Movatterモバイル変換

[0]ホーム
URL:

Jump to content
WikipediaThe Free Encyclopedia
Search

Formal methods

From Wikipedia, the free encyclopedia
Mathematical program specifications

Incomputer science,formal methods aremathematically rigorous techniques for thespecification, development,analysis, andverification ofsoftware andhardware systems.[1] The use of formal methods for software and hardware design is motivated by the expectation that, as in other engineering disciplines, performing appropriate mathematical analysis can contribute to the reliability and robustness of a design.[2]

Formal methods employ a variety oftheoretical computer science fundamentals, includinglogic calculi,formal languages,automata theory,control theory,program semantics,type systems, andtype theory.[3]

Uses

[edit]

Formal methods can be applied at various points through thedevelopment process.

Specification

[edit]
Main article:Formal specification

Formal methods may be used to give a formal description of the system to be developed, at whatever level of detail desired. Further formal methods may depend on this specification to synthesize a program or to verify the correctness of a system.

Alternatively, specification may be the only stage in which formal methods is used. By writing a specification, ambiguities in the informal requirements can be discovered and resolved. Additionally, engineers can use a formal specification as a reference to guide their development processes.[4]

The need for formal specification systems has been noted for years. In theALGOL 58 report,[5]John Backus presented a formal notation for describingprogramming language syntax, later namedBackus normal form then renamedBackus–Naur form (BNF).[6] Backus also wrote that a formal description of the meaning of syntactically valid ALGOL programs was not completed in time for inclusion in the report, stating that it "will be included in a subsequent paper." However, no paper describing the formal semantics was ever released.[7]

Synthesis

[edit]
Main article:Program synthesis

Program synthesis is the process of automatically creating a program that conforms to a specification. Deductive synthesis approaches rely on a complete formal specification of the program, whereas inductive approaches infer the specification from examples. Synthesizers perform a search over the space of possible programs to find a program consistent with the specification. Because of the size of this search space, developing efficient search algorithms is one of the major challenges in program synthesis.[8]

Verification

[edit]
Main article:Formal verification

Formal verification is the use of software tools to prove properties of a formal specification, or to prove that a formal model of a systemimplementation satisfies its specification.

Once a formal specification has been developed, the specification may be used as the basis forproving properties of the specification, and by inference, properties of the system implementation.

Sign-off verification

[edit]

Sign-off verification is the use of a formal verification tool that is highly trusted. Such a tool can replace traditional verification methods (the tool may even be certified).[citation needed]

Human-directed proof

[edit]

Sometimes, the motivation for proving thecorrectness of a system is not the obvious need for reassurance of the correctness of the system, but a desire to understand the system better. Consequently, some proofs of correctness are produced in the style ofmathematical proof: handwritten (or typeset) usingnatural language, using a level of informality common to such proofs. A "good" proof is one that is readable and understandable by other human readers.

Critics of such approaches point out that theambiguity inherent in natural language allows errors to be undetected in such proofs; often, subtle errors can be present in the low-level details typically overlooked by such proofs. Additionally, the work involved in producing such a good proof requires a high level of mathematical sophistication and expertise.

Automated proof

[edit]

In contrast, there is increasing interest in producing proofs of correctness of such systems by automated means. Automated techniques fall into three general categories:

  • Automated theorem proving, in which a system attempts to produce a formal proof from scratch, given a description of the system, a set of logicalaxioms, and a set ofinference rules.
  • Model checking, in which a system verifies certain properties by means of an exhaustive search of all possible states that a system could enter during its execution.
  • Abstract interpretation, in which a system verifies an over-approximation of a behavioural property of the program, using a fixpoint computation over a (possibly complete)lattice representing it.

Someautomated theorem provers require guidance as to which properties are "interesting" enough to pursue, while others work without human intervention. Model checkers can quickly get bogged down in checking millions of uninteresting states if not given a sufficiently abstract model.

Proponents of such systems argue that the results have greater mathematical certainty than human-produced proofs, since all the tedious details have been algorithmically verified. The training required to use such systems is also less than that required to produce good mathematical proofs by hand, making the techniques accessible to a wider variety of practitioners.

Critics note that some of those systems are likeoracles: they make a pronouncement of truth, yet give no explanation of that truth. There is also the problem of "verifying the verifier"; if the program that aids in the verification is itself unproven, there may be reason to doubt the soundness of the produced results. Some modern model checking tools produce a "proof log" detailing each step in their proof, making it possible to perform, given suitable tools, independent verification.

