Research on Software Structure Analysis Technology and Reliability Evaluation Method of Warship Equipment

YAN Ran( )， HAN Xinyu()， LIU Bojiang()， TANG Longli()

China Shipbuilding Software Quality&Reliability Testing Center，Beijing100081，China

Abstract：In view of the current reliability evaluation requirements of warship equipment based on component，this paper comprehensively considered the characteristics of components，and the component identification method，structural decomposition method，component architecture modeling method were studied for warship equipment software.Based on the characteristics of warship equipment component，this paper proposed a formal modeling language based on Petri nets to realize the modeling of component software architecture and laid a foundation for the reliability evaluation method research of warship equipment component.

Key words：warship equipment component software；software architecture；component identification；component modeling；reliability evaluation

Introduction

The system of newly-developed type of warship weapons and equipment is highly complex. Its system functions are flexibly reorganized， the human-machine interface is highly unified， resources are reconfigured on-demand， information is acquired on demand， application functions are plug-and-play， and the system is flexibly reconfigured[1]. Obviously traditional software development methods do not meet the above requirements. Component-based application integration frameworks and SOA technologies mainly deal with network-based on distributed system computing and supporting network multimedia information sharing， and have become a new generation of ship equipment. The development trend and the key technology are widely used. At present， the integration platform， naval combat system integration framework (Fig. 1)， shipboard aviation command and the fleet command system of complex software system， developed by component technology， have been applied on the version under development.

Ship equipment component software is the system that assembled by components according to the principle of component software engineering[2]. In the software system composed of component software， each component performs a task relatively independently. Its internal structure is transparent to users. And finally the entire systems work together through various interfaces. When a part is no longer meets user’s needs， the relevant components without modifying other components can be upgraded and replaced.

1 Component Identification Methods

The component software， in short， is a system that is assembled from components according to the principle of component software engineering. In the software system， composed of components， each component performs a task independently. Its internal structure is transparent to users， and finally the various systems work together through various interfaces. Component can operate on different platforms， and are update conveniently， reuse frequently[3].

The linker implements data transferring and control transferring functions， such as sequence， selection， loop， parallel， between components. Assembling system based on connecting linker method realizes separating the function of components and their interactions， and increase the configuration of component assembly. The method is currently one of the effective technical approaches to realize dynamic assembly of components. The components that can perform controlling and data transmission， interface adaptation and data conversion， access coordination and synchronization， and dynamic component connection， all be considered as a linker.

Linker play an important role in architecture modeling. Since linker can function as a component to a certain degree，it can be divided into components in the modeling process.

According to different information sources and different target components， component identification can be divided into forward identification and reverse identification. The former refers to starting from the demand model and identifying components from the software system， and then implementing the software components and constructing the software system. The latter refers to the reverse recovery from the software source code of the legacy system when the software system already exists， and identifies the source code level software components.

According to the characteristics of the software system， the development technology and existing technical documents， the following 4 methods: functional decomposition division method,interface analysis division method, input domain division method and module encapsulation division method, will be used as rules for the division of the software system to identify component.

1.1 Functional decomposition division method

From the perspective of the application and realization of the ship information system， components can be divided into large-grained functional components and software components for implementation. Usually， the functional component can be divided according to the functional structure of the information system or the business process[4].

Functional decomposition method can be used to identify components. The goal of this method is each function and the relationship between each major functional module.

There are two ways to decompose components to identify components： identification strategy. The specific choice of which way， the need to analyze the software string， parallel structure. If the parallel structure of software dominance， consider the first method； if the serial structure dominated， consider the second method.

The first method is to iteratively separate functional modules to divide components based on the software specifications and software requirements specification. The divided functional module can be considered as a linker only if it meets the definition of a linker or acts as a linker.

The second method is to identify components based on business processes. Business processes are essentially functional processes.For example， a simple functional process is to issue， audit and process commands.

The process of function decomposition method identifying the components is shown in Fig. 2.

Step 1 According to the design document and requirement document， the software system can be divided into several main function modules.

