DOCSLIB.ORG

The Specc System-Level Design Language and Methodology, Part 1

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text

Load more

Embedded Systems Conference San Francisco 2002 The SpecC System-Level Design Language and Methodology, Part 1 Class 309 Rainer Dömer Center for Embedded Computer Systems Universitiy of California, Irvine, USA Abstract A well-defined design methodology supported by a system-level design language (SLDL) is the key for managing the complexity of the design flow, especially at the system level. Only with well-defined and unambiguous models and transformations can we achieve productivity gains through synthesis, verification and tool interoperability. This paper presents the SpecC system design language. After a general overview of SLDL requirements, it describes the SpecC language as an example of a language specifically developed to support a formalized design flow. This is the first paper in a two-part series. This part introduces the SpecC model and the SpecC language. 1 Introduction Systems-on-Chip (SOCs) are faced with a huge increase of design complexity. A well-known solution in computer science for dealing with complexity is to exploit hierarchy. This effectively reduces the complexity in terms of the number of objects to be handled at one time. Figure 1 illustrates this principle for digital systems. An embedded system, which at the lowest level consists of 10ths of millions of transistors, typically reduces to only thousands of components at the register-transfer level (RTL). Furthermore, RTL components are grouped together at the algorithm level. Finally, at the highest level, called system level, a single system is composed of only few components which include microprocessors, custom hardware units, memories, a variety of IPs, and busses. Please note that the level of abstraction is a trade-off with the level of accuracy. The higher the abstraction level, the lower the accuracy, and vice versa. Level Number of components 1E0 System 1E1 Ab Algorithm 1E2 Ac str cu 1E3 ac ra RTL tio cy 1E4 n Gate 1E5 1E6 Transistor 1E7 Figure 1: Abstraction Levels. 1 From Figure 1, it is obvious that the design of a complex embedded system is easier at the system level than at the detailed gate or transistor level. Thus, one solution to deal with the increased complexity is to move to a higher level of abstraction, called the system level. From the system level, the SOC design methodology then works its way through several refinement steps down to the implementation. The design process of a new system usually starts from an abstract specification model and ends with a highly accurate implementation model that reflects the real system with all its details. The advantage of such a top-down approach is that all necessary design decisions can be made at an abstraction level where all irrelevant details are left out of the model. This allows designers to work with a model of minimum complexity. 2 The SpecC Model The following section takes a closer look at the SpecC model, including its components and its features. C1 P1 P2 B1 B2 s1 v1 s2 v2 s3 v3 (a) (b) Figure 2: (a) Traditional Model, (b) SpecC Model. 2.1 Traditional Model For the design of embedded systems, the key representation for any design is a block diagram. Block diagrams consist of a set of blocks and a set of interconnections between the blocks. The blocks in the diagram represent components that perform a particular function or computation. Also, the blocks can communicate with each other through the interconnections. Here, it is important to note that there are two distinct actions performed by the blocks, namely computation and communication. The traditional model of a block diagram, such as in VHDL or Verilog, is shown in Figure 2(a). Two processes, P1 and P2, are communicating via variables s1, s2 and s3. By assigning values to the signals, according to some predefined protocol, the processes can communicate and exchange data. In this scenario, the processes P1 and P2 contain code for both communication and computation. The communication part is highlighted in the figure. Because communication and computation are freely intermixed in the code, they cannot be identified by any tool. As a result, it is not possible to automatically change the communication protocol when design constraints change. On the other hand, it is also impossible to automatically switch to a new algorithm to perform the computation. 2.2 SpecC Model The SpecC model does not have this problem. In the SpecC model, communication and computation are clearly separated. Computation is encapsulated in behaviors, and communication is encapsulated in channels, as shown in Figure 1(b). Here, the computation is encapsulated in the behaviors B1 and B2, and the communication is contained in the channel C1. More specifically, the channel C1 encapsulates the communication in form of functions, such as send and receive. These functions define the interfaces of the channel. The channel also encapsulates the communication media, i.e. the variables v1, v2 and v3. On the other hand, the behaviors only contain computation. In order to communicate, the behaviors call the functions provided by the connected channel. 