Validating Requirements Determining Completeness and Correctness of Requirements
- Slides: 46
Validating Requirements Determining Completeness and Correctness of Requirements Using the System Reference Model IV&V Workshop 16 September 2009
Overview • Validation Purpose and Definitions • A Correct and Complete SRM, and the Three Questions • SRM Correlation Mapping • Analysis of Correlation Results • Correct, Complete, Incorrect, and Incomplete Examples • Best practices, lessons learned, and challenges
IV&V’s Validation Definition • The process of evaluating artifacts to ensure that the right behaviors have been defined in the artifacts. • The right behaviors are those that adequately describe – what the system is supposed to do – what the system is not supposed to do, and – what the system is supposed to do under adverse conditions. • Validation ensures that the software system performs to the user’s needs under operational conditions. – Contains the desired capabilities to accomplish the mission goals – Does not contain unspecified limitation that impedes the capabilities
Validation Goal • To ensure that – The right behaviors have been defined • Adequately describe – What the system is supposed to do – What the system is not supposed to do – What the system is supposed to do under adverse conditions • Correct and Complete – The requirement specifications are of high quality • Unambiguous, Consistent, and Verifiable
Correct (IVV 09 -1) • Applicable requirement(s) meet all or part of the goals and behaviors of the system – Note: not all requirements can be evaluated in isolation; it may require a set of requirements to be evaluated together in order to determine that a particular goal or behavior is being met). • The requirements are an accurate elaboration of the defined objectives or goals – e. g. , the use of temporal modal operators like “next”, “until”, “always”, and “eventually”, are appropriately used to reflect the desired behavior • The requirements adequately refine the higher-level requirements • Design or implementation-specific information is specified as constraints to the behaviors captured in the requirements
Complete (IVV 09 -1) • All the needed information to completely specify a desired behavior is identified (i. e. , all preconditions, postconditions, and invariants are specified for the described behavior). • Threads of behavior are represented by more than one requirement, versus one compound requirement that attempts to capture the entire thread (i. e. , that each requirement specifies only one “thing”). • The use of conjunctions (e. g. , “and”, “or”) are restricted to preconditions, postconditions, and invariants.
How? “This goal is achieved through the development and application of a system reference model (SRM) that will include a formal specification. The SRM can then be used to show (e. g. , validate) that the right system behaviors are specified and the associated requirements are unambiguous, correct, complete, consistent, and verifiable. The SRM can also be used to validate (or develop) a test design that will demonstrate that the software products meet the specification and the operational need. ” – IVV 09 -1
The System Reference Model • Includes sets of Modeling Artifacts – – – Use cases Activity Diagrams, Sequences Diagrams Statecharts Domain Models (Class Diagrams, Communication Diagrams) Statechart Assertions JUnit Test Cases • A concise description of the IV&V team’s understanding of the problem – Analysis tool – Communication tool • Captures expected system behaviors – 3 Questions
What’s In the SRM? Validation and Verification involves answering the following three questions: 1. Will the System do what it is supposed to do? 2. Will the System not do what it is not supposed to do? 3. Will the System maintain operations under adverse conditions? Note, in order to answer these questions, we must first have an independent understanding of: – What the system is supposed to do – What the system is not supposed to do – What the system is supposed to do to maintain operations under adverse conditions This information can be found within different areas of our model.
SRM Product Dependencies
System Goals
System Goals
Constraints, Actors, and Environment
Text Use Cases
Use Case Example What the system is supposed to do All parts within the Main Success Scenarios describe the actions that must take place to accomplish the goal(s). Adverse Conditions Extension Scenarios show the system should react to adverse conditions to get back on the success path or transition to safe mode.
Activity Diagram Example What the system is supposed to do All parts within the Main Success Scenarios describe the actions that must take place to accomplish the goal(s). Goal: Flight System precesses and damps nutation to point the High Gain Antenna at earth for communication and GRAV science Precondition: Engineering Instruments are calibrated <<Main Success Scenario>> <<Extension Scenarios>> Precess to Earth Point Fails Flight System Turn on IMUs Turn on Precession catalyst bed heaters Turn on X-band Transmitters ing to [turn oint] p earth Select High Gain Antenna Flight System [IMU D on or oes not t ur malfu nctio n ns] [Ca do t bed no t tu heate rn on rs ] Return Errors [not turn ing earth poin to t] Select Forward Low Gain Antenna Use Other Thrusters Turn off cat bed heaters Pulse RCS Thrusters Turn off IMU Passive Nutation Damping [thrusters do not fire] Adverse Conditions Extension Scenarios show the system should react to adverse conditions to get back on the success path or transition to safe mode.
