Skip to main content
SpringerLink
Log in

Specifying and analyzing early requirements in Tropos

  • Original Article
  • Published:
Requirements Engineering Aims and scope Submit manuscript

Abstract

We present a framework that supports the formal verification of early requirements specifications. The framework is based on Formal Tropos, a specification language that adopts primitive concepts for modeling early requirements (such as actor, goal, and strategic dependency), along with a rich temporal specification language. We show how existing formal analysis techniques, and in particular model checking, can be adapted for the automatic verification of Formal Tropos specifications. These techniques have been implemented in a tool, called the T-Tool, that maps Formal Tropos specifications into a language that can be handled by the NuSMV model checker. Finally, we evaluate our methodology on a course-exam management case study. Our experiments show that formal analysis reveals gaps and inconsistencies in early requirements specifications that are by no means trivial to discover without the help of formal analysis tools.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10
Fig. 11
Fig. 12
Fig. 13
Fig. 14

Similar content being viewed by others

Notes

  1. A more complete early requirements model should include also other actors, like the teaching assistant and the secretariat. For presentation purposes, in this paper we concentrate only on the two main actors, student and teacher.

  2. Notice that the value of attribute passed is only relevant once the dependency has been fulfilled, therefore we do not care if it changes before its fulfillment.

  3. This is an example of “abstraction” technique, since the verification is done on a more general specification that is obtained by removing irrelevant details. Abstraction techniques are common practice in the model checking community, see for instance [20].

  4. The experiments confirm that this is a reasonable bound: all generated witness scenarios and counter-examples are of length 5 or shorter.

References

  1. Yu E (1997) Towards modeling and reasoning support for early requirements engineering. In: Proceedings of the IEEE international symposium on requirement engineering. IEEE Computer Society, Washington, DC, pp 226–235

  2. Bowen J, Stavridou V (1993) Safety critical systems, formal methods and standards. IEEE/BCS Software Eng J 8:189–209

    Google Scholar 

  3. Spivey J (1989) The Z notation, 2nd edn. Prentice Hall, Englewood Cliffs, NJ

  4. Heitmeyer C, Jeffords R, Labaw B (1996) Automated consistency checking of requirements specification. ACM T Software Eng Meth 5:231–261

    Article  Google Scholar 

  5. Ghezzi C, Mandrioli D, Morzenti A (1990) TRIO, a logic language for executable specifications of real-time systems. J Syst Software 2:107–123

    Article  Google Scholar 

  6. Morzenti A, San Pietro P (1994) Object-oriented logic specifications of time critical systems. Trans Software Eng Meth 3:56–98

    Article  Google Scholar 

  7. Dardenne A, van Lamsweerde A, Fickas S (1993) Goal-directed requirements acquisition. Sci Comput Program 20:3–50

    Article  Google Scholar 

  8. Darimont R, Delor E, Massonet P, van Lamsweerde A (1998) GRAIL/KAOS: an environment for goal-driven requirements engineering. In: Proceedings of the 20th international conference on software engineering, vol 2, Kyoto, April 1998, pp 58–62

  9. Clarke EM, Grumberg O, Peled D (1999) Model checking. MIT Press, Cambridge, MA

  10. Cimatti A, Clarke EM, Giunchiglia E, Giunchiglia F, Pistore M, Roveri M, Sebastiani R, Tacchella A (2002) NuSMV 2: An opensource tool for symbolic model checking. In: Proceedings of computer aided verification conference, Copenhagen, July 2002. Lecture notes in computer science, vol 2404. Springer, Berlin Heidelberg New York

  11. Fuxman A, Pistore M, Mylopoulos J, Traverso P (2001) Model checking early requirements specifications in Tropos. In: Proceedings of the 5th IEEE international symposium on requirements engineering, Toronto, August 2001. IEEE Computer Society, Washington, DC, pp 174–181

  12. Fuxman A, Liu L, Pistore M, Roveri M, Mylopoulos J (2003) Specifying and analyzing early requirements in Tropos: some experimental results. In: Proceedings of the 11th IEEE international requirements engineering conference, Monterey Bay, CA, September 2003. ACM, New York

