S. Easterbrook, R. Lutz, R. Covington, J. Kelly, Y. Ampo, and D. Hamilton. Experiences using lightweight formal methods for requirements modeling. IEEE Transactions on Software Engineering, 24(1):4--14, 1998.  Home/Search   Document Details and Download   Summary   Related Articles   Check

.... government (e.g. Bell Laboratories [20] Grumman [29] Lockheed [10] the Naval Research Laboratory [16, 25] Ontario Hydro [35] and Rockwell Aviation [30] to develop and analyze specifications of practical systems, including flight control systems [10, 30] weapons systems [16] space systems [9], and cryptographic devices [25] Most recently, the SCR tools were used by Lockheed Martin, together with a test case generator, to detect a critical error described as the most likely cause of a 165M failure in the software controlling landing procedures in the Mars Polar Lander [5] The ....

Easterbrook, S., R. Lutz, R. Covington, Y. Ampo, and D. Hamilton: 1998, `Experiences Using Lightweight Formal Methods for Requirements Modeling'. IEEE Transactions on Software Engineering 24(1).

....the claims and provide practitioners with real examples on which to base their III own pilot studies. In particular, measured productivity gains affecting the entire software lifecycle are best achieved by applying FDTs in the following manner: The formalization process should be lightweight [32, 17], i.e. allow for creat ing partial specifications, without a commitment to developing complete, consistent formal specifications. 17] This also includes employing easy to use formal notations that are suitable for the target application domain. The investments made in the formalization ....

....gains affecting the entire software lifecycle are best achieved by applying FDTs in the following manner: The formalization process should be lightweight [32, 17] i.e. allow for creat ing partial specifications, without a commitment to developing complete, consistent formal specifications. [17]. This also includes employing easy to use formal notations that are suitable for the target application domain. The investments made in the formalization process should be leveraged to other stages of the software lifecycle to obtain immediate and visible benefits. For example, this may include ....

Steve Easterbrook, Robyn Lutz, Richard Covington, John Kelly, Yoko Ampo, and David Hamilton. "Experience Using Lightweight formal Methods for Requirements Modeling". IEEE Transactions on Software Engineering, 24(1):4 14, January 1998.

....we use the term lightweight formal methods to characterize those methods whose adoption cost is a small fraction of that of the overall RE process, including training, application and computational costs. Lightweight formal methods often perform partial analysis on partial specifications only [3]. They do not require a # Correspondence to: Bashar Nuseibeh, Computing Department, The Open University, Milton Keynes MK7 6AA, U.K. E mail: B.A.Nuseibeh open.ac.uk Contract grant sponsor: NASA; contract grant number: #NCC 2 979 Contract grant sponsor: UK EPSRC (MISE) contract grant number: ....

.... [17] The choice of this particular document was appealing because we assumed it to be of high quality (being the twelfth release of those requirements, and subject to many inspections and revisions) and because parts of it had already been analysed using different techniques, in related studies [3,18,19]. The document, 250 pages long, is written mainly in narrative English, with several tables and the occasional schematic diagram interspersed in the text. It is structured by NCS functions (e.g. Telemetry Control, Environmental Control, Time Management, etc. Each function is described in terms ....

Easterbrook S, Lutz R, Covington R, Kelly J, Ampo Y, Hamilton D. Experiences using lightweight formal methods for requirements modeling. IEEE Transactions on Software Engineering 1998; 24(1):4--14.

....nail down their system requirements more precisely; furthermore, formal notation provides a structured way to express requirements, reviews are more e ective and reliable, and allow for di erent classes of checking with automatic tools. This is what the so called lightweight formal modeling [Jon96, JaWi96, AgLa98, ELCKAH98] does. Under this approach, FM are basically used, in the early stages of the software development cycle, as a aw detector and, capitalizing on the intrinsic abstraction of FM, as a means of reducing complexity and improving the understanding of requirements by the development team. Veri cation ....

Easterbrook, S., Lutz, R. R., Covington, R., Kelly, J. C., Ampo, Y. & Hamilton, D. 1998. Experiences Using Lightweight Formal Methods for Requirements Modelling. IEEE Transactions on Software Engineering, 24(1):1-11.

