SlideShare a Scribd company logo

Ten Commandments of Formal Methods: A decade later

Jonathan Bowen
Jonathan Bowen

In 1995, a paper "Ten Commandments of Formal Methods" suggested some guidelines to help ensure the success of a formal methods project. It proposed ten requirements (or “commandments”) for formal developers to consider and follow, based on our knowledge of several industrial application success stories, most of which have been reported in more detail in two books. The paper was surprisingly popular, is still widely referenced, and used as required reading in a number of formal methods courses. However, not all have agreed with some of the commandments, feeling that they may not be valid in the long-term. We re-examine the original commandments a decade later, and consider their validity in the light of industrial best practice and experiences, especially with respect to formal notations such as B and Z. We also cover the activities of the UK Verified Software Repository Network (VSR-net) in the context of Grand Challenge 6 on Dependable Systems Evolution.

Technology
1 of 48
Ten Commandments of Formal Methods: A decade later Jonathan P. Bowen Michael G. Hinchey Museophile Limited, UK Loyola College in Maryland Baltimore, USA www.jpbowen.com (Also visiting academic, (Also NASA) University College London) See IEEE Computer, 39(1):40–48, January 2006. Based on Dagstuhl workshop, Germany, 8–12 May 2006.
Dagstuhl Seminar 06191 Rigorous Methods for Software Construction and Analysis, 8–12 May 2006
Choosing a formal method – difficult ASM GC6 B Z VSR-net
Background – formal methods Academics vs. industrial practitioners Theory vs. practice Still little used in general practice Size of community critical It is clear to the best minds in the field that a more mathematical approach is needed for software to advance much. ― Bertrand Meyer
The Flat Earth Society Cf. formal methods community… — Gerard J. Holzmann FMICS 2005 (Lisbon) conference queue! ►
Ten Commandments … ten years later J.P. Bowen & M.G. Hinchey, IEEE Computer, April 1995 & January 2006 He proclaimed to you his covenant, which he commanded you to keep: the Ten Commandments, which he wrote on two tablets of stone. “Can’t I just read your URL?” ― Deuteronomy 4:13, 10:4, Ex.34:28 vl.fmnet.info/moses-url
Thou shalt choose an appropriate notation. Notations are a frequent complaint… but the real problem is to understand the meaning and properties of the symbols … … you will cultivate an appreciation of mathematical elegance and style. By that time, the symbols will be invisible ... The great advantage of mathematics is that the rules are simpler than those of natural language ― C.A.R. Hoare
Which notation? Various notations: ASM (testing?) B (development?) Z (specification?) Etc. – 95 under vl.fmnet.info
Beware Panaceas! Cf. Formal methods
Caviat Emptor! Cf. Software
Name Combines Advantage Ref. Combined Temporal B, temporal Adds time to the Bonnet et B logic B-Method al. (1995) formal methods ZCCS Z, CCS Combines CCS Galloway process algebra and add to the and state based Stoddard confusion! aspects of Z (1997) CSP OZ Z, CSP Combines Z and Fischer CSP (2000) If I could say it [13] in words there Object Z Z, OO Adds OO to Z Smith would be no principles, (2000) temporal reason to paint. logic ― Edward Hopper Object-Z, π- Adds π-calculus PiOZ Taguchi calculus style dynamic et al. (1882–1967) comm. (2004) capabilities to Object-Z
Thou shalt formalize but not overformalize. Need for formality Formality vs. informality Levels of use Strange as it seems, no amount of learning can cure stupidity, and formal education positively fortifies it. ― Stephen Vizinczey
Level Name Involves Levels 0 Formal Formal notation Specification used for specifying of use requirements only; no analysis/proof 1 Formal Proving properties Development / and applying Verification refinement calculus Cost vs. 2 Machine Use of theorem correctness Checked prover/checker (quality) Proofs / Model tool to prove checking consistency/ integrity.
Thou shalt estimate costs. Estimation models (CoCoMo II, …) Total cost of ownership (TCO) Quality of people varies (c10:1?) Cost (salary) varies (c2:1?) Still an inexact “science” I think that God in creating Man somewhat overestimated his ability. ― Oscar Wilde (1854–1900)
200 Requirements GRO78 Target Cost Overrun, Percent phase costs OMV TDRSS compared with 160 IRAS project overrun Gali HST costs GOES I-M TETH 120 (source: NASA) LAND76 CEN EDO (recent start) MARS ACTS ERB77 COBE 80 STS CHA.REC LAND78 GRO82 ERB80 SEASAT 40 UARS VOYAGER HEAO EUVE/EP DE Ulysses ISEE SMM PIONVEN IUE 0 Ref: NASA/W. Gruhl 0 5 10 15 20 Requirements Cost/Program Cost, percent
Cost of proofs Mathematics – simple theorems, deep proofs (decades or centuries) Cf. software – complicated specs & programs, shallow proofs (B, 90–95% automated, 5–10% manual, weeks or months). Fermat’s Last Theorem (in Toulouse) an + bn ≠ cn (n>2) — Pierre de Fermat (1601–1635)
Hand vs. machine checked proofs Blackboard at Dagstuhl workshop!
Thou shalt have a formal methods guru on call. Communication/understanding important Project management Technology transfer Support organizations (FME, ForTIA, …) An expert is a person who has made all the mistakes that can be made in a very narrow field. ― Niels Bohr (1885–1962)
Technology transfer E.g.: Z notation Courses (academia & industry) Textbooks (good choice) Tools (type-checkers, provers, …) Web resources – vl.fmnet.info Discussion – comp.specification.* User Group (meetings) Standards (see later)
Formal Methods Europe FME: started with European funding Industry, academia and government Now more international in scope FM’06: 14th Symposium Hamilton, Canada, 21–27 Aug 2006 www.fmeurope.org FME Wiki: www.fmeurope.org/twiki/bin/view
ForTIA Formal Techniques Industry Association Founded through European CoLogNET Computational Logic Network and FME at FM2003 symposium, Pisa Subgroup of FME Technology transfer to industry See: www.fortia.org
Thou shalt not abandon thy traditional development methods. UML Object-orientation Model-Based Development (MBD) A great many of those who ‘debunk’ traditional... values have in the background values of their own which they believe to be immune from the debunking process. ― C. S. Lewis (1898–1963) The Abolition of Man
