This paper provides an overview of the STATEMATE system, constructed over the past several years by the authors and their colleagues at Ad Cad Ltd., the R&D subsidiary of i-Logix, Inc. STATEMATE is a set of tools, with a heavy graphical orientation, in- tended for the specification, analysis, design, and documentation of large and complex reactive systems, such as real-time embedded sys- tems, control and communication systems, and interactive software or hardware. It enables a user to prepare, analyze, and debug diagram- matic, yet precise, descriptions of the system under development from three interrelated points of view, capturing structure, functionality, and behavior. These views are represented by three graphical languages, the most intricate of which is the language of statecharts [4], used to depict reactive behavior over time. In addition to the use of statecharts, the main novelty of STATEMATE is in the fact that it "understands " the entire descriptions perfectly, to the point of being able to analyze them for crucial dynamic properties, to carry out rigorous ex- ecutions and simulations of the described system, and to create run- ning code automatically. These features are invaluable when it comes to the quality and reliability of the final outcome.

This paper describes an approach to writing requirements specifications for processcontrol systems, a specification language that supports this approach, and an example application of the approach and the language on an industrial aircraft collision avoidance system (TCAS II). The example specification demonstrates (1) the practicality of writing a formal requirements specification for a complex, process-control system and (2) the feasibility of building a formal model of a system using a specification language that is readable and reviewable by applications experts who are not computer scientists or mathematicians. Some lessons learned in the process of this work, which are applicable both to forward and reverse engineering, are also presented.

Requirements engineering (RE) is concerned with the identification of the goals to be achieved by the envisioned system, the operationalization of such goals into services and constraints, and the assignment of responsibilities for the resulting requirements to agents such as humans, devices, and software. The processes involved in RE include domain analysis, elicitation, specification, assessment, negotiation, documentation, and evolution. Getting highquality requirements is difficult and critical. Recent surveys have confirmed the growing recognition of RE as an area of utmost importance in software engineering research and practice. The paper presents a brief history of the main concepts and techniques developed to date to support the RE task, with a special focus on modeling as a common denominator to all RE processes. The initial description of a complex safetycritical system is used to illustrate a number of current research trends in RE-specific areas such as go...

The process of understanding the system under analysis, the services required of it, its environment and associated constraints involves the capture, analysis and resolution of many ideas, perspectives and relationships at varying levels of detail. We believe requirements methods based on global reasoning lack the expressive framework to adequately articulate this distributed requirements knowledge structure. This paper describes the problems faced in trying to establish an adequate and stable set of requirements and proposes a novel ViewpointOriented Requirements Definition method (VORD) as a means of tackling some of these problems. This method structures the requirements engineering process using viewpoints which are associated with sources of requirements. The paper describes VORD in the light of current viewpoint-oriented requirements approaches and shows how its improves on them. A simple example of a bank auto-teller system is used to demonstrate the method. 3 1.0 Introduction...

This article surveys techniques used in structured and object-oriented software specification methods. The techniques are classified as techniques for the specification of external interaction and internal decomposition. The external interaction specification techniques are further subdivided into techniques for the

Safety critical computers increasingly a#ect nearly every aspect of our lives. Computers control the planes we #y on, monitor our health in hospitals and do our work in hazardous environments. Computers with software de#ciencies that fail to meet stringent timing constraints have resulted in catastrophic failures. This paper surveys formal methods for specifying, designing and verifying real-time systems, so as to improve their safety and reliability. # To appear in Journal of Systems and Software,Vol. 18, Number 1, pages 33#60, April 1992. Jonathan Ostro# is with the Department of Computer Science, York University 4700 Keele Street, North York, Ontario, Canada, M3J 1P3. This work is supported by the Natural Sciences and Engineering Research Council of Canada. 1 CONTENTS 2 Contents 1 Introduction 3 2 De#ning the terms 6 2.1 Major issues that formal theories must address ::::::: 13 3 Real-Time Programming Languages 14 4 Structured Methods and#or Graphical Languages 15 4.1 Str...

In ESPRIT project no. EP5570 called IPTES a methodology and a supporting environment for incremental prototyping of embedded computer systems is developed. As a patr

This document type describes the functions, data and dynamic behaviour of an object associated with a specific level. In addition, boundary conditions restricting the class of possible realisations for the object are documented. (2) Architecture Description: This is a design structure which decomposes the object under consideration and/or refines its data structures. The process of decomposition introduces new objects to be associated with a lower level, as well as interfaces between them. Each new object is associated with its own lower-level requirements description. In this way, the alternation between requirements and architecture documents can be recursively applied to the decomposition tree from system to module level

“The hardest single part of building a software system is deciding precisely what to build. No other part of the conceptual work is as difficult as establishing the detailed technical requirements...No other part of the work so cripples the resulting system if done wrong. No other part is as difficult to rectify later. ” [Brooks 87] Deciding precisely what to build and documenting the results is the goal of the requirements phase of software development. For many developers of large, complex

: StateTime is a prototype toolset that supports the design of verified real-time discrete event systems using executable visual state descriptions (the Build tool). Visual state descriptions allow the designer to browse and understand the structure of the system. A timing hierarchy of spontaneous, just and forced timed events, and a variety of computational notions such as concurrency, hierarchy, nondeterminism, process interaction and communication can be represented. The combination of model-checking (the Verify tool) and theorem proving allows for the treatment of finite and infinite state systems. The toolset is illustrated with a shutdown controller of a reactor, as taken from an actual industrial requirements document in which the system is described informally using a mixture of English descriptions, timing diagrams and pseudocode. Using StateTime, a unified precise description of the shutdown reactor is obtained, which can then be checked automatically for conformance with its...