DOCSLIB.ORG

Introduction to a Requirements Engineering Framework for Aeronautics

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Introduction to a Requirements Engineering Framework for Aeronautics J. Software Engineering & Applications, 2010, 3, 894-900 doi:10.4236/jsea.2010.39105 Published Online September 2010 (http://www.SciRP.org/journal/jsea) Introduction to a Requirements Engineering Framework for Aeronautics Robert Abo Cedric Laboratory, Conservatoire National des Arts et Métiers, Paris, France. Email: [email protected] ABSTRACT This paper introduces a framework to produce and to manage quality requirements of embedded aeronautical systems, called the ‘Requirements Engineering Framework’ (REF). It aims at making the management of the requirement lifecy- cle easier, from the specification of the purchaser’s needs, to their implementation in the final products, and also their verification, while controlling costs. REF is based on the main standards of aeronautics, in particular RTCA DO-254, and RTCA DO-178B standards. An implementation of REF, using the IBM Rational DOORS and IBM Rational Change tools, is also presented in this paper. Keywords: Aeronautics, Requirements Engineering, RTCA DO-254 and RTCA DO-178B Standards, V-Model 1. Introduction presents an implementation of REF, which uses the IBM Rational DOORS tool [6] to manage requirements and to To ensure the safety and the reliability of the aircraft’s carry out requirement traceability, and IBM Rational embedded systems, airworthiness authorities (e.g. US Change tool [7] to manage changes between work teams. Federal Aviation Administration [1], European Aviation Section 4 is dedicated to the safety activities, while Sec- Safety Agency [2], UK Civil Aviation Authority [3], etc.) tion 5 concludes this paper. require that they are built under control of processes based on international standards. Among these standards, 2. Requirements Management the main two used in the civilian domain are the 2.1. System Lifecycle Model well-known RTCA DO-254 ‘Design Assurance Guid- ance for Airborne Electronic Hardware’ standard (aka DO-254 does not prescribe a preferred lifecycle model, EUROCAE ED-80) [4] for hardware components and the nor imply a structure for the performing organization. In RTCA DO-178 ed. B ‘Software Considerations in Air- the same manner, DO-178B does not designate a pre- borne Systems and Equipment Certification’ standard ferred software lifecycle, but describes the separate (aka EUROCAE ED-12) [5] for software components. processes that comprise most lifecycles and the interac- They are referred to as the ‘DO standards’ throughout tion between them. The lifecycle for each project should this paper. be based on selection, and arrangement of processes and In this article, we introduce the ‘Requirements Engi- activities determined by the attributes of the project. neering Framework’ (REF for short), which aims at Several system lifecycle models exist in system engi- producing and managing quality requirements, in order neering, with different approaches on the manner of to produce safe and secure embedded aeronautical sys- leading a project to develop a system: waterfall, V-model, tems, that must adhere to the rigorous constraints of in- iterative, spiral, agile, and so on. Each one has its pros ternational standards, while controlling costs. This is and cons, and it is up to the chief technical officer and achieved by using formalized and mature processes as project leaders to determine the most suitable model to presented in the following sections. The REF described lead the projects of their company. in this article, does not refer to the practices of a particu- REF is based on V-model [8] (aka “Vee model”), lar supplier or a particular firm in aeronautics. which is a variation of the waterfall model. This choice is The rest of this paper is organized as follows. In Sec- explained by its advantages. First, it is simple, well or- tion 2, we present the basic notions of requirements ganized, and easy to use and to implement. In particular, management, which form REF foundations. Section 3 it highlights the correspondences between the develop- Copyright © 2010 SciRes. JSEA Introduction to a Requirements Engineering Framework for Aeronautics 895 ment phases (i.e. the descending stages, from the early system requirements are collected in the ‘System specification to the implementation) and the verification Specification’ (SyS) document. It is possible to phases (i.e. the ascending stages, from the implementa- refine this level, by considering a sub-level dedi- tion to the product delivery). Thus, it facilitates not only cated to the embedded equipment. requirement traceability, but also the production of the 3) The ‘high-level requirements (HLR) level’. The certification documents required by DO standards, as we notion of sub-system appears, and hardware re- will explain in the following sections. Another great ad- quirements are distinguished from software ones vantage of V-model is it can be tailored into a specific at this level. High-level requirements are devel- project-oriented V-model, because it is independent from oped from the analysis and