Proving the shalls: Early validation of requirements through formal methods

Abstract

Incomplete, inaccurate, ambiguous, and volatile requirements have plagued the software industry since its inception. The convergence of model-based development and formal methods offers developers of safety-critical systems a powerful new approach for the early validation of requirements. This paper describes a case study conducted to determine if formal methods could be used to validate system requirements early in the lifecycle at reasonable cost. Several hundred functional and safety requirements for the mode logic of a typical Flight Guidance System were captured as natural language "shall" statements. A formal model of the mode logic was written in the RSML-e language and translated into the NuSMV model checker and the PVS theorem prover using translators developed as part of the project. Each "shall" statement was manually translated into a NuSMV or PVS property and proven using these tools. Numerous errors were found in both the original requirements and the RSML-e model. This demonstrates that formal models can be written for realistic systems and that formal analysis tools have matured to the point where they can be effectively used to find errors before implementation.