Verifying communication constraints in RSML specifications

Discusses a formal approach to the specification of inter-component communication in RSML (Requirements State Machine Language) specifications. The approach is based on communicating finite state machines. The formalism allows the encapsulation of communication-related properties in well-defined interface specifications. The encapsulation enables us to use the interface specifications as simple safety kernels and to enforce certain safety and liveness constraints in these kernels, Furthermore, we describe how safety and liveness constraints related to inter-component communication can be formalized using a simple and easy-to-understand constraint language. To formally verify that the constraints are satisfied in an RSML model, we attempt to prove that the constraints are satisfied by only looking at the interface specifications. We illustrate the approach with an example from the TCAS II (Traffic Collision Avoidance System) avionics system.

[1]  David Harel,et al.  Statecharts: A Visual Formalism for Complex Systems , 1987, Sci. Comput. Program..

[2]  Kathryn L. Heninger Specifying Software Requirements for Complex Systems: New Techniques and Their Application , 2001, IEEE Transactions on Software Engineering.

[3]  John Gannon,et al.  State-based model checking of event-driven system requirements , 1991, SIGSOFT '91.

[4]  Kevin G. Wika Safety kernal enforcement of software safety policies , 1995 .

[5]  David Harel,et al.  On visual formalisms , 1988, CACM.

[6]  John Rushby,et al.  The PVS Specification Language , 1993 .

[7]  Mats Per Erik Heimdahl,et al.  Using PVS to analyze hierarchical state-based requirements for completeness and consistency , 1996, Proceedings. IEEE High-Assurance Systems Engineering Workshop (Cat. No.96TB100076).

[8]  Nancy G. Leveson,et al.  Completeness and Consistency in Hierarchical State-Based Requirements , 1996, IEEE Trans. Software Eng..

[9]  Robyn R. Lutz Targeting safety-related errors during software requirements analysis , 1993, SIGSOFT '93.

[10]  Marsha Chechik,et al.  Automatic analysis of consistency between implementations and requirements: a case study , 1995, COMPASS '95 Proceedings of the Tenth Annual Conference on Computer Assurance Systems Integrity, Software Safety and Process Security'.

[11]  K. G. Wika,et al.  On the enforcement of software safety policies , 1995, COMPASS '95 Proceedings of the Tenth Annual Conference on Computer Assurance Systems Integrity, Software Safety and Process Security'.

[12]  Thomas Anderson Safe and Secure Computing Systems , 1989 .

[13]  Nancy G. Leveson,et al.  Requirements Specification for Process-Control Systems , 1994, IEEE Trans. Software Eng..

[14]  David Notkin,et al.  Model checking large software specifications , 1996, SIGSOFT '96.

[15]  Nancy G. Leveson,et al.  Completeness and Consistency Analysis of State-Based Requirements , 1995, 1995 17th International Conference on Software Engineering.

[16]  Mandayam K. Srivas,et al.  A Tutorial Introduction to PVS , 1998 .

[17]  Joanne M. Atlee,et al.  A logic-model semantics for SCR software requirements , 1996, ISSTA '96.

[18]  Robyn R. Lutz,et al.  Analyzing software requirements errors in safety-critical, embedded systems , 1993, [1993] Proceedings of the IEEE International Symposium on Requirements Engineering.

[19]  Amir Pnueli,et al.  On the Development of Reactive Systems , 1989, Logics and Models of Concurrent Systems.

[20]  Nancy G. Leveson,et al.  Software Requirements Analysis for Real-Time Process-Control Systems , 1991, IEEE Trans. Software Eng..

[21]  Nancy G Leveson,et al.  Software safety: why, what, and how , 1986, CSUR.

[22]  Alan C. Shaw,et al.  Communicating Real-Time State Machines , 1992, IEEE Trans. Software Eng..

[23]  David Notkin,et al.  Model checking large software specifications , 1996, SIGSOFT '96.

[24]  Nancy G. Leveson,et al.  Specification and analysis of the requirements for embedded software with an external interaction model , 1990 .

[25]  Dan Craigen,et al.  Formal Methods Reality Check: Industrial Usage , 1993, FME.

[26]  Constance L. Heitmeyer,et al.  Consistency checking of SCR-style requirements specifications , 1995, Proceedings of 1995 IEEE International Symposium on Requirements Engineering (RE'95).

[27]  Amnon Naamad,et al.  Statemate: a working environment for the development of complex reactive systems , 1988, ICSE '88.

[28]  Constance L. Heitmeyer,et al.  Automated consistency checking of requirements specifications , 1996, TSEM.

[29]  Dan Craigen,et al.  Experience with formal methods in critical systems , 1994, IEEE Software.