refinement of system any organization and any project. It also provides assis- requirements, system architecture, safety-related tance on the way to implement an activity, and it sup- needs and derived requirements. The latter cor- ports a wide range of development methodologies, in respond to requirements that are the result of the particular formal methods [9-11] often use to develop sub-system development process, and may not be critical parts of systems. directly traceable to high-level requirements. The Among disadvantages of V-model, it is project-oriented HLR are collected in the ‘Hardware Requirement instead of addressing the development of systems within Specification’ (HRS) and the ‘Software Re- a whole organization. Another V-model disadvantage is quirement Specification’ (SRS) documents. it fails at covering the maintenance of systems. But, these 4) The ‘low-level requirements (LLR) level’. disadvantages do not impact REF. Low-level requirements are developed from the high-level requirements, sub-system architecture, 2.2. Basics and design constraints, by refinement and refor- The concept of requirement is in the middle of systems mulation. The hardware and software subsystems engineering, as the abundant literature on the subject are directly developed from the LLR. The LLR attests it [12-15]. We define a ‘requirement’ as a cus- are collected in the ‘Hardware Design Document’ tomer’s elementary need that is to be implemented in the (HDD) and the ‘Software Design Document’ product or service that he receives1. In systems engineer- (SDD). ing, we can refine this rough definition by distinguishing 5) The ‘implementation level’ is the last level and the characteristics of the system to be built, known as the marks the end of the descending phase of the functional requirements, from the ways the system V-model. It corresponds to the hardware compo- achieves its functions, known as the non-functional re- nents and the source code. The implementation of quirements (e.g. performance, quality, interface require- a requirement consists in giving this requirement ments, etc.). We can also differentiate the customer’s an existence from its specification as it appears in needs, from which the supplier’s distributed requirements the HDD (for hardware components) or in the are issued, among three hierarchical levels, which are the SDD (for software components). system, the high-level and the low-level requirements Requirements are fundamental. Firstly, the supplier’s sets. From now on, by “customer”, we mean not only the requirements formalize the customer’s needs. The sup- purchaser of the building system, but also the supplier’s plier ensures the comprehension of the customer’s needs, teams who require services from other ones along an that he has translated this into a form he can use without enterprise workflow dedicated to requirements manage- any misunderstanding. Secondly, requirements allow the ment. Thus, we distinguish four main requirement levels identification of the characteristics of the customer’s according to their refinement level, plus a requirement needs. Finally, requirements simplify the taking into ac- implementation level as shown in Figure 1: count of customer’s needs along V-model by formalizing 1) The ‘purchaser’s level’ corresponds to the pur- them. They show the customer that the final product an- chaser’s specifications seen as a set of rough swers the needs he has expressed. needs developed in the ‘Purchaser Specification’ 2.3. Requirements Specification (PuS) document. 2) The ‘system level’: the purchaser’s needs are re- It consists of specifying the requirements. In particular, fined and reformulated, by using technical terms engineers have to define the bi-directional and vertical understandable for the development teams. The traceability between the upper and lower requirements. The main objective of the requirement traceability is to 1DO-254 defines a requirement as “an identifiable element of a speci- fication that is verifiable” [4]. DO-178B defines a software require- show that the purchaser’s needs are satisfied by system ment as “a description of what is to be produced by the software given requirements, high-level requirements, and low-level the inputs and constraints” [5]. requirements; and then implemented into the hardware Copyright © 2010 SciRes. JSEA 896 Introduction to a Requirements Engineering Framework for Aeronautics ferred to as Level A or Level B by the DO-178B stan- dard2. Project managers and team leaders must organize the work of the engineers taking this into account. A spe- cific team performs the safety activities as described in Section 4. 2.6. Requirements Verification This activity deals with the rise of V-model. It consists in evaluating the implementation of the supplier’s require- ments to determine, whether or not, they have been met. There are several means of verification: tests, code analysis, model checking, simulation, etc. For aeronau- tics real-time embedded software, the low-level require- ments are often implemented by using the Esterel Tech- nologies’ SCADE Suite [16]. This tool complies with DO-178B, and allows for generation of a certified source Figure 1.