The main feature of the abstract interpretation approach is that it provides a sound analysis, i.e. no false negatives are returned. Moreover, it is efficiently scalable, by tuning the abstract domain representing the property to be analyzed, and by applying widening operators[9] to get fast convergence.

Techniques

[edit]
[icon]
This sectionneeds expansion. You can help byadding to it.(June 2024)

Formal methods includes a number of different techniques.

Specification languages

[edit]
Main article:Specification language

The design of a computing system can be expressed using a specification language, which is a formal language that includes a proof system. Using this proof system, formal verification tools can reason about the specification and establish that a system adheres to the specification.[10]

Binary decision diagrams

[edit]
Main article:Binary decision diagram

A binary decision diagram is a data structure that represents aBoolean function.[11] If a Boolean formulaP{\displaystyle {\mathcal {P}}} expresses that an execution of a program conforms to the specification, a binary decision diagram can be used to determine ifP{\displaystyle {\mathcal {P}}} is a tautology; that is, it always evaluates to TRUE. If this is the case, then the program always conforms to the specification.[12]

SAT solvers

[edit]
Main article:SAT solver

A SAT solver is a program that can solve theBoolean satisfiability problem, the problem of finding an assignment of variables that makes a given propositional formula evaluate to true. If a Boolean formulaP{\displaystyle {\mathcal {P}}} expresses that a specific execution of a program conforms to the specification, then determining that¬P{\displaystyle \neg {\mathcal {P}}} is unsatisfiable is equivalent to determining that all executions conform to the specification. SAT solvers are often used in bounded model checking, but can also be used in unbounded model checking.[13]

Applications

[edit]

Formal methods are applied in different areas of hardware and software, includingrouters,Ethernet switches,routing protocols, security applications, andoperating systemmicrokernels such asseL4. There are several examples in which they have been used to verify the functionality of the hardware and software used indata centres.IBM usedACL2, a theorem prover, in theAMD x86 processor development process.[citation needed] Intel uses such methods to verify its hardware andfirmware (permanent software programmed into aread-only memory)[citation needed].Dansk Datamatik Center used formal methods in the 1980s to develop a compiler system for theAda programming language that went on to become a long-lived commercial product.[14][15]

There are several other projects ofNASA in which formal methods are applied, such asNext Generation Air Transportation System[citation needed], Unmanned Aircraft System integration in National Airspace System,[16] and Airborne Coordinated Conflict Resolution and Detection (ACCoRD).[17]B-Method withAtelier B,[18] is used to develop safety automatisms for the various subways installed throughout the world byAlstom andSiemens, and also forCommon Criteria certification and the development of system models byATMEL andSTMicroelectronics.

Formal verification has been frequently used in hardware by most of the well-known hardware vendors, such as IBM,Intel, and AMD. There are many areas of hardware, where Intel have used formal methods to verify the working of the products, such as parameterized verification of cache-coherent protocol,[19] Intel Core i7 processor execution engine validation[20] (using theorem proving,BDDs, and symbolic evaluation), optimization for Intel IA-64 architecture using HOL light theorem prover,[21] and verification of high-performance dual-portgigabit Ethernetcontroller with support forPCI express protocol and Intel advance management technology using Cadence.[22] Similarly, IBM has used formal methods in the verification of power gates,[23] registers,[24] and functional verification of the IBM Power7 microprocessor.[25]

In software development

[edit]

Insoftware development, formal methods are mathematical approaches to solving software (and hardware) problems at the requirements, specification, and design levels. Formal methods are most likely to be applied to safety-critical or security-critical software and systems, such asavionics software. Software safety assurance standards, such asDO-178C allows the usage of formal methods through supplementation, andCommon Criteria mandates formal methods at the highest levels of categorization.

For sequential software, examples of formal methods include theB-Method, the specification languages used inautomated theorem proving,RAISE, and theZ notation.

Infunctional programming,property-based testing has allowed the mathematical specification and testing (if not exhaustive testing) of the expected behaviour of individual functions.

TheObject Constraint Language (and specializations such asJava Modeling Language) has allowed object-oriented systems to be formally specified, if not necessarily formally verified.

