formal methods – introduction for software engineering
Part of formal class notes of the module "Formal Methods"
designed for software engineering students of BSc. level.
#2 formal methods-principles of logic.
These slides are part of a formal class notes prepared for the module "Formal Methods" taught for the students of Software engineering.
#2 formal methods-principles of logic.
These slides are part of a formal class notes prepared for the module "Formal Methods" taught for the students of Software engineering.
This lecture provide a review of requirement engineering process. The slides have been prepared after reading Ian Summerville and Roger Pressman work. This lecture is helpful to understand user, and user requirements.
This ppt covers the following
A strategic approach to testing
Test strategies for conventional software
Test strategies for object-oriented software
Validation testing
System testing
The art of debugging
The quality of software systems may be expressed as a collection of Software Quality Attributes. When the system requirements are defined, it is essential also to define what is expected regarding these quality attributes, since these expectations will guide the planning of the system architecture and design.
Software quality attributes may be classified into two main categories: static and dynamic. Static quality attributes are the ones that reflect the system’s structure and organization. Examples of static attributes are coupling, cohesion, complexity, maintainability and extensibility. Dynamic attributes are the ones that reflect the behavior of the system during its execution. Examples of dynamic attributes are memory usage, latency, throughput, scalability, robustness and fault-tolerance.
Following the definitions of expectations regarding the quality attributes, it is essential to devise ways to measure them and verify that the implemented system satisfies the requirements. Some static attributes may be measured through static code analysis tools, while others require effective design and code reviews. The measuring and verification of dynamic attributes requires the usage of special non-functional testing tools such as profilers and simulators.
In this talk I will discuss the main Software Quality attributes, both static and dynamic, examples of requirements, and practical guidelines on how to measure and verify these attributes.
Software development process models
Rapid Application Development (RAD) Model
Evolutionary Process Models
Spiral Model
THE FORMAL METHODS MODEL
Specialized Process Models
The Concurrent Development Model
This lecture provide a review of requirement engineering process. The slides have been prepared after reading Ian Summerville and Roger Pressman work. This lecture is helpful to understand user, and user requirements.
This ppt covers the following
A strategic approach to testing
Test strategies for conventional software
Test strategies for object-oriented software
Validation testing
System testing
The art of debugging
The quality of software systems may be expressed as a collection of Software Quality Attributes. When the system requirements are defined, it is essential also to define what is expected regarding these quality attributes, since these expectations will guide the planning of the system architecture and design.
Software quality attributes may be classified into two main categories: static and dynamic. Static quality attributes are the ones that reflect the system’s structure and organization. Examples of static attributes are coupling, cohesion, complexity, maintainability and extensibility. Dynamic attributes are the ones that reflect the behavior of the system during its execution. Examples of dynamic attributes are memory usage, latency, throughput, scalability, robustness and fault-tolerance.
Following the definitions of expectations regarding the quality attributes, it is essential to devise ways to measure them and verify that the implemented system satisfies the requirements. Some static attributes may be measured through static code analysis tools, while others require effective design and code reviews. The measuring and verification of dynamic attributes requires the usage of special non-functional testing tools such as profilers and simulators.
In this talk I will discuss the main Software Quality attributes, both static and dynamic, examples of requirements, and practical guidelines on how to measure and verify these attributes.
Software development process models
Rapid Application Development (RAD) Model
Evolutionary Process Models
Spiral Model
THE FORMAL METHODS MODEL
Specialized Process Models
The Concurrent Development Model
FROM PLM TO ERP : A SOFTWARE SYSTEMS ENGINEERING INTEGRATIONijseajournal
The present paper on three related issues and their integration Product lifecycle management , Enterprise Planning resources and Manufacturing execution systems. Our work is how to integrate all these in a unified systems engineering framework. As most company about two third claim to have integrate ERP to PLM, ; we still observe some related problems as also mentioned by Aberdeen group. In actual global data sharing, we have some options to also integrate systems best practices towards such objective. Such critical study come with solution by reverse engineering, revisiting requirement engineering steps and propose a validation and verification for the success factors of such integration.
Next generation software testing trendsArun Kulkarni
Over 2/3rd of software development projects using agile method to deliver software quickly. As software releases become more frequent, testing processes have to keep pace and adopt continuous QA.
