Formal Methods
Formal Methods
Formal methods used in developing computer systems are mathematically based techniques for describing system properties. Such formal methods provide frameworks within which people can specify, develop, and verify systems in a systematic, rather than ad hoc, manner. A method is formal if it has a sound mathematical basis, typically given by a formal specification language.
This basis provides the means of precisely defining notions like consistency and completeness and, more relevantly, specification, implementation, and correctness (Goldberg, 1996). It provides the means of proving that a specification is realizable, proving that a system has been implemented correctly, and proving properties of a system without necessarily running it to determine its behavior. A formal method also addresses a number of pragmatic considerations: who uses it, what it is used for, when it is used, and how it is used.
Most commonly, system designers use formal methods to specify a system's desired behavioral and structural properties (Yourdon, 1998) However, anyone involved in any stage of system development can make use of formal methods. They can be used in the initial statement of a customer's requirements, through system design, implementation, testing, debugging, maintenance, verification, and evaluation. Formal methods are used to reveal ambiguity, incompleteness, and inconsistency in a system. When used early in the system development process, they can reveal de sign flaws that otherwise might be discovered only during costly testing and debugging phases. When used later, they can help determine the correctness of a system implementation and the equivalence of different implementations (Swartout, 1993).
For a method to be formal, it must have a well-defined mathematical basis. It need not address any pragmatic considerations, but lacking such considerations would render it useless (Rich, Reubenstein, 1997). Hence, a formal method should possess a set of guidelines or a "style sheet" that tells the user the circumstances under which the method can and should be applied as well as how it can be applied most effectively. One tangible product of applying a formal method is a formal specification.
A specification serves as a contract, a valuable piece of documentation, and a means of communication among a client, a specifier, and an implementer. Because of their mathematical basis, formal specifications are more precise and usually more concise than informal ones. Since a formal method is a method and not just a computer program or language, it may or may not have tool support (Hunt, 1997, Moore, 2000). If the syntax of a formal method's specification language is made explicit, providing standard syntax analysis tools for formal specifications would be appropriate. If the language's semantics are sufficiently restricted, varying degrees of semantic analysis can be performed with machine aids as well. Thus, formal specifications have the additional advantage over informal ones of being amenable to machine analysis and manipulation.
What is a specification language?
A formal specification language provides a formal method's mathematical basis. I borrowed the terms and definitions that follow from Guttag et al.3 Burstall and Goguen have used the term "language" and more recently the term "institution" for the notion of a formal specification language. Definition: A formal specification language is a triple,