Structural Similarity of Boundary Conditions and an Efficient Local Search Algorithm for Goal Conflict Identification
Hongzhen Zhong, Hai Wan, Weilin Luo, Zhanhao Xiao, Jia Li, Biqing Fang
SStructural Similarity of Boundary Conditions and anEfficient Local Search Algorithm for Goal ConflictIdentification st Hongzhen Zhong
School of Data and Computer ScienceSun Yat-sen University
Guangzhou, [email protected] nd Hai Wan † School of Data and Computer ScienceSun Yat-sen University
Guangzhou, [email protected] rd Weilin Luo
School of Data and Computer ScienceSun Yat-sen University
Guangzhou, [email protected] th Zhanhao Xiao
School of Data and Computer ScienceSun Yat-sen University
Guangzhou, [email protected] th Jia Li
School of Data and Computer ScienceSun Yat-sen University
Guangzhou, [email protected] th Biqing Fang
School of Data and Computer ScienceSun Yat-sen University
Guangzhou, [email protected]
Abstract —In goal-oriented requirements engineering, goal con-flict identification is of fundamental importance for requirementsanalysis. The task aims to find the feasible situations whichmake the goals diverge within the domain, called boundary con-ditions (BCs) . However, the existing approaches for goal conflictidentification fail to find sufficient BCs and general BCs whichcover more combinations of circumstances. From the BCs foundby these existing approaches, we have observed an interestingphenomenon that there are some pairs of BCs are similar informula structure, which occurs frequently in the experimentalcases. In other words, once a BC is found, a new BC may bediscovered quickly by slightly changing the former. It inspires usto develop a local search algorithm named
LOGION to find BCs, inwhich the structural similarity is captured by the neighborhoodrelation of formulae. Based on structural similarity,
LOGION canfind a lot of BCs in a short time. Moreover, due to the largenumber of BCs identified, it potentially selects more generalBCs from them. By taking experiments on a set of cases, weshow that
LOGION effectively exploits the structural similarityof BCs. We also compare our algorithm against the two state-of-the-art approaches. The experimental results show that
LOGION produces one order of magnitude more BCs than the state-of-the-art approaches and confirm that
LOGION finds out more generalBCs thanks to a large number of BCs.
Index Terms —Goal Conflicts, Boundary Condition, LocalSearch, LTL Satisfiability
I. I
NTRODUCTION
Requirements engineering is an essential phase of the soft-ware development life cycle [1]. It is important to attain thecorrect software requirements specification. Many researcheshave demonstrated the significant advantages that formal andgoal-oriented approaches bring to the generation of correctspecifications [2]–[4]. In such approaches, domain properties and goals , represented in the
Linear-time Temporal Logic † Corresponding author (LTL) , can capture requirements naturally [5].
Goal conflictidentification is an important stage of formal and goal-orientedrequirements engineering, which aims to find inconsistenciesbetween goals. The inconsistencies are captured by boundaryconditions (BCs) under which goals are unsatisfiable as awhole within the domain properties. Below we illustrate BCsusing a MinePump example [6].
Example 1.
Consider a system to control a pump inside amine. The main goal of the system is to avoid flood in the mine.The system has two sensors. One detects the high water level( h ), the other detects methane in the environment ( m ). Whenthe water level is high, the system should turn on the pump ( p ).When there is methane in the environment, the pump shouldbe turned off. Domain property and goals are represented viathe following LTL formulae. Domain Property: Name : PumpEffect
Description : The pump is turned on for two time steps,then in the following one the water level is not high.
Formula : (cid:3) (( p ∧ (cid:13) p ) → (cid:13) ( (cid:13)¬ h )) Goals: Name : NoFlooding
Description : When the water level is high, the systemshould turn on the pump.
Formula : (cid:3) ( h → (cid:13) ( p )) Name : NoExplosion
Description : When there is methane in the environment,the pump should be turned off.
Formula : (cid:3) ( m → (cid:13) ( ¬ p )) a r X i v : . [ c s . S E ] F e b wo of BCs of this specification are: BC = (cid:3) ( h ∧ m ) BC = ♦ ( h ∧ m ) Intuitively, BC captures the situation that high water leveland methane always happen, while BC captures the situationthat high water and methane will happen in the future. Underthe BC or BC , two goals are unsatisfiable simultaneouslywithin domain property. Van Lamsweerde [5] pointed out that we must identify asmany BCs as possible, which is important to refine require-ments. Identifying more BCs helps us select more general BCs.Intuitively, the more general BC is of higher quality becauseit can cover more combinations of circumstances. Once it isworked out, less general BCs will also be worked out. Inorder to find more BCs, previous approaches can be mainlycategorized into construct-based approaches and search-basedapproaches. Construct-based approaches focus on generatingBCs based on constructing templates [7] or tableau structure[8]. However, they suffer from scalability issues because thetemplates and the tableau structure could be generated only ina small requirement specification. The search-based approach[9] focuses on finding BCs. It produces lots of LTL formulaeand checks whether they are BCs one by one. But it searcheswithout guided and wastes a lot of time checking the formulaethat are not BCs.When we fixed our eyes on the BCs computed by theexisting approaches to generating BCs [8], [9], we found aninteresting phenomenon that there exist some pairs of BCswhich are similar on the structure. Recall that BC and BC are presented in Example 1, these two formulae are similar onthe structure: they differ from each other in only one place.Furthermore, BC is more general than BC because BC isjust a special case of BC . Based on structural similarity, wecan find more general BC , not just BC . We will give a for-mal definition of general BC in section II-A. In consequence,once one BC is found, the other one may be found via simplychanging the former. Fortunately, we have observed that thiscase occurs frequently in the specifications, which allows us tofind more BCs quickly and help us to select more general BCsvia taking advantage of such a kind of structural similarity. Toformalize the sightly change of formulae, we propose threeformula edit operations: Rename , Insert , and
Delete . Forthat, we introduce an efficient local search based algorithm tocompute BCs, in which the structural similarity is captured bythe neighborhood relation of formulae. A formula differs fromits neighbor on only one or two variables or operators.In this paper, we evaluate to what extent our approach
LOGION exploits the structural similarity of BCs on a set ofclassical cases. The experimental results show that the BCssuccessively computed by
LOGION are quite similar on theformula structure.We also compare our approach
LOGION against Tableaux-based [8] and the GA-based [9] approaches. The experimentresults show that our approach
LOGION finds one order of magnitude more BCs than these two approaches in almost allcases. We also choose more general BCs based on the largenumber of BCs found by
LOGION .Our main contributions are summarized as follows.1) From the BCs found by the Tableaux-based [8] and theGA-based [9] approaches, we discover an interestingphenomenon that there are some pairs of BCs are similarin formula structure.2) We propose an efficient local search algorithm named
LOGION for goal-conflict identification, in which theneighborhood of formula captures the structural similar-ity of BCs.3) Empirical evidence shows that our approach
LOGION has superiority on the efficiency of computing BCs,over the Tableaux-based [8] and the GA-based [9]approaches.The remainder of the paper is organized as follows. In Sec-tion II, we give preliminaries about goal-conflict identification,linear-time temporal logic, tree edit distance, and local searchalgorithms. Next, we show how the similarity of BCs occursfrequently in Section III and describe our approach in detailin Section IV. In Section V, we carry out our experiments tovalidate our approach and compare it with related approaches.Finally, we discuss related work in Section VI and make someconclusions in the last section.II. B
ACKGROUND
In this section, we introduce the background of goal conflictidentification, linear-time temporal logic, tree edit distance,and local search algorithm. We briefly recall some basicnotions for the rest of the paper.
