Do Instance-level Review Diagrams Support Validation Processes of Cyber-Physical System Specifications

Abstract

In the field of safety-critical systems, manual reviews are important to ensure high-quality software and to satisfy legal obligations. When applying model-based engineering approaches, no longer are only textual requirements specifications or software code under review, but also model-based specification artifacts like behavioral requirements models. As such behavioral specifications are typically documented on a type-level, errors concerning the interactions between multiple system instances can go unnoticed in manual reviews. This is particularly the case when multiple system instances of the same system type are interacting during runtime, which is typical for cyber-physical systems where networks of cyber-physical systems form dynamically to fulfill an overall purpose. In this paper, we report on a controlled experiment whose results indicate that instance-level review diagrams have -- compared to type-level diagrams - important positive effects on reviewing processes for behavioral specifications of cyber-physical systems. Specifically, the experiment provides empirical evidence that instance-level review diagrams are significantly more expressive and effective than type-level diagrams.