In computer science, formal methods are mathematically rigorous techniques for the specification, development, analysis, and verification of software and hardware systems.[1] The use of formal methods for software and hardware design is motivated by the expectation that, as in other engineering disciplines, performing appropriate mathematical analysis can contribute to the reliability and robustness of a design.[2]
Formal methods may be used to give a formal description of the system to be developed, at whatever level of detail desired. Further formal methods may depend on this specification to synthesize a program or to verify the correctness of a system.
Alternatively, specification may be the only stage in which formal methods is used. By writing a specification, ambiguities in the informal requirements can be discovered and resolved. Additionally, engineers can use a formal specification as a reference to guide their development processes.[4]
The need for formal specification systems has been noted for years. In the ALGOL 58 report,[5]John Backus presented a formal notation for describing programming language syntax, later named Backus normal form then renamed Backus–Naur form (BNF).[6] Backus also wrote that a formal description of the meaning of syntactically valid ALGOL programs was not completed in time for inclusion in the report, stating that it "will be included in a subsequent paper." However, no paper describing the formal semantics was ever released.[7]
Program synthesis is the process of automatically creating a program that conforms to a specification. Deductive synthesis approaches rely on a complete formal specification of the program, whereas inductive approaches infer the specification from examples. Synthesizers perform a search over the space of possible programs to find a program consistent with the specification. Because of the size of this search space, developing efficient search algorithms is one of the major challenges in program synthesis.[8]
Formal verification is the use of software tools to prove properties of a formal specification, or to prove that a formal model of a system implementation satisfies its specification.
Once a formal specification has been developed, the specification may be used as the basis for proving properties of the specification, and by inference, properties of the system implementation.
Sign-off verification
Sign-off verification is the use of a formal verification tool that is highly trusted. Such a tool can replace traditional verification methods (the tool may even be certified).[citation needed]
Human-directed proof
Sometimes, the motivation for proving the correctness of a system is not the obvious need for reassurance of the correctness of the system, but a desire to understand the system better. Consequently, some proofs of correctness are produced in the style of mathematical proof: handwritten (or typeset) using natural language, using a level of informality common to such proofs. A "good" proof is one that is readable and understandable by other human readers.
Critics of such approaches point out that the ambiguity inherent in natural language allows errors to be undetected in such proofs; often, subtle errors can be present in the low-level details typically overlooked by such proofs. Additionally, the work involved in producing such a good proof requires a high level of mathematical sophistication and expertise.
Automated proof
In contrast, there is increasing interest in producing proofs of correctness of such systems by automated means. Automated techniques fall into three general categories:
Model checking, in which a system verifies certain properties by means of an exhaustive search of all possible states that a system could enter during its execution.
Abstract interpretation, in which a system verifies an over-approximation of a behavioural property of the program, using a fixpoint computation over a (possibly complete) lattice representing it.
Some automated theorem provers require guidance as to which properties are "interesting" enough to pursue, while others work without human intervention. Model checkers can quickly get bogged down in checking millions of uninteresting states if not given a sufficiently abstract model.
Proponents of such systems argue that the results have greater mathematical certainty than human-produced proofs, since all the tedious details have been algorithmically verified. The training required to use such systems is also less than that required to produce good mathematical proofs by hand, making the techniques accessible to a wider variety of practitioners.
Critics note that some of those systems are like oracles: they make a pronouncement of truth, yet give no explanation of that truth. There is also the problem of "verifying the verifier"; if the program that aids in the verification is itself unproven, there may be reason to doubt the soundness of the produced results. Some modern model checking tools produce a "proof log" detailing each step in their proof, making it possible to perform, given suitable tools, independent verification.
The main feature of the abstract interpretation approach is that it provides a sound analysis, i.e. no false negatives are returned. Moreover, it is efficiently scalable, by tuning the abstract domain representing the property to be analyzed, and by applying widening operators[9] to get fast convergence.
Techniques
This section needs expansion. You can help by adding to it. (June 2024)
Formal methods includes a number of different techniques.