UML & OO methods Unified Modeling Language pUML (precise UML) Combined with B-Method tools Object-Z Perfect Developer (Java/C++) Escher Technologies Applied to self, proving c95% of approx. 130,000 verification conds Cf. Atelier-B tool?
Thou shalt document sufficiently. Case studies – success & failure Process important Textbooks (c10 Z vs. c1000 Java!) I have always tried to hide my own efforts and wished my works to have the lightness and joyousness of a springtime which never lets anyone suspect the labours it cost. ― Henri Matisse (1869–1954)
Google Book Search books.google.com
Textbooks for courses Resistance by students Resistance even by academics Professional society accreditation (e.g., BCS)
Software Specification Methods Henri Habrias & Marc Frappier (eds.) Springer-Verlag, 2001 and ISTE, 2006 Z, SAZ, B, OMT, Action Systems, UML, VHDL, Estelle, SDL, E-LOTOS, JSD, CASL, Coq, Petri Nets, TLA. Process of producing a formal spec…
Wikipedia Z notation category. Add ASM, B-Method, … categories? en.wikipedia.org/wiki/Formal_methods See also: en.wikipedia.org/wiki/Category:Formal_methods
Thou shalt not compromise thy quality standards. $360B loses due to poor software quality (2002) ISO 9000 revised (2000) IEC 61508-3 functional safety standard (1998) 00-55 UK MoD standard updated (1997) 00-56 Issue 3 for hardware-software (2005) FMs mandated for safety-related software If people knew how hard I worked to get my mastery, it wouldn't seem so wonderful at all. ― Michelangelo Buonarroti (1475–1564)
Z Standard ISO/IEC 13568 Long process (1990s) Final Committee Draft – accepted in 2001! Important for tools and industrial use ASM, B, … ?
Thou shalt not be dogmatic. Listen to industry’s problems Choice may depend on expertise Good tool support important Combined theorem proving/model checking (e.g., Yices from SRI) … And I am unanimous in that! ― Molly Sugden, a.k.a. Mrs. Slocombe Are You Being Served? BBC TV (1972–1993)
Community Z Tools Open systems model – e.g., Community Z Tools (CZT) initiative Sourceforge project: czt.sourceforge.net
Open source initiatives European RODIN project (2004–2007): Rigorous Open Development Environment for Complex Systems rodin.cs.ncl.ac.uk Support for B# (“B sharp”, cf. C#) rodin-b-sharp.sourceforge.net See also B4free: www.b4free.com HOL 4: hol.sourceforge.net Jape: sourceforge.net/projects/jape
Thou shalt test, test, and test again. Even short programs complex Small changes can cause large problems Easy to change, not easy to be correct I believe the hard part of building software to be the specification, design and testing of this conceptual construct, not the labor of representing it and testing the fidelity of the representation. ― Frederick P. Brooks, Jr., No Silver Bullet
FORTEST Network Formal methods and testing www.fortest.org.uk UK academia and industry (3 years funding) Regular workshops (last 19 Dec 2005, London) “Landscapes” ACM Surveys paper to appear Book in preparation for Springer LNCS (2007)
Formalization of testing criteria Z notation – readable Existing criteria (e.g., MC/DC) Modified Condition/Decision Coverage New criteria (e.g., RC/DC) Reinforced Condition/Decision Coverage (false actuation type errors detected) Reduces ambiguity, increases understanding See: Formal Aspects of Computing, 18(1):42–62, March 2006 & STVR, 15(1):21–40, March 2005 [Work with Sergiy Vilkomir & Kalpesh Kapoor] See: www.cafm.lsbu.ac.uk/fortest
Formalization of testing criteria Using the Z notation. E.g.:
Thou shalt reuse. Possible if “formal” Cheaper at higher levels of abstraction Levels of complexity The biggest difference between time and space is that you can't reuse time. ― Merrick Furst
Levels of complexity 25 lines of informal requirements 250 lines of (formal) specification 2,500 lines of design description 25,000 lines of high-level program code 250,000 machine instructions of object code 2,500,000 CMOS transistors in hardware!
Reflection Oui, l'œuvre sort plus belle D'une forme au travail Rebelle, Vers, marbre, onyx, émail. [Yes, the work comes out more beautiful from a material that resists the process, verse, marble, onyx, or enamel.] — Théophile Gautier (1811–1872) L'Art
Grand Challenge 6 1 of 7: Dependable Systems Evolution Sir Tony Hoare et al. Verifying Compiler (this century!) Workshops: e.g., Zurich, Dagstuhl Further information: www.fmnet.info/gc6
Verified Software Repository Cf. QED Pro Quo repository – www.qpq.org Case study software, tools, challenges Mondex Electronic Purse (security) Dagstuhl Seminar (10–14 June 2006) UK EPSRC VSR-net network (2005–2008) EPSRC project proposal Last meeting (York, UK, 5–6 October 2006) Further information: www.fmnet.info/vsr-net
Conclusion Continued niche market for critical systems Especially safety and security Hardware as well as software (model checking) Tools very important (open source?) Breakthrough with theorem proving/model checking? Breaking the “5,000” glass ceiling? … in this area my academic colleagues are doing exactly what they should do: developing and propagating an indispensable technology so that it will be available when “the world out there” undeniably needs it. ― Edsger W. Dijkstra (1930–2002)
Applied Formal Methods "You know my methods. Apply them." — Sir Arthur Conan Doyle The Sign of Four (1890) URL: vl.fmnet.info Virtual Library
SEFM 2007 conference IEEE conference on Software Engineering and Formal Methods Keyworth Centre, London South Bank University, UK, 10-14 September 2007 URL: www.iist.unu.edu/SEFM07 Submission deadline: 31 March 2007
ABZ08: ASM, B, Z meeting ASM, B, Z user groups & VSR-net 2008 Jean-Raymond Abrial’s 70th birthday (inventor of Z and B) BCS London offices, 15-18 September 2008 c/o BCS Formal Aspects of Computing Science (FACS) Specialist Group Free venue for BCS SGs (120 people max) 1 day joint, 2 days in parallel, 1 day VSR-net workshop (space dividable)
ASM, B, Z meeting – people ASM – Egon Börger (Pisa) B – Michael Butler (Southampton) Z – Jonathan Bowen (London) VSR-net – Jim Woodcock (York) Local organization – Paul Boca (London) Industrial case study – Ian Oliver (Nokia, Helsinki)
www.fmnet.info The End Keyworth Centre ▲ Hubble in clean room ▼ sel.gsfc.nasa.gov

