A Review of Formal Methods Robert Vienneau

1
A Review of Formal Methods - Robert Vienneau

• Presented by Carthik A Sharma
• 02-02-04, Software Engineering II
• Dr. Berrios Class, UCF.

2
Introduction

• Following certain precepts leads to better
  Programs.
• Design methodologies are varied
• Underlying principles are the same
• Understand Core Ideas and the central Foundation
• Core Ideas are invariant and Formal Methods
  define these

3
Need for Formal Methods.

• Present Computers have Hardware Inconsistencies
• Complexity is ever increasing
• Abstraction, details and tricks introduce chances
  of bugs
• Code to instruct physical machine to compute a
  result Traditional view of Software
  Engineering.

4
Need for Formal Methods Contd.

• Hardware designer, Language designer and Compiler
  writer provide Machine for Code execution!
• S.Engineer produces models or descriptions for an
  abtract machine, with proof that lower level
  abstraction models correctly implement
  higher-level models.
• Only this can ensure high quality (Testing
  reveals bugs, not their absence)

5
Need for Formal Methods Contd.

• Implementation details must not influence design
  expression.
• Result rigourous specifications
• Reasoning about the code is easier
• Scaling up and retraining might be problematic
• CMM level 3 and up use Formal Methods.
• May revolutionize software design.

6
Overview

• Formal Methods
• Support reasoning about formulae in some language
• Formal language set of strings over some well
  defined alphabet
• Proofs axioms (postulated true) ?inference
  rules ?Premises ?consequents
• Properties can be proven.

7
Overview ...Contd..

• A formal method in software development is a
  method that provides a formal language for
  describing a formal language for describing a
  software artifact (for instance, specifications,
  designs, or source code) such that formal proofs
  are possible, in principle, about properties of
  the artifact so expressed.

8
About methods

• Provides tools to prove that an implementation
  satisfies specifications
• Provides heuristics and guidelines for developing
  specifications, and for implementation and proofs
  to proceed in parallel.
• Such methods are adaptations of the axiomatic
  method in mathematics (Very large scale
  application of logic !! )

9
The Math Behind It.

• Formal Logic
• Propositional calculus and predicate logic
• Set Theory
• Formal Languages
• Automata such as Finite State Machines

10
Use

• Record a systems functionality (Z, Larch,
  Communicating Sequential Processes (CSP) etc..)
• Specify aspects other than functionality (safety,
  security etc)
• Fault tolerance, response time, efficiency,
  reliability etc can also be addressed.

11
Representation

• FSMs
• Data Flow Diagrams (DFDs)
• Petri Nets
• Abstract Data Types (ADTs)
• VHDL a hardware formal description

12
Tools and Methodology

• Proofs and programs should be developed in
  parallel
• Clearly understood constructions should be used
• Cleanroom approach and heuristics may be used
• Program provers, specification animators, formal
  equations, tools that derive programs from
  specifications are all examples of formal tools
• Standards defining programming languages use
  formal notations (Backus-Naur Form (BNF))

13
Limitations

• Educational
• Requirements problem
• Physical Implementation problems
• Implementation Issues

14
Requirements Problem

• You cannot go from the informal to the formal by
  formal means
• Verification possible, not Validation.
• Formal methods cannot replace the requirements
  engineer with deep domain knowledge
• Developing specifications from requirements
  correctly is a challenge.

15
Physical Implementations

• A physical machine is different from the abstract
  machine for which the program is made.
• Proofs limited to a particular machine with
  limits and real characteristics
• Compilers cause some problems
• Bugs in memory, chips
• Formal methods might never supplant testing!

16
Implementation Issues

• Users intentions ?? Formal Specifications
• Physical implementation ??Abstract proofs
• These gaps create inherent limitations
• Retraining, recruiting, updating technology
• Scaling up to large scale projects is a problem
• Work on subsets of the big problem!
• Derive code from Specifications No
  waterfall!!!!
• Variable Levels of Formality
• Biggest hurdle education (or the lack of it ? )

17
Specification Methods

• Specification method says what a specification
  must say
• Language on the other hand determines in detail
  how the concepts in a specification can be
  expressed
• Different Methods
• Semantic Domains
• Operational and Definitional Methods

18
Semantic Domains

• Syntactic domain ? Grammar rules
• Semantics ? Nature and meaning of relationships
• Sematic Domain ? a set of objects that can
  provide a model of the language
• Exact rules state what objects satisfy a
  specification
• Specification ? set of formulae in a formal
  language
• Specification languages can be classified by
  their semantic domains
• ADT specification languages
• Process specification languages
• Programming languages

19
Semantic domains explained

• ADT ? used to specify algebras
• defines the formal properties of a data type
  without defining implementation issues
• Vienna Development method, Larch are examples
• Process specification languages
• Specify state sequences, streams, sequences,
  partial orders and state machines
• Communicating sequential processes (CSP) is an
  example
• Programming languages Non-unique equivalent
  models

20
Operational and Definitional Models

• Operational Model Describes a system by
  providing a model
• Functions from space of inputs to space of
  outputs(black box)
• Definitional Models
• Property oriented or declarative
• Minimum set of conditions to be satisfied is the
  specifications
• Algebraic (ADT) and axiomatic (preconditions and
  post conditions) models are the two classes.

21
Use of specification methods

• Customers should be provided English version, not
  formal version.
• Details of project and skills of engineers to be
  considered
• Operational models closer to programming practice
• Definitional model harder to construct and
  consistency and completeness are difficult to
  establish.

22
Concluding notes

• Formal methods provide
• More precise specifications
• Better internal communication
• Ability to verify designs before execution
  testing
• Higher quality and productivity
• Should be incorporated as standard
• Customized solutions may be required

23
The Cleanroom approach

• Statistic Process Control Structured
  Programming Formal Methods
• Proofs and design in parallel
• Readable proofs of correctness
• Reliability is tested and measured
• Level of formality is variable
• right the first time fostered

24
New Technologies that can use Formal Methods

• Rapid Prototyping
• Same theoretical concepts of scaling etc
• Object Oriented Design
• ADTs, rules of construction
• Structured Programming
• Heuristics, precepts etc
• Formal inspections
• Data collection and verification.