LANDMARK UNIVERSITY, OMU-ARAN

FACULTY:
DEPARTMENT: COMPUTER SCIENCE
PROGRAMME: B.Sc. (Hons) COMPUTER SCIENCE

Course
CSC 317: ; Course title: Formal Methods and Software
Development
Credit unit: 2; Course status: C

Lecturer’s Data
Name of Lecturer: Dr. D. R. Aremu
Qualifications Obtained: B. Sc. Maths., M. Sc. (Maths, Computer Science Option), Ph. D. (Computer
Science)
Department: Computer Science.
E-mail: [email protected] or [email protected]

Office Location:
Consultation Hours:
 Introduction to Formal Methods and
Software Development
• In today's rapidly evolving technological landscape, the demand for reliable and robust software systems has
never been greater.
• Software underpins our daily lives, from the applications we use on our smartphones to the critical systems
that power industries, healthcare, and transportation.
• To meet these growing demands, it is essential to employ rigorous methods and techniques that ensure the
correctness, safety, and security of software systems.
• This course is your gateway to a deep understanding of formal methods, a powerful set of mathematical and
logical tools used to design, analyze, and verify software systems.
• We will explore how formal methods can enhance software development by providing systematic approaches
to specification, design, and verification, ultimately leading to more dependable and maintainable software.
• Whether you are a software engineer, a computer scientist, or a student looking to expand your knowledge
and skills, this course will equip you with the essential principles and techniques to tackle complex software
challenges with confidence and precision.
Formal Methods Concepts
•The term Formal Methods (FM) refers to the use of mathematical modelling, calculation and prediction in the
specification, design, analysis and assurance of computer systems and software.

•Formal verification works on the principle that a system described in a formal language can be analyzed and
manipulated according to mathematical principles. Two main approaches to hardware formal design verification
exist:
(i) theorem proving; and
(ii) model checking.

•A formal specification is a concise description of the behavior and properties of a system written in a
mathematically-based language, specifying what a system is supposed to do as abstractly as possible, thereby
eliminating distracting detail and providing a general description resistant to future system modifications.
• A formal proof is a complete and convincing argument for the validity of a statement about a system
description.
• A proof proceeds in a series of steps, each of which draws conclusions from a set of assumptions.
• Justification for each step is derived from a small set of rules which state what conclusions can be reasonably
drawn from assumptions.
• Such justification eliminates ambiguity and subjectivity from the argument. Formal proofs may be prepared
manually or, preferably, with the assistance of an automated FM tool.
• The following are some of the basic concepts you'll explore in this course:

• Formal Methods: An introduction to the overarching concept of formal methods, which are mathematical
and logical techniques used to specify, design, and verify software systems. These methods provide a precise
and unambiguous way to describe software behavior.

• Mathematical Logic: A fundamental understanding of mathematical logic, including propositional logic and
predicate logic, which serve as the basis for formal reasoning and specification.

• Formal Specification: The process of using formal languages to precisely define the requirements and
behavior of software systems. You'll learn how to write formal specifications that leave no room for
ambiguity.

• Model Checking: An exploration of model checking, a formal verification technique used to determine
whether a given system satisfies a specified set of properties or requirements. Model checking is especially
useful for finding errors in critical systems.
• Theorem Proving: The use of formal proof techniques to establish the correctness of software systems.
You'll learn how to create and verify mathematical proofs that demonstrate the correctness of software
designs and implementations.

• Abstraction: How to create abstract models of software systems that simplify complex behaviors, making
them more amenable to formal analysis. Abstraction is a key concept for managing the complexity of
software.

• Automata Theory: An overview of automata theory, which is essential for understanding the behavior of
finite-state machines and regular expressions, and their applications in software modeling and verification.

• Temporal Logic: Introduction to temporal logic, a specialized form of logic used to express and reason about
time-dependent properties of software systems, such as real-time and concurrent systems.
• Hoare Logic: Understanding Hoare logic, a formal system for reasoning about the correctness of computer
programs. You'll learn how to use preconditions and postconditions to prove program correctness.