Step 2 According to the specific function of the main module description and process， the functional structure figure is summed. Functional diagram is the function of the system to decompose， according to the function of subordinate relationship expressed as a chart. System of the subsystem can be seen as the system under the target of the function， which can continue to break down each of the third layer， the fourth layer, even more features. As shown in Fig. 3, the end of the process is broken down to the bottom of the function. A compact module can be seen as a component. The functional module after decomposition， which acts as a linker， can be considered a linker.

Step 3 The decomposed functions (including the main functions and sub-functions) have separate interfaces and protocols， can be used independently， can be seen as components. The linker is also a component.

Step 4 According to the above recognition strategy， the logical relationship between components can be determined. The above method lays the foundation for the study of the reliability evaluation method of the subsequent component.

Fig. 2 Functional decomposition method to identify components

Fig. 3 Simple function chart

1.2 Interface analysis division method

According to the requirement design of software interface of ship electromechanical products and the technology of interface testing in software testing process， the software components are divided according to the interface types， the complexity of interfaces and the intensity of the mutual information between interfaces. According to the interface divided module， its own independence， separability， this method can be used as one of the main component identification methods.

The interface between the ship’s mechanical and electrical product software is mainly divided into Ethernet interface， serial interface， CAN interface and IO interface，etc.， which are classified according to the communication mode. Interface analysis is the process of breaking up the system into a series of components divided by interface types. This method can comprehensively consider the internal interface diagram and external interface diagram in the “Software Interface Requirements Specification” document.

The main points of interface analysis division method include identification targets， identification strategies， and identification processes.

The process of interface analysis identifies method is shown in Fig. 4.

Fig. 4 Interface analysis identification component process

The identification goal of the interface analysis method is to use the relationship among the module interfaces to divide the components. The identification strategy is， firstly， considering the clarity between the modules. If the modules are coupled closely， they can be considered to view as a whole component， which called component-level software. Secondly， considering whether the interactions between modules are explicit， such as requests， receivers， or information-passers. The information transfer module is a linker.

According to the requirements specification of the software， the interface relationship between the modules is clarified. Through the interface analysis， the software system is divided into several modules. The module divided by the interface can be regarded as a component. If two or more functional modules with multiple interaction information and complicated logical interfaces can be divided into one component.

1.3 Input domain division method

One of the areas that must be considered during software testing is the input field. Dividing components by input fields can be considered from 2 aspects. Firstly， it can be divided according to the set of software input， such as interface input and message input when performing black box testing. Secondly， when performing a white-box test， the input types can be analyzed by software program analysis.

When performing a black box test on the software， input fields include numeric input， text input， button input， message input (such as user datagram protocl message， serial port message)， and graphic input[6]from the test type and test item. Based on the program analysis method to determine the input field， the input is to extract information from the source code， analyze variables and modules， and then determine the value range of the input variables of the program. The black box test considered from the entire software system is more in line with the idea of reverse analysis software system structure in this paper. Therefore， the input field division method is adopted in this paper to determine the input field from the software black box test perspective.

Different types of input fields have some impact on the software reliability[7-8]. According to the different input fields， the module is divided into different components. Based on the theory of different types of input fields that having an influence on software reliability， the same input field modules are divided into a component. In this way， according to the different input fields， the software module can be divided into several components.

The process of input domain division method is shown in Fig. 5.

Fig. 5 Steps of component division according to the input field

Step 1 According to the software system design documents， technical specification documents， requirements and design documents，etc.， combine the software interface， message input and other aspects， the input fields of the system are classified and divided.

Step 2 According to the software work-flow， each function module input and output space are analyzed.

Step 3 Analyze the attributes and characteristics of each input field， divide the same input module into one component.

It is important to note that testers often need to determine what exactly all possible inputs contain. To determine all possible inputs， the first is to check the software requirements. If the requirements are complete and unambiguous， it is possible to identify all input sets.

1.4 Module encapsulation division method

Most of the software on warship is developed by C++， and encapsulation is one of its features. In C++， objects are defined by classes， which are the tools for encapsulation and data hiding and the basic logical unit for wrapping data and methods.

Encapsulation offers reusability for developing software in an object-oriented approach that greatly increases the efficiency， quality， and reliability of software development.

