Inhalt

•  
   Abstract
•  
   Zusammenfassung
•  
   Acknowledgements
•  
   Table of Contents
•  
   1 Introduction
•  
  1.1 Approaches for the Development of Software-intensive Systems Considered in this Thesis
•  
   1.1.1 The Specification Technique Consens for Model-based Systems Engineering
•  
   1.1.2 Modal Sequence Diagrams (MSDs) for Scenario-based Software Requirements Specification and Analysis
•  
   1.1.3 Timing Analysis
•  
   1.2 Problem Description
•  
   1.2.1 Manual and Unsystematic Transition from MBSE to SwRE
•  
   1.2.2 Late Timing Analyses
•  
   1.3 Approach to Solution and Contributions
•  
   1.3.1 Semi-automatic Technique for the Transition from MBSE to SwRE
•  
   1.3.2 Early Timing Analyses based on MSDs
•  
   1.4 Thesis Structure
•  
  2 Foundations
•  
  2.1 Model-based Traceability
•  
  2.1.1 Terminology
•  
   2.1.1.1 Foundational Terminology
•  
   Basic Terms
•  
   Implicit vs. Explicit Traceability
•  
   2.1.1.2 Extended Terminology for Model-based Traceability
•  
   Intra- vs. Inter-model Traceability
•  
   Relational vs. Referential Traceability
•  
   Lifecycle vs. Transformation Traceability
•  
   Valid Traceability
•  
   2.1.2 The Model-based Traceability Management Tool Capra
•  
  2.2 Model-based Systems Engineering with Consens
•  
   2.2.1 Analyze Environment
•  
   2.2.2 Identify Application Scenarios
•  
   2.2.3 Define Requirements
•  
   2.2.4 Define Function Hierarchy
•  
   2.2.5 Define Active Structure
•  
   2.2.6 Allocate Engineering Disciplines
•  
   2.2.7 Define System Behavior
•  
   2.3 Automatic Derivation of Discipline-specific Design Models from Consens System Models
•  
   2.4 Modal Sequence Diagrams (MSDs)
•  
   2.4.1 Structure of MSD Specifications
•  
   2.4.2 MSD Semantics
•  
   2.4.2.1 Conditions
•  
   2.4.2.2 Real-time Requirements
•  
   2.4.2.3 Existential and Universal MSDs
•  
   2.4.3 Analysis Techniques
•  
  2.5 UML Profiles
•  
   2.5.1 The Modal Profile
•  
   2.5.2 The Systems Modeling Language (SysML)
•  
  2.5.3 Modeling and Analysis of Real-Time Embedded Systems (Marte)
•  
   2.5.3.1 Subprofile Non-functional Properties Modeling (NFPs) and the Model Library Marte_Library
•  
   2.5.3.2 Subprofile Generic Resource Modeling (GRM)
•  
   2.5.3.3 Subprofile Generic Quantitative Analysis Modeling (GQAM)
•  
   2.5.3.4 Subprofile Allocation Modeling (Alloc)
•  
   2.6 Timing Analysis Techniques for Hard Real-time Systems
•  
   2.6.1 Response Time Analysis
•  
   2.6.2 End-to-End Response Time Analysis
•  
  2.7 Clock Constraint Specification Language (CCSL)
•  
   2.7.1 CCSL Semantics and its Realization in TimeSquare
•  
  2.7.2 Pre-defined CCSL Constraints
•  
   2.7.2.1 Clock Expressions
•  
   2.7.2.2 Clock Relations
•  
   2.7.3 User-defined Constraints
•  
   2.8 Specifying Modeling Language Semantics with Gemoc
•  
   3 Integrated Systems Engineering and Software Requirements Engineering
•  
   3.1 Extensions to the Consens Specification Technique
•  
   3.1.1 Port Specifications
•  
   3.1.2 Behavior–Sequences
•  
   3.1.3 Behavior–States
•  
   3.2 Component-based MSD Specifications
•  
   3.3 Process Description
•  
   3.4 Model Transformation Rules Overview
•  
   3.4.1 Derive MSD Use Cases
•  
  3.4.2 Derive Structure
•  
   3.4.2.1 Derive System Component Roles from Discrete Software Components
•  
   3.4.2.2 Derive Environment Component Roles from Environment Elements
•  
   3.4.2.3 Derive Environment Component Roles from Continuous Software Components
•  
   3.4.2.4 Derive Interfaces, Ports, and Connectors
•  
   3.4.3 Derive MSDs
•  
   3.5 Support for Manual Refinement of MSD Specifications
•  
   3.5.1 Informal Guidelines
•  
   3.5.2 Automatic Coverage Check
•  
   3.5.3 Automatic Derivation of Existential MSDs
•  
   3.6 Exemplary Application of the Transition Technique
•  
  3.6.1 Initial Process Iteration
•  
   3.6.1.1 Derive MSD Use Cases
•  
  3.6.1.2 Derive Structure
•  
   Derive System Component Roles from Discrete Software Components
•  
   Derive Environment Component Roles from SwRE-relevant Environment Elements
