Overview of software formal methods

Friendly reminder: This article is theoretical and professional. If Mu has been in touch with this field, it may be a little hard to read ,! This article is a collection of Sunny documents, a little messy. Sorry!

 

Software formal method)Software development has been subject to various disputes. Those who are positive believe that the formal method will lead to a revolution in software development, while others who are negative doubt or even oppose introducing mathematics into software development.

Some disputes or defects of the formal development method are mainly reflected in:

(1)Mathematical Theory, Limits the learning and use of most program designers;

(2) think that the formal method willDelays project development cycles and increases development costs;

(3) many popular formal methods are effective for small-scale projects,It is difficult to apply to some large systems;

(4) Formal MethodCannot ensureDevelop completely correct software;

(5)LackFormal methods that fully support various stages of the software lifecycle;

.

 

Broadly speaking,The formal method solves problems in the field of software engineering by means of mathematical methods, including the establishment of precise mathematical models and the analysis of models.In a narrow sense,The formal method is to use a formal language to perform formal specification descriptions, model reasoning, and verification.For formal modeling, a formal representation must contain a set of formal rules defining its syntax and semantics. These rules can be used to analyze whether a given expression conforms to the syntax or prove that the expression has a certain nature.

 

Formal method: the perspective of the pessimistic

The formal method is prepared for mathematicians.

The formal method is only used by people engaged in formal research.

People engaged in formal research only use the formal method

The use of formal methods will delay software development.

The use of formal methods will increase software development costs

The formal method is only applicable to systems with extremely high security requirements.

Formal methods are only used in irrelevant systems and lack tool support.

 

Formal method: the perspective of the optimistic

Use formal methods to develop perfect Software

The formal method can replace the traditional software engineering method.

 

The starting point of the formal method isMathematical logic method, ItsThe purpose is to develop reliable software products.. In terms of software development, formal methods are not the mainstream of software development. From the perspective of software development, the early software was used for numerical computing, and the programming language focused on the description of functions and algorithms. Later, the application and data structure of databases became increasingly important. Nowadays, software is more complex. Therefore, objects, components, interfaces, communication, and openness become very important concepts. In terms of software engineering methods, there is a set of methods to describe these concepts, such as graphics, tables, logic, and natural language. Therefore, from another perspective, we can also take the commonly used software development methods as the starting point to study how to normalize these methods to make the description of the software system more accurate, to reduce the problems caused by possible misunderstandings, or to study how to add some formal methods in the software development process as a starting point, to improve software reliability.

 

The formal method can be dividedFormal DescriptionAnd based on the Formal DescriptionFormal Development. A formal description is a description in a formal language (a language with strict syntax and semantics. Formal software development is to describe software requirements and features in a formal language, and verify through reasoning to ensure that the final software product meets these requirements and has these features. Such verification must be based on strict syntax and semantics. In practical applications, this is not easy to achieve.The purpose of research on formal methods is to provide better Theories, Methods, and tools to expand the application scope and value of formal methods.

 

The significance of the formal method is that it can help to discover inconsistency, ambiguity, or completeness of system descriptions that are not easily discovered by other methods, and help software developers to understand the system. ThereforeThe formal method is an important means to improve the security and reliability of software systems, especially safety-critical systems.. The earliest formal method was logical and logical reasoning. Its goal was to make reasoning mechanized. Broadly speaking, this goal has suffered many setbacks, such as the incompleteness of the Logical System and the undecidability of the logical system) and intractability ). However, in some practical applications, logical methods and automatic reasoning still play a very important role.

 

Formal methods play a role in software development in many aspects. FirstDescription of software requirementsThe description of software requirements is the basis of software development. For example, non-formal descriptions may lead to unclear and inconsistent descriptions. If the descriptions are unclear or inconsistent, they will lead to design and programming errors, the price for future changes will be very high. If the errors are not found, the reliability and use of the program will be affected. The formal method requires the clarity of the description, and the inconsistency of the description is relatively easy to find. SecondDescription of Software Design. The description of software design is as important as the description of software requirements. The advantages of the formal method also apply to the description of software requirements. In addition, due to the formal description of software requirements, we can check whether the software design meets the requirements of the software.For programming, We can consider Automatic Code Generation. For some simple systems, formal descriptions may be directly converted into executable programs, which simplifies the software development process, saves resources and reduces the possibility of errors. In addition, the formal method can be used for program verification to ensure the correctness of the program.For testingThe formal method can be used to automatically generate test cases, which saves a lot of time and ensures the test case coverage to a certain extent.

 

 

In principle, the formal method is to describe and verify the software using mathematical and logical methods.. In terms of description, one is the description of the system or program, and the other is the description of the nature. These can be described in one or more languages. These languages include Proposition Logic, first-order logic, higher-order logic, algebra, state machine, concurrent state machine, automatic machine, computing tree logic, linear time series logic, Process Algebra, π-calculus, μ-calculus, special programming languages, and subset of programming languages. In terms of verification, there are two main methods: one is based on logical reasoning, and the other is based on exhaustive search. Logical Reasoning involves methods such as natural deduction, sequent calculus, resolution, and Hoare-logic. exhaustive search methods are collectively referred to as model detection. This type of method has a great relationship with the representation of systems, programs, and system properties. For example, for symbolic model detection, the basic principle of this method is to express the state transition relationship using the propositional logic formula, the fixed point algorithm is used to calculate the accessibility of States and whether these states meet certain properties.

