Formalization and Validation of Safety-Critical Requirements

The validation of requirements is a fundamental step in the development process of safety-critical systems. In safety critical applications such as aerospace, avionics and railways, the use of formal methods is of paramount importance both for requirements and for design validation. Nevertheless, while for the verification of the design, many formal techniques have been conceived and applied, the research on formal methods for requirements validation is not yet mature. The main obstacles are that, on the one hand, the correctness of requirements is not formally defined; on the other hand that the formalization and the validation of the requirements usually demands a strong involvement of domain experts. We report on a methodology and a series of techniques that we developed for the formalization and validation of high-level requirements for safety-critical applications. The main ingredients are a very expressive formal language and automatic satisfiability procedures. The language combines first-order, temporal, and hybrid logic. The satisfiability procedures are based on model checking and satisfiability modulo theory. We applied this technology within an industrial project to the validation of railways requirements

Semantics of trace relations in requirements models for consistency checking and inferencing

Requirements traceability is the ability to relate requirements back to stakeholders and forward to corresponding design artifacts, code, and test cases. Although considerable research has been devoted to relating requirements in both forward and backward directions, less attention has been paid to relating requirements with other requirements. Relations between requirements influence a number of activities during software development such as consistency checking and change management. In most approaches and tools, there is a lack of precise definition of requirements relations. In this respect, deficient results may be produced. In this paper, we aim at formal definitions of the relation types in order to enable reasoning about requirements relations. We give a requirements metamodel with commonly used relation types. The semantics of the relations is provided with a formalization in first-order logic. We use the formalization for consistency checking of relations and for inferring new relations. A tool has been built to support both reasoning activities. We illustrate our approach in an example which shows that the formal semantics of relation types enables new relations to be inferred and contradicting relations in requirements documents to be determined. The application of requirements reasoning based on formal semantics resolves many of the deficiencies observed in other approaches. Our tool supports better understanding of dependencies between requirements

Exploring the impact of software requirements on system-wide goals: a method using satisfaction arguments and i* goal modelling

This paper describes the application of requirements engineering concepts to support the analysis of the impact of new software systems on system-wide goals. Requirements on a new or revised software component of a socio-technical system not only have implications on the goals of the subsystem itself, but they also impact upon the goals of the existing integrated system. In industries such as air traffic management and healthcare, impacts need to be identified and demonstrated in order to assess concerns such as risk, safety, and accuracy. A method called PiLGRIM was developed which integrates means-end relationships within goal modelling with knowledge associated with the application domain. The relationship between domain knowledge and requirements, as described in a satisfaction argument, adds traceability rationale to help determine the impacts of new requirements across a network of heterogeneous actors. We report procedures that human analysts follow to use the concepts of satisfaction arguments in a software tool for i* goal modelling. Results were demonstrated using models and arguments developed in two case studies, each featuring a distinct socio-technical system – a new controlled airspace infringement detection tool for NATS (the UK's air navigation service provider), and a new version of the UK’s HIV/AIDS patient reporting system. Results provided evidence towards our claims that the conceptual integration of i* and satisfaction arguments is usable and useful to human analysts, and that the PiLGRIM impact analysis procedures and tool support are effective and scalable to model and analyse large and complex socio-technical systems