2 As a result of the separation of communication and computation, the SpecC model supports “plug-and- play”. The communication protocol can be easily exchanged by use of another channel with compatible interfaces, whenever this is desirable in the design process. In the same manner, the behaviors can also be exchanged with others, without affecting the communication protocol. 2.3 Protocol Inlining In SpecC, behaviors and channels are used throughout the design process, i.e. in the specification model and during design exploration and refinement. This way, the “plug-and-play” capability of the SpecC model can be exploited at any stage in the design flow, whenever it is useful. However, in the final implementation model, channels are reduced to variables representing wires by a process called protocol inlining. C1 B1 B2 B1 B2 v1 v1 v2 v2 v3 v3 (a) (b) Figure 3: Protocol Inlining, (a) before, (b) after. For the implementation of a channel, its functions are inlined into the connected behaviors and the encapsulated communication media are exposed. This is illustrated in Figure 3. After the inlining process, the channel C1 has disappeared. The encapsulated variables v1, v2 and v3 are exposed and the communication protocol is integrated into the behaviors B1 and B2. Please note that in this final implementation model communication and computation are no longer separated. Moreover, the resulting model is essentially the same as the traditional model discussed earlier. This allows a straightforward translation of the implementation model into the traditional VHDL or Verilog models. As a result, the SpecC design flow can be easily integrated with a conventional design process. 2.4 Plug-and-Play with Computation Now that the basic “plug-and-play” feature of the SpecC model has been introduced, the reuse of intellectual property (IP) components will be addressed. First, the reuse of computation IP is shown by use of “plug-and-play” with the so-called adapter model. B T IP A v1 (a) (b) v2 Synthesizable Transducer Adapter IP behavior Figure 4: Computation IP, Adapter Model. Figure 4(a) shows a synthesizable behavior B. Note that the behavior is still missing the code for a communication protocol, which will be inlined later from a connected channel. On the other hand, Figure 4(b) shows on the right a fixed IP core with a built-in communication protocol. In order to allow “plug-and-play” with the IP core, it is connected to an adapter channel. An adapter is a channel that has ports just like a behavior. These ports are connected to the variables v1 and v2, which in turn are mapped to the ports of the IP. Communication with the IP is established by use of a set of high- level communication functions provided by the adapter. These functions contain the detailed interface 3 protocol to drive the wires connected to the IP. Thus, by using the adapter functions, other behaviors can easily communicate with the IP. Further, a transducer T is needed to make the components on the right side equivalent to the synthesizable behavior B on the left. A transducer is a synthesizable behavior used to connect two channels. Later in the design process, the transducer T will incorporate two communication protocols. The reason for the need of a transducer stems from the fact that two channels cannot be directly connected because they are passive components. In order to connect passive channels, an active transducer behavior is needed in the middle. As a result, the synthesizable behavior B on the left can be replaced by the IP adapter model on the right at any time in the design process without affecting any other objects. B1 IP B1 IP A v1 v1 v2 v2 (a) (b) Figure 5: Protocol Inlining with Adapter, (a) before, (b) after. The process of inlining with an adapter channel is shown in Figure 5. Before the protocol inlining, the IP adapter is connected to a synthesizable behavior B1, as shown on the left hand side. On the right hand side, the same example is shown after protocol inlining. After the adapter has been inlined, the IP communication protocol has been integrated into the behavior B1 and the variables v1 and v2 directly form the connecting wires to the IP. Note that the adapter A has completely disappeared. 2.5 Plug-and-Play with Communication Similar to IP cores for computation, “plug-and-play” also works for communication IP in the SpecC model. A proprietary implementation of a communication protocol is represented by an IP channel in SpecC, such as the one shown in Figure 6(b). With one exception, this channel is not different in its usage compared to the virtual channel on the left.
Recommended publications
  • The Architecture Analysis and Design Language: an Overview Outline

