Formal Methods in SE

Course Code–SEFM-262

INTRODUCTION

D R . N A R G I S FAT I M A
A SS I S TA N T P R O F E SS O R
D E PA R T M E N T O F S O F T WA R E E N G I N E E R I N G , F E C

N AT I O N A L U N I V E R S I T Y O F M O D E R N L A N G U A G E S H - 9
 Agenda
Recommended Textbooks/Reference Books
Course Outline
CLOs
Grading

The lecture slides are for reading purpose not allowed to upload on internet/website

N AT I O N A L U N I V E R S I T Y O F M O D E R N L A N G U A G E S H - 9
 Recommended
Textbooks/Reference Books
Credit Hours 3 (3+0)
Pre-requisites Discrete Structures

Recommended Textbook(s) Concise guide to formal methods, theory, fundamentals and

industry applications, 7th edition, Springer, 2017.

Recommended Reference 1. The way of Z practical programming with formal methods,

(Books/Websites/Articles) Jonathan Jacky, 7th Edition, Cambridge University Press,
2008.
2. Modern formal methods and applications, Hossam A.
Gabbar, 8th Edition, Springer-Verlag, 2006.

The lecture slides are for reading purpose not allowed to upload on internet/website

N AT I O N A L U N I V E R S I T Y O F M O D E R N L A N G U A G E S H - 9
 Course Outline
Introduction to Formal Methods
Issues with informal specifications
Need, Purpose, and Limitations of Formal Methods.
Formal Specification, Verification and automated theorem proving.
Formal Specification Languages (Z, B, B-event, RAISE, VDM-SL etc.), Propositional &
Predicate Logic, Predicate Logic
Equality for formal specification
Formal specification and Verification, Definite description
Brief introduction to set theory
Commandments of Formal Methods
The lecture slides are for reading purpose not allowed to upload on internet/website

N AT I O N A L U N I V E R S I T Y O F M O D E R N L A N G U A G E S H - 9
 Course Outline
Defining types
Formal Specification Structure Schema and Schema composition
Relations and Functions
Schema references, Schema texts, Predicates, Schema expressions
Sequences, modelling sequences
Defining state space, state space verification,
Concept of Schema Invariant and Operations, Precondition and Post condition
Formal specifications examples
Introducing the formal specification tools for writing formal specification in Z/VDM-SL, Case
Studies
The lecture slides are for reading purpose not allowed to upload on internet/website

N AT I O N A L U N I V E R S I T Y O F M O D E R N L A N G U A G E S H - 9
 Course CLOs
CLOs Description Domain Taxonomy PLOs Assessment
Level Artifact
CLO1 Describe the cost, benefits, Cognitive 2 2 A1, Q1, Midterm
limitations, and fundamental
concepts of formal methods to
state its main idea.
CLO2 Interpret software system Cognitive 2 2 A2, Q2 Midterm,
using formal methods to Final Term
express desired system
behavior.
CLO3 Apply formal methods of Cognitive 3 2 A3, Q3,
specification and verification Presentation/Pro
to develop ject, Final Term

The lecture slides are for reading purpose not allowed to upload on internet/website

N AT I O N A L U N I V E R S I T Y O F M O D E R N L A N G U A G E S H - 9
 Grading
Internal Evaluation 25%
◦ Assignment (10%)
◦ Quiz (10%)
◦ Presentation/Project (5%)

Midterm 25%
Final Term 50%

Total 100%

The lecture slides are for reading purpose not allowed to upload on internet/website

N AT I O N A L U N I V E R S I T Y O F M O D E R N L A N G U A G E S H - 9
 Requirements/Specification
Form the basis for all software products

Requirements engineering is the process, which enables us

to systematically determine the requirements for a
software product

The lecture slides are for reading purpose not allowed to upload on internet/website

N AT I O N A L U N I V E R S I T Y O F M O D E R N L A N G U A G E S H - 9
 Software Requirements - 1
A complete description of what the software system will
do without describing how it will do it is represented by
the software requirements

The lecture slides are for reading purpose not allowed to upload on internet/website

N AT I O N A L U N I V E R S I T Y O F M O D E R N L A N G U A G E S H - 9
 Software Requirements - 2
Software requirements are complete specification of the
desired external behavior of the software system to be
built

They also represent External behavior of the system

The lecture slides are for reading purpose not allowed to upload on internet/website

N AT I O N A L U N I V E R S I T Y O F M O D E R N L A N G U A G E S H - 9
 Software Requirements - 3
Software requirements may be:
◦ Abstract statements of services and/or constraints
◦ Detailed mathematical functions

The lecture slides are for reading purpose not allowed to upload on internet/website

N AT I O N A L U N I V E R S I T Y O F M O D E R N L A N G U A G E S H - 9
 IEEE Definition

A condition or capability that must be met or possessed

by a system...to satisfy a contract, standard, specification,
or other formally imposed document
◦ IEEE Std. 830

The lecture slides are for reading purpose not allowed to upload on internet/website

N AT I O N A L U N I V E R S I T Y O F M O D E R N L A N G U A G E S H - 9
 Importance of Software
Requirements
The hardest single part of building a software system is
deciding what to build...No other part of the work so
cripples the resulting system if done wrong. No other
part is difficult to rectify later
◦ Fred Brooks

The lecture slides are for reading purpose not allowed to upload on internet/website

N AT I O N A L U N I V E R S I T Y O F M O D E R N L A N G U A G E S H - 9
 Examples of Requirements
-1
The system shall maintain records of all payments made to
employees on accounts of salaries, bonuses, travel/daily
allowances, medical allowances, etc.

