Comparison of (semi-) formal specification versus informal natural language specification

23
Comparison of (semi-) formal specification versus informal natural language specification Date: 02-03-2012 Course: Software Requirements Management: Quality and functionality Coursecode: 1BM20 Project: Assignment 2 Team: Assignment_2_Group_08 Team members: Tollenaere, Y.S.B. 0596377 [email protected] Correia Santos, G. 0830587 [email protected] Emens, R.D. 0716250 [email protected]

Transcript of Comparison of (semi-) formal specification versus informal natural language specification

Comparison of (semi-) formal specification versus

informal natural language specification

Date: 02-03-2012

Course: Software Requirements Management: Quality and functionality

Coursecode: 1BM20

Project: Assignment 2

Team: Assignment_2_Group_08

Team members: Tollenaere, Y.S.B. 0596377 [email protected]

Correia Santos, G. 0830587 [email protected]

Emens, R.D. 0716250 [email protected]

1

ABSTRACT

The determination and specification of requirements are key activities in the development of

software. Inadequate requirements can lead to system rejection, failure in delivering the software in

time, excessive maintenance, failure of the system and loss of credibility. Since requirements are an

abstract representation of the object system, the language used to describe this abstraction is of

importance. This article presents a comparison between informal and formal specification

languages. Also it is argued during which activities of a software development project a formal or

informal language should be used. A conceptual framework consisting of eight criteria is used to

assess high quality literature. The eight criteria used are (1) the degree to which the language used

can cause ambiguity, incompleteness, and inaccuracy, (2) understandability by naïve users, (3)

understandability by practicing analysts and designers, (4) modifiability and maintainability, (5) the

degree to which completeness, correctness, and consistency checks and proofs can be done, (6)

freedom of expression, (7) ease to which code can be generated and (8) the degree to which the

language can include or support other specification languages. The activities are grouped by (partly)

using phases of the waterfall model: elicitation, analysis, specification and validation & verification.

The literature study revealed that in the activities of the elicitation and analysis phase primarily an

informal language should be used. When more and more requirements are baselined and are

elaborated in more detail in the activities of the specification and validation & verification phases,

the importance of formal languages is rising. A hybrid use of formal and informal approaches is

advised to use in the corresponding activities.

2

CONTENTS

1. Introduction .................................................................................................................................... 3

2. Problem description ........................................................................................................................ 4

3. Conceptual framework ................................................................................................................... 5

4. Comparison criteria ......................................................................................................................... 6

4.1 Degree to which the language used can cause ambiguity, incompleteness and inaccuracy . 6

4.2 Understandability by naïve users ............................................................................................ 7

4.3 Understandability by practicing analysts and designers......................................................... 8

4.4 Modifiability and maintainability .......................................................................................... 10

4.5 Degree to which completeness, correctness and consistency checks and proofs can be

done 11

4.6 Freedom of expression ......................................................................................................... 12

4.7 Ease to which code can be generated .................................................................................. 13

4.8 Degree to which the language can include or support other languages .............................. 14

5. Practical cases ............................................................................................................................... 15

5.1 A formal example .................................................................................................................. 15

5.2 An informal example ............................................................................................................. 16

6. Conclusion and discussion ............................................................................................................ 17

Limitations ......................................................................................................................................... 19

Bibliography .......................................................................................................................................... 20

3

1. INTRODUCTION

The development of requirements is one of the first steps in every software development process

and may also be considered as one of the most important phases of the process. Errors made in this

phase of the process will have consequences throughout the entire process. The later they are

discovered, the higher the associated costs of repairing them will turn out to be (Jones C. , 1996a). It

is important to achieve a common understanding among the different stakeholders in the network

(Kudikyala & Vaughn, 2005). The sooner misunderstandings are identified and corrected, the better

the result will be.

In order to achieve a good requirements document for a software project different tools and

techniques are available. It is possible to use natural language to write down the requirements or

use more formal languages with a mathematical background. These different languages serve

different purposes and have related characteristics. Requirement Engineering is inherently broad,

interdisciplinary and open-ended (Cares, Franch, Perini, & Susi, 2011). The successful elicitation of

these values, however, demands an understanding of the specific problem and its context, in which

the requirements are embedded—both locally and in the wider organization. This environment is

highly complex, requiring many difficult communication interfaces to be made, particularly between

the users’ social/technical world and the analysts’ technical world (Coughlan, Lycett, & Macredie,

2003)

In this report we discuss a research which has been done to the use of formal and informal

requirement models or languages in specific phases of the requirements engineering. The easiest

example of an informal language is natural language. Examples of formal requirements language are:

Goal-oriented Requirement Language (University of Toronto, CANADA , 2012), Common Algebraic

Specification Language (CASL) (CoFi - Universitat Bremen), Z notation (Wikipedia foundation, 2013).

We will argue that in different phases of the requirement development specific types of languages

have more advantages than others. Four hypotheses are derived and languages are compared to a

set of criteria. In the end a conclusion is drawn upon the comparison and two practical cases of the

use of formal and informal requirement languages related to the comparison are provided.

The remaining of this report has the following structure. In chapter 2 the different phases of the

requirement stage will be explained and the hypothesis are presented. The conceptual framework is

described in chapter 3 and in chapter 4 the different criteria of the comparison are provided.

