Expressing and verifying embedded software requirements
share
Writing requirements for embedded software is pointless unless they reflect actual needs and the final software implements them. In usual approaches, the use of different notations for requirements (often natural language) and code (a programming language) makes both conditions elusive. To address the problem, we propose to write requirements in the programming language itself. The expected advantages of this seamless approach, called AutoReq include: avoiding the potentially costly miss due to the use of different notations; facilitating software change and evolution, by making it easier to update code when requirements change and conversely; benefiting from the remarkable expressive power of modern object-oriented programming languages, while retaining a level of abstraction appropriate for requirements; leveraging, in both requirements and code, the ideas of Design by Contract, including (as the article shows) applying Hoare-style assertions to express temporal-logic-style properties and timing constraints; and taking advantage of the powerful verification tools that have been developed in recent years. The last goal, verification, is a focus of this article. While the idea of verifying requirements is not widely applied, the use of a precise formalism and a modern program prover (in our case, AutoProof for Eiffel) makes it possible at a very early stage to identify errors and inconsistencies which would, if not caught in the requirements, contaminate the final code. Applying the approach to a well-documented industrial example (a landing gear system) allowed a mechanical proof of consistency and uncovered an error in a previously published discussion of the problem.
READ FULL TEXT