A. Goal Conflict Identification
In goal-oriented requirements engineering methodolo-gies [5], goals and domain properties are formed in linear-time temporal logic. Goals are prescriptive statements that thesystem must achieve, while domain properties are descriptivestatements that capture the domain about the problem world. Itis unrealistic to require requirements specification to be com-plete or all goals to be satisfiable ideally, because unanticipatedcases may occur. It suggests identifying the conflicts as earlyas possible. The goal-conflict identification stage is importantin the conflict analysis phase.The conflict analysis phase [5], [10] has three main stages:1) the identification stage is to identify condition whoseoccurrence makes the goals diverge;2) the assessment stage is to assess and prioritize theidentified conflicts according to their likelihood andseverity;3) the resolution stage is to resolve the identified conflictsby providing appropriate countermeasures.In this paper, we focus on the identification stage. A conflictrepresents a condition that occurrence results in the loss ofsatisfaction of the goals. efinition 1.
Given a set { G , . . . , G n } of goals and a set Dom of domain properties, the goals are said to be divergentin the context of ϕ if there exists an expression ϕ , called a boundary condition , such that the following properties hold: Dom ∧ G ∧ ϕ | = ⊥ (logical inconsistency) Dom ∧ G − i ∧ ϕ (cid:54)| = ⊥ , for each ≤ i ≤ n (minimality) ¬ G (cid:54)≡ ϕ (non-triviality)where G = (cid:86) ≤ i ≤ n G i and G − i = (cid:86) j (cid:54) = i G j . Intuitively, a BC captures a situation where the goals as awhole are not satisfiable. The logical inconsistency conditionmeans that the conjunction of goals G , . . . , G n becomesinconsistent when BC holds. The minimality condition statethat disregarding one of the goals no longer results in theconsistency. The non-triviality condition forbids a BC to be atrivial condition, which is the negation of the conjunction ofthe goals. Note that the minimality condition requires a BCitself to be consistent.Specifying software requirements in the LTL formulationallows us to employ automated LTL satisfiability (SAT) solversto check for the feasibility of the corresponding requirements.With an efficient LTL SAT solvers, we can automatically checkif the generated candidate formulae are valid BCs or not bychecking if they satisfy the properties.Given a set of BC S , we call BC ϕ i ∈ S is more generalthan another BC ϕ j ∈ S if ϕ j implies ϕ i . Intuitively, amore general BC ϕ captures all the particular combinationsof circumstances captured by the less general BCs than ϕ .Therefore, it is also important to find more general BCs. B. Linear-Time Temporal Logic
Linear-Time Temporal Logic (LTL) [11] is widely used todescribe infinite behaviors of discrete systems. LTL formulaeare defined from a countably infinite set P of propositionalvariables, classical propositional connectives including ¬ , ∧ , ∨ and temporal operators (cid:3) (always), ♦ (eventually), (cid:13) (next), U (until), R (release) and W (weak-until), as follows:1) b ∈ B is an LTL formula, where B = {(cid:62) , ⊥} ;2) every proposition p ∈ P is an LTL formula;3) if ϕ and ϕ are LTL formulae, then so are ¬ ϕ , ϕ ∧ ϕ , ϕ ∨ ϕ , (cid:13) ϕ , (cid:3) ϕ , ♦ ϕ , ϕ U ϕ , ϕ R ϕ , ϕ W ϕ .LTL formulae are interpreted over linear-time structures. Alinear-time structure is a pair of M = ( S, ε ) where S is an ω -sequence s , s , ... of states and ε : S → P is a functionmapping each state s i to a set of propositional variables thathold in s i . Let M be a linear-time structure, i ∈ N a position,and ϕ, ψ LTL formulae. We define the satisfaction relation | = as follows: M, i | = p iff p ∈ ε ( s i ) , where p ∈ P M, i | = ¬ ϕ iff M, i (cid:54)| = ϕM, i | = ϕ ∧ ψ iff M, i | = ϕ and M, i | = ψM, i | = (cid:13) ϕ iff M, i + 1 | = ϕM, i | = ϕ U ψ iff ∃ k ≥ i s.t. M, k | = ψ and ∀ i ≤ j The tree edit distance [14] is used to measure the similaritybetween two ordered labeled trees and has successfully beenapplied in a wide range of applications. The tree edit distance is the cost of the minimal-cost sequence of node edit opera-tions that transforms one tree into another. For ordered labeltrees, there are three node edit operations: • relabel the label of a node in tree; • insert a node between an existing node and a subsequenceof consecutive children of this node; • delete a non-root node and connect its children to itsparent maintaining the order.Generally, the cost of each node edit operation is one, andthe cost of a sequence is the sum of the cost of its nodeedit operations. So, the tree edit distance is considered as thelength of the sequence with the minimal cost. We use | T | todenote the size of the tree T , i.e. , the number of nodes in T .Given two trees T and T , the tree edit distance is denotedby δ ( T , T ) .In fact, for the trees with large sizes, the tree edit distancebecomes unsuitable to represent the difference between thesetrees. For example, a tree edit distance of means a big gapbetween two trees with the size but a small gap betweentwo trees with the size . To capture the relative similarity w.r.t. the size, the notion of the normalized tree edit distancewas proposed in [15], which is defined as: ∆( T, T (cid:48) ) = δ ( T, T (cid:48) ) | T | + | T (cid:48) | ∈ [0 , . For further details on the tree edit distance, we refer thereader to [16]. D. Local Search Local search is a kind of meta-heuristic search algorithm.More formally, given a problem instance π , we use S ( π ) to denote its search space, which is the set of all candidatesolutions. The neighborhood function N : S ( π ) (cid:55)→ S ( π ) mapseach candidate solution to its neighbors. The set N ( s ) is called ABLE IT HE DETAILS OF EACH CASE INCLUDE THE NUMBERS OF DOMAINPROPERTIES ( OM ), GOALS ( OAL ), VARIABLES ( AR ), AND THETOTAL SIZE OF ALL FORMULAE (S IZE ) FOR