....follows that improving the quality of requirements documents is crucial. Recent studies have shown that applying mathematical methods during the requirements phase is a promising approach to increase the clarity and precision of requirements specifications, and to find important and subtle errors [24, 13]. With such methods, we apply traditional engineering principles and mathematical techniques to produce a requirements specification based on some formalism. Mathematical methods 1 1. Introduction 2 can reduce errors in requirements and then improve the level of assurance by increasing precision ....

....making some instances of inconsistency and incompleteness obvious [15] While they can increase the confidence in requirements, mathematical methods are not a miracle cure. They do not assure the correctness and do not guarantee the completeness and correctness of the specifications themselves [13]. In practice, because of carelessness, misunderstanding in communication within teams, and most important, the complexity of the requirements process, errors could be still introduced while writing requirements documentation. In the certification of the Darlinton plant, Parnas noticed that the ....

Steve Eastebrook, Robyn Lutz, et al. Experiences Using Lightweight Formal Methods for Requirements Modeling, IEEE Transactions on Software Engineering, Vol. 24. No. 1, January 1998

.... Software of the International Space Station [14] The choice of this particular document was appealing because we assumed it to be of high quality (being the 12 th release of those requirements) and because parts of it had already been analyzed using di erent techniques, in related studies [6, 19]. Our study focused on the Cabin Pressure Monitoring function, part of the Environmental Control function. The 9 requirements describing cabin pressure monitoring were input into Circe, translated by Cico into atomic requirements, and processed by our modelers. Various validation modelers ....

S. Easterbrook, R. Lutz, R. Covington, J. Kelly, Y. Ampo, and D. Hamilton. Experiences using lightweight formal methods for requirement modeling. IEEE Transactions on Software Engineering, 24(1):4-14, Jan. 1998.

....we use the term lightweight formal methods to characterise those methods whose adoption cost is a small fraction of that of the overall RE process, including training, application and computational costs. Lightweight formal methods often perform partial analysis on partial specifications only [Easterbrook et al. 1998]. They do not require a commitment to translate an entire (informal) requirements document into a formal one, nor to maintain formal and informal versions of specifications in parallel [Kemmerer 1990] Moreover, as requirements specifications evolve during the early stages of the RE process, ....

.... 1997] The choice of this particular document was appealing because we assumed it to be of high quality (being the 12 th release of those requirements, and subject to many inspections and revisions) and because parts of it had already been analyzed using different techniques, in related studies [Easterbrook et al. 1998; Russo et al. 1998; Russo et al. 1999] The document, 250 pages long, is written mainly in narrative English, with several tables and the occasional schematic diagram interspersed in the text. The 3 page fragment we chose to analyze described one of the basic components of the Environmental ....

S. Easterbrook, R. Lutz, R. Covington, J. Kelly, Y. Ampo and D. Hamilton, "Experiences Using Lightweight Formal Methods for Requirements Modeling", IEEE Transactions on Software Engineering, 24(1): 4-14, January 1998.

....They also showed against previous assumptions that developing from formal specification is not more expensive than well known development processes [4] They propose a lightweight approach for using formal methods. First defined by Jones [52] Jackson and Wing [49] and by Easterbrook et al. [30], and recalled by Agerholm and Larsen [4] lightweight formal method is a less than completely formal use of formal methods. The methods are used to perform partial analysis on partial specifications, without a commitment to developing complete, consistent formal specifications [30] An ....

....et al. 30] and recalled by Agerholm and Larsen [4] lightweight formal method is a less than completely formal use of formal methods. The methods are used to perform partial analysis on partial specifications, without a commitment to developing complete, consistent formal specifications [30]. An example of formal development process is given by the Vienna Development Method. In this method, the implicit specification of the system is first developped. From this implicit specification an explicit specification is derived. The first explicit specification is related to the implicit ....

[Article contains additional citation context not shown here]

S. Easterbrook, R.R. Lutz, R. Covington, J.C. Kelly, Y. Ampo, and D. Hamilton. Experiences Using Lightweight Formal Methods for Requirements Modeling. In IEEE Transaction on Software Engineering. Springer Verlag, January 1998.