A Value-Driven Framework for Software Architecture

Software that is not aligned with the business values of the organization for which it was developed does not entirely fulfill its raison d’etre. Business values represent what is important in a company, or organization, and should influence the overall software system behavior, contributing to the overall success of the organization. However, approaches to derive a software architecture considering the business values exchanged between an organization and its market players are lacking. Our quest is to address this problem and investigate how to derive value-centered architectural models systematically. We used the Technology Research method to address this PhD research question. This methodological approach proposes three steps: problem analysis, innovation, and validation. The problem analysis was performed using systematic studies of the literature to obtain full coverage on the main themes of this work, particularly, business value modeling, software architecture methods, and software architecture derivation methods. Next, the innovation step was accomplished by creating a framework for the derivation of a software reference architecture model considering an organization’s business values. The resulting framework is composed of three core modules: Business Value Modeling, Agile Reference Architecture Modeling, and Goal-Driven SOA Architecture Modeling. While the Business value modeling module focuses on building a stakeholder-centric business specification, the Agile Reference Architecture Modeling and the Goal-Driven SOA Architecture Modeling modules concentrate on generating a software reference architecture aligned with the business value specification. Finally, the validation part of our framework is achieved through proof-of-concept prototypes for three new domain specific languages, case studies, and quasi-experiments, including a family of controlled experiments. The findings from our research show that the complexity and lack of rigor in the existing approaches to represent business values can be addressed by an early requirements specification method that represents the value exchanges of a business. Also, by using sophisticated model-driven engineering techniques (e.g., metamodels, model transformations, and model transformation languages), it was possible to obtain source generators to derive a software architecture model based on early requirements value models, while assuring traceability throughout the architectural derivation process. In conclusion, despite using sophisticated techniques, the derivation process of a software reference architecture is helped by simple to use methods supported by black box transformations and guidelines that facilitate the activities for the less experienced software architects. The experimental validation process used confirmed that our framework is feasible and perceived as easy to use and useful, also indicating that the participants of the experiments intend to use it in the future

Goal-Oriented Requirements Engineering: State of the Art and Research Trend

The Goal-Oriented Requirements Engineering (GORE) is one approach that is widely used for the early stages of software development. This method continues to develop in the last three decades. In this paper, a literature study is conducted to determine the GORE state of the art. The study begins with a Systematic Literature Review (SLR) was conducted to determine the research trend in the last five years. This study reviewed 126 papers published from 2016 to 2020.  The research continues with the author's search for scientific articles about GORE. There are 26 authors who actively publish GORE research results. Twenty-six authors were grouped into seven groups based on their relation or co-authoring scientific articles. An in-depth study of each group resulted in a holistic mapping of GORE research.  Based on the analysis, it is known that most research focuses on improving GORE for an automated and reliable RE process, developing new models/frameworks/methods originating from GORE, and implementing GORE for the RE process. This paper contributes to a holistic mapping of the GORE approach. Through this study, it is known the various studies that are being carried out and research opportunities to increase automation in the entire RE process

Développement sans rupture de systèmes complexes : une approche basée multi-exigences

