Deriving tabular event-based specifications from goal-oriented requirements models

Goal-oriented methods are increasingly popular for elaborating software requirements. They offer systematic support for incrementally building intentional, structural and operational models of the software and its environment. They also provide various techniques for early analysis, notably, to manage conflicting goals or to anticipate abnormal environment behaviours that prevent goals from being achieved. On the other hand, tabular event-based methods are well-established for specifying operational requirements for control software. They provide sophisticated techniques and tools for late analysis of software behaviour models through simulation, model checking or table exhaustiveness checks. The paper proposes to take the best out of these two worlds to engineer requirements for control software. It presents a technique for deriving event-based specifications, written in the SCR tabular language, from operational specifications built according to the KAOS goal-oriented method. The technique consists of a series of transformation steps each of which resolves semantic, structural or syntactic differences between the KAOS source language and the SCR target language. Some of these steps need human intervention and illustrate the kind of semantic subtleties that need to be taken into account when integrating multiple formalisms. As a result of our technique SCR specifiers may use upstream goal-based processes à la KAOS for the incremental elaboration, early analysis, organization and documentation of their tables, while KAOS modelers may use downstream tables à la SCR for later analysis of the behaviour models derived from goal specifications.     

Program Synthesis from Formal Requirements Specifications Using APTS

Formal specifications of software systems are extremely useful because they can be rigorously analyzed, verified, and validated, giving high confidence that the specification captures the desired behavior. To transfer this confidence to the actual source code implementation, a formal link is needed between the specification and the implementation. Generating the implementation directly from the specification provides one such link. A program transformation system such as Paige's APTS can be useful in developing a source code generator. This paper describes a case study in which APTS was used to produce code generators that construct C source code from a requirements specification in the SCR (Software Cost Reduction) tabular notation. In the study, two different code generation strategies were explored. The first strategy uses rewrite rules to transform the parse tree of an SCR specification into a parse tree for the corresponding C code. The second strategy associates a relation with each node of the specification parse tree. Each member of this relation acts as an attribute, holding the C code corresponding to the tree at the associated node; the root of the tree has the entire C program as its member of the relation. This paper describes the two code generators supported by APTS, how each was used to synthesize code for two example SCR requirements specifications, and what was learned about APTS from these implementations.     

Conceptual modeling of natural language functional requirements

Requirements analysts consider a conceptual model to be an important artifact created during the requirements analysis phase of a software development life cycle (SDLC). A conceptual, or domain model is a visual model of the requirements domain in focus. Owing to its visual nature, the model serves as a platform for the deliberation of requirements by stakeholders and enables requirements analysts to further refine the functional requirements. Conceptual models may evolve into class diagrams during the design and execution phases of the software project. Even a partially automated conceptual model can save significant time during the requirements phase, by quickening the process of graphical communication and visualization.This paper presents a system to create a conceptual model from functional specifications, written in natural language in an automated manner. Classes and relationships are automatically identified from the functional specifications. This identification is based on the analysis of the grammatical constructs of sentences, and on Object Oriented principles of design. Extended entity-relationship (EER) notations are incorporated into the class relationships. Optimizations are applied to the identified entities during a post-processing stage, and the final conceptual model is rendered.The use of typed dependencies, combined with rules to derive class relationships offers a granular approach to the extraction of the design elements in the model. The paper illustrates the model creation process using a standard case study, and concludes with an evaluation of the usefulness of this approach for the requirements analysis. The analysis is conducted against both standard published models and conceptual models created by humans, for various evaluation parameters.     

Automated structural analysis of SCR‐style software requirements specifications using PVS

The importance of effective requirements analysis techniques cannot be overemphasized when developing software requiring high levels of assurance. Requirements analysis can be largely classified as either structural or functional. The former investigates whether definitions and uses of variables and functions are consistent, while the latter addresses whether requirements accurately reflect users' needs. Verification of structural properties for large and complex software requirements is often repetitive, especially if requirements are subject to frequent changes. While inspection has been successfully applied to many industrial applications, the authors found inspection to be ineffective when reviewing requirements to find errors violating structural properties. Moreover, current tools used in requirements engineering provide only limited support in automatically enforcing structural correctness of the requirements. Such experience has motivated research to automate straightforward but tedious activities. This paper demonstrates that a theorem prover, PVS (Prototype Verification System), is useful in automatically verifying structural correctness of software requirements specifications written in SCR (Software Cost Reduction)‐style. Requirements are automatically translated into a semantically equivalent PVS specification. Users need not be experts in formal methods or power users of PVS. Structural properties to be proved are expressed in PVS theorems, and the PVS proof commands are used to carry out the proof automatically. Since these properties are application independent, the same verification procedure can be applied to requirements of various software systems. Copyright © 2001 John Wiley & Sons, Ltd.     