The design of a computing system can be expressed using a specification language, which is a formal language that includes a proof system. Using this proof system, formal verification tools can reason about the specification and establish that a system adheres to the specification.[10]
A binary decision diagram is a data structure that represents a Boolean function.[11] If a Boolean formula expresses that an execution of a program conforms to the specification, a binary decision diagram can be used to determine if is a tautology; that is, it always evaluates to TRUE. If this is the case, then the program always conforms to the specification.[12]
A SAT solver is a program that can solve the Boolean satisfiability problem, the problem of finding an assignment of variables that makes a given propositional formula evaluate to true. If a Boolean formula expresses that a specific execution of a program conforms to the specification, then determining that is unsatisfiable is equivalent to determining that all executions conform to the specification. SAT solvers are often used in bounded model checking, but can also be used in unbounded model checking.[13]
Formal verification has been frequently used in hardware by most of the well-known hardware vendors, such as IBM, Intel, and AMD. There are many areas of hardware, where Intel have used formal methods to verify the working of the products, such as parameterized verification of cache-coherent protocol,[19] Intel Core i7 processor execution engine validation [20] (using theorem proving, BDDs, and symbolic evaluation), optimization for Intel IA-64 architecture using HOL light theorem prover,[21] and verification of high-performance dual-port gigabit Ethernetcontroller with support for PCI express protocol and Intel advance management technology using Cadence.[22] Similarly, IBM has used formal methods in the verification of power gates,[23] registers,[24] and functional verification of the IBM Power7 microprocessor.[25]
In software development
In software development, formal methods are mathematical approaches to solving software (and hardware) problems at the requirements, specification, and design levels. Formal methods are most likely to be applied to safety-critical or security-critical software and systems, such as avionics software. Software safety assurance standards, such as DO-178C allows the usage of formal methods through supplementation, and Common Criteria mandates formal methods at the highest levels of categorization.
In functional programming, property-based testing has allowed the mathematical specification and testing (if not exhaustive testing) of the expected behaviour of individual functions.
Another approach to formal methods in software development is to write a specification in some form of logic—usually a variation of first-order logic—and then to directly execute the logic as though it were a program. The OWL language, based on description logic, is an example. There is also work on mapping some version of English (or another natural language) automatically to and from logic, as well as executing the logic directly. Examples are Attempto Controlled English, and Internet Business Logic, which do not seek to control the vocabulary or syntax. A feature of systems that support bidirectional English–logic mapping and direct execution of the logic is that they can be made to explain their results, in English, at the business or scientific level.[citation needed]
Semi-formal methods
Semi-formal methods are formalisms and languages that are not considered fully "formal". It defers the task of completing the semantics to a later stage, which is then done either by human interpretation or by interpretation through software like code or test case generators.[26]
Some practitioners believe that the formal methods community has overemphasized full formalization of a specification or design.[27][28] They contend that the expressiveness of the languages involved, as well as the complexity of the systems being modelled, make full formalization a difficult and expensive task. As an alternative, various lightweight formal methods, which emphasize partial specification and focused application, have been proposed. Examples of this lightweight approach to formal methods include the Alloy object modelling notation,[29] Denney's synthesis of some aspects of the Z notation with use case driven development,[30] and the CSK VDM Tools.[31]
Formal methods and notations
There are a variety of formal methods and notations available.
Many problems in formal methods are NP-hard, but can be solved in cases arising in practice. For example, the Boolean satisfiability problem is NP-complete by the Cook–Levin theorem, but SAT solvers can solve a variety of large instances. There are "solvers" for a variety of problems that arise in formal methods, and there are many periodic competitions to evaluate the state-of-the-art in solving such problems.[33]
The SAT competition is a yearly competition that compares SAT solvers.[34] SAT solvers are used in formal methods tools such as Alloy.[35]
^Backus, J.W. (1959). "The Syntax and Semantics of the Proposed International Algebraic Language of Zürich ACM-GAMM Conference". Proceedings of the International Conference on Information Processing. UNESCO.