Recommended

Rule Based System
Rule Based SystemRule Based System
Rule Based SystemSuresh Sambandam
 
knowledge representation using rules
knowledge representation using rulesknowledge representation using rules
knowledge representation using rulesHarini Balamurugan
 
13 Amortized Analysis
13 Amortized Analysis13 Amortized Analysis
13 Amortized AnalysisAndres Mendez-Vazquez
 
Lecture 16 memory bounded search
Lecture 16 memory bounded searchLecture 16 memory bounded search
Lecture 16 memory bounded searchHema Kashyap
 
Fragmentation and types of fragmentation in Distributed Database
Fragmentation and types of fragmentation in Distributed DatabaseFragmentation and types of fragmentation in Distributed Database
Fragmentation and types of fragmentation in Distributed DatabaseAbhilasha Lahigude
 
PIPELINE INTERRUPTS
PIPELINE INTERRUPTSPIPELINE INTERRUPTS
PIPELINE INTERRUPTSM R Karthik
 
Universal turing coastus
Universal turing coastusUniversal turing coastus
Universal turing coastusShiraz316
 
Frames
FramesFrames
Framesamitp26
 

Recommended

Rule Based System
Rule Based SystemRule Based System
Rule Based SystemSuresh Sambandam
 
knowledge representation using rules
knowledge representation using rulesknowledge representation using rules
knowledge representation using rulesHarini Balamurugan
 
13 Amortized Analysis
13 Amortized Analysis13 Amortized Analysis
13 Amortized AnalysisAndres Mendez-Vazquez
 
Lecture 16 memory bounded search
Lecture 16 memory bounded searchLecture 16 memory bounded search
Lecture 16 memory bounded searchHema Kashyap
 
Fragmentation and types of fragmentation in Distributed Database
Fragmentation and types of fragmentation in Distributed DatabaseFragmentation and types of fragmentation in Distributed Database
Fragmentation and types of fragmentation in Distributed DatabaseAbhilasha Lahigude
 
PIPELINE INTERRUPTS
PIPELINE INTERRUPTSPIPELINE INTERRUPTS
PIPELINE INTERRUPTSM R Karthik
 
Universal turing coastus
Universal turing coastusUniversal turing coastus
Universal turing coastusShiraz316
 
Frames
FramesFrames
Framesamitp26
 
Semantic nets in artificial intelligence
Semantic nets in artificial intelligenceSemantic nets in artificial intelligence
Semantic nets in artificial intelligenceharshita virwani
 
Compiler Design Unit 4
Compiler Design Unit 4Compiler Design Unit 4
Compiler Design Unit 4Jena Catherine Bel D
 
Truth management system
Truth management systemTruth management system
Truth management systemMohammad Kamrul Hasan
 
