Formal Method

Formal methods - Wikipedia, the free encyclopedia
This has been dubbed formal methods lite. ... Formal methods can be applied at various points through the development process. ...
en.wikipedia.org

Category:Formal methods - Wikipedia, the free encyclopedia
Formal methods are mathematical approaches to software and hardware computer ... Formal methods are a useful adjunct to software testing since they help avoid ...
en.wikipedia.org

Formal Methods
Formal methods are techniques used to model complex ... Weaknesses Of Formal Methods. The Lightweight Approach. Available tools, techniques, and metrics ...
www.ece.cmu.edu

Formal Methods
This page attempts to approach formal methods from a broader perspective. ... Philosophy Philosophical issues relevant to formal methods. ...
www.rbjones.com

Formal Methods
... on Formal Methods (FM) ... FME 2001: Formal Methods for Increasing Software Productivity, ... VDM '87, VDM - A Formal Method at Work, VDM-Europe Symposium, ...
dblp.uni-trier.de

Warning: mkdir() [function.mkdir]: Permission denied in /home/webs/affiliatelib2/CacheManager.php on line 12

Warning: mkdir() [function.mkdir]: No such file or directory in /home/webs/affiliatelib2/CacheManager.php on line 12

Warning: fopen(/home/templatecore2cache//*cluesnet.com/60/6045c7106ed6a3e3ec72d26b6bdd7d6e07fe05e5.tc2cache) [function.fopen]: failed to open stream: No such file or directory in /home/webs/affiliatelib2/CacheManager.php on line 130

Warning: fwrite(): supplied argument is not a valid stream resource in /home/webs/affiliatelib2/CacheManager.php on line 131

Warning: fclose(): supplied argument is not a valid stream resource in /home/webs/affiliatelib2/CacheManager.php on line 132

In computer science and software engineering, formal methods are mathematically-based techniques for the formal specification, development and formal verification of software and hardware systems. The use of formal methods for software and hardware design is motivated by the expectation that, as in other engineering disciplines, performing appropriate mathematical analyses can contribute to the reliability and robustness of a design. However, the high cost of using formal methods means that they are usually only used in the development of high-integrity systems, where safety or security is important.

Taxonomy Formal methods can be used at a number of levels:

Level 0: Formal specification may be undertaken and then a program developed from this informally. This has been dubbed formal methods lite. This may be the most cost-effective option in many cases.

Level 1: Formal software development and formal verification may be used to produce a program in a more formal manner. For example, proofs of properties or program refinement from the formal specification to a program may be undertaken. This may be most appropriate in high-integrity systems involving safety or security.

Level 2: Theorem provers may be used to undertake fully formal machine-checked proofs. This can be very expensive and is only practically worthwhile if the cost of mistakes is extremely high (e.g., in critical parts of microprocessor design).

Further information on this is expanded #Uses.

As with the sub-discipline of Formal semantics of programming languages, styles of formal methods may be roughly classified as follows:

Denotational semantics, in which the meaning of a system is expressed in the mathematical theory of domain theory. Proponents of such methods rely on the well-understood nature of domains to give meaning to the system; critics point out that not every system may be intuitively or naturally viewed as a function.
Operational semantics, in which the meaning of a system is expressed as a sequence of actions of a (presumably) simpler computational model. Proponents of such methods point to the simplicity of their models as a means to expressive clarity; critics counter that the problem of semantics has just been delayed (who defines the semantics of the simpler model?).
Axiomatic semantics, in which the meaning of the system is expressed in terms of preconditions and postconditions which are true before and after the system performs a task, respectively. Proponents note the connection to classical logic; critics note that such semantics never really describe what a system does (merely what is true before and afterwards).

Lightweight formal methods Some practitioners believe that the formal methods community has overemphasized full formalization of a specification or design.Daniel Jackson and Jeannette Wing, "Lightweight Formal Methods", IEEE Computer, April 1996Vinu George and Rayford Vaughn, "Application of Lightweight Formal Methods in Requirement Engineering", Crosstalk: The Journal of Defense Software Engineering, January 2003 They contend that the expressiveness of the languages involved, as well as the complexity of the systems being modelled, make full formalization a difficult and expensive task. As an alternative, various lightweight formal methods, which emphasize partial specification and focused application, have been proposed. Examples of this lightweight approach to formal methods include the Alloy language object modelling notation,Daniel Jackson, "Alloy: A Lightweight Object Modelling Notation", ACM Transactions on Software Engineering and Methodology (TOSEM), Volume 11, Issue 2 (April 2002), pp. 256-290 Denney's synthesis of some aspects of the Z notation with use case driven development,Richard Denney, Succeeding with Use Cases: Working Smart to Deliver Quality, Addison-Wesley Professional Publishing, 2005, ISBN 0-321-31643-6. and the CSK Vienna Development MethodTools.Sten Agerholm and Peter G. Larsen, "A Lightweight Approach to Formal Methods", In Proceedings of the International Workshop on Current Trends in Applied Formal Methods, Boppard, Germany, Springer-Verlag, October 1998