Chapter 5 gives two practical examples of the use of formal and informal requirement languages in

different development stages. The final chapter is devoted to the conclusion and discussion of the

results

4

2. PROBLEM DESCRIPTION

Requirements are defined during the early stages of a system development as a specification of

what should be implemented (Kotonya & Sommerville, 1998).These requirements are documented

in the requirements document, which is an official statement of the system requirements for

customers, end-users and software developers (Kotonya & Sommerville, 1998). The requirements

document/specification serves several purposes: it serves as a means of communication between

the user and the systems developer; it represents in asystematic fashion the current state of the real

world, its problems and its future requirements; it enables the systems developer to turn real world

problems into other forms which are more manageable in terms of size, complexity, human

understanding and computer processability; it serves as the basis for the design, implementation,

testing and maintenance of the target system (Tse & Pong, 1991). Example users of a requirements

document are system customers, managers, system engineers, system test engineers and system

maintenance engineers (Kotonya & Sommerville, 1998).Since the content of this document is

important in various activities and is important for several users of a requirements document, the

way in which those requirements are documented is an important topic to address.

As indicated by Nuseibeh & Easterbrook (2000), the requirements documentation research is often

on specification languages and notations, with a variety of formal, semi-formal and informal

languages. This article contributes to this research by explicitly comparing formal and informal

languages. Furthermore it is addressed in what phase of the software development project a formal

or informal language is preferred. Some researchers (see e.g. Rajlich (2006)) argue that a leading

software engineering paradigm of well-defined phases, which exist in the waterfall life cycle model,

is and should be departed to accept a paradigm that is about software evolution, iterative and agile

development. By mentioning that a specific language is preferred in a specific phase of the software

development project (which suggests that we refer to a waterfall approach), we mean that a specific

language is suitable in the activities that occur in that particular phase. The waterfall model consists

of the following phases: requirements phase, design phase, implementation phase, test phase,

installation phase and maintenance phase. The first phase consists of various activities. Although the

naming of the various activities differs in the industry (Siddiqi & Shekaran, 1996), we assume that

the requirements process contains the activities elicitation, analysis, specification and validation

(Wiegers, 2003). On top of that we add the activity verification. We expect that our analysis of

informal and formal languages will result in the following structure of the preferred use of informal

or formal languages in the activities of the phases elicitation, analysis, specification and verification

and validation:

Figure 1:

Four hypotheses regarding the best

use of formal or informal languages

in a specific phase

5

3. CONCEPTUAL FRAMEWORK

In order to compare informal and formal languages and by that approving or rejecting the stated

hypotheses, a conceptual framework is used. This framework is used to analyze selected relevant

papers from high-quality journals. Our framework consists of eight criteria to compare informal and

formal languages. The eight criteria used are:

- Degree to which the language used can cause ambiguity, incompleteness, and inaccuracy

- Understandability by naïve users

- Understandability by practicing analysts and designers

- Modifiability and maintainability

- Degree to which completeness, correctness, and consistency checks and proofs can be done

- Freedom of expression

- Ease to which code can be generated

- Degree to which the language can include or support other languages

As stated this framework is used to analyze research published in high quality journals. To this end

primarily literature of IEEE journals1 and journals that are included in the Thomson Reuters Master

Journal List2 is used. The application of the conceptual framework as well as the conclusions that

follow from this application are described in the following chapters.

1 http://ieeexplore.ieee.org/Xplore/guesthome.jsp 2 http://ip-science.thomsonreuters.com/mjl/

6

4. COMPARISON CRITERIA

The previous chapter introduced the conceptual framework used in this literature study. The

following sections discuss each criterion of the framework in terms of formal and informal

languages.

4.1 DEGREE TO WHICH THE LANGUAGE USED CAN CAUSE AMBIGUITY,

INCOMPLETENESS AND INACCURACY

According to IEEE (IEEE Standard Glossary of Software Engineering Terminology, 1990), a software

requirements document needs to be: correct, unambiguous, complete, consistent, ranked for

importance and/or stability, verifiable, modifiable and traceable. For a software project to be

successful, it is essential that the requirements of a software system reflect the user’s needs. Since

the requirements document forms the basis of a whole development process, the requirements

document must be at least correct, complete and unambiguous (Denger, Berry, & Kamsties, 2003).

An important element is the language used to define the requirements.

The use of formal language gives an analyst a more complete and comprehensive view of the system

requirements, with less number of errors and omissions in the document. Formal specification

languages have a mathematical basis and employ a formal notation to model system requirements

(Fraser, Kumar, & Vaishnavi, 1991). Furthermore formal languages provide conciseness, clarity and

precision (Fraser, Kumar, & Vaishnavi, 1991). This makes the document more precise and

unambiguous, if the language is used correctly.

Informal specification languages, on the other hand, use a combination of graphics and semiformal

textual notations to describe and specify system requirements. Given the graphical and “English-

like” nature of these languages, they provide an ideal vehicle for eliciting user requirements.

However, requirements stated in natural language have major drawbacks, namely the inherent

imprecision, i.e. the inherent ambiguity, incompleteness and inaccuracy of natural language (Denger,

Berry, & Kamsties, 2003), which are a result of the lack of rules on how to use the language as well

as the freedom of expression that inevitable leads to more freedom of interpretation. Possible

consequences are that stakeholders can have their own understanding of the requirement (Pohl,

1994) and none are aware that the others may have different understandings (Kamsties, 2001).

When these imprecise requirements are not identified before actual development is started, high

costs for rework and a delayed product release could be the result.

An important note to make here is that a vague understanding of the system is reflected in both

informal and formal languages (Pohl, 1994). But if the requirements engineer does have a proper

understanding of the system to developed, the language used does have an effect on possible

ambiguity, incompleteness and inaccuracy,

7

4.2 UNDERSTANDABILITY BY NAÏVE USERS

In the requirement elicitation phase it is important to have understanding of the requirements to be

set among the different stakeholders of the software development Including end users of the system

(Kudikyala & Vaughn, 2005). The loss of information as a result of communication errors between

stakeholders is an important risk factor in software design (Keil, Cule, Lyytinen, & Schmidt, 1998). In

most cases the end users of the system, who can be classified as naive related to software

requirements design and software design in general, are not experts on designing information

systems and know very little about software development. However, it is important that these end

users are able to effectively communicate their domain knowledge to the software engineers and

system architects. The designers must understand what the naive users mean and the naive users

must get confirmation that the designers correctly interpreted their knowledge about the design.

