A well-known side-effect of applying requirements specification languages is that the formalization of informal requirements leads to the detection of defects such as omissions, conflicts, and ambiguities. However, there is little quantitative data available on this effect. This chapter presents an empirical study of requirements specification languages, in which two research questions are addressed: Which types of defects are detected by a requirements engineer during formalization? Which types of defects go undetected and what happens to those types in a formal specification? The results suggest looking explicitly for ambiguities during formalization, because they are less frequently detected than other types of defects. If they are detected, they require immediate clarification by the requirements author. The majority of ambiguities tend to become disambiguated unconsciously, that is, the correct interpretation was chosen, but without recurring to the requirements author. This is a serious problem, because implicit assumptions are known to be dangerous.
Design support and tooling for dependable embedded control software