....means to decomposing complex problems and presenting abstract graphical perspectives of models. Notably, the formal methods group at the NASA Jet Propulsion Laboratory has put forward the complementary bene ts of graphical and formal modeling in their work on promoting lightweight formal methods [5, 9, 3]. They observe that object oriented graphical models can be used as intermediate representations facilitating the process of formalizing requirements, as this can enhance the accuracy of the initial formal speci cations and reduce the e ort to produce them. They also observe that graphical models ....

.... the VDMTools of IFAD [7] Secondly, we use a tool, the Rose VDM Link, which automates the translation between VDM and UML through a number of transformation rules [2] This means that UML is bene cial not only to provide intermediate representations prior to formalizing a model as suggested in [5], but also throughout the modeling and validation processes in order to provide abstract diagrammatic visualizations of the formal models. The paper illustrates the use of formal techniques as a complement to the leading industrial design notation and tool, namely, the UML and Rational Rose 98. ....

S. Easterbrook, R.R. Lutz, R. Covington, J.C. Kelly, Y. Ampo, and D. Hamilton. Experiences Using Lightweight Formal Methods for Requirements Modeling. IEEE Transactions on Software Engineering, 24(1):1-11, January 1998.

....checking of tabular speci cations [31] and through the process of formal challenges [39] where expected properties are stated of a speci cation and examined by theorem proving or model checking. PVS has been used by multiple NASA centers to analyze requirements for the Cassini Spacecraft [13] and for the Space Shuttle [9] and by the SafeFM project (University of London) in the analysis of requirements for avionics control systems [12] 4 Hardware Veri cation Applications of PVS to hardware veri cation fall into two broad classes. One class is concerned with veri cation of the ....

Steve Easterbrook, Robyn Lutz, Richard Covington, John Kelly, Yoko Ampo, and David Hamilton. Experiences using lightweight formal methods for requirements modeling. IEEE Transactions on Software Engineering, 24(1):4-14, January 1998.

....we use the term lightweight formal methods to characterise those methods whose adoption cost is a small fraction of that of the overall RE process, including training, application and computational costs. Lightweight formal methods often perform partial analysis on partial specifications only [Easterbrook et al. 1998]. They do not require a commitment to translate an entire (informal) requirements document into a formal one, nor to maintain formal and informal versions of specifications in parallel [Kemmerer 1990] Moreover, as requirements specifications evolve during the early stages of the RE process, ....

.... 1997] The choice of this particular document was appealing because we assumed it to be of high quality (being the 12 th release of those requirements, and subject to many inspections and revisions) and because parts of it had already been analyzed using different techniques, in related studies [Easterbrook et al. 1998; Russo et al. 1998; Russo et al. 1999] The document, 250 pages long, is written mainly in narrative English, with several tables and the occasional schematic diagram interspersed in the text. The 3 page fragment we chose to analyze described one of the basic components of the Environmental ....

S. Easterbrook, R. Lutz, R. Covington, J. Kelly, Y. Ampo and D. Hamilton, "Experiences Using Lightweight Formal Methods for Requirements Modeling", IEEE Transactions on Software Engineering, 24(1): 4-14, January 1998.

....to achieve immediate results by using the approach incrementally, that is, being able to stop at any time and get partial benefits from partial modeling. A light weight approach to formalization has been advocated by many researchers [6, 18, 20] and applied successfully in several projects, e.g. [7, 9]. What about verification We feel that in the current commercial environment the majority of systems do not require any verification. There is typically a lesser need for absolute assurance, but a greater need for rapid development of reasonably correct systems. In fact, our use of SDL showed ....

Steve Easterbrook, Robyn Lutz, Richard Covington, John Kelly, Yoko Ampo, and David Hamilton. "Experience Using Lightweight Formal Methods for Requirements Modeling". IEEE Transactions on Software Engineering, 24(1):4--14, January 1998.

....is that the verification is fully automated. Modelchecking has been effectively applied to verifying hardware [22, 19, 15, 49] and distributed systems, including network and security protocols [34, 47, 48, 43, 3] Model checking has also started to be applied to requirements engineering [6, 23, 60, 7, 64]. However, the size of the state space grows exponentially to the number of variables in the problem, making all but the most trivial programs too large to analyze. Various researchers have been proposing checking abstractions of programs [66, 42, 35] Unfortunately, coming up with useful ....