    The Architecture Analysis and Design Language: an Overview Outline

    Institut Supérieur de l’Aéronautique et de l’Espace The Architecture Analysis and Design Language: an overview Outline 1. AADL a quick overview 2. AADL key modeling constructs 1. AADL components 2. Properties 3. Component connection 3. AADL: tool support AADL Tutorial -- MODELS'15 2 Introduction > ADL, Architecture Description Language: » Goal : modeling software and hardware architectures to master complexity … to perform analysis » Concepts : components, connections, deployments. » Many ADLs : formal/non formal, application domain, … > ADL for real-time critical embedded systems: AADL (Architecture Analysis and Design Language). AADL Tutorial -- MODELS'15 3 AADL: Architecture Analysis & Design Language > International standard promoted by SAE, AS-2C committee, released as AS5506 family of standards > Version 1.0 (2004), version 2 (2009), 2.1 (2012) » Based on feedback from the aerospace industry > Annex document to address specific needs » Behavior, data, error modeling, code generation, … > AADL objectives are “to model a system” » With analysis in mind » To ease transition from well-defined requirements to the final system : code production > Require semantics => any AADL entity has a semantics (natural language or formal methods). AADL Tutorial -- MODELS'15 4 AADL components > AADL model : hierarchy/tree of components » Textual, graphical representations, XMI serialization > AADL component models a software or a hardware entity » May be organized in packages : reusable » Has a type/interface, one or several implementations » May
  • A Pattern Approach to Interaction Design

    A Pattern Approach to Interaction Design

    A Pattern Approach to Interaction Design Jan O. Borchers Department of Computer Science Darmstadt University of Technology Alexanderstr. 6, 64283 Darmstadt, Germany [email protected] ABSTRACT perts need to work together very closely with team members To create successful interactive systems, user interface de- from other disciplines. Most notably, they need to coop- signers need to cooperate with developers and application erate with application domain experts to identify the con- domain experts in an interdisciplinary team. These groups, cepts, tasks, and terminology of the product environment, however, usually miss a common terminology to exchange and with the development team to make sure the internal ideas, opinions, and values. system design supports the interaction techniques required. This paper presents an approach that uses pattern languages However, these disciplines lack a common language: It is to capture this knowledge in software development, HCI, difficult for the user interface designer to explain his guide- and the application domain. A formal, domain-independent lines and concerns to the other groups. It is often even definition of design patterns allows for computer support more problematic to extract application domain concepts without sacrificing readability, and pattern use is integrated from the user representative in a usable form. And it is into the usability engineering life cycle. hard for HCI people, and for application domain experts even more so, to understand the architectural and techno- As an example, experience from building an award-winning logical constraints and rules that guide the systems engineer interactive music exhibit was turned into a pattern language, in her design process.
  • Pattern Languages in HCI: a Critical Review

    Pattern Languages in HCI: a Critical Review

    HUMAN–COMPUTER INTERACTION, 2006, Volume 21, pp. 49–102 Copyright © 2006, Lawrence Erlbaum Associates, Inc. Pattern Languages in HCI: A Critical Review Andy Dearden Sheffield Hallam University Janet Finlay Leeds Metropolitan University ABSTRACT This article presents a critical review of patterns and pattern languages in hu- man–computer interaction (HCI). In recent years, patterns and pattern languages have received considerable attention in HCI for their potential as a means for de- veloping and communicating information and knowledge to support good de- sign. This review examines the background to patterns and pattern languages in HCI, and seeks to locate pattern languages in relation to other approaches to in- teraction design. The review explores four key issues: What is a pattern? What is a pattern language? How are patterns and pattern languages used? and How are values reflected in the pattern-based approach to design? Following on from the review, a future research agenda is proposed for patterns and pattern languages in HCI. Andy Dearden is an interaction designer with an interest in knowledge sharing and communication in software development. He is a senior lecturer in the Com- munication and Computing Research Centre at Sheffield Hallam University. Janet Finlay is a usability researcher with an interest in design communication and systems evaluation. She is Professor of Interactive Systems in Innovation North at Leeds Metropolitan University. 50 DEARDEN AND FINLAY CONTENTS 1. INTRODUCTION 2. THE SCOPE OF THIS REVIEW 2.1. General Software Design Patterns 2.2. Interface Software Design Patterns 2.3. Interaction Design Patterns 3. A SHORT HISTORY OF PATTERNS 3.1.
  • Prudent Design Principles for Information Flow Control