In addition， the main thing is that the encapsulation of the module can also be a package of multiple sub-software systems， and only the rules and interface definitions are explicitly used to the outside world. Module encapsulation here is mainly for such cases. For a software system with a large number of module packages， the method according to module encapsulation is shown in Fig 6.

Fig. 6 Steps of component division basing module encapsulation

Depending on the encapsulation of the software， module of software has a clear internal scope， a clear external boundary， and a clear interface.

Components with good encapsulation can be considered as one component. However， the module after divided by this method is large. Therefore， when using this method， the function decomposition and interface analysis method must be comprehensively considered. This paper considers from the following 2 aspects. Firstly， after using function decomposition division method， if a larger sub-function module contains an encapsulation module， the sub-function module can be decomposed by the module encapsulation method. Secondly， the module encapsulation property of the software system is relatively obvious， systems can use module encapsulation division method， and then use functional decomposition or interface division method to divide components.

1.5 Comparison and application of 4 methods

Comparison and application of 4 methods is shown in Table 1.

Table 1 Comparison and application of 4 kinds of component recognition methods

2 Component Architecture Modeling and Reliability Calculation Method

The software architecture is generally a complex system and includes a variety of basic structural relationships such as order and parallelism. There is a very close relationship between the reliability of the basic software structure style and the reliability of the entire software system.

By the characteristics of the software architecture and the relationships among the components， the entire software architecture can be seen as being embedded by 5 basic structures： sequential structure， and & combine structure， or & combine structure， branch structure， or & branch structure[5]. In the following part， the six basic structures are further explained， and basing on the reliability definition[6]， the corresponding reliability calculation formulas are given.

2.1 Sequential structure

The structure consists ofncomponents. A function must be continuous processing throughncomponents to complete. In other words， if and only if thencomponents and linker work normally， the system can work properly. Failure of any component or linker will result in failure of the entire system, as shown in Fig. 7.

Assuming that the life time of the componentsCi(round shape) and linersL(i→j) (Square shape) areXiandY(i→j).The reliability of them， which operating time ist， areRCi(t)=P{Xi>t}，Ci(t)=P{Y(i>j)>t}.

Fig. 7 Reliability model of sequential structure

C1，C2， …，Cn，L(1→2)， …，L(n-1→n)are independent of each other， the system life time isZs， the system working time ists， so the system reliability is

Rs(ts) =P{Zs>ts}=

P{min(X1，X2， …，Xn;Y1→2，Y2→3， …，
Y(n-1)→n>ts)}=

P(X1>ts，X2>ts， …，Xn>ts;Y1→2>ts，
Y2→3>ts， …，Y(n-1)→n>ts)=

(1)

2.2 And&combine structure

And&CombineStructure is a structure which refers to a function can only be composed of n components together with a component to complete. If all then+1 components and linker work properly， the system can run normally， any one part failure will lead to the failure of the entire system. Its corresponding structure is shown in Fig 8. WhereC1， 2， …，ndenotes a set ofC1，C2， …，Cncomponents， andL1， 2， …，n→(n+1)denotes a set of connectorsL(1→(n+1)，L2→(n+1), …，L(n→(n+1).

Fig. 8 Reliability model of and & combine structure

The reliability of components and linkers is defined in the same way as the reliability of sequential structure. The reliability of the system is

Rs(ts) =P{Zs>ts}=

P{min(X1，X2， …，Xn+1，Y1→(n+1)，Y2→(n+1)， …，
Yn→(n+1)>ts)}=

P(X1>ts，X2>ts， …，Xn+1>ts，Y1→(n+1)>ts，
Y2→(n+1)>ts， …，Yn→(n+1)>ts)=

(2)

2.3 Or&combine structure

Or & combine Structure is a structure which refers to a function the collaboration of one ofnth components and the (n+1) th component can be completed. As long as the componentCi， linkerL(i→(n+1)andCn+1work properly， the system can work properly. Its corresponding structure is shown in Fig. 9. WhereC1， 2， …，ndenotes a set ofC1，C2， …，Cncomponents.