^Bjørner, Dines; Henson, Martin C. (2008). Logics of Specification Languages. pp. VII–XI.
^Bryant, Randal E. (2018). "Binary Decision Diagrams". In Clarke, Edmund M.; Henzinger, Thomas A.; Veith, Helmut; Bloem, Roderick (eds.). Handbook of Model Checking. p. 191.
^Chaki, Sagar; Gurfinkel, Arie (2018). "BDD-Based Symbolic Model Checking". In Clarke, Edmund M.; Henzinger, Thomas A.; Veith, Helmut; Bloem, Roderick (eds.). Handbook of Model Checking. p. 191.
^Prasad, Mukul R; Biere, Armin; Gupta, Aarti (January 25, 2005). "A survey of recent advances in SAT-based formal verification". International Journal on Software Tools for Technology Transfer. 7 (2): 156–173. doi:10.1007/s10009-004-0183-4.
^Bjørner, Dines; Gram, Christian; Oest, Ole N.; Rystrøm, Leif (2011). "Dansk Datamatik Center". In Impagliazzo, John; Lundin, Per; Wangler, Benkt (eds.). History of Nordic Computing 3: IFIP Advances in Information and Communication Technology. Springer. pp. 350–359.
^Gheorghe, A. V., & Ancel, E. (2008, November). Unmanned aerial systems integration to National Airspace System. In Infrastructure Systems and Services: Building Networks for a Brighter Future (INFRA), 2008 First International Conference on (pp. 1-5). IEEE.
^J. Grundy, "Verified optimizations for the Intel IA-64 architecture", In Theorem Proving in Higher Order Logics, Springer Berlin Heidelberg, 2004, pp. 215–232.
^Bartocci, Ezio; Beyer, Dirk; Black, Paul E.; Fedyukovich, Grigory; Garavel, Hubert; Hartmanns, Arnd; Huisman, Marieke; Kordon, Fabrice; Nagele, Julian; Sighireanu, Mihaela; Steffen, Bernhard; Suda, Martin; Sutcliffe, Geoff; Weber, Tjark; Yamada, Akihisa (2019). "TOOLympics 2019: An Overview of Competitions in Formal Methods". In Beyer, Dirk; Huisman, Marieke; Kordon, Fabrice; Steffen, Bernhard (eds.). Tools and Algorithms for the Construction and Analysis of Systems. Lecture Notes in Computer Science. Cham: Springer International Publishing. pp. 3–24. doi:10.1007/978-3-030-17502-3_1. ISBN978-3-030-17502-3.
^Beyer, Dirk (2022). "Progress on Software Verification: SV-COMP 2022". In Fisman, Dana; Rosu, Grigore (eds.). Tools and Algorithms for the Construction and Analysis of Systems. Lecture Notes in Computer Science. Vol. 13244. Cham: Springer International Publishing. pp. 375–402. doi:10.1007/978-3-030-99527-0_20. ISBN978-3-030-99527-0.
بنو طاهر طاهريون 1454 م – 1539 م الدولة الطاهرية في أقصى اتساع لها عاصمة المقرانة نظام الحكم ملكية اللغة الرسمية اللغة العربية الديانة الإسلام الحاكم عامر بن طاهر 1454 - 1466 م (الأول) عامر بن داوود 1517 - 1539 م (الأخير) التاريخ التأسيس 1454 م الزوال 1539 م اليوم جزء من اليمن عُمان...
Jatim beralih ke halaman ini. Untuk kegunaan lain, lihat Jatim (disambiguasi). Jawa TimurProvinsiTranskripsi bahasa daerah • Hanacarakaꦙꦮꦶꦮꦺꦠꦤ꧀ • Pegonجاوي وَيتان • Alfabet JawaJawi Wétan • Alfabet MaduraJhâbâ TèmorSearah jarum jam dari atas: Taman Nasional Bromo Tengger Semeru, Selat Madura saat matahari terbenam, Salju tipis di Ranu Pani, Jembatan Suramadu, Museum Binatang Jatim Park 2 di Kota Batu, danau bel...