Load more

Recommended publications
  • A System Model for Managing Requirement Traceability Matrices Via Statistical Artifact Change Analysis Benjamin J
    A System Model for Managing Requirement Traceability Matrices via Statistical Artifact Change Analysis Benjamin J. Deaver and LiGuo Huang, Southern Methodist University, Dallas Introduction and Motivation Requirement Traceability Matrix – Gantt Open Source Software Project The Value of the Requirements Traceability Matrix The system Requirement Traceability Matrix (RTM) is primarily used for ensuring Our initial dataset for evaluation is taken from the Gantt Open Source PROCEDURE Kannenberg et al identify the underlying necessity of the Requirements Traceability Matrix and the underlying effect on that all requirements are fulfilled by the system artifact deliverables and the Software Project (http://www.ganttproject.biz). The initial trace data 1. Identify the taxonomy of change for a given domain (Systems Engineering, project management, process visibility, verification and validation, as well as project maintainability. Over time, the management of change to deliverables with respect to impact on other systems. In has been provided to us by Dr. Alexander Egyed at the Institute for SoS Engineering, Software Engineering). the systems engineering and system of systems (SoS) engineering landscapes, the Systems Engineering and Automation at Johannes Kepler University. Requirements Traceability Matrix provides significant insight in to the internal workings of the relationships between RTM is a tool that is useful at time of creation, but requires constant maintenance in Additional traces of requirements to code for subsequent Gantt versions 2. Identify and classify changes between static versions of the product. requirements and deliverable artifacts. a frequently changing landscape to maintain the original level of validity. The are being created using similar methods to the original collections 3. Generate Requirements Trace Matrixes for each static version of the product dynamic nature of systems and SoS engineering landscapes requires that a RTM be performed by Dr.
    [Show full text]
  • Requirements Traceability Practices Guide
    CDC UNIFIED PROCESS PRACTICE GUIDE REQUIREMENTS TRACEABILITY Document Purpose The purpose of this document is to provide guidance on the project management practice of Requirements Traceability and to describe the practice overview, requirements, best practices, activities, and key terms related to these requirements. In addition, templates relevant to this practice are provided at the end of this guide. Practice Overview Requirements traceability is an activity that is one part of an overarching requirements management practice and extends from requirements definition through to implementation. Requirements tracing is used to ensure that each step of the product’s development process is correct, conforms to the needs of prior and next steps, and conforms to the defined requirements. Requirements tracing is a technique that helps to ensure that the project delivers what stakeholders expect. If applied correctly requirements tracing is a practice that can greatly increase the quality and reliability of a project’s final product while minimizing costly rework resulting from requirements errors. Requirements tracing defines the ability to describe and follow the life of a requirement, in both a forward and backward direction, ideally through each step of the entire product’s life cycle. This is done by documenting and tracking traceability relationships between requirements. A traceability relationship is a dependency relationship between project and/or product elements. Similar to the way a dynamic project schedule may react to a change in one task, a change to a requirement element may also have a rippling effect on other elements. A well documented traceability relationship clearly defines requirement dependencies and allows for analysis of how changes in requirements affect other requirements and the project as a whole.
    [Show full text]
  • Non-Functional Requirements
    ® IBM Software Group Non-Functional Requirements Peter Eeles [email protected] IBM Software Group | Rational software Agenda Definitions Types of requirement Classifying requirements Capturing NFRs Summary IBM Software Group | Rational software Definitions Functional Requirement Functional requirements describe the behaviors (functions or services) of the system that support user goals, tasks or activities. [Malan] Non-Functional Requirement Non-functional requirements include constraints and qualities. [Malan] [System] qualities are properties or characteristics of the system that its stakeholders care about and hence will affect their degree of satisfaction with the system. [Malan] A constraint is a restriction on the degree of freedom we have in providing a solution. [Leffingwell] [Leffingwell] Managing Software Requirements – a Unified Approach, Dean Leffingwell and Don Widrig. [Malan] Defining Non-Functional Requirements, Ruth Malan and Dana Bredemeyer. IBM Software Group | Rational software Agenda Definitions Types of requirement Classifying requirements Capturing NFRs Summary IBM Software Group | Rational software Types of Requirement Use Cases Defines the behavior of the system from an external perspective System-Wide Requirements Legal and regulatory requirements, application standards, qualities that the system exhibits (such as usability, reliability, scalability, performance), operating system and environment requirements, compatibility requirements, and other design and implementation constraints Change
    [Show full text]
  • Requirements Traceability Matrix Template