•  
   Derive Environment Component Roles from SwRE-relevant Continuous System Elements
•  
   Derive Interfaces, Ports, and Connectors
•  
   3.6.1.3 Derive MSDs
•  
   3.6.1.4 Refine MSD Specification
•  
   3.6.1.5 Analyze Coordination Behavior Requirements
•  
   3.6.1.6 Consolidate Discipline-specific Analysis Results
•  
  3.6.2 Subsequent Process Iterations
•  
   3.6.2.1 Manual Changes to the Consens System Model
•  
   Changes to the Partial Model Environment
•  
   Changes to the Partial Model Active Structure
•  
   Changes to the Partial Model Behavior–Sequences
•  
  3.6.2.2 Automatic Incremental Update of the MSD Specification
•  
   Impact on the Classifier View
•  
   Impact on the Architecture View
•  
   Impact on the Interaction View
•  
   Summary
•  
  3.7 Semi-automatic Establishment of Explicit Inter-model Traceability Between Consens System Models and MSD Specifications
•  
   3.7.1 Lifecycle Traceability
•  
  3.7.2 Transformation Traceability
•  
   3.7.2.1 Incremental Update of not Manually Modified MSD Specifications
•  
   3.7.2.2 Preservation of Manual Modifications to MSD Specifications
•  
  3.8 Model Transformations and Coverage Check More Formally
•  
   3.8.1 Preconditions for the Consens System Model
•  
   3.8.1.1 Relational Traceability Between Partial Models
•  
   3.8.1.2 Environment and Active Structure
•  
   3.8.1.3 Behavior–Sequences
•  
   3.8.1.4 Behavior–States
•  
  3.8.2 Model Transformation Approach and Algorithm
•  
   3.8.2.1 Selection and Extension of the Model Transformation Approach
•  
   3.8.2.2 Model Transformation Algorithm
•  
   3.8.3 Coverage Check between MSD Specifications and Behavior–States
•  
   3.8.3.1 Rule Set 1: Check Whether Each SwRE-relevant Trigger/Effect in the Behavior–States is Represented in any Requirement MSD
•  
   3.8.3.2 Rule Set 2: Check Whether Each MSD Message Sent from/to the Environment in a Requirement MSD is Represented in the Behavior–States
•  
  3.9 Realization and Evaluation
•  
   3.9.1 Implementation
•  
  3.9.1.1 SysML Profiles
•  
   SysML4Consens
•  
   Relevance Annotations
•  
   Exemplary Application of the Profiles
•  
  3.9.1.2 Capra Traceability Information Models
•  
   Lifecycle Traceability Information Model
•  
   Transformation Traceability Information Model
•  
  3.9.2 Case Study
•  
   3.9.2.1 Case Study Context and Cases
•  
   3.9.2.2 Setting the Hypotheses
•  
   3.9.2.3 Data Collection Preparation
•  
  3.9.2.4 Data Collection Procedure
•  
   Hypothesis H1
•  
   Hypothesis H2
•  
   3.9.2.5 Interpreting the Results
•  
  3.9.2.6 Threats to Validity
•  
   Construct Validity
•  
   Internal Validity
•  
   External Validity
•  
   Reliability
•  
  3.10 Related Work
•  
   3.10.1 Transition from MBSE to Discipline-specific Models
•  
   3.10.2 System Modeling Languages and Methods with Discipline-specific Information
•  
   3.10.3 Component-based Scenario Notations
•  
   3.10.4 Semi-automatic Establishment of Explicit Lifecycle Traceability
•  
   3.11 Summary
•  
   4 Early Timing Analysis based on Software Requirements Specifications
•  
   4.1 Platform-specific MSD Specifications
•  
  4.1.1 Specifying Execution Platforms
•  
   4.1.1.1 Specifying the Hardware
•  
   4.1.1.2 Specifying the Real-time Operating System
•  
   4.1.1.3 Specifying Communication Facilities
•  
   4.1.2 Specifying Allocations
•  
   4.1.3 Annotating the Application Software
•  
   4.1.4 Specifying Analysis Contexts
•  
   4.2 Process Description
•  
  4.3 Extension of MSD Message Event Handling Semantics
•  
   4.3.1 Asynchronous Messages
•  
   4.3.2 Message Creation and Consumption
•  
   4.3.3 Task Processing
•  
   4.4 MSD Semantics for Timing Analyses
•  
   4.4.1 Encoding of Additional Event Kinds and their Unification
•  
  4.4.1.1 Unification Occurrences
•  
   Metamodel Level M2
•  
   Metamodel Level M1
•  
   Metamodel Level M0
•  
   4.4.1.2 Unification of Message Events with MSD Message Locations
•  
   Metamodel Level M2
•  
   Metamodel Level M1
•  
   Metamodel Level M0
•  
