130 likes | 280 Views
Formal Methods Just a Euroscience ?. Reinhard Wilhelm. Formal Methods: Euroscience vs. €-Science. Euroscience – l’art pour l’art €-Science – a valid business case. Motivation: Formal Methods.
E N D
Formal Methods Just a Euroscience? Reinhard Wilhelm
Formal Methods:Euroscience vs. €-Science • Euroscience – l’art pour l’art • €-Science – a valid business case
Motivation: Formal Methods • Formal methods are to support the efficient development of correct, reliable, cost-effective … hardware and software systems. • They are rooted in Mathematics and Logic, • based on a semantics of the specification and/or implementation formalism, • often supported by tools. • The formal foundation enables them to rigorously • analyze and/or verify • specifications, designs, and implementations.
Goals and Expectations The goals are to • analyze how far FMs have progressed into industrial practice, and • which barriers exist to their adoption, • to identify past successes and failures, and • to analyze the reasons for both. • Particular emphasis will be put on the synergetic potential of method and tool integration (Sorry about my AVACS bias!)
Expectations towards Participants The industrial participants are asked to contribute success and failure stories, • but are also asked to identify shortcomings of current methods and tools and • to assess the relevance of academic research to short- and long-term industrial needs. • The academic participants are asked to fairly analyze the potential, past successes and failures of their favorite methods.
Manifesto • The results of the workshop will be published as a Dagstuhl and Academia Europaea Manifesto.
Starting Point • Woodcock et al., Comp. Surveys • Focus: early stages (specification, design) • “A weakness in the current situation is lack of a substantial body of technical and cost-benefit evidence from applications of formal methods and verification technology”
Previous Surveys I Characterization follows Woodcock et al. • A. Hall. Seven myths about formal methods, IEEE Software, 7(5):11–19, Sep. 1990. • J. M. Wing. A specifier’s introduction to formal methods. IEEE Computer, 23(9):8–24, 1990. • M. Thomas. The industrial use of formal methods. Microprocessors and Microsystems, 17(1):31–36, Jan. 1992. • S. Austin and G. Parkin. Formal methods: A survey. TR, National Physical Laboratory, Teddington, Middlesex, UK, Mar. 1993. • D. Craigen, S. Gerhart, and T. Ralston. An International Survey of Industrial Applications of Formal Methods, vol. 1 Purpose, Approach, Analysis and Conclusions. Vol. 2 Case studies, NIST, Gaithersburg, MD, Mar. 1993.
Previous Surveys II • J. Rushby. Formal methods and the certification of critical systems. TR CSL-93-7, SRI, Dec. 1993. • R. Bloomfield and D. Craigen. Formal methods diffusion: Past lessons and future prospects. TR D/167/6101, Adelard, Coborn House, London, UK, Dec. 1999. • J.P. Bowen and M.G. Hinchey. Ten commandments of formal methods. IEEE Computer, 28(4):56–62, Apr. 1995. • J.P. Bowen and M.G. Hinchey. Ten commandments of formal methods. . . ten years later. IEEE Computer, 39(1):40–48, Jan. 2006. • R.L. Glass. Formal methods are a surrogate for a more serious software concern. IEEE Computer, 29(4):19, Apr. 1996.
Roles connected to Formal Methods • Roles in the game • the researcher • the tool developer • the user • required competences • My hypothesis: the distribution of roles and the required competences play a crucial role in success and failure stories • Please, offer talks on education! A Panel?
Success Stories we do not want to hear • We have succeeded in identifying a program with a 10^124 state space that our analysis could handle.The strengths of this example program are: • it is utterly useless and doesn't in any way have common characteristics with real-life programs, • It does not give any new insight neither in the method nor its limitations, • nor does the analysis results shed any new light on the example. • We have finally succeeded in writing a specification of this highly relevant system that nobody, not even the authors, could understand. • The most relevant information about our correctness proof is that it exists.The proof doesn't introduce any new abstraction that could be reused, nor does it lend itself to an incremental reproof should the system evolve.
Missionaries • This domains has a lot of missionaries. • A few recommendations for this workshop: • Please, do not try to proselytize! • Please, do not try to rewrite history! • Please, stay fair and honest!
This Group • Archive with relevant publications • hardly filled by you • Books, reports, only available on paper, are on display • Number of (co-)authored or (co-)edited books – 137 – close to a record!