Requirements Engineering

, Volume 19, Issue 3, pp 231–255 | Cite as

On requirement verification for evolving Statecharts specifications

  • Carlo Ghezzi
  • Claudio MenghiEmail author
  • Amir Molzam Sharifloo
  • Paola Spoletini
RE 2013


Software development processes have been evolving from rigid, pre-specified, and sequential to incremental, and iterative. This evolution has been dictated by the need to accommodate evolving user requirements and reduce the delay between design decision and feedback from users. Formal verification techniques, however, have largely ignored this evolution and even when they made enormous improvements and found significant uses in practice, like in the case of model checking, they remained confined into the niches of safety-critical systems. Model checking verifies if a system’s model \(\mathcal{M}\) satisfies a set of requirements, formalized as a set of logic properties \(\Phi\). Current model-checking approaches, however, implicitly rely on the assumption that both the complete model \(\mathcal{M}\) and the whole set of properties \(\Phi\) are fully specified when verification takes place. Very often, however, \(\mathcal{M}\) is subject to change because its development is iterative and its definition evolves through stages of incompleteness, where alternative design decisions are explored, typically to evaluate some quality trade-offs. Evolving systems specifications of this kind ask for novel verification approaches that tolerate incompleteness and support incremental analysis of alternative designs for certain functionalities. This is exactly the focus of this paper, which develops an incremental model-checking approach for evolving Statecharts. Statecharts have been chosen both because they are increasingly used in practice natively support model refinements.


Software modeling Statecharts Agile development Formal verification Model checking Incremental verification 



We thank the reviewers for their constructive and useful comments. This paper is partially funded by the European Commission, Program IDEAS-ERC, Project 227977-SMScom.


