Formal Requirements Validation

Requirements are formalized in a formal language, typically a temporal logic, and analyzed to find defects in the specification such as inconsistencies, incompleteness, errors, unrealizability.

Method Purpose Short description of the method's purpose and main benefits

Method description A detailed description of the method

Flaws in requirements may have severe impacts on the subsequent phases of the development flow. These also undermine the formal verification activity, which typically formalizes the requirements into formal properties that are considered as golden and used to check the correctness of the design or software/hardware implementation. Most of the efforts in formal methods have historically been devoted to comparing a design against a set of requirements. The validation of the requirements themselves, however, has often been disregarded and poses several challenges. First, requirements are often written in natural language, and may thus contain a high degree of ambiguity. Second, the informal requirements often express global constraints on the system-to-be (e.g., mutual exclusion), and, in order to retain a direct connection with the informal requirements, the formalization cannot follow standard model-based approaches, but must be complemented with more suitable formalisms such as temporal logics. Third, the formal validation of requirements suffers from the lack of a clear correctness criterion (which in the case of design verification is basically given by the availability of high-level properties). Finally, the expressiveness of the language used in the formalization may go beyond the typical level used for formal verification (e.g., propositional logic).
The methodology for requirements analysis proposed in the PROSYD project [FRV1, FRV2] is based on a series of checks in terms of satisfiability of LTL to verify the consistency of properties, their compatibility with some scenario, and their entailment of some assertions. This work has been extended to more expressive logic to represent requirements of hybrid systems [FRV3, FRV4] and to temporal satisfiability modulo theories [FRV5]. Other formal checks that can be used to pinpoint issues in the requirements specification are based on the notions of realizability [FRV6], vacuity [FRV7], or unconstrained outputs [FRV8].

Method Strengths A listof the strengths of the method

The formal validation helps in identifying issues in the requirements specification;
Detecting issues at the requirements level in the early phases of the design may yield a huge saving in terms of costs.

Method Limitations The limitations of the method

The formalization requires effort and expertise in interpreting the results.

Method References Bibliography references to papers about the method.

[FRV1] Ingo Pill, Simone Semprini, Roberto Cavada, Marco Roveri, Roderick Bloem, Alessandro Cimatti: Formal analysis of hardware requirements. DAC 2006: 821-826
[FRV2] Roderick Bloem, Roberto Cavada, Ingo Pill, Marco Roveri, Andrei Tchaltsev: RAT: A Tool for the Formal Analysis of Requirements. CAV 2007: 263-267
[FRV3] Alessandro Cimatti, Marco Roveri, Stefano Tonetta: Requirements Validation for Hybrid Systems. CAV 2009: 188-203 Requirements Validation for Hybrid Systems. CAV 2009: 188-203
[FRV4] Alessandro Cimatti, Marco Roveri, Angelo Susi, Stefano Tonetta: Validation of requirements for hybrid systems: A formal approach. ACM Trans. Softw. Eng. Methodol. 21(4): 22:1-22:34 (2012)
[FRV5] Alessandro Cimatti, Alberto Griggio, Enrico Magnago, Marco Roveri, Stefano Tonetta: SMT-based satisfiability of first-order LTL with event freezing functions and metric operators. Inf. Comput. 272: 104502 (2020)
[FRV6] Amir Pnueli, Roni Rosner: On the Synthesis of a Reactive Module. POPL 1989: 179-190
[FRV7] Dana Fisman, Orna Kupferman, Sarai Sheinvald-Faragy, Moshe Y. Vardi: A Framework for Inherent Vacuity. Haifa Verification Conference 2008: 7-22
[FRV8] Koen Claessen: A Coverage Analysis for Safety Property Lists. FMCAD 2007: 139-145

Method Dimensions

Evaluation Environment Type Type of environment where the method is applied. It can be more than one type of environment. (Dimension 1)

Evaluation Type Type of evaluation performed with that method. If a method is hybrid, more than one type can be selected. (Dimension 2)

Type of Component Under Evaluation Type of components that can be evaluated with that method. It can be more than one type. (Dimension 3)

Evaluation Stage The evaluation stage where the method is used. (Dimension 5)

Purpose of the Component Under Evaluation The type of purpose that can be evaluated by a method. It can be more than one type. (Dimension 6)

Type of Requirement Under Evaluation The type of requirements that a method is able to evaluate. It can be more than one type. (Dimension 7)

Evaluation Performance Indicator The type of evaluation criteria or KPI that a method is able to improve. It can be more than one type. (Dimension 8)

Relations

Related Methods A method could be related to other methods.

Tools A method can use zero or more tools.

Part Method A method (when it is a combination: Combination of method artefact that is a specialization of a V&V Method) could be composed of a set of V&V Methods.

Test Case or Verification and Validation activity Test Case or V&V activity performed in a Use Case. We will link to the method to the test cases where the method is used.

Standards A method can be linked with standards.

Context

Workflow

Contents

There are currently no items in this folder.