Formal Aspects of Computing

, Volume 21, Issue 3, pp 245–257 | Cite as

Practice-oriented courses in formal methods using VDM++

  • Peter Gorm Larsen
  • John S. Fitzgerald
  • Steve Riddle
Original Article


We describe the design and delivery of two courses that aim to develop skills of use to students in their subsequent professional practice, whether or not they apply formal methods directly. Both courses emphasise skills in model construction and analysis by testing rather than formal verification. The accessibility of the formalism is enhanced by the use of established notations (VDM-SL and VDM++). Motivation is improved by using credible examples drawn from industrial projects, and by using an industrial-strength tool set. We present examples from the courses and discuss student evaluation and examination performance. We stress the need for exercises and tests to support the development of abstraction skills.


Formal Method Proof Obligation Instance Variable Vienna Development Method Basic Data Type 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. And96.
    Andrews DJ (ed) Information technology—Programming languages, their environments and system software interfaces—Vienna development method—specification language—Part 1: Base language. International Organization for Standardization, December 1996. International Standard ISO/IEC 13817–1Google Scholar
  2. AS99.
    Agerholm S, Sunesen K (1999) Reasoning about VDM-SL proof obligations in HOL. Technical report, IFADGoogle Scholar
  3. BFL+94.
    Bicarregui JC, Fitzgerald JS, Lindsay PA, Moore R, Ritchie B (1994) Proof in VDM: a practitioner’s guide. FACIT. Springer, HeidelbergGoogle Scholar
  4. BFL96.
    Brookes TM, Fitzgerald JS, Larsen PG (1996) Formal and informal specifications of a secure system component: final results in a comparative study. In: Gaudel M-C, Woodcock J (eds) FME’96: industrial benefit and advances in formal methods. Springer, Heidelberg, pp 214–227Google Scholar
  5. Bou03.
    Boute RT (2003) Can lightweight formal methods carry the weight? In: Duce DA et al (eds) Teaching formal methods: practice and experience 2003. Oxford Brookes University. Available at
  6. BT03.
    Berry DM, Tichy WF (2003) Comments on “Formal methods application: an empirical tale of software development”. IEEE Trans Softw Eng 29(6):567–571CrossRefGoogle Scholar
  7. ELL94.
    Elmstrøm R, Larsen PG, Lassen PB (1994) The IFAD VDM-SL Toolbox: a practical approach to formal specifications. ACM Sigplan Notices 29(9):77–80CrossRefGoogle Scholar
  8. FBGL94.
    Fitzgerald J, Brookes TM, Green MA, Larsen PG (1994) Formal and informal specifications of a secure system component: first results in a comparative study. In: Denvir BT, Naftalin M, Bertran M (eds) Formal methods Europe’94: industrial benefit of formal methods. Lecture notes in computer science, vol 873. Springer, Heidelberg, pp 35–44Google Scholar
  9. FL98.
    Fitzgerald J, Larsen PG (1998) Modelling systems—practical tools and techniques in software development. Cambridge University Press, The Edinburgh Building, Cambridge CB2 2RU, UK. ISBN 0–521–62348–0Google Scholar
  10. FL07b.
    Fitzgerald JS, Larsen PG (2007) Balancing insight and effort: the industrial uptake of Formal methods. In: Jones CB, Liu Z, Woodcock J (eds) Formal methods and hybrid real-time systems, essays in Honour of Dines Bjørner and chaochen zhou on the occasion of their 70th birthdays. Lecture notes in computer science, vol 4700, Springer, Heidelberg, pp 237–254. ISBN 978-3-540-75220-2Google Scholar
  11. FL07.
    Fitzgerald JS, Larsen PG (2008) Triumphs and challenges for the industrial application of model-oriented formal methods. In: Margaria T, Philippou A, Steffen B (eds) Proc. 2nd intl. symp. on leveraging applications of formal methods, verification and validation. Also Technical Report CS-TR-999, School of Computing Science, Newcastle UniversityGoogle Scholar
  12. FLM+05.
    Fitzgerald J, Larsen PG, Mukherjee P, Plat N, Verhoef M (2005) Validated Designs for Object-oriented Systems. Springer, New YorkMATHGoogle Scholar
  13. FLT+07.
    Fitzgerald JS, Larsen PG, Tjell S, Verhoef M (2007) Validation support for real-time embedded systems in VDM++. In: Cukic B, Dong J (eds) Proceedings of HASE 2007: 10th IEEE high assurance system engineering symposium, pp 331–340. IEEEGoogle Scholar
  14. FL08.
    Fitzgerald J, Larsen PG, Sahara S (2008) VDMTools: advances in support for Formal modeling in VDM. Sigplan Not (submitted)Google Scholar
