2018-02-07 18:44:27 +00:00
|
|
|
chapter \<open>An Outline of a CENELEC Ontology\<close>
|
|
|
|
|
|
|
|
text{* NOTE: An Ontology-Model of a certification standard such as CENELEC or
|
|
|
|
Common Criteria identifies:
|
|
|
|
- notions (conceptual \emph{categories}) having \emph{instances}
|
|
|
|
(similar to classes and objects),
|
|
|
|
- their subtype relation (eg., a "SRAC" is an "assumption"),
|
|
|
|
- their syntactical structure
|
|
|
|
(for the moment: defined by regular expressions describing the
|
2018-02-08 15:25:15 +00:00
|
|
|
order of category instances in the overall document as a regular language)
|
2018-02-07 18:44:27 +00:00
|
|
|
*}
|
|
|
|
|
|
|
|
theory CENELEC_50126
|
|
|
|
imports Isa_DOF
|
|
|
|
begin
|
|
|
|
|
|
|
|
text{* Excerpt of the BE EN 50128:2011 *}
|
|
|
|
|
|
|
|
section {* Requirements-Analysis related Categories *}
|
|
|
|
|
2018-02-08 15:25:15 +00:00
|
|
|
doc_class requirement =
|
2018-02-07 18:44:27 +00:00
|
|
|
long_name :: "string option"
|
|
|
|
|
|
|
|
|
|
|
|
doc_class requirement_analysis =
|
|
|
|
no :: "nat"
|
2018-02-08 15:25:15 +00:00
|
|
|
where "requirement_item +"
|
2018-02-07 18:44:27 +00:00
|
|
|
|
2018-02-28 10:31:42 +00:00
|
|
|
|
2018-02-07 18:44:27 +00:00
|
|
|
text{*The category @{emph \<open>hypothesis\<close>} is used for assumptions from the
|
|
|
|
foundational mathematical or physical domain, so for example:
|
|
|
|
\<^item> the Mordell-Lang conjecture holds,
|
|
|
|
\<^item> euklidian geometry is assumed, or
|
|
|
|
\<^item> Newtonian (non-relativistic) physics is assumed,
|
|
|
|
\<^item> @{term "P \<noteq> NP"},
|
|
|
|
\<^item> or the computational hardness of certain functions
|
|
|
|
relevant for cryptography (like prime-factorization).
|
|
|
|
Their acceptance is inherently outside the scope of the model
|
|
|
|
and can only established inside certification process by
|
|
|
|
authority argument.
|
|
|
|
*}
|
|
|
|
|
|
|
|
datatype hyp_type = physical | mathematical | computational | other
|
2018-02-27 11:02:19 +00:00
|
|
|
|
|
|
|
|
|
|
|
typ "CENELEC_50126.requirement"
|
|
|
|
|
2018-02-28 10:31:42 +00:00
|
|
|
|
2018-02-08 15:25:15 +00:00
|
|
|
doc_class hypothesis = requirement +
|
|
|
|
hyp_type :: hyp_type <= physical (* default *)
|
2018-02-07 18:44:27 +00:00
|
|
|
|
|
|
|
text{*The category @{emph \<open>assumption\<close>} is used for domain-specific assumptions.
