Heitmeyer, C., J. Kirby, Jr., and B. Labaw, Tools for formal specification, verification, and validation of requirements, Proceedings, 12th Annual Conference on Computer Assurance (COMPASS '97), June  Home/Search   Document Not in Database   Summary   Related Articles   Check

....automated veri cation of the structural properties of requirements has been attempted, and modern CASE (Computer Aided Software Engineering) tools used in requirements engineering, as shown in Figure 11, provide limited support in enforcing structural correctness of the SRS. For example, SCR [10, 11] can automatically check if requirements are complete and consistent. Completeness means that the disjunction of all conditions cover all possible input values (i.e. yielding a tautology) and consistency means that conditions When the experiment was repeated using 10 or 20 dependency ....

C. Heitmeyer, J. Kirby, and B. Lawbaw. `Tools for Formal Speci cation, Veri cation, and Validation of Requirements. In Proceedings of 12th Annual Conf. on Computer Assurance (COMPASS '97), 1997; 16-29.

.... automated techniques for detecting errors in software requirements specifications, including an automated consistency checker to detect missing cases and other application independent errors [14] a simulator to symbolically execute the specification to ensure that it captures the users intent [13]; and a model checker to detect violations of critical application properties [3, 12] Recently, groups at NASA and Rockwell Aviation as well as our group at NRL have used the SCR techniques to detect serious errors in requirements specifications of real world systems [7, 21, 12] By exposing ....

C. Heirmeyer, J. Kirby, Jr., and B. Labaw. Tools for formal specification, verification, and validation of requirements. In Proc. 12th Annual Conf. on Computer Assurance (COMPASS '97), Gaithersburg, MD, June 1997.

.... space limitation, we have also studied important new techniques for generating efficient code from CCM specifications, by applying incrementalization [16, 19, 13, 12] to multi threaded programs and to object oriented programs; we have also studied the use of other analyses and optimizations, e.g. [11, 6, 17, 6], in our framework. We have a prototype implementation that allows interactive specification in Visual CM and automatic generation of Java code for most features of our language. We have used the system for the specification and code generation of example applications, including the ....

C. Heitmeyer, J. Kirby, and B. Labaw. Tools for formal specification, verification, and validation of requirements. In Proceedingsof 12th Annual Conferenceon Computer Assurance, June 1997.

....the test data generation criteria from the first two phases of this project to automatically create inputs. There are currently two sources for the tests; SCR specifications and UML Statecharts. The SCR specifications are created by using the SCRTool developed at the Naval Research Laboratory [HKL97] and the UML Statecharts are created using Rational Software Corporation s Rational Rose tool [Cor98] The tool reads the specifications in either the UML or the SCR format, then generates appropriate test cases. Initial results from using this tool have already been accepted for publication and ....

....TOOL SpecTest is a proof of concept tool that generates test cases from SCR and UML specifications [OA99] according to the specification based test criteria. The SCR and UML specifications that SpecTest can process are case tool specific. The SCR specifications are generated by the SCR Toolset [HKL97] which was developed by the Naval Research Laboratory. The UML specifications were generated by Rational Software Corporation s Rational Rose, hereafter Rose [Cor98] SpecTest parses SCR and Rose specification files into a consistent intermediate form. This intermediate form is then analyzed, ....

[Article contains additional citation context not shown here]

C. Heitmeyer, J. Kirby, and B. Labaw. Tools for formal specification, verification, and validation of requirements. In Proceedings of the 1997 Annual Conference on Computer Assurance (COMPASS 97), pages 35--47, Gaithersburg MD, June 1997. IEEE Computer Society Press.

....the requirements for an FDI scheme within a formal framework. The system considered is an aircraft; the objective of the FDI scheme is to detect possible failures on the roll, pitch and yaw rate gyros and to report the faulty sensors to the Recovery System. The formal technique adopted is SCR [4, 5]. The employment of a formal method for the requirements specification of the FDI scheme facilitated a better understanding of the required system behavior within its environment. While developing the system level requirements, we also gained important insights in formal description of the ....