软件需求规格说明自动生成工具

首先提出了一种面向业务流的需求分析方法，并给出了相应的条件有向图需求描述模型(CDGRD)，然后详细地介绍了基于CDGRD的软件需求规格说明自动生成工具，最后以某大型企业信息系统项目为例，详细讨论了CD-GRD描述方法以及该自动生成工具的具体应用．     

Using abstraction and model checking to detect safety violations inrequirements specifications

Exposing inconsistencies can uncover many defects in software specifications. One approach to exposing inconsistencies analyzes two redundant specifications, one operational and the other property-based, and reports discrepancies. This paper describes a “practical” formal method, based on this approach and the SCR (software cost reduction) tabular notation, that can expose inconsistencies in software requirements specifications. Because users of the method do not need advanced mathematical training or theorem-proving skills, most software developers should be able to apply the method without extraordinary effort. This paper also describes an application of the method which exposed a safety violation in the contractor-produced software requirements specification of a sizable, safety-critical control system. Because the enormous state space of specifications of practical software usually renders direct analysis impractical, a common approach is to apply abstraction to the specification. To reduce the state space of the control system specification, two “pushbutton” abstraction methods were applied, one which automatically removes irrelevant variables and a second which replaces the large, possibly infinite, type sets of certain variables with smaller type sets. Analyzing the reduced specification with the model checker Spin uncovered a possible safety violation. Simulation demonstrated that the safety violation was not spurious but an actual defect in the original specification     

Automated classification of non-functional requirements

This paper describes a technique for automating the detection and classification of non-functional requirements related to properties such as security, performance, and usability. Early detection of non-functional requirements enables them to be incorporated into the initial architectural design instead of being refactored in at a later date. The approach is used to detect and classify stakeholders’ quality concerns across requirements specifications containing scattered and non-categorized requirements, and also across freeform documents such as meeting minutes, interview notes, and memos. This paper first describes the classification algorithm and then evaluates its effectiveness through reporting a series of experiments based on 30 requirements specifications developed as term projects by MS students at DePaul University. A new and iterative approach is then introduced for training or retraining a classifier to detect and classify non-functional requirements (NFR) in datasets dissimilar to the initial training sets. This approach is evaluated against a large free-form requirements document obtained from Siemens Logistics and Automotive Organization. Although to the NFR classifier is unable to detect all of the NFRs, it is useful for supporting an analyst in the error-prone task of manually discovering NFRs, and furthermore can be used to quickly analyse large and complex documents in order to search for NFRs.     

Revisiting the Meaning of Requirements

Understanding the meaning of requirements can help elicit the real world requirements and refine their specifications. But what do the requirements of a desired software mean is not a well-explained question yet though there are many software development methods available. This paper suggests that the meaning of requirements could be depicted by the will-to-be environments of the desired software, and the optative interactions of the software with its environments as well as the causal relationships among these interactions. This paper also emphasizes the necessitv of distinguishing the external manifestation from the internal structure of each system component during the process of requirements decomposition and refinement. Several decomposition strategies have been given to support the continuous decomposition. The external manifestation and the internal structure of the system component have been defined. The roles of the knowledge about the environments have been explicitly described. A simple but meaningful example embedded in the paper illustrates the main ideas as well as how to conduct the requirements decomposition and refinement by using these proposed strategies.     

关联规则挖掘发现问题的协同式需求获取方法

提出一种关联规则挖掘发现问题的协同式需求获取方法。该方法的基本思想是：首先,通过关联规则挖掘发现问题;然后,识别问题的解决方案,进而获取隐藏于大量数据中的隐性需求。     

Extending the SCR Method for Real-Time Systems

Wepropose timed SCR specifications, which are a generalizationof SCR specifications, intended to specify quantitative timingproperties of real-time systems. We extend the tabular notationof the SCR method to deal with sporadic and periodic timing constraints.We present a formal semantics for timed SCR specifications bytranslating them into timed transition systems. A shutdown systemin Korean nuclear power plants is used as a case study to illustratetimed SCR specifications.     

