator Miner Sensor Inside Informed Mine Inspection lowWaterSignal … … MethaneAlarm MethaneLevel Switch: {on, off} Alerting CO-Level Supervisor GasAlarm Airflow AirflowAlarm … Buzz … COAlarm Def Mechanism for generating Def Person authorized to switch different types of alerts in the mine. the pump on or off at any time. … Figure 15.8 – Updated object model from goals and descriptions of the system-to-be www.wileyeurope .com/college/van lamsweerde Chap.14: Integrating multiple system views © 2009 John Wiley and Sons 17
  18. Step 5: Analyse obstacles, threats and conflicts WHAT:  – Identifying as many obstacles, threats and boundary conditions as possible.  – Assessing their likelihood and criticality. – Exploring resolutions yielding new candidate goals as countermeasures in the  goal model. HOW:  – Ref. Chapter 8­9. www.wileyeurope .com/college/van lamsweerde Chap.14: Integrating multiple system views © 2009 John Wiley and Sons 18
  19. Step 5: Analyse obstacles, threats and conflicts Avoid [MinersInFloodedMine] strong mitigation SumpPumpedOut If HighWater Def There is a sump with water flow exceeding the worst -case figure of X litres per hour. WaterPumped LimitedWaterFlow PumpOn If HighWater Out If PumpOn ExcessiveWaterFlow PumpOn If HighWaterDetected HighWaterDetected MineEvacuatedIfCriticalWater PumpSwitchOn PumpOn HighWater Not Detected If HighWaterDetected Iff SwitchOn MinersAlerted MineEvacuated WaterSensor Sump HighWaterDetected And SwitchOn And PumpOn And If CriticalWater If WaterAlert CloggedUp Failure Not PumpSwitchOn Not PumpOn Not SwitchOn WaterAlarm MinersAlerted Pump IncorrectOutput highWaterSignal ControllerOutput … If CriticalWater If WaterAlarm Failure Not InTime FromController Corrupted Figure 15.9 – Obstacle analysis: mine safety control examples www.wileyeurope .com/college/van lamsweerde Chap.14: Integrating multiple system views © 2009 John Wiley and Sons 19
  20. Step 6: Analyse responsibilities and build the agent model WHAT:  – Exploring alternative responsibility assignments.  – All the agents forming the system need to be defined. – The realizability of leaf goals by the agents assigned to them has to be checked. HOW:  – Ref. Chapter 11. – Identify any active object that a leaf goal concerns. – Look for agents whose capabilities match the variables evaluated in and constrained by a  leaf goal. – Consider abstract agents and refine these until individual roles are reached. –… www.wileyeurope .com/college/van lamsweerde Chap.14: Integrating multiple system views © 2009 John Wiley and Sons 20
ADSENSE

CÓ THỂ BẠN MUỐN DOWNLOAD

THÔNG TIN
TRỢ GIÚP
HỖ TRỢ KHÁCH HÀNG
Theo dõi chúng tôi

Chịu trách nhiệm nội dung:

Nguyễn Công Hà - Giám đốc Công ty TNHH TÀI LIỆU TRỰC TUYẾN VI NA

LIÊN HỆ

Địa chỉ: P402, 54A Nơ Trang Long, Phường 14, Q.Bình Thạnh, TP.HCM

Hotline: 093 303 0098

Email: support@tailieu.vn

Giấy phép Mạng Xã Hội số: 670/GP-BTTTT cấp ngày 30/11/2015 Copyright © 2022-2032 TaiLieu.VN. All rights reserved.

 

Đồng bộ tài khoản
2=>2