The question is whether the language used to do this influences the effectiveness.

Natural language seems like a logical language to use since all stakeholders (in general) speak and

understand this. Furthermore all stakeholders are able to read, write, store and transfer information

in natural language to each other with very limited technology needed. For example, no specific

modelling tools are required to communicate in natural language.

However, there is a mayor pitfall in the use of natural language which must be avoided. Most fields

have specific terminology and practices. The naive end users must be aware that in many instances,

the software requirement engineer does not possess the same amount of domain knowledge as he

does and might misinterpret terminology or practice.

Using formal languages might resolve this problem. However, it will require a language which is

known by all stakeholders. It is possible to learn a new formal language to the end user to allow

them to communicate and understand the requirements to and from the designers. Unfortunately

this is time consuming and the results are highly dependent on how well the end users are able to

learn the formal requirements language and their willingness to do this.

A third option is suggested by Kudikyala and Vaughn (2005) who presented a technique to better

understand requirements. They developed a specific mental model named the pathfinder model to

represent concepts and weighted connections among them. Using these graphs in combination with

natural language the stakeholders are able to visualize relatively easy what they mean. On the other

hand, the requirement engineers are able to map what they understand, interpreted and how this

translates to requirements. By calculating the distance between these graphs the requirements can

easily be verified to the naive end users intention.

8

4.3 UNDERSTANDABILITY BY PRACTICING ANALYSTS AND DESIGNERS

Different designers and engineers are involved in the development of software. During this they

need to communicate their requirements in an understandable and unambiguous way in order to

prevent misinterpretation or the loss of data. Abbott & Moorhead (1981) make a distinction

between requirements and specification for software. In which they give the following definitions for

both terms.

Requirement: A property needed to solve a problem or achieve an objective. Hence a quality,

capability or other characteristic which suits a system ot its intended use or environment.

Specification: A description (in a formal language to the extent practicable) of the externally

knowable features, i.e., behavioral characteristics, of a system. (Abbott & Moorhead, 1981)

p. 298

This definition is conflicting with the now more general definition of a requirement as given by the

IEEE (1990, p. 62):

1. A condition or capability needed by a user to solve a problem or to achieve an objective

2. A condition or capability that must be met or possessed by a system or system component to

satisfy a contract, standard, specification, or other formally imposed document

3. A documented representation of a condition or capability as in 1 or 2

The definition by the IEEE is essentially a combination of both requirements and specifications as

given by (Abbott & Moorhead, 1981). However, the distinction made by Abbott & Moorhead is

useful in this research. If both are considered to be requirements, it can be stated that they are

requirements serving a different purpose in the design process and should be treated differently

according to their goal. Abbott and Moorhead (1981, p. 300) indicate about their requirements:

Since the job of requirements dentition is so broad, it is to be expected that the language in

which the results are expressed must also be very flexible. That is, since the job of a requirements

document is to describe properties needed to solve a problem, it is most appropriate to describe

those properties in the language best suited to the problem.

Natural language is considered the suiting language. However all their arguments reflect on

understandability by (naive) end users, which we have already covered. Understandability by other

developers is something different and relates to the concept of specifications. In order to keep this

comparison readable we will use the word specification like Abbott and Moorhead, however note

that this is also a requirement according to our definition.

Specifications should focus on the system and how it works and communicate this to the different

designers and engineers involved. Languages describing them should contain: Formal correctness,

abstract data types, include levels of abstraction and facilitate the testing of correctness (Abbott &

Moorhead, 1981). For this there are three criteria defined by Balzer & Goldman (1981) stating

specifications must be: Understandable, testable and maintainable. Using eight principles they are

able to derive implications for specification languages. The principles are: separating functionality

9

from implantation, the language should be process orientated, it must encompasses the system on

which the software is implemented, it must encompass the environment in which it operates, it

must be a cognitive model, specifications have to be operational and the system must be tolerant

for incompleteness.

According to Balzer & Goldman (1981) these principles lead to eighteen implications: Logical data

classification and access, uniform data specification, relational data model, global model, global

data base with inference, descriptive reference, historical references, elimination of variables,

constraint capability including strong typing, nondeterministic constructs, result specification, future

reference, demons, logical aggregation, alternative constructs (contexts), analogous specification,

normal-case specification and process models (sceneries). Using these implications a language can

be tested to its ability to capture specifications. Although natural language could meet all these

implications, this might be hard for some instances. A specially designed formal (modelling) language

could overcome this.

Practitioners of the design process should and are able to learn the correct use of such a formal

modelling language which would make it usable to transfer and communicate requirements among

them. The first real (experimental) use of formal requirements engineering was done by NASA for a

comprehensive reengineering process in which they wanted to incorporate GPS navigation in their

on-board systems. At that time, not much experience with formal requirement elicitation was

available which resulted in the concept being in used in a rather late state of the project (Jones, Till,

& Wrightson, 1998).

The original reporting of this project (Di Vito & Roberts, 1996, p. 6) makes the following careful

statement about their first encounter with formal requirements engineering:

Portions of the GPS Change Request have been modelled using the language of SRI’s

Prototype Verification System. Developing the formal specifications, even with only limited

analysis conducted on them, resulted in 86 requirements issues being discovered. Experience

with the GPS effort showed that the outlook for formal methods in this requirements analysis

domain is quite promising. The approach detailed here produced specifications that

requirements analysts and others from the Shuttle community can and did learn to read and

interpret, without having to become PVS practitioners. Moreover, the mere construction of

formal specifications using this method… led to the discovery of flaws in the requirements.