The lecture slides are for reading purpose not allowed to upload on internet/website

N AT I O N A L U N I V E R S I T Y O F M O D E R N L A N G U A G E S H - 9
 Examples of Requirements
-4
The system shall allow users to search for an item by title,
author, or by International Standard Book Number

The system’s user interface shall be implemented using a

web browser

The lecture slides are for reading purpose not allowed to upload on internet/website

N AT I O N A L U N I V E R S I T Y O F M O D E R N L A N G U A G E S H - 9
 Examples of Requirements
-5
The system shall support at least twenty transactions per
second

The system facilities which are available to public users

shall be demonstrable in ten minutes or less

The lecture slides are for reading purpose not allowed to upload on internet/website

N AT I O N A L U N I V E R S I T Y O F M O D E R N L A N G U A G E S H - 9
Types of Software
Requirements

N AT I O N A L U N I V E R S I T Y O F M O D E R N L A N G U A G E S H - 9
 Types of Software
Requirements
Functional requirements
Non-functional requirements
Domain requirements
Inverse requirements
Design and implementation constraints

The lecture slides are for reading purpose not allowed to upload on internet/website

N AT I O N A L U N I V E R S I T Y O F M O D E R N L A N G U A G E S H - 9
 Functional Requirements - 1
Statements describing what the system does

Functionality of the system

The lecture slides are for reading purpose not allowed to upload on internet/website
 Functional Requirements - 2
Statements of services the system should provide
◦ Reaction to particular inputs
◦ Behavior in particular situations

The lecture slides are for reading purpose not allowed to upload on internet/website

N AT I O N A L U N I V E R S I T Y O F M O D E R N L A N G U A G E S H - 9
 Functional Requirements - 3
Sequencing and parallelism are also captured by functional
requirements

Abnormal behavior is also documented as functional

requirements in the form of exception handling

The lecture slides are for reading purpose not allowed to upload on internet/website

N AT I O N A L U N I V E R S I T Y O F M O D E R N L A N G U A G E S H - 9
 Functional Requirements - 4
Functional requirements should be complete and
consistent

Customers and developers usually focus all their attention

on functional requirements

The lecture slides are for reading purpose not allowed to upload on internet/website
 Functional Requirements
Example # 2
The user shall be able to search either the entire database
of patients or select a subset from it (admitted patients, or
patients with asthma, etc.)

The lecture slides are for reading purpose not allowed to upload on internet/website

N AT I O N A L U N I V E R S I T Y O F M O D E R N L A N G U A G E S H - 9
 Functional Requirements
Example # 3
The system shall provide appropriate viewers for the user
to read documents in the document store

The lecture slides are for reading purpose not allowed to upload on internet/website

N AT I O N A L U N I V E R S I T Y O F M O D E R N L A N G U A G E S H - 9
 Comments on Examples
Notice the ambiguity in the requirement, which uses the
term ‘appropriate viewers’

This requirement does not mention the formats of

documents and types of viewers, which can be used

The lecture slides are for reading purpose not allowed to upload on internet/website

N AT I O N A L U N I V E R S I T Y O F M O D E R N L A N G U A G E S H - 9
 Comments on Examples
Incomplete and ambiguous requirements are open to
multiple interpretations and assumptions

This can lead to the development of poor quality, or faulty,

software products

The lecture slides are for reading purpose not allowed to upload on internet/website

N AT I O N A L U N I V E R S I T Y O F M O D E R N L A N G U A G E S H - 9
 Non-Functional
Requirements - 1
Most non-functional requirements relate to the system as
a whole.
They include constraints on timing, performance,
reliability, security, maintainability, accuracy, the
development process, standards, etc.

The lecture slides are for reading purpose not allowed to upload on internet/website

N AT I O N A L U N I V E R S I T Y O F M O D E R N L A N G U A G E S H - 9
 Product Requirements
Examples
The system shall allow one hundred thousand hits per minute on the
website

The system shall not have down time of more than one second for
continuous execution of one thousand hours

The lecture slides are for reading purpose not allowed to upload on internet/website

N AT I O N A L U N I V E R S I T Y O F M O D E R N L A N G U A G E S H - 9
 Organizational Requirements
Examples
The system development process and deliverable documents shall
conform to the MIL-STD-2167A
Any development work sub-contracted by the development
organization shall be carried out in accordance with Capability
Maturity Model

The lecture slides are for reading purpose not allowed to upload on internet/website