Steve Easterbrook, Robyn Lutz, Richard Covington, John Kelly, Yoko Ampo, and David Hamilton. "Experience Using Lightweight Formal Methods for Requirements Modeling". IEEE Transactions on Software Engineering, 24(1):4--14, January 1998.

....methods which rely more on mathematical proof and automated reasoning. Consequently, light weight tools and techniques are viewed in this paper as complementary to rigorous or formal verification methods. Further, light weight techniques have been successfully applied to industrial projects [1, 2] which makes them the subject of current interest in formal methods. Perhaps a good analogy for the kinds of assurance given by animation is that given by a spell checker. The spell checker can be used to detect most spelling errors in a document and so increase our level of confidence in the ....

Steve Easterbrook, Robyn Lutz, Richard Covington, John Kelly, Yoko Amp, and David Hamilton. Experiences using lightweight formal methods for requirements engineering. IEEE Transactions on Software Engineering, 24(1), 1998.

....of formal methods does not necessarily imply the use of formal correctness proofs. These so called light weight approaches to formal methods take the advantages of a precise and unambiguous specification language to raise the quality of a system s specification, without focusing on proofs [1, 3, 4, 9, 11]. This paper reports about the tasks performed and the experience gained in an industrial project where VDM , an object oriented extension of the Vienna Development Method, has been applied in such a light weight manner. This work has been performed in a joint project of the Austrian company ....

S. M. Easterbrook, R. Lutz, R. Covington, J. Kelly, Y. Ampo, and D. Hamilton. Experiences Using Lightweight Formal Methods for Requirements Modeling. IEEE Transactions on Software Engineering, Special Issue on Formal Methods in Software Practice, 24(1), 1998. (Technical Report #NASA-IVV-97-015).

....focusing entirely on the ambitious certainty of correctness, the formal methods communities are starting to loosen up and find lightweight approaches to applying their technologies. For example, this new trend was documented recently by Jones [15] Jackson and Wing [14] and by Easterbrook et al. [6]. The authors use the term light or lightweight in the sense of lessthan completely formal or partial where the methods can be used to perform partial analysis on partial specifications, without a commitment to developing and baselining complete, consistent formal specifications [6] ....

....al. 6] The authors use the term light or lightweight in the sense of lessthan completely formal or partial where the methods can be used to perform partial analysis on partial specifications, without a commitment to developing and baselining complete, consistent formal specifications [6]. With this approach, formal methods are used more as a defect detection technique in the early stages of the software development life cycle. Here, the To appear in Proceedings of the International Workshop on Current Trends in Applied Formal Methods, Boppard Germany, LNCS, Springer Verlag, ....

[Article contains additional citation context not shown here]

S. Easterbrook, R.R. Lutz, R. Covington, J.C. Kelly, Y. Ampo, and D. Hamilton. Experiences Using Lightweight Formal Methods for Requirements Modeling. IEEE Transactions on Software Engineering, 24(1):1--11, January 1998.

....A 7 requirements document. 4. Applying SCR to Practical Systems. To date, SCR has been applied in several pilot projects. In one project, NASA researchers used SCR to detect missing cases and nondeterminism in the prose software requirements specification of the International Space Station [3]. In a second project, Rockwell engineers used SCR to expose 24 errors, many of them serious, in the requirements specification of a flight guidance system [11] Of the detected errors, a third were uncovered in constructing the specification, a third by the consistency checker, and the remaining ....

S. Easterbrook and others. Experiences using lightweight formal methods for requirements modeling. IEEE Transactions on Software Engineering, 24(1), Jan. 1998.

....(V V) tool for analysis and testing. This position paper presents a characterization of inconsistency and then proposes a framework for managing inconsistency in this context. It draws upon our practical experiences of dealing with inconsistency in large scale software development projects [4, 11]. For an account of related work in the area, readers are referred to [5, 6, 9] 2. What is inconsistency We use the term inconsistency to denote any situation in which two descriptions do not obey some relationship that should hold between [8] Such a relationship can be expressed as a ....

