CHAPTER 1: INTRODUCTION TO FORMAL

METHODS
 Topics
 1.1 Overview
 1.2 SDLC(Revise Software Development)
 1.3 Formal Method
 1.4 Advantages and Disadvantages
 1.5 Critical Software
 1.6 Integrity Level
 1.7 Stages in Formal Methods
1.1 OVERVIEW

 Software Engineering: is a process of analyzing user requirements and then designing, building, and
testing software applications that will satisfy those requirements.
 IEEE, in its standard 610.12-1990, defines software engineering as the application of a systematic,
disciplined, which is computable approach for the development, operation, and maintenance of
software.
 Software engineering includes the practical application of scientific knowledge to the creative design
and building of computer programs. It also includes associated documentation needed for developing,
operating, and maintaining them.
SDLC

 Waterfall model: is a linear, sequential approach to the software development life

cycle (SDLC) that is popular in software engineering and product development. The
waterfall model emphasizes a logical progression of steps. Similar to the direction in
which water flows over the edge of a cliff, distinct endpoints or goals are set for each
phase of development and cannot be revisited after completion. The term was first
introduced in a paper published in 1970 by Dr. Winston W. Royce and continues to be
used in applications of industrial design.
SDLC
ADVANTAGE AND LIMITATIONS
Advantage Limitations
 Simple and easy to understand and use  No working software is produced until late during

 Easy to manage due to the rigidity of the model. the life cycle.
Each phase has specific deliverables and a review  High amounts of risk and uncertainty.
process.  Not a good model for complex and object-oriented
 Phases are processed and completed one at a time. projects.
 Works well for smaller projects where  Poor model for long and ongoing projects.
requirements are very well understood.  Not suitable for the projects where requirements
 Clearly defined stages. are at a moderate to high risk of changing.
 Well-understood milestones.  It is difficult to measure progress within stages.

 Easy to arrange tasks.  Cannot accommodate changing requirements.

 Process and results are well documented.

SDLC

 Iterative model: Iterative process starts with a simple implementation of a subset of

the software requirements and iteratively enhances the evolving versions until the full
system is implemented. At each iteration, design modifications are made and new
functional capabilities are added. The basic idea behind this method is to develop a
system through repeated cycles (iterative) and in smaller portions at a time
(incremental).
SDLC
ADVANTAGE AND LIMITATIONS
Advantage Limitations
 Results are obtained early and periodically.  More resources may be required.

 Parallel development can be planned.  More management attention is required.

 Progress can be measured.  System architecture or design issues may arise because

 Less costly to change the scope/requirements. not all requirements are gathered at the beginning of
the entire life cycle.
 Testing and debugging during smaller iteration is easy.
 Defining increments may require the definition of the
 Risks are identified and resolved during iteration; and complete system.
each iteration is an easily managed milestone.
 Not suitable for smaller projects.
 Easier to manage risk - High risk part is done first.
 Management complexity is more.
 With every increment, operational product is delivered.
 The end of the project may not be known which is a
 Issues, challenges and risks identified from each risk.
increment can be utilized/applied to the next increment.
 Highly skilled resources are required for risk analysis.
 Risk analysis is better.
 The project’s progress is highly dependent upon the
 It supports changing requirements. risk analysis phase.
SDLC
 Spiral: The spiral model combines the idea of iterative development with the
systematic, controlled aspects of the waterfall model. This Spiral model is a
combination of the iterative development process model and sequential linear
development model i.e. the waterfall model with a very high emphasis on risk
analysis. It allows incremental releases of the product or incremental refinement
through each iteration around the spiral.
 The spiral model has four phases: Identification, design, construct or build,
evaluation and risk analysis.
 Spiral model
ADVANTAGE AND LIMITATIONS
Advantage Limitations
 Changing requirements can be accommodated.  Management is more complex.

 Allows extensive use of prototypes.  End of the project may not be known early.

 Requirements can be captured more accurately.  Not suitable for small or low risk projects and

 Users see the system early. could be expensive for small projects.
 Process is complex
 Development can be divided into smaller parts and
the risky parts can be developed earlier which  Spiral may go on indefinitely.
helps in better risk management.  Large number of intermediate stages requires
excessive documentation.
SDLC

 V-Shaped model: The V-model is an SDLC model where execution of processes happens in a
sequential manner in a V-shape. It is also known as Verification and Validation model.
 The V-Model is an extension of the waterfall model and is based on the association of a testing phase
for each corresponding development stage. This means that for every single phase in the development
cycle, there is a directly associated testing phase. This is a highly-disciplined model and the next phase
starts only after completion of the previous phase.
SDLC
ADVANTAGE AND LIMITATIONS
Advantage Limitations
 This is a highly-disciplined model and Phases  High risk and uncertainty.
are completed one at a time.  Not a good model for complex and object-oriented
 Works well for smaller projects where projects.
requirements are very well understood.  Poor model for long and ongoing projects.