....and a dynamic point of view (the model of the system should be executable) The evolution of the requirements during the system development process requires a periodic analysis of the specifications which is unmanageable without an automated tool. The formal method adopted in this study is SCR [4, 5]. In SCR, system behavior is described as a mode class (finite state machine) defined on the monitored variables (or input variables) The system action in the environment is modeled by means of the controlled variables (or output variables) In addition to inputs, outputs and modes, three more ....

Heitmeyer, C.L., Kirby, J., and Labaw, B.G. Tools for Formal Specification, Verification, and Validation of Requirements, Proc., COMPASS '97.

....ongoing in two major directions. A preliminary proof of concept tool has been implemented [31] This tool currently generates fullpredicate and transition pair test cases from either SCR condition tables or UML statecharts. This tool is integrated with the Naval Research Laboratory s SCR Toolset [17] and Rational Software Corporation s Rational Rose tool [11] We are currently extending this tool to remove various restrictions on the form of the specifications. We are also evaluating these criteria in terms of their usefulness to industrial applications. We are working with Rockwell Collins ....

C. Heitmeyer, J. Kirby, and B. Labaw. Tools for formal specification, verification, and validation of requirements. In Proceedings of the 1997 Annual Conference on Computer Assurance (COMPASS 97), pages 35--47, Gaithersburg MD, June 1997. IEEE Computer Society Press.

....of guidelines of the structuring of SCR speci cations and that the CoRE methodology is an integral part of the body of literature accompanying the SCR speci cation language. The SCR tool set developed at the NRL to support the SCR speci cation language includes a number of useful features [21, 22]. First, it assists in the construction and editing of SCR speci cations by providing graphical support for creating and editing the tables in the speci cation as well as providing useful cross referencing features in the form of the various dictionaries maintained by the tool. The tool provides ....

C. Heitmeyer, J. Kirby, and B. Labaw. Tools for formal specication, verication, and validation of requirements. In COMPASS 97. Are we Making Progress Towards Computer Assurance?, page xxx, 1997. 79

....on an initial feasibility study of checking consistency properties of RSML specifications. More effort is needed to investigate the application of formal verification tools to check other aspects of RSML specifications. The long term goal is to construct an integrated RSML toolset. The SCR toolset [11] is inspirational in this regard. Acknowledgements We would like to thank John Rushby, SRI International, who made the contact between the research groups and provided valuable comments during the project and to this paper. We also appreciate the comments from the anonymous reviewers and Nancy ....

C. L. Heitmeyer, J. Kirby, and B. Labaw. Tools for formal specification, verification, and validation of requirements. In Proceedings of 12th Annual Conference on Computer Assurance (COMPASS '97), pages 35 -- 47, Gaithersburg, MD, USA, June 1997.

No context found.

Heitmeyer, C., J. Kirby, Jr., and B. Labaw, Tools for formal specification, verification, and validation of requirements, Proceedings, 12th Annual Conference on Computer Assurance (COMPASS '97), June

No context found.

Constance Heitmeyer, James Kirby, Jr., and Bruce Labaw. Tools for formal specification, verification, and validation of requirements. In Proc. 12th Annual Conf. on Computer Assurance (COMPASS '97), Gaithersburg, MD, June 1997.

....= c c 0 d: 1) Informally, T(c) WHEN d means that c is false in the old state and changes to true in the new state, while d is true in the old state but unrestricted in the new state. In this paper, both :c and c denote the negation of condition c. Introduced in 1995, the SCR toolset [14, 15, 16] is an integrated suite of tools supporting the SCR method. The tools include a specification editor for creating the specification, a simulator for validating that the specification satisfies the customer s intent [14] and a consistency checker [15] to analyze the specification for properties ....

.... on the generation of invariants from mode tables, extending the GROUP algorithm to event tables is straightforward (just as extending KEEP to event tables is straightforward [18] Figure 2 contains a mode transition table, part of an SCR specification for an Automobile Cruise Control System [16]. The table defines the values of a mode class M . In isolation, a mode class, its initial states, its inputs, and its transitions which we call a mode machine may be viewed as a very simple system Sigma with a single dependent variable, a mode class M . In this machine, the mode is the ....