There are good prospects for the continuation of the effort by Shuttle personnel.

It became clear that the use of formal languages proves to be very efficient if the designers and

engineers are all experienced in requirement elicitation and software design. They are able to

understand these languages and based on that premises should have more advantages using formal

requirement languages rather than using natural language later in the design process, after the

initial field knowledge is required from.

10

4.4 MODIFIABILITY AND MAINTAINABILITY

One product of requirements engineering (processes) is the requirements specification. As noted in

previous sections, according to the IEEE standard (IEEE, 1991) a requirement specification must be

unambiguous, complete, verifiable, consistent, modifiable, traceable and usable during operations

and maintenance. Two important aspects of this summation are modifiability and maintenance.

Goldman and Balzer (1981) identified three main activities in which the object of specification

undergoes considerable modification: formulation, development and maintenance. The specification

is created in the formulation activity, elaborated during the iterative process of design and

implementation, and maintained when the specification is changed to reflect a modified

environment. Other researchers also identified and mentioned these possible changes to the

requirements specification. Abbott and Moorhead (1981) pointed out that the contract between

specifier and implementer changes over time (which refers to maintainability). Furthermore Fraser,

Kumar and Vaishnavi (1991) highlighted the iterative nature of the requirements elicitation process

and Jones (1996) linked creating software requirements to hiking in a gradually lifting fog (which

refer to the second activity mentioned by Goldman and Balzer).

Since requirements are stated in a particular language, the language must allow that the

requirements are easily modifiable and maintainable (Fraser, Kumar, & Vaishnavi, 1991). This holds

for changes in requirements documentation like adding specifications, deleting specifications and

fixing errors, as described by Nuseibeh and Easterbrook (2000). The topic addressed in this section is

the question whether the degree of modifiability and maintainability is affected by the use of an

informal or formal language.

Formal specification languages have a mathematical (usually formal logic) basis and employ a formal

notation to model system requirements (Andrews & Gibbins (1988); Jones (1986)). The notation and

the conceptual grammar of the formal specification languages is usually complex and requires a

degree of mathematical sophistication which does not usually exist in naïve users and in most of the

practicing analysists and designers (Fraser, Kumar, & Vaishnavi, 1991). We argue that this conceptual

grammar and notation makes it harder to easily change the corresponding requirement and thus

undermine modifiability and maintainability; Van Lamsweerde (2000) for example mentioned that

formalization involves terms and predicates which may have many different meanings and therefore

result in the need to state the meaning of each term/predicate. So if a requirement (for example) is

extended with new terms or predicates, each element should be stated explicitly. Van Lamsweerde

(2000) explicitly argued that formal specifications are hard to develop and assess. This is in line with

Jones, Till and Wrightson (1998) who stated that it generally costs more to produce a precise and

formal specification of system requirements in contradiction to the production of an informal

statement. Informal languages don’t have a that rich and well defined semantic and thus have less

constraints. Since the requirements writer doesn’t have to take into account those constraints, he or

she is able to change the requirements document faster.

11

4.5 DEGREE TO WHICH COMPLETENESS, CORRECTNESS AND CONSISTENCY CHECKS

AND PROOFS CAN BE DONE

During the development of a requirements document it is important to ensure the document meets

the needs and standards set to these documents in order to ensure a successful further

development of the software project. Zowghi, Gervasi & McRae (2001, p. 133) stated the following

about this: The goal of the participants in requirements engineering is to develop a software

requirements specification(SRS) that is concise, consistent, clear to readers, complete with respect to

user needs, and ideally can be delivered on time.

Model checking is a technique to verify if a model satisfies criteria set in the definition of the

modeling language. This ensures the model of a requirement is valid and sound, which means the

requirement is defined correctly. After the individual requirements are considered to be correct it is

possible to check the entire document for completeness, correctness and consistency. In all

languages used these checks have to be performed. In all cases this can be done manually by

requirements engineers using peer reviews, e.g. internal reviews, walkthroughs or inspections

(Melo, Shull, & Travassos, 2001). When informal languages are used this is often the only possible

technique. In the case a formal language is used to describe the requirements, it is also possible to

automate a number of tests in order to determine the completeness, correctness and consistency of

the requirements. In many instances these automated checks will also be more thorough to check

interdependencies among different requirements which might result in inconsistencies. The reason

that test automation is possible when formal languages are used is the structure of formal

languages; they are precise and mathematical operators can be used to mathematical prove the

internal consistency and correctness of the specifications (Fraser, Kumar, & Vaishnavi, 1991). As

stated in the section about the degree to which the language used can cause ambiguity,

incompleteness and inaccuracy, the major disadvantage of specifying requirements only in natural

language is inherent imprecision, such as ambiguity, incompleteness and inaccuracy (Kamalrudin,

2009).

Thus in both formal and informal languages it is important to ensure that the requirements are

complete, correct and consistent. In all cases this can be done by manually checking them and using

peer reviews, often in an iterative manner. However, formal languages provide the possibilities to

allow for a large number of automated test (as a result of their design). These automated test have

the same or better results than manually checking test and less resources are required to perform

those tests.