THE SPECIFICATION OF EACHCASE Case the neighbors of s . The objective function f : S ( π ) (cid:55)→ R isa mapping of candidate solutions to their objective functionvalue. Typically, a local search algorithm constructs an initialcandidate solution and modifies it iteratively. At each searchstep, the algorithm evaluates the neighbors of the currentcandidate solution by the objective function and move to thebest neighbor. The search procedure terminates when it runsout of time or the best solution found has not been improvedin a given number of steps.Due to the limited amount of local information whenchoosing a neighbor to move to, the local search suffers fromcycling, that is, some candidate solutions of high quality arebeing frequently revisited. Tabusearch [17], [18] is a funda-mentally different approach to reduce cycling which forbidssteps to recently visited candidate solutions. The simplest andmost widely applied implementation of tabu search consistsof an iterative improvement algorithm enhanced with a formof short-term memory M which stores the last T visitedsolutions, where T is called the tabu tenure . In each searchstep, the algorithm chooses the best neighbor in N ( s ) \ M ,where s is the current candidate solution.For further details on the local search algorithm, we referthe reader to [19].III. S IMILARITY OF B OUNDARY C ONDITIONS As we show in the introduction section, we have observedthat there are some pairs of BCs similar on the structure. Inthis section, we show the structural similarity of BCs in theclassical cases. A. Cases We use 16 cases introduced by Degiovanni [9]. Table Isummarizes the numbers of domain properties (“ B. Structural Similarity In order to capture the structural similarity of LTL formulae,we borrow the notion of the similarity on ordered label trees.It is notable that every LTL formula corresponds to a parsetree which is also an ordered label tree [20]. Then we use T ϕ to denote the parse tree of the formula ϕ . Note that the sizeof the formula ϕ equals to the size of its parse tree T ϕ , i.e. , | T ϕ | = | ϕ | . The parse tree of the formula (cid:3) ( h → (cid:13) ( p )) isshown in Figure 1(a).Next, we define the distance between two formulae as thetree edit distance between their corresponding parse trees.Formally, for two formulae ϕ and ϕ (cid:48) , we use δ ( ϕ, ϕ (cid:48) ) = δ ( T ϕ , T ϕ (cid:48) ) to denote the formula distance between ϕ and ϕ (cid:48) . As BCs in different specifications may differ seriouslyon the formula size, we also consider the relative distancebetween two formulae w.r.t. their sizes. Similarly, we use ∆( ϕ, ϕ (cid:48) ) = ∆( T ϕ , T ϕ (cid:48) ) to denote the normalized formuladistance between ϕ and ϕ (cid:48) .Intuitively, the distance between two formulae indicatestheir divergence on the structure: the distance is bigger, thedivergence is bigger. Indeed, the formula distance also has theproperty of the tree edit distance: • δ ( ϕ, ϕ ) = ∆( ϕ, ϕ ) = 0 • ∆( ϕ, ϕ (cid:48) ) ∈ [0 , Example 2 (Example 1 cont.) . Let ϕ = (cid:3) ( h → (cid:13) ( p )) , ϕ = (cid:3) ( h ∧ m ) and ϕ = ♦ ( h ∧ m ) . For formula distance, δ ( ϕ , ϕ ) = 3 and δ ( ϕ , ϕ ) = 1 . For normalized formuladistance, ∆( ϕ , ϕ ) = 0 . and ∆( ϕ , ϕ ) = 0 . . According to the similarity notion of LTL formulae, herewe have our first research question: RQ1: How frequently similar BC pairs do occur in thesecases?As there is no set of BCs for these specifications, wegenerated BCs by applying the existing approaches [8], [9]for 24 hours (10 runs in parallel). After removing the identicalBCs, the numbers of BCs of different cases are shown in TableII, denoted by “ l ( l = 1 , , , on the total number of BCs.Formally, we use % BC ( δ ≤ l ) to denote the proportion, whichis defined as: % BC ( δ ≤ l ) = { BC |∃ BC (cid:48) .δ ( BC, BC (cid:48) ) ≤ l } . We also compute the average number of similar BCs ofeach BC whose distance is not greater than l . Formally,given a set of BCs and a boundary condition BC , we use sim ( BC, l ) = { BC (cid:48) | δ ( BC, BC (cid:48) ) ≤ l } to denote the set ofBCs whose formula distance to BC is not greater than l . Weuse sim ( δ ≤ l ) to denote the average number of similarBCs, which is defined as: sim ( δ ≤ l ) = (cid:80) sim ( BC, l ) . he results are shown in Table II. Taking the example ofLAS, for each boundary condition BC , there are averagely BCs which differ from BC only on one or two variables oroperators. From the table, we can observe that in most casesexcept for Load Balancer and LiftController, there are morethan BCs which can be obtained by applying two or threeformula edit operations from another BC. In these cases, everyBC averagely has more than one BCs with at most variablesor operators differing.Besides the formula distance, we also consider the normal-ized formula distance in the cases of different upper bound k ( k = 0 . , . , . . The results are also shown in Table II. Forexample, in RRCS, every boundary condition BC averagelyhas . BCs which has a normalized formula distance to BC less than . . The results illustrate that in each case, thereare more than BCs having a relatively similar BC whosenormalized formula distance is at most . . The results alsoshow that each BC averagely has more than two similar BCwhose normalized formula distance is at most . .Next, in order to explore how close the similar BC pairsare, for each case study, we compute the average minimumdistance between BCs and their most similar BCs. The resultsare shown in the column “avg min” in Table II. It shows thatin most cases, most BCs have a similar BC whose formuladistance is less than .To sum up, in most cases, there are more than BCswhich have both an absolutely similar BC ( δ ≤ a relativelysimilar BC (∆ ≤ . . Similar BC pairs are very common incases. IV. T HE LOGION A LGORITHM In this section, we develop a local search algorithm named LOGION for goal conflict identification, which