Formal Requirements-Driven Verification

Method Purpose Short description of the method's purpose and main benefits

Method description A detailed description of the method

A system’s requirements drive what features are included in its design. Ensuring that the design adequately reflects the system’s requirements can often be difficult. Formal methods are effective when checking this sort of relationship between artefacts, but only when the artefacts are described formally. However, requirements are often expressed in natural language, and often at a level of detail that is not suitable for direct formalisation [SFM1].

Eliciting the system’s requirements and formalising them is a task best completed by a collaboration between those knowledgeable about the system and those knowledgeable about formalisation. But using a formal language during this process can slow down progress, as the systems engineers are taught the intricacies of the formal method, and the formalists try to formalise too much detail too quickly. Thus, semi-formal languages are used as an intermediate between natural- and formal-languages. This avoids slowing down the requirements elicitation process, but still provides enough formalisation to both reduce ambiguities and make the requirements easier to (fully) formalise later on [SFM2].

Our tool of choice, the Formal Requirements Elicitation Tool (FRET), uses a structed natural-language called FRETISH as its input language. We manually encode the available natural-language requirements into FRETISH, then FRET automatically translates them into Temporal Logic. FRET is also capable of exporting the requirements as contracts for Simulink diagrams (in a language called CoCoSim).

Method Strengths A listof the strengths of the method

Quicker Translation to Formal Specifications
Identification of ambiguities in natural language requirements at an early stage in the development process.
Formal specifications are based on formal requirements and linked to the system model.
Intermediate language used to avoid requirements engineers needing to learn a formal language

Method Limitations The limitations of the method

Not all requirements can be formalised, depending on the tool that is used.
Requirements engineers still must understand the intermediate language (though this is a much lower burden than learning a formal language).

Method References Bibliography references to papers about the method.

[SFM1] Rozier, Kristin Yvonne, "Specification: The Biggest Bottleneck in Formal Methods and Autonomy" (2016). Verified Software. Theories, Tools, and Experiments (pp. 8-26). Springer. https://doi.org/10.1007/978-3-319-48869-1_2
[SFM2] Giannakopoulou, D., Pressburger, T., Mavridou, A., & Schumann, J. (2020). Generation of formal requirements from structured natural language. In International Working Conference on Requirements Engineering: Foundation for Software Quality (pp. 19-35). Springer. https://doi.org/10.1007/978-3-030-44429-7_2

Method Dimensions

Evaluation Environment Type Type of environment where the method is applied. It can be more than one type of environment. (Dimension 1)

Evaluation Type Type of evaluation performed with that method. If a method is hybrid, more than one type can be selected. (Dimension 2)

Type of Component Under Evaluation Type of components that can be evaluated with that method. It can be more than one type. (Dimension 3)

Evaluation Stage The evaluation stage where the method is used. (Dimension 5)

Purpose of the Component Under Evaluation The type of purpose that can be evaluated by a method. It can be more than one type. (Dimension 6)

Type of Requirement Under Evaluation The type of requirements that a method is able to evaluate. It can be more than one type. (Dimension 7)

Evaluation Performance Indicator The type of evaluation criteria or KPI that a method is able to improve. It can be more than one type. (Dimension 8)

Relations

Related Methods A method could be related to other methods.

Tools A method can use zero or more tools.

Part Method A method (when it is a combination: Combination of method artefact that is a specialization of a V&V Method) could be composed of a set of V&V Methods.

Test Case or Verification and Validation activity Test Case or V&V activity performed in a Use Case. We will link to the method to the test cases where the method is used.

Standards A method can be linked with standards.

Context

Workflow

Contents

There are currently no items in this folder.