C. L. Heitmeyer, J. Kirby, Jr., and B. G. Labaw. Tools for formal specification, verification, and validation of requirements. In Proc. COMPASS'97, pp. 35--47, Gaithersburg, MD, June 1997. IEEE.

....permitted negative time values; however, doing so would have complicated several of our definitions, and, therefore, proofs involving reasoning about time. For example, we would have had to explictly state that the value of now for any state is nonnegative. 13 For more on SCR specifications, see [15, 17]. 21 ############################################################################### Inv 6 3 A(s: states) bool = FORALL (r: train) status(r,s) I = gate status(s) fully down ) AUTO INDUCT) 1 ; Case enterI(Itrainof action) APPLY SPECIFIC PRECOND) SUPPOSE ....

Constance Heitmeyer, James Kirby, and Bruce Labaw. Tools for formal specification, verification, and validation of requirements. In Proc. 12th Annual Conf. on Computer Assurance (COMPASS '97), Gaithersburg, MD, June 1997.

....system behaviors, these scenarios must satisfy some coverage criterion. The SCR (Software Cost Reduction) requirements method [14, 11] is a tabular formal method for specifying the black box behavior of a system, i.e. its operational requirements. The use of SCR is supported by the SCR toolset [13, 10, 11] developed at NRL. SCR is designed to support engineers in the development of real systems. Besides providing an editor for creating SCR specifications, SCR supports the analysis of SCR specifications with a wide range of techniques, including consistency checking, simulation, invariant ....

....of SCR is to determine whether the properties in the specification assertions dictionary are satisfied by the operational specification defined by the other dictionaries and tables. Figure 3. A portion of the specification assertions dictionary for CD. 2. 2 The SCR Toolset The SCR toolset [13, 10, 11] is a set of software tools developed by NRL to provide mechanized support for the SCR method. In addition to a specification editor for creating and modifying a requirements specification and a dependency graph browser to display the dependencies among the variables in the specification, the ....

C. Heitmeyer, J. Kirby, and B. Labaw. Tools for formal specification, verification, and validation of requirements. In Proc. 12th Annual Conf. on Computer Assurance (COMPASS '97), Gaithersburg, MD, June 1997.

.... automated techniques for detecting errors in software requirements speci cations, including an automated consistency checker to detect missing cases and other application independent errors [14] a simulator to symbolically execute the speci cation to ensure that it captures the users intent [13]; and a model checker to detect violations of critical application properties [3, 12] Recently, groups at NASA and Rockwell Aviation as well as our group at NRL have used the SCR techniques to detect serious errors in requirements speci cations of real world systems [7, 21, 12] By exposing ....

C. Heitmeyer, J. Kirby, Jr., and B. Labaw. Tools for formal specication, veri- cation, and validation of requirements. In Proc. 12th Annual Conf. on Computer Assurance (COMPASS '97), Gaithersburg, MD, June 1997.

....and to complement and support one another. Included among the tools in SCR are an automated consistency checker, a simulator, and various verification tools. To provide a high degree of assurance in the correctness of CD s specification, we have applied the SCR method, including the SCR tools [12, 13, 11]. Our results suggest that applying the SCR method in the development of COMSEC devices of moderate size and complexity is practical, effective, and low cost. In approximately one person month, we were able to represent a significant subset of a prose requirements document for CD in the the SCR ....

.... can be represented as either state invariants or transition invariants, where a state invariant is a property that holds in every reachable state and a transition invariant is a property that holds in every reachable prestate poststate pair (i.e. reachable transition) The SCR toolset [12, 13, 11] is a set of software tools developed by NRL to provide mechanized support for the SCR method. The tools include a specification editor for creating and modifying both an operational requirements specification (i.e. a state machine representation of the required behavior) and a set of properties, ....