exploits thestructural similarity of BCs to design the neighborhood re-lation. Next, we specify each component of our algorithm LOGION and then give its entire description. A. Neighborhood The search space of LOGION is composed of LTL formulae.To search for BCs, we define the syntactic neighborhood ofan LTL formula. Inspire by node edit operations, we introduceLTL formula edit operations , which can slightly modify anLTL formula to another LTL formula.Let o , o (cid:48) be two different LTL unary operators ( i.e. , o , o (cid:48) ∈ {¬ , (cid:3) , ♦ , (cid:13)} ). and o , o (cid:48) be two different LTL binaryoperators ( i.e. , o , o (cid:48) ∈ {∧ , ∨ , U , R , W} ). Given a formula ψ ,its neighbor ψ (cid:48) can be constructed by one of three formulaedit operations defined below:1) Rename a) ψ (cid:48) = p (cid:48) , when ψ = p , p ∈ P ∪ B , p (cid:48) ∈ P ∪ B and p (cid:54) = p (cid:48) b) ψ (cid:48) = o (cid:48) ψ , when ψ = o ψ c) ψ (cid:48) = ψ o (cid:48) ψ , when ψ = ψ o ψ Insert a) ψ (cid:48) = o (cid:48) ψ b) ψ (cid:48) = ψo (cid:48) p or po (cid:48) ψ , when p ∈ P ∪ B Delete a) ψ (cid:48) = ψ , when ψ = o ψ b) ψ (cid:48) = ψ or ψ (cid:48) = ψ , when ψ = ψ o ψ The Rename operation replaces the top symbol of ψ withother same type symbol. The Insert adds a new LTL operatorto be top operator of ψ . Note that if the new LTL operator isbinary operator, it need to add a new proposition p for creatingthe valid formula ψ (cid:48) . The Delete removes the top operator of ψ . If the top operator of ψ is a binary operator. one of thechildren is a proposition. Then, the Delete removes the topoperator and the proposition. Theorem 1. For any formulae ψ and ψ , ψ can be changedto ψ by a limited number of formula edit operations.Proof. We can change ψ to a proposition by Delete and Rename . Then we change the proposition to ψ by Insert and Rename .Based on the formula edit operation, we design the neigh-borhood of an LTL formula. Definition 2. Given an LTL formula ϕ as input, the neighbor-hood function w.r.t. ϕ , denoted by N ( ϕ ) , returns all formulaeobtained by applying a formula editing operation to a sub-formulae of ϕ . Specifically, we first extract all subformulae of ϕ , thenwe modify each subformula with the above formula editoperations to get N ( ϕ ) . Property 1. For an LTL formula ϕ , if ϕ (cid:48) ∈ N ( ϕ ) , then δ ( ϕ (cid:48) , ϕ ) = 1 or .Proof. As ϕ (cid:48) is a neighbor of ϕ , ϕ (cid:48) is obtained from ϕ viaa formula edit operation. Then we consider the formula editoperation in three cases:1) In the case of Rename operation, i.e. , (1a)-(1c), T ϕ (cid:48) is obtained from T ϕ by relabeling the label of thecorresponding node. So δ ( ϕ (cid:48) , ϕ ) = 1 .2) In the case of unary Insert operation (2a) orunary Delete operation (3a), T ϕ (cid:48) is obtained by in-serted/deleted the corresponding node. So δ ( ϕ (cid:48) , ϕ ) = 1 .3) In the case of binary Insert operation (2b) or bi-nary Delete operation (3b), T ϕ (cid:48) is obtained from T ϕ by inserting or deleting two corresponding nodes. So δ ( ϕ (cid:48) , ϕ ) = 2 .Property 1 shows that the structural similarity of formulae,as all the neighbors of a formula are formulae whose distanceto it is at most .Since there are too many neighbors for ϕ (such as the (cid:3) ( h ∧ m ) of Example 1, the number of all its neighbors is ), toefficiently select a good candidate BC, we bound the numberof neighbors to k in N ( ϕ ) , denoted by N k ( ϕ ) , where k is ahyperparameter. Specifically, we first select k sub-formulae of ABLE IIE XPERIMENTAL RESULTS ON THE SIMILARITY OF BC S COMPUTED BY THE GA- BASED APPROACH AND T ABLEAUX - BASED APPROACH (T ABLEAUX FORSHORT )Case GA-based Approach and Tableaux % BC ( δ ≤ l ) sim ( δ ≤ l ) % BC (∆ ≤ k ) sim (∆ ≤ k ) avg min l = 1 l = 2 l = 3 l = 1 l = 2 l = 3 k = 0 . k = 0 . k = 0 . k = 0 . k = 0 . k = 0 . RP1 85.3% 96.4% 98.0% 2.1 6.8 13.4 91.9% 97.1% 98.7% 5.1 21.0 42.3 1.1 308RP2 84.2% 96.6% 98.8% 2.1 6.8 13.5 87.6% 97.2% 99.1% 8.1 39.4 61.0 1.1 566Ele 65.9% 93.5% 97.6% 1.2 4.2 9.3 35.8% 90.2% 97.6% 1.0 4.8 11.6 1.2 124TCP 69.3% 91.9% 98.7% 1.5 5.0 11.3 52.8% 93.2% 98.2% 1.7 6.9 16.2 1.1 382AAP 63.2% 92.0% 97.9% 1.4 5.0 11.7 24.7% 85.8% 95.1% 0.5 3.4 7.3 1.2 289MP 68.4% 93.4% 98.2% 1.5 5.4 12.7 54.2% 90.8% 96.8% 1.9 10.0 22.0 1.1 913ATM 72.6% 94.6% 98.5% 1.7 5.8 12.0 77.9% 97.2% 98.5% 3.6 17.5 37.2 1.1 681RRCS 40.8% 81.0% 90.2% 0.7 2.3 4.3 66.5% 93.4% 98.1% 1.6 6.6 14.7 1.5 317Tel 39.2% 72.0% 82.9% 0.7 1.9 3.7 80.5% 95.1% 97.9% 3.1 10.5 23.9 1.7 534LAS 80.4% 92.5% 99.1% 2.0 6.0 8.9 95.3% 97.2% 97.2% 18.0 24.4 27.4 1.1 108PA 58.8% 79.1% 87.8% 1.1 3.0 5.6 74.7% 86.9% 92.8% 2.5 7.3 15.5 1.5 321RRA 86.2% 95.6% 97.8% 2.1 7.0 15.1 92.5% 98.1% 99.4% 4.0 16.8 36.6 1.1 319SA 29.4% 64.7% 76.5% 0.5 1.1 1.5 64.7% 82.4% 88.2% 2.1 3.8 7.1 1.8 18LB 7.1% 29.8% 41.7% 0.2 0.5 0.7 63.1% 84.5% 91.7% 0.8 2.1 3.1 3.6 85LC 0.9% 12.4% 27.8% 0.1 0.3 0.6 36.9% 66.5% 81.7% 0.9 3.4 6.8 4.2 443AMBA 1.8% 43.3% 72.0% 0.1 1.1 2.0 38.4% 76.8% 91.5% 1.1 6.9 12.5 1.9 165 “ % BC ( δ ≤ l ) ” and “ % BC (∆ ≤ k ) ” mean the proportion of BCs which have at least a similar BC whose formula distanceis at most l and whose normalized formula distance is at most k , respectively. “ sim ( δ ≤ l ) ” and “ sim (∆ ≤ l ) ” mean theaverage number of similar BCs of each BC whose formula distance are at most l and whose normalized formula distance isat most k . “ avg min ” means the average distance between BCs and their most similar ones. “ Fig. 1. An example of getting neighbors of (cid:3) ( h → (cid:13) ( p )) by formulaediting operations. (a) (cid:3) ( h → (cid:13) ( p )) and its parse tree. (b) The neighborformula after renaming h to m and its parse tree. (c) The neighbor formulaafter inserting ♦ and its parse tree. (d) The neighbor formula after deleting (cid:13) and its parse tree. ϕ uniformly at random. Then, for each sub-formulae, select aformula edit operation uniformly at random to modify