For concurrent software and systems,Petri nets,process algebra, andfinite-state machines (which are based onautomata theory; see alsovirtual finite state machine orevent driven finite state machine) allow executable software specification and can be used to build up and validate application behaviour.

Another approach to formal methods in software development is to write a specification in some form of logic—usually a variation offirst-order logic—and then to directly execute the logic as though it were a program. TheOWL language, based ondescription logic, is an example. There is also work on mapping some version of English (or another natural language) automatically to and from logic, as well as executing the logic directly. Examples areAttempto Controlled English, and Internet Business Logic, which do not seek to control the vocabulary or syntax. A feature of systems that support bidirectional English–logic mapping and direct execution of the logic is that they can be made to explain their results, in English, at the business or scientific level.[citation needed]

Semi-formal methods

[edit]

Semi-formal methods are formalisms and languages that are not considered fully "formal". It defers the task of completing the semantics to a later stage, which is then done either by human interpretation or by interpretation through software like code or test casegenerators.[26]

Some practitioners believe that the formal methods community has overemphasized full formalization of a specification or design.[27][28] They contend that theexpressiveness of the languages involved, as well as the complexity of the systems being modelled, make full formalization a difficult and expensive task. As an alternative, variouslightweight formal methods, which emphasize partial specification and focused application, have been proposed. Examples of this lightweight approach to formal methods include theAlloy object modelling notation,[29] Denney's synthesis of some aspects of theZ notation withuse case driven development,[30] and the CSKVDM Tools.[31]

Formal methods and notations

[edit]

There are a variety of formal methods and notations available.

Specification languages

[edit]

Model checkers

[edit]
Main article:List of model checking tools
  • ESBMC[32]
  • MALPAS Software Static Analysis Toolset – an industrial-strength model checker used for formal proof of safety-critical systems
  • PAT – a free model checker, simulator and refinement checker for concurrent systems and CSP extensions (e.g., shared variables, arrays, fairness)
  • SPIN
  • UPPAAL

Solvers and competitions

[edit]

Many problems in formal methods areNP-hard, but can be solved in cases arising in practice. For example, the Boolean satisfiability problem isNP-complete by theCook–Levin theorem, butSAT solvers can solve a variety of large instances. There are "solvers" for a variety of problems that arise in formal methods, and there are many periodic competitions to evaluate the state-of-the-art in solving such problems.[33]

Organizations

[edit]
Main page:Category:Formal methods organizations

See also

[edit]