Foundations of Software Testing Lecture 4Iosif Itkin
This lecture is a part of the online course on Software Testing for Complex Intelligent Systems and Autonomous Vehicles. The course lectures provide the theoretical basics of testing autonomous systems based on artificial intelligence.
The fourth lecture of the course entitled Foundations of Software Testing reviews the ‘absence-of-errors fallacy’ and other principles of software testing, as well as the types and levels of software testing. The lecture also provides a fuller picture of the understanding of test objectives and methodologies by different schools of thought within the software testing domain.
Describe the process of coding, testing, and converting an organizational information system and outline the deliverables and outcomes of the process.
Prepare a test plan for an information system.
Apply four installation strategies: direct, parallel, single-location, and phased installation.
List the deliverables for documenting the system and for training and supporting users.
Distinguish between system and user documentation and determine which types of documentation are necessary for a given information system.
Compare the many modes available for organizational information system training, including self-training and electronic performance support systems.
Discuss the issues of providing support for end-users.
Explain why system implementation sometimes fails.
Describe the threats to system security and remedies that can be applied.
Show how traditional implementation issues apply to electronic commerce applications.
Reliable software in a continuous integration/continuous deployment (CI/CD) e...Ann Marie Neufelder
When the Waterfall software development model was first published it was not the intent to have multi-year development cycles. However, once this very bad practice became institutionalized it was difficult to change. The Agile Manifesto helped to change that only to result in convenient myths about continuous integration/continuous development. Contrary to popular belief having better and more reliable software is one of the key goals of CI/CD. The shorter cycles, daily reviews and code a little test a little approach has been correlated to more reliable software for decades. While CI/CD does minimize the risk of the long development cycles, it doesn't mitigate every risk. For example, it won't fix software engineers who don't understand the industry or product. It won't fix an insufficient level of rigor in testing. It won't fix designing/testing for success while ignoring designing/testing for failure. The primary purpose of CI/CD was to have data so that future sprints/releases could be more successful. Yet many software organizations fail to collect, analyze or learn from the previous sprints. Engineering leaders often have unrealistic expectations that Agile fixes everything. Even the best CI/CD environments can still experience failure from overlooking one key risk or overlooking one key failure mode.
The New Categories of Software Defects in the Era of AI and ML - DevOps NextPerfecto by Perforce
When AI and ML are tested alongside traditional features of an app, the defects are of a different nature. AI/ML creates a new set of defect classification that will invade the DevOps space, and this session addresses these new and modern types of defects, including data-related, stochastic, and interpretability defects.
Safalta Digital marketing institute in Noida, provide complete applications that encompass a huge range of virtual advertising and marketing additives, which includes search engine optimization, virtual communication advertising, pay-per-click on marketing, content material advertising, internet analytics, and greater. These university courses are designed for students who possess a comprehensive understanding of virtual marketing strategies and attributes.Safalta Digital Marketing Institute in Noida is a first choice for young individuals or students who are looking to start their careers in the field of digital advertising. The institute gives specialized courses designed and certification.
for beginners, providing thorough training in areas such as SEO, digital communication marketing, and PPC training in Noida. After finishing the program, students receive the certifications recognised by top different universitie, setting a strong foundation for a successful career in digital marketing.
June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...Levi Shapiro
Letter from the Congress of the United States regarding Anti-Semitism sent June 3rd to MIT President Sally Kornbluth, MIT Corp Chair, Mark Gorenberg
Dear Dr. Kornbluth and Mr. Gorenberg,
The US House of Representatives is deeply concerned by ongoing and pervasive acts of antisemitic
harassment and intimidation at the Massachusetts Institute of Technology (MIT). Failing to act decisively to ensure a safe learning environment for all students would be a grave dereliction of your responsibilities as President of MIT and Chair of the MIT Corporation.
This Congress will not stand idly by and allow an environment hostile to Jewish students to persist. The House believes that your institution is in violation of Title VI of the Civil Rights Act, and the inability or
unwillingness to rectify this violation through action requires accountability.