it. Example 3 (Example 1 cont.) . Considering the formula (cid:3) ( h → (cid:13) ( p )) and k = 3 , suppose we select the subformula ψ of ϕ , i.e., h , h → (cid:13) ( p ) and (cid:13) ( p ) . Figure 1(b), (c) and (d)show the result of Rename , Insert and Delete , respectively. In order to avoid that some formulae are frequently visited,we employ the tabu search strategy [17], [18]. An LTL formulais called a T -tabu formula iff it has been visited during thelast T search steps, where T is called tabu tenure and isa hyperparameter. For an LTL formula ϕ , its neighborhood w.r.t. a T -tabu is defined as its neighbors which are not T -tabu formulae. formally, N k ( ϕ, T ) = { β | β ∈ N k ( ϕ ) and β is not a T -tabu formula } . B. Initialization and Objective Function In order to find BCs quickly, the initial formula should beas “close” to a BC as possible. Therefore, we propose ¬ ( G ∧· · · ∧ G n ) , called trivial condition , as the initial formula. It iseasily constructed and “close” to a BC because it only violatesnon-triviality in Section II. Example 4 (Example 1 cont.) . Consider the Example 1, theinitial formula is ¬ ( (cid:3) ( h → (cid:13) ( p )) ∧ (cid:3) ( m → (cid:13) ( ¬ p )) . Next, we use an objective function to measure how “close”the formula is to a BC. According to the three propertiesof BCs, Degiovanni et al. [9] proposed an objective functionto capture the similarity between formula and BC. Here wefollow their objective function. Given an LTL formula ϕ , theobjective function f is defined as: f ( ϕ ) = li ( ϕ ) + | G | (cid:88) i =1 min ( ϕ, G − i ) + nt ( ϕ ) + 1 | ϕ | where | G | is the number of the goals and the functions li , min and nt are defined as follows: li ( ϕ ) = (cid:26) if ( Dom ∧ G ∧ ϕ ) is UNSAT otherwise min ( ϕ, G − i ) = (cid:26) | G | if ( Dom ∧ G − i ∧ ϕ ) is SAT otherwise nt ( ϕ ) = (cid:26) . if ¬ G (cid:54)≡ ϕ otherwise lgorithm 1: The LOGION Algorithm Input: the domain properties Dom and a set of goals G , . . . , G n Output: a set of boundary conditions B B ← ∅ ; ϕ ∗ ← ¬ ( G ∧ · · · ∧ G n ) ; while the cutoff time is not reached do if N ( ϕ ∗ , T ) (cid:54) = ∅ then ¯ B ← N k ( ϕ ∗ , T ) ; ϕ ∗ ← the formula in ¯ B with highest score; B ← B ∪ BCs in ¯ B ; T-tabu update; return B ;Intuitively, the first three terms of the objective function f capture the three properties of BC, respectively: li for thelogical inconsistency, min for the minimality and nt for thenon-triviality. The last term makes the local search tend toproduce compact formulae, which is a secondary issue. Weuse an LTL SAT checker, such as Aalta [21], to check thesatisfiability of LTL formula in the objective function. C. The Description of LOGION In this section, we give the entire description of the LOGION algorithm based on the components described above. LOGION is shown in Algorithm 1. In the beginning, LOGION uses thetrivial condition to construct an initial LTL formula ϕ ∗ (line2). After that, LOGION executes a search step iteratively untilthe time budget is reached. During the searching procedure, ϕ ∗ represents the current best formula. N k ( ϕ ∗ , T ) is not alwaysempty because T-tabu formulae update at the end of eachiteration. LOGION computes the score of each formula in ¯ B according to the objective function mentioned in IV-B, andwalks to the formula with the highest score (line 6). LOGION adds all BCs from ¯ B into B (line 7). Finally, it returns allBCs ¯ B (line 9). V. E XPERIMENTS In this section, we conduct extensive experiments on a broadrange of cases shown in Section III to evaluate the effective-ness of our LOGION algorithm by comparing it with the state-of-the-art approaches. We start by presenting two researchquestions and presenting the state-of-the-art competitors andexperimental preliminaries about the experiments. Then, weshow the experimental results and give some discussions aboutthe empirical results. Finally, we show an application of BC.As a start, we propose the following research questions toevaluate our LOGION algorithm. RQ2: To what extent does LOGION exploit the structuralsimilarity of BCs? RQ3: How does LOGION compare against the state-of-the-art competitors on cases? A. The State-of-the-art Competitors We compare LOGION against two state-of-the-art ap-proaches. One [9] is based on a genetic algorithm, the other [8]is a Tableaux-based LTL satisfiability procedure. we call themas the GA-based approach and the Tableaux-based approach,respectively.The GA-based approach [9] is effective in finding multipleBCs in different forms since it applies suitable crossover andmutation operators.The Tableaux-based approach [8] is a deterministic al-gorithm. It constructs paths that “escape” from the tableaustructure and generates a small number of BCs. B. Experimental Settings LOGION is implemented in Java, which uses the Java Meta-heuristics Search Framework (JAMES) [22], [23], and inte-grating the LTL2B¨uchi library [24] to parse LTL requirementsspecifications, and the LTL satisfiability checker Aalta [21].In our experiments, the tabu tenure T is set to , k is set to .We run the GA-based approach and LOGION 10 timeson each of the 16 cases. In addition, we run Tableaux-based approach only one time because it is a deterministicalgorithm. The cutoff time for our approach LOGION and theGA-based approach is set to 1 hour, while the cutoff time forthe Tableaux-based approach is set to 3 hours.All the experiments were run on the 2.13GHz Intel E7-4830,with 128 GB memory under GNU/Linux (Ubuntu 16.04).To compare the more general BCs among different algo-rithms, we first computed a set of BCs Π that fulfills the fol-lowing three requirements. (1) Π is composed of BC obtainedby all algorithms, (2) (cid:54) ∃ ψ, ϕ ∈ Π s.t. ψ → ϕ, and (3) for eachBC identified by each algorithm, it is either in Π or less generalthan a BC in Π . Intuitively, Π covers all the circumstancescaptured by all BCs identified by each