CpSc 371
Exam 2
Name______________________________________________
Answer any FOUR of the five questions. Place a large X on the question you are omitting. If you answer all five, the one on which you score the best will NOT be counted. All questions are counted the same: 25 points each. Answer all parts of each question.
You can not have a laptop in the exam. You may have the textbook, class notes, handouts, copies of submitted homework. You have from 2pm until 3:15pm for the exam.
a.
“Abstract”
and “refines to” are used in AADL to separate the reference architecture from
the concrete architecture. What is the value of this approach? What is a possible drawback?
b.
Why is simply counting the number of
requirements not a useful metric?
c. What information is captured in a fault tree? How does the system engineer use the fault tree analysis information?
d.
Explain the purpose of each statement in
the AADL spec below.
system Thermostat
features
current_temperature : in feature group Current_Temperature;
heat_control : out data port Heat_Control;
flows
current_temperature_heat_control : flow path current_temperature -> heat_control;
properties
Isolette_Properties::Failure_Probability
=> 0.000000005 abs;
end Thermostat;
a. The
value is simpler abstractions to guide extension and maintenance of the
concrete architecture. A drawback is
loss of information and exactness in analysis.
b. Different
requirements are of different impacts
c. Faults
are associated with root causes in a tree
Name
of the system being specified
Keyword
indicating features
A
set of features being declared under a single name and being associated with an
input
A
single feature being associated with an output
Keyword
defining a section for paths
Defining
a path for information to move from an input to an output
Keyword for defining characteristics of the “system”
Declaration
and assignment of a value to a characteristic,
End
of the system spec
2.
a. What
is the purpose of the “stimulus source” in a quality attribute scenario?
b. The
assurance case argues the validity of a system. Explain the structure of an
assurance case.
c. Which
were the three highest priority attributes for the dongle to cloud system? How is this priority determined in a
requirements engineering process?
d. Describe
how priorities among qualities are determined.
a. To identify the stakeholder who initiates the scenario’s occurrence
b. A claim is stated, evidence, which supports the claim, is attached to the claim. Inference rules that define how the evidence is used to support the claim are added. Defeaters that raise doubts about claims, evidence, or inference rules are attached to the element about which it raises doubt.
c. Latency, security, usability; votes of stakeholders
d.
Votes of stakeholders (A late cut/paste that I did not
catch)
a. There is a trio: fault, error, and failure. Explain their relationship to each other.
b. A hazard is a potential failure that could cause harm. How does having a text-based hazard record in an error model aid system engineers?
c. An
AADL specification has features, connections, properties, and some flows. What
do these tell the potential reader of the artifact whose specification it is?
d. An interface specification describes the interaction between entities. List at least three pieces of information that should be in the specification on each of the entities connecting through the interface to allow correctness checking of the interface.
a. A fault is injected by a human; program execution encounters the fault and produces erroneous output; the erroneous output is sent to another part of the program where it is identified as a failure
b. A tool collects all of the text records and provides them to the engineer
c. Features tell what the system can do, what inputs are required, and what outputs are produced; connections show the other modules with which this module interacts; properties define certain non-functional characteristics of the system; and flows show dependencies of outputs on inputs
d.
Types of each piece of data that moves from one module
to the other; direction of the movement; any constraints on the movement
a. Describe where in the requirements definition process that the House of Quality is used. What information is produced by using the House of Quality?
b. What is the DIFFERENCE between a “traditional” system and a complex adaptive system?
c. Commonality/Variability analysis identifies pieces of the system that are the same and separates those that are different. Explain how the “extends” relationship between entities in an architecture definition supports this separation.
d. Error handling is a big part of a successful requirements model. The error state machine captures a lot of information. Describe all of the information that might be captured in the machine.
a) What is the purpose of “guidance” in a process description, like when using EPF? Give examples of guidance instances.
b) The requirements model must be validated. Describe how to evaluate the model?
c) The AADL error annex and behavioral specification annex both use state machines as their basic syntax. What limitation does this impose on the types of models that can be built?
d) What’s the balance between being agile and moving rapidly and developing safety-critical systems and defining a process that includes multiple checks and balances?
a. Guidance is an explanation, maybe of what something is or how to perform a task
b. Simulation, testing, inspection by trained person
c. The actions are all discrete rather than continuous
d. Are a sufficient set of faults being mitigated