Automated analysis of the SCR-style requirements specifications

The SCR(Software Cost Reduction)requirements method is an effective method for specifying software system requirements.This paper presents a formal model analyzing SCR-style requirements.The analysis model mainly applies state translation rules,semantic computing rules and attributes to define formal semantics of a tabular notation in the SCR requirements method,and may be used to analyze requirements specifications to be specified by the SCR requirements method.Using a simple example,this paper introduces how to analyze consistency and completeness of requirements specifications.     

Automated structural analysis of SCR‐style software requirements specifications using PVS

The importance of effective requirements analysis techniques cannot be overemphasized when developing software requiring high levels of assurance. Requirements analysis can be largely classified as either structural or functional. The former investigates whether definitions and uses of variables and functions are consistent, while the latter addresses whether requirements accurately reflect users' needs. Verification of structural properties for large and complex software requirements is often repetitive, especially if requirements are subject to frequent changes. While inspection has been successfully applied to many industrial applications, the authors found inspection to be ineffective when reviewing requirements to find errors violating structural properties. Moreover, current tools used in requirements engineering provide only limited support in automatically enforcing structural correctness of the requirements. Such experience has motivated research to automate straightforward but tedious activities. This paper demonstrates that a theorem prover, PVS (Prototype Verification System), is useful in automatically verifying structural correctness of software requirements specifications written in SCR (Software Cost Reduction)‐style. Requirements are automatically translated into a semantically equivalent PVS specification. Users need not be experts in formal methods or power users of PVS. Structural properties to be proved are expressed in PVS theorems, and the PVS proof commands are used to carry out the proof automatically. Since these properties are application independent, the same verification procedure can be applied to requirements of various software systems. Copyright © 2001 John Wiley & Sons, Ltd.     

Managing requirements specifications for product lines - An approach and industry case study

Software product line development has emerged as a leading approach for software reuse. This paper describes an approach to manage natural-language requirements specifications in a software product line context. Variability in such product line specifications is modeled and managed using a feature model. The proposed approach has been introduced in the Swedish defense industry. We present a multiple-case study covering two different product lines with in total eight product instances. These were compared to experiences from previous projects in the organization employing clone-and-own reuse. We conclude that the proposed product line approach performs better than clone-and-own reuse of requirements specifications in this particular industrial context.     

Animation of requirements specifications

Requirements analysis has been recognized as one of the most critical and difficult tasks in software engineering. The need for tool support is essential. This paper reports some work done to provide such support for interpretation and validation of requirements specifications by animation. The Animator provides facilities for the selection and execution of a transaction to reflect the specified behaviour of a particular scenario specified in the requirements specification. Actions are described in terms of input-output mappings and or functions with pattern matching. Simple rules can be specified to control the triggering of actions. In addition, facilities are provided to replay and interact with transactions. User interaction during animation includes the ability to change data values or role play selected actions as desired. A full graphical interface is supported. The approach has been tested by the provision of an Animator for the requirements analysis method CORE and an associated ‘Analyst Workstation’. Animation has been tested on a number of small examples and a major case study. This paper describes the Animator, justifies the approach taken and discusses experience and future work.     

Pushing requirements changes through to changes in specifications

Requirements changes can occur both during and after a phase of development for a variety of reasons, including error correction and feature changes. It is difficult and intensive work to integrate requirements changes made after specification is completed. Sequence-based specification was developed to convert ordinary functional software requirements into complete, consistent, and traceably correct specifications through a constructive process. Algorithms for managing requirements changes meet a very great need in field application of the sequence-based specification method. In this paper we propose to capture requirements changes as a series of atomic changes in specifications, and present polynomial-time algorithms for managing these changes. The algorithms are built into the tool support with which users are able to push requirements changes through to changes in specifications, maintain old specifications over time and evolve them into new specifications with the least amount of human interaction and rework. All our change algorithms are supported by rigorous mathematical formulation and proof of correctness. The application example is a safe controller. Software Quality Research Lab, Department of Electrical Engineering and Computer Science, University of Tennessee at Knoxville, http://www.cs.utk.edu/sqrl/     