Multi Head, Multi Tape Turing Machine
Multi Head, Multi Tape Turing MachineMulti Head, Multi Tape Turing Machine
Multi Head, Multi Tape Turing MachineRadhakrishnan Chinnusamy
 
Application of MapReduce in Cloud Computing
Application of MapReduce in Cloud ComputingApplication of MapReduce in Cloud Computing
Application of MapReduce in Cloud ComputingMohammad Mustaqeem
 
Intro To Convolutional Neural Networks
Intro To Convolutional Neural NetworksIntro To Convolutional Neural Networks
Intro To Convolutional Neural NetworksMark Scully
 
c_programming
c_programmingc_programming
c_programmingSHIKHA GAUTAM
 
Distributed database management system
Distributed database management systemDistributed database management system
Distributed database management systemPooja Dixit
 
closure properties of regular language.pptx
closure properties of regular language.pptxclosure properties of regular language.pptx
closure properties of regular language.pptxThirumoorthy64
 
Unit 2(knowledge)
Unit 2(knowledge)Unit 2(knowledge)
Unit 2(knowledge)Ashish Nayak
 
Knowledge representation and Predicate logic
Knowledge representation and Predicate logicKnowledge representation and Predicate logic
Knowledge representation and Predicate logicAmey Kerkar
 
Client Centric Consistency Model
Client Centric Consistency ModelClient Centric Consistency Model
Client Centric Consistency ModelRajat Kumar
 
Unit III Knowledge Representation in AI K.Sundar,AP/CSE,VEC
Unit III Knowledge Representation in AI K.Sundar,AP/CSE,VECUnit III Knowledge Representation in AI K.Sundar,AP/CSE,VEC
Unit III Knowledge Representation in AI K.Sundar,AP/CSE,VECsundarKanagaraj1
 
Cs6503 theory of computation book notes
Cs6503 theory of computation book notesCs6503 theory of computation book notes
Cs6503 theory of computation book notesappasami
 
Spr ch-02
Spr ch-02Spr ch-02
Spr ch-02Vasim Pathan
 
Issues in Data Link Layer
Issues in Data Link LayerIssues in Data Link Layer
Issues in Data Link Layerselvakumar_b1985
 
serializability in dbms
serializability in dbmsserializability in dbms
serializability in dbmsSaranya Natarajan
 
Distributed database
Distributed databaseDistributed database
Distributed databaseReachLocal Services India
 
Applications of paralleL processing
Applications of paralleL processingApplications of paralleL processing
Applications of paralleL processingPage Maker
 
Logic programming (1)
Logic programming (1)Logic programming (1)
Logic programming (1)Nitesh Singh
 
Communities and Ancestors Associated with Egon Börger and ASM
Communities and Ancestors Associated with Egon Börger and ASMCommunities and Ancestors Associated with Egon Börger and ASM
Communities and Ancestors Associated with Egon Börger and ASMJonathan Bowen
 
Alan Turing and Oxford
Alan Turing and OxfordAlan Turing and Oxford
Alan Turing and OxfordJonathan Bowen
 

More Related Content

What's hot

Semantic nets in artificial intelligence
Semantic nets in artificial intelligenceSemantic nets in artificial intelligence
Semantic nets in artificial intelligenceharshita virwani
 
Application of MapReduce in Cloud Computing
Application of MapReduce in Cloud ComputingApplication of MapReduce in Cloud Computing
Application of MapReduce in Cloud ComputingMohammad Mustaqeem
 
Intro To Convolutional Neural Networks
Intro To Convolutional Neural NetworksIntro To Convolutional Neural Networks
Intro To Convolutional Neural NetworksMark Scully
 
Distributed database management system
Distributed database management systemDistributed database management system
Distributed database management systemPooja Dixit
 
closure properties of regular language.pptx
closure properties of regular language.pptxclosure properties of regular language.pptx
closure properties of regular language.pptxThirumoorthy64
 
Knowledge representation and Predicate logic
Knowledge representation and Predicate logicKnowledge representation and Predicate logic
Knowledge representation and Predicate logicAmey Kerkar
 
Client Centric Consistency Model
Client Centric Consistency ModelClient Centric Consistency Model
Client Centric Consistency ModelRajat Kumar
 
Unit III Knowledge Representation in AI K.Sundar,AP/CSE,VEC
Unit III Knowledge Representation in AI K.Sundar,AP/CSE,VECUnit III Knowledge Representation in AI K.Sundar,AP/CSE,VEC
Unit III Knowledge Representation in AI K.Sundar,AP/CSE,VECsundarKanagaraj1
 
Cs6503 theory of computation book notes
Cs6503 theory of computation book notesCs6503 theory of computation book notes
Cs6503 theory of computation book notesappasami
 
Applications of paralleL processing
Applications of paralleL processingApplications of paralleL processing
Applications of paralleL processingPage Maker
 
Logic programming (1)
Logic programming (1)Logic programming (1)
Logic programming (1)Nitesh Singh
 

What's hot (20)

Semantic nets in artificial intelligence
Semantic nets in artificial intelligenceSemantic nets in artificial intelligence
Semantic nets in artificial intelligence
 
Compiler Design Unit 4
Compiler Design Unit 4Compiler Design Unit 4
Compiler Design Unit 4
 
Truth management system
Truth management systemTruth management system
Truth management system
 