Postsecondary education is a unique opportunity for students to learn and have their ideas and beliefs challenged. However, universities receiving hundreds of millions of federal funds annually have denied
students that opportunity and have been hijacked to become venues for the promotion of terrorism, antisemitic harassment and intimidation, unlawful encampments, and in some cases, assaults and riots.
The House of Representatives will not countenance the use of federal funds to indoctrinate students into hateful, antisemitic, anti-American supporters of terrorism. Investigations into campus antisemitism by the Committee on Education and the Workforce and the Committee on Ways and Means have been expanded into a Congress-wide probe across all relevant jurisdictions to address this national crisis. The undersigned Committees will conduct oversight into the use of federal funds at MIT and its learning environment under authorities granted to each Committee.
• The Committee on Education and the Workforce has been investigating your institution since December 7, 2023. The Committee has broad jurisdiction over postsecondary education, including its compliance with Title VI of the Civil Rights Act, campus safety concerns over disruptions to the learning environment, and the awarding of federal student aid under the Higher Education Act.
• The Committee on Oversight and Accountability is investigating the sources of funding and other support flowing to groups espousing pro-Hamas propaganda and engaged in antisemitic harassment and intimidation of students. The Committee on Oversight and Accountability is the principal oversight committee of the US House of Representatives and has broad authority to investigate “any matter” at “any time” under House Rule X.
• The Committee on Ways and Means has been investigating several universities since November 15, 2023, when the Committee held a hearing entitled From Ivory Towers to Dark Corners: Investigating the Nexus Between Antisemitism, Tax-Exempt Universities, and Terror Financing. The Committee followed the hearing with letters to those institutions on January 10, 202
Acetabularia Information For Class 9 .docxvaibhavrinwa19
Acetabularia acetabulum is a single-celled green alga that in its vegetative state is morphologically differentiated into a basal rhizoid and an axially elongated stalk, which bears whorls of branching hairs. The single diploid nucleus resides in the rhizoid.
The French Revolution, which began in 1789, was a period of radical social and political upheaval in France. It marked the decline of absolute monarchies, the rise of secular and democratic republics, and the eventual rise of Napoleon Bonaparte. This revolutionary period is crucial in understanding the transition from feudalism to modernity in Europe.
For more information, visit-www.vavaclasses.com
Macroeconomics- Movie Location
This will be used as part of your Personal Professional Portfolio once graded.
Objective:
Prepare a presentation or a paper using research, basic comparative analysis, data organization and application of economic information. You will make an informed assessment of an economic climate outside of the United States to accomplish an entertainment industry objective.
Synthetic Fiber Construction in lab .pptxPavel ( NSTU)
Synthetic fiber production is a fascinating and complex field that blends chemistry, engineering, and environmental science. By understanding these aspects, students can gain a comprehensive view of synthetic fiber production, its impact on society and the environment, and the potential for future innovations. Synthetic fibers play a crucial role in modern society, impacting various aspects of daily life, industry, and the environment. ynthetic fibers are integral to modern life, offering a range of benefits from cost-effectiveness and versatility to innovative applications and performance characteristics. While they pose environmental challenges, ongoing research and development aim to create more sustainable and eco-friendly alternatives. Understanding the importance of synthetic fibers helps in appreciating their role in the economy, industry, and daily life, while also emphasizing the need for sustainable practices and innovation.
A Strategic Approach: GenAI in EducationPeter Windle
Artificial Intelligence (AI) technologies such as Generative AI, Image Generators and Large Language Models have had a dramatic impact on teaching, learning and assessment over the past 18 months. The most immediate threat AI posed was to Academic Integrity with Higher Education Institutes (HEIs) focusing their efforts on combating the use of GenAI in assessment. Guidelines were developed for staff and students, policies put in place too. Innovative educators have forged paths in the use of Generative AI for teaching, learning and assessments leading to pockets of transformation springing up across HEIs, often with little or no top-down guidance, support or direction.
This Gasta posits a strategic approach to integrating AI into HEIs to prepare staff, students and the curriculum for an evolving world and workplace. We will highlight the advantages of working with these technologies beyond the realm of teaching, learning and assessment by considering prompt engineering skills, industry impact, curriculum changes, and the need for staff upskilling. In contrast, not engaging strategically with Generative AI poses risks, including falling behind peers, missed opportunities and failing to ensure our graduates remain employable. The rapid evolution of AI technologies necessitates a proactive and strategic approach if we are to remain relevant.
