Lecture 3
Lecture 3
FACULTY:
DEPARTMENT: COMPUTER SCIENCE
PROGRAMME: B.Sc. (Hons) COMPUTER SCIENCE
Course
CSC 317: ; Course title: Formal Methods and Software
Development
Credit unit: 2; Course status: C
Lecturer’s Data
Name of Lecturer: Dr. D. R. Aremu
Qualifications Obtained: B. Sc. Maths., M. Sc. (Maths, Computer Science Option), Ph. D. (Computer
Science)
Department: Computer Science.
E-mail: [email protected] or [email protected]
Office Location:
Consultation Hours:
Introduction to Formal Methods and
Software Development
• In today's rapidly evolving technological landscape, the demand for reliable and robust software systems has
never been greater.
• Software underpins our daily lives, from the applications we use on our smartphones to the critical systems
that power industries, healthcare, and transportation.
• To meet these growing demands, it is essential to employ rigorous methods and techniques that ensure the
correctness, safety, and security of software systems.
• This course is your gateway to a deep understanding of formal methods, a powerful set of mathematical and
logical tools used to design, analyze, and verify software systems.
• We will explore how formal methods can enhance software development by providing systematic approaches
to specification, design, and verification, ultimately leading to more dependable and maintainable software.
• Whether you are a software engineer, a computer scientist, or a student looking to expand your knowledge
and skills, this course will equip you with the essential principles and techniques to tackle complex software
challenges with confidence and precision.
Formal Methods Concepts
•The term Formal Methods (FM) refers to the use of mathematical modelling, calculation and prediction in the
specification, design, analysis and assurance of computer systems and software.
•Formal verification works on the principle that a system described in a formal language can be analyzed and
manipulated according to mathematical principles. Two main approaches to hardware formal design verification
exist:
(i) theorem proving; and
(ii) model checking.
•A formal specification is a concise description of the behavior and properties of a system written in a
mathematically-based language, specifying what a system is supposed to do as abstractly as possible, thereby
eliminating distracting detail and providing a general description resistant to future system modifications.
• A formal proof is a complete and convincing argument for the validity of a statement about a system
description.
• A proof proceeds in a series of steps, each of which draws conclusions from a set of assumptions.
• Justification for each step is derived from a small set of rules which state what conclusions can be reasonably
drawn from assumptions.
• Such justification eliminates ambiguity and subjectivity from the argument. Formal proofs may be prepared
manually or, preferably, with the assistance of an automated FM tool.
• The following are some of the basic concepts you'll explore in this course:
• Formal Methods: An introduction to the overarching concept of formal methods, which are mathematical
and logical techniques used to specify, design, and verify software systems. These methods provide a precise
and unambiguous way to describe software behavior.
• Mathematical Logic: A fundamental understanding of mathematical logic, including propositional logic and
predicate logic, which serve as the basis for formal reasoning and specification.
• Formal Specification: The process of using formal languages to precisely define the requirements and
behavior of software systems. You'll learn how to write formal specifications that leave no room for
ambiguity.
• Model Checking: An exploration of model checking, a formal verification technique used to determine
whether a given system satisfies a specified set of properties or requirements. Model checking is especially
useful for finding errors in critical systems.
• Theorem Proving: The use of formal proof techniques to establish the correctness of software systems.
You'll learn how to create and verify mathematical proofs that demonstrate the correctness of software
designs and implementations.
• Abstraction: How to create abstract models of software systems that simplify complex behaviors, making
them more amenable to formal analysis. Abstraction is a key concept for managing the complexity of
software.
• Automata Theory: An overview of automata theory, which is essential for understanding the behavior of
finite-state machines and regular expressions, and their applications in software modeling and verification.
• Temporal Logic: Introduction to temporal logic, a specialized form of logic used to express and reason about
time-dependent properties of software systems, such as real-time and concurrent systems.
• Hoare Logic: Understanding Hoare logic, a formal system for reasoning about the correctness of computer
programs. You'll learn how to use preconditions and postconditions to prove program correctness.
• Tool Support: An exploration of tools and software platforms that facilitate the application of formal
methods in real-world software development. You'll gain practical experience using these tools to analyze
and verify software.
• Safety and Security: How formal methods are applied to ensure the safety and security of software systems,
particularly in critical domains like aerospace, healthcare, and autonomous vehicles.
• Case Studies: Real-world case studies and examples that demonstrate the practical use of formal methods in
various software development projects.
Benefits of Formal Methods
•The following are some of the benefits realizable from effective applications of FM:
• Formal Method help find defects; as evidence of this, when applied to high-quality software systems, FM have found defects that
went undetected during extensive testing [Miller2]. The inductive nature of testing ensures that complex systems will always have
scenarios which cannot be tested due to practical considerations.
• Formal specifications allow defects in requirements and designs to be detected earlier than they would be otherwise and greatly
reduce the incidence of mistakes in interpreting and implementing correct requirements and designs.