algorithm. Then, wecounted the number of BCs in Π identified by each algorithm,denoted by “ C. Experimental Results In this subsection, we present the experimental results andthen answer the research questions mentioned above. Experiments on to what extent LOGION exploits thestructural similarity of BCs (RQ2): For each case study, we http://dc.exa.unrc.edu.ar/staff/rdegiovanni/ASE2018.html https://dc.exa.unrc.edu.ar/staff/rdegiovanni/ase2016ABLE IIIE XPERIMENTAL RESULTS ON THE SIMILARITY BETWEEN BOUNDARYCONDITIONS SUCCESSIVELY COMPUTED BY LOGION Case LOGION δ ( BC i , BC i +1 ) ∆( BC i , BC i +1 ) RP1 6.43 0.18RP2 5.70 0.21Ele 4.72 0.25TCP 5.24 0.23AAP 5.32 0.31MP 4.69 0.21ATM 5.79 0.22RRCS 5.70 0.19Tel 5.39 0.24LAS 5.75 0.09PA 4.36 0.09RRA 5.36 0.14SA 5.70 0.10LB 10.43 0.05LC 17.72 0.10AMBA 24.67 0.09 “ δ ( BC i , BC i +1 ) ” stands for the average distance betweenboundary condition BC i and its next boundary condition BC i +1 successively computed. “ ∆( BC i , BC i +1 ) ” means the averagenormalized distance between boundary condition BC i and its nextboundary condition BC i +1 successively computed. compute the average distances ( δ ( BC i , BC i +1 ) ) and normal-ized distance ( ∆( BC i , BC i +1 ) ) between the average distancebetween boundary condition BC i and its next boundary condi-tion BC i +1 computed successively by our algorithm LOGION .The results are shown in Table III. From the table, we canobserve that in most cases (except LB, LC and AMBA), the BC i and BC i +1 successively computed are quite similar. Inother words, it is possible that once a BC is found, a new BCmay be found after two to five neighbor jumps. For LB, LCand AMBA cases, the normalized distances are less than . but it needs more neighbor jumps to find the next BCs becausethe BCs have a bigger size.The similarity between the pairs of BCs computed succes-sively reflects that our algorithm LOGION in fact exploits thestructural similarity to find BCs. Experiments on comparing LOGION against its state-of-the-art competitors (RQ3): The results are shown in TableIV present that LOGION performs substantially better on allcases than Tableaux-based approach and GA-based approach.Firstly, LOGION can handle more cases than others in onehour. Secondly, comparing the BCs found (“ LOGION outperforms the GA-based approach and the Tableaux-basedapproach by one order of magnitude in almost all cases.Thirdly, LOGION generally have higher “ LOGION potentially identifies more generalBCs based on a large among of BCs. This shows that LOGION not only finds more BCs but also more general BCs. Fourthly,for the first 15 cases, we can observe that the success rateof LOGION is higher than that of the two approaches, which demonstrates that our approach LOGION is more robust.Besides, we reported the time of identifying the first BC(“ T F BC ”) and the size of the best BC (the most compact BC“ S BBC ”). LOGION not only identifies first BCs fast but alsoperforms better search bias towards compact formulae.We notice that none of the approaches identified BCs onthe AMBA. We think that the reason is as follows. Forthe Tableaux-based approach, it cannot generate the tableaustructure of AMBA within 3 hours. Actually, it can onlygenerate tableau structure of RP1, RP2, TCP, AAP, and ATMwithin 3 hours. For the GA-based approach and LOGION , toverify whether a formula is BC in AMBA, they need to callthe LTL satisfiability checker 24 times (logical inconsistency1 time, minimality 21 times, and non-trivial 2 times). Eachtime the size of the formula checked by the LTL satisfiabilitychecker is large. Therefore, both approaches can only searchfor a small number of formulae within an hour on AMBA,resulting in not finding BCs.In short, LOGION significantly outperforms the state-of-the-art approaches, especially in computing BCs and general BCs. D. Application The direct application of BC is used to repair requirementsspecifications. One of the common strategies for resolvingdivergence is goal weakening. Its principle is to weaken theformulation of one or several among the divergent goals soas to make divergence disappear. For Example 1, EmmanuelLetier et al [26] resolved divergence by weakening the firstgoal to cover BC ( ♦ ( h ∧ m ) ). The first goal after the changeis “the pump is switched on when the water level is high andthere is no methane”. Formally, (cid:3) (( h ∧ ¬ m ) → (cid:13) ( p )) .BCs are also used to explain the synthesis unrealizability.For Example 1, we ask some synthesis tools, like Ratsy [27],to build a controller that satisfies the specified goals. We willget as an answer that the specification is unrealizable. Recallthat two BCs are presented in example 1. These formulae giveus information about some admissible behaviors of the system,that lead us to violate the goals. It means that the environmentalways has a winning strategy to make the controller reach theBC. Such a BC could be thought of as an explanation of whythe controller cannot satisfy all goals.VI. R ELATED W ORK Besides the inconsistency management approaches based onthe informal or semi-formal way, such as [28]–[31], a seriesof formal approaches [4], [32]–[34] recently have been pro-posed, which only focus on logical inconsistency or ontologymismatch. Another related approach is Nuseibeh and Russo’swork [35], which generates a conjunction of ground literalsas an explanation for the unsatisfiable specification based onabduction reasoning. For consistency checking methods, wehave to mention the approach of Harel et al. [33], which iden-tifies inconsistencies between two requirements represented asconditional scenarios. While in this paper, we are interested inidentifying the situations that lead to goal divergences, which ABLE IVE XPERIMENTAL RESULTS OF LOGION , THE GA- BASED APPROACH AND THE T ABLEAUX - BASED APPROACH (T ABLEAUX FOR SHORT )Case Tableaux GA-based Approach LOGION T FBC S BBC T FBC S BBC 10 6935.5 4.0 RP2 1.0 0.7 1.6 