Expressing and verifying embedded software requirements

Writing requirements for embedded software is pointless unless they reflect actual needs and the final software implements them. In usual approaches, the use of different notations for requirements (often natural language) and code (a programming language) makes both conditions elusive. To address the problem, we propose to write requirements in the programming language itself. The expected advantages of this seamless approach, called AutoReq include: avoiding the potentially costly miss due to the use of different notations; facilitating software change and evolution, by making it easier to update code when requirements change and conversely; benefiting from the remarkable expressive power of modern object-oriented programming languages, while retaining a level of abstraction appropriate for requirements; leveraging, in both requirements and code, the ideas of Design by Contract, including (as the article shows) applying Hoare-style assertions to express temporal-logic-style properties and timing constraints; and taking advantage of the powerful verification tools that have been developed in recent years. The last goal, verification, is a focus of this article. While the idea of verifying requirements is not widely applied, the use of a precise formalism and a modern program prover (in our case, AutoProof for Eiffel) makes it possible at a very early stage to identify errors and inconsistencies which would, if not caught in the requirements, contaminate the final code. Applying the approach to a well-documented industrial example (a landing gear system) allowed a mechanical proof of consistency and uncovered an error in a previously published discussion of the problem.

[1]  Hisao Yamada,et al.  Real-Time Computation and Recursive Functions Not Real-Time Computable , 1962, IRE Trans. Electron. Comput..

[2]  R. Stephenson A and V , 1962, The British journal of ophthalmology.

[3]  C. A. R. HOARE,et al.  An axiomatic basis for computer programming , 1969, CACM.

[4]  Joseph E. Urban,et al.  A specification language and its processor. , 1977 .

[5]  Pamela Zave,et al.  An Operational Approach to Requirements Specification for Embedded Systems , 1982, IEEE Transactions on Software Engineering.

[6]  Donald E. Knuth,et al.  Literate Programming , 1984, Comput. J..

[7]  Bertrand Meyer,et al.  Applying 'design by contract' , 1992, Computer.

[8]  Thomas A. Henzinger,et al.  A really temporal logic , 1994, JACM.

[9]  Y. Gurevich Evolving Algebras , 1994, IFIP Congress.

[10]  Peter G. Neumann,et al.  Computer-related risks , 1994 .

[11]  Pamela Zave,et al.  Deriving Specifications from Requirements: an Example , 1995, 1995 17th International Conference on Software Engineering.

[12]  Kim Walden,et al.  Seamless object-oriented software architecture , 1995 .

[13]  Bertrand Meyer,et al.  Object-oriented software construction (2nd ed.) , 1997 .

[14]  Nancy G. Leveson,et al.  Integrated safety analysis of requirements specifications , 1997, Proceedings of ISRE '97: 3rd IEEE International Symposium on Requirements Engineering.

[15]  Kohei Honda,et al.  The Two-Phase Commitment Protocol in an Extended pi-Calculus , 2003, EXPRESS.

[16]  Yuri Gurevich,et al.  Sequential abstract-state machines capture sequential algorithms , 2000, TOCL.

[17]  Cliff B. Jones,et al.  The Early Search for Tractable Ways of Reasoning about Programs , 2003, IEEE Ann. Hist. Comput..

[18]  David R. Cok,et al.  ESC/Java2: Uniting ESC/Java and JML , 2004, CASSIS.

[19]  Manuel Mazzara,et al.  Timing Issues in Web Services Composition , 2005, EPEW/WS-FM.

[20]  Daniel Jackson,et al.  Software Abstractions - Logic, Language, and Analysis , 2006 .

[21]  Jan Mendling,et al.  Declarative versus Imperative Process Modeling Languages: The Issue of Understandability , 2009, BMMDS/EMMSAD.

[22]  Axel van Lamsweerde,et al.  Requirements Engineering: From System Goals to UML Models to Software Specifications , 2009 .

[23]  Manuel Mazzara,et al.  On Modelling and Analysis of Dynamic Reconfiguration of Dependable Real-Time Systems , 2010, 2010 Third International Conference on Dependability.

[24]  Marcello M. Bersani,et al.  An LTL semantics of business workflows with recovery , 2014, 2014 9th International Conference on Software Paradigm Trends (ICSOFT-PT).

[25]  Michael Leuschel,et al.  Validation of the ABZ Landing Gear System Using ProB , 2014, ABZ.

[26]  Amel Mammar,et al.  Modeling a Landing Gear System in Event-B , 2014, ABZ.

[27]  Paolo Arcaini,et al.  Modeling and Analyzing Using ASMs: The Landing Gear System Case Study , 2014, ABZ.

[28]  Jean-Raymond Abrial,et al.  Aircraft Landing Gear System: Approaches with Event-B to the Modeling of an Industrial System , 2014, ABZ.

[29]  Richard Banach The Landing Gear Case Study in Hybrid Event-B , 2014, ABZ.

[30]  Philippe Dhaussy,et al.  Context-Aware Verification of a Landing Gear System , 2014, ABZ.

[31]  Frédéric Boniol,et al.  The Landing Gear System Case Study , 2014, ABZ.

[32]  Silvano Dal-Zilio,et al.  Model-Checking Real-Time Properties of an Aircraft Landing Gear System Using Fiacre , 2014, ABZ.

[33]  Bertrand Meyer,et al.  Unifying Requirements and Code: An Example , 2015, Ershov Memorial Conference.

[34]  K. Rustan M. Leino,et al.  This is Boogie 2 , 2016 .

[35]  Bertrand Meyer,et al.  Complete Contracts through Specification Drivers , 2016, 2016 10th International Symposium on Theoretical Aspects of Software Engineering (TASE).

[36]  Cliff B. Jones,et al.  Turing's 1949 Paper in Context , 2017, CiE.

[37]  Bertrand Meyer,et al.  Seamless requirements , 2017, Comput. Lang. Syst. Struct..

[38]  Aaas News,et al.  Book Reviews , 1893, Buffalo Medical and Surgical Journal.