    Connecticut Department of Social Services Enterprise Program Management Office Requirements Traceability Matrix Purpose of the Requirements Traceability Matrix The Requirements Traceability Matrix (RTM) is a document that links requirements throughout the validation process. The purpose of the Requirements Traceability Matrix is to ensure that all requirements defined for a system are tested in the test protocols. The traceability matrix is a tool both for the validation team to ensure that requirements are not lost during the validation project and for auditors to review the validation documentation. Information to Include The requirements traceability matrix is usually developed in concurrence with the initial list of requirements (either the User Requirements Specification or Functional Requirements Specification). As the Design Specifications and Test Protocols are developed, the traceability matrix is updated to include the updated documents. Ideally, requirements should be traced to the specific test step in the testing protocol in which they are tested. How the RTM is used A requirements traceability matrix is used to check if the current project requirements are being met or to help in the creation of a request for proposal, software requirements specification, various deliverable documents, and project plan tasks. Change Impact Analysis – if a requirement is changing, trace links inform about related and dependent artifacts. These artifacts can easily be verified and if required, be adjusted. The probability to overlook related artifacts is reduced. Coverage Analysis – Traceability ensures that no requirements are overlooked. Especially when certifying safety-critical products it is necessary to demonstrate that all requirements are realized. Project Status Analysis – Tracking of the project status is possible: analyzing the traceability data allows the project manager to see the completion status of the requirements.
    [Show full text]
  • Requirements Engineering and Agile Methodology
    Requirements – Architecture - Agility R. Kuehl/J. Scott Hawker p. 1 R I T Software Engineering Requirements Engineering and Agile Processes (You may be thinking) Requirements engineering model as presented is not very agile Writing a SRS, etc. sounds like a classic heavy weight process It is! But, two points to consider as good software engineers: 1. Fit the software methodology and process to the problem 2. Agile processes do equivalent requirement engineering activities – still need requirements validated by stakeholders for success R. Kuehl/J. Scott Hawker p. 2 R I T Software Engineering Requirements and Agile Traditional approach – the requirements document Agile argument against tradition Communication gaps between authors and readers Change cycle is too long Challenging to capture the complete problem and system context Brain’s capacity to retain information Agile answer: Continuous collaboration with stakeholders . Workshops, conversation Stories (index cards) record conversations Are they the requirements? R. Kuehl/J. Scott Hawker p. 3 R I T Software Engineering Requirements Engineering in Agile Processes Where is the Knowledge? Requirements Eng. Agile Methodology 1. Elicitation 1. Stories 2. Iteration design, 2. Analysis customer collaboration 3. Specification 3. Stories, code, acceptance tests, unit 4. Validation tests 5. Management 4. Customer collaboration, acceptance tests 5. Planning cycle, frequent iterations R. Kuehl/J. Scott Hawker p. 4 R I T Software Engineering A Picture Worth a 1000 Words Requirements Waterfall Incremental Evolutionary “Classic” or agile style Design Always maps Construction (coding & testing) Deployment The Requirements Engineering Model The General Software Engineering Framework R. Kuehl/J. Scott Hawker p. 5 R I T Software Engineering R.
    [Show full text]
  • What Is a Requirement?
    What is a requirement? • May range from – a high-level abstract statement of a service or – a statement of a system constraint to a Software Requirements detailed mathematical functional specification • Requirements may be used for – a bid for a contract Descriptions and specifications • must be open to interpretation of a system – the basis for the contract itself • must be defined in detail • Both the above statements may be called requirements Example Example …… 4.A.5 The database shall support the generation and control of configuration objects; that is, objects which are themselves groupings of other objects in the database. The configuration control facilities shall allow access to the objects in a version group by the use of an incomplete name. …… 1 Types of requirements User requirements readers • Written for customers • Client managers – User requirements • Statements in natural language plus diagrams of the • System end-users services the system provides and its operational constraints. • Client engineers • Written as a contract between client and • Contractor managers contractor – System requirements • System architects • A structured document setting out detailed descriptions of the system services. • Written for developers – Software specification • A detailed software description which can serve as a basis for a design or implementation. System requirements readers Software specification readers • System end-users • Client engineers (maybe) • Client engineers • System architects • System architects • Software developers • Software developers 2 Functional requirements • Statements of services the system should provide, how the system We will come back to user should react to particular inputs and system requirements and how the system should behave in particular situations. Examples of functional Functional requirements requirements • Describe functionality or system services 1.