The impact of requirements changes on specifications and state machines

Requirements change both during and after a phase of development for a variety of reasons, including error correction and feature changes. Requirements change management is one of the most complex and difficult problems to deal with in requirements elicitation and tracking. It is generally not understood how a specific change propagates through the specification and into the code. In this paper we capture requirements changes as series of atomic changes in specifications. Using a rigorous specification method called sequence‐based specification, we propose a set of algorithms for managing all possible atomic requirements changes. The algorithms have been formulated within an axiom system for sequence‐based specification and proven for correctness. They have also been implemented in a prototype tool with which users are able to push requirements changes through to changes in specifications, maintain old specifications over time and evolve them into new specifications with the least amount of human interaction and rework. The approach of utilizing state machines to model and manage requirements changes guarantees strong evidence about the correctness and completeness of the proposed theory that will lead to more reliable software in the presence of change, especially with embedded systems and safety‐critical systems. The solution described is general enough for adoption by software and system developers, and well suited for incremental development. Copyright © 2008 John Wiley & Sons, Ltd.     

Using formal specifications to support software testing

Formal specifications become more and more important in the development of software, especially but not only in the area of high integrity system design. In this paper it is demonstrated, how, apart from the specification phase, further benefits may be drawn from formal specifications for checking the implementation against the specification. It is shown how the specification can be used for systematically deriving test input data and for automatically evaluating test results. The approach is illustrated using the specification language Z. The same principles may be applied to other specification languages. The approach allows a high degree of automation, drastically improving productivity and quality of the testing process.     

The formal specification of safety requirements for storing explosives

In this paper we consider the current practices involved in the storage of explosive articles and substances. In the spirit of Defence standard 00-55, we formalize the safety requirements of the ACS software which is used to manage certain MOD holdings in the United Kingdom using the specification language VDM. We also prove some properties of these safety requirements and comment on a similar OBJ3 specification.     

Deriving tabular event-based specifications from goal-oriented requirements models

Goal-oriented methods are increasingly popular for elaborating software requirements. They offer systematic support for incrementally building intentional, structural and operational models of the software and its environment. They also provide various techniques for early analysis, notably, to manage conflicting goals or to anticipate abnormal environment behaviours that prevent goals from being achieved. On the other hand, tabular event-based methods are well-established for specifying operational requirements for control software. They provide sophisticated techniques and tools for late analysis of software behaviour models through simulation, model checking or table exhaustiveness checks. The paper proposes to take the best out of these two worlds to engineer requirements for control software. It presents a technique for deriving event-based specifications, written in the SCR tabular language, from operational specifications built according to the KAOS goal-oriented method. The technique consists of a series of transformation steps each of which resolves semantic, structural or syntactic differences between the KAOS source language and the SCR target language. Some of these steps need human intervention and illustrate the kind of semantic subtleties that need to be taken into account when integrating multiple formalisms. As a result of our technique SCR specifiers may use upstream goal-based processes à la KAOS for the incremental elaboration, early analysis, organization and documentation of their tables, while KAOS modelers may use downstream tables à la SCR for later analysis of the behaviour models derived from goal specifications.     

Integrating domain knowledge,requirements, and specifications

This paper describes efforts to develop a transformation-based software environment that supports the acquisition and validation of software requirements specifications. These requirements may be stated informally at first, and then gradually formalized and elaborated. Support is provided for groups of requirements analysts working together, focusing on different analysis tasks and areas of concern. The environment assists in the validation of formalized requirements by translating them into natural language and graphical diagrams and testing them against a running simulation of the system to be built. Requirements defined in terms of domain concepts are transformed into constraints on system components. The advantages of this approach are that specifications can be traced back to requirements and domain concepts, which in turn have been precisely defined.     

