Why are we Here

Formal Specification Methods Slide 1

Solution – Avoid Functional
Fixedness- Carl Dunker 1945

Formal Specification Methods Slide 2

The dots must be connected by four straight lines drawn
without lifting the pen from the paper and without any line
being repeated

What about 3 straight lines?

Formal Specification Methods Slide 3

\thinking outside the box

Formal Specification Methods Slide 4

What it takes
1. Effort and Hard work

Formal Specification Methods Slide 5

What it takes
2. Good Friends

Formal Specification Methods Slide 6

3.willingness to learn

Formal Specification Methods Slide 7

4.Innovative

Formal Specification Methods Slide 8

Even with minimum resources

Formal Specification Methods Slide 9

Reversed roles : student
centered learning

Formal Specification Methods Slide 10

working in teams

Formal Specification Methods Slide 11

First things first..
Time management

Formal Specification Methods Slide 12

It’s a wide concept ….time
management

Formal Specification Methods Slide 13

What it takes
but finally and very important

PASSION
Formal Specification Methods Slide 14
 Introduction

Formal Specifications

Formal Specification Methods Slide 15

 Formal methods
 Formal specification is part of a more general
collection of techniques that are known as
‘formal methods’ These are all based on
mathematical representation and analysis
of software
 Formal methods include
• Formal specification
• Specification analysis and proof
• Theorem Proof
• Formal verification

Formal Specification Methods Slide 16

 Formal methods
 Formal specification A specification is said to
be formal if it is expressed in a formal notation or
a formal specification language, i.e. a language
that has a precise syntax for which every
sentence in the language has a unique
mathematical meaning. The underlying
mathematical concepts are often simple, e.g.
being based on mathematical logic and set
theory.
 product to satisfy (fulfill/meet/conform to/be
compliant with) its specification.
Formal Specification Methods Slide 17
 Formalism-1
Is Formal same as “correct” or Precise ? NO
Formal” is often confused with “precise” (the former
A specification is formal if it is expressed in a language
made of three components:
1) rules for determining the grammatical well-formedness of
sentences (the syntax); rules for interpreting
2) sentences in a precise, meaningful way within the domain
considered (the semantics);
3)and rules for inferring useful information from the
specification (the proof theory).

Formal Specification Methods Slide 18

 Formal Methods –Abstraction
Complex systems have
large quantities of
properties, thus a good
specification language
allows- the specification to
be broken into units linked
through structuring
ARCHITECTS ABRATRACTS
relationships
- such as specialization,
aggregation (UML)

Formal Specification Methods Slide 19

 Good Specification : Qualities
 A specification must be adequate, that is, it must
adequately state the problem at hand.
 It must be internally consistent, that is, it must have a
meaningful semantic interpretation that makes true all
specified properties taken together.
 It must be unambiguous, that is, it may not have
multiple interpretations of interest making it true.
 It must be complete with respect to higher- level ones,
 It must be satisfied by lower-level ones.
 It should be minimal, that is, it should not state
properties that are irrelevant to the problem or that are
only relevant to a solution for that problem
Formal Specification Methods Slide 20
 Good Specification : Qualities
 Constructability, manageability and
evolvability.
 Usability.
 Communicability
 Powerful and efficient analysis.

Formal Specification Methods Slide 21

 Why Formal Specifications
 Specifications are essential for designing, validating,
documenting, communicating, reengineering, and
reusing solutions. Formality helps in obtaining higher-
quality specifications
(a) high-level goals are identified and refined until a set of
requirements on the software and assumptions on the
environment can be made precise to satisfy such goals;
(b) a software architecture, made of inter- connected
software components, is designed to satisfy such
requirements; and
(c) the various components are implemented and integrated
so as to satisfy the architectural descriptions.
Formal Specification Methods Slide 22
 Example Formal Method Tools-
1
 Z/EVES tools for Z specifications, www.ora.on.ca/z-eves
 VDMTools for VDM, www.ifad.dk/Products/products.htm
 LARCH tools for algebraic specification,
www.sds.lcs.mit.edu/spd/larch

