Semantics of trace relations in requirements models for consistency checking and inferencing

Requirements traceability is the ability to relate requirements back to stakeholders and forward to corresponding design artifacts, code, and test cases. Although considerable research has been devoted to relating requirements in both forward and backward directions, less attention has been paid to relating requirements with other requirements. Relations between requirements influence a number of activities during software development such as consistency checking and change management. In most approaches and tools, there is a lack of precise definition of requirements relations. In this respect, deficient results may be produced. In this paper, we aim at formal definitions of the relation types in order to enable reasoning about requirements relations. We give a requirements metamodel with commonly used relation types. The semantics of the relations is provided with a formalization in first-order logic. We use the formalization for consistency checking of relations and for inferring new relations. A tool has been built to support both reasoning activities. We illustrate our approach in an example which shows that the formal semantics of relation types enables new relations to be inferred and contradicting relations in requirements documents to be determined. The application of requirements reasoning based on formal semantics resolves many of the deficiencies observed in other approaches. Our tool supports better understanding of dependencies between requirements

On the analysis needs when verifying state-based software requirements: an experience report

AbstractIn a previous investigation we formally defined procedures for analyzing hierarchical state-based requirements specifications for two properties: (1) completeness with respect to a set of criteria related to robustness (a response is specified for every possible input and input sequence) and (2) consistency (the specification is free from conflicting requirements and undesired nondeterminism). Informally, the analysis involves determining if large Boolean expressions are tautologies. We implemented the analysis procedures in a prototype tool and evaluated their effectiveness and efficiency on a large real world requirements specification expressed in an hierarchical state-based language called Requirements State Machine Language. Although our initial approach was largely successful, there were some drawbacks with the original tools. In our initial implementation we abstracted all formulas to propositional logic. Unfortunately, since we are manipulating the formulas without interpreting any of the functions in the individual predicates, the abstraction can lead to large numbers of spurious (or false) error reports. To increase the accuracy of our analysis we have continually refined our tool with decision procedures and, finally, come to the conclusion that theorem proving is often needed to avoid large numbers of spurious error reports. This paper discusses the problems with spurious error reports and describes our experiences analyzing a large commercial avionics system for completeness and consistency

Holistic specifications for robust programs

Functional specifications describe what program components can do: the sufficient conditions to invoke components' operations. They allow us to reason about the use of components in a closed world setting, where components interact with known client code, and where the client code must establish the appropriate pre-conditions before calling into a component. Sufficient conditions are not enough to reason about the use of components in an \emph{open world} setting, where components interact with external code, possibly of unknown provenance, and where components may evolve over time. In this open world setting, we must also consider the possible external code. \emph{necessary} conditions, i.e, what are the conditions without which an effect will not happen. In this paper we propose the Chainmail specification language for writing {holistic specifications that focus on necessary conditions (as well as sufficient conditions). We give a formal semantics for \Chainmail, and discuss several examples. The core of \Chainmail has been mechanised in the Coq proof assistant

Fourth NASA Langley Formal Methods Workshop

This publication consists of papers presented at NASA Langley Research Center's fourth workshop on the application of formal methods to the design and verification of life-critical systems. Topic considered include: Proving properties of accident; modeling and validating SAFER in VDM-SL; requirement analysis of real-time control systems using PVS; a tabular language for system design; automated deductive verification of parallel systems. Also included is a fundamental hardware design in PVS

ІНСЕРЦІЙНЕ МОДЕЛЮВАННЯ В ПРОЕКТУВАННІ РОЗПОДІЛЕНИХ СИСТЕМ. \ud INSERTION MODELING IN DISTRIBUTED SYSTEM DESIGN

Стаття описує методологію інсерційного моделювання, її реалізацію та застосування. Інсерційне моделювання являє собою методологію проектування розподілених систем, що управляється моделлю. Ця методологія базується на теорії взаємодіючих агентів та середовищ [1-2] та використовує Basic Protocol Specification Language (BPSL) для представлення специфікацій вимог до розподілених систем. [3-6]. Діаграма Послідовності з пре- та пост-умовами (логічними формулами, що інтерпретуються відповідно до опису середовища) – Базовий Протокол є центральним поняттям цієї мови. Семантика BPSL дозволяє конкретні та абстракті моделі рівних рівнів абстрактності. Моделі визначені як Basic Protocol Specifications (BPS) можуть у подальшому бути використані як для верифікація специфікацій вимог та і для генерації тестових наборів.\ud Інсерційне моделювання підтримується системою VRS (Verification of Requirement Specifications), створеною для компанії Моторола київською групою VRS у співробітництві із ЗАТ Моторола-Санкт-Петербург. Система дозволяє статичний аналіз вимог на основі автоматичного доведення теорем, символьної та дедуктивної перевірки моделей та породження трас для тестування із заданими критеріями покриття. Всі засоби були розроблені на базі формальної семантики BPSL, побудованої відповідно до методології інсерційного моделювання VRS була успішно застосована у великій кількості індустріальних проектів із різних галузей, включаючи телекомунікації, телематику та системи реального часу.----------------------------------\ud The paper describes insertion modeling methodology, its implementation and applications. Insertion modeling is a methodology of model driven distributed system design. It is based on the model of interaction of agents and environments [1-2] and use Basic Protocol Specification Language (BPSL) for the representation of requirement specifications of distributed systems [3-6]. The central notion of this language is the notion of basic protocol – a sequencing diagram with pre- and postconditions, logic formulas interpreted by environment description. Semantics of BPSL allows concrete and abstract models on different levels of abstraction. Models defined by Basic Protocol Specifications (BPS) can be used for verification of requirement specifications as well as for generation of test cases for testing products, developed on the basis of BPS. \ud Insertion modeling is supported by the system VRS (Verification of Requirement Specifications), developed for Motorola by Kiev VRS group in cooperation with Motorola GSG Russia. The system provides static requirement checking on the base of automatic theorem proving, symbolic and deductive model checking, and generation of traces for testing with different coverage criteria. All tools have been developed on a base of formal semantics of BPSL constructed according to insertion modeling methodology. \ud The VRS has been successfully applied to a number of industrial projects from different domains including Telecommunications, Telematics and real time applications.\ud \u