Good requirements are not a luxury — they are a critical success factor for any project. Errors in the requirements are more costly than errors that occur later in the project, as they affect all subsequent development activities and require significantly more effort to rectify. Unclear and ambiguous requirements lead to a high communication effort during development. Inconsistencies often arise between requirements and implementation, leading to costly iterations during development.

Several years ago, I came across a paper by David Parnas entitled “Requirements Documentation: A Systematic Approach” from 2003. In this paper, Parnas not only stresses the importance of well-documented requirements but also shows a way to achieve a precise, complete, and consistent set of requirements via an easy-to-understand mathematical representation of the requirements. Around that time, I had to derive test cases and software from requirements specifications in multiple avionics and railway projects. In each of these projects, I struggled to fulfill my task due to the low quality of the requirements, which demonstrated that we still have the same issues today and across industries. The specification of system functionalities in requirements documents is, in many cases, not precise, incomplete, inconsistent, and typically contains a lot of redundancy. Despite Parnas’ early advocacy, formal methods are still widely perceived as a niche topic/obscure/overly complex, and reserved for specialists. But this is not the case. Today, a number of open-source and commercial tools are available that provide excellent support for requirements engineers to rigorously capture the intended functional behavior in a comprehensible form, including state and temporal aspects, and provide means for formal analysis.

One such tool is STIMULUS from Dassault Systèmes. The tool promotes the idea of “Requirements in the loop” via early simulation of the specified behavior, even before creating any development artifacts. The simulation can reveal inconsistencies between requirements, identify incomplete behavior, and help validate the specified against the intended behavior. The precise representation of the behavior, together with the early identification of errors in the requirements, creates a huge benefit for the subsequent development. In my experience, the additional effort spent is negligible compared to the enormous savings in time and effort to be expected for implementation and testing due to the improved clarity and quality of the specification. STIMULUS even supports automated testing of the implementation against the requirements via simulation using FMU or DLL or by importing trace files, e.g., originating from HiL tests.

At ITK Engineering, we recently analyzed the requirements for a climate control unit using STIMULUS. Although the requirements had undergone thorough reviews and had already been approved for project use, it took us less than thirty minutes to uncover the first conflicts, specifically in how the system states were meant to be managed (see figures 1 and 2). And requirements concerning recirculation contained conflicts because specific features were not mentioned in the preconditions in some requirements. Such conflicts are easily missed during software or system testing because they require specific combinations of input values that trigger both requirements at the same time to detect them. Requirement-based testing, however, typically focuses on one requirement at a time, using only a few test cases with a limited set of stimuli. But if conflicts remain undetected until the system is in operation, the system might behave unexpectedly in some rare situations, and these situations are typically not – or not easily–reproducible. STIMULUS helps to find and avoid such errors via extensive automated analysis of the requirements.

To quote David Parnas again: “What could we do with mathematical descriptions of software? […] Build tools to simulate systems and check systems”. We do have these tools available today. Let’s use them and improve not only the quality of our products but also streamline development processes and make life for engineers easier by providing a solid basis for development. We at ITK Engineering are looking forward to help you experience the benefits of applying Requirements in the Loop in practice.