 Simple and easy to understand and use.  Not suitable for projects where requirements are at
a moderate to high risk of changing.
 Easy to manage due to the rigidity of the
 Once an application is in the testing stage, it is
model. Each phase has specific deliverables
difficult to go back and change functionality.
and a review process.
 No working software is produced until late during
the life cycle.
SDLC
 Agile model: Agile SDLC model is a combination of iterative and incremental process models with a
focus on process adaptability and customer satisfaction by rapid delivery of working software
products. Agile Methods break the product into small incremental builds. These builds are provided in
iterations. Each iteration typically lasts from about one to three weeks. Every iteration involves cross-
functional teams working simultaneously on various areas like- Planning, Requirements Analysis,
Design, Coding, Unit Testing, and, Acceptance Testing.
 Agile model believes that every project needs to be handled differently and the existing methods need
to be tailored to best suit the project requirements. In Agile, the tasks are divided to time boxes (small
time frames) to deliver specific features for a release.
SDLC
ADVANTAGE AND LIMITATIONS
Advantage Limitations
 Is a very realistic approach to software development.  Not suitable for handling complex dependencies.
 Promotes teamwork and cross training.  More risk of sustainability, maintainability and
 Functionality can be developed rapidly and extensibility.
demonstrated.  An overall plan, an agile leader and agile PM practice is
 Resource requirements are minimum. a must without which it will not work.

 Suitable for fixed or changing requirements  Strict delivery management dictates the scope,
functionality to be delivered, and adjustments to meet
 Delivers early partial working solutions.
the deadlines.
 Good model for environments that change steadily.  Depends heavily on customer interaction, so if customer
 Minimal rules, documentation easily employed. is not clear, team can be driven in the wrong direction.
 Little or no planning required.  There is a very high individual dependency, since there

 Easy to manage.
is minimum documentation generated.
 Transfer of technology to new team members may be
 Gives flexibility to developers.
quite challenging due to lack of documentation.
SDLC
 RAD model: model is based on prototyping and iterative development with no specific planning
involved. The process of writing the software itself involves the planning required for developing the
product.
 Rapid Application Development focuses on gathering customer requirements through workshops or
focus groups, early testing of the prototypes by the customer using the iterative concept, reuse of the
existing prototypes (components), continuous integration, and rapid delivery.
 Rapid application development is a software development methodology that uses minimal planning in
favor of rapid prototyping. A prototype is a working model that is functionally equivalent to a
component of the product.
 In the RAD model, the functional modules are developed in parallel as prototypes and are integrated to
make the complete product for faster product delivery. Since there is no detailed preplanning, it makes
it easier to incorporate the changes within the development process.
SDLC
ADVANTAGE AND LIMITATIONS
Advantage Limitations
 Changing requirements can be accommodated.  Dependency on technically strong team members for

 Progress can be measured. identifying business requirements.

 Only system that can be modularized can be built using
 Iteration time can be short with use of powerful RAD
RAD.
tools.
 Requires highly skilled developers/designers.
 Productivity with fewer people in a short time.
 High dependency on Modelling skills.
 Reduced development time.
 Inapplicable to cheaper projects as cost of Modelling
 Increases reusability of components.
and automated code generation is very high.
 Quick initial reviews occur.  Management complexity is more.
 Encourages customer feedback.  Suitable for systems that are component based and
 Integration from very beginning solves a lot of scalable.
integration issues.  Requires user involvement throughout the life cycle.

 Suitable for project requiring shorter development

times.
FORMAL METHOD
 Formal methods are system design techniques that use rigorously specified mathematical models to
build software and hardware systems. In contrast to other design systems, formal methods use
mathematical proof as a complement to system testing in order to ensure correct behavior. As systems
become more complicated, and safety becomes a more important issue, the formal approach to system
design offers another level of insurance.
 Formal methods differ from other design systems through the use of formal verification schemes, the
basic principles of the system must be proven correct before they are accepted. Traditional system
design has used extensive testing to verify behavior, but testing is capable of only finite conclusions.
Dijkstra and others have demonstrated that tests can only show the situations where a system won't
fail, but cannot say anything about the behavior of the system outside of the testing scenarios. In
contrast, once a theorem is proven true it remains true.
 Formal methods are mathematically rigorous techniques for the specification, development, and
verification of software and hardware systems. The use of formal methods for software and hardware
design is motivated by the expectation that, as in other engineering disciplines, performing the
appropriate mathematical analysis can contribute to the reliability and robustness of a design.
FORMAL METHOD