Honest Reviews of Tim Han LMA Course Program.pptxtimhan337
Personal development courses are widely available today, with each one promising life-changing outcomes. Tim Han’s Life Mastery Achievers (LMA) Course has drawn a lot of interest. In addition to offering my frank assessment of Success Insider’s LMA Course, this piece examines the course’s effects via a variety of Tim Han LMA course reviews and Success Insider comments.
Unit 8 - Information and Communication Technology (Paper I).pdfThiyagu K
This slides describes the basic concepts of ICT, basics of Email, Emerging Technology and Digital Initiatives in Education. This presentations aligns with the UGC Paper I syllabus.
4. Preparedby:SharifOmarSalem–ssalemg@gmail.com
A more mathematical approach is inevitable.
Professional software development—not the everyday
brand practiced by the public at large—will become
more like a true engineering discipline, applying
mathematical techniques.
I don't know how long this evolution will take, but it will
happen. The basic theory is there, but much work
remains to make it widely applicable.
(Bertrand Meyer, a pioneer of object technology)
3
5. Preparedby:SharifOmarSalem–ssalemg@gmail.com
Software engineers want to be real engineers. Real
engineers use mathematics.
Formal methods are the mathematics of software
engineering. Therefore, software engineers should
use formal methods.
(Mike Holloway, NASA)
4
6. Preparedby:SharifOmarSalem–ssalemg@gmail.com
How to ensure that S is not ambiguous so that it can be correctly
understood by all the people involved?
How can S be effectively used for inspecting and testing P?
How can software tools effectively support the analysis of S,
transformation from S to P, and verification of P against S?
S P
Construct
Specification Program
What to do How to do it
5
9. Preparedby:SharifOmarSalem–ssalemg@gmail.com
Simulation
Means constructing a model of an existing system to be studied or a
system to be built and then executing actions allowed in this model.
The model can be:
a physical entity (e.g., scale clay model) or
a computer representation.
Testing
Is a technique for detecting errors or problems in implemented
software, hardware, or non-computer systems.
It consists of executing or operating the system to be tested using a
finite set of inputs and then checking to see if the corresponding
outputs or behavior are correct with respect to the specifications.
8
10. Preparedby:SharifOmarSalem–ssalemg@gmail.com
Verification
Is the procedure of confirming that software meets its requirement.
In other words it means checking the software with admiration to
the specification.
Real time monitoring
Apply your final software in a real world input data.
( like beta release software)
9
11. Preparedby:SharifOmarSalem–ssalemg@gmail.com
• Multiple definitions
Foundation for organized and careful method of thinking that
characterizes reasoned activity.
The study of reasoning : specifically concerned with whether
something is correct or false.
Formal logic focuses on the relationship between statements as
opposed to the content of any particular statement.
10
12. Preparedby:SharifOmarSalem–ssalemg@gmail.com
Either it’s the fuel filter or it’s the fuel pump.
It’s not the fuel filter.
It’s the fuel pump.
Example 1: Imagine you’re a mechanic and you know
that either the fuel filter is clogged or the fuel pump
is defective. But you just replaced the fuel filter. So
you know the problem must be with the fuel pump.
11
13. Preparedby:SharifOmarSalem–ssalemg@gmail.com
Major goal of software engineers
Develop reliable systems………..how?
Formal Methods
Mathematical languages, techniques and tools
Used to specify and verify systems
Goal: Help engineers construct more reliable systems
A mean to examine the entire state space of a design (whether
hardware or software)
Establish a correctness or safety property that is true for all possible
inputs
12
14. Preparedby:SharifOmarSalem–ssalemg@gmail.com
Formal methods are mathematical techniques for developing
computer-based software and hardware systems.
In computer science and software engineering, formal methods are
a particular kind of mathematically-based techniques for the
specification, development and verification of software and
hardware systems.