Fig. 9 Reliability model of or & combine structure

The system reliability is

Rs(ts) =P{Zs>ts}=

P(max(min(X1，Y1→(n+1)，Xn+1)，min(X2，Y2→(n+1)，

Xn+1)， …， min(Xn，Yn→(n+1)，Xn+1))>ts)=

1-P(max(min(X1，Y1→(n+1)，Xn+1)，min(X2，Y2→(n+1)，

Xn+1)， …， min(Xn，Yn→(n+1)，Xn+1))≤ts)=

1-P(min(X1，Y1→(n+1)，Xn+1)≤ts，min(X2，Y2→(n+1)，

Xn+1)≤ts， …， min(Xn，Yn→(n+1)，Xn+1))≤ts)=

P(Xn+1>ts))=

(3)

2.4 Branch structure

Assuming that the software architecture is consists ofn+1 components， through a component andncomponents together to complete a function. The system can operate normally only if all then+1 components andnconnectors are working properly. Its corresponding structure is shown in Fig. 10. WhereC1， 2， …，ndenotes a set ofC1，C2， …，Cncomponents， andL0→1， 2， …,ndenotes a set of connectorsL0→1，L0→2， …，L0→n.

Fig. 10 Reliability model of branch structure

The system reliability is

Rs(ts) =P{Zs>ts}=

P{min(X0，X1，X2， …Xn，Y0→1，Y0→2， …，

Y0→n)>ts}=

P(X0>ts，X1>ts，Xn>ts，Y0→1>ts，

Y0→2>ts， …，Y0→n>ts)=

(4)

2.5 Or&branch structure

Assuming that the software architecture is consists ofn+1 components. A function is completed by selecting the componentCiaccording to the componentC0. This structure is shown in Fig. 11, whereC1， 2， …，ndenotes a set ofC1，C2， …，Cncomponents， andL0→1， 2， …,ndenotes a set of connectorsL0→1，L0→2， …，L0→n.

Fig. 11 Reliability model of or & branch structure

The system reliability is

Rs(ts) =P{Zs>ts}=

min(P(Xi，Y0→i)>ts，i=1， 2， …，n)×

P(X0>ts)=

min(P(Xi>ts)×P(Y0→i>ts))×P(X0>ts)=

min(RC i(ts)×RL 0→i(ts))×RC 0(ts).

(5)

3 Modeling of Component Software Architecture Based on Petri Nets

Petri nets are one of the many mathematical methods used to describe distribution systems. As a formal language， it uses a graphical approach to describe a distributed system structure as a labelled directed bilateral graph. The core of Petri nets concept of asynchronous concurrency solves many of the non-formal language or semi-formal language that can not solve the model description problem. This paper uses Petri net to formally model the component software architecture.

The definition of the classic Petri net is a collection of quadsΣ=(S,T；F，M0)， where

S={s1，s2， …，sn} is a set of finite positions.

T={t1，t2， …，tm} is a finite transition set.

F∈(P×T)∪(T×P) is the flow relationship，P∪T≠φ，P∩T=φ.

M0is the initial identifier of the network. The logo of the Petri net is a multiple set on the position set. When the system is in the initial state，M0represents the distribution of tokens in various locations.

Petri nets can be represented by a directed bipartite graph， which contains two types of nodes and is connected using directed arcs. The 2 types of nodes are positions and transitions， where the positions are generally represented by circles and transitions are generally represented by rectangles. Dynamic features are represented by allowing tokens (black dots) to be included in the location. In the Petri net with token， according to the enable condition of the migration， the enabled transition ignition (Fire) and the ignition of the transition will implement the movement of the token according to the ignition rule. The ever-changing token redistribution describes the dynamic changes of the system. A typical Petri net is shown in Fig. 12.

Fig. 12 A typical Petri net

Petri net can realize real-time embedded software modeling and verification， especially in the field of security-critical software verification, it has been successfully applied[5， 9].

3.1 Sequential structure based on petri net

The order structure consists ofncomponents， a function must be processed continuously throughncomponents to complete. A formal graph based on Petri nets is depicted in Fig. 13.

