2. Rationale

Analyzing software requirements allows a team to ensure that they are properly formed and accurately and clearly describe the software system to be built. Analysis provides a structured method of reviewing requirements to identify any issues with them individually or as a collected set. The team can address identified issues before using the requirements for further project work. This reduces the need for future rework, not only of the requirements, but also of any work based on those requirements.

3. Guidance

Requirements are not incorporated into the software requirements specification until the analysis process has been completed.

The requirements analysis methodology needs to be "measurable or otherwise verifiable." ²⁷⁸ Checklists of questions to consider (such as those included in the Resources section of this guidance) may be helpful.

Regardless of the methods chosen, the project team documents the methodology used for software requirements analysis in an appropriate project document, such as the Software Development Plan/Software Management Plan (SDP/SMP), and includes some minimum steps:

• Verify requirements safety criticality, correctness, consistency, completeness.
• Verify the requirements are clear, precise, unequivocal, verifiable, testable, maintainable, feasible.
• Verify requirements traceability.
• Verify that requirements have been properly flowed down from one level to the next (i.e., from the system requirements to the software subsystem requirements and to the various levels of requirements within the software subsystem).
• Verify that requirements have been properly identified and flowed across from the software interfaces, including all computer hardware requirements and all fault management requirements.
• Examine the requirements "individually and as an integrated set." ²⁷⁶

The team may perform analysis of software requirements in conjunction with the allocation of requirements to various levels of functions and subfunctions. Guidance on logical decomposition of requirements may be found in SWE-049.

The following roles may be involved in software requirements analysis:

• Software Requirements Engineers.
• Software Safety and Assurance personnel.
• Systems Engineers.
• Hardware Engineers.
• Operations.
• Fault Management Engineers.
• Customers.

Software requirements analysis begins after the System Requirements Review (SRR). The development team analyzes the software requirements for completeness and feasibility. The development team uses structured or object-oriented analysis and a requirements classification methodology to clarify and amplify the requirements. Prioritizing requirements may also occur as part of requirements analysis. Developers work closely with the requirements definition team to resolve ambiguities, discrepancies, and to-be determined (TBD) requirements or specifications. The theme of reuse plays a prominent role throughout requirements analysis and the design phase. Special emphasis is placed on identifying potentially reusable architectures, designs, code, and approaches.

When requirements analysis is complete, the development team prepares a summary requirements analysis report and holds a Software Requirements Review (SwRR). During the SwRR, the development team presents the results of their analysis for evaluation. Following the SwRR, the requirements definition team updates the requirements document to incorporate any necessary modifications and the requirements analysis is revised based on changes to requirements made after SwRR. This revision work is completed by Preliminary Design Review (PDR) at the same time the requirements are finalized.

Software requirements analysis is a continuous activity performed on all software requirements and software requirement changes.

Use of formal inspections is an excellent method of reviewing requirements with stakeholders because it brings multiple viewpoints to bear and also achieves a common understanding of the requirements. Information on formal inspections can be found in SWE-087. Software peer reviews/inspections (SWE-088, SWE-089) are a recommended best practice for all safety and mission-success related requirements, design and code software components. Guidelines for software peer reviews/inspections are contained in the NASA Software Formal Inspections Standard (NASA-STD-2202-93). ²⁷⁷

Determine safety criticality

Software safety personnel need to be involved in the analysis of software requirements to determine their safety criticality. Software safety personnel analyze software requirements in terms of safety objectives to determine whether each requirement has safety implications. Those requirements with safety implications are designated, marked, and tracked as "safety-critical."

Additional analysis steps typically performed by software safety personnel include:

• Verification that software safety requirements are derived from appropriate parent requirements, include modes, states of operation, and safety-related constraints, and are properly marked (SWE-049).
• Verification that software safety requirements "provide adequate response to potential failures" ²⁷¹ and "include positive measures to prevent potential problems and implement required 'must work' functions." ²⁷¹

Determine correctness

Requirements are considered correct if they "respond properly to situations" ⁰⁰¹ and are appropriate to meet the objectives of higher-level requirements. A method for determining correctness is to compare the requirements set against operational scenarios developed for the project.

Determine consistency

Requirements are consistent if they do not conflict with each other within the same requirements set and if they do not conflict with system (or higher-level) requirements. It is helpful to have at least one person read through the entire set of requirements to confirm the use of consistent terms/terminology throughout.

Determine clarity

Requirements are clear if they are precise, unequivocal, and unambiguous ("can only be interpreted one way" ⁰⁰¹) both individually and as a collection. Requirements need to be concise, "stated as briefly as possible without affecting meaning." ⁰⁰¹

Suggested methods for confirming the clarity of requirements include:

• Reading the requirements and their supporting documents.
• Formal inspection.

Determine completeness

Requirements are complete if there are no omissions or undefined conditions in the requirements set. Requirements are also complete if there are no "TBDs" in the requirements set.

Suggested methods for confirming the completeness of requirements include:

• Reading the requirements and their supporting documents.
• Formal inspection.
• Reviewing the requirements set to confirm that availability, installation, maintainability, performance, portability, reliability, safety, security, and other requirements are included as appropriate to the project. ⁰⁶¹
• Reviewing the requirements set to confirm they are "sufficiently complete to begin design." ⁰⁶¹
• Reviewing the requirements to confirm they have any necessary accompanying rationale and verifiable assumptions ⁰⁸⁶
• Review the requirements set against operational scenarios developed for the project.

Determine traceability

When determining requirement traceability, the team ensures that requirements trace bi-directionally so that all software requirements have a parent (higher level) requirement and all levels of software requirements and flowed down to the appropriate detailed (lower) levels for implementation. In order for requirements to be properly traced, they are also uniquely identified.

