Formal Methods for V & V of partial speci cations : An experience report

This paper describes our work exploring the suitability of formal speci cation methods for independent veri cation and validation (IV&V) of software speci cations for large, safety critical systems. An IV&V contractor often has to perform rapid analysis on incomplete speci cations, with no control over how those speci cations are represented. Lightweight formal methods show signi cant promise in this context, as they o er a way of uncovering major errors, without the burden of full proofs of correctness. We describe an experiment in the application of the method SCR to testing for consistency properties of a partial model of the requirements for Fault Detection Isolation and Recovery on the space station. We conclude that the insights gained from formalizing a speci cation is valuable, and it is the process of formalization, rather than the end product that is important. It was only necessary to build enough of the formal model to test the properties in which we were interested. Maintenance of delity between multiple representations of the same requirements (as they evolve) is still a problem, and deserves further study.