• Tool Support: An exploration of tools and software platforms that facilitate the application of formal
methods in real-world software development. You'll gain practical experience using these tools to analyze
and verify software.

• Safety and Security: How formal methods are applied to ensure the safety and security of software systems,
particularly in critical domains like aerospace, healthcare, and autonomous vehicles.

• Case Studies: Real-world case studies and examples that demonstrate the practical use of formal methods in
various software development projects.
Benefits of Formal Methods
•The following are some of the benefits realizable from effective applications of FM:

• Formal Method help find defects; as evidence of this, when applied to high-quality software systems, FM have found defects that
went undetected during extensive testing [Miller2]. The inductive nature of testing ensures that complex systems will always have
scenarios which cannot be tested due to practical considerations.

• Formal specifications allow defects in requirements and designs to be detected earlier than they would be otherwise and greatly
reduce the incidence of mistakes in interpreting and implementing correct requirements and designs.

• Formalized statements can be analyzed and their consequences calculated in a repeatable manner. The risks of drawing conclusions
about a system's behavior by extrapolating from a finite number of tests often can be avoided by using proof methods based on
mathematics.

•Such methods allow large (potentially infinite) classes of test cases to be fully covered in a finite proof, and they support reasoning
that can be checked by colleagues or by machine, with minimal dependence on subjective reasoning.

• Use of Formal Method causes more defects to be detected than would otherwise be the case and in certain circumstances guarantees
the absence of certain defects.
Software Development
• Software development is the process of designing, creating, testing, and maintaining software applications,
systems, and programs.
• It involves a series of steps and activities that transform a concept or idea into a functional and operational
piece of software. The following are the key aspects and stages of software development:
i. Requirements Gathering: This is the initial phase, where the development team works with stakeholders to
gather and document the functional and non-functional requirements of the software. These requirements
outline what the software is expected to do and how it should perform.
ii. System Design: In this phase, the high-level architecture of the software is planned. It includes defining the
system's components, their interactions, data flow, and overall structure. Software architects and designers
play a crucial role in this stage.
iii. Detailed Design: Building on the system design, detailed design involves creating a more granular plan for
individual software components. It includes data structures, algorithms, and user interface design. This is a
critical phase for outlining how the software will be implemented.
iv. Implementation: During this phase, the actual coding and programming of the software take place.
Developers write the source code according to the design specifications. They may use various
programming languages and development tools to build the software.
v. Testing: Quality assurance is essential to ensure the software functions as expected and is free of defects. Testing involves various levels,
including unit testing (testing individual components), integration testing (testing interactions between components), and system testing
(testing the entire software system).

vi. Debugging and Refinement: If defects or issues are identified during testing, developers debug and fix the problems. The software is
refined to meet the specified requirements and achieve a level of quality and reliability.

vii. Deployment: Once the software is thoroughly tested and deemed ready for use, it is deployed to the target environment. This may involve
installing the software on users' machines, deploying it to servers, or making it available through app stores or websites

viii. Maintenance and Updates: Software maintenance is an ongoing process to ensure the software continues to operate correctly and
efficiently. This includes fixing bugs, making enhancements, and providing updates to meet changing user needs and address security
vulnerabilities.

ix. Documentation: Throughout the development process, documentation is created to describe the software's functionality, architecture, and
user instructions. This documentation is valuable for both development teams and end-users.

x. Version Control: Version control systems (e.g., Git) are used to track changes to the source code, enabling collaboration, managing
different versions of the software, and ensuring code stability.
xi. Project Management: Effective project management is essential to keep the development process on track.
Agile methodologies (e.g., Scrum) and traditional approaches (e.g., Waterfall) are commonly used to plan,
schedule, and monitor software development projects.