Multi Head, Multi Tape Turing Machine
Multi Head, Multi Tape Turing MachineMulti Head, Multi Tape Turing Machine
Multi Head, Multi Tape Turing Machine
 
Application of MapReduce in Cloud Computing
Application of MapReduce in Cloud ComputingApplication of MapReduce in Cloud Computing
Application of MapReduce in Cloud Computing
 
Intro To Convolutional Neural Networks
Intro To Convolutional Neural NetworksIntro To Convolutional Neural Networks
Intro To Convolutional Neural Networks
 
c_programming
c_programmingc_programming
c_programming
 
Distributed database management system
Distributed database management systemDistributed database management system
Distributed database management system
 
closure properties of regular language.pptx
closure properties of regular language.pptxclosure properties of regular language.pptx
closure properties of regular language.pptx
 
Unit 2(knowledge)
Unit 2(knowledge)Unit 2(knowledge)
Unit 2(knowledge)
 
Knowledge representation and Predicate logic
Knowledge representation and Predicate logicKnowledge representation and Predicate logic
Knowledge representation and Predicate logic
 
Client Centric Consistency Model
Client Centric Consistency ModelClient Centric Consistency Model
Client Centric Consistency Model
 
Unit III Knowledge Representation in AI K.Sundar,AP/CSE,VEC
Unit III Knowledge Representation in AI K.Sundar,AP/CSE,VECUnit III Knowledge Representation in AI K.Sundar,AP/CSE,VEC
Unit III Knowledge Representation in AI K.Sundar,AP/CSE,VEC
 
Cs6503 theory of computation book notes
Cs6503 theory of computation book notesCs6503 theory of computation book notes
Cs6503 theory of computation book notes
 
Spr ch-02
Spr ch-02Spr ch-02
Spr ch-02
 
Issues in Data Link Layer
Issues in Data Link LayerIssues in Data Link Layer
Issues in Data Link Layer
 
serializability in dbms
serializability in dbmsserializability in dbms
serializability in dbms
 
Distributed database
Distributed databaseDistributed database
Distributed database
 
Applications of paralleL processing
Applications of paralleL processingApplications of paralleL processing
Applications of paralleL processing
 
Logic programming (1)
Logic programming (1)Logic programming (1)
Logic programming (1)
 

More from Jonathan Bowen

Communities and Ancestors Associated with Egon Börger and ASM
Communities and Ancestors Associated with Egon Börger and ASMCommunities and Ancestors Associated with Egon Börger and ASM
Communities and Ancestors Associated with Egon Börger and ASMJonathan Bowen
 
Alan Turing and Oxford
Alan Turing and OxfordAlan Turing and Oxford
Alan Turing and OxfordJonathan Bowen
 
The Digital Renaissance from da Vinci to Turing
The Digital Renaissance from da Vinci to TuringThe Digital Renaissance from da Vinci to Turing
The Digital Renaissance from da Vinci to TuringJonathan Bowen
 
Alan Turing: Founder of Computer Science
Alan Turing: Founder of Computer ScienceAlan Turing: Founder of Computer Science
Alan Turing: Founder of Computer ScienceJonathan Bowen
 
Online Academic Tools for Engagement
Online Academic Tools for EngagementOnline Academic Tools for Engagement
Online Academic Tools for EngagementJonathan Bowen
 
Visibility and visualisation of scholarly publications online: Erdős and beyond
Visibility and visualisation of scholarly publications online: Erdős and beyondVisibility and visualisation of scholarly publications online: Erdős and beyond
Visibility and visualisation of scholarly publications online: Erdős and beyondJonathan Bowen
 
Patterns in scholarly publications online: Erdős and beyond
Patterns in scholarly publications online: Erdős and beyondPatterns in scholarly publications online: Erdős and beyond
Patterns in scholarly publications online: Erdős and beyondJonathan Bowen
 
The Brooklyn Visual Heritage Website: Brooklyn’s Museums and Libraries Collab...
The Brooklyn Visual Heritage Website: Brooklyn’s Museums and Libraries Collab...The Brooklyn Visual Heritage Website: Brooklyn’s Museums and Libraries Collab...
The Brooklyn Visual Heritage Website: Brooklyn’s Museums and Libraries Collab...Jonathan Bowen
 
Online Communities: Visualization and Formalization.
Online Communities: Visualization and Formalization.Online Communities: Visualization and Formalization.
Online Communities: Visualization and Formalization.Jonathan Bowen
 
Computer science education in universities
Computer science education in universitiesComputer science education in universities
Computer science education in universitiesJonathan Bowen
 
Making scholarly publications accessible online
Making scholarly publications accessible onlineMaking scholarly publications accessible online
Making scholarly publications accessible onlineJonathan Bowen
 
Industrial use of formal methods
Industrial use of formal methodsIndustrial use of formal methods
Industrial use of formal methodsJonathan Bowen
 
From a Community of Practice to a Body of Knowledge: A case study of the form...
From a Community of Practice to a Body of Knowledge: A case study of the form...From a Community of Practice to a Body of Knowledge: A case study of the form...
From a Community of Practice to a Body of Knowledge: A case study of the form...Jonathan Bowen
 