12

4.6 FREEDOM OF EXPRESSION

When requirements engineers are eliciting requirements, a lot of sources are used. One of these

sources are stakeholders, e.g. business engineers, project managers, developers and customers. In

large scale projects it is possible that these distributed sources generating requirements result in

difficulties handling the requirements correctly. This makes interaction among stakeholders an

important success factor; especially the participation of client groups is very important in multi-sites

development (Ko, Park, Seo, & Choi, 2007). Although interaction among stakeholders is high (and

thereby contributing to the content of the requirement), all these stakeholders want to be able to

express their specific needs for the software project in the requirements document. The form these

stakeholders are describing their needs depends on their personal vocabulary, best practices,

knowledge, experience and needs. Because of this diversification in background a significant

freedom of expression is needed to allow those stakeholders to describe, communicate, read and

assess requirements. Thus freedom of expression is an important element of the language in which

the requirements are specified.

Natural language is obviously the language with the largest possibility to express what someone

thinks. Since it is the language we use most of the time in our day to day life (Pohl, 1994). Even if the

requirement document uses a natural language which is not their own first language, users are able

to translate requirements from their first spoken language to the chosen natural language. This

allows the stakeholder to express what it is expected from the system, her or his perception of the

problem, and a minimal model of the environment in which the system to build will work (Ambriola

& Gervasi, 1997). According to a research conducted by University of Trent (Luisa, Mariangela, &

Pierluigi, 2003), most available requirements documents are written in natural language or were

obtained from information collected in interviews conducted in natural language. As mentioned

before, formal languages follow specific rules, are strict and don’t allow free interpretation. This

bounds stakeholders in expressing their specific needs.

Although the stakeholder is able to describe their needs with a lot of freedom of expression when

informal languages are used, requirements freedom of ambiguity, inconsistency and contradictory

are available (Pohl, 1994). Opposite to this are the rules imposed by formal language that guarantee

the correct interpretation of the requirements defined in the document. However, this results in a

lack of freedom of expression.

13

4.7 EASE TO WHICH CODE CAN BE GENERATED

When the activities of software systems requirements engineering are finished, documents that are

amenable to implementation should have been created (Nuseibeh & Easterbrook, 2000). The

requirements (stated in a particular formal or informal language) in those documents are used to

develop a software system. The topic in this section is the ease to which code can be generated

when either an informal or formal language is used.

The software developed after the requirements engineering activities is written in a formal

programming language. As described criterion of ‘Degree to which it can cause ambiguity,

incompleteness, and inaccuracy’, using a formal language results in less ambiguity and

misconceptions. This makes it easier to cross the divide from formal specifications to formal

implementations (Andrews & Gibbins, 1988). If the requirements used in the development of the

software are only stated in informal language, it leads to repeated manual programming, which is

error prone, unsafe and time consuming (Eden, Yehudai, & Gil, 1997).

As mentioned in the section about modifiability and maintainability, formal languages have a

mathematical (usually formal logic) basis and employ a formal notation to model system

requirements (Andrews & Gibbins, 1988) (Jones C. B., 1986). Because of this richer, well defined

semantic it is possible to (partially) automatically generate code out of the requirements (Pohl,

1994). Such an translation is clearly feasible, because the specification as well as the program can be

viewed as mathematical objects (Whalen, 1999). However, if the specification cannot be guaranteed,

the code still needs verification and validation (Whalen, 1999). Since requirements stated in informal

language are subject to ambiguity (as described in previous sections), using requirements written in

informal languages will result in the need to always verify and validate the code; something you

would also do for manually generated code. Thus one should use a formal specification language if

one is using automatic code generation tools.

14

4.8 DEGREE TO WHICH THE LANGUAGE CAN INCLUDE OR SUPPORT OTHER

LANGUAGES

During the development of software requirements it might be necessary at some points to translate

requirements form one language to another. This might be necessary to communicate them to

stakeholders not familiar with a given (formal) requirements language or in order to use automated

code generation tools. This is in most cases relatively easy done by hand if the engineer is familiar

with the modelling language.

For some languages automated tools exist to translate formal requirement models to other

languages. However, not much research on this topic has been found. The Object-Process

Methodology (OPM) does provide tools to translate the formal requirement models to natural

language (Dori, 2002). This makes relative complex models easy to understand by non-specialists,

while people familiar with the modelling language are able to use the full potential of the formal

modelling language. Other languages can also support similar functions, allowing more people to

understand the formal requirements in natural language.

Translating natural language to formal requirements is mostly done by hand. This is a result of the

fact that natural language often does not provide the unambiguity needed to support automated

parsing to a formal language. There are tools feasible to support this to some extent. However, the

formal requirements generated have to be precisely checked for consistency with the original

natural language requirements. The semantics of informal languages are described using natural

language (Tse & Pong, 1991). Thus a basic language that can include or support other languages is an

informal (natural) language.

15

5. PRACTICAL CASES

In order to determine the actual use of informal and formal two cases are presented. One case is of

a requirements definition using a formal language; the other uses an informal language.

5.1 A FORMAL EXAMPLE

A practical example of the use of formal requirements specification languages is given in Bowen

(2003). In this case multiple requirement documents are generated for the Distributed Computing

Software (DCS) project which is designed at the Oxford University Computing Laboratory using the Z

language. The designs have formed the basis for manuals for each of the services. Two different

types of manual have been produced. User Manuals have been designed to describe each service

from the point of view of a client program using the service via Remote Procedure Calls (RPCs) over a

network. In addition, Implementer Manuals have been produced for some services. These describe

how the service may be implemented internally. All these documents are made in the Z language.

Z language is an abstract and formal requirements modeling language. Z was originally proposed by

Jean-Raymond Abrial in 1977 with the help of Steve Schuman and Bertrand Meyer. It was developed

further at the Programming Research Group at Oxford University, where Abrial worked in the early

1980s, having arrived at Oxford in September 1979. Z is based on the standard mathematical

notation used in axiomatic set theory, lambda calculus, and first-order predicate logic. All

expressions in Z notation are typed, thereby avoiding some of the paradoxes of naive set theory. Z

contains a standardized catalog (called the mathematical toolkit) of commonly used mathematical

functions and predicates. (Wikipedia foundation, 2013)

Both the documents in this case are part of the specification of the design and intended to be used

by designers to implement RPCs in their software. In the framework provided on software

requirement generation these documents would be used to verify and validate the requirements.