Uses Formal methods can be applied at various points through the software development process. (For convenience, we use terms common to the waterfall model, though any development process could be used.)

Specification Formal methods may be used to give a description of the system to be developed, at whatever level(s) of detail desired. This formal description can be used to guide further development activities (see following sections); additionally, it can be used to verify that the requirements for the system being developed have been completely and accurately specified.

The need for formal specification systems has been noted for years. In the ALGOL 60 Report, John Backus presented a formal notation for describing programming language syntax (later named Backus normal form or Backus-Naur form (BNF)); Backus also described the need for a notation for describing programming language semantics. The report promised that a new notation, as definitive as BNF, would appear in the near future; it never appeared.

Development Once a formal specification has been developed, the specification may be used as a guide while the concrete system is developed (i.e. realized in software and/or hardware). Examples:

If the formal specification is in an operational semantics, the observed behavior of the concrete system can be compared with the behavior of the specification (which itself should be executable or simulateable). Additionally, the operational commands of the specification may be amenable to direct translation into executable code.
If the formal specification is in an axiomatic semantics, the preconditions and postconditions of the specification may become assertion (computing)s in the executable code.

Verification Once a formal specification has been developed, the specification may be used as the basis for mathematical proof properties of the specification (and hopefully by inference the developed system).

Human-directed proof Sometimes, the motivation for proving the correctness of a system is not the obvious need for re-assurance of the correctness of the system, but a desire to understand the system better. Consequently, some proofs of correctness are produced in the style of mathematical proof: handwritten (or typeset) using natural language, using a level of informality common to such proofs. A "good" proof is one which is readable and understandable by other human readers.

Critics of such approaches point out that the ambiguity inherent in natural language allows errors to be undetected in such proofs; often, subtle errors can be present in the low-level details typically overlooked by such proofs. Additionally, the work involved in producing such a good proof requires a high level of mathematical sophistication and expertise.

Automated proof In contrast, there is increasing interest in producing proofs of correctness of such systems by automated means. Automated techniques fall into two general categories:

Automated theorem proving, in which a system attempts to produce a formal proof from scratch, given a description of the system, a set of logical axioms, and a set of inference rules.
Model checking, in which a system verifies certain properties by means of an exhaustive search of all possible states that a system could enter during its execution.

Neither of these techniques work without human assistance. Automated theorem provers usually require guidance as to which properties are "interesting" enough to pursue; model checkers can quickly get bogged down in checking millions of uninteresting states if not given a sufficiently abstract model.

Proponents of such systems argue that the results have greater mathematical certainty than human-produced proofs, since all the tedious details have been algorithmically verified. The training required to use such systems is also less than that required to produce good mathematical proofs by hand, making the techniques accessible to a wider variety of practitioners.

Critics note that such systems are like Oracle machines: they make a pronouncement of truth, yet give no explanation of that truth. There is also the problem of "verifying the verifier"; if the program which aids in the verification is itself unproven, there may be reason to doubt the soundness of the produced results.

Criticisms In addition to the internal criticisms mentioned above, the field of formal methods as a whole has its critics. At the current state of the art, proofs of correctness, whether handwritten or computer-assisted, need significant time (and thus money) to produce, with limited utility other than assuring correctness. This makes formal methods more likely to be used in fields where the benefits of having such proofs, or the danger in having undetected errors, makes them worth the resources. Example: in aerospace engineering, undetected errors may cause death, so formal methods are more popular than in other application areas.

At times, proponents of formal methods have claimed that their techniques would be the silver bullet to the software crisis. Of course, it is widely believed that there is no silver bullet for software development, and some have written off formal methods due to those overstated, overreaching claims.

Formal methods and notations There are a variety of formal methods and notations available, including

Abstract State Machines (ASMs)
Alloy language
B-Method
Process calculi

Actor model
Esterel
Lustre programming language
Petri nets
RAISE specification language
Vienna Development Method

VDM specification language
VDM++

Z notation