Requirements analysis using forward and backward search

  • Robyn R. Lutz
  • Robert M. Woodhouse


The requirements analysis of critical software components often involves a search for hazardous states and failure modes. This paper describes the integration of a forward search for consequences of reaching these forbidden modes with a backward search for contributing causes. Results are reported from two projects in which the integrated search method was used to analyze the requirements of critical spacecraft software. The search process was found to be successful in identifying some ambiguous, inconsistent, and missing requirements. More importantly, it identified four significant, unresolved requirements issues involving complex system interfaces and unanticipated dependencies. The results suggest that recent efforts by researchers to integrate forward and backward search have merit.


Failure Mode Software Module Requirement Analysis Software Requirement Forward Search 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. Addy, E.A. (1991), “A Case Study on Isolation of Safety-Critical Software,” In Proceedings of the 6th Annual Conference on Computer Assurance, NIST/IEEE, Gaithersburg, MD, pp. 75–83.CrossRefGoogle Scholar
  2. Alur, R., T.A. Henzinger, and Pei-Hsin Ho (1996), “Automatic Symbolic Verification of Embedded Systems,” In IEEE Transactions on Software Engineering 22,3, 181–201.CrossRefGoogle Scholar
  3. Atlee, J.M. and J. Gannon (1993), “State-Based Model Checking of Event-Driven System Requirements,” IEEE Transactions on Software Engineering 19,1, 24–40.CrossRefGoogle Scholar
  4. Bestavros, A.A., J.J. Clark, and N.J. Ferrier (1990), “Management of Sensori-Motor Activity in Mobile Robots,” In Proceedings of the 1990 IEEE International Conference on Robotics and Automation, IEEE Computer Society Press, Cincinnati, OH, pp. 592–597.Google Scholar
  5. Cha, S.S., N.G. Leveson, and T.J. Shimeall (1991), “Safety Verification of Ada Programs Using Fault Tree Analysis,” In IEEE Software 8,4, 48–59.CrossRefGoogle Scholar
  6. Chillarege, R., I. Bhandari, J. Chaar, M. Halliday, D. Moebus, B. Ray, and M.-Y. Wong (1992), “Orthogonal Defect Classification — A Concept for In-Process Measurements,” IEEE Transactions on Software Engineering 18,11, 943–956.CrossRefGoogle Scholar
  7. Crow, J. and B.L. Di Vito (1996), “Formalizing Space Shuttle Software Requirements,” In Proceedings of the ACM SIGSOFT Workshop on Formal Methods in Software Practice, San Diego, CA.Google Scholar
  8. De Lemos, R., A. Saeed, and T. Anderson (1995), “Analyzing Safety Requirements for Process-Control Systems,” IEEE Software 12,3, 42–53.CrossRefGoogle Scholar
  9. FEAT (Failure Environment Analysis Tool), NASA Software Technology Transfer Center, Cosmic #MSC-21873 and #MSC-22446.Google Scholar
  10. Fencott, C. and B. Hebbron (1995), “The Application of HAZOP Studies to Integrated Requirements Models for Control Systems,” ISA Transactions 34, 297–308.CrossRefGoogle Scholar
  11. FIRM (Failure Identification and Risk Management Tool), NASA Software Technology Transfer Center, Cosmic #MSC-21860.Google Scholar
  12. Fragola, J.R. and J.F. Spahn (1973), “The Software Error Effects Analysis; A Qualitative Design Tool,” In Proceedings of the 1973 IEEE Symposium on Computer Software Reliability, IEEE, New York, pp. 90–93.Google Scholar
  13. Heimdahl, M.P.E. and N.G. Leveson (1996), “Completeness and Consistency in Hierarchical State-Based Requirements,” IEEE Transactions on Software Engineering 22,6, 363–377.CrossRefGoogle Scholar
  14. Heitmeyer, C., A. Bull, C. Gasarch, and B. Labaw (1995), “SCR: A Toolset for Specifying and Analyzing Requirements,” In Proceedings of the 10th Annual Conference on Computer Assurance, IEEE, Gaithersburg, MD, pp. 109–122.Google Scholar
