Using the SCR* Toolset to Specify Software Requirements

1. Background Formulated in the late 1970s to specify the requirements of the Operational Flight Program (OFP) of the A-7 aircraft 8], the SCR (Software Cost Reduction) requirements method is a method based on tables for specifying the requirements of software systems. During the 1980s and the early 1990s, many companies, including Bell Laboratories, Grumman, Ontario Hydro, and Lockheed, applied the SCR requirements method to practical systems. Each of these applications of SCR had, at most, weak tool support. To provide powerful, robust tool support customized for the SCR method, we have developed the SCR* toolset. To provide formal underpinnings for the method, we have also developed a formal model which deenes the semantics of SCR requirements speciications. In SCR, monitored and controlled variables represent environmental quantities that the system monitors and controls 7]. The environment nondeterministically produces a sequence of input events, where an input event is a change in some monitored quantity. The system responds to each input event in turn by changing state and possibly changing one or more controlled quantities. The SCR formal model, a special case of the classic state machine model, represents a system as a 4-tuple, (S; S 0 ; E m ; T), where S is a set of states, S 0 S is the initial state set, E m is the set of input events, and T is a function describing the allowed state transitions 7]. T is a composition of simpler functions derived from the tables in an SCR speciication. The formal model requires each table to satisfy certain properties. These properties guarantee that each table describes a total function. To specify the system requirements concisely, the SCR method uses mode classes, conditions , and events. A mode class organizes the system states into equivalence classes, each called a mode. The SCR model includes a set RF containing the names of all variables (e.g., monitored and controlled variables, mode classes) in a given speciication and a type function TY mapping each variable in RF to a set of values. In the model, a state is a function mapping each variable r in RF to its value in TY(r), a condition is a predicate deened on a state, and an event is a predicate deened on two states when any state variable changes. 3. The SCR Tools SCR* is an integrated suite of tools supporting the SCR requirements method. It includes …