 

The Application of formal methods has made great achievements in circuit design and protocol design, but there are still many unsolved problems for software.The description of a software is more complex than the circuit and Protocol. The State Space contained in a software description can be infinite, so it is very difficult to verify. The disadvantage of logical reasoning lies in the difficulty of reasoning. For a slightly complex system, automatic reasoning is hard to be competent. Human reasoning has many disadvantages. In addition to time-consuming and labor-consuming aspects, for example, a theorem cannot be deduced, which does not mean that this theorem is not true. It may be due to improper application of reasoning methods and strategies. The advantage of model detection is that it has a fully automated detection process, and if a nature is not satisfied, it can give reasons for this nature not satisfied, we can then improve our system description accordingly. The first difficulty of model detection is that it can detect a finite state model. In this way, for general software, a modeling process from any State to a finite state is required, and the state space of such a model will face the combination explosion problem.

 

Form VerificationIt is generally calledFormal Verification MethodCompared with traditional verification (simulation, simulation, and testing. The main idea of the formal verification method is to use mathematical formulas, theorems, and systems to verify the correctness of a system. The current formal verification method can be used to verify the hardware, software, and other systems. The formal verification technology has also developed to not only verify the functional correctness of the system (whether there are errors ), it can also verify the system performance indicators (power consumption, heat dissipation, delay, and so on ).There are three types of Formal Verification Methods: theorem proof, model detection, and equivalence verification.The basic principle of theorem proof is to select a mathematical logic system and use the formula to describe the system and system properties (such as software and hardware, then, in a certain mathematical logic (such as Hol logic) system, based on the principle, theorem, derivation rules and system description formulas of the system, we can see if we can deduce the nature characterization formulas of the system, if possible, the verification is successful. The model detection principle is simple but very practical. It builds (such as software and hardware) systems into finite state systems (generally a keripke structure ), the Nature characterization of the system is represented by the time series logic formula (CTL, LTL, etc.), and then the correctness of the characterization is verified in this model. The model is more advantageous than the theorem proof, it can be automatically verified without manual intervention, while theorem proofs require control by mathematicians in some key derivation paths. Another is the equivalence verification. The equivalence verification is actually a half-form Technology. Unlike the first two verification technologies, it verifies the design consistency, that is, whether the design functions are the same in different design stages. In this technology, the symbolic method and the incremental method are generally used. In addition, this method is closely integrated with the hardware circuit, therefore, some traditional methods of circuit verification are also widely used in this process, such as ATPG technology. For example, the formality of Synopsys is essentially an equivalent validators. Formal Verification is very useful, but there are too few people doing this in China. Let's take a look at the two companies Synopsys and cadence, both of which started from formal verification, and then moved to the popular field of design verification, which integrates design and verification.

Research content of software formal method:
Formal Language (Formal Description and formal specification): Describes software systems and their behavior patterns, and better depicts the nature of software systems, such as communications, distribution, openness, and mobility; the application and comparison of various languages, the conversion between languages, and the development of corresponding software tools.

Formal Verification (Formal Verification): How to verify that the software system complies with the given behavior model; more effective verification of the nature of the software system, such as automation, fast speed, less memory requirements; application and comparison of various methods; development of corresponding software tools.

 

Specifically, software formal methods include the following research directions:

(1) Basic Concepts: Composite, abstract, Reuse Model, mathematical theory combination, data structure and algorithm. Further understanding of how to combine methods, composite specifications, composite models, composite theories, and composite proofs is required. An effective method to break down the overall characteristics into local features that are easy to verify is required; the actual system must be abstracted to a certain extent before specification and verification. Methods to judge whether the abstract level is reasonable or not need to be studied. Reuse can not only improve the development efficiency, furthermore, software reliability can be improved, and reusable models and theories should be studied. Many critical security reactive systems are mixed with numbers and simulations, the hybrid system theory and technical support must be supported by mathematical basics in two consecutive and discrete categories. The search space in large-scale and complex software is huge and new data structures and algorithms need to be studied.

(2) combination of formal methods and object-oriented methods: This has become a research hotspot in the field of software engineering, such as statecharts, Petri Net, Z language, vdm, etc, objectcharts, object-oriented Petri Net, object-Z, Z ++, vdm ++, and so on. This research is embodied in two aspects: using object-oriented structure to improve the expression ability of formal symbols; use formal methods to analyze object-oriented semantics or improve the ability of these markup symbols to express object concepts. The combination of formal methods and other traditional software development methods is also worth studying.

(3) tool development: It has a good user interface, easy to learn, and simple formal method support tools, which is of great benefit for the promotion and application of formal methods. It is unrealistic to pursue a general and complete formal method and its supporting tools. Methods and tools that focus on one or more of the following guidelines will be the focus of future research. These principles include: benefits can be obvious as soon as they are used; benefits increase with the developer's understanding and proficiency; single specifications can be achieved in multiple stages of the software development lifecycle; can interact with other general programming languages or methods; tools should be as easy to use, output, and easy to read as compilers; concepts and tools should be easy to get started and learn; software feature analysis focuses on software features; supports progressive software development, and allows partial specification and verification. In addition, the research on the formal methods and tools of specific problem domains is also very important.

【Author】 Liu WeiHttp://blog.csdn.net/lovelion]