 Rigorous Approach to Industrial Software Engineering

 (RAISE) tools, http://spdweb.terma.com/Projects/RAISE
 B tools for behavioral specifications,
www.b-core.com/btoolkit
 DCVALID verification tool for Duration Calculus,
www.tcs.tifr.res.in/~pandya/dcvalid.html
Formal Specification Methods Slide 23
 Example Formal Method Tools-
2
 Pi-calculus based Mobility Workbench tools for mobile
processes, www.docs.uu.se/~victor/mwb.html
 PROMELA/SPIN and SMV tools for model-checking,
www.cm.bellabs.com/cm/cs/what/spin/Man/promela.html
or www.cs.cmu.edu/~modelcheck/smv.html
 HOL, Isabelle, PVS, and Coq theorem provers,
www.cl.cam.ac.uk/Research/HVG/HOL,

 Research/HVG/Isabelle, http://pvs.csl.sri.com, or
http://coq.inria.fr

Formal Specification Methods Slide 24

 Example Formal Method Tools-
3
 UPPAAL tools for verification and validation of real-time
systems, www.docs.uu.se/docs/rtmv/uppaal
 Concurrency Factory tools for specification and
verification of concurrent systems,
http://cs.sunysb.edu/~concurr
 ObjectGEODEtools for SDL-based specification and
design of real-time systems,
www.tdr.dk/public/SDL/verilog/ogeode.html
 EventStudio tools for message sequence charts,
www.eventhelix.com/EventStudio/FeatureList.htm

Formal Specification Methods Slide 25

 Why use of automated tools for
Formal Specifications-1
 To derive premises or logical consequences of the
specification for user confirmation, through deductive
theorem proving techniques
 To confirm that an operational specification satisfies
more abstract specifications, or to generate behavioural
counter examples
 To generate concrete scenarios illustrating desired or
undesired features about the specification
 to produce animations of the specification in order to
check its adequacy

Formal Specification Methods Slide 26

 Why use of automated tools for
Formal Specifications-2
 To check specific forms of specification
consistency/completeness/efficiently
 To generate high-level exceptions and conflict
preconditions that may make the specification
unsatisfiable
 To generate higher-level specifications such as
invariants or conditions for liveness
 to generate test cases, use cases and oracles
from the specification

Formal Specification Methods Slide 27

 Acceptance of formal methods

 Formal methods have not become mainstream

software development techniques as was once
predicted
• Other software engineering techniques have been successful at
increasing system quality. Hence the need for formal methods
has been reduced
• Market changes have made time-to-market rather than software
with a low error count the key factor. Formal methods do not
reduce time to market
• The scope of formal methods is limited. They are not well-suited
to specifying and analysing user interfaces and user interaction
• Formal methods are hard to scale up to large systems

Formal Specification Methods Slide 28

 Use of formal methods
 Their principal benefits are in reducing the number of
errors in systems so their main area of applicability is
critical systems:
• Air traffic control information systems,
• Railway signalling systems
• Spacecraft systems
• Medical control systems

 In this area, the use of formal methods is most likely

to be cost-effective

 Formal methods have limited practical applicability?

Guess why ….In Commercial applications such as those
in Business….? why
Formal Specification Methods Slide 29
 Specification in the software
process
 Specification and design are inextricably
mixed.

 Architectural design is essential to

structure a specification.

 Formal specifications are expressed in a

mathematical notation with precisely
defined vocabulary, syntax and semantics.

Formal Specification Methods Slide 30

 Specification and design

Increasing contractor involvement

Decreasin g client involvement

Requir ements Requir ements Architectur al Software High-level

definition specification design specification design

Specification

Design

Formal Specification Methods Slide 31

 Specification in the software
process

Requirements Formal
specification specification

Requirements High-le vel

definition design

System Ar chitectural
modelling design

Formal Specification Methods Slide 32

Specification in the software
process-REFINING

Formal Specification Methods Slide 33

 Guideline to developing Good
Specifications-1

1.Deal with the Process

(i) Define the role of formal specifications
in your software development process. – Do
benefit cost analysis –Critical safety?
(ii) Define the steps for developing formal
Specifications- variety of notations ?
(iii) Segment specifications among
broad classes such as functionality, operations,
behavior, and interface

Formal Specification Methods Slide 34

Segmenting requirements ?