  1. 1.
    Ali R, Dalpiaz F, Giorgini P, Souza V (2011) Requirements evolution: from assumptions to reality. In: Halpin T, Nurcan S, Krogstie J, Soffer P, Proper E, Schmidt R, Bider I (eds) Enterprise, business-process and information systems modeling, lecture notes in business information processing, vol 81. Springer, Berlin, Heidelberg, pp 372–382. doi: 10.1007/978-3-642-21759-3_27
  2. 2.
    Alur R, Brayton RK, Henzinger TA, Qadeer S, Rajamani SK (2001) Partial-order reduction in symbolic state-space exploration. Form Methods Syst Des 18(2):97–116. doi: 10.1023/A:1008767206905 Google Scholar
  3. 3.
    Alur R, Yannakakis M (2001) Model checking of hierarchical state machines. ACM Trans Program Lang Syst (TOPLAS) 23(3):273–303CrossRefGoogle Scholar
  4. 4.
    Baier C, Katoen JP (2008) Principles of model checking (representation and mind series). The MIT Press, Cambridge, MAGoogle Scholar
  5. 5.
    Bianculli D, Giannakopoulou D, Păsăreanu CS (2011) Interface decomposition for service compositions. In: Proceedings of the 33rd international conference on software engineering (ICSE), pp 501–510Google Scholar
  6. 6.
    Clarke E, Heinle W (2000) Modular translation of Statecharts to smv. In: Technical report CMU-CS-00-XXX Carnegie Mellon University, School of Computer ScienceGoogle Scholar
  7. 7.
    Cockburn A, Highsmith J (2001) Agile software development, the people factor. Computer 34(11):131–133. doi: 10.1109/2.963450 CrossRefGoogle Scholar
  8. 8.
    Dong W, Wang J, Qi X, Qi ZC (2001) Model checking UML Statecharts. In: Proceedings of the 8th Asia-Pacific software engineering conference (APSEC), pp 363–370Google Scholar
  9. 9.
    Famelis M, Salay R, Chechik M (2012) Partial models: towards modeling and reasoning with uncertainty. In: Proceedings of the 34th international conference on software engineering (ICSE), pp 573–583Google Scholar
  10. 10.
    Flanagan C, Freund SN, Qadeer S (2002) Thread-modular verification for shared-memory programs. In: Proceedings of the 2002 European symposium on programming, pp 262–277. SpringerGoogle Scholar
  11. 11.
    Flanagan C, Qadeer S (2003) Assume-guarantee model checking. Technical report, Microsft ResearchGoogle Scholar
  12. 12.
    Flanagan C, Qadeer S (2003) Thread-modular model checking. Springer, Berlin, pp 213–224Google Scholar
  13. 13.
    Ghezzi C, Menghi C, Molzam Sharifloo A, Spoletini P (2013) On requirements verification for model refinments. In: Requirements engineering conference (RE), 2013 21th IEEE internationalGoogle Scholar
  14. 14.
    Gnesi S, Latella D, Massink M (1999) Model checking UML statechart diagrams using jack. In: Proceedings of the 4th IEEE international symposium on high-assurance systems engineering, pp 46–55Google Scholar
  15. 15.
    Graham D (1992) Incremental development and delivery for large software systems. In: IEE colloquium on software prototyping and evolutionary development, pp 2/1–2/9Google Scholar
  16. 16.
    Harel D (1987) Statecharts: a visual formalism for complex systems. Sci Comput Program 8(3):231–274. doi: 10.1016/0167-6423(87)90035-9. Google Scholar
  17. 17.
    Harel D, Naamad A (1996) The statemate semantics of Statecharts. ACM Trans Softw Eng Method (TOSEM) 5(4):293–333. doi: 10.1145/235321.235322 Google Scholar
  18. 18.
    Henzinger T, Qadeer S, Rajamani S (1998) You assume, we guarantee: methodology and case studies. In: Proceedings of the international conference on computer aided verification, vol 1427. Springer, Berlin, Heidelberg, pp 440–451Google Scholar
  19. 19.
    Highsmith J, Cockburn A (2001) Agile software development: the business of innovation. Computer 34(9):120–127. doi: 10.1109/2.947100 CrossRefGoogle Scholar
  20. 20.
    Jones CB (1983) Tentative steps toward a development method for interfering programs. ACM Trans Program Lang Syst 5(4):596–619. doi: 10.1145/69575.69577 Google Scholar
  21. 21.
    Latella D, Majzik I, Massink M (1999) Towards a formal operational semantics of UML statechart diagrams. In: Proceedings of the 3rd international conference on formal methods for open object-based distributed systems (FMOODS), p 465Google Scholar
  22. 22.
    Leue S, Lafuente AL (2006) Partial-order reduction for general state exploring algorithms. In: Model checking software. LNCS, pp 271–287. SpringerGoogle Scholar
  23. 23.
    Maraninchi F (1992) Operational and compositional semantics of synchronous automaton compositions. In: Proceedings of the international conference on concurrency theory, pp 550–564. SpringerGoogle Scholar
  24. 24.
    Meyer B (1992) Applying ’design by contract’. Computer 25(10):40–51. doi: 10.1109/2.161279 CrossRefGoogle Scholar
  25. 25.
    Oreizy P, Gorlick MM, Taylor RN, Heimbigner D, Johnson G, Medvidovic N, Quilici A, Rosenblum DS, Wolf AL (1999) An architecture-based approach to self-adaptive software. IEEE Intell Syst 14(3):54–62. doi: 10.1109/5254.769885 Google Scholar
  26. 26.
    Prashanth C, Shet KC (2009) Efficient algorithms for verification of UML statechart models. J Softw 4(3):175–182CrossRefGoogle Scholar
  27. 27.
    Păsăreanu CS, Dwyer MB, Huth M (1999) Assume-guarantee model checking of software: a comparative case study. In: Proceedings of the 5th and 6th international SPIN workshops on theoretical and practical aspects of SPIN model checking, pp 168–183Google Scholar
  28. 28.
    Salay R, Chechik M, Horkoff J (2012) Managing requirements uncertainty with partial models. In: Proceedings of the 20th IEEE international requirements engineering conference (RE), pp 1 –10Google Scholar
  29. 29.
    Salay R, Famelis M, Chechik M (2012) Language independent refinement using partial modeling. In: Proceedings of the 15th international conference on fundamental approaches to software engineering (FASE), pp 224–239. Springer, Berlin, HeidelbergGoogle Scholar
  30. 30.
    Sampath P, Arora S, Ramesh S (2012) Evolving specifications formally. In: Proceedings of the 20th IEEE international requirements engineering conference (RE), pp 5–14Google Scholar
  31. 31.
    Shaker P, Atlee J, Wang S (2012) A feature-oriented requirements modelling language. In: Proceedings of the 20th international requirements engineering conference (RE), pp 151–160Google Scholar
  32. 32.
    Sharifloo AM, Spoletini P (2012) Lover: light-weight formal verification of adaptive systems at run time. In: Proceedings of the 9th international symposium on formal aspects of component software, pp 170–187Google Scholar
  33. 33.
    Uchitel S, Brunet G, Chechik M (2009) Synthesis of partial behavior models from properties and scenarios. IEEE Trans Softw Eng 35(3):384–406CrossRefGoogle Scholar
  34. 34.
    Uchitel S, Chechik M (2004) Merging partial behavioural models. In: Proceedings of the 12th ACM SIGSOFT 12th international symposium on foundations of software engineering, SIGSOFT ’04/FSE-12, pp 43–52. doi: 10.1145/1029894.1029904
  35. 35.
    Wang J, Dong W, Qi ZC (2002) Slicing hierarchical automata for model checking UML Statecharts. In: Proceedings of the 4th international conference on formal engineering methods: formal methods and software engineering (ICFEM), pp 435–446. Springer.
  36. 36.
    Zhao Q, Krogh BH (2006) Formal verification of Statecharts using finite-state model checkers. IEEE Trans Control Syst Technol 14(5):943–950CrossRefGoogle Scholar

Copyright information

© Springer-Verlag London 2013

Authors and Affiliations

  • Carlo Ghezzi
    • 1
  • Claudio Menghi
    • 1
    Email author
  • Amir Molzam Sharifloo
    • 1
  • Paola Spoletini
    • 2
  1. 1.DeepSE Research Group, Dipartimento di Elettronica e InformazionePolitecnico di MilanoMilanItaly
  2. 2.DiSTAUniversità dell’InsubriaVareseItaly

Personalised recommendations