Agile Requirements Evolution via

Paraconsistent ReasoningNeil A. Ernst

University of British Columbia@neilernst • neil@neilernst.net • neilernst.net

with: Alexander Borgida, John Mylopoulos and Ivan Juretaborgida@cs.rutgers.edu, jm@disi.unitn.it,

ijureta@fundp.ac.be Thursday, 28 June, 12

Agile Requirements Evolution via

Paraconsistent ReasoningNeil A. Ernst

University of British Columbia@neilernst • neil@neilernst.net • neilernst.net

with: Alexander Borgida, John Mylopoulos and Ivan Juretaborgida@cs.rutgers.edu, jm@disi.unitn.it,

ijureta@fundp.ac.be

page 382 of proceedings

Thursday, 28 June, 12

TakeawayWe need agile requirements models — that

can still be systematically analysed.

Thursday, 28 June, 12

TakeawayWe need agile requirements models — that

can still be systematically analysed.

• Motivation

Thursday, 28 June, 12

TakeawayWe need agile requirements models — that

can still be systematically analysed.

• Motivation• Formal representation of a requirements

problem as a knowledge base.

Thursday, 28 June, 12

TakeawayWe need agile requirements models — that

can still be systematically analysed.

• Motivation• Formal representation of a requirements

problem as a knowledge base.• How paraconsistent reasoning helps us

support dynamism.

Thursday, 28 June, 12

TakeawayWe need agile requirements models — that

can still be systematically analysed.

• Motivation• Formal representation of a requirements

problem as a knowledge base.• How paraconsistent reasoning helps us

support dynamism. • Evaluation, how this works in practice.

Thursday, 28 June, 12

Agility ...

time

Req

Devel.Test

Ops

Thursday, 28 June, 12

Agility ...

time

Req

Devel. TestOps

Thursday, 28 June, 12

Agility ...

time

Req

Devel. TestOps

Thursday, 28 June, 12

Agility ...

time

ReqDevel. Test

Ops

Thursday, 28 June, 12

Agility ...

time

ReqDevel. Test

Ops

Thursday, 28 June, 12

Requirements agility is constrained

Thursday, 28 June, 12

Requirements agility is constrained

Let’s add remote login

Thursday, 28 June, 12

Requirements agility is constrained

Let’s add remote login Security hole

Thursday, 28 June, 12

Requirements agility is constrained

Let’s add remote login Security hole

How about removing RSA?

Thursday, 28 June, 12

Requirements agility is constrained

Let’s add remote login Security hole

How about removing RSA?

Not back-compatible

Thursday, 28 June, 12

Requirements agility is constrained

Let’s add remote login Security hole

How about removing RSA?

Simplify account mgmt?

Not back-compatible

Thursday, 28 June, 12

Requirements agility is constrained

Let’s add remote login Security hole

How about removing RSA?

Simplify account mgmt?

Not back-compatible

Violates Sarbanes-Oxley

Thursday, 28 June, 12

Requirements agility is constrained

Let’s add remote login Security hole

How about removing RSA?

Simplify account mgmt?

Add COO’s pet feature?

Not back-compatible

Violates Sarbanes-Oxley

Thursday, 28 June, 12

Requirements agility is constrained

Let’s add remote login Security hole

How about removing RSA?

Simplify account mgmt?

Add COO’s pet feature?

Not back-compatible

Violates Sarbanes-Oxley

CEO hates COO

Thursday, 28 June, 12

Requirements agility means success

Thursday, 28 June, 12

Requirements agility means success

Thursday, 28 June, 12

“[the code] remained operational in Ariane 5 without satisfying any

(traceable) requirement.”Thursday, 28 June, 12

Thursday, 28 June, 12

Command Executionsedit.Delete 5.4 M

file.Save 4.3 Medit.Paste 3.8 Medit.Copy 2.4 M

ContentAssist.proposals 1.4 M

Thursday, 28 June, 12

Command Executionsedit.Delete 5.4 M

file.Save 4.3 Medit.Paste 3.8 Medit.Copy 2.4 M

ContentAssist.proposals 1.4 M

Data: Eclipse UPP, 200908, eclipse.ui, 3.5.0

Command Executionswindow.previousView 9

navigate.Back 69window.showViewMenu 89

window.previousPerspective 155window.previousEditor 166

Thursday, 28 June, 12

Requirements problems

Thursday, 28 June, 12

R R R

Requirements problems

Thursday, 28 June, 12

R R R

r r

Requirements problems

Thursday, 28 June, 12

R R R

r r

TT

TT

T

Requirements problems

Thursday, 28 June, 12

R R R

r r

TT

TT

T

Requirements problems

Thursday, 28 June, 12

R R R

r r

TT

TT

T

D D

Requirements problems

Thursday, 28 June, 12

R R R

r r

TT

TT

TT T

D D

Requirements problems

Thursday, 28 June, 12

R R R

r r

TT

TT

T

D D

Requirements problems

Thursday, 28 June, 12

R R R

r r

TT

TT

TT

D D

Requirements problems

Thursday, 28 June, 12

R R R

r r

TT

TT

TT T

D D

Requirements problems

Thursday, 28 June, 12

R R R

r r

TT

TT

T

D D

Requirements problems

Thursday, 28 June, 12

R R R

r r

RequirementsKnowledge Base

TT

TT

T

D D

Requirements problems

Thursday, 28 June, 12

Paraconsistency

Payment Card regs.

