Downloaded 53 times
![Motivation
• Software projects fail [Barry Boehm, ICSE’06]
– 90% overrun on cost
– 121% overrun on schedule
– Delivers only 61%
• Finding and fixing bugs consume 50% of total
effort in software development](https://image.slidesharecdn.com/introductiontoformalmethods-161124160802/85/Introduction-to-formal-methods-4-320.jpg)
Uploaded byInzemamul Haque
Introduction to formal methods
The document introduces formal methods in software engineering, emphasizing their importance in reducing software project failures caused by improper specifications and design. It discusses techniques such as Alloy for modeling and model-checking to improve reliability, showcasing examples of constraints and properties to be verified. The document highlights that mathematical approaches can lead to more robust software development by addressing common defects and errors.
More Related Content
Similar to Introduction to formal methods
![Formal Methods: Whence and Whither? [Martin Fränzle Festkolloquium, 2025]](https://cdn.slidesharecdn.com/ss_thumbnails/mf2025-250305164811-a0930761-thumbnail.jpg?width=640&height=640&fit=bounds)
![20260201 [FOSDEM] gomodjail - library sandboxing for Go modules.pdf](https://cdn.slidesharecdn.com/ss_thumbnails/20260201fosdemgomodjail-librarysandboxingforgomodules-260201225659-76609ec4-thumbnail.jpg?width=640&height=640&fit=bounds)
![谷歌留痕技术教程[ 𝙩𝙤𝙥 𝟮𝟯𝟯. 𝙘 𝙤𝙢 ]](https://cdn.slidesharecdn.com/ss_thumbnails/top233-260130173900-2eb784f9-thumbnail.jpg?width=640&height=640&fit=bounds)
Introduction to formal methods
- 1. Introduction to FormalMethods in Software Engineering Inzemamul Haque 22 Nov 2016
- 2. Acknowledgement • Dr. K.V.Raghavan and Dr. Deepak D’Souza for the content from their course “Formal Methods in Software Engineering”
- 3. Outline • Motivation • Definition •Alloy • Model-checking
- 4. Motivation • Software projectsfail [Barry Boehm, ICSE’06] – 90% overrun on cost – 121% overrun on schedule – Delivers only 61% • Finding and fixing bugs consume 50% of total effort in software development
- 5. Causes of failure •User requirements not specified properly
- 6. Causes of failure •User requirements not specified properly • Design does not meet user requirements
- 7. Causes of failure •User requirements not specified properly • Design does not meet user requirements – More than 50% of all defects due to above two reasons
- 8. Causes of failure •User requirements not specified properly • Design does not meet user requirements – More than 50% of all defects due to above two reasons • Implementation errors – Low-level errors such as null-pointer dereference , array index out of bounds
- 9. Causes of failure •User requirements not specified properly • Design does not meet user requirements – More than 50% of all defects due to above two reasons • Implementation errors – Low-level errors such as null-pointer dereference , array index out of bounds – As software ages, size increases, hence complexity increases – Hence implementation errors increase with age
- 10. Causes of failure •User requirements not specified properly • Design does not meet user requirements – More than 50% of all defects due to above two reasons • Implementation errors – Low-level errors such as null-pointer dereference , array index out of bounds – As software ages, size increases, hence complexity increases – Hence implementation errors increase with age Using mathematical techniques can help
- 11. Formal methods -definition • Formal methods in software engineering are mathematical techniques employed in software development to make it more reliable and robust • Various tools based on these techniques have been developed
- 12. Alloy • Formal modellingof entities and associations using sets and relations • Modelling of constraints on the entities • Analyzing the consistency of the model and identifying the errors
- 13. Example – familyrelationships • Relationships between “Person” entity • Constraints: – Every person has two parents – Parents of any child are married – Cannot marry a sibling or a parent – Every person is married to at most one person – a married to b implies b is married to a – A man can only marry a woman and vice-versa
- 14. How Alloy works •An Alloy model M is interpreted as a conjunctive logical formula, fM • Constraints enforced by signatures as well as facts automatically become part of fM • An instance or solution to the model is – A finite universe U of atoms – An assignment of subsets of U to the different signatures – An assignment of relations to different relations such that it satisfies fM
- 15. Modelling notation tological formula • For example “no p: Person | some p.spouse & p.parents” becomes
- 17. Model-checking • Model-checking canbe used to check if an initial design satisfies certain properties • Given an abstract model like a state machine, and a specification of behaviour (typically in temporal logic), model checker tries to check whether model satisfies the property • If not provides a counter-example
- 18. Example “nocreate” - Oncea task has ended it is never created again. “nostarve” - Once a task is ready it eventually runs “stateseq“ - Each task follows specified state motion
- 19. Temporal logic • p:an atomic proposition • X p: property p holds starting in next state • F p: property p holds eventually in a future state • G p: property p holds at all future states • U(p,q): property q holds eventually and p holds till that time.
- 20. Model-checking • Property Pcan be expressed as LTL formula, F • Construct a “Buchi-automata”, A, for not F • Take “product” of A with transition system of the model, T • Look for accepting path in this product • If such a path exists, this is a counter-example to the claim that T satisfies the property P • If no such path exists, then T satisfies P
- 22.
- 23. Some model checkers •SAL – developed by Stanford Research Institute • SLAM – developed by Microsoft Research • BLAST – developed by University of California, Berkeley
- 24. VCC • Works onHoare Logic
Editor's Notes
- #13 Show demo after this slide