Lecture 6 Software Engineering
1 What are Formal Methods?
• Formal methods is that area of computerscience that is concerned with theapplication of mathematical techniques tothe design and implementation ofcomputer hardware and (more usually)software.
“That part of computer scienceconcerned with the application ofmathematical methods to theproduction of computer software”.(Jones, 1986)
•Why bother with formal methods?
1. The correctnesss problem:– producing software that is “correct”
is famously difficult;– by using rigorous mathematical
techniques, it may be possible tomake provably correct software.
2. Programs are mathematical objects;– they are expressed in a formal
language;Mike Wooldridge 1
Lecture 6 Software Engineering
– they have a formal semantics;– programs can be treated as
mathematical theories.
Mike Wooldridge 2
Lecture 6 Software Engineering
• Diller (1988) suggests there are two mainparts to formal methods:
1. Formal specification.Using mathematics to specify thedesired properties of a computersystem.
2. Formal verification.Using mathematics to prove that acomputer system satisfies itsspecification.
• To which many would add:
3. Automated programming.Automating the process of programgeneration.
Mike Wooldridge 3
Lecture 6 Software Engineering
• Formal methods can eliminate ambiguity.A key problem with informalspecifications is the inherent ambiguity oftextual descriptions; using mathematicscan eliminate such ambiguity.
• Mathematics is concise.Complex properties can be expressedsuccinctly.
• Mathematics offers power.There is little that cannot in some way bedescribed and reasoned about usingmaths.
Mike Wooldridge 6
Lecture 6 Software Engineering
• Maths facilitates proof.The ability to prove properties of a systemis potentially very valuable.
• Formal specifications, etc., can be manipulatedby computer.
– CASE tools;– automated specification checkers (e.g.,
CADIZ);– automated programming.
• Formal methods lead to a deep understandingof systems.The precision and detail required brings adeep understanding of what’s going on.
Mike Wooldridge 7
Lecture 6 Software Engineering
• Formal methods eliminate the need for testing.People can get get sums wrong!
• Formal methods eliminate the need for naturallanguage.Ultimately, maths is just symbols: Englishis needed to relate these symbols to reality.
• You need a PhD to use formal methods.All maths looks hard until you get used toit. . .
Mike Wooldridge 10
Lecture 6 Software Engineering
• There are two schools of thought onformal specification:
1. Property based;2. Model based.
Mike Wooldridge 13
Lecture 6 Software Engineering
Property Based Specification
• In property based specification, youdescribe the operations you can performon a system, and the relationshipsbetween operations.
• A property oriented specification consistsof:
– a signature part which defines the syntaxof operations (what parameters theytake and return);
– an equations part, which define thesemantics of the operations via a set ofequations called axioms.
Mike Wooldridge 14
Lecture 6 Software Engineering
• EXAMPLES OF PROPERTY ORIENTEDSPECIFICATION TECHNIQUES.
– algebraic specification of abstract datatypes (Hoare, 1969).
– the OBJ language (Futatsugi et al., 1985).
Mike Wooldridge 15
Lecture 6 Software Engineering
Model Based Specification
• In model based specification, you use thetools of set theory, function theory andlogic to build an abstact model of a system.
• You can then specify the operations thatmay be performed on your model, eitherexplicitly, or implicitly (in terms of pre-and post-conditions).
• The model we construct is:
– high-level;– idealized;– free of implementation bias (hopefully!)
Mike Wooldridge 16
Lecture 6 Software Engineering
• A model based specification consists of:
– a definition of the set of states a systemmay be in;
– definitions for the legal operations thatmay be performed on your system,indicating how these change currentstate.
• EXAMPLES.
– the Z specification language (Abrial,1980; Hayes 1987; Spivey 1988);
– the VDM (Vienna DevelopmentMethod) specification language (Jones1980, 1986).
Mike Wooldridge 17
Lecture 6 Software Engineering
• The Z specification language is asemi-graphical notation for writing formalspecifications.
• It was developed at Oxford Universityprogramming research group in the late1970s.
• It has been adopted by IBM as their mainformal specification tool (so it’s not just anacademic toy!)
• It was used to specify the IBM CustomerInformation Control System (CICS) — amajor piece of software.
Mike Wooldridge 20
Lecture 6 Software Engineering
• There are at least three software tools fordeveloping Z specifications:
– FUZZ. Developed at Oxford by Spiveyet al, in late 1980s.
– CADIZ. Developed at York University,also in late 1980s (its what we havehere);
– ZED. Developed at Pennsylvania stateUniversity
Mike Wooldridge 23