Proving the Shalls: Requirements, Proofs, and Model-Based Development

Informal requirements stated in a natural language often suffer from ambiguity, inconsistency, and incompleteness. For these reasons, the trend over the last decade has been towards the development of alternate approaches for specifying requirements such as use cases and requirement modeling languages. However, the growing popularity of model-based development and the increasing power of formal verification tools make yet another approach possible. In this approach, informal shall statements are captured as a first step in requirements elicitation. Next, an executable model of the system is constructed that is believed to implement these requirements. Simulation of this model is used to obtain early validation of the requirements with the customer and among the developers. The informal shall statements are then rewritten as formal properties over the model and shown to hold on the model. When possible, this is done through mathematical proof using model-checking or theorem proving. When formal proof is not possible, testing of the properties against the model is used. Finally, source code is automatically generated from the model. For safety or security systems, test cases are also automatically generated from the model and used to check that the object-code executing on the target platform correctly implements the model