• Formalized statements can be analyzed and their consequences calculated in a repeatable manner. The risks of drawing conclusions
about a system's behavior by extrapolating from a finite number of tests often can be avoided by using proof methods based on
mathematics.
•Such methods allow large (potentially infinite) classes of test cases to be fully covered in a finite proof, and they support reasoning
that can be checked by colleagues or by machine, with minimal dependence on subjective reasoning.
• Use of Formal Method causes more defects to be detected than would otherwise be the case and in certain circumstances guarantees
the absence of certain defects.
Software Development
• Software development is the process of designing, creating, testing, and maintaining software applications,
systems, and programs.
• It involves a series of steps and activities that transform a concept or idea into a functional and operational
piece of software. The following are the key aspects and stages of software development:
i. Requirements Gathering: This is the initial phase, where the development team works with stakeholders to
gather and document the functional and non-functional requirements of the software. These requirements
outline what the software is expected to do and how it should perform.
ii. System Design: In this phase, the high-level architecture of the software is planned. It includes defining the
system's components, their interactions, data flow, and overall structure. Software architects and designers
play a crucial role in this stage.
iii. Detailed Design: Building on the system design, detailed design involves creating a more granular plan for
individual software components. It includes data structures, algorithms, and user interface design. This is a
critical phase for outlining how the software will be implemented.
iv. Implementation: During this phase, the actual coding and programming of the software take place.
Developers write the source code according to the design specifications. They may use various
programming languages and development tools to build the software.
v. Testing: Quality assurance is essential to ensure the software functions as expected and is free of defects. Testing involves various levels,
including unit testing (testing individual components), integration testing (testing interactions between components), and system testing
(testing the entire software system).
vi. Debugging and Refinement: If defects or issues are identified during testing, developers debug and fix the problems. The software is
refined to meet the specified requirements and achieve a level of quality and reliability.
vii. Deployment: Once the software is thoroughly tested and deemed ready for use, it is deployed to the target environment. This may involve
installing the software on users' machines, deploying it to servers, or making it available through app stores or websites
viii. Maintenance and Updates: Software maintenance is an ongoing process to ensure the software continues to operate correctly and
efficiently. This includes fixing bugs, making enhancements, and providing updates to meet changing user needs and address security
vulnerabilities.
ix. Documentation: Throughout the development process, documentation is created to describe the software's functionality, architecture, and
user instructions. This documentation is valuable for both development teams and end-users.
x. Version Control: Version control systems (e.g., Git) are used to track changes to the source code, enabling collaboration, managing
different versions of the software, and ensuring code stability.
xi. Project Management: Effective project management is essential to keep the development process on track.
Agile methodologies (e.g., Scrum) and traditional approaches (e.g., Waterfall) are commonly used to plan,
schedule, and monitor software development projects.
xii. Security Considerations: Ensuring the security of the software is crucial, as vulnerabilities can be exploited by
malicious actors. This involves secure coding practices, vulnerability assessments, and penetration testing.
xiii. User Interface (UI) and User Experience (UX) Design: The design of the user interface plays a significant role
in the usability and user satisfaction of the software. UX considerations focus on the overall user experience.
xiv. Performance Optimization: Depending on the software's intended use, performance optimization may be
necessary to ensure it runs efficiently and responds quickly to user interactions.
xv. Legal and Intellectual Property Considerations: Software developers need to be aware of copyright, licensing,
and intellectual property issues, especially when incorporating third-party components or open-source software.
Relationship between Formal
Methods and Software Development
• Formal methods involve rigorous specification, design, and verification of software, with a focus on
mathematical reasoning and formal proofs to establish that a program behaves as intended.
• The following are some key aspects of the relationship between formal methods and software development:
•
i. Specification: In formal methods, software requirements and system specifications are often expressed using
formal languages, which have precise syntax and semantics. This helps eliminate ambiguity and ensures a
clear and unambiguous understanding of the system's behavior.
ii. Design: Formal methods can be applied at the design stage to model the system's architecture, data
structures, and algorithms using formal notations. This allows for rigorous analysis of the design for
correctness and performance.
iii. Verification: Verification is a fundamental aspect of formal methods. It involves using formal mathematical
techniques to prove that a software system adheres to its specification and behaves correctly under all
conditions. Model checking, theorem proving, and static analysis are common verification techniques.
iv. Testing: Formal methods can complement testing by providing a mathematical basis for test case
generation. Test cases can be derived from formal specifications or models, ensuring comprehensive
coverage of the system's behavior.
v. Correctness: One of the primary goals of formal methods is to ensure the correctness of software. This includes
proving properties like safety (nothing bad happens) and liveness (something good eventually happens). Formal
methods can help detect and prevent defects early in the development process.