  15. Gro05.
    The VDM Tool Group (2005) A “Cash-point” service example. Technical report, CSK, June 2005.
  16. Gro06.
    The VDM Tool Group (2006) Development guidelines for real time systems using VDMTools. Technical report, CSKGoogle Scholar
  17. HK07.
    Hazzan O, Kramer J (2007) Abstraction in computer science and software engineering: a pedagogical perspective. Front J 4(1):6–14Google Scholar
  18. IH89.
    Jones CB, Hayes IJ (1989) Specifications are not (necessarily) executable. Softw Eng J 330–338Google Scholar
  19. Jon90.
    Jones CB (1990) Systematic software development using VDM 2nd edn. Prentice-Hall International, Englewood CliffsGoogle Scholar
  20. Jon96.
    Jones CB (1996) A rigorous approach to formal methods. IEEE Comput 29(4):20–21Google Scholar
  21. JW96.
    Jackson D, Wing J (1996) Lightweight Formal Methods. IEEE Comput 29(4):22–23Google Scholar
  22. Kra07.
    Kramer J (2007) Is abstraction the key to computing? Commun ACM 50(4):37–42CrossRefGoogle Scholar
  23. LCD04.
    Loomes M, Christianson B, Davey N (2004) Formal systems, not methods. In: Dean CN, Boute RT (eds) Teaching formal methods, Lecture notes in computer science, vol 3294. Springer, Heidelberg, pp 47–64Google Scholar
  24. LFB96.
    Larsen PG, Fitzgerald JS, Brookes T (1996) Applying formal specification in industry. IEEE Softw 13(3):48–56CrossRefGoogle Scholar
  25. LL91.
    Larsen PG, Lassen PB (1991) An executable subset of Meta-IV with loose specification. In: VDM’91: formal software development methods. VDM Europe, Springer, HeidelbergGoogle Scholar
  26. LL95.
    Lewerentz C, Lindner T (eds) (1995) Formal development of reactive systems: case study production cell. LNCS, vol 891. Springer, New YorkGoogle Scholar
  27. NAS97.
    NASA (1997) Formal methods, specification and verification guidebook for verification of software and computer systems. A Practitioner’s Companion. Technical Report NASA-GB-001-97, vol 2. Washington, DC 20546, USA, May 1997. Available from
  28. Pep04.
    Pepper P (2004) Distributed teaching of formal methods. In: Dean CN, Boute RT (eds) Teaching formal methods. Lecture notes in computer science, vol 3294. Springer, Heidelberg, pp 140–152Google Scholar
  29. PO04.
    Paige RF, Ostroff JS (2004) Specification-driven design with Eiffel and agents for teaching lightweight formal methods. In: Dean CN, Boute RT (eds) Teaching formal methods. Lecture notes in computer science, vol 3294. Springer, Heidelberg, pp 107–123Google Scholar
  30. RS04.
    Reed JN, Sinclair JE (2004) Motivating study of formal methods in the classroom. In: Dean CN, Boute RT (eds) Teaching formal methods. Lecture notes in computer science, vol 3294. Springer, Heidelberg, pp 32–46Google Scholar
  31. RTR06.
    RTRI (2006) The Concept of CyberRail.
  32. SC02.
    Kelley Sobel AE, Clarkson MR (2002) Formal methods application: an empirical tale of software development. IEEE Trans Softw Eng 28(3):308–320CrossRefGoogle Scholar
  33. SC03.
    Kelley Sobel AE, Clarkson MR (2003) Response to “Comments on ‘Formal methods application: an empirical tale of software development”. IEEE Trans Softw Eng 29(6):572–575CrossRefGoogle Scholar
  34. SS75.
    Saltzer JH, Schroeder MD (1975) The protection of information in computer systems. Proc IEEE 63(9):1278–1308CrossRefGoogle Scholar
  35. UR01.
    Utting M, Reeves S (2001) Teaching formal methods lite via testing. J Softw Testing Verif Reliab 11(3):181–195CrossRefGoogle Scholar
  36. VL07.
    Verhoef M, Larsen PG (2007) Interpreting distributed system architectures using VDM++—a case study. In: Sauser B, Muller G (eds). Proceedings of 5th annual conference on systems engineering research. Available at
  37. Ver07.
    Vermolen S (2007) Automatically discharging VDM proof obligations using HOL, Radboud University Nijmegen, computer science departmentGoogle Scholar
  38. VLH06.
    Verhoef M, Larsen PG, Hooman J (2006) Modeling and validating distributed embedded real-time systems with VDM++. In: Misra J, Nipkow T, Sekerinski E (eds) FM 2006: formal methods. Lecture notes in computer science, vol 4085. Springer, Heidelberg, pp 147–162Google Scholar

Copyright information

© British Computer Society 2008

Authors and Affiliations

  • Peter Gorm Larsen
    • 1
  • John S. Fitzgerald
    • 2
  • Steve Riddle
    • 2
  1. 1.Engineering College of AarhusAarhus CDenmark
  2. 2.School of Computing ScienceNewcastle UniversityNewcastle upon TyneUK

Personalised recommendations