C. Heitmeyer, J. Kirby, and B. Labaw. Tools for formal specification, verification, and validation of requirements. In Proc. 12th Annual Conf. on Computer Assurance (COMPASS '97), Gaithersburg, MD, June 1997.

....techniques for analyzing them. These techniques include an automated consistency checker to expose missing cases, unwanted nondeterminism, and other application independent errors [1] a simulator to symbolically execute the specification to ensure that it captures the users intent [2]; and a model checker to detect violations of critical application properties [3, 4] The SCR method also provides a customized interface called TAME (Timed Automata Modeling Environment) 5] for verifying specifications using the mechanical theorem prover PVS (Prototype Verification System) 6] ....

C. Heitmeyer, J. Kirby, Jr., and B. Labaw. Tools for formal specification, verification, and validation of requirements. In Proc. 12th Annual Conf. on Computer Assurance (COMPASS '97), Gaithersburg, MD, June 1997.

....Grumman, and Ontario Hydro, have used SCR to specify requirements. To support the SCR method, we have recently developed a formal state machine model to define the SCR semantics [9, 11] and a set of integrated software tools to support validation and verification of SCR requirements specifications [8, 10, 4]. The tools include an editor for creating and modifying a requirements specification, a simulator for symbolically executing the specification, a consistency checker which checks the specification for well formedness (e.g. syntax and type correctness, no missing cases or unwanted ....

....creating the requirements specification, we used our automated consistency checker [8, 9] to check for proper syntax, type correctness, missing cases, nondeterminism, and other applicationindependent properties. Then, we used our simulator to symbolically execute the requirements specification [10] to ensure that the specification captures (what we assume is) the customers intent . For the autopilot specification, our consistency checker detected three instances of inconsistent requirements. Whereas we detected the inconsistency described in Section 4.5 by inspection, we overlooked the ....

C. Heitmeyer, J. Kirby, and B. Labaw. Tools for formal specification, verification, and validation of requirements. In Proc. 12 th Annual Conference on Computer Assurance, NIST, Gaithersburg MD, June 1997.

....of practical systems. The largest application of SCR to date occurred in 1993 94 when engineers at Lockheed used a version of SCR to document the complete requirements of Lockheed s C 130J OFP [12] a program containing more than 230K lines of Ada code. Introduced in 1995, the SCR toolset [16, 17, 18] is an integrated suite of tools supporting the SCR requirements method. Each tool in the suite detects a special class of errors. For example, the specification editor helps the user detect ambiguous requirements; the consistency checker automatically detects violations of application independent ....

....table represents the transitions of a mode machine in a tabular format. The inputs of the mode machine are the variables appearing in the predicates that define the transitions. Table 1 contains a mode transition table, part of an SCR specification for the Automobile Cruise Control System [18]. In this system, the set of state variables RF is defined by RF = fIgnOn, Lever, EngRunning, Brake, Mg, where IgnOn, Lever, EngRunning, and Brake are monitored variables and M is a mode class with values in the set fOff; Inactive; Cruise; Overrideg. The variables IgnOn, EngRunning, and Brake ....

Heitmeyer, C. L., Kirby, Jr., J., and Labaw, B. G. Tools for formal specification, verification, and validation of requirements. In Proc. 12th Annual Conf. on Computer Assurance (COMPASS '97) (Gaithersburg, MD, June 1997), IEEE.

....events. Eacj Dependency Graph Browser. Understanding the relationship between different parts of a large specification can be difficult. To address this problem, the Dependency Graph Browser (DGB) represents the dependencies among the variables in a given SCR specification as a directed graph [6]. By studying the graph, a user can detect errors such as undefined variables and circular definitions. He can also use the DGB to extract and analyze subsets of the dependency graph, e.g. the subgraph containing all variables upon which a selected controlled variable depends. Consistency ....