Formal Specification Methods Slide 35

 Guideline to developing Good
Specifications-2

1.Deal with the Process

(iv) Apportion parts of your application for
formal specification. – what to be formal ,
informal and semi formal(DFD) based on users
(v) Select formal specification notations
and tools for each class of requirements

Formal Specification Methods Slide 36

 Guideline to developing Good
Specifications-3

2.Deal with the contents of the specifications

(vi) Maintain high-level abstraction by
avoiding design decisions and implementation
details.
(vii) Avoid over- and under specification
as well as nondeterministic and partial
specification.
(viii) Build specifications in a modular
approach
(ix) Evaluate alternatives and chose the best
Formal Specification Methods Slide 37
 Guideline to developing Good
Specifications-4

2.Deal with the contents of the specifications

(x) Build specifications for reusability using
libraries of useful metaphors and patterns.
(xi) Each formal specification notation is
based on a particular mathematical theory- use it
where it suits
(xii) Review and test the specifications
thoroughly; document the test cases.

Formal Specification Methods Slide 38

 Guideline to developing Good
Specifications-5

2.Deal with the contents of the specifications

(xiii) Document the specifications well and
provide explanations.
(xiv) Effectively use available tools.

(XV) State and prove (or argue about or

demonstrate) all the specification’s
necessary properties

Formal Specification Methods Slide 39

 Popular Specification
techniques-1
1.Functional specification
 to specify a system as a structured collection of
mathematical functions. In two ways
• Algebraic approach
» The system is specified in terms of its operations and
their relationships.. algebraic structures (or abstract
data types).
• Higher-Order Functions
 Use of logical theories. by means of logical predicates),

Formal Specification Methods Slide 40

 Popular Specification
techniques-2
2. History-based specification
specify a system by characterizing its maximal set of admissible histories
(or “behaviors”) overtime. The properties of interest are specified by
temporal logic assertions about system objects; such assertions involve
operators referring to past, current and future states.
3. State-based specification
 Characterize the admissible system states at somearbitrary
snapshot. The properties of interest are specified by (a) invariants
constraining the system objects at any snapshot, and (b) pre- and
post-assertions constraining the application of system operations at
any snapshot. A pre-assertion =a weakest necessary condition on
input states for the operation to be applied; a post-assertion
=strongest effect condition on output states if the operation is
 applied
Formal Specification Methods Slide 41
 Popular Specification
techniques-3
4. Transition-based specification
 Characterize the required transitions from state to state. The
properties of interest are specified by set of transition functions in the
state machine transition; the transition function for a system object
gives, for each input state and triggering event, the corresponding
output state.
5. State-based specification
 Characterize the admissible system states at somearbitrary
snapshot. The properties of interest are specified by (a) invariants
constraining the system objects at any snapshot, and (b) pre- and
post-assertions constraining the application of system operations at
any snapshot. A pre-assertion =a weakest necessary condition on
input states for the operation to be applied; a post-assertion
=strongest effect condition on output states if the operation is applied
Formal Specification Methods Slide 42
 Use of formal specification
 Formal specification involves investing more
effort in the early phases of software
development
This reduces requirements errors as it
forces a detailed analysis of the requirements
 Incompleteness and inconsistencies can be
discovered and resolved !!!
Hence, savings as made as the amount of
rework due to requirements problems is
reduced
Formal Specification Methods Slide 43
 Current Pitfalls in Formal
Specification Usage-1
 How do we treat Non functional Requirements –
Aesthetics ? |Seems Formalism are on Functional
requirements only
 Distinction lacking between Descriptive and
Prescriptive properties :provide no support for
making a clear separation between (a) intended
properties of the system considered, (b)
assumptions about the environment of this system,
and (c) properties of the application domain.

Formal Specification Methods Slide 44

 Current Pitfalls in Formal
Specification Usage-2
 Tailored for low level ontologies such as data and
functions ---How do we define goals, agents ,
refinements etc
 Formalism suffer Vertical isolation ( not keen on
up and down streams of SDLC products ) and
horizontal isolation(does not care much about
companion items such as informal
documentation,validation data , project
management information ) from other software
processes

Formal Specification Methods Slide 45

 Current Pitfalls in Formal
Specification Usage-3
 Cost of the specification process
 Poor tooling on giving feedback of the processes-
Many analysis tools are effective at pointing out
problems, but in general they do a poor job of
(a) suggesting causes at the root of such problems,
and (b)proposing recovery actions.

Formal Specification Methods Slide 46