    Prudent Design Principles for Information Flow Control

    Prudent Design Principles for Information Flow Control Iulia Bastys Frank Piessens Andrei Sabelfeld Chalmers University of Technology Katholieke Universiteit Leuven Chalmers University of Technology Gothenburg, Sweden Heverlee, Belgium Gothenburg, Sweden [email protected] [email protected] [email protected] ABSTRACT Motivation. Recent years have seen a proliferation of research Recent years have seen a proliferation of research on information on information flow control [16, 17, 19, 39, 49, 55, 67, 70, 72, 73], flow control. While the progress has been tremendous, it has also leading to applications in a wide range of areas including hard- given birth to a bewildering breed of concepts, policies, conditions, ware [8], operating system microkernels [59] and virtualization and enforcement mechanisms. Thus, when designing information platforms [32], programming languages [36, 37], mobile operating flow controls for a new application domain, the designer iscon- systems [44], web browsers [12, 43], web applications [13, 45], and fronted with two basic questions: (i) What is the right security distributed systems [50]. A recent special issue of Journal of Com- characterization for a new application domain? and (ii) What is the puter Security on verified information flow60 [ ] reflects an active right enforcement mechanism for a new application domain? state of the art. This paper puts forward six informal principles for designing While the progress has been tremendous, it has also given birth information flow security definitions and enforcement mechanisms: to a bewildering breed of concepts, policies, conditions, and en- attacker-driven security, trust-aware enforcement, separation of policy forcement mechanisms. These are often unconnected and ad-hoc, annotations and code, language-independence, justified abstraction, making it difficult to build on when developing new approaches.
  • Design Discourse: a Way Forward for Theistic Evolutionism?

    Design Discourse: a Way Forward for Theistic Evolutionism?

    View metadata, citation and similar papers at core.ac.uk brought to you by CORE provided by Helsingin yliopiston digitaalinen arkisto NZSTh 2018; 60(3): 435–451 Erkki Vesa Rope Kojonen* Design Discourse: A Way Forward for Theistic Evolutionism? https://doi.org/10.1515/nzsth-2018-0025 Summary: It is usually supposed that biological design arguments (where biologi- cal complex order is seen as evidence of a Creator) are made obsolete by Darwi- nian evolutionary theory. However, philosopher Alvin Plantinga and others have defended the continued possibility of a rational “design discourse”, in which biological order is taken as a sign of God’s purposeful action. In this article, I consider two objections to design discourse: (1) a theological objection to biologi- cal design based on the problem of natural evil, and (2) the evolutionary objec- tion, according to which evolutionary theory removes the justification for any biological design perception. Whereas Plantinga’s own response utilizes the arguments of the Intelligent Design movement, I argue in favor of utilizing “de- sign discourse” as part of a theistic evolutionist view. Keywords: theistic evolutionism, teleology, design argument, problem of natural evil, Alvin Plantinga Zusammenfassung: Es wird gemeinhin angenommen, dass biologische Design Argumente (welche die komplexe biologische Ordnung als Beweis für einen Schöpfer erachten) durch Darwins Evolutionstheorie obsolet werden. Der Philo- soph Alvin Plantinga und andere haben jedoch die Möglichkeit eines fortgeführ- ten rationalen „Design Diskurses“ verteidigt, der die biologische Ordnung als ein Zeichen Gottes zielgerichteter Handlung begreift. In diesem Artikel betrachte ich zwei Einwände gegen den Design Diskurs: (1) einen theologischen Einwand zum biologischen Design basierend auf dem Problem der natürlichen Übel und (2) den evolutionären Einwand, nach dem die Evolutionstheorie die Berechtigung jeder biologischen Design Vorstellung aufhebt.
  • Spatial Expressions in Design Idea Capture Languages

