Abstract
We present a framework that supports the formal verification of early requirements specifications. The framework is based on Formal Tropos, a specification language that adopts primitive concepts for modeling early requirements (such as actor, goal, and strategic dependency), along with a rich temporal specification language. We show how existing formal analysis techniques, and in particular model checking, can be adapted for the automatic verification of Formal Tropos specifications. These techniques have been implemented in a tool, called the T-Tool, that maps Formal Tropos specifications into a language that can be handled by the NuSMV model checker. Finally, we evaluate our methodology on a course-exam management case study. Our experiments show that formal analysis reveals gaps and inconsistencies in early requirements specifications that are by no means trivial to discover without the help of formal analysis tools.
Similar content being viewed by others
Notes
A more complete early requirements model should include also other actors, like the teaching assistant and the secretariat. For presentation purposes, in this paper we concentrate only on the two main actors, student and teacher.
Notice that the value of attribute passed is only relevant once the dependency has been fulfilled, therefore we do not care if it changes before its fulfillment.
This is an example of “abstraction” technique, since the verification is done on a more general specification that is obtained by removing irrelevant details. Abstraction techniques are common practice in the model checking community, see for instance [20].
The experiments confirm that this is a reasonable bound: all generated witness scenarios and counter-examples are of length 5 or shorter.
References
Yu E (1997) Towards modeling and reasoning support for early requirements engineering. In: Proceedings of the IEEE international symposium on requirement engineering. IEEE Computer Society, Washington, DC, pp 226–235
Bowen J, Stavridou V (1993) Safety critical systems, formal methods and standards. IEEE/BCS Software Eng J 8:189–209
Spivey J (1989) The Z notation, 2nd edn. Prentice Hall, Englewood Cliffs, NJ
Heitmeyer C, Jeffords R, Labaw B (1996) Automated consistency checking of requirements specification. ACM T Software Eng Meth 5:231–261
Ghezzi C, Mandrioli D, Morzenti A (1990) TRIO, a logic language for executable specifications of real-time systems. J Syst Software 2:107–123
Morzenti A, San Pietro P (1994) Object-oriented logic specifications of time critical systems. Trans Software Eng Meth 3:56–98
Dardenne A, van Lamsweerde A, Fickas S (1993) Goal-directed requirements acquisition. Sci Comput Program 20:3–50
Darimont R, Delor E, Massonet P, van Lamsweerde A (1998) GRAIL/KAOS: an environment for goal-driven requirements engineering. In: Proceedings of the 20th international conference on software engineering, vol 2, Kyoto, April 1998, pp 58–62
Clarke EM, Grumberg O, Peled D (1999) Model checking. MIT Press, Cambridge, MA
Cimatti A, Clarke EM, Giunchiglia E, Giunchiglia F, Pistore M, Roveri M, Sebastiani R, Tacchella A (2002) NuSMV 2: An opensource tool for symbolic model checking. In: Proceedings of computer aided verification conference, Copenhagen, July 2002. Lecture notes in computer science, vol 2404. Springer, Berlin Heidelberg New York
Fuxman A, Pistore M, Mylopoulos J, Traverso P (2001) Model checking early requirements specifications in Tropos. In: Proceedings of the 5th IEEE international symposium on requirements engineering, Toronto, August 2001. IEEE Computer Society, Washington, DC, pp 174–181
Fuxman A, Liu L, Pistore M, Roveri M, Mylopoulos J (2003) Specifying and analyzing early requirements in Tropos: some experimental results. In: Proceedings of the 11th IEEE international requirements engineering conference, Monterey Bay, CA, September 2003. ACM, New York
Fuxman A (2001) Formal analysis of early requirements specifications. Thesis, University of Toronto
The Formal Tropos language, 2003.http://dit.unitn.it/~ft/doc/. Cited 10 February 2004
Halpern J, Vardi M (1991) Model checking vs. theorem proving: a manifesto. In: Proceedings of the 2nd international conference on principles of knowledge representation and reasoning, Cambridge, MA, USA, 22–25 April 1991. Morgan Kaufmann, San Francisco, pp 325–334
McMillan KL (1993) Symbolic model checking. Kluwer Academic, Dordrecht
Bryant RE (1992) Symbolic Boolean manipulation with ordered binary-decision diagrams. ACM Comput Surv 24:293–318
Biere A, Cimatti A, Clarke EM, Zhu Y (1999) Symbolic model checking without BDDs. In: Proceedings of the 5th international conference on tools and algorithms for the construction and analysis of systems, Amsterdam, March 1999. Lecture notes in computer science, vol 1579. Springer, Berlin Heidelberg New York, pp 193–207
Benedetti M, Cimatti A (2003) Bounded model checking for past LTL. In: Proceedings of the 9th international conference on tools and algorithms for the construction and analysis of systems, Warsaw, Poland, April 2003. Lecture notes in computer science, vol 2619. Springer, Berlin Heidelberg New York, pp 18–33
Berezin S, Campos S, Clarke EM (1998). Compositional reasoning in model checking. In: Proceedings of international symposium on compositionality (COMPOS’97), Bad Malente, Germany, September 1998. Lecture notes in computer science, vol 1536. Springer, Berlin Heidelberg New York, pp 81–102
Jackson D, Schechter I, Shlyakhter I (2000) Alcoa: the alloy constraint analyzer. In: Proceedings of the 22nd international conference on on software engineering, Limerick, June 2000. ACM, New York
Jackson D (2002) Alloy: a lightweight object modeling notation. ACM T Software Eng Meth 11:256–290
Heitmeyer C, Kirby J, Labaw B (1997) The SCR method for formally specifying, verifying, and validating requirements: tool support. In: Proceedings of the 19th international conference on software engineering. ACM, New York, pp 610–611
Choi Y, Heimdahl MPE (2002) Model checking RSML–e requirements. In: Proceedings of the 7th IEEE international symposium on high assurance systems engineering, Tokyo, October 2002. IEEE Computer Society, Washington, DC, pp 109–119
Perini A, Pistore M, Roveri M, Susi A (2003) Agent-oriented modeling by interleaving formal and informal specification. In: Proceedings of the 4th international workshop on agent-oriented software engineering, Melbourne, Australia, July 2003. Lecture notes in computer science. Springer, Berlin Heidelberg New York
Acknowledgements
This research was partly supported by the MIUR-FIRB Project RBNE0195K5 “Automated Knowledge-Level Software Engineering”.
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Fuxman, A., Liu, L., Mylopoulos, J. et al. Specifying and analyzing early requirements in Tropos. Requirements Eng 9, 132–150 (2004). https://doi.org/10.1007/s00766-004-0191-7
Published:
Issue Date:
DOI: https://doi.org/10.1007/s00766-004-0191-7