Formal Methods What Are Formal Methods Formal methods

Formal Methods

What Are Formal Methods • Formal methods refer to a variety of mathematical modeling techniques that are applicable to computer system design. • They include activities such as system specification, specification analysis and proof, transformational development, and program verification.

Definition “ Formal methods are mathematical approaches to software and system development which support the rigorous specification, design and verification of computer systems. ” [Fme 04] “[they]… exploit the power of mathematical notation and mathematical proofs. “ [Gla 04]

Definition A formal specification consists of three components: i. Syntax - grammatical rules to determine if sentences are well formed ii. Semantics - rules for interpreting the sentences in a precise, meaningful way within the domain iii. Proof Theory - rules for inferring useful information from the specification

Software Engineering and Formal Methods § Every software engineering methodology is based on a recommended development process § proceeding through several phases: § Requirements, Specification, Design § Coding, Unit Testing § Integration and System Testing, Maintenance § Formal methods can § Be a foundation for designing safety critical systems § Be a foundation for describing complex systems § Provide support for program development

What are Formal Methods? § Notation with precise syntax and semantics § Doesn’t necessarily involve mathematics § Although mathematics is a formal notation § There are levels of formalization. § Techniques, methods, procedures, tools can support levels

Mathematical Models § Abstract representations of a system using mathematical entities and concepts § Model should captures the essential characteristics of the system while ignoring irrelevant details § Model can be analyzed using mathematical reasoning to prove system properties or derive new behaviors. § Two types § Continuous models § Discrete models

Terminology • Methods: – General guidelines governing an activity – Rigorous, systematic, and may be formal • Techniques: – are technical, mechanical, approaches – may have restricted applicability • Methodologies: Combine methods, techniques. • Tools: can be built to support methodology

V&V and Traceability The Real World Validation Formal Specification Verification Code

V&V and Traceability The Real World Validation Formal Specification Verification Traceability Code

Rushby’s “Levels of Rigor” • Level 0: No use of formal methods. – structured walk throughs, ‘formal’ inspections • Level 1: Use of concepts and notation from discrete mathematics. – cleanroom, SCR (software cost reduction) • Level 2: Use of formalized specification languages with some mechanized support tools. – specification languages, ‘rigorous’ proofs • Level 3: Use of fully formal specification languages with comprehensive support environments, including mechanized theorem proving or proof checking .

History • Formal specifications have been in use since the early days of computing. – 1940's: Turing annotated the properties of program states to simplify the logical analysis of sequential programs. – 1960's: Floyd, Hoare and Naur recommended using axiomatic techniques to prove programs meet their specifications.

History – 1970's: Dijkstra used formal calculus to aid to develop of non-deterministic programs. • The interest in the use of formal methods in software engineering has continued to grow.

Why Use Formal Methods Improve quality of software system Fitness for purpose Maintainability Ease of construction Higher confidence in software product Reveal ambiguity, incompleteness, and inconsistency in system • Detect design flaws • Determine correctness • • •

Why Consider Formal Methods? § The development of a formal specification provides insights and an understanding of the software requirements and software design § Clarify customers’ requirements § Facilitate communication of requirement or design § Provides a basis for an elegant software design § Traceability § System-level requirements should be traceable to subsystems or components

Success of Formal Methods There are many examples of successful and cost-effective systems implemented using formal methods.

Success of Formal Methods – Mainly in domain of transportation systems – Also in domains such as: • • Information systems Telecommunication systems Power plant control Security

Success of Formal Methods The following (abridged) list applications made using of formal methods: – – – – Ammunition Control System Architecture for a Family of Oscilloscopes B 27 Traffic Control System Cancan Mediation Device Car Overtaking Protocol Control Logic Design of Robot Work Cells Data Acquisition, Monitoring and Commanding of Space Equipment – Data logger for an implantable medical device – ELSA (control system of a power plant)

Limitations to Formal Methods § Requires a sound mathematical knowledge of the developer § Different aspects of a design may be represented by different formal specification methods § Useful for consistency checks, but formal methods cannot guarantee the completeness of a specifications § For the majority of systems Does not offer significant cost or quality advantages over others

Why aren’t formal methods widely used? • Software quality has improved • Time-to-market more important • User interfaces are a greater part of systems • Formal methods have limited scalability

Do we really need Formal Methods? Design errors “Digital systems can fail in catastrophic ways leading to death or tremendous financial loss. ” [Nas 03] Potential causes of failure include: – physical failure – human error – environmental factors – design errors - Design errors are the major culprit.

Effects of Design Errors • Between June 1985 and January 1987, a computer-controlled radiation therapy machine, called the Therac-25 , massively overdosed six people, killing two. • On April 30, 1999 Titan I cost taxpayers 1. 23 billion dollars, all due to a software malfunction (incorrectly entered roll rate filter constant)

Effects of Design Errors • Denver Airport’s computerized baggage handling system delayed opening by 16 months. Airport system cost was $3. 2 billion over budget. • NASA’s Checkout Launch and Control System (CLCS) 9/2002 cancelled after spending over $300 million.

Obvious Applications • • • Computer Security Fault-tolerant systems (e. g. Nuclear reactors) Safety-critical system (e. g. diagnostic X-ray machine) Gain insight into hardware/software systems (e. g. oscilloscope) Basically, wherever the cost of failure is high: Including systems that are critical in some way Replicated many times Fixed into hardware, or Dependent on quality for commercial reasons

Relevant Areas of Research • Programming environments • Formal methods in software development • Tools that support construction of formal specifications • Design tools that will generate formal specifications • Problem/specification decomposition • Procedural and data abstraction • Synthesis of efficient code • "Smart" user interfaces (user-friendly ones!!) • Methods for determining reuse (of design/specifications/code)

Formal Methods Concepts Formal Specification Methods Formal specification Proofs Model checking Abstraction

Formal Specification § The translation of non-mathematical description (diagrams, table, natural language) into a formal specification language § It represents a concise description of high-level behavior and properties of a system § Well-defined language semantics support formal deduction about the specification

Type of Formal Specifications § Model Oriented: Construct a model of the system behavior using mathematical objects like sets, sequences etc. § State charts, SCR, VDM, Z § Petri Nets, CCS, CSP, Automata theoretic models § Property Oriented: Use a set of necessary properties to describe system behavior, such as axioms, rules etc. § Algebraic semantics § Temporal logic models.

Seven Myths of Formal Methods 1. Formal methods can guarantee that software is perfect. 2. Work by proving that programs are correct. 3. Only highly critical systems benefit from their use. 4. They involve complex math. 5. They increase the cost of development. 6. They are incomprehensible to clients. 7. Nobody uses them for real projects.

Types of Formal Methods A variety of formal methods exist: – Abstract State Machines - The Abstract State Machine (ASM) thesis implies that any algorithm can be modeled by an appropriate ASM. – B-Method - B is a formal method for the development of program code from a specification in the Abstract Machine Notation.

Types of Formal Methods – Z: A specification language used for describing computer-based systems; based on set theory and first order predicate logic – Event_B: A latest formal specification and modeling langauge, based on set theory and has larger tool support. – VDM: Vienna Development Method (VDM) supports both sequential and object oriented concepts.

Other Types of Formal Methods Others types include: – Comm. Unity – Estelle – Esterel – Lotos – Overture Modeling Language

Other Types of Formal Methods – Petri Nets – RAISE – SDL – TRIO – Unity – Any programming language