  13. Fuxman A (2001) Formal analysis of early requirements specifications. Thesis, University of Toronto

  14. The Formal Tropos language, 2003.http://dit.unitn.it/~ft/doc/. Cited 10 February 2004

  15. Halpern J, Vardi M (1991) Model checking vs. theorem proving: a manifesto. In: Proceedings of the 2nd international conference on principles of knowledge representation and reasoning, Cambridge, MA, USA, 22–25 April 1991. Morgan Kaufmann, San Francisco, pp 325–334

  16. McMillan KL (1993) Symbolic model checking. Kluwer Academic, Dordrecht

  17. Bryant RE (1992) Symbolic Boolean manipulation with ordered binary-decision diagrams. ACM Comput Surv 24:293–318

    Article  Google Scholar 

  18. Biere A, Cimatti A, Clarke EM, Zhu Y (1999) Symbolic model checking without BDDs. In: Proceedings of the 5th international conference on tools and algorithms for the construction and analysis of systems, Amsterdam, March 1999. Lecture notes in computer science, vol 1579. Springer, Berlin Heidelberg New York, pp 193–207

  19. Benedetti M, Cimatti A (2003) Bounded model checking for past LTL. In: Proceedings of the 9th international conference on tools and algorithms for the construction and analysis of systems, Warsaw, Poland, April 2003. Lecture notes in computer science, vol 2619. Springer, Berlin Heidelberg New York, pp 18–33

  20. Berezin S, Campos S, Clarke EM (1998). Compositional reasoning in model checking. In: Proceedings of international symposium on compositionality (COMPOS’97), Bad Malente, Germany, September 1998. Lecture notes in computer science, vol 1536. Springer, Berlin Heidelberg New York, pp 81–102

  21. Jackson D, Schechter I, Shlyakhter I (2000) Alcoa: the alloy constraint analyzer. In: Proceedings of the 22nd international conference on on software engineering, Limerick, June 2000. ACM, New York

  22. Jackson D (2002) Alloy: a lightweight object modeling notation. ACM T Software Eng Meth 11:256–290

    Article  Google Scholar 

  23. Heitmeyer C, Kirby J, Labaw B (1997) The SCR method for formally specifying, verifying, and validating requirements: tool support. In: Proceedings of the 19th international conference on software engineering. ACM, New York, pp 610–611

  24. Choi Y, Heimdahl MPE (2002) Model checking RSML–e requirements. In: Proceedings of the 7th IEEE international symposium on high assurance systems engineering, Tokyo, October 2002. IEEE Computer Society, Washington, DC, pp 109–119

  25. Perini A, Pistore M, Roveri M, Susi A (2003) Agent-oriented modeling by interleaving formal and informal specification. In: Proceedings of the 4th international workshop on agent-oriented software engineering, Melbourne, Australia, July 2003. Lecture notes in computer science. Springer, Berlin Heidelberg New York

Download references

Acknowledgements

This research was partly supported by the MIUR-FIRB Project RBNE0195K5 “Automated Knowledge-Level Software Engineering”.

Author information

Authors and Affiliations

  1. Department of Computer Science, University of Toronto, 40 St. George St., Toronto, M5S 2E4, Canada

    Ariel Fuxman, Lin Liu & John Mylopoulos

  2. Department of Information and Communication Technology, University of Trento, Via Sommarive 14, I-38050, Trento, Italy

    Marco Pistore

  3. ITC-irst, Via Sommarive 18, I-38050, Trento, Italy

    Marco Roveri & Paolo Traverso

Authors
  1. Ariel Fuxman
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Lin Liu
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. John Mylopoulos
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Marco Pistore
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Marco Roveri
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Paolo Traverso
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Marco Roveri.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Fuxman, A., Liu, L., Mylopoulos, J. et al. Specifying and analyzing early requirements in Tropos. Requirements Eng 9, 132–150 (2004). https://doi.org/10.1007/s00766-004-0191-7

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s00766-004-0191-7

Keywords

Search

Navigation