Formal Methods

Dharmendra Kumar Yadav

Professor, CSED,
MNNIT, Allahabad
Course Focus

 Modeling
 Hands-on approach towards formal verification.
 More on practical use of verification, with particular
focus on Software Verification
 Each of you will apply formal methods to verify some
part of software as part of Lab.
 FSM, CCS & Pi-calculus, it‟s theory and applications
 Theoretical background on Temporal Logics and
Model Checking.
Readings

 Textbook :
– Communication and Concurrency: Robin Milner
– Pi-calculus: Robin Milner, Available in Library
– Logic in computer science: Huth and Ryan
Available in Book Store
– Model Checking : Clarke, Grumberg, Peled
Available in Library
 Lecture Slides
Assessment + Workload
 Assessment Criteria
– Mid Semester – 20%
– Quizzes & Assignment – 15%
– Final Examination – 60%
– Questioning and class behavior -5%

 Workload
– Weekly reading : 4 hrs.
– Assignments & Quizzes: 2 hrs.
– Lectures : 4 hrs.
– TOTAL : 06 hrs. (approx) per Week excluding lectures
Motivation

“To err is human but to really foul things up

requires a computer”
Farmer‟s Almanac for 1978
“Capsules of Wisdom”

“60% of all major industrial disasters from 1921

to 1989 occurred after 1975”
Nancy Leveson
“Safeware: Computers and Technology”
Software Systems

 Software Systems everywhere

– wristwatches, washing machines, microwave
ovens,
– elevators, mobiles, telephones, printers,
– FAX machines, Telephone exchanges,
– Automobiles, Aircrafts, Railways …..
Safety-critical Systems

 Aircrafts, Trains,
 Nuclear & Industrial Plants, Avionics
 Life Support Systems
 Quality of Computational Systems
= Quality of life
Example: auto-pilot

Problem:
“Design a part in auto-pilot that avoids collision with other
planes.”
Solution:
“When distance is 1km, give warning to other plane and notify
pilot. When distance is 300m, and no changes in the course of
other plane were noticed, go up to avoid collision”
Problem with solution

Both planes have the same software. Both

go up...
Why it happens ?

 Hard to predict all behaviors!

– US aircraft went to southern hemisphere and … flipped
when crossing the equator

– Software written for US F-16

 Accidents took place when reused in Israeli aircraft that flown
over the Dead Sea
(altitude < sea level)
Bugs can be deadly and costly
 Therac-25 Accident :
 A software failure caused wrong dosages of x-rays.
 Cost: Human Loss.
 ARIANE Failure
 In December 1996, the Ariane 5 rocket exploded 40
seconds after take off. A software components threw an
exception.
 Cost : $400 million payload.
 Y2K Problem
What are Formal Methods

 Formal Methods is the application of logic to the development

of „correct‟ computer systems.
 Correctness is classically viewed as two separate problems,
verification and validation.
 Verification: Are we building the product right?
Can we use logic to help us ensure that the product built
faithfully implements its specification?
 Validation: Are we building the right product?
Can we use logic to help us ensure that the specification is
complete, consistent, and accurately captures the customer‟s
requirements?
What are Formal Methods

Barry Boehm (Boehm, 1981):

Verification: To establish the truth of correspondence between a
software product and its specification (from the Latin veritas, “truth”).

Validation: To establish the fitness or worth of a software product for its

operational mission (from the Latin valere, “to be worth”).

Verification: Are we building the product right?

Validation: are we building the right product?”
What are Formal Methods

domain verify

speci-
fication
Developers
Application design
verify
Framework design
Architecture design
Validate
imple-
mentation
verify
config.
instance
Market needs needs validate
and needs
system
users
Why Use Formal Methods?

Formal methods are typically employed for

the following reasons:
– they are required by the contract or by law
– they are expected to save development costs
– the product cannot be made sufficiently reliable
otherwise
Formal Specification

Formal specification is an example of formal

methods applied to Software verification.

– The language of logic provides an unambiguous method of

recording the specification.
– The process of writing a formal specification helps uncover
any ambiguity and incompleteness.
– We can reason about a formal specification to check that
the system specified will possess other desired properties.
Formal Specification Techniques

Formal specification techniques can be

partitioned into two broad classes:
– Algebraic Specification: The object to be
described is considered as a collection of actions.
Equations are then used to show the desired
inter-relations between those actions.
– Model Based Specification: The object to be
described is modeled in some expressive logic.
This is like creating an extremely high-level, non
executable implementation.
Formal Verification

 Formal verification is an example of formal methods

applied to verification.
– Formal verification is a process of constructing a proof that
a computer system will behave in accordance with its
specification.
The „standard‟ verification technique is testing, but . . .
– Program testing can be a very effective way to show the
presence of bugs, but it is hopelessly inadequate for
showing their absence.
 Edsgar W. Dijkstra
The Formal Verification Process

 Describe the property you want to hold (the

formal specification).
 Describe the implementation you hope has
it.
 Construct a proof to this effect.
Formal Verification Requires

 A language for describing both

specifications and implementations.

 A deductive calculus for proving propositions

in this language.