 Formal Methods are one means in software engineering that can help to ensure that a
computer system meets its requirements. Formal Methods can play multiple roles in
the software design process. Some software development standards actually require
the use of Formal Methods for high integrity levels. Mostly, Formal Methods help to
make system descriptions precise and to support system analysis. However, their
application is feasible only when they are supported by tools. Consequently, tool
qualification and certification play a significant role in standards.
FORMAL METHOD

 A formal language is described by an unambiguous syntax and a mathematical

semantics. For a Formal Method (as opposed to a formal language) it is essential that
there are some algorithms or procedures which describe what can be done with the
syntactic objects in practice.
 A Formal Method consists of three components:
 Those are syntax, semantics, method.
 The syntax gives a precise description of the form of objects (strings or graphs). The
semantics describes the ‘meaning’ of the syntactic objects, in general by a mapping
into some mathematical structure. The method describes algorithmic ways of
transforming syntactic objects.
 FORMAL METHOD
 formal design can be seen as a three step process, following the outline given here:

1. Formal Specification: During the formal specification phase, the engineer rigorously defines a system
using a modeling language. Modeling languages are fixed grammars which allow users to model
complex structures out of predefined types. This process of formal specification is similar to the
process of converting a word problem into algebraic notation.
2. Verification: As stated above, formal methods differ from other specification systems by their heavy
emphasis on provability and correctness. By building a system using a formal specification, the
designer is actually developing a set of theorems about his system.
3. Implementation: Once the model has been specified and verified, it is implemented by converting the
specification into code. As the difference between software and hardware design grows narrower,
formal methods for developing embedded systems have been developed.
ADVANTAGE AND LIMITATIONS
Advantage Limitations
 Discovers ambiguity, incompleteness, and  Time consuming and expensive.
inconsistency in the software.  Difficult to use this model as a
 Offers defect-free software. communication mechanism for non technical
 Incrementally grows in effective solution personnel.
after each iteration.  Extensive training is required since only few
 This model does not involve a high developers have the essential knowledge to
complexity rate. implement this model.

 Formal specification language semantics

verify self-consistency.
LIGHTWEIGHT FORMAL METHOD

 Some practitioners believe that the formal methods community has overemphasized the full
formalization of a specification or design. They contend that the expressiveness of the languages
involved, as well as the complexity of the systems being modeled, make full formalization a difficult
and expensive task. As an alternative, various lightweight formal methods, which emphasize partial
specification and focused application, have been proposed. Examples of this lightweight approach to
formal methods include the Alloy object modeling notation, Denney's synthesis of some aspects of the
Z notation with use case driven development.
 The lightweight approach to formal design recognizes that formal methods are not a panacea: there are
areas where formal methods are useful, and areas where a formal specification will accomplish
nothing. In a lightweight design, formal methods are used in specific locations, and different formal
methods may be used in different subsystems, ideally playing to the strengths of each method.
CRITICAL SOFTWARE

 Software whose failure would impact safety or cause large financial or social losses. Learn more in:
eXtreme Programming, Agile Methodologies, Software Project Management, Customer Role,
Rigorous Testing.
 A critical system is a system that must be highly reliable and retain this reliability as it evolves without
incurring prohibitive costs. There are four types of critical systems: safety-critical, mission-critical,
business-critical and security-critical.
INTEGRITY LEVEL

 Software integrity levels are a range of values that represent software complexity, criticality, risk,
safety level, security level, desired performance, reliability, or other project-unique characteristics that
define the importance of the software to the user and acquirer.
 Software integrity refers to the quality of the software’s source code. And, code quality is essential as it
is a measure of how safe, secure, and reliable it is. Here, we take a closer look at what is software
integrity, why it matters, and how the right tools can help improve your software integrity.
INTEGRITY LEVEL
 STAGES IN FORMAL METHODS

1. Formal Specification: This is where normal system specification is use and translated using a formal
language into a formal specification. There are basically two type of formal language; Model Oriented
(VDM, Z, etc) and Properties Oriented (Algebraic Logic, Temporal Logic, etc). This is the cheapest
way to handle formal method.
2. Formal Proof: This level studies the formal specification and retrieves the goals of the formal specific.
Then fixed rules are created and with these rules step by step instructions are listed to achieve the
specified goals. This is relatively cheaper but there are more task steps.
 STAGES IN FORMAL METHODS

3. Model Checking: This level studies the formal specification and formal proof deliverables to make sure
that the system or software contains ALL possible properties to be able to handle all possible scenarios
that could happen for a given specification. This stage is beginning to be more expensive.
4. Abstraction: This level uses mathematical and physical models to create a prototype of the entire
system for simulation. This prototype is used to focus on the properties and characteristics of the system.
This is the most expensive formal method.
STAGES IN FORMAL METHODS
Thank you!