Suggested methods for this type of analysis include:

• Trace requirements from parent/source documents into the software requirements specification and vice versa.
• Reviewing existing traceability matrices for completeness and accuracy (SWE-052).
• Reviewing the requirements set to confirm there are no "extra" or "unneeded" requirements (those not necessary to meet the parent requirement).
• Reviewing the requirements to confirm all performance requirements are realistic.

Determine feasibility

Technically feasible requirements are reasonable, realistic requirements that can be implemented and integrated together successfully to meet the operational concepts and system requirements of the project within the given operating environment, budget, schedule, available technology, and other constraints. ⁰⁶¹

Suggested methods for this type of analysis include:

• Reviewing requirements to confirm they do not "overly constrain the design." ⁰⁶¹
• Reviewing the requirements to confirm they do not unnecessarily "necessitate the use of non-standard, unusual, or unique hardware or software." ⁰⁶¹
• Review the requirements to confirm they are appropriate for the operation and maintenance of the project.

Determine verifiability

Requirements are verifiable if they are testable, "if there is a technique to verify and/or validate the requirement." ⁰⁰¹ Suggested techniques include testing, demonstration, inspection, and analysis.

Suggested methods for determining if requirements are verifiable include:

• Reviewing the requirements to confirm that they use verifiable terms (e.g., do not use terms such as "easy," "sufficient," "adequate").
• Reviewing the requirements set to confirm requirements are "stated precisely to facilitate specification of system test success criteria." ⁰⁸⁶
• Reviewing the requirements to confirm that there is at least one feasible method identified to verify the requirement.

Determine maintainability

Requirements are maintainable if they are "written so that ripple effects from changes are minimized (i.e., requirements are as weakly coupled as possible)." ⁰⁸⁶ Maintainability can be achieved, by reviewing the requirements set looking for unnecessarily coupled or interdependent requirements.

Communicate outcome

Although not part of the engineering requirement, it is recommended that results of software requirements analysis be captured in the project documentation and communicated to those who need this information to make decisions or to develop (or update) project documents. The stakeholders and the project will decide how to address the results of the analysis, including any changes that need to be made to address findings. The methodology used for the software requirements analysis and the results of the software requirements analysis are communicated at multiple project formal reviews as defined in the software development or management plan. Specifically, according to the NASA Software Safety Standard (NASA-STD-8719.13) ²⁷¹, "The software safety requirements analysis results shall be presented at project formal reviews and system-level safety reviews by the responsible safety organization." ²⁷¹

When capturing the results of software requirements analysis, consider the following content:

• Purpose and background of the project, overall system concepts, and document overview.
• Key reuse candidates and overall architectural concept for the system.
• Updates to operations concepts resulting from work performed during the requirements analysis phase.
  • Updated operations scenarios.
  • Operational modes, including volume and frequency of data to be processed in each mode, order and type of operations, etc.
  • Updated descriptions of input, output, and messages.
• Specification analysis
  • Summary of classifications (mandatory, derived, "wish list," information only, or TBD) assigned to requirements and functional specifications.
  • Problematic specifications (identification and discussion of conflicting, ambiguous, infeasible, untestable, and TBD requirements and specifications).
  • Unresolved requirements/operations issues, including the dates by which resolutions are needed
  • Analysis of mathematical algorithms.
• System constraints
  • Hardware availability (execution, storage, peripherals).
  • Operating system limitations.
  • Support software limitations.
• Development assumptions.
• Risks, both to costs and schedules, including risks related to TBD or changing requirements, as well as technical risks.
• Prototyping efforts needed to resolve technical risks, including the goals and schedule for each prototyping effort.
• Data flow or object-oriented diagrams (results of all functional decomposition or object-oriented analysis of the requirements performed during the requirements analysis phase).
• Data dictionary for the updated processes, data flows, and objects shown in the diagrams.

Consult Center Process Asset Libraries (PALs) for Center-specific guidance and resources related to software requirements analysis, including relevant checklists.

Additional guidance related to software requirements analysis may be found in the following related requirements in this handbook:

4. Small Projects

Projects with small budgets or limited personnel may choose to limit the number of reviews involved in software requirements analysis. It is important in this situation to avoid skipping any important analysis activities. Consider using checklists or other guides to ensure all analysis elements are addressed.

Additionally, multiple roles may be filled by a single person on small projects, so it may be helpful to request assistance from experts outside the project when conducting requirements analysis. These persons can provide "fresh eyes" as well as specific key perspectives that may not be available on the core project team.

5. Resources

5.1 Tools

Tools to aid in compliance with this SWE, if any, may be found in the Tools Library in the NASA Engineering Network (NEN).

NASA users find this in the Tools Library in the Software Processes Across NASA (SPAN) site of the Software Engineering Community in NEN.

The list is informational only and does not represent an “approved tool list”, nor does it represent an endorsement of any particular tool. The purpose is to provide examples of tools being used across the Agency and to help projects and centers decide what tools to consider.

6. Lessons Learned

The NASA Lessons Learned database contains the following lessons learned related to software requirements analysis:

• Software Requirements Management. Lesson Number 3377: "Cost and schedule impacts that result from incomplete, incorrect, or changing software requirements increase the later they occur in the software life cycle." ⁵⁷⁶

• Orbital Space Plane - Stay true to the process! (Contributor to Orbital Space Plane (OSP) problems.) Lesson Number 1501: "Development of the Level 2 requirements did not follow established systems engineering guidelines for allocation, inclusion of performance and functional requirements, validation, and feasibility assessments. ... Requirement development, analyses, and system design activities were not synchronized. Functional decomposition was not complete before system design started and before Level 3 requirements were base-lined. ... The process for demonstrating requirements feasibility was unclear." ⁵⁵⁹