[trustable-software] Evidence Relationships in SDLC

Paul Sherwood paul.sherwood at codethink.co.uk
Thu Mar 29 09:10:27 BST 2018 

On 2018-03-29 08:34, Paul Sherwood wrote:
<snip>
>> And such a requirement should be Unitary and Cohesive. That is to say
>> that it should address one and only one behavior.
> 
> I'm afraid I no longer agree with that, hence there is no such
> assertion in the basics.md file you mentioned above.
> 
> Dan Firth on this list provided a logic argument which appeared to
> nail it last year:
> 
> https://lists.trustable.io/pipermail/trustable-software/2018-January/000284.html

So in my faulty memory, I thought we had actually revised the 
t.requirements definition in light of Dan's logic argument, but I'm 
clearly mistaken.

And now I'm feeling like an idiot because on re-reading the argument, I 
don't think the example holds up.

Help, please! :-)

>>   * Atomic - only one statement, e.g. it should be blue, not it should
>>     be blue and made of plastic
>> 
> 
> This one in particular makes no sense. It's impossible to express any
> implication this way. I'll resurrect the example from the SAT solver we
> investigated early last year to demonstrate.
> 
> 1. A box contains electrical wires that can be powered 'on' or 'off'

This is not a requirement; it's a description of a situation.

> 2. The workman can either be either in the state 'at risk' or 'safe'

Ditto.

> 3. The box door can either be open or closed

Ditto.

> 4. When the box is open and the power on, the workman is 'at risk'

Ditto.

> 5. When the box is closed, the workman is 'safe'

Ditto.

> 6. When the door is opened, the power is turned off

Ditto, unless we change s/is turned off/must be/

In that case this is a requirement, and I think it's unitary.

> 7. When the door is closed, the power is turned on

Ditto.

> 8. The workman should never be at risk

This is a requirement, and I think it's unitary/cohesive as written.

It may lead to several other implied requirements (e.g. we need to power 
off the door when it's opened) for a given implementation.

> 1,2,3 are all of the form A \/ B
> 4,5,6,7 are all of the form A => B, equivalently B \/ ¬A
> 
> There's no way to express goodany requirement with a non-trivial amount 
> of
> semantic content without allowing conjunctive/disjunctive requirements.

This may still be correct, but it's not proved by the given example IMO. 
As always, I may be wrong.

br
Paul

More information about the trustable-software mailing list