  15. Hu, A.J., D.L. Dill, A.J. Drexler, and C. Han Yang (1993), “Higher-Level Specification and Verification with BDDs,” In Proceedings of Computer Aided Verification: Fourth International Workshop, G.V. Bochmann and D.K. Probst, Eds., Lecture Notes in Computer Science, Vol. 663, Springer-Verlag, Berlin.Google Scholar
  16. IEEE Standard Glossary of Software Engineering Terminology (1990), IEEE Std 610.12-1990, IEEE, New York.Google Scholar
  17. Lamport, L. and N. Lynch (1990), “Distributed Computing Models and Methods,” In Handbook of Theoretical Computer Science, Vol. B, Formal Models and Semantics, J. van Leeuwen, Ed., MIT Press/Elsevier, Cambridge/Amsterdam, 1990, pp. 1157–1199.Google Scholar
  18. Leveson, N. (1995), Safeware, System Safety and Computers, Addison-Wesley, Reading, MA.Google Scholar
  19. Lutz, R. (1996), “Analyzing Software Requirements Errors in Safety-Critical, Embedded Systems,” The Journal of Systems and Software 34, 223–230.CrossRefGoogle Scholar
  20. Lutz, R. and Y. Ampo (1994), “Experience Report: Using Formal Methods for Requirements Analysis of Critical Spacecraft Software,” In Proceedings for the 19th Annual Software Engineering Workshop, NASA Goddard Space Flight Center, Greenbelt, MD, pp. 231–236.Google Scholar
  21. Maier, T. (1995), “FMEA and FTA To Support Safe Design of Embedded Software in Safety-Critical Systems,” In CSR 12th Annual Workshop on Safety and Reliability of Software Based Systems, Bruges, Belgium.Google Scholar
  22. McDermid, J.A., M. Nicholson, D.J. Pumfrey, and P. Fenelon (1995), “Experience with the Application of HAZOP to Computer-Based Systems,” In Proceedings of the 10th Annual Conference on Computer Assurance, IEEE, Gaithersburg, MD, pp. 37–48.Google Scholar
  23. McDermid, J.A. and D.J. Pumfrey (1994), “A Development of Hazard Analysis To Aid Software Design,” In Proceedings of the 9th Annual Conference on Computer Assurance, IEEE, Gaithersburg, MD, pp. 17–25.CrossRefGoogle Scholar
  24. Military Standard (1980), Procedures for Performing a Failure Mode, Effects and Criticality Analysis MIL-STD-1629A.Google Scholar
  25. Nakajo, T. and H. Kume (1991), “A Case History Analysis of Software Error Cause-Effect Relationship,” IEEE Transactions on Software Engineering 17,8, 830–838.CrossRefGoogle Scholar
  26. Ostrand, T.J. and E.J. Weyuker (1984), “Collecting and Categorizing Software Error Data in an Industrial Environment,” The Journal of Systems and Software 4, 289–300.CrossRefGoogle Scholar
  27. Project Reliability Group (1990), Reliability Analyses Handbook, D-5703, Jet Propulsion Laboratory, California Institute of Technology, Pasadena, CA.Google Scholar
  28. Reifer, D.J. (1979), “Software Failure Modes and Effects Analysis,” IEEE Transactions on Reliability R-28,3, 247–249.CrossRefGoogle Scholar
  29. Selby, R.W. and V.R. Basili (1991), “Analyzing Error-Prone System Structure,” IEEE Transactions on Software Engineering 17,2, 141–152.CrossRefGoogle Scholar
  30. Sommerville, I. (1996), Software Engineering, Fifth Edition, Addison-Wesley, Reading, MA.Google Scholar
  31. System Safety Society (1993), System Safety Analysis Handbook, System Safety Society, Sterling, VA.Google Scholar
  32. Tanenbaum, A.S. (1992), Modern Operating Systems, Prentice-Hall, Englewood Cliffs, NJ.zbMATHGoogle Scholar
  33. Wunram, J. (1990), “A Strategy for Identification and Development of Safety Critical Software Embedded in Complex Space Systems,” IAA 90-557, 35–51.Google Scholar

Copyright information

© Kluwer Academic Publishers 1997

Authors and Affiliations

  • Robyn R. Lutz
    • 1
  • Robert M. Woodhouse
    • 1
  1. 1.Jet Propulsion LaboratoryCalifornia Institute of TechnologyPasadenaUSA

Personalised recommendations