Generic Negative Scenarios for the Specification of Collaborative Cyber-Physical Systems
Collaborative cyber-physical systems face a plethora of different albeit often similar set-ups they might find themselves in during runtime. While it is necessary to consider each possible configuration to ensure safe operation of a collaborative cyber-physical system, the sheer number of unwanted behaviors makes manual safety assurance tasks daunting. The specification of unwanted behavior in negative scenarios helps identifying and correcting safety-critical design flaws. However, this requires negative scenarios for collaborative cyber-physical systems to be identified and the essential pieces of information therein to be consolidated and reduced to a manageable size. To this end we present a semi-automated approach that (1) generates negative scenarios from main scenarios considering all possible configurations and (2) generates generic negative scenarios using dedicated abstraction mechanisms that provide a condensed view on unwanted behaviors. The application of our approach to a case example from the automotive domain demonstrates its usefulness and appropriateness.
KeywordsNegative scenarios Message Sequence Charts Safety analysis Cyber-physical systems
This research was partly funded by the German Federal Ministry of Education and Research (grant no. 01IS16043V). We like to thank our industrial partners for their support. Namely, we thank Frank Houdek (Daimler AG).
- 1.Weidenhaupt, K., Pohl, K., Jarke, M., Haumer, P.: Scenario usage in system development: a report on current practice. IEEE International Conference Requirements Engineering (1998)Google Scholar
- 2.Some, S.S.: Use cases based requirements validation with scenarios. In: IEEE International Conference on Requirements Engineering (2005)Google Scholar
- 6.Yang, W., Xu, C., Pan, M., Ma, X., Lu, J.: Improving verification accuracy of CPS by modeling and calibrating interaction uncertainty. ACM Trans. Internet Technol. 18, 20 (2018)Google Scholar
- 9.International Telecommunication Union: ITU-T Z.120 : Message Sequence Chart (MSC)Google Scholar
- 10.Daun, M., Brings, J., Krajinski, L., Weyer, T.: On the benefits of using dedicated models in validation processes for behavioral specifications. In: International Conference on Software and System Processes, pp. 44–53 (2019)Google Scholar
- 11.Daun, M., Weyer, T., Pohl, K.: Improving manual reviews in function-centered engineering of embedded systems using a dedicated review model. Softw. Syst. Model. 18(6), 3421–3459 (2019)Google Scholar
- 15.Uchitel, S., Kramer, J., Magee, J.: Negative scenarios for implied scenario elicitation. 27, 109–118 (2002)Google Scholar
- 16.Whittle, J., Wijesekera, D., Hartong, M.: Executable misuse cases for modeling security concerns. In: 30th International Conference on Software Engineering, pp. 121–130 (2008)Google Scholar
- 17.Greenyer, J., Gritzner, D., König, F., Dahlke, J., Shi, J., Wete, E.: From scenario modeling to scenario programming for reactive systems with dynamic topology. In: 11th Joint Meeting Foundations of Software Engineering, pp. 974–978 (2017)Google Scholar
- 19.Jahn, M., Roth, B., Jablonski, S.: Instance specialization-a pattern for multi-level metamodelling. In: MULTI@ MoDELS, pp. 23–32 (2014)Google Scholar
- 20.Solmi, R.: Instance modeling assisted by an optional meta level. In: International Workshop on Domain-Specific Modeling, pp. 53–57. ACM (2016)Google Scholar
- 22.Haworth, B., Kirsopp, C., Roper, M., Shepperd, M., Webster, S.: Towards the development of adequacy criteria for object-oriented systems. In: 5th European Conference on Software Testing Analysis and Review. pp. 417–427 (1997)Google Scholar