N AT I O N A L U N I V E R S I T Y O F M O D E R N L A N G U A G E S H - 9
 External Requirements
Examples
The system shall not disclose any personal information about
members of the library system to other members except system
administrators

The system shall comply with the local and national laws regarding
the use of software tools

The lecture slides are for reading purpose not allowed to upload on internet/website

N AT I O N A L U N I V E R S I T Y O F M O D E R N L A N G U A G E S H - 9
 Observations on Non-Functional Requirements -
2
Goals are open to misinterpretation
Objective verification is difficult
Distinction between functional and non-functional is not
always very clear

The lecture slides are for reading purpose not allowed to upload on internet/website

N AT I O N A L U N I V E R S I T Y O F M O D E R N L A N G U A G E S H - 9
Domain
Requirements

N AT I O N A L U N I V E R S I T Y O F M O D E R N L A N G U A G E S H - 9
 Domain Requirements - 1
Requirements that come from the application domain and reflect
fundamental characteristics of that application domain
These can be both the functional or non-functional requirements

The lecture slides are for reading purpose not allowed to upload on internet/website

N AT I O N A L U N I V E R S I T Y O F M O D E R N L A N G U A G E S H - 9
 Domain Requirements - 4
Example
◦ Banking domain has its own specific constraints, for example,
most banks do not allow over-draw on most accounts, however,
most banks allow some accounts to be over-drawn

The lecture slides are for reading purpose not allowed to upload on internet/website

N AT I O N A L U N I V E R S I T Y O F M O D E R N L A N G U A G E S H - 9
Inverse
Requirements

N AT I O N A L U N I V E R S I T Y O F M O D E R N L A N G U A G E S H - 9
 Inverse Requirements - 1
They explain what the system shall not do.
Many people find it convenient to describe their needs in
this manner

The lecture slides are for reading purpose not allowed to upload on internet/website

N AT I O N A L U N I V E R S I T Y O F M O D E R N L A N G U A G E S H - 9
 Inverse Requirements - 2
Example:
The system shall not use red color in the user interface, whenever it
is asking for inputs from the end-user

The lecture slides are for reading purpose not allowed to upload on internet/website

N AT I O N A L U N I V E R S I T Y O F M O D E R N L A N G U A G E S H - 9
Design and Implementation
Constraints

N AT I O N A L U N I V E R S I T Y O F M O D E R N L A N G U A G E S H - 9
 Design and Implementation
Constraints - 1within which the designer must
They are development guidelines
work
These requirements can seriously limit design and implementation
options
Can also have impact on human resources

The lecture slides are for reading purpose not allowed to upload on internet/website

N AT I O N A L U N I V E R S I T Y O F M O D E R N L A N G U A G E S H - 9
 Design and Implementation
Constraints Examples
The system shall be developed using the Microsoft .Net platform

The system run on Linux operating system

The lecture slides are for reading purpose not allowed to upload on internet/website

N AT I O N A L U N I V E R S I T Y O F M O D E R N L A N G U A G E S H - 9
 Software Defects cause BIG Failures
Tiny faults in technical systems can have catastrophic consequences
Defects in later phase of software development cause rework and thus increases
cost of overall project.

The lecture slides are for reading purpose not allowed to upload on internet/website

N AT I O N A L U N I V E R S I T Y O F M O D E R N L A N G U A G E S H - 9
 How to Ensure Software
Correctness/ Compliance?
Testing
◦ Static
◦ Dynamic

Testing is labour intensive, hence expensive

 Testing shows presence of errors, not their absence

 Exhaustive testing is difficult even for small

programs

The lecture slides are for reading purpose not allowed to upload on internet/website

N AT I O N A L U N I V E R S I T Y O F M O D E R N L A N G U A G E S H - 9
 A PROCESS BASED APPROACH

The lecture slides are for reading purpose not allowed to upload on internet/website
 FORMAL METHODS
Mathematically based techniques for describing
system properties
◦ Have a sound mathematical basis
◦ Typically given by a formal specification language
◦ Provide frameworks for systematically
◦ Specifying, Design and Verifying systems

The lecture slides are for reading purpose not allowed to upload on internet/website

N AT I O N A L U N I V E R S I T Y O F M O D E R N L A N G U A G E S H - 9
 FORMAL METHODS: THE VISION
Complement other analysis and design
methods
Are good at finding bugs (in code and
specification)
Reduce development (and testing) time

The lecture slides are for reading purpose not allowed to upload on internet/website

N AT I O N A L U N I V E R S I T Y O F M O D E R N L A N G U A G E S H - 9
The lecture slides are for reading purpose not allowed to upload on internet/website

N AT I O N A L U N I V E R S I T Y O F M O D E R N L A N G U A G E S H - 9
 Thank you

The lecture slides are for reading purpose not allowed to upload on internet/website

N ATN
IO N IAOLNU
AT ANL IU
VENR
I VSEI T
RYS IO
TFY M
OFOD
MEORDNE R
LANNLGAUNAGGUEASGH
E -S9 H - 9