Wiki Software and Facilities for Museums
Wiki Software and Facilities for MuseumsWiki Software and Facilities for Museums
Wiki Software and Facilities for MuseumsJonathan Bowen
 

More from Jonathan Bowen (14)

Communities and Ancestors Associated with Egon Börger and ASM
Communities and Ancestors Associated with Egon Börger and ASMCommunities and Ancestors Associated with Egon Börger and ASM
Communities and Ancestors Associated with Egon Börger and ASM
 
Alan Turing and Oxford
Alan Turing and OxfordAlan Turing and Oxford
Alan Turing and Oxford
 
The Digital Renaissance from da Vinci to Turing
The Digital Renaissance from da Vinci to TuringThe Digital Renaissance from da Vinci to Turing
The Digital Renaissance from da Vinci to Turing
 
Alan Turing: Founder of Computer Science
Alan Turing: Founder of Computer ScienceAlan Turing: Founder of Computer Science
Alan Turing: Founder of Computer Science
 
Online Academic Tools for Engagement
Online Academic Tools for EngagementOnline Academic Tools for Engagement
Online Academic Tools for Engagement
 
Visibility and visualisation of scholarly publications online: Erdős and beyond
Visibility and visualisation of scholarly publications online: Erdős and beyondVisibility and visualisation of scholarly publications online: Erdős and beyond
Visibility and visualisation of scholarly publications online: Erdős and beyond
 
Patterns in scholarly publications online: Erdős and beyond
Patterns in scholarly publications online: Erdős and beyondPatterns in scholarly publications online: Erdős and beyond
Patterns in scholarly publications online: Erdős and beyond
 
The Brooklyn Visual Heritage Website: Brooklyn’s Museums and Libraries Collab...
The Brooklyn Visual Heritage Website: Brooklyn’s Museums and Libraries Collab...The Brooklyn Visual Heritage Website: Brooklyn’s Museums and Libraries Collab...
The Brooklyn Visual Heritage Website: Brooklyn’s Museums and Libraries Collab...
 
Online Communities: Visualization and Formalization.
Online Communities: Visualization and Formalization.Online Communities: Visualization and Formalization.
Online Communities: Visualization and Formalization.
 
Computer science education in universities
Computer science education in universitiesComputer science education in universities
Computer science education in universities
 
Making scholarly publications accessible online
Making scholarly publications accessible onlineMaking scholarly publications accessible online
Making scholarly publications accessible online
 
Industrial use of formal methods
Industrial use of formal methodsIndustrial use of formal methods
Industrial use of formal methods
 
From a Community of Practice to a Body of Knowledge: A case study of the form...
From a Community of Practice to a Body of Knowledge: A case study of the form...From a Community of Practice to a Body of Knowledge: A case study of the form...
From a Community of Practice to a Body of Knowledge: A case study of the form...
 
Wiki Software and Facilities for Museums
Wiki Software and Facilities for MuseumsWiki Software and Facilities for Museums
Wiki Software and Facilities for Museums
 

Recently uploaded

The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAndrey Devyatkin
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilV3cube
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesBoston Institute of Analytics
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?Igalia
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfhans926745
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 

Recently uploaded (20)

The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of Brazil
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation Strategies
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdf
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 

