Modeling Requirements for Dependable Systems with UML Statecharts

System modelers often have to specify dependability properties in order to describe non-functional system re-quirements. A strict functional description of the system is not enough and could be dangerous, because the system’s behavior is undefined in the presence of a fault. A core requirement for dependability-critical systems is their ability to deal with faults. This non-functional property should be validated before the system is licensed for use in applications that affect, for instance human life. Thus, a quantitative analysis is required, which deals for example with the reliability of the system, the probability of tolerat-ing certain state perturbations, the mean duration of re-covery cycles and so on. To allow such an analysis, the requirements have to be formulated in a precise and for-mal way, so that they can be verified by an analysis tool. The use of stochastic languages to specify such require-ments often turns out in an error prone process, since even modelers with mathematical background have difficulties to compile correct requirements. A grammar for an English like language called SQIRL (Structured Language for Specifications of Quantitative Requirements) has been introduced in [1], allowing the formal specification of requirements in terms of structured English sentences. The advantage of this approach is, that the modeler can specify the requirements while using a more —naturalfi language so that the semantic of the re-quirements can be easier communicated to other persons or be used for documentation purposes. The use of SQIRL follows a three-step approach. In the first step, the non-functional requirements are specified in general terms using SQIRL. The second step deals with the refinement of the specification in the context of the system model used. The final step is required to translate the specification and the system model to a notation that can be interpreted by an analysis tool. For the second step, stochastic Petri Nets have been employed to model the system and the last step was done by using Stochastic Reward Nets (SRN) , for which a powerful analysis tool called PANDA has been developed [5]. As an alternative to Petri Nets, UML statecharts dia-grams [4] could be used to describe the system behavior. With UML statecharts, the internal behavior of compo-nents (objects, hardware nodes etc.) as well as their reac-tions to external events can be modeled. For analysis, there are two steps to be done. First, UML statecharts have to be tailored to exactly describe system behavior so that an analysis tool could interpret them. Although the UML notation has not been designed for these purposes, its standard mechanisms enable to extend the model with timing/stochastic information in the form of tagged values and classification of model elements in form of stereo-typed states and events [3]. By specifying an exact semantic and graphical notation for modeling, it is possible that an analysis tool can deal with a system model specified in UML or even perform a transformation to some other analysis models like Gener-alized Stochastic Petri Nets or Stochastic Reward Nets [2].