软件项目需求波动风险分析及对策

从需求波动风险的定义出发,总结了需求波动形成的原因和对软件项目的影响,列举了一些代表性的风险分析和评估方法。最后提出了基于面向对象方法的系统需求工程的分析设计思路。     

Layered specifications to support reusability and integrability

Building systems by integrating components and building systems by reusing components are but two sides of the same coin. In both cases one faces the problem of producing systems out of prefabricated parts, either parts which have been designed for a different environment than the one they will be used in now, or parts which have been designed for a yet undefined target system.This situation differs from classical software design situations. It demands that in parts engineering as well as in systems engineering, certain interface decisions are postponed to a rather late point in time. This is only permissible, though, if other aspects are very precisely specified. Having the right model of specification of both, the target (system) and source (component) will substantially aid the retrieval and integration problem.This article argues for a layered approach towards system specification. It will show, how relational specifications will help system designers not to bind themselves too early into premature decisions and how designs aiming for heavy reuse can grow by stepwise enriching specifications.     

ASADAL/SIM: an incremental multi-level simulation and analysis tool for real-time software specifications

Despite considerable advancement in software engineering methods during the past three decades, requirements engineering of large and complex software systems still remains a difficult and active research problem. One such difficulty lies in developing correct and useful methods for the validation and verification of real-time software specifications. One way of analyzing and validating/verifying software specifications is to mathematically derive or prove desired system properties based on formal specification languages. A full scale system analysis using such formal methods is limited in practice because of the required mathematical skills and computational costs. Formal methods are often used to check only a few very critical real-time properties. Simulation is a complementary approach to testing various system characteristics and validating user requirements. It is especially good for providing a rough picture of final system behavior. This paper presents ASADAL/SIM, a tool for multi-level simulation and analysis of real-time software specifications. It is a subsystem of a larger computer-aided real-time software development environment called ASADAL, and complements ASADAL/PROVER, another subsystem of ASADAL which is a formal verification module.^1. With ASADAL/SIM, simulation primitives can be added to evolving specifications in order to assign stochastic behaviors to external entities and internal processes, and to build a simulation model. ASADAL/SIM can execute the model and, at the same time, demonstrate the final system behavior by graphically showing internal workings of the system; catch undesirable system behaviors with breakpoints; and present various analytical results and system statistics ASADAL/SIM, following ASADAL's philosophies of hierarchical system modeling and early system validation, allows users to simulate ‘evolving’ specifications at different, mixed, and wide levels of detail. In particular, algorithmic details may be specified for low level behavioral blocks, and simulated with abstract entities yet to be refined to such a level. This facilitates the tracking of critical data values at the specification level, and eases the next transformation into code level implementation. With ASADAL/SIM, ASADAL becomes an effective and comprehensive supporting tool for various existing software engineering approaches, particularly top-down refinement and incremental development practices. © 1998 John Wiley & Sons, Ltd.     

Manipulating algebraic specifications with term-based and graph-based representations

In an environment of continuous and rapid evolution, software design methodologies must incorporate techniques and tools that support changes in software artifacts. In the project, we are developing a tool targeted at software designers that integrates a collection of operations on algebraic specifications written in the language. The scope of includes not only modification of existing specifications, but also creation or derivation of new specifications, as well as their proof and execution, which are realized through inter-operability with existing tools. As involves the manipulation of software specification and inter-operability with other tools, the question of choosing appropriate representation formats is important. In this paper, we discuss the advantages and limitations of as a manipulation and exchange format in the setting of . We also present a new, graph-like format, which offers complementary features to a term-based format. Moreover, we present visualization utilities for these formats.     

Integrating software specifications into intrusion detection

There exist a number of Intrusion Detection Systems (IDSs) that detect computer attacks based on some defined attack scenarios. The attack scenarios or security requirements in some of these IDSs are specified in attack specification languages that are different from software specification languages. The use of two different languages for software specification and attack specification may generate redundant and conflicting requirements. The advantage of using the same language for both functional specifications and attacks specifications is that software designers can address the two different issues without learning two types of languages. We present a method of integrating Abstract State Machine Language (AsmL) and Unified Modeling Language (UML) state charts that are extended finite state machine based software specification languages, with an open source IDS Snort. This work provides AsmL and UML users an IDS that they can use without knowing how to write Snort rules. We automatically translate attack scenarios written in AsmL and UML state charts into Snort rules with context information. The original Snort is modified so that it can use the rules automatically generated by the translator. Adding context information to Snort rules improves the detection capability of Snort. To show the efficacy of the presented approach, we have built a prototype and evaluated it using a number of well-known attack scenarios.     