   4.4.2 Encoding of Timing Effects Induced by Platform Properties
•  
   4.4.2.1 Static Delays Between Message Event Kinds
•  
   Metamodel Level M2
•  
   Metamodel Level M1
•  
   Metamodel Level M0
•  
  4.4.2.2 Dynamic Delays due to Mutual Exclusion of Resources
•  
   Metamodel Level M2
•  
   Metamodel Level M1
•  
   Metamodel Level M0
•  
  4.4.3 Encoding of Real-time Requirements and Timing Analysis Contexts
•  
  4.4.3.1 Clock Resets and Time Conditions
•  
   Metamodel Level M2
•  
   Metamodel Level M1
•  
   Metamodel Level M0
•  
  4.4.3.2 Timing Analysis Contexts
•  
   Metamodel Level M2
•  
   Metamodel Level M1
•  
   Metamodel Level M0
•  
   4.5 Exemplary Timing Analysis
•  
  4.6 Realization and Evaluation
•  
   4.6.1 Implementation
•  
  4.6.1.1 The Timing Analysis Modeling (TAM) Profile in Detail
•  
   Subprofile AnalysisContext
•  
   Subprofile Platform::Communication
•  
   Subprofile Platform::ControlUnit
•  
   Subprofile Platform::OperatingSystem
•  
   Subprofile ApplicationSoftware
•  
   Subprofile SimulationExtensions
•  
   4.6.1.2 Preprocessing
•  
   Computation of Message Dispatch Delays
•  
   Computation of Message Send Delays
•  
   Computation of Message Consumption Delays
•  
   Computation of Task Execution Delays
•  
  4.6.2 Case Study
•  
   4.6.2.1 Case Study Context and Cases
•  
   4.6.2.2 Setting the Hypotheses
•  
   4.6.2.3 Data Collection Preparation
•  
  4.6.2.4 Data Collection Procedure
•  
   Hypothesis H1
•  
   Hypothesis H2
•  
   Hypothesis H3
•  
   Hypothesis H4
•  
   4.6.2.5 Interpreting the Results
•  
  4.6.2.6 Threats to Validity
•  
   Construct Validity
•  
   Internal Validity
•  
   External Validity
•  
   Reliability
•  
  4.7 Related Work
•  
   4.7.1 Timing Analyses based on System Models
•  
   4.7.2 Scenario-based Timing Analyses
•  
   4.7.3 Architecture-based Timing Analyses
•  
   4.8 Summary
•  
  5 Conclusion
•  
   5.1 Summary
•  
   5.2 Future Work
•  
  Bibliography
•  
   Own Peer-reviewed Publications
•  
   Own Non-peer-reviewed Publications
•  
   Supervised and Own Theses
•  
   Preliminary Work
•  
   Literature
•  
   Standards and Specifications
•  
   Research Projects
•  
   Tool Suites and Tool Frameworks
•  
   List of Figures
•  
   List of Tables
•  
   List of Algorithms
•  
   Listings
•  
   Appendices
•  
  A Supplementary Material for the Transition Technique from MBSE to SwRE
•  
   A.1 Guidelines for Manual MSD Refinement
•  
  A.2 EBEAS Models Applied in the Transition from MBSE with Consens to SwRE with MSDs
•  
   A.2.1 Consens System Model
•  
  A.2.2 MSD Specification
•  
  A.2.2.1 Initially Derived MSD Specification
•  
   MSD Use Case Obstacle Detection
•  
   MSD Use Case Emergency Braking
•  
   MSD Use Case Emergency Braking and Precrash Measures
•  
  A.2.2.2 Example: Manual Refinement of an Initially Derived MSD Specification
•  
  Step 1: Specify Additional MSDs
•  
   a) Add Assumption MSDs
•  
   b) Add Requirement MSDs
•  
   Step 2: Specify Trigger and Execution Behavior
•  
   Step 3: Specify Temperatures and Execution Kinds
•  
   Step 4: Specify Conditional Behavior
•  
   Step 5a: Check Coverage w.r.t. the Partial Model Behavior–States
•  
   Step 5b: Validate Existential Behavior
•  
   A.2.2.3 MSD Specification After Manual Refinement
•  
   MSD Use Case General Environment Assumptions
•  
   MSD Use Case Obstacle Detection
•  
   MSD Use Case Emergency Braking
•  
   MSD Use Case Emergency Evasion
•  
   MSD Use Case Emergency Braking and Precrash Measures
•  
   A.3 Case Study Details: Hypothesis H2 for the Transition Technique from MBSE to SwRE
•  
  B Supplementary Material on the MSD Semantics for Timing Analysis
•  
   B.1 Further Examples of the MSD Semantics for Timing Analyses
•  
   B.2 Complete MSD Semantics for Timing Analyses: ECL Mapping Specification and User-defined MoCCML Relations
•  
   B.3 Exemplary Timing Analysis: TimeSquare Screenshot
•  
   B.4 Case Study Details: Hypotheses H2 and H3 for the Timing Analysis based on MSDs
•  
   C Own Publication Contributions