Scribd
Upload
1 views

03 - FM Chapter 1. Critical Software

This includes chapter 1 of formal methods for software engineering students

Uploaded by

hamza0011008899
Copyright
© © All Rights Reserved
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
1 views

03 - FM Chapter 1. Critical Software

This includes chapter 1 of formal methods for software engineering students

Uploaded by

hamza0011008899
Copyright
© © All Rights Reserved
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 13

Formal Methods in SE

Chapter 1
High Integrity Software Development
High Integrity Software
Development
Software systems with higher expectations
of correctness
Today, software is pervasive. Assume the
cost of software failure:
 Word Processor
 Software controlling the brakes on your car
 Signaling systems on railway network
What is a critical Software?
 A concept closely related to that of high integrity software is that
of critical software.
 The term critical software applies to software that creates
dangers when it fails.
 Critical software can further be categorized depending upon the
types of danger imposed by failure.
 For example, failure of business critical software could
adversely affect the economic success of an enterprise; examples
include the software used to control a bank’s ATM transactions
and software aimed at providing security for sensitive information.
 Failure in mission critical software, on the other hand, could
impair the goal of the given mission. Examples here include such
applications as satellite and rocket launch systems.
 Finally, failure of safety critical software could result in harm to
people, property or the environment. Examples include medical
control software and air traffic control software.
There can be degrees of danger posed by
software failure, so that some software is of
higher integrity than other software; that is,
a higher degree of confidence is required in
its correctness than is the case for other
software.
The importance of
specifications
 When we say that a piece of software contains an ‘error’ we mean it does
not behave as expected. There could be two reasons for this:
either the software does not conform to its specification or
there are errors or omissions in the original specification.
 There are several limitations to using testing as the sole approach to
software error detection:
1. Testing cannot take place until some implementation is available, so
correcting errors uncovered by testing could involve retracing many steps
and undoing work previously done. The earlier the error occurred the more
work this involves. If testing is the only approach to error detection then
errors in the specification involve the greatest amount of work to rectify.
2. Testing can only help to uncover errors – it cannot guarantee the absence
of them. Since, for any application, it is impossible to test every set of
input values, residual errors will always have to be accepted.
3. Testing is always carried out with respect to requirements as laid down in
the specification. If the specification document is in any way ambiguous it
is open to interpretation, and hence misinterpretation, making testing a
rather inexact science.
• Diagrams and natural language descriptions, such as this, have the
advantage that they are easy to follow by non-computing experts and
so provide a good medium for discussions with clients.
• Unfortunately, natural language and diagrams do not have a fixed
meaning from one person to the next and so are open to many
different interpretations. We say these notations do not have a fixed
semantics.
•Problems in above example are:
•Ambiguity
•Incompleteness
•Inconsistency
 To overcome these difficulties it is desirable to use a
specification notation with a fixed, unambiguous semantics.
 Notations that have a fixed semantics are known as formal
notations, or formal languages.
 A fixed semantics is achieved by defining a language
in a completely unambiguous way using a mathematical
framework.
 Ideally a specification should describe what the system is to
do without saying how to do it. That is, a specification should
be as abstract (not cluttered by implementation
details) as possible.
 The language of mathematics is perfectly suited for this
task as it allows a far more abstract description of the system
to be captured using simple mathematical concepts such as
sets, relations and functions.
Formal Methods
 Formal methods constitute a branch of
software engineering that incorporates
the use of mathematics for software
development.
 A formal method provides a formal language in
which to express the initial specification and all
future design steps towards the final program.
 These design steps are often referred to as
transformations
Advantages of Formal
Methods
The use of formal methods offers many advantages:
● Formal specifications can help considerably in generating
suitable test cases.
● The discipline required in producing a formal specification of
user requirements and the ability to analyze a specification
(which only arises if the specification language has a well-
defined semantics) allows for feedback on system
specifications at early development stages, increasing
confidence that the specification accurately captures the
real system requirements.
● Important properties (such as internal consistency) of the
initial specification can be checked mathematically and
incorporated as run-time checks in the final program.
● Proofs can help uncover design errors as soon as they are
made, rather than having to wait for testing of the final
implementation.
Classifying Formal methods

Of those model-based methods used to develop the sequential


systems listed, VDM
(the Vienna Development Method) is the most mature, having been
developed in the
late 1970s.
The method also has a comprehensive set of tools supporting it.
Since it is one of the longest established formal methods
it also has the longest history of use in industry. Of the others, both
Z (pronounced
Zed) and B are now well established with well-documented
industrial experience.
All share a strong similarity with VDM.

You might also like