SRS及其质量模糊度量方法的研究

1.问题的提出 1995年Standish通过对8000多个软件开发项目的调查发现,导致项目失败的最主要的两个原因是不完整的软件需求规格说明(13.1％)和缺乏用户参与(12.4％)。Boehm研究发现要改正在产品付诸应用后所发现的一个需求方面的缺陷比在需求阶段改正这个错误要多付出68倍的成本。近来很多研究表明这种错误导致成本放大因子可以高达200倍。由此可以看出,软件需求分析作为软件开发过程的第一个阶段,     

An efficient method for developing requirement specifications for plant control software using a component-based software prototype

This paper proposes an efficient method to develop requirement specifications for Plant Control Software (PCSW) using software-component-based prototypes. Prior to this proposal, domain analyses were conducted on existing PCSWs, and their functions were classified into “similar functions” and “individual functions”. Then PCSW Software Components (PSC: PCSW Software Component, PSCs: PCSW Software Components) were developed to correspond to these functions. PSCs as parameter-style components were developed in order to satisfy the clients’ (we define clients as owners, managers and operators of plants) requirements. A support environment for developing requirement specifications was developed. The environment consists of the Prototype Development Tool (PDT), the Behavior Check Simulator (BCS) and the Requirement Specification Development Tool (RSDT). The method consists of four steps. In the first step, PDT is used to define the parameters to customize PSCs and to compose a PCSW prototype by setting these parameters to PSCs. In the second step, BCS is used to execute the composed PCSW prototype and check its behavior and relevancy against the clients’ expectations. In the third step, steps 1 and 2 are repeated until the behavior of the PCSW prototype satisfies the clients’ requirements. Finally, a requirement specification is developed from the PCSW prototype which fully reflects the clients’ requirements. In order to evaluate the proposed method, it has been applied in five development cases. A Requirement Coverage of 91%, a Requirement Revision Rate of 6%, a PSC Reuse Rate of 92% and a LOC Reuse Rate of 83% have been achieved. In addition, a reduction of 55% in the amount of time required to develop requirement specifications has been achieved. These results indicate that the proposed method has sufficient capability to develop an exhaustive and an adequate PCSW requirement specification. And the developed PSCs have sufficient functions and capability to compose PCSW prototypes, and the support environment is capable of shortening the time taken to develop requirement specifications.     

面向软件安全性需求分析过程的追踪模型

追踪性即关联一些制品及其中各种相关要素的机制或能力。安全关键系统开发不仅包括一般系统的开发过程,更重要的是必需要有独立的安全性分析,建立并验证系统的安全性需求。目前针对安全性分析过程的追踪性研究较少。安全相关标准如ARP-4761和DO 178C等提供了安全性分析过程的指导意见,然而其由于涉及的概念和方法很多,因此在实际应用和研究中常会忽略对一些关键信息的追踪。此外,软件安全性需求分析不仅应考虑系统到软件的安全性分析,还应考虑软件到系统的安全性分析。面向软件安全性需求分析过程建立安全性相关信息的双向追踪,有助于了解安全性需求的前因后果,为验证工作和影响分析提供便利。参照标准,构建面向软件安全性需求分析过程的追踪模型。     

MOQARE: misuse-oriented quality requirements engineering

This work presents MOQARE (misuse-oriented quality requirements engineering), a method to explore quality requirements. The aim of MOQARE is to support intuitive and systematic identification of quality requirements. It was developed by integrating and adapting concepts from other methods (like Misuse Cases). It provides a general conceptual model of quality requirements, and a checklist-based process for deriving them in a top-down fashion. This derivation starts from business goals and vague quality requirements and delivers detailed requirements. MOQARE applies to requirements on the system to be developed requirements, but also derives requirements on the development process, including administration and maintenance. It considers normal and extreme use. The relationships among these requirements are modeled in a Misuse Tree. MOQARE has shown its merits in several case studies, one of which is presented here.