The manuals are written as complete and readable as possible while using a formal language. They

provided a clear framework for developers to correctly implement and support RPCs in their

software. This allowed RPCs to be used by different teams developing software without

compatibility problems.

The user manuals needed to provide an abstract view on the service from the outside to show how

the RPCs can be used by outside services. Internal mechanisms are highly abstracted. Using a formal

language enabled the developers to base these user manuals on previously generated documents

rather quick reducing the production time of this specific requirements document.

The implementer manuals do need to provide a detailed view on the inside of the RPCs. The

developers choose also Z language for this document rather than some form of pseudo code. The

notation did need some extensions to enable it to support recursive and iterative functions, this was

not yet supported by Z, but necessary to correctly describe the requirements. The main reason to

use Z language was too enable the documents to be verified with other documents such as the user

manuals. Z allows for easy manual verification and validation of these processes. The developers

argued using Z would in the future enable more automated coding and validation tools. In any case,

16

the Implementer Manuals have been designed to convey the design to a programmer, rather than to

aid a proof of correctness by defining its relationship with the User Manual (although this

relationship is included formally in the Implementer Manual) (Bowen, 2003).

This example shows that the use of a formal language has advantages later in the design process

when different documents have to be generated for different stakeholders, while staying consistent

and checkable. This supports the criteria of understandability by practicing analysts, maintainability

and degree to which completeness, correctness and consistency checks can be done. It also showed

the limitations in freedom of expression which needed to be addressed.

5.2 AN INFORMAL EXAMPLE

An extensive search for a case study that primarily describes the development of an informal natural

specification as well as the difficulties that were encountered during this development, has been

conducted3. However, no literature is found that primarily describes this development or these

difficulties . One of the search results is the paper by Satpathy, Harrison, Snook & Butler (2001). In

their comparative study of formal and informal specifications a problem is taken from industry and

specified in two languages: B [a model-oriented formal specification language] and UML [an informal

specification language]. The case study consisted of a hard to understand and complex TV text

module of a new generation TV. Two equally experienced subjects started in parallel and

independently produced half of either a formal specification or an informal specification. When the

first halve of both documents has been produced, they are swapped in order to minimize the effects

of experience. Comparison of the B and UML specifications yielded several conclusions. At the higher

level, the structure of the UML specification was similar to the structure of the B specification.

However, when moving to lower levels it was harder to produce the UML specification. The

‘rigorous’ nature of the initial specification is presented as the reason. It was therefore found that an

informal description was not sufficient to achieve a high level of precision. The B language, in

contrast, was less ambiguous because of the precision needed to produce the specification. With

respect to intuitive and readable structure the UML language facilitated the best specification.

This example shows, in correspondence with the previous example, that the use of a formal

language has advantages later in the design process. This is in line with literature study results

regarding the freedom of expression and the degree to which the language used can cause

ambiguity. The observation that the UML language produced a more intuitive and readable structure

may support our literature study regarding modifiability and maintainability; when an informal

specification language is used, the documents are more maintainable and modifiable. A case study

by Gehani (1982) confirms this: informal specifications are easier to read, but formal specifications

are clearer, specify operation domains precisely, define the interaction between operations, show

the incompleteness of the informal specifications and are devoid of implementation details.

3 Literature search in various databases has been conducted using combinations of terms “case”, “field study”, “case study”, “informal specification”, “natural language specification”, “informal specification”, “informal requirements”, “natural language requirements”, “informal requirements engineering” and “natural language requirements engineering”.

17

6. CONCLUSION AND DISCUSSION

In this literature study a comparison is made between informal and formal specifications language

by using a conceptual framework to assess high quality literature. The results of applying this

conceptual framework as well as the framework itself are presented in table 1 below. These results

are used to approve or reject the hypotheses stated in the problem description.

Table 1: Conceptual framework with results

The elicitation phase contains activities that are aimed at defining the system boundaries, identifying

stakeholders, formulating goals, and eliciting other relevant information (Nuseibeh & Easterbrook,

2000). These activities involve a high involvement of stakeholders, who are the people or

organisations who will be affected by the system and who have a direct or indirect influence on the

system requirements (Kotonya & Sommerville, 1998). Because of this high stakeholder involvement

understandability by naïve users is an important factor (Fraser, Kumar, & Vaishnavi, 1991).

Furthermore the documents used will undergo considerable modifications, which points out the

importance of modifiability and maintainability. Since people involved in the requirements

engineering process have various roles and different skills and knowledge, each has his or her own

understanding of the system to be build (Pohl, 1994). This highlights the need of freedom of

expression. The analysis of these criteria identified that an informal language should be used to

specify the requirements, which confirms hypothesis 1. An important note to make is that ambiguity,

incompleteness inaccuracy is important throughout the whole software development project.

During the requirements analysis the stakeholder’s needs, assumptions, and other information

identified during elicitation are melded together and further refined (Westfall, 2005). This includes

representing the requirements in various forms (e.g. prototypes and models), performing trade-off

analysis, establishing priorities, analysing feasibility and looking for missing requirements (Westfall,

2005). Since the documents used are still (and will be) modified on a regular basis, modifiability and

maintainability is important. In order to check whether conflicting requirements exist, automated

check tools could be preferable. This highlights the importance of the degree to which

18

completeness, correctness, and consistency checks can be done, which results in the need of a

formal language that minimizes ambiguity, incompleteness and inaccuracy. In our opinion it isn’t

feasible to use a formal specification language in those (analysis) activities, because of the high

investment (costs) involved in producing formal requirements (Jones, Till, & Wrightson, 1998).