References

[edit]
  1. ^Butler, R. W. (2001-08-06)."What is Formal Methods?". Retrieved2006-11-16.
  2. ^Holloway, C. Michael."Why Engineers Should Consider Formal Methods"(PDF). 16th Digital Avionics Systems Conference (27–30 October 1997). Archived fromthe original(PDF) on 16 November 2006. Retrieved2006-11-16.{{cite journal}}:Cite journal requires|journal= (help)
  3. ^Monin, pp.3-4
  4. ^Utting, Mark; Reeves, Steve (August 31, 2001)."Teaching formal methods lite via testing".Software Testing, Verification and Reliability.11 (3):181–195.doi:10.1002/stvr.223.
  5. ^Backus, J.W. (1959). "The Syntax and Semantics of the Proposed International Algebraic Language of Zürich ACM-GAMM Conference".Proceedings of the International Conference on Information Processing. UNESCO.
  6. ^Knuth, Donald E. (1964), Backus Normal Form vs Backus Naur Form.Communications of the ACM, 7(12):735–736.
  7. ^O'Hearn, Peter W.; Tennent, Robert D. (1997).Algol-like Languages.
  8. ^Gulwani, Sumit; Polozov, Oleksandr; Singh, Rishabh (2017)."Program Synthesis".Foundations and Trends in Programming Languages.4 (1–2):1–119.doi:10.1561/2500000010.
  9. ^A. Cortesi and M. Zanioli,Widening and Narrowing Operators for Abstract Interpretation. Computer Languages, Systems and Structures. Volume 37(1), pp. 24–42, Elsevier,ISSN 1477-8424 (2011).
  10. ^Bjørner, Dines; Henson, Martin C. (2008).Logics of Specification Languages. pp. VII–XI.
  11. ^Bryant, Randal E. (2018). "Binary Decision Diagrams". In Clarke, Edmund M.; Henzinger, Thomas A.; Veith, Helmut; Bloem, Roderick (eds.).Handbook of Model Checking. p. 191.
  12. ^Chaki, Sagar; Gurfinkel, Arie (2018). "BDD-Based Symbolic Model Checking". In Clarke, Edmund M.; Henzinger, Thomas A.; Veith, Helmut; Bloem, Roderick (eds.).Handbook of Model Checking. p. 191.
  13. ^Prasad, Mukul R; Biere, Armin; Gupta, Aarti (January 25, 2005). "A survey of recent advances in SAT-based formal verification".International Journal on Software Tools for Technology Transfer.7 (2):156–173.doi:10.1007/s10009-004-0183-4.
  14. ^Bjørner, Dines; Gram, Christian; Oest, Ole N.; Rystrøm, Leif (2011). "Dansk Datamatik Center". In Impagliazzo, John; Lundin, Per; Wangler, Benkt (eds.).History of Nordic Computing 3: IFIP Advances in Information and Communication Technology. Springer. pp. 350–359.
  15. ^Bjørner, Dines; Havelund, Klaus. "40 Years of Formal Methods: Some Obstacles and Some Possibilities?".FM 2014: Formal Methods: 19th International Symposium, Singapore, May 12–16, 2014. Proceedings(PDF). Springer. pp. 42–61.
  16. ^Gheorghe, A. V., & Ancel, E. (2008, November). Unmanned aerial systems integration to National Airspace System. In Infrastructure Systems and Services: Building Networks for a Brighter Future (INFRA), 2008 First International Conference on (pp. 1-5). IEEE.
  17. ^Airborne Coordinated Conflict Resolution and Detection,http://shemesh.larc.nasa.gov/people/cam/ACCoRD/Archived 2016-03-05 at theWayback Machine
  18. ^"Atelier B".www.atelierb.eu.
  19. ^C. T. Chou, P. K. Mannava, S. Park, "A simple method for parameterized verification of cache coherence protocols", Formal Methods in Computer-Aided Design, pp. 382–398, 2004.
  20. ^Formal Verification in Intel Core i7 Processor Execution Engine Validation,http://cps-vo.org/node/1371Archived 2015-05-03 at theWayback Machine, accessed at September 13, 2013.
  21. ^J. Grundy, "Verified optimizations for the Intel IA-64 architecture", In Theorem Proving in Higher Order Logics, Springer Berlin Heidelberg, 2004, pp. 215–232.
  22. ^E. Seligman, I. Yarom, "Best known methods for using Cadence Conformal LEC", at Intel.
  23. ^C. Eisner, A. Nahir, K. Yorav, "Functional verification of power gated designs by compositional reasoning[dead link]", Computer Aided Verification, Springer Berlin Heidelberg, pp. 433–445.
  24. ^P. C. Attie, H. Chockler, "Automatic verification of fault-tolerant register emulations", Electronic Notes in Theoretical Computer Science, vol. 149, no. 1, pp. 49–60.
  25. ^K. D. Schubert, W. Roesner, J. M. Ludden, J. Jackson, J. Buchert, V. Paruthi, B. Brock, "Functional verification of the IBM POWER7 microprocessor and POWER7 multiprocessor systems", IBM Journal of Research and Development, vol. 55, no 3.
  26. ^X2R-2, deliverable D5.1.