    [Show full text]
  • A Tutorial for Requirements Analysis
    Project Scope Management Prof. Dr. Daning Hu Department of Informatics University of Zurich Some of the contents are adapted from “System Analysis and Design” by Dennis, Wixom, &Tegarden. Course Review: What do Project Managers Manage? The Triple Constraint of Project Management •Scope &Quality •Time •Cost 2 Course Review: Project Objectives Scope & Quality (fitness for purpose) Budget (to complete it within the budget) Time (to complete it within the given time) It is clear that these objectives are not in harmony! 3 3 Course Review: Requirements Analysis and System Specification Why is it one of first activities in (software) project life cycle? Need to understand what customer wants first! Goal is to understand the customer’s problem. Though customer may not fully understand it! Requirements analysis says: “Make a list of the guidelines we will use to know when the job is done and the customer is satisfied.” Also called requirements gathering or requirements engineering System specification says: “Here’s a description of what the program/system will do (not how) to satisfy the requirements.” Distinguish requirements gathering & system analysis? A top-level exploration into the problem and discovery of whether it can be done and how long it will take. 4 Learning Objectives: Project Scope Management Explain what scope management is and the related processes Discuss methods for collecting and documenting requirements Explain the scope definition process and describe the contents of a Project Scope Statement Discuss the process of constructing a Work Breakdown Structure (WBS) using various approaches Explain the importance of scope verification and control and how to avoid scope problems 5 What is Project Scope Management? Scope refers to all the work involved in creating the products of the project and the processes used to create them.
    [Show full text]
  • Requirements Traceability and the Effect on the System Development Lifecycle (SDLC)
    Requirements Traceability and the Effect on the System Development Lifecycle (SDLC) by Glenn A. Stout (STOUT) DISS 725: Systems Development Process Spring Cluster, 2001 Research Paper 2 Glenn A. Stout (STOUT) Table of Contents Overview........................................................................................................................................3 Purpose..........................................................................................................................................3 Traceability....................................................................................................................................3 Traceability and Traceability Item Defined...............................................................................4 Traceability Links..................................................................................................................4 Traditional Requirements Gathering.............................................................................................5 In General..................................................................................................................................5 Engaging in the Practice of Tracing Requirements.......................................................................6 Software Requirements Specification (SRS).............................................................................6 Use Case Methodology..............................................................................................................7
    [Show full text]
  • Deriving DO-178C Requirements Within the Appropriate Level of Hierarchy
    ICSEA 2012 : The Seventh International Conference on Software Engineering Advances Deriving DO-178C Requirements Within the Appropriate Level of Hierarchy Jamie P. White Hassan Reza Department of Computer Science Department of Computer Science University of North Dakota University of North Dakota Grand Forks, USA Grand Forks, USA [email protected] [email protected] Abstract— In this paper, a set of criterion is proposed that assists an engineer in placing a derived requirement as defined by DO-178C in the proper document within the requirement document hierarchy. The proper documentation of derived requirements has historically posed some issues when it comes to requirements-based testing. For one thing, if the derived requirements are inappropriately documented, then it will be very difficult to establish traceability between individual requirements to the elements of design, implementation, and verification. Consequently, the lack of correlation between elements of requirements, design, code, and verification can jeopardize the safety of systems because it will be impossible to establish forward and backward traceability. To this end, the proposed criteria discussed in this work attempts to improve the visibility of derived requirements to prevent the unwanted consequences of masking required information from developers. Keywords-requirement traceability; requirements analysis; Figure 1. Example of a system requirement document hierarchy safety critical systems; RTCA/DO-178C; software testing; software design High-level requirements do not always contain sufficient details to describe the underlying requirement documents. As such it is necessary to create derived requirements (DR). A DR as defined by DO-178C [10] is a requirement that is not I. INTRODUCTION directly traceable to a higher-level source; it is inferred or An aircraft system is a complex system that is composed deduced from a specific source/user.
