Formal method (data-processing) - SpeedyLook encyclopedia

Example

Everyone knows the equality $(a+b)^2 = a^2 + b^2 + 2ab$ . How to check that this equality is right?

By traditional checking, it would be necessary to take all the possible values of $a$ , to cross them with all the possible values of $b$ , and for each couple, to calculate $(a+b)^2$ , then $a^2 + b^2 + 2ab$ , and to make sure that one obtains the same result. Of course, if the fields of $a$ and $b$ are large, this checking can be very long. And if the fields are infinite (for example realities), this checking is infinite.

By formal checking, one uses only values symbolic systems and one observes known rules. Here, the known rules would be:

$\ forall X, x^2 = X * x$
$\ forall X, there, Z, X * (there + Z) = x*y + x*z$
$\ forall X, there, x*y = y*x$
$\ forall X, X + X = 2x$
$\ forall X, there, X + there = there + X$

While being useful of these rules and on the basis of $(a+b)^2$ , one easily manages to find $a^2 + b^2 + 2ab$ .

Various techniques

The checking includes/understands several techniques, often complementary.

the Démonstration of theorems is a technique often little automated which consists in rewriting formulas by using a whole of known rules as well as the induction.
BDD S (for Binary Decision Diagrams), are representations of Booléennes formulas. BDDs have the advantage of being sometimes exponentially more compact than the explicit formulas than they represent. They are more canonical. This representation is especially used for the formal checking applied to the digital circuits.
SAT is a rather general term to indicate a whole of methods aiming at solving the problem of satisfaisability. However the majority of the problems of formal checking are connected with the problem of satisfaisability.

Specification

The formal methods can be used to give a specification of the system which one wishes to develop, at the desired level of details. A formal specification of the system is based on a formal language whose semantics is well defined (contrary to a specification in natural language which can give place to various interpretations). This formal description of the system can be used as reference during the development. Moreover, it can be used to check (formally) that the final realization of the system (described in a dedicated data-processing language) respects initial waitings (in particular in term of functionality).

The need for the formal methods was felt for a long time. In the report/ratio ALGOL 60, John Backus presented a formal notation to describe the syntax of the computer programming languages (notation called Backus-Naur form, BNF).

Development

Once a specification was developed, it can be used as reference during the development of the concrete system (developed of the algorithms, realization in software and/or electronic circuit). For example:

If the formal specification is equipped with an operational semantics, the behavior observed of the concrete system can be compared with the behavior of the specification (which itself must be able achievable or be simulated). Moreover, one such specification can be the subject of an automatic translation towards the target language.
If the formal specification is equipped with an axiomatic semantics, the preconditions and postconditions of the specification can become assertions in the achievable code. These assertions can be used to check the correct operation of the system during its execution (or simulation), or better still of the static methods (proof of theorem, model-checking) can be used to check that these assertions will be satisfied for any execution with the system.

Checking

A specification can be used as bases to prove properties on the system. The specification is generally an abstract representation (with less details) of the system under development: removed from cumbersome details, it is in general simpler to prove properties on the specification than directly on the complete and concrete description of the system.

Certain methods, like the Method B, are based on this principle: the system is modelled on several levels of abstraction, on the basis of most abstract and going to most concrete (this process is called “refinement” since he adds details progressively); methodology ensures that all the properties proven on the abstract models are preserved on the concrete models. This guarantee is brought by a whole of evidence known as “of refinement”.

Formal evidences

The formal methods take all their interest when the evidence themselves is guaranteed correct formally. One can distinguish two main categories of tools allowing the proof of property on formal models:

the automatic proof of theorem, which consists in letting the computer prove the properties automatically, being given a description of the system, a whole of axioms and a whole of rules of inférences. However the search for proof is known to be a problem not décidable in general (in traditional logic), i.e. one knows that there does not exist (and will exist never) any algorithm making it possible to decide in finished time if a property is true or false. There exist cases or the problem is décidable (fragment kept of first order logic for example) and where algorithms can thus be applied. However even in these cases, time and the essential resources so that the properties are checked can exceed acceptable times or the resources available to the computer. In this case there exist interactive tools which make it possible the user to guide the proof. The proof of theorem, compared to the model-checking, with the advantage of being independent of the size of the space of the states, and can thus apply to models with a very great number of state, where even on models of which the number of state is not given (generic models).
the Model checking, which consists in checking properties by an exhaustive and astute enumeration (according to the algorithms) of the accessible states. The effectiveness of this technique depends in general on the size of the space of the accessible states and thus find its limits in the resources of the computer to handle the whole of the accessible states. Techniques of abstraction (possibly guided by the user) can be used to improve the effectiveness of the algorithms.

Formal or semi-formal methods

Approach based on states

Z to see Notation Z
SAZ
traditional Method B seeing Method B
ASM
TLA+

Approach based on events

Action Systems
event-driven Method B to see Method B
VHDL
Estelle
SDL
E-LOTOS
EB3

Algebraic:

Larch :Larch family
CASL : Common Algebraic Specification Language

Another approach

Principal tools

Cock: assistant of assistance to proof (IE, formalization of evidence and semi-automated demonstration).
special minutes: assistant of assistance to the proof.
ACL2 : demonstration of theorems automated.
SMV, NuSMV: demonstration of properties with BDDs and SAT.
ZChaff : demonstration with SAT.
Murφ : demonstration of properties.

See too

Reference

Henri Habrias and Marc Frappier Software Specification Methods , ISTE Ltd, 2006, ISBN 1-905209-34-7

Jean-François Monin Understanding Formal Methods , Springer, 2003, ISBN 1-85233-247-6

External bonds

the international site of the formal methods, to see * The Formal site Methods Europe, to see

Random links: