Presentation is loading. Please wait.

Presentation is loading. Please wait.

Introduction to Formal Methods

Published byJoseph Francis Modified over 6 years ago

Similar presentations

Presentation on theme: "Introduction to Formal Methods"— Presentation transcript:

1 Introduction to Formal Methods
Based on Jeannette M. Wing. A Specifier's Introduction to Formal Methods. IEEE Computer, 23(9):8-24, September, 1990.

2 Outline Definition of formal methods and specification languages
Pragmatics of formal specifications Examples: Z, VDM, Larch, temporal logic, CSP, transition axioms

3 In-class: Read page 8 (10 mins)
Q: What are formal methods At what stages of system development can formal methods be used? Some advantages of formal specifications?

4 Formal Methods Definition: Formal Methods
Mathematically based techniques that describe system properties, from which, people can systematically specify, develop, and verify systems. The mathematical foundation allows for a concise and unambiguous definition of notions such as: Consistency Completeness Specification Implementation Correctness Because the semantics are formally defined, they are amenable to machine analysis and manipulation.

5 Formal Methods Can be used to specify:
behavioral properties structural properties pragmatic considerations, e.g. response time Applicable at all phases of the software lifecycle. Requirements analysis Design V & V Documentation Analysis and evaluation

6 In-class: Read pages 10-11 Q1: Three elements of formal specification languages? Q2: Example semantic domains? Q3: Why an “abstract satisfies relation” on top of the “satisfies” relation?

7 Formal Specification Language
Triple, <Syn, Sem, Sat> Syn: language’s syntactic domain, a set Sem: language’s semantic domain, a set Sat: a satisfies relation between Syn and Sem, a subset of Syn X Sem Given <Syn, Sem, Sat> If Sat(syn, sem), syn is a specification of sem and sem is a specificand of syn. The specificand set of a specification syn in Syn is the set of all specificands sem in Sem such that Sat(syn, sem). I.e., Sat doesn’t have to be a function; but why? Q: Any other properties of Sat?

8 Syntactic Domains Defined as a set of symbols and grammatical rules
Symbols can be constants, variables, and logical connectives Grammatical rules define how to combine the symbols into well formed sentences E.g., x.P(x)  Q(x) A syntactic domain need not be restricted to text. Symbols can include boxes, circles, lines, arrows, etc. A possible rule could be that “an arrow must be connected at both ends to a box” Essentially, the syntactic domain is the set of all possible well formed specifications that can be expressed using the symbols, whether textual or graphical.

9 Exercise: Syntactic Domain
Define the syntactic domain of UML use case diagrams by Identifying the symbols (i.e., diagram elements) Defining grammatical rules (i.e., well-formedness)

10 Semantic Domains Semantic domain Examples
Set of objects in the universe of what the language can describe; i.e., meanings or interpretations. Examples ADT languages: Algebras, theories, programs Concurrent/distributed: State sequences, event sequences, state and transition sequences, streams, synchronization trees, partial orders, state machines If semantic domain is over programs: implements for satisfies implementation for specificand

11 Questions Is a programming language a specification language?
Is a specification language a programming language? Semantic domains of programming languages? Functions from input to output Computations Predicate transformers Machine instructions

12 Satisfies Relation Often need to specify different aspects of a single specificand (various abstractions), e.g., Functional behavior of a collection of program modules Structural relationships between the modules Abstraction function for different views A semantic abstraction function, A: Sem  2Sem, maps elements of the semantic domain into equivalence classes A partition of the semantic domains E.g., A(0) = {0,5}, A(1) = {1,6}, … Abstract satisfies relation between specs and equivalence classes of semantic domains induced by satisfies relation and semantic abstraction function

13 Abstract Satisfies Relation
all methods that sort arrays Java methods all methods with O(n log n) performance

14 Pair (2 Minutes) Different types of semantic abstraction functions for the Battleship game? I.e., different views/aspects for specifying it?

15 Abstract Satisfies Relation
Two broad classes of abstraction functions: Those that abstract preserving behavior Those that abstract preserving structure Behavioral specifications Constraints on observed behavior Functionality such as a mapping from inputs to outputs (Cleanroom) Other aspects such as fault tolerance, safety, security, response time, and space efficiency. Structural specifications Constraints on the internal composition of specificands Capture hierarchical and uses relations Denoted by call graphs, data dependency diagrams, etc.

16 Properties of Specifications
Unambiguous Given <Syn, Sem, Sat>, a specification syn is unambiguous if Sat maps syn to exactly one specificand set. Key property: no multiple interpretations! Q: Is a natural language (or visual notation) formal? Consistent Given <Syn, Sem, Sat>, a specification syn is consistent (or satisfiable) if Sat maps syn to a non-empty specificand set. Existence of implementation Not contradiction (when a specification is viewed as a set of facts)

17 Properties (Cont.) Complete vs. incomplete (or loose specifications)
More complete: implementation bias and less freedom Less complete: more freedom to programmer and less restrictive Over vs under specifications (Pair, 5 mins) Define the notion of looseness formally. I.e., when a specification is looser than another?

18 Proving properties of Specificands
Most formal methods include a specification language that has a well-defined logical inference system. When you prove a statement inferable from a specification (= set of facts), you prove a property that a specificand satisfying the specification will have. Soundness vs. completeness (of inference systems) If users are able to prove a surprising result, then perhaps the base specifications are wrong.

19 Pair (5 Minutes) Any interesting properties of the Battleship game to prove ?

20 Pragmatics Users Writers Readers Use Characteristics

21 Use of Formal Methods Formal methods can be applied to all phases of system development, e.g., throughout development lifecycle Requirements Clarify customer’s stated requirements Crystallize vague ideas by revealing contradictions, ambiguities, and incompleteness. Aid communication between engineer and client, e.g., English to spec / spec to English tools Design Aids in decomposition, e.g., by formally specifying interfaces between modules Aids in refinement, e.g., by ensuring that different levels of abstractions all satisfy a parent specification

22 Use of Formal Methods Verification and validation Documentation
Guide the building of test cases, e.g., black-box testing Verify the critical sections of implementation Q: V&V? Documentation More precise and concise than natural language Analysis and evaluation Serve as reference point between what the customer wanted and what was implemented Can be used to find bugs in existing systems that weren’t developed using formal methods

23 Characteristics of FMs
Model-oriented Define a system’s behavior directly by constructing a model Model in terms of mathematical structures such as sets, functions, relations, and sequences Use model to show correctness with respect to specifications E.g., Sequential and ADT: Z, VDM Concurrent and distributed: Petri net, CCS, CSP Property-oriented Define a system behavior indirectly by stating a set of properties that the system must satisfy Properties in the form of axioms (predicate logic) or equations E.g., Larch, OBJ, Clear, ACT ONE, LOTOS

24 Characteristics of FMs
Visual languages Petri net, State charts Executable OBJ, Prolog Q: Should a formal specification language be executable? Tool-supported Model-checking tools: SPIN, Java Pathfinder (see Proof-checking tools: PVS, KeY (see

25 Language Examples (Symbol Table in Z and VDM)

26 Symbol Table – Larch Larch/CLU LSL

27 Concurrency - Temporal Logic
Based on temporal operators such as: P: In all future state P: in some future state OP: in the next state Q: Meanings of (1)-(4)? Notation: <c!m> event of placing message m on channel c.

28 Temporal Logic (1) Any message transmitted to the right channel must have been previously placed on the left channel (2) Messages are transmitted first in, first out (3) All messages are unique (4) Each incoming message will eventually be transmitted 28

29 Concurrency – Communicating Sequential Process (CSP)
Based on a model of traces or event sequences, and assumes processes communicate by sending messages. ? prefix refusal set: refuse to communicate

30 Concurrency – Transition Axiom
Axioms for operations Temporal logic for properties 30

31 Summary Differences among formal methods But, same purpose
notation, semantic domain, definition of the satisfies relation But, same purpose Let system developers couch their ideas precisely I.e., provide a way to specify and verify programs in order to provide a deeper understanding of a system for clients, designers, implementers, and testers.

