lecture 6: introduction to formal methods · to which many would add: 3. ... you need a phd to use...

LECTURE 6: INTRODUCTION TOFORMAL METHODS

Software Engineering

Mike Wooldridge

Lecture 6 Software Engineering

1 What are Formal Methods?

• Formal methods is that area of computerscience that is concerned with theapplication of mathematical techniques tothe design and implementation ofcomputer hardware and (more usually)software.

“That part of computer scienceconcerned with the application ofmathematical methods to theproduction of computer software”.(Jones, 1986)

•Why bother with formal methods?

1. The correctnesss problem:– producing software that is “correct”

is famously difficult;– by using rigorous mathematical

techniques, it may be possible tomake provably correct software.

2. Programs are mathematical objects;– they are expressed in a formal

language;Mike Wooldridge 1


– they have a formal semantics;– programs can be treated as

mathematical theories.

Mike Wooldridge 2


• Diller (1988) suggests there are two mainparts to formal methods:

1. Formal specification.Using mathematics to specify thedesired properties of a computersystem.

2. Formal verification.Using mathematics to prove that acomputer system satisfies itsspecification.

• To which many would add:

3. Automated programming.Automating the process of programgeneration.

Mike Wooldridge 3


Mike Wooldridge 4

ADVANTAGES


• Formal methods can eliminate ambiguity.A key problem with informalspecifications is the inherent ambiguity oftextual descriptions; using mathematicscan eliminate such ambiguity.

• Mathematics is concise.Complex properties can be expressedsuccinctly.

• Mathematics offers power.There is little that cannot in some way bedescribed and reasoned about usingmaths.

Mike Wooldridge 6


• Maths facilitates proof.The ability to prove properties of a systemis potentially very valuable.

• Formal specifications, etc., can be manipulatedby computer.

– CASE tools;– automated specification checkers (e.g.,

CADIZ);– automated programming.

• Formal methods lead to a deep understandingof systems.The precision and detail required brings adeep understanding of what’s going on.

Mike Wooldridge 7


Mike Wooldridge 8

OBJECTIONS/MISCONCEPTIONS


• Formal methods eliminate the need for testing.People can get get sums wrong!

• Formal methods eliminate the need for naturallanguage.Ultimately, maths is just symbols: Englishis needed to relate these symbols to reality.

• You need a PhD to use formal methods.All maths looks hard until you get used toit. . .

Mike Wooldridge 10


Mike Wooldridge 11

APPROACHES TO FORMALSPECIFICATION


• There are two schools of thought onformal specification:

1. Property based;2. Model based.

Mike Wooldridge 13


Property Based Specification

• In property based specification, youdescribe the operations you can performon a system, and the relationshipsbetween operations.

• A property oriented specification consistsof:

– a signature part which defines the syntaxof operations (what parameters theytake and return);

– an equations part, which define thesemantics of the operations via a set ofequations called axioms.

Mike Wooldridge 14


• EXAMPLES OF PROPERTY ORIENTEDSPECIFICATION TECHNIQUES.

– algebraic specification of abstract datatypes (Hoare, 1969).

– the OBJ language (Futatsugi et al., 1985).

Mike Wooldridge 15


Model Based Specification

• In model based specification, you use thetools of set theory, function theory andlogic to build an abstact model of a system.

• You can then specify the operations thatmay be performed on your model, eitherexplicitly, or implicitly (in terms of pre-and post-conditions).

• The model we construct is:

– high-level;– idealized;– free of implementation bias (hopefully!)

Mike Wooldridge 16


• A model based specification consists of:

– a definition of the set of states a systemmay be in;

– definitions for the legal operations thatmay be performed on your system,indicating how these change currentstate.

• EXAMPLES.

– the Z specification language (Abrial,1980; Hayes 1987; Spivey 1988);

– the VDM (Vienna DevelopmentMethod) specification language (Jones1980, 1986).

Mike Wooldridge 17


Mike Wooldridge 18

THE Z SPECIFICATION LANGUAGE


• The Z specification language is asemi-graphical notation for writing formalspecifications.

• It was developed at Oxford Universityprogramming research group in the late1970s.

• It has been adopted by IBM as their mainformal specification tool (so it’s not just anacademic toy!)

• It was used to specify the IBM CustomerInformation Control System (CICS) — amajor piece of software.

Mike Wooldridge 20


Mike Wooldridge 21

SOFTWARE TOOLS FOR Z


• There are at least three software tools fordeveloping Z specifications:

– FUZZ. Developed at Oxford by Spiveyet al, in late 1980s.

– CADIZ. Developed at York University,also in late 1980s (its what we havehere);

– ZED. Developed at Pennsylvania stateUniversity

Mike Wooldridge 23


• Briefly, CADIZ will:

– take a Z specification in plain-text(ASCII) form;

– perform some simple semantic checkson it;

– typeset (‘pretty print’) it, so that theschemas can be printed out;

– allow simple interactive browsing ofspecifications.

Mike Wooldridge 24

lecture 6: introduction to formal methods · to which many would add: 3. ... you need a phd to use...

Documents