Sequence Diagrams Example What the system is supposed to do The interactions of the Sequence Diagram describe the steps involved to accomplish the goal(s). Adverse Conditions A sequence diagram can also be developed to show the system should react to adverse condition. 18
SRM Validation Scenarios What the system is NOT supposed to do This information can be found in our Assertions and the Validation scenarios we create to test against them. r () o ct or () () () se or al ct rt. F Ve se te ta As r() S to ed ec at e. V im at st St t. E ed ge at ) im e( st ru t. E rt. T ge r() se to ec As e. V ) e e. V at e( ru t e. S at tim es rt. T se As at ct Ve te ta d. S t e. S at tim es e at im st t. E ge public void test. Scenario 2() { st. get. Estimated. State. Vector(); st. estimate. State. Vector(); assert. True (st. is. Success()); st. get. Estimated. State. Vector(); assert. False (st. is. Success()); }
Validation WBS (IVV 09 -1) 1. 0 Validation 1. 1 Obtain/Develop a System Reference Model (SRM) 1. 2 Validate System Requirements 1. 3 Validate Test Design
Validate System Requirements • For each level of system decomposition, we need to determine – Sufficiency of the requirements • Is there a corresponding requirement for every SRM behavior and Statechart assertion at that level? – Quality of the requirements • Assess the quality of each requirement that has a corresponding SRM behavior or Statechart assertion at that level – Sufficiency of the SRM • Is there any mission-critical, safety-critical requirement not covered by an SRM behavior or Statechart assertion at that level? • A “correlation map” is built to capture these relationships
Validation Possibilities Validated Requirements SRM Correct? Requirements Complete? SRM Behaviors Unambiguous, Correct, Consistent, & Verifiable Requirements SRM Correct? Requirements In Scope and Valid? Requirements
An Example Behavior Preconditions Goal Constraints Main Success Scenario – Q 1 & Q 2 Extensions – Q 2 & Q 3 References Post-conditions
Requirement Proxies
Requirement Proxies
Requirement Proxies
Requirement Proxies
Other Analysis Tools Subject Requirement Validation Findings Parent Requirements Correlation Mapping Child Requirements
Requirement Data Subject Requirement Validation Findings Parent Requirements Correlation Mapping Child Requirements
Parent Traces Subject Requirement Validation Findings Parent Requirements Correlation Mapping Child Requirements
Child Traces Subject Requirement Validation Findings Parent Requirements Correlation Mapping Child Requirements
Correlation Mapping Subject Requirement Validation Findings Parent Requirements Correlation Mapping Child Requirements
Validation Findings Subject Requirement Validation Findings Parent Requirements Correlation Mapping Child Requirements
Requirement Proxies
Correlation Mapping & Requirement Evaluation
Correlation Map
Re s/Is sue s ing Fin d Ma ppi ng em ent s rem ent qui l El Mo de Correlation Map
Correct (IVV 09 -1) • Applicable requirement(s) meet all or part of the goals and behaviors of the system Coverage of Model – Note: not all requirements can be evaluated in isolation; it may require a set of requirements to be evaluated together in order to determine that a particular goal or behavior is being met). • The requirements are an accurate elaboration of the defined objectives or goals Consistency with Model – e. g. , the use of temporal modal operators like “next”, “until”, “always”, and “eventually”, are appropriately used to reflect the desired behavior • The requirements adequately refine the higher-level requirements • Design or implementation-specific information is specified as constraints to the behaviors captured in the requirements Separation of Information
Complete (IVV 09 -1) • All the needed information to completely specify a desired behavior is identified (i. e. , all preconditions, postconditions, and invariants are specified for the described behavior). • Threads of behavior are represented by more than one requirement, versus one compound requirement that attempts to capture the entire thread (i. e. , that each requirement specifies only one “thing”). • The use of conjunctions (e. g. , “and”, “or”) are restricted to preconditions, postconditions, and invariants. Coverage of Model
Correlation Mapping & Requirement Evaluation
Correlation Mapping & Requirement Evaluation
Identifying Issues • L 2 Rqmnt - The Project shall generate, route, transport, store and execute a sequence containing any of the following types of time-tagged commands: absolute time, time relative to a sequence-external time value stored on-board, time relative to the execution of the previous command in the sequence. • L 3 Rqmnt - The sequence time tags shall be either an absolute execution time, time relative to a sequence external time value, or a time relative to the execution of the previous command or command file. • L 4 Rqmnt - The flight software shall provide the means for running onboard relative and absolute time, relative to a sequence external time value, tagged sequences.
s/Is sue s ing Fin d Requirements Ma ppi ng rem ent qui em ent s Model Re l El Mo de Identifying Issues Findings
Lessons Learned & Best Practices
Challenges • • Varying levels of detail between the SRM and requirements being validated What vs. How – “Requirements Model” vs. “Design Model” Terminology differences between SRM behaviors and requirements Lack of adequate tools, work instructions, product descriptions/templates – particularly MKS Artifact Mapping capability
Questions?
- Validating hypothesis
- Traditional methods for determining requirements
- When to use sdlc
- Determining human information requirements
- Determining system requirements
- Contemporary methods for determining system requirements
- How can ngt be used for requirements determination
- Divide and conquer
- Four loopy questions
- Principles of correctness
- Entity integrity ensures correctness of the data in a table
- Examples of consideration in communication
- Principles of business communication
- Bfs proof of correctness
- Clarity courtesy spacing correctness
- Why completeness is important in communication
- Com_min algorithm
- Reliability vs correctness
- Emotional correctness
- Bubble sort loop invariant
- 7 c's of communication clarity
- What is program correctness
- Proof of correctness examples
- Correctness of fragmentation
- Dynamic connectivity problem
- Derived horizontal fragmentation
- Functional correctness
- What is the correctness of algorithm
- Dimensional homogeneity
- Notion of correctness
- Completeness in communication
- Disjointness and completeness constraint
- P and s wave arrival time chart
- What is the point estimate of μ?
- Balancing the accounting equation answer key
- Claim of policy.
- Np completeness
- Unity paragraph
- Iscgem
- What is institutional completeness
- Lower level diagram
- Completeness effect in cryptography
- 7 c's of business letter
- Tmf reference model
- Completeness in writing
- Technical writing definition
- Principles of completeness