13
16. Preparedby:SharifOmarSalem–ssalemg@gmail.com
Past years of the formal methods
Obscure notation
Non-scalable techniques
Inadequate tool support
Hard to use tools
Very few case studies
Not convincing for practitioners
Nowadays
Trying to find more rigorous notations
Model checking and theorem proving complement simulation in
Hardware industry
More industrial sized case studies
Researchers try to gaining benefits of using formal methods
…
15
17. Preparedby:SharifOmarSalem–ssalemg@gmail.com
Formal methods can be applied at various points through the
development process
Specification
Verification
Specification: Give a description of the system to be developed, and
its properties
Verification: Prove or disprove the correctness of a system with
respect to the formal specification or property
16
18. Preparedby:SharifOmarSalem–ssalemg@gmail.com
The use of formal methods can contribute to the reliability and
robustness of a design.
However, the high cost of using formal methods means that they are
usually only used in the development of high-integrity systems,
where safety or security is of utmost importance.
Transport, communications, health and energy are all representative
examples of critical system where errors is not permitted.
A classic approach to ensuring the adequacy of a software system
is testing or simulation.
But most of commercial system have a bug report with every release.
To mention some data, in 2002 the North-American Institute for
Standards and Technologies estimated the cost of bugs in the
American economy to ascend to 59 billion dollars.
17
19. Preparedby:SharifOmarSalem–ssalemg@gmail.com
In 1994 an error was discovered in the implementation
of division operations by Pentium processors. Even
though millions of processors had by then been sold,
Intel was forced to exchange (free of charge) all the
units produced .
Beyond the financial impact, the media emphasized
the loss of confidence shown by Intel users (i.e. the
computer manufacturing industry) that had a much
broader and dramatic effect to the company.
18
20. Preparedby:SharifOmarSalem–ssalemg@gmail.com
It is very important to note that formal verification does not obviate
the need for testing and other assertion techniques.
Formal verification cannot fix bad assumptions in the design, but it
can help identify errors in reasoning which would otherwise be left
unverified.
In several cases, engineers have reported finding flaws in systems
once they reviewed their designs formally .
So, Formal Verification if used, it will be used as an additional tools
for assertions and not as a replacement tool.
19
21. Preparedby:SharifOmarSalem–ssalemg@gmail.com
The CICS project
CICS: Customer Information Control System
The on-line transaction processing system of choice for large IBM
installations
In the 1980s Oxford Univ. and IBM Hursley Labs formalized parts of
CICS with Z
There was an overall improvement in the quality of the product
It is estimated that it reduced 9% of the total development cost
This work won the Queen’s Award for Technological
The highest honor that can be bestowed on a UK company.
20
22. Preparedby:SharifOmarSalem–ssalemg@gmail.com
Intel uses formal verification quite extensively
Verification of Intel Pentium 4 floating-point unit with a mixture of STE
and theorem proving
Verification of bus protocols using pure temporal logic model checking
Verification of microcode and software for many Intel Itanium floating-
point operations, using pure theorem proving
FV found many high-quality bugs in P4 and verified “20%” of design
FV is now standard practice in the floating-point domain
21
23. Preparedby:SharifOmarSalem–ssalemg@gmail.com
Small Aircraft Transportation System (SATS)
Use of a software system that will sequence aircraft into the SATS
airspace in the absence of an airport controller
There are serious safety issues associated with these software
systems and their underlying key algorithms
22
24. Preparedby:SharifOmarSalem–ssalemg@gmail.com
The criticality of such software systems necessitates that strong
guarantees of the safety be developed for them
Under the SATS program NASA Langley researchers are currently
investigating rigorous verification of these software system using
formal methods
Modeling and Verification of Air Traffic
Conflict Detection and Alerting
…
23
25. Preparedby:SharifOmarSalem–ssalemg@gmail.com
Using a language with a mathematically defined syntax and
semantics
System properties
Functional behavior
Timing behavior
Performance characteristics
Internal structure
24
26. Preparedby:SharifOmarSalem–ssalemg@gmail.com
Specification has been most successful for behavioral properties
A trend is to integrate different specification languages