  27. ^Daniel Jackson andJeannette Wing,"Lightweight Formal Methods",IEEE Computer, April 1996
  28. ^Vinu George and Rayford Vaughn,"Application of Lightweight Formal Methods in Requirement Engineering"Archived 2006-03-01 at theWayback Machine,Crosstalk: The Journal of Defense Software Engineering, January 2003
  29. ^Daniel Jackson,"Alloy: A Lightweight Object Modelling Notation",ACM Transactions on Software Engineering and Methodology (TOSEM), Volume 11, Issue 2 (April 2002), pp. 256-290
  30. ^Richard Denney,Succeeding with Use Cases: Working Smart to Deliver Quality, Addison-Wesley Professional Publishing, 2005,ISBN 0-321-31643-6.
  31. ^Sten Agerholm and Peter G. Larsen,"A Lightweight Approach to Formal Methods"Archived 2006-03-09 at theWayback Machine, InProceedings of the International Workshop on Current Trends in Applied Formal Methods, Boppard, Germany, Springer-Verlag, October 1998
  32. ^"ESBMC".esbmc.org.
  33. ^Bartocci, Ezio; Beyer, Dirk; Black, Paul E.; Fedyukovich, Grigory; Garavel, Hubert; Hartmanns, Arnd; Huisman, Marieke; Kordon, Fabrice; Nagele, Julian; Sighireanu, Mihaela; Steffen, Bernhard; Suda, Martin; Sutcliffe, Geoff; Weber, Tjark; Yamada, Akihisa (2019). "TOOLympics 2019: An Overview of Competitions in Formal Methods". In Beyer, Dirk; Huisman, Marieke; Kordon, Fabrice; Steffen, Bernhard (eds.).Tools and Algorithms for the Construction and Analysis of Systems. Lecture Notes in Computer Science. Cham: Springer International Publishing. pp. 3–24.doi:10.1007/978-3-030-17502-3_1.ISBN 978-3-030-17502-3.
  34. ^Froleyks, Nils; Heule, Marijn; Iser, Markus; Järvisalo, Matti; Suda, Martin (2021-12-01)."SAT Competition 2020".Artificial Intelligence.301: 103572.doi:10.1016/j.artint.2021.103572.ISSN 0004-3702.
  35. ^Cornejo, César (2021-01-27)."SAT-based arithmetic support for alloy".Proceedings of the 35th IEEE/ACM International Conference on Automated Software Engineering. ASE '20. New York, NY, USA: Association for Computing Machinery. pp. 1161–1163.doi:10.1145/3324884.3415285.ISBN 978-1-4503-6768-4.
  36. ^Barrett, Clark; Deters, Morgan; de Moura, Leonardo; Oliveras, Albert; Stump, Aaron (2013-03-01)."6 Years of SMT-COMP".Journal of Automated Reasoning.50 (3):243–277.doi:10.1007/s10817-012-9246-5.ISSN 1573-0670.
  37. ^Fedyukovich, Grigory; Rümmer, Philipp (2021-09-13)."Competition Report: CHC-COMP-21".Electronic Proceedings in Theoretical Computer Science.344:91–108.arXiv:2008.02939.doi:10.4204/EPTCS.344.7.ISSN 2075-2180.
  38. ^Shukla, Ankit; Biere, Armin; Pulina, Luca; Seidl, Martina (November 2019)."A Survey on Applications of Quantified Boolean Formulas".2019 IEEE 31st International Conference on Tools with Artificial Intelligence (ICTAI). IEEE. pp. 78–84.doi:10.1109/ICTAI.2019.00020.ISBN 978-1-7281-3798-8.
  39. ^Pulina, Luca; Seidl, Martina (2019-09-01)."The 2016 and 2017 QBF solvers evaluations (QBFEVAL'16 and QBFEVAL'17)".Artificial Intelligence.274:224–248.doi:10.1016/j.artint.2019.04.002.ISSN 0004-3702.
  40. ^Beyer, Dirk (2022). "Progress on Software Verification: SV-COMP 2022". In Fisman, Dana; Rosu, Grigore (eds.).Tools and Algorithms for the Construction and Analysis of Systems. Lecture Notes in Computer Science. Vol. 13244. Cham: Springer International Publishing. pp. 375–402.doi:10.1007/978-3-030-99527-0_20.ISBN 978-3-030-99527-0.
  41. ^Alur, Rajeev; Fisman, Dana; Singh, Rishabh; Solar-Lezama, Armando (2017-11-28)."SyGuS-Comp 2017: Results and Analysis".Electronic Proceedings in Theoretical Computer Science.260:97–115.arXiv:1611.07627.doi:10.4204/EPTCS.260.9.ISSN 2075-2180.

Further reading

[edit]

External links

[edit]
Archival material
Note: This template roughly follows the 2012ACM Computing Classification System.
Hardware
Computer systems organization
Networks
Software organization
Software notations andtools
Software development
Theory of computation
Algorithms
Mathematics ofcomputing
Information systems
Security
Human–centered computing
Concurrency
Artificial intelligence
Machine learning
Graphics
Applied computing
Fields
Concepts
Orientations
Models
Developmental
Other
Languages
Related fields
Retrieved from "https://en.wikipedia.org/w/index.php?title=Formal_methods&oldid=1296416147"
Categories:
Hidden categories:
[8]ページ先頭
©2009-2025 Movatter.jp