Formal Methods for V&V of Partial Specifications: An Experience RSeport

This paper describes our work exploring the suit-ability of formal speciication methods for independent veriication and validation (IV&V) of software speciications for large, safety critical systems. An IV&V contractor often has to perform rapid analysis on incomplete speciications, with no control over how those speciications are represented. Lightweight formal methods show signiicant promise in this context , as they ooer a way of uncovering major errors, without the burden of full proofs of correctness. We describe an experiment in the application of the method SCR to testing for consistency properties of a partial model of the requirements for Fault Detection Isolation and Recovery on the space station. We conclude that the insights gained from formalizing a speciica-tion is valuable, and it is the process of formalization, rather than the end product that is important. It was only necessary to build enough of the formal model to test the properties in which we were interested. Maintenance of delity between multiple representations of the same requirements (as they evolve) is still a problem , and deserves further study.