Professional Documents
Culture Documents
Formal Verification of Software: Bernhard Beckert
Formal Verification of Software: Bernhard Beckert
Bernhard Beckert
All information relevant to this lecture can be found on the web page
www.uni-koblenz.de/˜beckert/Lehre/Verification
Why verification?
Advantages and disadvantage. Costs and gains.
Why verification?
Advantages and disadvantage. Costs and gains.
Basics of deductive program verification:
Hoare Logic and Dynamic Logic
Why verification?
Advantages and disadvantage. Costs and gains.
Basics of deductive program verification:
Hoare Logic and Dynamic Logic
Deductive verification of object-oriented programming languages
(using Java as an example)
Quality through . . .
Productivity through
– Randomly chosen
– Intelligently chosen (by hand: expensive!)
– Automatically chosen (need formalized spec)
– Randomly chosen
– Intelligently chosen (by hand: expensive!)
– Automatically chosen (need formalized spec)
– Randomly chosen
– Intelligently chosen (by hand: expensive!)
– Automatically chosen (need formalized spec)
– Randomly chosen
– Intelligently chosen (by hand: expensive!)
– Automatically chosen (need formalized spec)
Java, C#
Formal Verification of Software – p.8
Types of Requirements
Types of Requirements
functional requirements
communication, protocols
real-time requirements
memory use
security
etc.
No full specification/verification
In general, it is neither useful nor feasable to fully specify and verify
large software systems. Then, formal methods are restricted to:
Important parts/modules
Important properties/requirements
Formal Verification of Software – p.10
The Main Point of Formal Methods is Not
Formal
Execution
Model
Real
Abstraction
World Formal
Requirements
Specification
wrong assumption
eg, timing
Real Formal
World Model
missing requirement
Real Formal
World eg, stack overflow Model
Real Formal
World Model
misunderstood problem
• Easier to program
• General properties
KeY
System
“Automatic” Proof
• No interaction
“Semi-Automatic” Proof