Fig. 13 Sequential structure based on Petri net

In this sequential structure， Petri netN=(S，T；F). among them

S={s1，s2， …，sn},

(6)

(7)

(8)

(9)

For transitionti， its front setotiand rear settioare

(10)

Thus the structure of the correlation matrixΣis

(11)

3.2 And&combine structure based on Petri net

And & combine structure means that a function can only be completed in collaboration with a component by onlyncomponents. A formal graph based on Petri net is described in Fig. 14.

Fig. 14 And & combine structure based on Petri net

In this structure， Petri netN=(S，T；F).

S={s1，s2， …，sn，s1+n}，

(12)

(13)

(14)

(15)

For transitionti， its front setotiand rear settioare

(16)

The structure’s correlation matrix is

(17)

3.3 Or&combine structure based on petri net

The structure means that a function simply selects n components to work together with a component. A graphical description based on Petri nets is shown in Fig. 15.

Fig. 15 Formal or & combine structure based on Petri net

In this or & combine structure， the Petri net

N=(S，T；F)，

(18)

F= {(s1，t1)，(s2，t2)， …， (sn-1，tn-1)，(t1，s1+n)，

(t2，s1+n)， …， (tn，s1+n)， (sn+1， end)}.

(19)

F= {(s1，t1)，(s2，t2)， …， (sn-1，tn-1)， (t1，s1+n)，

(t2，s1+n)， …， (tn，s1+n)， (sn+1， end)}.

(20)

F= {(s1，t1)，(s2，t2)， …， (sn-1，tn-1)，(t1，s1+n)，

(t2，s1+n)， …， (tn，s1+n)， (sn+1， end)}.

(21)

(22)

For transitionti， its front set°tiand rear settioare

.

(23)

The structure’s correlation matrix is

(24)

3.4 Branch structure based on petri net

The structure means that the software architecture is composed ofn+1 components， and a certain function needs to be completed by one component andncomponents. The graphical representation based on Petri nets is depicted in Fig. 16.

Fig. 16 Branch structure based on Petri net

In the branching structure， the Petri net N=(S，T；F). among them

F= {(s1，t1)， (s2，t2)， …， (sn，t1)， (t1，s1+n)，

(sn+1，end)}，

(25)

F= {(s1，t1)，(s2，t2)， …， (sn，t1)，(t1，s1+n)，

(sn+1，end)}，

(26)

F= {(s1，t1)，(s2，t2)， …， (sn，t1)，(t1，s1+n)，

(sn+1，end)}.

(27)

.

(28)

For transitionti， its front setotiand rear settioare

S={s1，s2， …，sn，s0}

.

(29)

The structure’s correlation matrix is

Σ=[-1 -1 -1 -1 … -1 1]1×(n+1)

.

(30)

3.5 Petri net-based or&branch structure

Or & branch structure means that the software architecture is composed ofn+1 components. A function means that the software architecture is composed ofn+1 components. A function is to select a component according to the componentS0.Si. A graphical description based on Petri net is shown in Fig. 17.

Fig. 17 Or & branch structure based on Petri net

In this or & branch structure， Petri netsN=(S，T；F). Among them

S={s1，s2， …，sn，s0}，

(31)

F= {(s0，t1)，(s0，t3)， …， (s0，t2n+1)，(t1，s1)，

(t3，s2)， …，(t2n-1，sn)，(s0，t2)，(s2，t4)， …,

(sn，t2n)，(t2，s0)，(t4，s0)…(t2n，s0)}.

(32)

F= {(s0，t1)，(s0，t3)， …， (s0，t2n+1); (t1，s1)， (t3，s2)， …，

(t2n-1，sn); (s0，t2)，(s2，t4)， …, (sn，t2n);(t2，s0)，

(t4，s0)…,(t2n，s0)}

(33)

(34)

For transitionti， its front setotiand rear settioare

(35)

The structure’s correlation matrix is

(36)

4 Example Applications

Taking a data stream interaction architecture of a accusation system component software system as an example， the component software architecture modeling method based on Petri net is introduced. In the component software architecture， according to the hierarchical architecture style， a component software can be divided into 3 levels： core layer， functional layer， and application layer. The core layer is the basis of the entire system. The bottom layer functions are implemented by the core layer. The functional layer is the middle layer of the entire system. It is between the bottom layer and the top layer. It not only accesses the services provided by the core layer to execute， but also provides the functions used by the highest level. The highest level is an excuse to the external environment for the entire system. Users can visit the highest level to access the functions provided by the entire system.

