Abstract
Controllers often are large and complex reactive software systems and thus they typically cannot be developed as monolithic products. Instead, they are usually comprised of multiple components that interact to provide the desired functionality. Components themselves can be complex and in turn be decomposed into multiple sub-components. Designing such systems is complicated and must follow systematic approaches, based on recursive decomposition strategies that yield a modular structure. This paper proposes FIDDle–a comprehensive verification-driven framework which provides support for designers during development. FIDDle supports hierarchical decomposition of components into sub-components through formal specification in terms of pre- and post-conditions as well as independent development, reuse and verification of sub-components. The framework allows the development of an initial, partially specified design of the controller, in which certain components, yet to be defined, are precisely identified. These components can be associated with pre- and post-conditions, i.e., a contract, that can be distributed to third-party developers. The framework ensures that if the components are compliant with their contracts, they can be safely integrated into the initial partial design without additional rework. As a result, FIDDle supports an iterative design process and guarantees correctness of the system at any step of development. We evaluated the effectiveness of FIDDle in supporting an iterative and incremental development of components using the K9 Mars Rover example developed at NASA Ames. This can be considered as an initial, yet substantive, validation of the approach in a realistic setting. We also assessed the scalability of FIDDle by comparing its efficiency with the classical model checkers implemented within the LTSA toolset. Results show that FIDDle scales as well as classical model checking as the number of the states of the components under development and their environments grow.
Highlights
Software systems are usually comprised of multiple components—portions of the system that provide a desired functionality
Tool support for FIDDle was created as a Java application on top of LTSA, allowing developers to model components, iteratively develop sub-components, and perform all the checks described in this paper
To evaluate the effectiveness of FIDDle in real cases, we abstracted parts of the K9 Mars Rover model built at NASA Ames and simulated forward development
Summary
Software systems are usually comprised of multiple components—portions of the system that provide a desired functionality. Especially when large systems are considered, system design must follow systematic approaches, based on recursive decomposition strategies that support the development of modular structures. It should be possible to reuse off-the-shelf components or delegate development of parts of the system to external service providers [PBKS07, PBvDL05, ABKS16, CH01]. Software development can often be viewed as a distributed endeavor, where different decentralized developers (internal engineers, subcontractors, component and service providers) are coordinated by the organization responsible for the entire system. Software failures in the integration phase may lead to expensive and painful changes that may affect the components, the rest of the system, and even lead to changes in the modular structure.
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