    [Show full text]
  • Requirement Analysis Fundamentals Requirements Analysis
    Requirements Analysis The process of Discovering, Refinement, Modeling and Requirement Analysis Specification in a software project. Involve both the Customer and System Engineer Fundamentals Allowing system engineer to achieve a set of objectives: Specify software function and performance Peter Lo Indicate software interface with other system elements Establish design constraints that the software must meet Provides the software designer with a representation of Information and Function that can be translated to Data, Architectural and Procedural Design. CS213 © Peter Lo 2005 1 CS213 © Peter Lo 2005 2 Requirements Analysis Software Requirement Analysis Preparation of the Software Specification: Divided into 5 main areas: It is a formal document that specifies in precise Problem Recognition terms the functional and performance requirements of the software. Evaluation and Synthesis Modeling Specification document in turn will allow the developer and customer to assess quality once Specification the software itself has been built. Review The software developer performing Requirement analysis would often be known as the Analyst CS213 © Peter Lo 2005 3 CS213 © Peter Lo 2005 4 Problem Recognition Evaluation and Synthesis Recognize the basic problem elements perceived Evaluate the flow and content of information by user and customer Define and elaborate all software functions Understand software behavior in the context of events that Understand software in the system context affect the system Define software scope Establish
    [Show full text]
  • DAU Requirements Analysis
    Requirements Analysis Page 1 of 64 Requirements Analysis This topic covers the Requirements Analysis Technical Process, its key inputs and outputs, and illustrates how it can be applied. Get the printer friendly version of the topic here. Requirements Analysis Page 2 of 64 Contents of Topic Approximate Length: 2 hours Topic Description: Requirements Analysis is a Systems Engineering Technical Process that is a key bridge between the Stakeholder Requirements Definition and Architecture Design Processes. The Requirements Analysis Process obtains sets of logical solutions (functional architectures) so as to improve understanding of the system Technical Requirements and the relationships among them. Performance parameters and constraints are allocated to these logical solutions, candidate functional architectures are developed, and Derived Technical Requirements that later become the basis for the system design are defined. This topic discusses the Requirements Analysis Process, illustrates some of the ways it can be performed and how it can be used. Select NEXT to continue. D D-Link Text: Long Description: The animation begins with a puzzle, which includes a piece labeled 'Requirements Analysis.' This ends with a display of the DAU logo. Close window to continue. Popup Text: Stakeholder Requirements Definition One of the Systems Engineering Technical Processes, Stakeholder Requirements Definition is used to determine Stakeholder Requirements (customer and other interested party requirements) and use them as the basis to develop well written Technical Requirements for a given system model. Architecture Design One of the Systems Engineering Technical Processes, Architecture Design is used to transform the outputs of the Requirements Analysis Process into a set of design solutions and a physical architecture representing a feasible system solution that is described by specifications and other design configuration descriptions.
    [Show full text]
  • DO-178C/ED-12C Versus DO-178B/ED-12B Changes and Improvements
    Frédéric Pothon ACG Solutions DO-178C/ED-12C versus DO-178B/ED-12B Changes and Improvements (c) Frédéric Pothon, 2012 This work is licensed under a Creative Commons Sept 2012 Attribution-Non Commercial-ShareAlike 3.0 Unported License. Contributions and Reviews Laurent Pomies Cyrille Comar DOSoft-Consulting AdaCore Hervé Delseny Ben Brosgol Airbus AdaCore Content 1. Purpose of this document ________________________________________ 4 2. DO-178C/ED-12C: Statement of work _______________________________ 5 3. DO-178C/ED-12C Products _______________________________________ 8 4. Description of the changes ______________________________________ 10 4.1 Errors and Inconsistencies ______________________________________ 10 4.2 Inconsistent Terminology _______________________________________ 14 4.2.1 “Guidance” and “Guidelines” _____________________________________ 14 4.2.2 Objectives and activities ________________________________________ 15 4.3 Unclear descriptions ___________________________________________ 19 4.3.1 Coordinated System/Software Aspects _____________________ 19 4.3.2 Derived requirements and traceability _____________________ 22 4.3.3 User modifiable software ______________________________ 23 4.3.4 Deactivated code ____________________________________ 24 4.3.5 WCET and Stack analysis ______________________________ 26 4.3.6 Note 6.4.2.1.d on test cases _____________________________ 26 4.3.7 Robustness ________________________________________ 27 4.3.8 Figure 6.1 on tests and reverification ______________________ 28 4.3.9 Additional
    [Show full text]