xii. Security Considerations: Ensuring the security of the software is crucial, as vulnerabilities can be exploited by
malicious actors. This involves secure coding practices, vulnerability assessments, and penetration testing.

xiii. User Interface (UI) and User Experience (UX) Design: The design of the user interface plays a significant role
in the usability and user satisfaction of the software. UX considerations focus on the overall user experience.

xiv. Performance Optimization: Depending on the software's intended use, performance optimization may be
necessary to ensure it runs efficiently and responds quickly to user interactions.

xv. Legal and Intellectual Property Considerations: Software developers need to be aware of copyright, licensing,
and intellectual property issues, especially when incorporating third-party components or open-source software.
 Relationship between Formal
Methods and Software Development
• Formal methods involve rigorous specification, design, and verification of software, with a focus on
mathematical reasoning and formal proofs to establish that a program behaves as intended.

• The following are some key aspects of the relationship between formal methods and software development:
•
i. Specification: In formal methods, software requirements and system specifications are often expressed using
formal languages, which have precise syntax and semantics. This helps eliminate ambiguity and ensures a
clear and unambiguous understanding of the system's behavior.

ii. Design: Formal methods can be applied at the design stage to model the system's architecture, data
structures, and algorithms using formal notations. This allows for rigorous analysis of the design for
correctness and performance.

iii. Verification: Verification is a fundamental aspect of formal methods. It involves using formal mathematical
techniques to prove that a software system adheres to its specification and behaves correctly under all
conditions. Model checking, theorem proving, and static analysis are common verification techniques.

iv. Testing: Formal methods can complement testing by providing a mathematical basis for test case
generation. Test cases can be derived from formal specifications or models, ensuring comprehensive
coverage of the system's behavior.
v. Correctness: One of the primary goals of formal methods is to ensure the correctness of software. This includes
proving properties like safety (nothing bad happens) and liveness (something good eventually happens). Formal
methods can help detect and prevent defects early in the development process.

vi. Safety-Critical and Mission-Critical Systems: Formal methods are commonly used in the development of safety-
critical and mission-critical systems, such as avionics, medical devices, and nuclear power plants, where human lives
or significant resources are at stake. In these domains, the consequences of software failure can be severe, making
rigorous verification essential.

vii. Challenges: While formal methods offer significant benefits, they come with challenges. They can be resource-
intensive, requiring specialized expertise in mathematical modeling and formal logic. The use of formal methods can
also be perceived as time-consuming and expensive, which may not be suitable for all software development projects.

viii. Tools and Languages: Various formal methods tools and languages exist, such as Z, B, SPIN, Alloy, and model
checkers like NuSMV. These tools help engineers apply formal methods in practice.
i.
ix. Hybrid Approaches: In some cases, a hybrid approach is used, combining formal methods with other
software development methodologies like agile or waterfall. This allows for a balance between formal
verification and more flexible development processes.

x. Industry Adoption: While formal methods have made inroads into safety-critical industries, broader
adoption in mainstream software development has been limited due to the perceived complexity and cost.
However, as tools and techniques improve, and as software systems become more critical and complex, the
use of formal methods may increase.
• In summary, formal methods play a crucial role in software development by providing a systematic and
mathematically rigorous approach to ensuring the correctness and reliability of software systems, particularly
in safety-critical and mission-critical applications. However, their adoption requires specialized knowledge
and resources, making the choice of using formal methods dependent on the specific needs and constraints of
a project.
Simultaneous development
and verification of correct
programs
• Simultaneous development and verification of correct programs is an
approach to software development that combines the process of writing
code with the process of verifying that the code is correct. This
approach is often referred to as "correct-by-construction" or "formal
methods.“
• The key idea behind this approach is to use formal methods and
mathematical techniques to specify the desired behavior of a program
and then verify that the implementation of the program meets these
specifications. This can help ensure that the program is correct from
the beginning, rather than relying on testing and debugging to catch
errors later in the development process.
• Here are some key aspects of simultaneous development and verification of correct programs:

1. Formal Methods: Formal methods involve the use of mathematical techniques and formal notations to
specify the behavior of a program precisely. This can include using formal logic, formal specification
languages, and mathematical proofs to describe the program's functionality.
2. Specifications: Developers begin by creating formal specifications that define the expected behavior of the
program. These specifications are often written in a formal specification language, such as Z, B, or TLA+.
3. Verification: Once the specifications are in place, developers use formal verification tools and methods to
check that the code implementation adheres to the specifications. This verification can include proving the
absence of certain classes of errors, such as runtime exceptions, deadlocks, or data races.
4. Refinement: The development process involves iterative refinement of the specifications and code.
Developers may refine the specifications and the code simultaneously to ensure that the implementation
aligns with the intended behavior.
5. Automation: Some aspects of formal verification can be automated, which can speed up the process and
make it more practical for larger software systems. Model checkers, theorem provers, and other formal
verification tools can assist in this regard.
6. Rigor: The emphasis on formal methods and verification brings rigor to the software development process,
increasing the likelihood of producing correct and reliable software.
• While simultaneous development and verification can be a powerful
approach for critical systems where correctness is paramount (e.g.,
aerospace, medical devices, or financial systems), it can also be time-
consuming and require specialized expertise. It is not always practical
or cost-effective for every software project. Developers often use a
combination of techniques, including testing, informal reviews, and
formal verification, depending on the project's requirements and
constraints
Program state, State predicate and
Program specification
• In formal methods and software engineering, "program state," "state
predicates," and "program specification" are key concepts used to
describe and analyze the behavior and correctness of software
programs.
• Program state, state predicates, and program specifications are
essential elements in formal methods and software engineering for
ensuring the correctness and reliability of software.
• State predicates help define what should hold true at various points
during program execution, and program specifications establish the
overall requirements and properties that the software should meet.
• By using these concepts, developers can reason about program
behavior and verify that their software meets the specified criteria.
• Let's explore each of these concepts:
1. Program State:
 Program state refers to the current snapshot or representation of a
software program at a specific point in its execution. It includes the
values of all variables, data structures, and other relevant
components that capture the program's runtime characteristics.

 The program state can change as the program executes, and

understanding these changes is crucial for analyzing program
behavior and correctness.

 In many formal methods, a program state is typically represented

as a set of variables and their associated values.
2. State Predicate:
 A state predicate, also known as a state assertion or a postcondition,
is a logical expression that describes the desired properties or
conditions of a program state at a particular point in the program's
execution.

 State predicates are used to specify what should be true after a

particular program statement or operation has executed. They help
define the expected or desired state after a specific action.

 State predicates are often written in formal specification languages,

such as Hoare logic, Dijkstra's weakest precondition calculus, or
temporal logic.
3. Program Specification:
 A program specification is a formal or semi-formal description of the
intended behavior of a software program. It includes both the
expected input-output relationships and the desired properties of the
program state.
 Specifications can encompass various aspects, such as functional
requirements, non-functional requirements (e.g., performance,
security), and safety properties.
 Program specifications serve as a contract between the software
developer and the users or stakeholders, providing a clear and
unambiguous description of what the program is supposed to achieve.
 Specifications are often written using formal specification languages,
and they can be used to generate test cases, perform formal
verification, and guide the development process.
 Establishing program correctness
• Establishing program correctness is the process of demonstrating that
a software program behaves as intended and meets its specified
requirements.
• It involves providing evidence that the program's execution will
produce the desired outcomes and that it will not exhibit unexpected
behavior.
• There are several techniques and approaches for establishing program
correctness, including:
1. Formal Methods:
 Formal methods involve using mathematical logic and formal
specification languages to define program behavior and verify its
correctness.
 Formal methods include techniques like Hoare logic, model checking,
and theorem proving to mathematically prove that a program meets its
specifications.