Download ppt "Introduction to Formal Methods"

Similar presentations

Introducing Formal Methods, Module 1, Version 1.1, Oct., 1998 1 Formal Specification and Analytical Verification L 5.

Introducing Formal Methods, Module 1, Version 1.1, Oct., Formal Specification and Analytical Verification L 5.
LIFE CYCLE MODELS FORMAL TRANSFORMATION

LIFE CYCLE MODELS FORMAL TRANSFORMATION
Requirement Analysis and Specification Mr. Manoj Kumar Kar.

Requirement Analysis and Specification Mr. Manoj Kumar Kar.
Background information Formal verification methods based on theorem proving techniques and model­checking –to prove the absence of errors (in the formal.

Background information Formal verification methods based on theorem proving techniques and model­checking –to prove the absence of errors (in the formal.
ISBN 0-321-33025-0 Chapter 3 Describing Syntax and Semantics.

ISBN Chapter 3 Describing Syntax and Semantics.
CS 355 – Programming Languages

CS 355 – Programming Languages
The Z Specification Language

The Z Specification Language
Formal Methods in Software Engineering Credit Hours: 3+0 By: Qaisar Javaid Assistant Professor Formal Methods in Software Engineering1.

Formal Methods in Software Engineering Credit Hours: 3+0 By: Qaisar Javaid Assistant Professor Formal Methods in Software Engineering1.
Informatics 43 – May 7, 2015. Restatement of Goals for Testing Want to verify software’s correctness  Need to test  Need to decide on test cases  No.

Informatics 43 – May 7, Restatement of Goals for Testing Want to verify software’s correctness  Need to test  Need to decide on test cases  No.
Software Testing and Quality Assurance

Software Testing and Quality Assurance
Formal Methods. Importance of high quality software ● Software has increasingly significant in our everyday activities - manages our bank accounts - pays.

Formal Methods. Importance of high quality software ● Software has increasingly significant in our everyday activities - manages our bank accounts - pays.
Model Checking. Used in studying behaviors of reactive systems Typically involves three steps: Create a finite state model (FSM) of the system design.

Model Checking. Used in studying behaviors of reactive systems Typically involves three steps: Create a finite state model (FSM) of the system design.
Describing Syntax and Semantics

Describing Syntax and Semantics
School of Computer ScienceG53FSP Formal Specification1 Dr. Rong Qu Introduction to Formal Specification

School of Computer ScienceG53FSP Formal Specification1 Dr. Rong Qu Introduction to Formal Specification
MCA –Software Engineering Kantipur City College. Topics include  Formal Methods Concept  Formal Specification Language Test plan creation Test-case.

MCA –Software Engineering Kantipur City College. Topics include  Formal Methods Concept  Formal Specification Language Test plan creation Test-case.
Meaningful Modeling: What’s the Semantics of “Semantics”? David Harel, Weizmann Institute of Science Bernhard Rumpe, Technische Universität Braunschweig.

Meaningful Modeling: What’s the Semantics of “Semantics”? David Harel, Weizmann Institute of Science Bernhard Rumpe, Technische Universität Braunschweig.
Formal Methods 1. Software Engineering and Formal Methods  Every software engineering methodology is based on a recommended development process  proceeding.

Formal Methods 1. Software Engineering and Formal Methods  Every software engineering methodology is based on a recommended development process  proceeding.
Cheng/Dillon-Software Engineering: Formal Methods Model Checking.

Cheng/Dillon-Software Engineering: Formal Methods Model Checking.
The Software Development Life Cycle: An Overview

The Software Development Life Cycle: An Overview
1 COSC 4406 Software Engineering COSC 4406 Software Engineering Haibin Zhu, Ph.D. Dept. of Computer Science and mathematics, Nipissing University, 100.

1 COSC 4406 Software Engineering COSC 4406 Software Engineering Haibin Zhu, Ph.D. Dept. of Computer Science and mathematics, Nipissing University, 100.

Similar presentations

Ads by Google