The reliability and safety of complex software systems are provided by extracting safety requirements from regulations and operational environments and later specifying these requirements precisely. At the early stage, these extracted safety requirements are informal. Typically, they cope with non-functional requirements. Analysis of early requirements using traditional methods is inadequate because these methods only focus on the WHAT dimension but do not address the WHY dimension of requirements engineering. In this article, we are using a goal-oriented modeling method called iStar to confront these issues. To ensure that the software system developed fulfills the requirements specified in the early phase, it is necessary to integrate early-phase requirements with late-phase requirements. To accomplish this task, in this article, we use the Z formal method to integrate early-phase requirements with late-phase requirements. This integration synergistically resolves the above issues. As a case study, we use the CBTC moving block interlocking system to illustrate the synergy of the iStar and Z combination on complex software systems. Finally, we verify the developed formal model against LTL safety properties using the ProZ model checking tool.

复杂软件系统的可靠性和安全性是通过从法规和操作环境中提取安全要求并随后精确指定这些要求来提供的。在早期阶段，这些提取的安全要求是非正式的。通常，它们处理非功能性需求。使用传统方法对早期需求进行分析是不够的，因为这些方法只关注需求工程的“内容”维度，而没有解决需求工程的“为什么”维度。在本文中，我们使用一种名为 iStar 的面向目标的建模方法来应对这些问题。为了保证开发的软件系统满足前期的需求，需要将前期需求与后期需求进行整合。为了完成这个任务，在本文中，我们使用 Z 形式化方法来集成早期需求和后期需求。这种整合协同解决了上述问题。作为案例研究，我们使用 CBTC 移动块联锁系统来说明 iStar 和 Z 组合在复杂软件系统上的协同作用。最后，我们使用 ProZ 模型检查工具根据 LTL 安全属性验证开发的形式模型。