2. Pre- and Postconditions:

 In Hoare logic and similar approaches, developers specify preconditions
(what is true before a program starts) and postconditions (what should be
true after the program completes).
 Program correctness is established by demonstrating that, given valid
preconditions, the postconditions are satisfied upon program termination.
3. Testing:
 Testing is a practical approach to assess program correctness by
executing the program with various inputs and checking if it
produces the expected outputs.
 This approach focuses on finding defects or bugs in the program
but cannot guarantee the absence of all possible errors.
4. Static Analysis:
 Static analysis tools analyze the source code of a program without
executing it. These tools can detect potential issues and violations
of coding standards that may affect program correctness.
5. Code Reviews:
• Code reviews involve manual inspection of the program's source code by one
or more developers to identify potential issues and ensure it adheres to coding
standards and best practices.
6. Formal Verification:
 Formal verification is a rigorous process that uses mathematical
techniques to prove that a program adheres to its specification.
 This approach is often used for critical systems, such as in aerospace and
healthcare, where safety and correctness are of paramount importance.
7. Dynamic Analysis:
 Dynamic analysis tools monitor the program's behavior during execution
to detect runtime errors, such as memory leaks or null pointer
dereferences, which can affect correctness.

8. Model-Based Design:
 In model-based design, a high-level model of the software's behavior is
created, and the correctness of the software is established by ensuring
that the model accurately represents the desired behavior.
9. Formal Methods for Concurrency and Real-Time Systems:
 For systems with concurrency and real-time requirements,
specialized formal methods and tools, such as temporal logic, are
used to establish correctness and timing properties.
•Establishing program correctness often involves a combination of these
techniques. The choice of method depends on the nature of the software,
its requirements, and the level of rigor and assurance required. It's
important to note that while these techniques can significantly improve
program correctness, no method can guarantee complete absence of
errors, so a holistic approach to software development, including testing
and verification, is recommended for robust software.
Axioms/Deduction rules for proofs of
program
• In formal methods and program verification, axioms and deduction
rules are used to establish the semantics of programming languages
and to derive proofs about program behavior.

• These axioms and deduction rules provide a foundation for reasoning

about programs and proving their correctness.

• The choice of axioms and deduction rules depends on the specific

formal system or logic being used.
• An overview of some common axioms and deduction rules used in program
semantics include the following:

