Formal methods in Software Engineering

1
Formal methods in Software Engineering

• Presented by
• Kunal S Patel
• Texas A M University

2
Outline

• Concept and evolution
• Some Definitions
• Example using formal method
• Selection criteria and guidelines for use
• Conclusion

3
Concept

• Current methods of software development involves
  only combination of diagrams, text, tables etc.
• No methods are used to test the correctness of
  the end result in each of stages of software
  development for e.g. requirement specification,
  design etc.
• This may lead to contradictions, ambiguities,
  incompleteness, vagueness etc.
• This may not be a good option for safety-critical
  or mission critical systems,where failure may
  have high price

4
Concept

• Formal methods allow a software engineer to
  create a specification that is more consistent
  and unambiguous
• Set theory and logic notations are used to create
  a clear statement of facts (requirements) which
  can then be analyzed to prove correctness and
  consistency
• Since specification is created using mathematical
  notation, it is inherently less ambiguous than
  informal modes of representation.

5
Definitions

• Data Invariant
• A data invariant is a condition that is true
  throughout the execution
• of the system that contains a collection of data.
  E.g. maximum
• number elements in any system, duplication not
  allowed in a
• system.
• State
• A state is the stored data that a system accesses
  and alter.

6
Definitions

• Operation
• It is defined as action that takes place in a
  system and reads or
• writes data to a state
• It is associated with 2 conditions
• Precondition
• Postcondition
• Precondition defines whether the operation is
  valid or not and
• Postcondition defines what happens when an
  operation has
• completed its action

7
Example

• Block Handler
• A common part of any operating system which
  handles the
• memory blocks
• Provides free blocks of memory to new created
  files and regains blocks when file is removed.
• It keeps tracks of free blocks or the unused
  blocks and the used blocks
• Whenever a block is freed, it is added to the
  queue of unused blocks and similarly whenever a
  block is needed first block from the queue of
  unused bock is given for use.

8
Block Handler

• Mathematical Definition of state, data invariant
  and operation for such system will be as follows
• State
• Collection of free blocks, collection of used
  blocks, and the queue of returned blocks.
  Mathematically they are defined as
• used, free P BLOCKS
• BlockQueue seq P BLOCKS

9
Block Handler

• Data Invariant
• No block will be marked as both unused and used
• used ? free 0
• The collection of used blocks and blocks that are
  unused will be the total collection of blocks
  that make up the files
• used U free ALLBLOCKS

10
BLOCK Handler

• Operations
• Operation for removing block from the queue
• Precondition
• BLOCKQUEUE gt 0
• Postcondition
• used used BLOCKQUEUE blocks(used)
• free free BLOCKQUEUE blocks(used)

11
Selection criteria

• Factors that should be taken into consideration
  while using formal methods are as follows
• Estimate Cost
• Formal methods have high start up cost. Training
  staff, acquisition of support tools and use of
  contract consultants results in high first time
  cost
• Use formalization and not over formalization
• It is not necessary to apply formal methods to
  every aspects of a major system. Components that
  are safety critical should only be built using
  formal methods

12
Selection criteria

• Integration
• It is possible to integrate and in many cases
  desirable, to integrate formal methods with
  conventional or object oriented methods. A
  combination, if properly applied, can produce
  excellent results
• Should maintain quality standards
• SQA activities must continue to be applied as
  systems are developed

13
Selection criteria

• One should not be dogmatic
• Formal methods are not a guarantee of
  correctness. It is possible that the final
  system, even when developed using formal methods,
  may have small omissions, minor bugs, and other
  attributes that do not meet expectations
• Test, Test and Test again
• Formal methods do not absolve the software
  engineer from the need to conduct well planned,
  thorough tests

14
Discussion

• The previous example shows the value of using
  formal method for specifying requirements
• Requirements specified by using such mathematical
  formulations decreases the ambiguity and makes
  the system consistent
• Though very attractive in use, they are used only
  in certain domain of application due to its
  complexity and time consuming nature
• Most suitable applications are mission critical
  where domain of error has to be reduced to
  minimum before using the system

15
Discussion

• Other certain major disadvantages of formal
  methods are follows
• It only focuses on function and data. Timing,
  control, and behavioral aspects of a problem are
  more difficult to represent
• Some elements of a problem(e.g. human/machine
  interface) are better specified using graphical
  techniques or prototypes
• Specification using formal methods is more
  difficult to learn and represents a significant
  culture shock for some software practitioners

16
Conclusion

• Formal methods are attractive option for building
  system which are mission critical
• It provably argues the correctness of the system.
  It removes ambiguity and vagueness from the
  system
• But they are often hard to incorporate in todays
  world where deadlines are to be met
• Also requires lot of start up cost which may not
  be desirable for many applications