خريطة لمملكة إيطاليا اللومباردية والمناطق المحيطة بها حوالي عام 740 ، تُظهر جزأين رئيسيين (لانغوبارديا مايور ومينور) وتقسيماتها الداخلي. كانت دوقية تريدنتوم دوقية لومباردية مستقلة أنشأها إوين خلال فترة خلو العرش اللومباردي 574-584 التي أعقبت اغتيال ألبوين ملك اللومبارد.[1 ...
Grundtvig International Secondary School, Anambra State Private school in NigeriaGrundtvig International Secondary SchoolLocationOba, AnambraNigeriaInformationTypePrivate SchoolMottoMotto: “Education for life”Established1998FounderDr. Kachi E. Ozumba (1942-2011)Colour(s)Maroon and YellowWebsitegrundtvigsecondary.com Grundtvig International Secondary School is a Nigerian independent boarding school in Oba, Anambra State, located just about twenty minutes’ drive from the Asaba Airport. It...
2010 studio album by Elaine PaigeElaine Paige and FriendsStudio album by Elaine PaigeReleased1 November 2010 (2010-11-01)Elaine Paige chronology Elaine Paige Live(2009) Elaine Paige and Friends(2010) Elaine Paige and Friends is a duet album from Elaine Paige, released on November 1, 2010. Phil Ramone produced the album for Rhino/Warner Bros Records.[1] The CD debuted on the UK Album Chart at #18.[2] Paige toured the UK in concert promoting the recording ...
Paus Benediktus XVI, Januari 2006 Kotbah Regensburg atau pernyataan Regensburg disampaikan pada 12 September 2006 oleh Paus Benediktus XVI di Universitas Regensburg, Jerman, dimana ia sempat menjabat sebagai profesor teologi. Kotbah tersebut diberi judul Iman, Nalar dan Universitas — Kenangan dan Renungan (Jerman: Glaube, Vernunft und Universität — Erinnerungen und Reflexionen). Kotbah tersebut dianggap sebagai salah satu pernyataan kepausan paling berpengaruh di dunia sejak pernyata...
2012 single by K'naanHurt Me TomorrowSingle by K'naanfrom the album Country, God or the Girl Released1 May 2012Recorded2011GenrePop rap, pop-soulLength3:47LabelA&M Octone RecordsSongwriter(s)Ryan Tedder, Evan Bogart, Noel Zancanella, Keinan WarsameProducer(s)Ryan TedderK'naan singles chronology Is Anybody Out There? (2012) Hurt Me Tomorrow (2012) Hurt Me Tomorrow is a song by Somali-Canadian artist K'naan from his fourth studio album Country, God or the Girl. It was released as a digi...
Asosiasi Pemerintah Provinsi Seluruh Indonesia (disingkat APPSI) adalah organisasi antarpemerintah provinsi yang ada di Indonesia yang bertujuan sebagai wadah kerja sama dalam rangka mendukung suksesnya penyelenggaraan otonomi daerah di Indonesia. APPSI berdiri pada 6 Juni 2000 di Jakarta.[1] Anggota APPSI adalah seluruh pemerintah provinsi di Indonesia. APPSI dipimpin oleh seorang ketua umum yang didampingi oleh sekretaris jenderal dan bendahara umum serta jajaran kepengurusan yang b...
Not to be confused with UAZ Patriot. Motor vehicle Jeep PatriotOverviewManufacturerJeep[a]Production2006–2016Model years2007–2017AssemblyUnited States: Belvidere, Illinois, (Belvidere Assembly)Body and chassisClassCompact crossover SUVBody style5-door SUVLayoutFront-engine, front-wheel drive / all-wheel drivePlatformChrysler PM/MK platformRelatedMitsubishi LancerJeep CompassDodge CaliberMitsubishi OutlanderDodge AvengerChrysler SebringPowertrainEngine2.0 L World I4 (gaso...
