Why formal methods were developed

Testing is an important part of guaranteeing any system's fitness, but it is finite. Testing cannot demonstrate that a system operates properly; it can only demonstrate that the system works for the tested cases.

Because testing cannot demonstrate that the system should work outside the tested cases, formal proof is necessary. Formally proving computer systems is not a new idea. Knuth and Dijkstra have written extensively on the topic, although their methods of proof are based on the traditional mathematical methods. In pure sciences, proofs are verified through extensive peer review before publication. Such techniques are time-intensive and less than perfect; it isn't unusual for a published proof to contain a flaw.

Given the cost and time requirements of systems engineering, traditional proving techniques are not really applicable. Because of the costs of hand verification, most formal methods use automated theorem proving systems to verify their designs. Automated theorem provers are best described as mathematical CAD tools: they can prove simple propositions and automatically and provide assistance for verifying more complex theorems.

Formal methods offer additional benefits outside of provability, and these benefits do deserve some mention. However, most of these benefits are available from other systems, and usually without the steep learning curve that formal methods require. The discipline involved in formal specification has proved useful even on already existing systems. Engineers using the PVS system, for example, reported identifying several microcode errors in one of their microprocessor designs. An excellent example comes from SML.

Handling side effects and other aberrancies are a requirement for any system involving input, network operations or other systems which require interrupts, meaning that SML's model is, to some extent, broken. The lightweight approach to formal design recognizes that formal methods are not a panacea: there are areas where formal methods are useful, and areas where a formal specification will accomplish nothing. In a lightweight design, formal methods are used in specific locations, and different formal methods may be used in different subsystems, ideally playing to the strengths of each method [Easterbrook 98].

In such a system, Petri Nets might be used to describe the communications protocol, and a LARCH system might be used to model the data storage. For other parts of the system, formal specifications might be avoided entirely: for example, the user interface may be refined using a rapid prototyping system and client interviews.

The lightweight approach is a traditional engineering compromise, and there is a tradeoff. Offer expires December 31, Browse Titles. Add to Cart. Instant access upon order completion. Free Content. More Information. MLA Fantechi, Alessandro. Fantechi, A. Flammini Eds. IGI Global. Z defines system models in the form of states where each state consists of variables, values and operations that change from one state to another.

As opposed to the usability of B, which is involved in full development life-cycle, Z formalises a specification of the system at the design level. Event-B is an advanced implementation of the B method. Using this approach, formal software specification is the process of creating a discrete model that represents a specific state of the system.

The state is an abstract representation of constants, variables and transitions events. Part of an event is the guard that determines the condition for the transition to another other state to take place. Constructed models blueprints are a further subject of refinement, proof obligation and decomposition for the correctness of verification. Formal methods find use in some real-life-saving systems.

Below are some examples of software and hardware products:. BLOG 02 July Formal Methods in Software Development Life-Cycle Formal methods are techniques used by software engineers to design safety-critical systems and their components.

Standard development techniques revolve around the following phases: Requirements engineering Architecture design Implementation Testing Maintenance Evolution Some may argue that all these steps usually take place, but they must, to some extent for at least usable software with longer perspectives for exploitation. The reasons could be: Lack of grasp of the problem as a whole Dispersed engineering teams have different perceptions of the end-product Lack of domain knowledge Inconsistent requirements Yet-to-be discovered areas of expertise These are just some avoidable factors in the completion of complex projects.

Examples of Formal Method Techniques B method B is an example of formal method techniques that covers the whole development life-cycle. B Method code example: less safety-critical This model represents the CRM software Customer Relationship Management to keep track of the current state of relationships.

Event-B Event-B is an advanced implementation of the B method. Benefits Significantly improves reliability at the design level decreasing the cost of testing Improves system cohesion, reliability, and safety-critical components by fault detection on early phases in the development cycle Validated models present deterministic system behaviour Criticisms Requires qualified professionals competent in either mathematics mathematical expressions, set theory and predicate logic or software engineering.

Systems once modelled may be difficult to implement by unaccustomed programmers.