|
2018-02-08 15:25:15 +00:00
|
|
|
It has formal, semi-formal and informal sub-categories. They have to be
|
2018-02-07 18:44:27 +00:00
|
|
|
tracked and discharged by appropriate validation procedures within a
|
|
|
|
certification process, by it by test or proof. *}
|
|
|
|
|
|
|
|
datatype ass_kind = informal | semiformal | formal
|
|
|
|
|
2018-02-08 15:25:15 +00:00
|
|
|
doc_class assumption = requirement +
|
|
|
|
assumption_kind :: ass_kind <= informal
|
2018-02-07 18:44:27 +00:00
|
|
|
|
|
|
|
text{*The category @{emph \<open>exported constraint\<close>} (or @{emph \<open>ec\<close>} for short)
|
|
|
|
is used for formal assumptions, that arise during the analysis,
|
|
|
|
design or implementation and have to be tracked till the final
|
|
|
|
evaluation target,and discharged by appropriate validation procedures
|
|
|
|
within the certification process, by it by test or proof. *}
|
|
|
|
|
|
|
|
doc_class ec = assumption +
|
2018-02-08 15:25:15 +00:00
|
|
|
assumption_kind :: ass_kind <= (*default *) formal
|
2018-02-07 18:44:27 +00:00
|
|
|
|
|
|
|
text{*The category @{emph \<open>safety related application condition\<close>} (or @{emph \<open>srac\<close>}
|
|
|
|
for short) is used for @{typ ec}'s that establish safety properties
|
2018-02-28 13:06:52 +00:00
|
|
|
of the evaluation target. Their track-ability throughout the certification
|
2018-02-07 18:44:27 +00:00
|
|
|
is therefore particularly critical. *}
|
2018-02-28 13:06:52 +00:00
|
|
|
|
2018-02-07 18:44:27 +00:00
|
|
|
doc_class srac = ec +
|
2018-02-08 15:25:15 +00:00
|
|
|
assumption_kind :: ass_kind <= (*default *) formal
|
|
|
|
|
|
|
|
section {* Design related Categories *}
|
|
|
|
|
|
|
|
doc_class design_item =
|
|
|
|
description :: string
|
|
|
|
|
|
|
|
datatype design_kind = unit | module | protocol
|
|
|
|
|
|
|
|
doc_class interface = design_item +
|
|
|
|
kind :: design_kind
|
|
|
|
|
2018-02-07 18:44:27 +00:00
|
|
|
|
|
|
|
section {* Requirements-Analysis related Categories *}
|
|
|
|
|
|
|
|
doc_class test_item =
|
2018-02-28 10:31:42 +00:00
|
|
|
nn :: "string option"
|
2018-02-07 18:44:27 +00:00
|
|
|
|
|
|
|
text{* subcategories are : *}
|
|
|
|
|
|
|
|
datatype test_kind = blackbox | whitebox | greybox | fuzz | pertubation
|
|
|
|
|
|
|
|
datatype test_coverage_criterion =
|
|
|
|
allpathk nat nat (* depth, test_coverage_degree *)
|
|
|
|
| mcdc nat (* depth, test_coverage_degree *)
|
|
|
|
| exhaustive
|
|
|
|
| dnf_E_d string nat (* equivalence class testing *)
|
|
|
|
| other string
|
|
|
|
|
|
|
|
doc_class test_specification = test_item +
|
|
|
|
short_goal :: string
|
|
|
|
|
|
|
|
doc_class test_case = test_item +
|
|
|
|
kind :: test_kind
|
|
|
|
descr :: string
|
|
|
|
|
|
|
|
|
2018-02-09 11:25:15 +00:00
|
|
|
|
2018-02-07 18:44:27 +00:00
|
|
|
doc_class test_result = test_item +
|
|
|
|
verdict :: bool
|
|
|
|
remarks :: string
|
|
|
|
covvrit :: test_coverage_criterion
|
|
|
|
|
|
|
|
datatype test_environment_kind = hardware_in_the_loop ("hil")
|
|
|
|
| simulated_hardware_in_the_loop ("shil")
|
|
|
|
|
|
|
|
doc_class test_environment = test_item +
|
|
|
|
descr :: string
|
2018-02-08 15:25:15 +00:00
|
|
|
kind :: test_environment_kind <= shil
|
2018-02-07 18:44:27 +00:00
|
|
|
|
|
|
|
doc_class test_tool = test_item +
|
|
|
|
descr :: string
|
|
|
|
|
|
|
|
doc_class test_requirement = test_item +
|
|
|
|
descr :: string
|
|
|
|
|
|
|
|
doc_class test_adm_role = test_item +
|
|
|
|
name :: string
|
|
|
|
|
|
|
|
doc_class test_documentation =
|
|
|
|
no :: "nat"
|
|
|
|
where "(test_specification.((test_case.test_result)+.(test_environment|test_tool))+.
|
|
|
|
[test_requirement].test_adm_role"
|
2018-02-08 15:25:15 +00:00
|
|
|
where "(test_specification.((test_case.test_result)+.(test_environment|test_tool))+.