....user can detect errors such as undefined variables and circular definitions. He can also use the DGB to extract and analyze subsets of the dependency graph, e.g. the subgraph containing all variables upon which a selected controlled variable depends. Consistency Checker. The consistency checker [7, 6] analyzes a specification for consistency with the SCR requirements model. It exposes syntax and type errors, variable name discrepancies, missing cases, nondeterminism, and circular definitions. When an error is detected, the consistency checker provides detailed feedback to facilitate error ....

[Article contains additional citation context not shown here]

C. Heitmeyer, J. Kirby, Jr., and B. Labaw. Tools for formal specification, verification, and validation of requirements. In Proc. 12th Annual Conf. on Computer Assurance, June 1997.

....specified in SCR [12] The OFP consists of more than 230K lines of Ada, thus demonstrating SCR s scalability. To support the SCR method, we have developed a complete formal semantics for the SCR notation [18] and a collection of software tools for specifying and analyzing software requirements [19, 16]. The SCR tools include a specification editor for creating and modifying a requirements specification in the SCR tabular notation, an automated consistency checker for checking the specification for well formedness errors (e.g. syntax and type errors, missing cases, circular definitions, and ....

....the two transducers is within safe limits. This property is referred to below as property q. SCR OVERVIEW Presented below is a brief introduction to the SCR model and a summary of the characteristics that distinguish the SCR method from other formal methods. For more information about SCR, see [18, 19, 3, 16]. SCR Requirements Model The SCR requirements model includes a set RF = fr 1 ; r 2 ; r ng containing the names of all variables in a given specification and a function TY which maps each variable to the set of its legal values. In the model, a state s is a function that maps each ....

C. Heitmeyer, J. Kirby, and B. Labaw. Tools for formal specification, verification, and validation of requirements. In Proc. 12th Annual Conf. on Computer Assurance (COMPASS '97), Gaithersburg, MD, June 1997.

....The OFP consists of more than 230K lines of Ada code [39] thus demonstrating the scalability of SCR. We have developed a formal state machine model to define the SCR semantics [18, 14] and a set of formal techniques and software tools to analyze requirements specifications in the SCR notation [15, 16, 14]. The tools include a specification editor for creating and modifying a requirements specification, a consistency checker which checks the specification for well formedness (e.g. syntax and type correctness, no missing cases, no circular definitions, and no unwanted nondeterminism) and a ....

....RSML (such as events, input variables, environment assumptions, and the synchrony hypothesis) into suitable SMV constructs. Unlike our approach, their translation also deals with hierarchical states and timing. We have begun to support both hierarchy and timing in SCR specifications; see, e.g. [16]. Another important difference between their approach and ours is that their translation involved significant manual effort (such as modifications to SMV and the use of special purpose macro processors) In contrast, we use both Spin and SMV out of the box . The most significant difference ....

Constance Heitmeyer, James Kirby, and Bruce Labaw. Tools for formal specification, verification, and validation of requirements. In Proc. 12th Annual Conf. on Computer Assurance (COMPASS '97), Gaithersburg, MD, June 1997.

....of these specialized proof steps together with a set of standard theories and automata templates upon which the steps rely, and in itself has no interface features at the first level. However, we have recently investigated the integration of TAME into a set of tools called the SCR toolset [9, 6, 7]. The SCR tools are designed to support editing and performing various kinds of analysis on requirements specifications of control system software. Once TAME has been fully integrated into the SCR toolset, the user who wishes to apply TAME to an SCR specification will have first level interface ....

....of safety critical control systems. Since its introduction in 1980 [10] SCR has been applied successfully to a wide range of critical systems, including avionics systems, space systems, telephone networks, and control systems for nuclear power plants. A set of software tools, called SCR [9, 6, 7], has been constructed to support the SCR method. In addition to a specification editor for creating a specification and a dependency graph browser to display the dependencies among the variables in the specification, the toolset includes an automated consistency checker to detect type errors, ....

C. Heitmeyer, J. Kirby, and B. Labaw. Tools for formal specification, verification, and validation of requirements. In Proc. 12th Annual Conf. on Computer Assurance (COMPASS '97), Gaithersburg, MD, June 1997.

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC