aose-2003, melbourne july 15 th 1 agent oriented modeling by interleaving formal and informal...
Post on 22-Dec-2015
227 views
TRANSCRIPT
AOSE-2003, Melbourne July 15th 1
Agent Oriented modeling by interleaving formal and informal
analysis
Anna Perini1, Marco Pistore2,1, Marco Roveri1, Angelo Susi1
1ITC - IRSTVia Sommarive, 18, I-38050, Trento-Povo, Italy
{perini,roveri,susi}@irst.itc.it
2DIT, University of TrentoVia Sommarive, 14, I-38050, Trento-Povo, Italy
AOSE-2003, Melbourne July 15th 2
Introduction
• What– Exploitation of Formal Techniques to guide and support
the analyst while building and refining Conceptual Models• Why
– Visual conceptual modeling is a core process in software development (RUP / AGILE)
» Weakness: lack of a formal semantics– Formal specifications languages provide a precise
semantics » Weakness: require strong skills, often ineffective for
discussing with the stakeholders
• How– Defining a framework which uses diagrammatic models
equipped with formal semantics» Agent Oriented approach (TROPOS)» Focus on Requisites specification
AOSE-2003, Melbourne July 15th 3
Outline
• Introduction
• Tropos by Example
– Informal modeling via Informal Tropos– Formal modeling via Formal Tropos
• The framework– Model assessment and refinement– Model validation– Model evolution
• Conclusions & Future Work
AOSE-2003, Melbourne July 15th 4
AO Visual Modeling with Tropos
Early RequirementsEarly Requirements Late RequirementLate Requirement Architectural DesignArchitectural Design
Software development activities
Actors in the organizational setting
System Actor Sub-system Actors
AOSE-2003, Melbourne July 15th 5
The example: Informal modeling
MethodologyProvides threeGoal analysisTechniques:
• AND/OR decomp.• Means-end analysis• Contribution
AOSE-2003, Melbourne July 15th 6
Informal Analysis via Tropos
• Benefits– Language ontology based on common sense (informal)
components (actors, goals, dependencies …)– A graphical notation– Reasoning mechanisms: AND/OR goal decomposition,
means-end analysis, goal contribution analysis, that allow to model the “why” domain and system requirements
• Weaknesses– Static view of the model (no dynamics for the generation
and achievement of goals, needs, dependencies …)– No temporal constraints (e.g., on the fulfillment of goals
and dependencies)
AOSE-2003, Melbourne July 15th 7
The Example: Formal modeling
Actor AdvisorActor ProducerGoal ManagePheromoneTrapPlant……Goal Area Collection
Actor AdvisorMode achieveAttribute mptp : ManagePheromoneTrapPlantCreation Condition not Fulfilled(mptp)Fulfillment condition
pp : PlantPlan (pp.actor=actor & Fulfilled(pp)) & …
……Goal Dependency OrchardsData……
• A Formal Tropos specification consists of a sequence of class declarations such as actors, goals and dependencies, that represents the formal counterpart of the objects in the informal specification
• Extends a Tropos specification with annotations that characterize the valid behaviors of the model
AOSE-2003, Melbourne July 15th 8
The Example: Formal modeling
Actor AdvisorActor ProducerGoal ManagePheromoneTrapPlant……Goal Area Collection
Actor AdvisorMode achieveAttribute mptp : ManagePheromoneTrapPlantCreation Condition not Fulfilled(mptp)Fulfillment condition
pp : PlantPlan (pp.actor=actor & Fulfilled(pp)) & …
……Goal Dependency OrchardsData……
• A Formal Tropos specification consists of a sequence of class declarations such as actors, goals and dependencies, that represents the formal counterpart of the objects in the informal specification
• Extends a Tropos specification with annotations that characterize the valid behaviors of the model
AOSE-2003, Melbourne July 15th 9
Formal Analysis via Tropos
• Benefits– The introduction of the temporal dimension in Tropos
Representation allow to produce scenarios to be validated by the stakeholders
– Domain representation can be Formally Verified (proof, counterexamples to correct the domain specification)
• Weaknesses– Formal languages are expressive but yet hard to be
understood (temporal constraints are expressed via a typed first-order linear time temporal logic LTL)
– Formal Results are hard to interpret in the informal setting
AOSE-2003, Melbourne July 15th 10
• We propose a framework based on the idea of exploiting formal techniques to guide and support the analyst while building and refining a conceptual model
• The framework has to support:• Model assessment and refinement, against
possible inadequacies • Model validation, with the stakeholders, to end up
with an agreed set of requirements• Model evolution, maintaining its consistency,
propagating changes, merging redundant information
• The framework will include a tool for:• an automatic translation from Informal to Formal• visualization of the query results
The framework
AOSE-2003, Melbourne July 15th 11
The Informal Analyst assesses the model against possible inconsistencies or redundancies or critical elements and eventually refines the informal model on the basis of the new answer of the Formal Analyst to his/her question
Model Assessment & Refinement
AOSE-2003, Melbourne July 15th 12
Model Assessment & Refinement (2)
• Is It possible for the Advisor to perform historical data analysis ?
FULFILLABLE HistoricalDataAnalysis
Manage Pheromone trap plant
HistoricalData
analysis
Orchards historical
Data
Manage Pheromone trap plant
HistoricalData
analysis
Orchards historical
Data
Orchards Data
Producer
Manage Pheromone trap plant
HistoricalData
analysis
Orchards historical
Data
Orchards Data
Producer
Manage Pheromone trap plant
HistoricalData
analysis
Orchards historical
Data
Orchards Data
Producer
Manage Pheromone trap plant
HistoricalData
analysis
Orchards historical
Data
Orchards Data
Producer
Advisor
Manage Pheromone trap plant
HistoricalData
analysis
Query
Results
AOSE-2003, Melbourne July 15th 13
Model Assessment & Refinement (3)
• Is It possible for the Advisor to perform historical data analysis without consulting the Producer?
NONCRITICAL Producer FOR HistoricalDataAnalysis
Manage Pheromone trap plant
HistoricalData
analysis
MonitoringDevices
data
Manage Pheromone trap plant
HistoricalData
analysis
MonitoringDevices
data
Advisor
Manage Pheromone trap plant
HistoricalData
analysis
Query
ResultsManage
Pheromone trap plant
HistoricalData
analysis
MonitoringDevices
data
Orchards historical
Data
Orchards DataProducer
AOSE-2003, Melbourne July 15th 14
Model Validation
The informal Analyst looks for relevant validation cases to be proposed to the stakeholder in order to drive the validation process and to end up with an agreed model
AOSE-2003, Melbourne July 15th 15
Model Validation
• How does the Advisor usually operate? Is that he/she always satisfies the goal area collection after satisfying all its sub-goals, according to the following sequence: area analysis via GIS, plant plan and finally dispenser report and order?
FULFILL AreaAnalysisViaGIS THEN PlantPlan THEN DispenserReportAndOrder THEN AreaCollection
DispenserReportAndOrder PlantPlan
AOSE-2003, Melbourne July 15th 16
Conclusion
• Lightweight usage of Formal Methods
• Formal model is extracted automatically by an annotated informal model
• Formal model properties to be verified are obtained from queries in a user friendly language
• Witnesses and counter-examples are graphical
AOSE-2003, Melbourne July 15th 17
Conclusion (2)
Informal Model
Natural Language Query
High Level Lang. Query
Formal Tropos Query
Visual Results
Graphical Editor
VerificationEngineFormal Tropos Results
AOSE-2003, Melbourne July 15th 18
Future Work
Informal Model
High Level Lang. Query
Formal Tropos Query
Visual Results
Graphical Editor
VerificationEngine
(NuSMV)Formal Tropos Results
MODELER
TH
E T
OO
L Visual Query
AOSE-2003, Melbourne July 15th 19
Future Work
• We are validating the framework respect to other software development activities
• We are now involved in the design of the tool that supports:– The build up of the modeler components– The management of the informal diagram via graph
rewriting techniques– The high level language to temporal logic queries
translator– The implementation of visualization functions to show
the formal results to the informal analyst
AOSE-2003, Melbourne July 15th 20
References
• T-Tool: http://sra.itc.it/tools/t-tool• Tropos: http://science.unitn.it/tropos
AOSE-2003, Melbourne July 15th 21
LTL query formula
Global PossibilityF ( a:Advisor
( had:HistoricalDataAnalysis
(had.actor = a Fulfilled(had))))