vi. Safety-Critical and Mission-Critical Systems: Formal methods are commonly used in the development of safety-
critical and mission-critical systems, such as avionics, medical devices, and nuclear power plants, where human lives
or significant resources are at stake. In these domains, the consequences of software failure can be severe, making
rigorous verification essential.
vii. Challenges: While formal methods offer significant benefits, they come with challenges. They can be resource-
intensive, requiring specialized expertise in mathematical modeling and formal logic. The use of formal methods can
also be perceived as time-consuming and expensive, which may not be suitable for all software development projects.
viii. Tools and Languages: Various formal methods tools and languages exist, such as Z, B, SPIN, Alloy, and model
checkers like NuSMV. These tools help engineers apply formal methods in practice.
i.
ix. Hybrid Approaches: In some cases, a hybrid approach is used, combining formal methods with other
software development methodologies like agile or waterfall. This allows for a balance between formal
verification and more flexible development processes.
x. Industry Adoption: While formal methods have made inroads into safety-critical industries, broader
adoption in mainstream software development has been limited due to the perceived complexity and cost.
However, as tools and techniques improve, and as software systems become more critical and complex, the
use of formal methods may increase.
• In summary, formal methods play a crucial role in software development by providing a systematic and
mathematically rigorous approach to ensuring the correctness and reliability of software systems, particularly
in safety-critical and mission-critical applications. However, their adoption requires specialized knowledge
and resources, making the choice of using formal methods dependent on the specific needs and constraints of
a project.
Simultaneous development
and verification of correct
programs
• Simultaneous development and verification of correct programs is an
approach to software development that combines the process of writing
code with the process of verifying that the code is correct. This
approach is often referred to as "correct-by-construction" or "formal
methods.“
• The key idea behind this approach is to use formal methods and
mathematical techniques to specify the desired behavior of a program
and then verify that the implementation of the program meets these
specifications. This can help ensure that the program is correct from
the beginning, rather than relying on testing and debugging to catch
errors later in the development process.
• Here are some key aspects of simultaneous development and verification of correct programs:
1. Formal Methods: Formal methods involve the use of mathematical techniques and formal notations to
specify the behavior of a program precisely. This can include using formal logic, formal specification
languages, and mathematical proofs to describe the program's functionality.
2. Specifications: Developers begin by creating formal specifications that define the expected behavior of the
program. These specifications are often written in a formal specification language, such as Z, B, or TLA+.
3. Verification: Once the specifications are in place, developers use formal verification tools and methods to
check that the code implementation adheres to the specifications. This verification can include proving the
absence of certain classes of errors, such as runtime exceptions, deadlocks, or data races.
4. Refinement: The development process involves iterative refinement of the specifications and code.
Developers may refine the specifications and the code simultaneously to ensure that the implementation
aligns with the intended behavior.
5. Automation: Some aspects of formal verification can be automated, which can speed up the process and
make it more practical for larger software systems. Model checkers, theorem provers, and other formal
verification tools can assist in this regard.
6. Rigor: The emphasis on formal methods and verification brings rigor to the software development process,
increasing the likelihood of producing correct and reliable software.
• While simultaneous development and verification can be a powerful
approach for critical systems where correctness is paramount (e.g.,
aerospace, medical devices, or financial systems), it can also be time-
consuming and require specialized expertise. It is not always practical
or cost-effective for every software project. Developers often use a
combination of techniques, including testing, informal reviews, and
formal verification, depending on the project's requirements and
constraints
Program state, State predicate and
Program specification
• In formal methods and software engineering, "program state," "state
predicates," and "program specification" are key concepts used to
describe and analyze the behavior and correctness of software
programs.
• Program state, state predicates, and program specifications are
essential elements in formal methods and software engineering for
ensuring the correctness and reliability of software.
• State predicates help define what should hold true at various points
during program execution, and program specifications establish the
overall requirements and properties that the software should meet.
• By using these concepts, developers can reason about program
behavior and verify that their software meets the specified criteria.
• Let's explore each of these concepts:
1. Program State:
Program state refers to the current snapshot or representation of a
software program at a specific point in its execution. It includes the
values of all variables, data structures, and other relevant
components that capture the program's runtime characteristics.
8. Model-Based Design:
In model-based design, a high-level model of the software's behavior is
created, and the correctness of the software is established by ensuring
that the model accurately represents the desired behavior.
9. Formal Methods for Concurrency and Real-Time Systems:
For systems with concurrency and real-time requirements,
specialized formal methods and tools, such as temporal logic, are
used to establish correctness and timing properties.
•Establishing program correctness often involves a combination of these
techniques. The choice of method depends on the nature of the software,
its requirements, and the level of rigor and assurance required. It's
important to note that while these techniques can significantly improve
program correctness, no method can guarantee complete absence of
errors, so a holistic approach to software development, including testing
and verification, is recommended for robust software.
Axioms/Deduction rules for proofs of
program
• In formal methods and program verification, axioms and deduction
rules are used to establish the semantics of programming languages
and to derive proofs about program behavior.