© Fraunhofer IESE

REQUIREMENTS ENGINEERINGLECTURE 2016/2017

Dr. Jörg Dörr

RE for Embedded Systems- Exercise on SBS

Requirements Engineering

Embedded System Software Specification

Specification model• What does the specification contain?• What should be documented?

Logical system model• What is the system?• Where is the system boundary?• What should be considered ?

Specification processes• What steps to perform and how?• Cleanroom software engineering

• Sequence-based Specification

Specification methods• How to document?

• Tables• What language to use?

• SCR

We looked at these in the last class

Requirements Engineering

Embedded System Software Specification

Specification model• What does the specification contain?• What should be documented?

Logical system model• What is the system?• Where is the system boundary?• What should be considered ?

Specification processes• What steps to perform and how?• Cleanroom software engineering

• Sequence-based Specification

Specification methods• How to document?

• Tables• What language to use?

• SCR

Today’s exercise

Requirements Engineering

SBSPart 1: Sequence Based Specification

Requirements Engineering

Specifying black box behavior

• Sequence based specification- Tag requirements- Define system boundary

Identify stimuli Identify responsesChoice of appropriate abstraction

- Systematic enumeration of Stimulus history (sequences) and responses (SH R)Sequence equivalence

Requirements Engineering

Example

• “Cleanroom Software Engineering Technology and Process” by S. Prowell, C. Trammell, R. Linger, J. Poore

SET

1 32

4 65

7 98

CLEAR

Trip Wire

Requirements Engineering

Security alarm requirements

Tag Requirement

1 The security alarm has a detector that sends a trip signal when motion is detected

2 The security alarm is activated by pressing the SET button3 The SET button is illuminated when the security alarm is set

4 If a trip signal occurs when the security alarm is set, a tone (alarm) is emitted

5 A three digit code must be entered to silence the alarm tone

6 Correct entry of the code deactivates the security alarm7 If a mistake is made when entering the code, the user must press the CLEAR

button before the code can be re-entered

Requirements Engineering

Security Alarm: Stimuli

Stimulus Description Symbol Trace

Set Device activator S 2Trip Signal from detector T 1BadDigit Incorrect entry of a digit in the

codeB 7

Clear Clear entry C 7GoodDigit A digit that is part of the correct

entry of the 3-digit code that deactivates the alarm and the device

G 5, 6

Requirements Engineering

Security Alarm: Responses

Response Description Trace

Light On Set button illuminated 3Light off Set button not illuminated 6Alarm On Alarm tone activated 4Alarm Off Alarm tone deactivated 5

Requirements Engineering

Sequence Response Equivalence Trace

λ (Empty) Null D1S Light On 2, 3T Illegal D1B Illegal D1C Illegal D1G Illegal D1D1 The security alarm is initially deactivated

Security alarm: Enumeration, Sequences of length 0 and 1

• Rule: Do not extend the sequence IF - the response is “illegal” OR IF- the sequence is declared equivalent to a previous sequence - ELSE extend

Requirements Engineering

Security alarm: Enumeration, Sequences of length 2

Requirements Engineering

Security alarm: Enumeration, Sequences of length 3

Requirements Engineering

Security alarm: Enumeration, Sequences of length 4

Requirements Engineering

Security alarm: Enumeration, Sequences of length 5

Rule: The enumeration is complete if there are no more sequences to extend.

Requirements Engineering

Observations

• Given requirements are usually incomplete and/ or unclear- Derived requirements

Enumeration to identify missing requirements Enumeration to identify ambiguous requirementsDeriving responses for requirements clarification

- Definition of system boundary, stimuli and responsesDepends on abstraction, can change

Requirements are documented, complete, consistent and traceably correct BY CONSTRUCTION

Requirements Engineering

Tag RequirementD1 The security alarm is initially deactivated

D2 After the device has been set, the SET button has no further effect until the device has been deactivated

D3 The device produces no external response to an erroneous entry

D4 The device produces no external response to a CLEAR entry

D5 The device produces no external response the correct entry if a GoodDigit until all three digits of the code have been entered

D6 After the trip signal has set of the alarm, the trip signal has no further effect until the device has been deactivated

D7 Incomplete entry of the code prior to a trip signal will be regarded as an erroneous entry that requires a CLEAR and a re-entry of the correct code to deactivate the alarm

Security Alarm: Derived requirements

Requirements Engineering

Canonical SequenceAnalysis

• Canonical sequences: Irreducible, legalsequences

• Identify from sequenceenumeration

Requirements Engineering

Summary

• Enumeration precisely defines a state machine• State machines generate or recognize sequences• Abstraction to control state space explosion• Ad-hoc state machine construction

- Difficult to invent complete machine- Erroneous

Black-box + State-box definition Complete, Consistent, Traceable, Verifiably Correct specification

Ready for development.