|
|
|
|
[test_requirement].test_adm_role"
|
2018-03-01 16:14:03 +00:00
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2018-02-07 18:44:27 +00:00
|
|
|
section{* Example *}
|
|
|
|
|
|
|
|
text*[ass122::srac] {* The overall sampling frequence of the odometer
|
|
|
|
subsystem is therefore 14 khz, which includes sampling, computing and
|
|
|
|
result communication times... *}
|
|
|
|
|
|
|
|
text*[t10::test_result] {* This is a meta-test. This could be an ML-command
|
|
|
|
that governs the external test-execution via, eg., a makefile or specific calls
|
|
|
|
to a test-environment or test-engine *}
|
2018-02-28 10:31:42 +00:00
|
|
|
|
2018-02-28 13:06:52 +00:00
|
|
|
|
2018-02-07 18:44:27 +00:00
|
|
|
text \<open> As established by @{docref \<open>t10\<close>}, the
|
|
|
|
assumption @{docref \<open>ass122\<close>} is validated. \<close>
|
2018-02-28 13:06:52 +00:00
|
|
|
|
|
|
|
|
|
|
|
section{* Provisory Setup *}
|
|
|
|
|
2018-02-07 18:44:27 +00:00
|
|
|
(* Hack: This should be generated automatically: *)
|
|
|
|
ML{*
|
|
|
|
val _ = Theory.setup
|
2018-02-28 10:31:42 +00:00
|
|
|
((DocAttrParser.control_antiquotation @{binding srac}
|
|
|
|
(DOF_core.name2doc_class_name @{theory} "srac")
|
|
|
|
{strict_checking=true}
|
|
|
|
"\\autoref{" "}" ) #>
|
|
|
|
(DocAttrParser.control_antiquotation @{binding ec}
|
|
|
|
(DOF_core.name2doc_class_name @{theory} "ec")
|
|
|
|
{strict_checking=true}
|
|
|
|
"\\autoref{" "}")#>
|
|
|
|
(DocAttrParser.control_antiquotation @{binding test_specification}
|
|
|
|
(DOF_core.name2doc_class_name @{theory} "test_specification")
|
|
|
|
{strict_checking=true}
|
|
|
|
"\\label{" "}"))
|
2018-02-07 18:44:27 +00:00
|
|
|
|
|
|
|
*}
|
2018-02-28 10:31:42 +00:00
|
|
|
|
2018-02-28 13:06:52 +00:00
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
section{* Testing and Validation *}
|
|
|
|
|
|
|
|
|
|
|
|
ML{*
|
|
|
|
DOF_core.name2doc_class_name @{theory} "requirement";
|
2018-02-28 10:31:42 +00:00
|
|
|
DOF_core.name2doc_class_name @{theory} "srac";
|
2018-02-09 11:25:15 +00:00
|
|
|
DOF_core.is_defined_cid_global "srac" @{theory};
|
|
|
|
DOF_core.is_defined_cid_global "ec" @{theory};
|
2018-02-28 10:31:42 +00:00
|
|
|
|
|
|
|
DOF_core.is_subclass @{context} "CENELEC_50126.srac" "CENELEC_50126.ec";
|
|
|
|
DOF_core.is_subclass @{context} "CENELEC_50126.ec" "CENELEC_50126.srac";
|
|
|
|
|
|
|
|
val ({maxano, tab},tab2) = DOF_core.get_data @{context};
|
|
|
|
Symtab.dest tab;
|
|
|
|
Symtab.dest tab2;
|
|
|
|
|
|
|
|
|
2018-02-08 15:25:15 +00:00
|
|
|
*}
|
2018-02-28 10:31:42 +00:00
|
|
|
|
|
|
|
|
|
|
|
ML{*
|
|
|
|
DOF_core.name2doc_class_name @{theory} "requirement";
|
|
|
|
Syntax.parse_typ @{context} "requirement";
|
|
|
|
val Type(t,_) = Syntax.parse_typ @{context} "requirement" handle ERROR _ => dummyT;
|
|
|
|
Syntax.read_typ @{context} "hypothesis" handle _ => dummyT;
|
|
|
|
Proof_Context.init_global;
|
|
|
|
*}
|
|
|
|
|
|
|
|
|
2018-02-07 18:44:27 +00:00
|
|
|
end
|
|
|
|
|