An Agenda for Specifying Software Components with Complex Data Models

We present a method to specify software for a special kind of safetycritical embedded systems, where sensors deliver low-level values that must be abstracted and pre-processed to express functional and safety requirements adequately. These systems are characterized by a reference architecture. The method is expressed as an agenda, which is a list of activities to be performed for setting up the software specification, complemented by validation conditions that help detect and correct errors. The specification language we use is a combination of the formal notation Z and the diagrammatic notation statecharts. Our approach not only provides detailed guidance to specifiers, but it is also part of a more general engineering concept for engineering safety-critical embedded systems that was developed in the ESPRESS project, a joint project of academia and industry. 1 ESPRESS: Engineering of Safety-Critical Embedded Systems The work we present in this paper has been carried out in the context of the ESPRESS project during the last two years1. In ESPRESS, we investigate development methods for software to be used as part of safety-critical embedded systems. We favor the application of formal methods for this purpose. Even though every software-based system potentially benefits from the application of formal techniques, their use is of particular advantage for the development of safety-critical embedded systems, because the potential damage operators and developers have to envisage in case of malfunction may be much worse than the additional costs of applying formal techniques in system development. Figure 1 shows the basic ESPRESS process model. The agenda presented in this paper guides the development of a requirements specification. Such a requirements specification is further validated and serves as a basis for safety analyses, test case generation, and software design. We use the ESPRESS notation SZ [1] to express the specifications developed with our agenda. This notation provides a semantically well-defined combination of the Statemate languages [6] (namely statecharts and activity charts), the formal specification language Z [15], and an extension of Z by temporal logics [2]. The Statemate languages and Z have been chosen for ESPRESS because of their relevance in industrial 1 The ESPRESS project is a cooperation of industry and research institutes funded by the German ministry BMBF (“Förderschwerpunkt Softwaretechnologie”, grant 01 IS 509 C6). functionality test cases methodological guidance of development steps ESPRESS requirements elicitation specification requirements analyses and validation analyses and refinement test case generation development process