    Spatial Expressions in Design Idea Capture Languages

    Open University Computing Department Research Report 95/16 Spatial Expressions in Design Idea Capture Languages Martin Stacey Computing Department, The Open University, Milton Keynes, UK. [email protected] Paper for the AID'96 Workshop on Visual Representation, Reasoning and Interaction in Design Convened by J.C.B. Damski and N.H. Narayanan. Abstract. Intelligent support systems for conceptual design in engineering have so far failed to support spatial thinking in conceptual design. But multimedia interface technology including techniques for recognising speech and drawn gestures offers solutions to the HCI problems involved in computer support for spatial conceptual design. Effective computer support could be made possible by the use of a design idea capture language for expressing and changing shapes and qualitative spatial and functional relationships, fluently in a machine-understandable way. The design idea capture language would serve to constrain the expression of design ideas sufficiently to enable the successful use of AI techniques for generating coherent spatial representations from sets of spatial expressions in the language. This paper discusses the design meanings required for spatial conceptual design with reference to linguistic studies of spatial expressions in natural language, which show that geometric approaches are insufficient for representing spatial relationships important in design. 1. Introduction So far spatial aspects of conceptual design have been neglected in the development of intelligent support systems for conceptual design in engineering. This paper takes the view that the goal of research on intelligent design support systems for engineering should be developing systems that provide workspaces in which designers express their ideas as they create them, so that creating computer representations of designs to support AI reasoning is coextensive with designing.
  • Technical Communication As Design: a Design Pedagogy Study

    Technical Communication As Design: a Design Pedagogy Study

    Iowa State University Capstones, Theses and Graduate Theses and Dissertations Dissertations 2020 Technical communication as design: A design pedagogy study Philip Brandon Gallagher Iowa State University Follow this and additional works at: https://lib.dr.iastate.edu/etd Recommended Citation Gallagher, Philip Brandon, "Technical communication as design: A design pedagogy study" (2020). Graduate Theses and Dissertations. 17885. https://lib.dr.iastate.edu/etd/17885 This Thesis is brought to you for free and open access by the Iowa State University Capstones, Theses and Dissertations at Iowa State University Digital Repository. It has been accepted for inclusion in Graduate Theses and Dissertations by an authorized administrator of Iowa State University Digital Repository. For more information, please contact [email protected]. Technical communication as design: A design pedagogy study by Philip Brandon Gallagher A dissertation submitted to the graduate faculty in partial fulfillment of the requirements for the degree of DOCTOR OF PHILOSOPHY Major: Rhetoric and Professional Communication Program of Study Committee: Charlie Kostelnick, Major Professor Barbara Blakely Stacy Tye-Williams Margaret LaWare Carol Faber The student author, whose presentation of the scholarship herein was approved by the program of study committee, is solely responsible for the content of this dissertation. The Graduate College will ensure this dissertation is globally accessible and will not permit alterations after a degree is conferred. Iowa State University Ames, Iowa 2020 Copyright © Philip Brandon Gallagher, 2020. All rights reserved. ii DEDICATION To my most compassionate, loving, supportive, and unflappable family, I want you to know that I could not have accomplished this feat without each and every one of you.
  • Architecture Description Language) COMS W4115 Alan Khara Ask2206 February 11, 2014

    Architecture Description Language) COMS W4115 Alan Khara Ask2206 February 11, 2014