Furthermore one could perform completeness, consistency and inaccuracy checks by means of

reviews. When one refined the elicitated information and requirements in more detail to formal

requirements, one could be unwilling to consider the need for change. Since it is likely that change is

needed because of the iterative nature of the elicitation, analysis, specification and validation

phases, one should start formalising the requirements when the requirements mostly agreed

upon/baselined. Since in this step the requirements are not yet baselined, one shouldn’t make more

use of formal languages during the analysis activities than used during the elicitation activities, which

rejects hypothesis 2.

After the analysis phase, activities of the specification step phase are conducted. During the

specification step the requirements are formally documented so they can be communicated to the

product stakeholders (Westfall, 2005). This can be done using a single requirement document or

using multiple documents in different forms such as: use cases, specific documents for specific

stakeholders, if the software is part of a larger system the architecture of this larger system might be

provided, external interfaces might be included (Westfall, 2005). Since this document is

communicated to the product stakeholders, understandability by naïve users is important. This

stresses the importance of informal languages. As noted before, because of the iterative nature of

the various phases, modifiability and maintainability is an important element. This criterion also

promotes an informal specification language. Kotonya & Sommerville (1998, p. 15) stated the

following about the requirements document:

“The system and software requirements are usually documented in a formal document which is used

to communicate the requirements to customers, system and software engineers and managers of the

systems engineering process.”

From this statement follows that system and software engineers also should be able to fully

understand the stated requirements, which highlights the importance of understandability by

practicing analysts and designers. Although they fully understand natural languages, formal

languages provide the rigor needed to communicate with them (designer/constructor) (Fraser,

Kumar, & Vaishnavi, 1991). Since it is impractical to define a requirements specification only in terms

of a single or textual language and the semantics of formal languages are explained via natural

language, it is argued by Tse and Pong (1991) to use a language that exists in more than one format.

We agree with those authors to use a language that is convertible from formal to informal and vice

versa at a high level of abstraction . If in the various iterations more and more requirements are

baselined and lower abstraction levels are reached that are of importance to designers, a translation

to formal representations becomes more and more important. Reasons for this are the ease to

which code can be generated, the degree to which completeness, correctness, and consistency

checks and proofs can be done and the degree to which the language used can cause ambiguity,

incompleteness, and inaccuracy. Thus one should start formalising after a significant amount of

baselined requirements is identified together with lower levels of abstractions. This combination of

19

formal and informal approaches is also identified by Fraser, Kumar and Vaishnavi (1991). This argues

for a fifty-fifty distribution of the use of informal and formal languages. Therefore hypothesis 3, that

states that formal languages should be more present, is rejected.

The fourth hypothesis is about the prominent use of formal languages in the verification and

validation phase of the requirements document. During the validation phase it is checked if the

requirements meet all the stakeholder demands. This is usually done using (formal) peer-reviews

(Westfall, 2005). The review should ensure the entire document is: complete, consistent and

modifiable. The individual requirements must be: unambiguous, concise, finite, measurable, feasible,

testable and traceable. Validating can also be done using different test cases and writing

requirements for black box testing. Since functional testing only requires knowledge of the

requirements and not of the internals of the software product, practitioners can start writing test

cases against their requirements as soon as they start writing them. The major advantage of writing

the functional test cases early in the life cycle is that it will uncover defects in the requirements.

Writing test cases early in the process may result in some rework if the requirements change, but

the cost of that rework will be more than offset by the savings resulting from finding and fixing more

requirements defects earlier (Westfall, 2005). Since the product of the specification phase activities

is discussed in the validation phase and the validation phase can result in rework of the

requirements document, the same conclusion regarding the use of formal and informal languages in

the specification phase applies for the validation phase; an hybrid use of formal and informal

languages is required. This rejects hypothesis 4.

The case of the RPCs development clearly showed designers in the validation and verification phase

of the project choosing a formal requirements language, Z language, to generate multiple

documents for different users. The use of a common language allowed them to relatively quick

generate documents for different stakeholders while providing verification and validation strength

to keep the documents consistent with each other. Providing a practical proof of hypothesis 4.

The following section presents limitations of this research.

LIMITATIONS

A Limitation of this research is that it is based on only this current state of literature. Further

research should also validate the criteria such as the automated translating to other languages.

Other criteria might show different results. Also formal and informal languages where seen as a

single entity. The results provided do not necessarily hold for all formal and informal requirement

languages.

20

BIBLIOGRAPHY

Abbott, R. J., & Moorhead, D. K. (1981, December). Software Requirements and Specifications: A

Survey of Needs and Languages. The Journal of Systems and Software, 2(4), 297-316.

Ambriola, V., & Gervasi, V. (1997). Processing Natural Language Requirements. Automated Software

Engineering, 1997. Proceedings., 12th IEEE International Conference, 36-45 .

Andrews, D., & Gibbins, P. (1988). An Introduction To Formal Methods Of Software Development.

McGraw-Hill Education.

Balzer, R., & Goldman, N. (1981). Principles of good software specification and their implications for

specification languages. National Computer conference, (pp. 393-400).

Bowen, J. (2003). Formal Specification and Documentation using Z.

Cares, C., Franch, X., Perini, A., & Susi, A. (2011). Towards interoperability of i* models using iStarML.

Computer Standards & Interfaces, 69-79.

CoFi - Universitat Bremen. (n.d.). CASL reference manual. Bremen.

Coughlan, J., Lycett, M., & Macredie, R. D. (2003). Communitcation issues in requirements

elicitation: a content analysis of stakeholder experiences. Information and Software

Technology, 525-537.