South African state-owned aerospace and military technology conglomerate This article needs additional citations for verification. Please help improve this article by adding citations to reliable sources. Unsourced material may be challenged and removed.Find sources: Denel – news · newspapers · books · scholar · JSTOR (August 2008) (Learn how and when to remove this template message) Denel SOC LtdTypeState-owned enterpriseIndustryAerospace and Defence ...
Beach at Ōno overlooking Ise Bay Ōno Castle Ōnomachi Station Ōno (大野町, Ōno-machi) was a town located in Chita District, Aichi, central Japan. History During the Edo period, rice granaries lined the river on both sides that lead downstream to the port on Ise Bay. Starting with the Meiji period and industrialization, Ōno Beach became a popular point during the summer, with a number of villas being constructed for the wealthy.[1] On April 1, 1954 the city of Tokoname was esta...
This article needs additional citations for verification. Please help improve this article by adding citations to reliable sources. Unsourced material may be challenged and removed.Find sources: Crown of Fire – news · newspapers · books · scholar · JSTOR (January 2016) (Learn how and when to remove this template message) Crown of Fire Cover of the first editionAuthorEd GreenwoodCover artistJon SullivanCountryUnited StatesLanguageEnglishSeriesShand...
This article is about the former Genesee Valley Trust Building in Rochester, New York. For the building in New York City, New York, see The Times Square Building. For other buildings named Times Square Building, see Times Square Building (disambiguation). Office, Citizens Bank in NY, USATimes Square BuildingGeneral informationStatusCompletedTypeOfficeCitizens BankArchitectural styleArt DecoLocation45 Exchange BoulevardRochester, NY, USACoordinates43°09′17″N 77°36′45″W / ...
Men's 200 metre freestyle at the 2022 Asian GamesVenueHangzhou Olympic Sports Expo CenterDate27 SeptemberCompetitors36 from 25 nationsWinning time1:44.40 GRMedalists Hwang Sun-woo South Korea Pan Zhanle China Lee Ho-joon South Korea← 20182026 → Swimming at the2022 Asian GamesFreestyle50 mmenwomen100 mmenwomen200 mmenwomen400 mmenwomen800 mmenwomen1500 mmenwomenBackstroke50 mmenwomen100 mmenwomen...
American economist (born 1953) Ben Bernanke14th Chairman of the Federal ReserveIn officeFebruary 1, 2006 – January 31, 2014PresidentGeorge W. BushBarack ObamaDeputyRoger FergusonDonald KohnJanet YellenPreceded byAlan GreenspanSucceeded byJanet YellenMember of the Federal Reserve Board of GovernorsIn officeFebruary 1, 2006 – January 31, 2014PresidentGeorge W. BushBarack ObamaPreceded byAlan GreenspanSucceeded byStanley FischerIn officeJuly 31, 2002 – June 21, 2...
Team of DC Comics superheroes Not to be confused with Crusaders (Marvel Comics). CrusadersThe DC Comics version of the Crusaders, art by Dick Ayers.Publication informationPublisherDC ComicsFirst appearanceFreedom Fighters #7 (March 1977)Created byBob Rozakis (writer)Dick Ayers (artist)In-story informationMember(s)AmericommandoBarracudaFireballRustySparky The Crusaders is a team of DC Comics superheroes. The team was created by Bob Rozakis and Dick Ayers in the pages of Freedom Fighters #7 (Ma...
Aircraft carrier of the Imperial Japanese Navy For other ships with the same name, see Japanese ship Hōshō. Aerial view of Hōshō as completed in December 1922 Class overview Operators Imperial Japanese Navy Preceded byNone Succeeded byAkagi Built1920–1922 In service1922–1947 In commission1922–1945 Planned2 Completed1 Scrapped1 History Japan NameHōshō NamesakePhoenix BuilderAsano Shipbuilding Company, Tsurumi-ku, Yokohama Laid down16 December 1920 Launched13 November 1921...