    1 of 13 General Purpose ADL (Architecture Description Language) COMS W4115 Alan Khara Ask2206 February 11, 2014 1.0 Introduction In the design of system architecture1, a blueprint of the system typically comes second, after requirements are gathered in the process of architecture development. This is followed by design verification and, later, implementation. Initially, the domain of Architecture Description Languages (ADLs) was confined to the design phase and was highly motivated by Object Oriented paradigm [1] [2] [3]. ADLs were mainly graphical in nature, with numerous Line and Box representations that were later standardized by Object Management Group (OMG) in Unified Model Language2 (UML) [4][5]. Being quickly adopted by industry, UML was infested with ambiguous features: a given relationship between components of a system could be ambiguous and yield two different interpretations of the same drawing [2]. Research during the last decade has worked to solve this problem on two different fronts. One line of research seeks to extend UML in order to make it less ambiguous [6] [7] [8] [9]. Another kind of research is finding new ADLs (graphical and text based) that have more rigorous and well defined semantics [10] [11] [12][13]. Both of these trends are important with respect to defining the problem scope of the proposed project. Because they are mainly driven by industry, efforts to extend UML are inherently domain- specific [14]. The primary motivation behind the development of UML is to overcome ambiguity and reduced the communication gap that exists among various stakeholders. This is tackled by either introducing constraints or adding new vocabulary.
  • Fashion As Practice, Fashion As Process: Using Principles of Language As a Framework for Understanding the Design Process | Catálo…

    Fashion As Practice, Fashion As Process: Using Principles of Language As a Framework for Understanding the Design Process | Catálo…

    30/9/2019 Fashion as practice, fashion as process: using principles of language as a framework for understanding the design process | Catálo… Fashion as practice, fashion as process: using principles of language as a framework for understanding the design process Kurennaya, Anya Abstract: Cuadernos del Centro de Estudios de How do creative impulses and lived Diseño y Comunicación Nº 64 realities interact and inform one ISSN: 1668-0227 another throughout the design process? This project examines the Los procesos mechanics of the creative process by emergentes en la observing the work of three graduate enseñanza y la fashion design students as a first step práctica del diseño toward understanding the nature of the Año XVIII, Septiembre 2017, Buenos design process and the symbiosis Aires, Argentina | 326 páginas between object and process, using descargar PDF ver índice de la publicación ideas borrowed from modern linguistic theory as the starting point for Ver todos los libros de la publicación investigation. Referencing Cholachatpino’s et al. (2002) compartir en Facebook categorization of the microsubjective order of the fashion process as “a Esta obra está bajo una Licencia Creative dynamic process and not a linear Commons Atribución-NoComercial- CompartirIgual 4.0 Internacional continuum”, along with Ingold and Hallam’s (2009) notion of cultural improvisation and related theories from the field of linguistic anthropology, this paper argues that the fashion design process is open to the kind of improvisation inherent in any ongoing lived experience, the final product representing a culmination of the ideas, desires, decisions, obstacles, and other circumstances shaping its production. Ideas are not translated into their material form in a fluid and uncomplicated manner; in fact, there are many intervening forms of disruption, diversion, reformulation, and rearticulation, not unlike our everyday use of language in conversation.
  • The Visual Language of Brutalist Web Design El Lenguaje Visual Del Diseño Web Brutalista

    The Visual Language of Brutalist Web Design El Lenguaje Visual Del Diseño Web Brutalista

