Formal Methods: The very idea, some thoughts about why they work when they work

1
Formal Methods The very idea, some thoughts
about why they work when they work

• Discussion lead by
• Garrett Toenders and David Oldford
• 6 October 2003

Berry, Daniel M, Formal Methods The very idea,
some thoughts about why they work when they work.
Computer Science Department, University of
Waterloo. Elsevier Science B.V., 1999.
2
Define Formal Methods

• What do you think Formal Methods are?

3
Requirements Specification

• Most errors in SWICBS are introduced during the
  requirements specification stage

4
Silver Bullet?

• Do formal methods attack the essence of software?

5
Value of FMs

• Not all applications of FMs lead to high quality
  SWICBSs
• FMs are extra useful due to these by-products of
  their use
• Is there inherent value in the application of FMs?

6
Second Time Phenomenon

• If you do something a second time it will be
  better because of what you have learned from
  doing it the first time
• If for no other reason than to help clarify the
  code, a complete writing of specifications is
  required for the second time phenomenon to work.

7
Mathematical Proof

• Is mathematically proving a specification enough
  to say that it is met for all circumstances?

8
Types of FMs

• Verification
• Intensive Study of Key Problems
• Refutation - Refutation as an FM sounds more
  realistic. It doesnt go looking for all of the
  correctness, but looks only for one instance
  where it is not correct. This is more realistic
  since there should be more instances of
  correctness than not

9
Code is an FM

• Code should be used more often as a form of
  formal method. Program code is readily compiled
  and tested and there exists a large user base of
  experts in its notation.

10
Limitations of FMs

• What cant they do?

11
The Cost

• While the application of formal methods may
  minimize costs of a software product over the
  long run, formal methods will have to progress to
  a point where they exhibit drastically decreased
  implementation costs and time expenditures in
  order to make them viable for average commercial
  software.

12
The Importance of Ignorance

• The ignorant member requires a great deal of time
  and effort to understand what is happening in
  that area of the code, and although this means
  that he will be more thorough in his analysis, it
  will also cost the company more to involve
  someone with no background knowledge

13
Critical Systems

• Software products, which do not have critical
  requirements, would achieve little from extensive
  application of formal methods especially in
  todays software market where getting a product
  to market is more important than its quality
• Formal methods cannot find all the errors and
  omissions of requirement specifications, and
  formal methods are necessary for highly safety-
  and security-critical systems.

14
Attitude

• It is not the formality of the specifications
  produced, but the attitude with which they are
  approached which makes FMs effective

15
Coffee

• I felt like I was having a cup of coffee with Mr.
  Berry and chatting formal methods
• Having said that, had it been a real
  conversation, there are places that I would have
  interjected in the conversation with two cents of
  my own
• Overall, Mr. Berry and my coffee chat were
  relatively in agreement
• It has been a pleasure chatting with you Mr.
  Berry
• -Mel