S. Easterbrook, R. Lutz, R. Covington, J. Kelly, Y. Ampo and D. Hamilton, "Experiences Using Lightweight Formal Methods for Requirements Modeling", IEEE Transactions on Software Engineering, 24(1), January 1998.

....contributions. 3. Panel session contributions Integrated methods for V V Steve Easterbrook is working on the earlier stage of the development process, where the requirements need to be analyzed before going further. He has found the lightweight formal methods very useful in this respect [5]. To answer Steve Easterbrook is senior research associate at the NASA Independent Verification and Validation (IV V) facility (Fairmont, West Virginia) His research interests include the management of inconsistency in requirements specifications, and the use of formal methods for ....

S. Easterbrook, R. Lutz, R. Covington, J. Kelly, Y. Ampo, and D. Hamilton. Experiences Using Lightweight Formal Methods for Requirements Modeling. IEEE Transactions on Software Engineering, 24(1), Jan. 1998.

....by combining closed loop and or feedforward information from other subsystems with the raw target. The glossary, produced as one of the first steps in the process, was some help, but lacked precision in some entries. The obvious solution was to introduce some degree of formal specification (Easterbrook et al. 1998), and this was partially done with the SCR specification. The unclear words or phrases were also rewritten for reviewers into more precise text. This was supplemented by the more formal SCR description to serve as a reference for future queries. ffl Review decreased the commonalities. The ....

Easterbrook, S., Lutz, R., Covington, R., Kelly, J., Ampo, Y., Hamilton, D., 1998. Experiences Using Lightweight Formal Methods for Requirements Modeling, IEEE Transactions on Software Engineering 24 (1), 4--14.

....or model checkers. In three case studies involving lightweight applications of formal methods for requirements analysis, the formal methods provided a beneficial addition to existing requirements engineering techniques and helped find important errors that had not been previously identified [Easterbrook et al. 1998]. In another critical application Feather [1998] instead used a database as the underlying reasoning engine for automated consistency analysis. Feather s work is also interesting in that he analyzes test logs, whereas most applications of lightweight formal models so far have been to requirements ....

Easterbrook, S., Lutz, R., Covington, R., Kelly, J., Ampo, Y., and Hamilton, D. 1998. Experiences using lightweight formal methods for requirements modeling. IEEE Trans on Software Eng 24, 1, 4--14.

....classes, 265 constants, 165 variables, 2 mode class tables, 46 controlled variable tables and 84 term tables. The SCR consistency checker discovered a number of typographic and syntactical errors and unspecified variables that were errors made during our modeling process. As with earlier studies [3], the fact that the consistency checker automatically detects such errors gives us greater confidence that the final model is faithful to the original specification. A number of defects occurred in both the original specifications and the change request. We found these defects in two ways: ....

S. Easterbrook, R. Lutz, R. Covington, J. Kelly, Y. Ampo, and D. Hamilton, "Experiences Using Lightweight Formal Methods for Requirements Modeling," IEEE Transactions on Software Engineering, vol. 24, pp. 1-11, 1998.

....were found to be ambiguous during the review, since each project had a slightly different vocabulary. The glossary, produced as one of the first steps in the process, was some help, but lacked precision in some entries. The obvious solution was to introduce some degree of formal specification [5], and this was partially done with the SCR specification. The unclear words or phrases were also rewritten for reviewers into more precise text. This was supplemented by the more formal SCR description to serve as a reference for future queries. ffl Review decreased commonalities. The ....

Easterbrook, S., R. Lutz, R. Covington, J. Kelly, Y. Ampo, and D. Hamilton, "Experiences Using Lightweight Formal Methods for Requirements Modeling," IEEE Transactions on Software Engineering, Vol. 24, No. 1, January, 1998, pp. 4--14.

No context found.

S. Easterbrook, R. Lutz, R. Covington, J. Kelly, Y. Ampo, and D. Hamilton. Experiences using lightweight formal methods for requirements modeling. IEEE Transactions on Software Engineering, 24(1):4--14, 1998.

No context found.

S.M. Easterbrook et al., "Experiences Using Lightweight Formal Methods for Requirements Modeling," IEEE Trans. Software Eng., Vol. 24, No. 1, Jan. 1998, pp. 4--14.

First 50 documents

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC