Libyan International University Lecture 2 On Formal Models and Methods PDF

Summary

This lecture at Libyan International University covers formal models and methods for software development. The topics covered include the importance of proof, static and dynamic analysis, and the potential consequences of failing software. It discusses the role of formal methods in ensuring software quality and safety.

Full Transcript

Libyan International University

Formal Models and Methods

Lecture 2

Dr. Salwa Elakeili
Faculty of Information Technology
 Outline

Importance of proof (Cont)
Overview of Formal Methods for Software Specification and Analysis
Testing: Static vs Dynamic Analysis
Failing Software Costs Money
Failing Software Costs lives
Concepts
What are Formal Methods?
Importance of proof (Cont)
The construction of proofs is an essential part of writing a
specification.

A specification without proofs is untested:
it may be inconsistent; ; it may defines unexpected properties; or
omit those that were; it may make inappropriate assumptions.

The practice of proof makes for better specifications
why proof is crucial in formal methods:

Ensuring Correctness: Formal proofs verify that a system behaves exactly as
specified. This eliminates ambiguities that may arise from informal design
methods.
Error Detection: Proof-based methods detect errors early in the development
process, reducing the cost of fixing bugs later on.
Security Assurance: In safety-critical systems (medical devices), proof ensures
that the system meets stringent security and performance standards.
Unambiguous Communication: Formal proofs provide a clear and unambiguous
way of communicating system behaviors between developers and stakeholders.
Automation: With the use of theorem provers and model checkers, parts of the
proof process can be automated, making formal verification more scalable.
 Formal Methods for Software Specification
and Analysis: An Overview
❑ Every Software engineering methodology is based on a recommended
development process proceeding through several phases:
▪ Analysis,
▪ Specification,
▪ Design,
▪ Coding,
▪ Unit Testing,
▪ Integration and System testing,
▪ Maintenance

❑Formal Methods can:
Be a foundation for describing complex systems
Be a foundation for reasoning about systems
Provide support for program development
 Testing: Static vs Dynamic Analysis
❑ Static analysis of code does not require execution of
code
❑Static analysis of the code can assist testing in deriving
adequacy criteria

❑ It is used to find errors, security vulnerabilities, code
inefficiencies, and deviations from coding standards early
in the development process. By performing a detailed
examination of the code’s structure, syntax, and logical
flow, static analysis helps improve software quality and
reduce the cost of fixing bugs later on.
 Key Characteristics of Static Analysis:

Non-execution-based: static analysis checks the code's structure, potential
paths, and logic at compile-time or even earlier.

Tool-driven: Automated tools are used to scan and analyze the code. These
tools can detect patterns, vulnerabilities, and issues based on predefined
rules and algorithms.

Early Bug Detection: Since static analysis occurs early in the software
development lifecycle, it helps identify potential problems before the
software is even run, preventing defects from being introduced into later
stages.
❑Dynamic Analysis of code involves running the system (testing)
Program run formally under controlled conditions with specific results
expected
Dynamic analysis is crucial for understanding how software performs
under different conditions and for identifying issues that may only arise
during runtime, such as performance bottlenecks, and security
vulnerabilities.
dynamic analysis of the code can be used to assess whether the criteria have been met

Path and Branch testing
Types of Dynamic Analysis
Unit testing
Integration testing
System testing
Performance testing
Security testing
 Facts
❑ Software has become critical to modern life.
❑ Process Control (Oil, gas, water,…)

❑Transportation (air traffic control,….)

❑ Health Care (patient monitoring, device
control,..)

❑ Finance (automatic trading, bank security,..)

Failing Software costs Money and Life
 Failing Software Costs Money
❑ Thousands of dollars for each minute of factory down-
time
❑ Business failures associated with buggy software
❑Example
❑Knight Capital, a major player in the stock market, suffered a
catastrophic software failure in August 2012. A bug in their
trading algorithm caused the firm to make erroneous trades,
resulting in a loss of $440 million in just 45 minutes. The
faulty deployment of new software that interacted with an old
system caused a cascade of trades that the company was
unable to control. The financial hit was so severe that Knight
Capital had to seek emergency funding and eventually merged
with another company to survive.
 Failing Software Costs lives
Potential problems are obvious:

Software used to control nuclear power plants (‫)محطات الطاقة النووية‬
Air-traffic control systems (‫) نظم مراقبة الحركة الجوية‬
Embedded software in cars
Spacecraft launch vehicle control (‫)مركبة فضائية إطالق السيطرة على المركبة‬
 Therac-25 Case:
The Therac-25 was a radiation therapy machine used to treat cancer
patients. It had software that controlled its functions, including
delivering high doses of radiation to specific areas of the body.
However, due to software bugs in its control system, the machine
malfunctioned and administered massive overdoses of radiation to
patients.
Between 1985 and 1987, six patients were severely injured, and three
of them died as a direct result of radiation overdoses caused by the
software errors. The issue stemmed from inadequate safety checks and
poor handling of errors in the software code.
 Concepts
❑ Current methods of SW development involves only
combination of diagrams, text, tables etc.

❑No methods are used to test the correctness of the end
result in each of stages of SW development for e.g.
requirement specification, design etc..

❑This may lead to ambiguities, incompleteness..
❑ This may not be a good option for safety critical
systems (SCSs) where failure may have high price.
 Formal methods
Formal methods are intended to systematize and introduce rigor into
all the phases of software development. It helps us avoid ignoring
critical issues, provides a standard means to record various
assumptions and decisions, and forms a basis for consistency among
many related activities.

In use since late 1970s
more popular in Europe than US
still only a niche market
 Formal Methods
❑ Past years of the formal methods
Unclear notation ‫تدوين غامض‬
Non-scalable techniques ‫تقنيات غير قابلة للتطوير‬
Inadequate tool support ‫دعم أداة غير كافية‬
Hard to use tools ‫من الصعب استخدام األدوات‬
Very few case studies ‫عدد قليل جدا من دراسات الحالة‬
❑ Nowadays
Trying to find more rigorous notation ‫تحاول أن تجد تدوين‬
‫أكثر صرامة‬
More industries case studies
Researchers try to gain benefits of using formal methods
‫يحاول الباحثون الحصول على فوائد استخدام األساليب الرسمية‬
 What are Formal Methods
❑ Formal methods and testing are two important approaches that
assist in development of high quality software

❑ By using formal methods and testing together, we can reduce
the cost of development by applying testing techniques much
earlier in the lifecycle while defects are relatively inexpensive
to correct.

‫ يمكننا تقليل تكلفة التطوير من خالل‬، ‫باستخدام األساليب الرسمية واالختبار معًا‬
‫تطبيق تقنيات االختبار في وقت مبكر جدًا من دورة الحياة بينما العيوب غير مكلفة‬
‫نسبيًا لتصحيح‬

❑ Techniques and tools based on mathematics and formal
logic
What are Formal Methods (Cont)
❑ Formal methods are applied to Safety Critical Systems
(SCS) or security-critical software and systems

❑ Safety-critical systems are those systems whose failure
could result in loss of life, significant property damage, or
damage to the environment.

❑ Formal methods aim to increase our understanding of a
system by revealing errors

❑ Can assume various forms and levels of rigor
 In systems where the failure must be avoided, the use of
formal method can be justified and is likely to be cost
effective

The use of formal methods is increasing in specialized in
critical system development where emergent system
properties such as ( safety, reliability and security) are very
important. These critical systems have very high validation
costs and the costs of system failure are large and are
increasing.

Formal methods are being used because they can reduce
these costs
Summary
Formal methods and evaluation are two critical techniques to help
develop high-quality software.

Safety-critical systems are those systems whose failure could result in
loss of life, significant property damage, or damage to the
environment.