|
|
CIP is more than a formal description technique. Methodological concepts guide you from the initial problem to the executable solution. With model-based specifications one works automatically in a defined abstraction level. In addition to these "guard rails", the CIP method also proposes a conceptual model of the development process.
|
Modelling phase
The system development starts by describing and modelling the processes of the environment. For every modelled external process a corresponding CIP process (model process) is created receiving event messages and generating action messages. The transition structures of these CIP processes define all valid sequences of occurring event and action messages. The provisionally incomplete model processes represent in fact the communication protocols for the embedded system and its environment. In this way, the system interface is specified by explicit bahavioural models, defining the valid behaviour of the environment seen from the embedded system. Function phase
The overall behaviour of the embedded system is specified in the second development phase. Function processes are introduced and the required dependencies between the model processes are defined by means of synchronous interaction and asynchronous communication. In a first step one develops the primary functionality of the system which is based on the normal behaviour as defined by the model processes. To permit reaction to invalid behaviour of the environment and to transmission errors, it is usually necessary to extend the structures of the model processes and to introduce supervisory processes in further steps. The specification of system reaction to invalid events is one of the most serious problems in the development of robust and reliable systems. In fact without an explicit normal behaviour model a satisfactory solution to this problem is often not possible at all. |