    The visual language of brutalist web design El lenguaje visual del diseño web brutalista Fernando Suárez-Carballo obtained a PhD from the Pontifical University of Salamanca in 2005 and is a perma- nent lecturer in Art Direction in the Faculty of Communication Studies at this university, where he has taught a range of subjects related to visual communication since the year 2000. He is a member of the research group Business Innovation and Creativity and the author of several articles and chapters of books on graphic design, the field that is his main line of research. His management responsibilities have included coordinating the degree course Advertising and Public Relations and his appointment as Associate Dean for students at the Faculty of Communication. He currently heads the Office for the Transfer of Research Results (Oficina de Transferencia de Resultados de Investigación, OTRI). Pontifical University of Salamanca, Spain [email protected] ORCID: 0000-0001-7498-6595 Received: 15/11/2018 - Accepted: 19/03/2019 Recibido: 15/11/2018 - Aceptado: 19/03/2019 Abstract: Resumen: Many authors agree on the current relevance of brutalist web Un gran número de autores coincide en señalar el protagonismo design, a trend inspired by the popular architectural style which, actual del diseño web brutalista, una corriente inspirada en el pop- ISSN: 1696-019X / e-ISSN: 2386-3978 in turn, is distinguished by the rawness of its materials, the ular estilo arquitectónico que, a su vez, se distingue por la desnudez geometric shapes or the absence of decoration. This study uses de sus materiales, las formas geométricas o la ausencia de orna- Content Analysis to discover whether it is possible to interpret mento.
  • Obscurity by Design

    Obscurity by Design

    07 - Hartzog Article.docx (Do Not Delete) 6/17/2013 1:55 PM OBSCURITY BY DESIGN Woodrow Hartzog* and Frederic Stutzman** Abstract: Design-based solutions to confront technological privacy threats are becoming popular with regulators. However, these promising solutions have left the full potential of design untapped. With respect to online communication technologies, design-based solutions for privacy remain incomplete because they have yet to successfully address the trickiest aspect of the Internet—social interaction. This Article posits that privacy-protection strategies such as “Privacy by Design” face unique challenges with regard to social software and social technology due to their interactional nature. This Article proposes that design-based solutions for social technologies benefit from increased attention to user interaction, with a focus on the principles of “obscurity” rather than the expansive and vague concept of “privacy.” The main thesis of this Article is that obscurity is the optimal protection for most online social interactions and, as such, is a natural locus for design-based privacy solutions for social technologies. To that end, this Article develops a model of “obscurity by design” as a means to address the privacy problems inherent in social technologies and the Internet. INTRODUCTION ................................................................................ 386 I. PRIVACY BY DESIGN MUST BE CLARIFIED TO APPLY TO THE USER INTERFACE OF SOCIAL MEDIA ................... 389 A. Privacy by Design Challenges Organizations to Rethink Established Approaches to Privacy ...................................... 390 B. Obscurity Can Improve Privacy by Design ......................... 392 II. BETTER LIVING THROUGH OBSCURITY ............................. 395 A. The Concept of Obscurity .................................................... 395 B. The Four Principles of Online Obscurity ............................. 397 1. Search Visibility ......................................................
  • Formal Models for User Interface Design Artefacts

    Formal Models for User Interface Design Artefacts

    Innovations Syst Softw Eng (2008) 4:125–141 DOI 10.1007/s11334-008-0049-0 ORIGINAL PAPER Formal models for user interface design artefacts Judy Bowen · Steve Reeves Received: 1 October 2007 / Accepted: 28 February 2008 / Published online: 16 April 2008 © Springer-Verlag London Limited 2008 Abstract There are many different ways of building soft- Keywords Formal methods · User-centred design · ware applications and of tackling the problems of under- Refinement · User interfaces standing the system to be built, designing that system and finally implementing the design. One approach is to use for- mal methods, which we can generalise as meaning we follow a process which uses some formal language to specify the 1 Introduction behaviour of the intended system, techniques such as theo- rem proving or model-checking to ensure the specification Software development is an increasingly complex task, with is valid (i.e., meets the requirements and has been shown, many different, and often conflicting, requirements which perhaps by proof or other means of inspection, to have the must be satisfied (such as the requirement to produce the properties the client requires of it) and a refinement process software as quickly as possible and as cheaply as possible to transform the specification into an implementation. Con- but with high end-user expectations). We want the software versely, the approach we take may be less structured and that we build to be both correct and robust, that is we want rely on informal techniques. The design stage may involve to be sure that it not only does the right thing, but that it does jotting down ideas on paper, brainstorming with users etc.