Prouver qu'un système satisfait à ses exigences est un défi important de l'ingénierie des exigences. D'une part, les approches formelles fournissent un moyen d'exprimer les exigences mathématiquement et de prouver qu'un système satisfait ses exigences. Cependant, si la formalisation offre des possibilités supplémentaires telles que la vérification, voire la validation, elle s'avère souvent trop difficile à utiliser en pratique par les acteurs impliqués dans le développement des systèmes. D'autre part, dans la plupart des cas, les exigences sont écrites et parfois tracées en langage naturel à des fins de communication et de compréhension mutuelle. De plus, cela reste le cas tout au long du processus de développement. Ainsi, il est nécessaire de considérer le besoin de s'adresser à toutes ces parties prenantes pendant le processus de développement. L'objectif principal de cette thèse est de fournir une méthodologie sans rupture qui permet de bénéficier de la formalisation des exigences tout en étant compréhensible par toutes les parties prenantes. Nous proposons une approche qui considère les exigences comme des parties du code du système, ce qui, en tant que tel, contribue à améliorer l'évaluation de la qualité. De plus, l'intégration des exigences dans le code garantit un développement sans rupture. Ces contributions visent trois avantages principaux. Premièrement, il n'est pas nécessaire de passer d'un outil ou d'un environnement à un autre : un cadre unique prend en charge le développement de l'analyse à la mise en œuvre. Deuxièmement, les changements et la réversibilité deviennent un phénomène régulier, directement pris en charge par la méthode, le langage et les outils, ce qui facilite les allers-retours. Enfin, les différents niveaux d'abstraction restent dans le cadre du paradigme orienté objet. Nous appliquons cette vision au processus de développement lui-même avec les mêmes avantages attendus. Le cycle de vie du développement peut alors bénéficier de cette forte intégration des exigences dans le code. Ces artefacts aident au développement du logiciel en fournissant un support et des lignes directrices pour l'analyse ou l'aide à la décision et en renforçant la qualité du logiciel. En outre, la réutilisabilité, l'évolutivité et la maintenabilité sont améliorées. La traçabilité entre les exigences et le code permet une analyse d'impact facile lorsque l'un de ces artefacts évolue. Cependant, si ce paradigme est familier aux développeurs et même si nous faisons un effort d'expressivité, il ne s'adresse pas aux autres parties prenantes qui ont l'habitude de travailler avec d'autres outils. Puisque nous souhaitons également que des non-experts utilisent notre approche pour valider des systèmes dans la première phase de leur développement, nous proposons un langage spécifique au domaine : (i) proche du langage naturel et (ii) basé sur une sémantique formelle. En utilisant les techniques de l'ingénierie dirigée par les modèles, ce langage permet de combler le fossé entre les différents acteurs impliqués dans un projet (compte tenu de leurs différentes expériences) et entre les exigences et le code. Nous avons enfin consacré un effort de recherche à la définition des relations entre les exigences. Nous fournissons leurs définitions formelles et leurs propriétés sur la propagation de l'état de satisfaction. Ces définitions peuvent aider les ingénieurs à vérifier les exigences (en vérifiant la validité de la sémantique des relations entre deux exigences) et à vérifier la conformité du système (grâce à la propagation de la satisfaction). Ce travail est une étape vers l'introduction de la sémantique formelle dans la traçabilité, permettant d'analyser automatiquement les exigences et d'utiliser leurs relations pour vérifier l'implémentation correspondante du système.Proving that a system satisfies its requirements is an important challenge of Requirements Engineering. On the one hand, formal approaches provide a way to express requirements mathematically and prove that a system satisfies its requirements. However, if formalization offers additional possibilities such as verification, or even validation, it often proves to be too difficult to use in practice by the stakeholders involved in the development of systems. On the other hand, in most cases, requirements are written and sometimes traced in Natural Language for communication and mutual understanding purposes. Moreover, this remains during the whole development process. Thus, it is necessary to consider the need to address all these stakeholders during the development process. The main objective of this thesis is to provide a seamless methodology that allows benefiting from the formalization of requirements while being understandable by all stakeholders. We propose an approach that considers requirements as parts of the system's code, which, as such, contributes to improving quality assessment. In addition, integrating the requirements into the code guarantees a seamless development. The contributions target three main benefits. First, there is no need to switch from one tool or environment to another: a single framework supports the development from analysis to implementation. Second, changes and reversibility become a regular occurrence, directly supported by the method, language, and tools, facilitating round-trips. Third, the different levels of abstraction remain inside the object-oriented paradigm. We apply this vision to the development process itself with the same expected advantages. The development life-cycle can then benefit from this strong integration of requirements into the code. These artifacts help in software development by providing support and guidelines for analysis or decision support and reinforcing the software quality. Besides, reusability, evolutivity, and maintainability are enhanced. Traceability between requirements and code allows an easy impact analysis when any of these artifacts evolve. However, if this paradigm is familiar to developers and even if we put an effort in providing expressivity, they are not addressed to other stakeholders that used to work with several tools. Since we also want non-experts to use our approach to validate systems in the early stage of their development, we propose a Domain-Specific Language: (i) close to natural language and (ii) based on formal semantics. Using Model-Driven Engineering techniques, this language bridges the gap between the several stakeholders involved in a project (considering their different backgrounds) and between the requirements and the code. We finally put a research effort into defining relationships between requirements. We provide their formal definitions and properties on the propagation of the satisfaction state. These definitions can help engineers verify requirements (by checking the validity of the semantics of the relationships between two requirements) and verify the system compliance (thanks to satisfaction propagation). This work is a step towards introducing formal semantics into traceability, making it possible to automatically analyze requirements and use their relationships to verify the corresponding implementation of the system

Automated Software Tool Support for Checking the Inconsistency of Requirements

Handling inconsistency in software requirements is a complicated task which has attracted the interest of many groups of researchers. Formal and semi-formal specifications often have inconsistencies in the depicted requirements that need to be managed and resolved. This is particularly challenging when refining informal to formalized requirements. We propose an automated tool with traceability and consistency checking techniques to support analysis of requirements and traceability between different representations: textual, visual, informal and formal