Managing requirements specifications for product lines - An approach and industry case study

Software product line development has emerged as a leading approach for software reuse. This paper describes an approach to manage natural-language requirements specifications in a software product line context. Variability in such product line specifications is modeled and managed using a feature model. The proposed approach has been introduced in the Swedish defense industry. We present a multiple-case study covering two different product lines with in total eight product instances. These were compared to experiences from previous projects in the organization employing clone-and-own reuse. We conclude that the proposed product line approach performs better than clone-and-own reuse of requirements specifications in this particular industrial context.     

A controlled experiment to evaluate how styles affect the understandability of requirements specifications

This paper presents a controlled experiment in which two different requirements specification styles (white-box and black-box) were compared concerning the understandability of two requirements specifications from the viewpoint of a customer. The results of the experiment confirm the common belief that black-box requirements specifications (e.g., documented with SCR) are easier to understand from a customer point of view than white-box specifications (e.g., documented with UML). Questions about particular functions and behavior of the specified system were answered faster and more correctly by the participants. This result suggests that using a black-box specification style when communicating with customers is beneficial.     

A Knowledge-Based Software Engineering Environment for reusable software requirements and architectures

This paper describes a prototype Knowledge-Based Software Engineering Environment used to demonstrate the concepts of reuse of software requirements and software architectures. The prototype environment, which is application-domain independent, is used to support the development of domain models and to generate target system specifications from them. The prototype environment consists of an integrated set of commercial-off-the-shelf software tools and custom developed software tools.The concept of reuse is prevalent at several levels of the domain modeling method and prototype environment. The environment itself is domain-independent thereby supporting the specification of diverse application domain models. The domain modeling method specifies a family of systems rather than a single system; features characterize the variations in functional requirements supported by the family and individual family members are specified by the features they are to support. The knowledge-based approach to target system generation provides the rules for generating target system specifications from the domain model; target system specifications, themselves, may be stored in an object repository for subsequent retrieval and reuse.     

The impact of requirements changes on specifications and state machines

Requirements change both during and after a phase of development for a variety of reasons, including error correction and feature changes. Requirements change management is one of the most complex and difficult problems to deal with in requirements elicitation and tracking. It is generally not understood how a specific change propagates through the specification and into the code. In this paper we capture requirements changes as series of atomic changes in specifications. Using a rigorous specification method called sequence‐based specification, we propose a set of algorithms for managing all possible atomic requirements changes. The algorithms have been formulated within an axiom system for sequence‐based specification and proven for correctness. They have also been implemented in a prototype tool with which users are able to push requirements changes through to changes in specifications, maintain old specifications over time and evolve them into new specifications with the least amount of human interaction and rework. The approach of utilizing state machines to model and manage requirements changes guarantees strong evidence about the correctness and completeness of the proposed theory that will lead to more reliable software in the presence of change, especially with embedded systems and safety‐critical systems. The solution described is general enough for adoption by software and system developers, and well suited for incremental development. Copyright © 2008 John Wiley & Sons, Ltd.     

Architecture design for internet-based control systems

The Internet is playing an important role in information retrieval, and additionally industrial process manipulation. This paper describes an approach to writing requirements specifications for Internet-based control systems, from which architectures can be derived. The requirements specifications developed are described in terms of a functional model, which is then extended to form an information architecture. Distinct from the functional model, the information architecture provides an indication as to the architectural structure of subsequently developed Internet-based control systems. Three general control structures are generated from the analysis of an information architecture. An integrated-distributed architecture is derived as an ideal implementation, in which a control system is linked to the Internet at all levels of a control system hierarchy.     

基于虚拟组织的网格安全需求分析模型

网格环境下多用户参与的协同计算是网格计算的重要应用方向。网格计算的复杂性导致网格安全需求复杂。该文提出一种基于虚拟组织的网格计算多用户协同关系描述模型,在其基础上构建网格安全需求分析模型,实现了网格环境下多用户协同计算的安全需求形式化描述,把网格协同计算环境下的不同安全需求统一在同一种理论体系中。