Jonathan P. Bowen

Seven more myths of formal methods

New myths about formal methods are gaining tacit acceptance both outside and inside the system-development community. The authors address and dispel these myths based on their observations of industrial projects. The myths include: formal methods delay the development process; they lack tools; they replace traditional engineering design methods; they only apply to software; are unnecessary; not supported; and formal methods people always use formal methods. >

Using formal specifications to support testing

Formal methods and testing are two important approaches that assist in the development of high-quality software. While traditionally these approaches have been seen as rivals, in recent years a new consensus has developed in which they are seen as complementary. This article reviews the state of the art regarding ways in which the presence of a formal specification can be used to assist testing.

Safety-critical systems, formal methods and standards

Standards concerned with the development of safety-critical systems, and the software in such systems in particular, abound today as the software crisis increasingly affects the world of embedded computer-based systems. The use of formal methods is often advocated as a way of increasing confidence in such systems. The paper examines the industrial use of these techniques, the recommendations concerning formal methods in a number of current and draft standards, and comments on the applicability and problems of using formal methods for the development of safety-critical systems on an industrial scale. Some possible future directions are suggested.< >

Ten commandments of formal methods

Producing correct, reliable software in systems of ever increasing complexity is a problem with no immediate end in sight. The software industry suffers from a plague of bugs on a near-biblical scale. One promising technique in alleviating this problem is the application of formal methods that provide a rigorous mathematical basis to software development. When correctly applied, formal methods produce systems of the highest integrity and thus are especially recommended for security- and safety-critical systems. Unfortunately, although projects based on formal methods are proliferating, the use of these methods is still more the exception than the rule, which results from many misconceptions regarding their costs, difficulties, and payoffs. Surveys of formal methods applied to large problems in industry help dispel these misconceptions and show that formal methods projects can be completed on schedule and within budget. Moreover, these surveys show that formal methods projects produce correct software (and hardware) that is well structured, maintainable, and satisfies customer requirements. Through observations of many recently completed and in-progress projects we have come up with ten guidelines that, if adhered to, greatly increase a projects chances for success. >

Ten Commandments of Formal Methods ...Ten Years Later

How have the formal methods commandments fared over the past decade? Are they still valid in the current industrial setting, and have attitudes toward formal methods improved? The authors revisit their ten maxims to answer these questions.

Industrial-Strength Formal Methods in Practice

1 Its Greek to Me: Method in the Madness?.- 2 The French Population Census for 1990.- 3 The Formal Verification of a Payment System.- 4 Specification of a Chemical Process Controller in B.- 5 Formal Analysis of the Motorola CAP DSP.- 6 Bridging the E-Business Gap Through Formal Verification.- 7 A CAD Environment for Safety-Critical Software.- 8 Scheduling and Rescheduling of Trains.- 9 Lessons from the Formal Development of a Radiation Therapy Machine Control Program.- 10 Using Formal Methods to Develop an ATC Information System.- 11 Rigorous Review Technique.- 12 Analysing Z Specifications with Z/EVES.- 13 How to Construct Formal Arguments that Persuade Certifiers.- 14 Formal Methods Through Domain Engineering.- 15 Formal Verification in Railways.- 16 Cleanroom Software Engineering: Theory and Practice.- References.

Formal Versus Agile: Survival of the Fittest

Many research have focused on new formal methods, integrating formal methods into agile ones, and assessing the agility of formal methods. This paper proves that formal methods can survive in an agile world; they are not obsolete and can be integrated into it. The potential for combining agile and formal methods holds promise. It might not always be an easy partnership, and succeeding will depend on a fruitful interchange of expertise between the two communities. Conducting a realistic trial project using a combined approach with an appropriate formal methods tool in a controlled environment will help assess the effectiveness of such an approach.

Towards a Provably Correct Hardware Implementation of Occam

This paper shows how to compile a program written in a subset of occam into a normal form suitable for further processing into a netlist of components which may be loaded into a Field-Programmable Gate Array (FPGA). A simple state-machine model is adopted for specifying the behaviour of a synchronous circuit where the observable includes the state of the control path and the data path of the circuit. We identify the behaviour of a circuit with a program consisting of a very restricted subset of occam. Algebraic laws are used to facilitate the transformation from a program into a normal form. The compiling specification is presented as a set of theorems that must be proved correct with respect to these laws. A rapid prototype compiler in the form of a logic program may be implemented from these theorems.

Formal Methods: State of the Art and New Directions

The last decade has witnessed a modest but sustained increase in researching and applying formal methods. A number of well cited success stories are now available and provide strong evidence that formal methods can be effective and deployed in industrial-scale applications. Through fundamental contributions from leading researchers, this book provides further evidence of the use of formal methods in the areas of requirements, design, modelling and implementation, verification and validation. The self-contained chapters are views from experts in these areas, providing readers with rich background information and a diverse breadth of specialist material. This authoritative collection of views provides a snapshot of the field and will be of considerable interest to researchers and professionals seeking a perspective on fundamental underpinnings of formal methods and current hot topics in the field. The following website www.fmsand.info is associated with the book.

Reinforced Condition/Decision Coverage (RC/DC): A New Criterion for Software Testing

A new Reinforced Condition/Decision Coverage (RC/DC) criterion for software testing is proposed. This criterion provides further development of the well-known Modified Condition/Decision Coverage (MC/DC) criterion and is more suitable for testing of safety-critical software. Formal definitions in the Z notation for RC/DC, as well as MC/DC, are presented. Specific examples of using of these criteria are considered and some features are formally proved.