Denger, C., Berry, D. M., & Kamsties, E. (2003). Higher Quality Requirements Specifications through

Natural Language Patterns. Software: Science, Technology and Engineering, 2003. SwSTE '03.

Proceedings. IEEE International Conference on, 80-90.

Di Vito, B. L., & Roberts, L. W. (1996). Using Formal Methods to Assist in the Requirements Analysis of

the Space Shuttle GPS Change Request. Hampton, Virginia: National Aeronautics and Space

Administration.

Dori, D. (2002). Object-process methodology: a holistics systems paradigm. Berlin Heidelberg New

York: Springer-Verlag.

Eden, A. H., Yehudai, A., & Gil, J. (1997). Precise specification and automatic application of design

patterns. Proceedings of the 12th IEEE International Conference on Automated Software

Engineering, (pp. 143-152).

Fraser, M. D., Kumar, K., & Vaishnavi, V. K. (1991, MAY). Informal and Formal Requirements

Specification Languages: Bridging the Gap. IEEE TRANSACTIONS ON SOFTWARE

ENGINEERING, 17(5), 454-466.

Gehani, N. (1982). Specifications: Formal and informal - a case study. Software: Practice and

Experience, 12(5), 433-44.

21

IEEE. (1991). IEEE std. 830-1984, Guide for software requirements specifications (ANSI). In IEEE, IEEE

Software Engineering Standards Collection. New York.

IEEE StandardsBoard. (1990). IEEE Standard Glossary of Software Engineering Terminology. New

York: IEEE.

Jones, C. (1996, June). Strategies for managing requirements creep. IEEE Computer, 29(6), 92-94.

Jones, C. (1996a). Activity-based software costing. IEEE Computers, 103-104.

Jones, C. B. (1986). Systematic Software Development ·Using VDM. Prentice Hall.

Jones, S., Till, D., & Wrightson, A. M. (1998, March). Formal methods and requirements engineering:

Challenges and synergies. Journal of Systems and Software, 40(3), 263-273.

Kamalrudin, M. (2009). Automated Software Tool Support for Checking the Inconsistency of

Requirements. IEEE/ACM International Conference on Automated Software Engineering,

693- 697 .

Kamsties, E. (2001). Surfacing Ambiguity Natural Language Requirements. Ph.D. Dissertation.

Kaiserslautern, Germany: Universität Kaiserslauter.

Keil, M., Cule, P., Lyytinen, K., & Schmidt, R. (1998). A framework for identifying software project

risks. Communications of the ACM, 76 - 83 .

Ko, Y., Park, S., Seo, J., & Choi, S. (2007). Using classification techniques for informal requirements in

the requirements analysis-supporting system. Information and Software Technology, 11-12.

Kotonya, G., & Sommerville, I. (1998). Requirements engineering: processes and techniques. John

Wiley & Son Ltd.

Kudikyala, U. K., & Vaughn, R. B. (2005). Software requirement understanding using Pathfinder

networks: discovering and evaluating mental models. The Journal of Systems and Software

74, 101-109.

Luisa, M., Mariangela, F., & Pierluigi, N. I. (2003). Market research for requirements analysis using

linguistic tools. In press.

Melo, W., Shull, F., & Travassos, G. H. (2001). Software Review Guidelines. Technical Report ES-

556/01, Federal University of Rio de Janeiro, Systems Engineering and Computer Science

Department.

Nuseibeh, B., & Easterbrook, S. (2000). Requirements Engineering: A Roadmap. ICSE '00 Proceedings

of the Conference on The Future of Software Engineering (pp. 35-46). Limerick: ACM New

York.

Pohl, K. (1994). The Three Dimensions of Requirements Engineering: A framework And Its

Applications. Information Systems, 19(3), 243-258.

22

Rajlich, V. (2006). Changing the Paradigm of Software Engineering. Communications of the ACM,

49(8), 67-70.

Satpathy, M., Harrison, R., Snook, C., & Butler, M. (2001). A comparative study of formal and

informal specifications through an industrial case study. IEEE/ IFIP Workshop on Formal

Specification of Computer Based Systems (FSCBS'01).

Siddiqi, J., & Shekaran, M. (1996). Requirements Engineering: The Emerging Wisdom. IEEE Software,

13(2), 15-19.

Society, IEEE Computer. (1990). IEEE Standard Glossary of Software Engineering Terminology. New

York: IEEE.

Tse, T. H., & Pong, L. (1991). An Examination of Requirements Specification Languages. The

Computer Journal, 34(2), 143-152.

University of Toronto, CANADA . (2012, 12 13). GRL - Goal-oriented Requirement Language.

Retrieved from http://www.cs.toronto.edu/km/GRL/

Van Lamsweerde, A. (2000). Formal Specification: a Roadmap. ICSE '00 Proceedings of the

Conference on The Future of Software Engineering, (pp. 147-159). New York.

Westfall, L. (2005). Software Requirements Engineering: What, Why, Who, When, and How. World

Conference on Quality and Improvement.

Whalen, M. (1999). On the requirements of high-integrity code generation. Proceedings of the 4th

IEEE International Symposium High-Assurance Systems Engineering, (pp. 217-224).

Wiegers, K. E. (2003). Software Requirements (Second ed.). Microsoft Press.

Wikipedia foundation. (2013, Januari 26). Z notation. Retrieved from Wikipedia:

http://en.wikipedia.org/wiki/Z_notation

Zowghi, D., Gervasi, V., & McRae, A. (2001). Using Default Reasoning to Discover Inconsistencies.

Software Engineering Conference, 2001. APSEC 2001. Eighth Asia-Pacific, 133-140 .