Thursday, 28 June, 12

Formalizing paraconsistency

• For the statement ‘requirement A conflicts with requirement B’ writeA ∧ B → ⊥

• Inconsistent when bottom (⊥) can be derived

• Often more ‘complete’ requirements are less consistent.

Thursday, 28 June, 12

Why paraconsistency?

taken from Nuseibeh et al. 2001Thursday, 28 June, 12

Why paraconsistency?• to facilitate distributed collaborative

working (viewpoints),

taken from Nuseibeh et al. 2001Thursday, 28 June, 12

Why paraconsistency?• to facilitate distributed collaborative

working (viewpoints),

taken from Nuseibeh et al. 2001

• to ensure all stakeholder views are taken into account,

Thursday, 28 June, 12

Why paraconsistency?

• to focus attention on problem areas [of the specification],

• to facilitate distributed collaborative working (viewpoints),

taken from Nuseibeh et al. 2001

• to ensure all stakeholder views are taken into account,

Thursday, 28 June, 12

Why paraconsistency?

• to focus attention on problem areas [of the specification],

• to prevent premature commitment to design decisions.

• to facilitate distributed collaborative working (viewpoints),

taken from Nuseibeh et al. 2001

• to ensure all stakeholder views are taken into account,

Thursday, 28 June, 12

Why paraconsistency?

• to focus attention on problem areas [of the specification],

• to facilitate distributed collaborative working (viewpoints),

• to prevent premature commitment to design decisions.

taken from Nuseibeh et al. 2001

• to ensure all stakeholder views are taken into account,

Thursday, 28 June, 12

Criteria for paraconsistent satisfaction

• Domain assumptions and refinements are consistent.

• Desired goals are internally consistent.

• Selected tasks are internally consistent.

Thursday, 28 June, 12

R R R

r r

TT

TT

T

D D

Thursday, 28 June, 12

R R R

r r

TT

TT

T

D D

Thursday, 28 June, 12

R R R

r r

TT

TT

T

D DD D

Thursday, 28 June, 12

R R R

r r

TT

TT

TT

D DD D

T

Thursday, 28 June, 12

R R R

r r

TT

TT

TT

D DD D

T

R

r

Thursday, 28 June, 12

What to do?

Thursday, 28 June, 12

What to do?1. Given goals, what minimal sets of tasks

satisfy them? (minimal goal achievement)

Thursday, 28 June, 12

What to do?1. Given goals, what minimal sets of tasks

satisfy them? (minimal goal achievement)

2. Given goals, and minimal task sets, what can we add to expand our consistent solution? (get candidate solutions)

Thursday, 28 June, 12

What to do?1. Given goals, what minimal sets of tasks

satisfy them? (minimal goal achievement)

2. Given goals, and minimal task sets, what can we add to expand our consistent solution? (get candidate solutions)

3. Other operations: bottom-up reasoning, costs, etc.

Thursday, 28 June, 12

Assign unique ID Use

existing h/w

Compensating control

8.1 prevent multiple logins

Log Access

Use SUDO Use centralized

ID

Use AS/400 servers

Minimal Goal Achievement

Thursday, 28 June, 12

Assign unique ID Use

existing h/w

Compensating control

8.1 prevent multiple logins

Log Access

Use SUDO Use centralized

ID

Use AS/400 servers

Minimal Goal Achievement

Thursday, 28 June, 12

Assign unique ID Use

existing h/w

Compensating control

8.1 prevent multiple logins

Log Access

Use SUDO Use centralized

ID

Use AS/400 servers

Minimal Goal Achievement

Use SUDO Log Access

Use AS/400 servers

Thursday, 28 June, 12

Assign unique ID Use

existing h/w

Compensating control

8.1 prevent multiple logins

Log Access

Use SUDO Use centralized

ID

Use AS/400 serversUse SUDO Log

Access

Use AS/400 servers

Thursday, 28 June, 12

Get Candidate SolutionsAssign

unique ID Use existing h/w

Compensating control

8.1 prevent multiple logins

Log Access

Use SUDO Use centralized

ID

Use AS/400 serversUse SUDO Log

Access

Use AS/400 servers

Thursday, 28 June, 12

Get Candidate SolutionsAssign

unique ID Use existing h/w

Compensating control

8.1 prevent multiple logins

Log Access

Use SUDO Use centralized

ID

Use AS/400 serversUse SUDO Log

Access

Use AS/400 servers

Use existing h/w

Thursday, 28 June, 12

Evaluation and implementation

• Implemented reasoner using graphical modeling tool and assumption-based truth maintenance.

• Tested tool on 340 requirement Payment Card case study.

• Find all solutions in ~600s.• Outperforms (outdated) MinWeightSat

reasoner.

Thursday, 28 June, 12

Visual editor

Domain specific lang.

Visual editorVisual editorVisual editorVisual editorVisual editorVisual editorVisual editor

Reasoner

RE-KOMBINE

Thursday, 28 June, 12

Visual editorReq. Mgmt. Tool

DSL editor

Visual editorVisual editorVisual editorVisual editorVisual editorVisual editorVisual editor

Reasoner

Thursday, 28 June, 12

SummaryProblem: support agile requirements while still enabling systematically modelling and analysis.Solution: paraconsistent models with reasoning backend.

Code and data available at http://github.com/neilernst/Techne-TMS

Neil Ernst: @neilernst • neilernst.netThursday, 28 June, 12