Quentin Charatan and Aaron Kans Formal Software Development From VDM to Java Formal Software Development [...]... development of a ‘regular’ software product 1 2 Formal Software Development A concept closely related to that of high integrity software is that of critical software The term critical software applies to software that poses dangers should it fail Critical software can further be categorized depending upon the types of danger imposed by failure For example, failure of business critical software could adversely... stage of software development to the next The majority of formal methods, on the other hand, provide a selection of tools for the development of reliable software systems rather than prescribe their use at every stage of development Thus, for software of high integrity, all the tools provided by a formal method (such as a modelling language for specification and a formal proof system for software design... include medical control software and air traffic control software There can be degrees of danger posed by software failure, so that some software is of higher integrity than other software; that is, a higher degree of confidence is required in its correctness than is the case for other software For example, consider the software used to monitor air traffic flow around an airport and software used to monitor... the construction of the final system, would be unthinkable Yet this is how the large majority of software applications are developed! 1.4 Formal Methods Formal methods constitute a branch of software engineering that incorporates the use of mathematics for software development A formal method provides a formal language in which to express the initial specification and all future design steps towards... specializing in the field of software engineering The text concentrates on the challenges that high integrity software development poses, and how formal methods can help meet these challenges Formal methods have long been advocated for the development of high integrity software However, these methods are often perceived as being difficult to learn and apply In particular, the step from formal specification... rather than formally, and backed up by assertions embedded in the final Java code Informal specification SomeSys attributes UML class diagram methods() Formal specification state SomeSys of attributes operations VDM specification Implementation class SomeSys { //attributes //methods } Java class Figure 1.4 A lightweight approach to formal program development in VDM 9 10 Formal Software Development. .. be even greater if the development team crosses national and cultural boundaries Clearly, to use these notations alone to describe critical software 5 6 Formal Software Development is unwise To overcome these difficulties it is desirable to use a specification notation with a fixed, unambiguous semantics Notations that have a fixed semantics are known as formal notations, or formal languages A fixed... students tend to view such methods as purely academic tasks, divorced from the realities of the software development process So, as well as providing a thorough introduction to the use of a formal method, we motivate the student by demonstrating the development of programs from formal specifications When formal program development is covered in many other text books, it tends to be in the context of proof... is testing alone Despite these gains, the perceived difficulty of applying formal methods and the shortage of software developers trained in their use means that their application has tended to be restricted to the development of high integrity software, where correctness is essential For the development of some high integrity software, their use may be mandatory For example, the UK’s Ministry of Defence... operations as a set of properties (or axioms as they are sometimes known) All software developed from these specifications has to show that it obeys the same properties as those specified 7 8 Formal Software Development Table 1.2 Classifying some leading formal methods Algebraic Sequential Larch systems Model-based Vienna Development Method (VDM) Z B Concurrent Calculus of Communicating Systems (CCS) . Quentin Charatan and Aaron Kans Formal Software Development From VDM to Java Formal Software Development