Ten Commandments of Formal Methods: A decade later

  • 1. Ten Commandments of Formal Methods: A decade later Jonathan P. Bowen Michael G. Hinchey Museophile Limited, UK Loyola College in Maryland Baltimore, USA www.jpbowen.com (Also visiting academic, (Also NASA) University College London) See IEEE Computer, 39(1):40–48, January 2006. Based on Dagstuhl workshop, Germany, 8–12 May 2006.
  • 2. Dagstuhl Seminar 06191 Rigorous Methods for Software Construction and Analysis, 8–12 May 2006
  • 3. Choosing a formal method – difficult ASM GC6 B Z VSR-net
  • 4. Background – formal methods Academics vs. industrial practitioners Theory vs. practice Still little used in general practice Size of community critical It is clear to the best minds in the field that a more mathematical approach is needed for software to advance much. ― Bertrand Meyer
  • 5. The Flat Earth Society Cf. formal methods community… — Gerard J. Holzmann FMICS 2005 (Lisbon) conference queue! ►
  • 6. Ten Commandments … ten years later J.P. Bowen & M.G. Hinchey, IEEE Computer, April 1995 & January 2006 He proclaimed to you his covenant, which he commanded you to keep: the Ten Commandments, which he wrote on two tablets of stone. “Can’t I just read your URL?” ― Deuteronomy 4:13, 10:4, Ex.34:28 vl.fmnet.info/moses-url
  • 7. Thou shalt choose an appropriate notation. Notations are a frequent complaint… but the real problem is to understand the meaning and properties of the symbols … … you will cultivate an appreciation of mathematical elegance and style. By that time, the symbols will be invisible ... The great advantage of mathematics is that the rules are simpler than those of natural language ― C.A.R. Hoare
  • 8. Which notation? Various notations: ASM (testing?) B (development?) Z (specification?) Etc. – 95 under vl.fmnet.info
  • 11. Name Combines Advantage Ref. Combined Temporal B, temporal Adds time to the Bonnet et B logic B-Method al. (1995) formal methods ZCCS Z, CCS Combines CCS Galloway process algebra and add to the and state based Stoddard confusion! aspects of Z (1997) CSP OZ Z, CSP Combines Z and Fischer CSP (2000) If I could say it [13] in words there Object Z Z, OO Adds OO to Z Smith would be no principles, (2000) temporal reason to paint. logic ― Edward Hopper Object-Z, π- Adds π-calculus PiOZ Taguchi calculus style dynamic et al. (1882–1967) comm. (2004) capabilities to Object-Z
  • 12. Thou shalt formalize but not overformalize. Need for formality Formality vs. informality Levels of use Strange as it seems, no amount of learning can cure stupidity, and formal education positively fortifies it. ― Stephen Vizinczey
  • 13. Level Name Involves Levels 0 Formal Formal notation Specification used for specifying of use requirements only; no analysis/proof 1 Formal Proving properties Development / and applying Verification refinement calculus Cost vs. 2 Machine Use of theorem correctness Checked prover/checker (quality) Proofs / Model tool to prove checking consistency/ integrity.
  • 14. Thou shalt estimate costs. Estimation models (CoCoMo II, …) Total cost of ownership (TCO) Quality of people varies (c10:1?) Cost (salary) varies (c2:1?) Still an inexact “science” I think that God in creating Man somewhat overestimated his ability. ― Oscar Wilde (1854–1900)
  • 15. 200 Requirements GRO78 Target Cost Overrun, Percent phase costs OMV TDRSS compared with 160 IRAS project overrun Gali HST costs GOES I-M TETH 120 (source: NASA) LAND76 CEN EDO (recent start) MARS ACTS ERB77 COBE 80 STS CHA.REC LAND78 GRO82 ERB80 SEASAT 40 UARS VOYAGER HEAO EUVE/EP DE Ulysses ISEE SMM PIONVEN IUE 0 Ref: NASA/W. Gruhl 0 5 10 15 20 Requirements Cost/Program Cost, percent
  • 16. Cost of proofs Mathematics – simple theorems, deep proofs (decades or centuries) Cf. software – complicated specs & programs, shallow proofs (B, 90–95% automated, 5–10% manual, weeks or months). Fermat’s Last Theorem (in Toulouse) an + bn ≠ cn (n>2) — Pierre de Fermat (1601–1635)
  • 17. Hand vs. machine checked proofs Blackboard at Dagstuhl workshop!
  • 18. Thou shalt have a formal methods guru on call. Communication/understanding important Project management Technology transfer Support organizations (FME, ForTIA, …) An expert is a person who has made all the mistakes that can be made in a very narrow field. ― Niels Bohr (1885–1962)
  • 19. Technology transfer E.g.: Z notation Courses (academia & industry) Textbooks (good choice) Tools (type-checkers, provers, …) Web resources – vl.fmnet.info Discussion – comp.specification.* User Group (meetings) Standards (see later)
  • 20. Formal Methods Europe FME: started with European funding Industry, academia and government Now more international in scope FM’06: 14th Symposium Hamilton, Canada, 21–27 Aug 2006 www.fmeurope.org FME Wiki: www.fmeurope.org/twiki/bin/view
  • 21. ForTIA Formal Techniques Industry Association Founded through European CoLogNET Computational Logic Network and FME at FM2003 symposium, Pisa Subgroup of FME Technology transfer to industry See: www.fortia.org
  • 22. Thou shalt not abandon thy traditional development methods. UML Object-orientation Model-Based Development (MBD) A great many of those who ‘debunk’ traditional... values have in the background values of their own which they believe to be immune from the debunking process. ― C. S. Lewis (1898–1963) The Abolition of Man
  • 23. UML & OO methods Unified Modeling Language pUML (precise UML) Combined with B-Method tools Object-Z Perfect Developer (Java/C++) Escher Technologies Applied to self, proving c95% of approx. 130,000 verification conds Cf. Atelier-B tool?
  • 24. Thou shalt document sufficiently. Case studies – success & failure Process important Textbooks (c10 Z vs. c1000 Java!) I have always tried to hide my own efforts and wished my works to have the lightness and joyousness of a springtime which never lets anyone suspect the labours it cost. ― Henri Matisse (1869–1954)
  • 25. Google Book Search books.google.com
  • 26. Textbooks for courses Resistance by students Resistance even by academics Professional society accreditation (e.g., BCS)
  • 27. Software Specification Methods Henri Habrias & Marc Frappier (eds.) Springer-Verlag, 2001 and ISTE, 2006 Z, SAZ, B, OMT, Action Systems, UML, VHDL, Estelle, SDL, E-LOTOS, JSD, CASL, Coq, Petri Nets, TLA. Process of producing a formal spec…
  • 28. Wikipedia Z notation category. Add ASM, B-Method, … categories? en.wikipedia.org/wiki/Formal_methods See also: en.wikipedia.org/wiki/Category:Formal_methods
  • 29. Thou shalt not compromise thy quality standards. $360B loses due to poor software quality (2002) ISO 9000 revised (2000) IEC 61508-3 functional safety standard (1998) 00-55 UK MoD standard updated (1997) 00-56 Issue 3 for hardware-software (2005) FMs mandated for safety-related software If people knew how hard I worked to get my mastery, it wouldn't seem so wonderful at all. ― Michelangelo Buonarroti (1475–1564)
  • 30. Z Standard ISO/IEC 13568 Long process (1990s) Final Committee Draft – accepted in 2001! Important for tools and industrial use ASM, B, … ?
  • 31. Thou shalt not be dogmatic. Listen to industry’s problems Choice may depend on expertise Good tool support important Combined theorem proving/model checking (e.g., Yices from SRI) … And I am unanimous in that! ― Molly Sugden, a.k.a. Mrs. Slocombe Are You Being Served? BBC TV (1972–1993)
  • 32. Community Z Tools Open systems model – e.g., Community Z Tools (CZT) initiative Sourceforge project: czt.sourceforge.net
  • 33. Open source initiatives European RODIN project (2004–2007): Rigorous Open Development Environment for Complex Systems rodin.cs.ncl.ac.uk Support for B# (“B sharp”, cf. C#) rodin-b-sharp.sourceforge.net See also B4free: www.b4free.com HOL 4: hol.sourceforge.net Jape: sourceforge.net/projects/jape
  • 34. Thou shalt test, test, and test again. Even short programs complex Small changes can cause large problems Easy to change, not easy to be correct I believe the hard part of building software to be the specification, design and testing of this conceptual construct, not the labor of representing it and testing the fidelity of the representation. ― Frederick P. Brooks, Jr., No Silver Bullet
  • 35. FORTEST Network Formal methods and testing www.fortest.org.uk UK academia and industry (3 years funding) Regular workshops (last 19 Dec 2005, London) “Landscapes” ACM Surveys paper to appear Book in preparation for Springer LNCS (2007)
  • 36. Formalization of testing criteria Z notation – readable Existing criteria (e.g., MC/DC) Modified Condition/Decision Coverage New criteria (e.g., RC/DC) Reinforced Condition/Decision Coverage (false actuation type errors detected) Reduces ambiguity, increases understanding See: Formal Aspects of Computing, 18(1):42–62, March 2006 & STVR, 15(1):21–40, March 2005 [Work with Sergiy Vilkomir & Kalpesh Kapoor] See: www.cafm.lsbu.ac.uk/fortest
  • 37. Formalization of testing criteria Using the Z notation. E.g.:
  • 38. Thou shalt reuse. Possible if “formal” Cheaper at higher levels of abstraction Levels of complexity The biggest difference between time and space is that you can't reuse time. ― Merrick Furst
  • 39. Levels of complexity 25 lines of informal requirements 250 lines of (formal) specification 2,500 lines of design description 25,000 lines of high-level program code 250,000 machine instructions of object code 2,500,000 CMOS transistors in hardware!
  • 40. Reflection Oui, l'œuvre sort plus belle D'une forme au travail Rebelle, Vers, marbre, onyx, émail. [Yes, the work comes out more beautiful from a material that resists the process, verse, marble, onyx, or enamel.] — Théophile Gautier (1811–1872) L'Art
  • 41. Grand Challenge 6 1 of 7: Dependable Systems Evolution Sir Tony Hoare et al. Verifying Compiler (this century!) Workshops: e.g., Zurich, Dagstuhl Further information: www.fmnet.info/gc6
  • 42. Verified Software Repository Cf. QED Pro Quo repository – www.qpq.org Case study software, tools, challenges Mondex Electronic Purse (security) Dagstuhl Seminar (10–14 June 2006) UK EPSRC VSR-net network (2005–2008) EPSRC project proposal Last meeting (York, UK, 5–6 October 2006) Further information: www.fmnet.info/vsr-net
  • 43. Conclusion Continued niche market for critical systems Especially safety and security Hardware as well as software (model checking) Tools very important (open source?) Breakthrough with theorem proving/model checking? Breaking the “5,000” glass ceiling? … in this area my academic colleagues are doing exactly what they should do: developing and propagating an indispensable technology so that it will be available when “the world out there” undeniably needs it. ― Edsger W. Dijkstra (1930–2002)
  • 44. Applied Formal Methods "You know my methods. Apply them." — Sir Arthur Conan Doyle The Sign of Four (1890) URL: vl.fmnet.info Virtual Library
  • 45. SEFM 2007 conference IEEE conference on Software Engineering and Formal Methods Keyworth Centre, London South Bank University, UK, 10-14 September 2007 URL: www.iist.unu.edu/SEFM07 Submission deadline: 31 March 2007
  • 46. ABZ08: ASM, B, Z meeting ASM, B, Z user groups & VSR-net 2008 Jean-Raymond Abrial’s 70th birthday (inventor of Z and B) BCS London offices, 15-18 September 2008 c/o BCS Formal Aspects of Computing Science (FACS) Specialist Group Free venue for BCS SGs (120 people max) 1 day joint, 2 days in parallel, 1 day VSR-net workshop (space dividable)
  • 47. ASM, B, Z meeting – people ASM – Egon Börger (Pisa) B – Michael Butler (Southampton) Z – Jonathan Bowen (London) VSR-net – Jim Woodcock (York) Local organization – Paul Boca (London) Industrial case study – Ian Oliver (Nokia, Helsinki)
  • 48. www.fmnet.info The End Keyworth Centre ▲ Hubble in clean room ▼ sel.gsfc.nasa.gov