The basic connection between the application layer and the functional layer is called between the components of the functional module， as shown in Fig. 18.

Fig. 18 Calling relation between components

Open the 2 components package in Fig. 19， we can get a more detailed informal component calling relationship， as shown in Fig. 19.

Fig. 19 Detailed calling relationships between components

Using the methods mentioned in thispaper， the above diagram is converted into a formal modeling language based on Petri net， and the component software architecture model is shown in Fig. 20.

Fig. 20 Formal description of the complete call relationship between components

S1means that there is an independent component module in component package 1 that has the function of sending data streams.

S2means that there is an independent component module in component package 1 that has the function of waiting for feedback from sub-component.

S3means that there is an independent component module in component package 1 that has the function of analyzing and using data flow.

S4means that the component package 2 has an independent component module that accepts the data flow function.

S5means that there is an independent component module in component package 2 that has the function of sending data after processing.

S6means that there is an independent component module in component package 2 that has the function of processing data flow.

t1means that the execution of the next transition， after the componentS3completes the analysis and uses the data flow function， its time identifier is [1， 2].

t2represents the next step of execution， after the componentS1completes the data flow function， its time identifier is [1， 5].

t3represents the transition of the next step， after the componentS2finishes the function of waiting for the feedback of the sub-component， its time is identified as [3， 5].

t4represents the transition of the next step， after the componentS4finishes accepting the data flow function， its delay identifier is 5.

t5indicates the execution of the next step of transition， after the componentS5completes the data flow function after sending the processing， its time identifier is [5-6].

t6means to perform the next step of transition， after the componentS6processing data flow function is completed， its time identifier is [2-4].

It can be clearly seen from this Fig. 20 when the componentS1analyzes and uses the data stream， it sends the data stream to the sub-components， triggering the waiting sub-componentS2feedback information and the sub-componentS4confirming that the data stream has been received. Then， in the functional layer， after the data flow is processed according to the requirements through the componentS4， the componentS5and the componentS6， the transitiont3is triggered to return to the initial componentS3. In this way， the task of data stream processing is realized， though the application layer component calling the functional layer component.

In this call relationship formal structure， Petri net indicatesN=(S，T；F，M，I，DI). (S，T；F，M) is a prototype Petri net，Iis the time interval function defined on the transition set，T->R0×(R0∪{∞}).

DIis the time interval function defined on the transition setT：

DI：T→R0

os1={t1}， ……os2={t2}， ……os3={t3}，

os4={t2，t6}，os5={t4}， ……os6={t5}，

(37)

os1={t1}， ……os2={t2}， ……os3={t3}，

os4={t2，t6}，os5={t4}， ……os6={t5}，

(38)

os1={t1}， ……os2={t2}， ……os3={t3}，

os4={t2，t6}，os5={t4}， ……os6={t5}，

(39)

os1={t1}， ……os2={t2}， ……os3={t3}，

os4={t2，t6}，os5={t4}， ……os6={t5}，

(40)

os1={t1}， ……os2={t2}， ……os3={t3}，

os4={t2，t6}，os5={t4}， ……os6={t5}，

(41)

Thus the structure of the correlation matrixΣis

(42)

According to the Petri net’s correlation matrix， as well as extended time and time-series representations， the component software architecture can be easily translated into a computer language， which greatly assists researchers in analyzing the component software architecture.

5 Conclusions

Component software architecture analysis is the basic technology for the reliability assessment of system and individual components. Firstly， this paper analyzes the functional requirements of software， determines the basis of component division， and summarizes the component dividing rules. Secondly， identify the components， composite components and linker according to the corresponding rules and specific system characteristics. On this basis， the basic structure of software is analyzed， includingsequencestructure，and&combinestructure，or&combinestructure，branchstructure，or&branchstructure. Structural model is established using Petri net. Finally， the warship equipment software system that has been implemented is used for example applications. This paper provides the basis for the reliability analysis of warship equipment developed by component software.