Professional Documents
Culture Documents
(SE318)
Introduction to Formal
Methods
DR KASHIF SAGHAR
FAST
kashif.saghar@gmail.com
Outline
Software Testing
What is Formal Methods?
Where FM can be used?
How we can use FM
Software Testing
• What is Software Testing?
– Verification and Validation activity that is
performed by executing program code
– A program performs its intended functions
– Demonstration that errors are not present in the
code
– Removing and Fixing Errors from code
• None of above is effective software testing
– Solution?
– Will be discussed later
A Definition
Yes OR No
Apply Properties
If No....... Why No?
Where Formal Modeling
can be used?
• Specification Stage
– Give a description of the system to be developed, at whatever level(s)
of detail desired
– Used to guide further development activities
– Used to verify that the requirements for the system being developed
have been completely and accurately specified
• Development
– Once a formal specification has been produced, the specification may
be used as a guide while the concrete system is developed during the
design process (realized typically in software, but also potentially in
hardware
• Verification
– Once a formal specification has been developed, the specification may
be used as the basis for proving properties of the specification
Current Formal
Verification Applications
• Software specification
– Software Industry is moving towards formal specifications
• Control System
– Many CS have hard requirements
– When the brake pedal is pressed, appropriate pressure is applied promptly at the wheels
• Real Time Systems
– How to include explicit reference to time in models and specifications?
– After the lift starts moving, the doors are never opened until the lift has
stopped
– When the brake is applied the lift stops within 0.5 seconds
• Protocol verification
– Very successful
• Hardware verification
– Industry has adopted formal verification in equivalence checking
Why People Don’t
Formalize!!!
• Formal Methods tend to be lower level than other
techniques
– They include too much detail
• Formal Methods concentrate on consistent, correct models
– …most of the time developed models are inconsistent,
incorrect, incomplete…
• People get confused about which tools are appropriate:
– specification of program behavior
– vs. modeling of requirements
– formal methods advocates get too attached to one tool!
• Formal methods require more effort
– ...and the payoff is deferred
Formal Verification groups
Using Formal Methods
Partially
• Selective use of Formal Methods
– Amount of formality can vary
– Need not build complete formal models
• Apply to the most critical pieces
• Apply where existing analysis techniques are weak
– Need not formally analyze every system property
• E.g. check safety properties only
– Need not apply FM in every phase of development
• E.g. use for modeling requirements, but don’t formalize the system design
– Can choose what level of abstraction (amount of detail) to model
• Lightweight Formal Methods
– Lightweight use of FMs - selectively apply FMs for partial modeling
Formal Modeling
Prerequisites
• Understanding of the system that requires to
be analyzed
• Requires strong understanding of
– Computer Programming
– Logic
– Mathematics
• A vast variety of open research issues
– very challenging
Why Formal Modeling?
• Distinct languages for specification and system
model
• System Model: finite state machine, …
• Specification: temporal logic, …
• Satisfaction established by some notion of Model
• Can be fully automated for finite state models
• On failure can provide a counter-example to aid
Debugging
• Model checkers: SPIN, NSMV, STATEMATE,
UPPAAL, KRONOS, …
Behavior Checking
Summary
• Employ formal methods to model and analyze
systems
• Detect bugs early in design lifecycle
• Model-checking can
– Demonstrate that a model has required properties
– Be used in practice by engineers with only limited
mathematical knowledge
• UPPAAL and SPIN are the model checker that are
freely available, widely used and highly respected