CSSL: a logic for specifying conditional scenarios

Abstract

Scenarios and use cases are popular means of describing the intended system behaviour. They support a variety of features and, notably, allow for two different interpretations: existential and universal. These modalities allow a progressive shift from examples to general rules about the expected system behaviour. The combination of modalities in a scenario-based specification poses technical challenges when automated reasoning is to be provided. In particular, the use of conditional existential scenarios, of which use cases with preconditions are a common example, require reasoning in branching time. Yet, formally grounded approaches to requirements engineering and industrial verification approaches shy away from branching-time logics due to their relatively unintuitive semantics. In this paper, we define an extension of an (industry standard) linear-time logic with sufficient branching expressiveness to allow capturing conditional existential statements. The resulting logic, called CSSL (Conditional Scenario Specification Language), has an efficient model-checking procedure. It supports reasoning about heterogeneous requirements specifications that include universal and existential statements in the form of use cases and conditional existential scenarios, and other sequence chart variants, in addition to general (linear) liveness and safety properties. We report on two industrial case studies in which the logic was used to specify and verify scenarios and properties.