0.4 48.0 3.0 1.4 18.7 16.8 10 14158.0 7.0 1.3 1.4 7.6 10 Ele - - - - 41.2 2.1 TCP 2.0 0.6 2.2 1.0 80.4 0.4 2.0 17.2 AAP 4.0 4.0 2.3 0.3 56.8 1.1 2.2 25.1 MP - - - - 75.2 3.0 1.9 10.0 ATM 3.0 2.0 2.4 1.9 98.6 1.4 1.9 12.0 RRCS - - - - 60.4 4.2 1.6 7.5 11.0 10 17912.0 113.4 1.2 1.1 6.4 10 Tel - - - - 155.0 4.2 2.0 61.3 12.7 9 LAS - - - - 36.8 0.9 PA - - - - - - - - - 0 RRA - - - - 88.9 0.4 2.0 470.1 12.6 10 1966.5 80.2 1.0 1.2 10.9 10 SA - - - - - - - - - 0 LB - - - - - - - - - 0 LC - - - - - - - - - 0 AMBA - - - - - - - - - 0 - - - - - 0 “ T FBC ” meansthe time (second) of identifying the first BC. “ S BBC ” means the size of the best BC (the most compact BC). “ are nothing but weak inconsistencies. The works on reasoningabout conflicts in requirements also include [36]–[38].For the assessment of conflicts, Degiovanni et al. [25]recently have proposed an automated approach to assess howlikely conflict is, under an assumption that all events areequally likely. For the resolution of conflicts, Murukannaiah et al. [39] resolved the conflicts among stakeholder goals ofsystem-to-be based on the Analysis of Competing Hypothesestechnique and argumentation patterns. Related works on con-flict resolution also include [40] which calculates the person-alized repairs for the conflicts of requirements with the prin-ciple of Model-based Diagnosis. However, these approachespresuppose that the conflicts have been already identified andour approach for BC discovery provides a footstone for solvingthese problems.In goal-oriented requirements engineering, we have to men-tion the work on obstacle analysis. An obstacle, first proposedin [41], is a particular goal conflict, which captures thesituation that only one goal is inconsistent with the domainproperties. Alrajeh et al. [42] exploited model checking tech-nique to generate tracks that violate or satisfy the goals, andthen compute obstacles from these tracks based on the machinelearning technique. Other approaches of obstacle analysisinclude [41], [43]–[45]. Whereas, as obstacles only capturethe inconsistency for single goals, these approaches fail todeal with the situations where multiple goals are conflicting.Let us come back to the goal-conflict identification problem.The concept of goal conflict was first proposed by van Lam-sweerde et al. [7], who also proposed a pattern-based approachto identify a goal conflict in a requirement specification. Butthe syntactical restrictions on the goal specifications and theability of computing only one BC indeed limit the applica-bility of the approach. While our approach LOGION has nolimitation on the specifications and is able to generate BCs in any form theoretically.In 2016, Degiovanni et al. [8] paid attention on goal-conflictidentification again. They provided a tableaux-based approachto generate BCs, consisting of two phases. It first generates aconjunction of domain properties and goals ( Dom ∧ G ) via atableau, then identifies BCs with a complex logical algorithmbased on tableaux. However, for the specifications with a largenumber of domain properties and goals, the approach suffersfrom an efficiencies issue because tableaux are difficult tobe generated. It limits the approach to be applicable only onsmall specifications. As shown in the last section, our approach LOGION , as an anytime algorithm, generates significantlymore BCs and solves more cases within the same time interval.Another related work lies in Degiovanni et al. [9] whichapplies a genetic algorithm to BCs. Based on the definition ofBCs, they defined a fitness function to guide towards findingcompact BCs. However, our approach is more efficient thanthe GA-based approach and generates significantly more BCs.Because the neighborhood relation of formulae captures thestructural similarity, our approach finds another BCs within afew iterations once a BC is found.VII. C ONCLUSION AND F UTURE W ORK In this paper, we discover a frequent phenomenon thatsome BCs are similar on the formula structure and give aformal analysis w.r.t. the formula distance. Based on suchan observation, we present an efficient local search algorithm LOGION , to automatically identify BCs, which is featured ascapturing the similarity in formula structure of BCs. By takingexperiments on the classical cases, we show that our approach LOGION is more efficient than the state-of-the-art approachesof computing BCs and general BCs. In future work, we hopeto optimize the BC verification procedure by reducing the callsof the LTL satisfiability checker. CKNOWLEDGMENT We thank Shaowei Cai for the discussion on the pa-per; Xiaotong Song for her help on the experiments.This paper was supported by the Guangdong Province Sci-ence and Technology Plan projects (No. 2017B010110011and 2016B030305007), National Natural Science Founda-tion of China (No. 61976232; 61573386; 61906216), Na-tional Key R&D Program of China (No. 2018YFC0830600),Guangdong Province Natural Science Foundation (No.2016A030313292, 2017A070706010 (soft science), and2018A030313086), Guangdong Basic and Applied Basic Re-search Foundation (No. 2020A1515010642), Guangzhou Sci-ence and Technology Project (No. 201804010435), and theFundamental Research Funds for the Central Universities(19lgpy226). R EFERENCES[1] A. Chakraborty, M. K. Baowaly, A. Arefin, and A. N. Bahar, “The roleof requirement engineering in software development life cycle,” Journalof emerging trends in computing and information sciences , vol. 3, no. 5,pp. 723–729, 2012.[2] D. Alrajeh, J. Kramer, A. Russo, and S. Uchitel, “Learning operationalrequirements from goal models,” in ICSE , 2009, pp. 265–275.[3] R. Degiovanni, D. Alrajeh, N. Aguirre, and S. Uchitel, “Automated goaloperationalisation based on interpolation and sat solving,” in ICSE , 2014,pp. 129–139.[4] C. Ellen, S. Sieverding, and H. Hungar, “Detecting consistencies andinconsistencies of pattern-based functional requirements,” in FMICS ,2014, pp. 155–169.