1. Axiomatic Semantics (Hoare Logic):

 In Hoare Logic, the primary axioms are the Hoare Triple, which has the form {P} C {Q},
where:
 P is the precondition (a statement about the initial state),
 C is a program or program statement, and
 Q is the postcondition (a statement about the final state).
 Axioms include:
 Assignment Axiom: {Q[x/e]} x := e {Q}, where [x/e] denotes substitution of e for x in Q.
 Composition Axiom: {P} C1;C2 {R}, where {P} C1 {Q} and {Q} C2 {R}.
 Conditional Axiom: {P && B} if (B) {C1} else {C2} {Q}.
2. Structural Operational Semantics:
 Structural operational semantics defines how program statements change the
program state. It often uses inference rules to specify transitions.
 Example rules:
 Assignment Rule: P[e/x] ⊢ x := e ⇒ P
 Sequence Rule: P ⊢ C1 ⇒ P' and P' ⊢ C2 ⇒ Q ⇒ P ⊢ C1;C2 ⇒ Q
3. Denotational Semantics:
 Denotational semantics assigns mathematical objects (such as functions) to
program components.
 Example rules:
 A function denotation for sequential composition: [[C1;C2]] = [[C1]] ∘ [[C2]]
4. Hoare Axioms:
 These axioms are used to reason about programming constructs.
For example:
 Assignment Axiom: {x = e} x := e {x = e}
 Consequence Axiom: {P} C {Q} ⇒ {P ∧ R} C {Q ∧ R}
5. Temporal Logic (for real-time and concurrent systems):
 Temporal logics, such as LTL (Linear Temporal Logic) and CTL
(Computation Tree Logic), provide axioms and rules to reason
about temporal properties.
 Example rules:
 LTL Next Rule: ◻(ϕ) ≡ ¬◻(¬ϕ)
 LTL Until Rule: ◇(ϕ U ψ) ≡ ψ ∨ (ϕ ∧ ◇(ϕ U ψ))
6. Dynamic Logic:
 Dynamic logic is used for reasoning about dynamic properties of
programs. It includes axioms and rules specific to dynamic modalities.
 Example rule:
 Modus Ponens: If {P} C {Q} and {P} C' {Q}, then {P} C;C' {Q}
•These are just a few examples of the axioms and deduction rules used in
program semantics. The choice of axioms and rules may vary depending on
the specific programming language, the formal method or logic being used,
and the properties being verified. Program semantics plays a crucial role in
formally specifying, analyzing, and verifying the behavior of software
programs
 Actual examples of program
development
• Program development involves the process of creating software applications to solve specific problems or
fulfill certain needs.
• Here are a few actual examples of program development:
1. Web Application Development:
 Web applications are programs that run on web servers and are accessed by users through web browsers.
Examples include e-commerce websites, social media platforms, and online banking applications.
 Technologies used: HTML, CSS, JavaScript, back-end languages like Python, Ruby, PHP, Java, and
frameworks such as React, Angular, or Django.
2. Mobile App Development:
 Mobile app development involves creating applications for smartphones and tablets. Examples include
mobile games, navigation apps, and productivity tools.
 Technologies used: Native development with languages like Swift (for iOS) or Java/Kotlin (for
Android), or cross-platform development with tools like React Native, Flutter, or Xamarin.
3. Desktop Application Development:
 Desktop applications are programs that run directly on a user's computer. Examples include text editors,
graphic design software, and office suites.
 Technologies used: C++, C#, Java, or frameworks like Electron for building cross-platform desktop
apps.
4. Game Development:
 Game development involves creating video games for various platforms, including PC, consoles,
and mobile devices. Examples include action games, simulations, and puzzle games.
 Technologies used: Game engines like Unity, Unreal Engine, or custom code with languages such
as C++ and C#.
5. Embedded Systems Development:
 Embedded systems development focuses on building software for small, specialized computer
systems used in devices like IoT devices, medical devices, and automotive control systems.
 Technologies used: C, C++, and specialized embedded programming languages.
6. Data Analysis and Machine Learning Development:
 Data analysis and machine learning programs are designed to process and analyze data, make
predictions, and gain insights from data. Examples include recommendation systems, natural
language processing applications, and data visualization tools.
 Technologies used: Python, R, and libraries like TensorFlow, PyTorch, and scikit-learn.
7. Scientific Computing and Simulation:
 Scientific computing programs are used for mathematical modeling, simulations, and solving complex
scientific and engineering problems. Examples include finite element analysis software and weather
prediction models.
 Technologies used: High-level programming languages like Python, MATLAB, and specialized
numerical libraries.
8. Embedded Control Systems:
 Embedded control systems are used in devices like industrial automation, robotics, and automotive
control. Examples include control systems for manufacturing equipment and self-driving car software.
 Technologies used: C/C++, real-time operating systems, and microcontroller programming.
9. Financial and Trading Software:
 Financial software includes applications for trading stocks, managing portfolios, and performing financial
analysis.
 Technologies used: Various programming languages like Java, C#, and specialized financial libraries and
APIs.
10. Artificial Intelligence and Natural Language Processing:
 AI and NLP programs focus on tasks like chatbots, language translation,
and speech recognition.
 Technologies used: Python, natural language processing libraries like
NLTK and spaCy, machine learning frameworks, and deep learning
libraries.
•These are just a few examples of program development. Depending on the
domain and the specific problem being addressed, developers use various
programming languages, frameworks, and tools to create software
applications that serve a wide range of purposes.