Each enable to handle a different aspect of a system
Some other non-behavioral aspects of a system
Performance
Real-time constraints
Security policies
Architectural design
25
27. Preparedby:SharifOmarSalem–ssalemg@gmail.com
Formal methods for specification of the sequential systems
Z (Spivey 1988)
Constructive Z (Mirian 1997)
VDM (Jones 1986)
Larch (Guttag & Horning 1993)
States are described in rich math structures (set, relation, function)
Transition are described in terms of pre- and post- conditions
26
28. Preparedby:SharifOmarSalem–ssalemg@gmail.com
Formal methods for specification of the concurrent systems
CSP (Hoare 1985)
CCS (Milner 1980)
Statecharts (Harel 1987)
Temporal Logic (Pnueli 1981)
I/O Automata (Lynch and Tuttle 1987)
States range over simple domains, like integers
Behavior is defined in terms of sequences, trees, partial orders of
events
27
29. Preparedby:SharifOmarSalem–ssalemg@gmail.com
Two well established approaches to verification
Model Checking
Theorem Proving
Model checking
Build a finite model of system and perform an exhaustive search
Theorem Proving
Mechanization of a logical proof
28
30. Preparedby:SharifOmarSalem–ssalemg@gmail.com
Both the system and its desired properties are expressed in some
mathematical logic
Theorem proving is the process of finding a proof from the axioms
of the system
It can be roughly classified
Highly automated programs
Interactive systems with special purpose capabilities
In contrast to model checking, it can deal with infinite space
Relies on techniques like reduction.
29
31. Preparedby:SharifOmarSalem–ssalemg@gmail.com
Transition System
(Automaton, Kripke structure)
System Description
(VERILOG, VHDL, SMV)
Informal
Specification
Temporal Logic Formula
(CTL, LTL, etc.)
Build a mathematical graphical model of the system:
what are possible behaviors?
Write correctness requirement in a specification language:
what are desirable behaviors?
Analysis: (Automatically) check that model satisfies specification
Analysis is performed by an algorithm (tool)
Analysis gives counterexamples for debugging
30
33. Preparedby:SharifOmarSalem–ssalemg@gmail.com
Imperative programming
is a programming paradigm that describes computation in terms of
statements that change a program state.
Imperative programs define sequences of commands for the computer
to perform. It define how to achieve the system goals.
The focus is on How (what steps) the computer should take rather
than what the computer will do
(ex. C, C++, Java).
Object Oriented Languages counted as advanced leases from the
original languages.
32
34. Preparedby:SharifOmarSalem–ssalemg@gmail.com
Declarative programming
is a programming paradigm that expresses the logic of a computation
without describing its control flow.
It attempts to minimize or eliminate side effects by describing what the
program should accomplish, rather than describing how to go about
accomplishing it.
The focus is on what the computer should do rather than how it
should do it
(ex. SQL, ProLog, Z notation).
33
35. Preparedby:SharifOmarSalem–ssalemg@gmail.com
Functional programming
is a programming paradigm that treats computation as the evaluation
of mathematical functions and avoids state and mutable data.
It emphasizes the application of functions.
Functional programming has its roots in the lambda calculus.
It is a subset of declarative languages that has heavy focus on
recursion.
(ex. Lisp, Schema, Haskell).
34
36. Preparedby:SharifOmarSalem–ssalemg@gmail.com
The following is a sample of some tools and notations using Formal
Methods techniques . Keep in mind that there is many other tools.
Z Notation: the formal specification notation Z (pronounced "zed"),
useful for describing computer-based systems, is based on Zermelo-
Fraenkel set theory and first order predicate logic.
Alloy Analyzer: an object modeling notation that is compatible with
development approaches such as UML, and Catalysis, strongly
influenced by the Z specification language.
35
37. Preparedby:SharifOmarSalem–ssalemg@gmail.com
VCC: Microsoft Research - VCC is a mechanical verifier for concurrent
C programs. VCC takes a C program, annotated with function
specifications, data invariants, loop invariants, and ghost code, and
tries to prove these annotations correct. If it succeeds, VCC promises
that your program actually meets its specifications.
JML (Java Modeling Language): a behavioral interface specification
language for Java.
ESC/Java2 Extended Static Checker for Java tool, using program
verification technology. It attempts to find common run-time errors in
JML-annotated Java programs by static analysis of the program code
and its formal annotations
36