[5] A. Van Lamsweerde, Requirements engineering: From system goals toUML models to software . Chichester, UK: John Wiley & Sons, 2009,vol. 10.[6] J. Kramer, J. Magee, M. Sloman, and A. Lister, “Conic: an integratedapproach to distributed computer control systems,” IET Computers &Digital Techniques , vol. 130, no. 1, pp. 1–10, 1983.[7] A. Van Lamsweerde, R. Darimont, and E. Letier, “Managing conflictsin goal-driven requirements engineering,” IEEE Trans. Software Eng. ,vol. 24, no. 11, pp. 908–926, 1998.[8] R. Degiovanni, N. Ricci, D. Alrajeh, P. Castro, and N. Aguirre, “Goal-conflict detection based on temporal satisfiability checking,” in ASE ,2016, pp. 507–518.[9] R. Degiovanni, F. Molina, G. Regis, and N. Aguirre, “A geneticalgorithm for goal-conflict identification,” in ASE , 2018, pp. 520–531.[10] A. Van Lamsweerde and E. Letier, “Integrating obstacles in goal-drivenrequirements engineering,” in ICSE , 1998, pp. 53–62.[11] E. A. Emerson, “Temporal and modal logic,” in Handbook of TheoreticalComputer Science . Elsevier, 1990, pp. 995–1072.[12] A. P. Sistla and E. M. Clarke, “The complexity of propositional lineartemporal logics,” J. ACM , vol. 32, no. 3, pp. 733–749, 1985.[13] Z. Manna and A. Pnueli, The temporal logic of reactive and concurrentsystems: Specification . Springer Science & Business Media, 2012.[14] K. Zhang and D. Shasha, “Simple fast algorithms for the editing distancebetween trees and related problems,” SIAM J. Comput , vol. 18, no. 6,pp. 1245–1262, 1989.[15] J. R. Rico-Juan and L. Mic´o, “Comparison of aesa and laesa searchalgorithms using string and tree-edit-distances,” Pattern RecognitionLetters , vol. 24, no. 9-10, pp. 1417–1426, 2003.[16] P. Bille, “A survey on tree edit distance and related problems,” Theor.Comput. Sci. , vol. 337, no. 1-3, pp. 217–239, 2005.[17] F. Glover, “Future paths for integer programming and links to artificialintelligence,” Computers & OR , vol. 13, no. 5, pp. 533–549, 1986.[18] P. Hansen and B. Jaumard, “Algorithms for the maximum satisfiabilityproblem,” ACM Journal of Experimental Algorithmics , vol. 44, no. 4,pp. 279–303, 1990.[19] H. H. Hoos and T. St¨utzle, Stochastic local search: Foundations andapplications . Elsevier, 2004.[20] H. Enderton and H. B. Enderton, A mathematical introduction to logic .Elsevier, 2001. [21] J. Li, S. Zhu, G. Pu, and M. Y. Vardi, “Sat-based explicit ltl reasoning,”in HVC , 2015, pp. 209–224.[22] H. De Beukelaer, G. F. Davenport, G. De Meyer, and V. Fack, “James:An object-oriented java framework for discrete optimization using localsearch metaheuristics,” Softw., Pract. Exper. , vol. 47, no. 6, pp. 921–938,2017.[23] ——, “James: A modern object-oriented java framework for discrete op-timization using local search metaheuristics,” in Operational Research ,2015, pp. 134–138.[24] D. Giannakopoulou and F. Lerda, “From states to transitions: Improvingtranslation of ltl formulae to b¨uchi automata,” in FORTE , 2002, pp. 308–326.[25] R. Degiovanni, P. Castro, M. Arroyo, M. Ruiz, N. Aguirre, and M. Frias,“Goal-conflict likelihood assessment based on model counting,” in ICSE ,2018, pp. 1125–1135.[26] E. Letier et al. , “Reasoning about agents in goal-oriented requirementsengineering,” Ph.D. dissertation, PhD thesis, Universit´e catholique deLouvain, 2001.[27] R. Bloem, A. Cimatti, K. Greimel, G. Hofferek, R. K¨onighofer,M. Roveri, V. Schuppan, and R. Seeber, “Ratsy–a new requirementsanalysis tool with synthesis,” in International Conference on ComputerAided Verification , 2010, pp. 425–429.[28] J. H. Hausmann, R. Heckel, and G. Taentzer, “Detection of conflictingfunctional requirements in a use case-driven approach,” in ICSE , 2002,pp. 105–115.[29] S. J. Herzig and C. J. Paredis, “A conceptual basis for inconsistencymanagement in model-based systems engineering,” Procedia CIRP ,vol. 21, pp. 52–57, 2014.[30] M. Kamalrudin, “Automated software tool support for checking theinconsistency of requirements,” in ASE , 2009, pp. 693–697.[31] M. Kamalrudin, J. Hosking, and J. Grundy, “Improving requirementsquality using essential use case interaction patterns,” in ICSE , 2011, pp.531–540.[32] N. A. Ernst, A. Borgida, J. Mylopoulos, and I. J. Jureta, “Agilerequirements evolution via paraconsistent reasoning,” in CAiSE , 2012,pp. 382–397.[33] D. Harel, H. Kugler, and A. Pnueli, “Synthesis revisited: Generatingstatechart models from scenario-based requirements,” in Formal Methodsin Software and Systems Modeling . Springer, 2005, pp. 309–324.[34] T. H. Nguyen, B. Q. Vo, M. Lumpe, and J. Grundy, “Kbre: a frame-work for knowledge-based requirements engineering,” Software QualityJournal , vol. 22, no. 1, pp. 87–119, 2014.[35] B. Nuseibeh and A. Russo, “Using abduction to evolve inconsistentrequirements specification,” Australasian J. of Inf. Systems , vol. 7, no.1; SPI, pp. 118–130, 1999.[36] I. J. Jureta, A. Borgida, N. A. Ernst, and J. Mylopoulos, “Techne:Towards a new generation of requirements modeling languages withgoals, preferences, and inconsistency handling,” in RE , 2010, pp. 115–124.[37] C.-L. Liu, “Ontology-based conflict analysis method in non-functionalrequirements,” in ACIS-ICIS , 2010, pp. 491–496.[38] D. Mairiza and D. Zowghi, “Constructing a catalogue of conflicts amongnon-functional requirements,” in ENASE , 2010, pp. 31–44.[39] P. K. Murukannaiah, A. K. Kalia, P. R. Telangy, and M. P. Singh,“Resolving goal conflicts via argumentation-based analysis of competinghypotheses,” in RE , 2015, pp. 156–165.[40] A. Felfernig, G. Friedrich, M. Schubert, M. Mandl, M. Mairitsch, andE. Teppan, “Plausible repairs for inconsistent requirements,” in IJCAI ,2009, pp. 791–796.[41] A. Van Lamsweerde and E. Letier, “Handling obstacles in goal-orientedrequirements engineering,” IEEE Trans. Software Eng. , vol. 26, no. 10,pp. 978–1005, 2000.[42] D. Alrajeh, J. Kramer, A. Van Lamsweerde, A. Russo, and S. Uchitel,“Generating obstacle conditions for requirements completeness,” in