Formal Methods

By
Huma Chaudhry
• Formal specification is part of more general collection of techniques.
• These are all based on mathematical representation and analysis of
software. It includes
• Formal specification
• Specification analysis and proof
• Transformational development
• Program verification
Acceptance of formal method
• It may not become main stream software development techniques as
was once predicted
• Other software engineering techniques have been successful at
increasing system quality. Hence the need of formal method has been
reduced
• Market changes have made time to market rather than software with
the low error count the key factor. Formal method do not reduce time
to market.
Use of formal methods
• The benefits of formal methods are in reducing the number of faults
in system.
• The use of formal method is more likely to be cost effective because
high system failure cost must be avoided
Specification technique
• Algebraic specification
• The system is specified in terms of its operations and their
relationships.
• Model base specification:
• The system is specified in terms of a state model that is constructed
using mathematical construct such as sets and sequences. Operations
are defined by modifications to the system’s state
Interface specification
• Large systems are decomposed to sub systems with well defined
interfaces between these sub systems.
• Specifications of sub systems of interfaces allows independent
development of different sub system.
• It may be defined as abstract data types or object classes.
• The algebraic approach to formal specification is particularly well
suited to interface specification as it is focused on the defined
operations in an object.
Specification components
• Introduction:
• Defines the sort(the type name) and declares other specification that are
used.
• Description:
• Informally describes the operations on the type.
• Signature:
• Defines the syntax of the operations in the interface and their parameters.
• Axioms:
• Defines the operations semantics by defining axioms which characterized
behavior.
Algebraic specification
• Algebraic specification of a system may be developed in systematic
way,
• Specification structuring
• Specification naming
• Operation slection
• Informal operation specification
• Syntax definition
• Axiom defination
Specification operation
• Constructor operation:
Operation which create entities of the type being specified.
• Inspection operation:
• Operation which evaluate entities of the type being specified.
• To specify behavior, defines the inspector operations for each
constructor operation.
A sector object
• Critical operation on an object representing a controlled sector are,
• Enter : add an aircraft to the controlled airspace

• Leave: Remove an aircraft to the controlled airspace

• Move: move an aircraft from one height to another

• Lockup : given an aircraft identifier return its current height

Primitive operations
• It is sometimes necessary to introduce additional operations to
simplify the specification.
• The other operations can then be defined using these more primitive
operations.
Concurrent Systems
• Concurrent systems are systems comprising a collection of independent components which may
perform operations concurrently — that is, at the same instant of time.

• The large systems consist of distributed processes working together concurrently. While the distribution of
the processes usually does not involve any conceptual problems, the concurrent behaviour makes the
system difficult to understand.

• The most common and well-established formal methods are those that are modelbased and developed to
specify sequential systems. Part of the reason for this is that model-based approaches are considered easier
to use as they map better on to our intuitive understanding of systems as a store of data and a set of
operations.
Why we need FM
• Commercial pressure to produce higher quality software is always increasing. Formal methods have already
demonstrated success in specifying commercial and safety-critical software, and in verifying protocol
standards and hardware designs.

• Formal Methods are becoming more and more popular for the specification and verification of industrial
critical systems. Several case studies have shown that these techniques can help to find errors during the
design process.

• They are also gaining commercial success, e.g., companies such as Intel, National Semiconductor or Texas
Instruments are establishing new departments for formal methods.
• The term Formal Methods usually denotes the application of mathematical methods for specifying and
verifying complex hardware and software systems. The formal specification of a system helps to understand
the system under development.

• The application of formal methods requires the availability of supporting tools because formal methods are
especially adequate for the design of large systems where an ad hoc or conventional software engineering
approach is not reasonable.

• Highly concurrent systems are notoriously difficult implement correctly; there is little chance of getting them
right unless a disciplined approach is taken early in their specification and design.
Models for concurrent system’s verification
• Finite state machines are simple, but have difficulty to deal with concurrent systems especially distributed
systems.
• Petri nets are well suited for modeling concurrent and distributed systems, which characterize the majority
of embedded systems being used by NASA and other government agencies.
• It is widely accepted that temporal logic in general is an excellent property-oriented formal method for
specifying behavioral properties of concurrent systems.
• Model-based methods used to develop the sequential systems listed, VDM (the Vienna Development
Method) is the most mature, having been developed in the late 1970s. It has a recognized international
standard (www.ifad.dk/vdm/bnf.html) that gives the formal semantics of the language.
• Occam is a language for designing and describing concurrent systems.
• Occam’s concise notation makes it easy to see whether a given description captures the designer’s intent.
• Furthermore, Occam has a well-understood mathematical model and a complete set of algebraic laws,
allowing potential system misbehavior to be detected by analysis rather than simulation.