Seven more myths of formal methods: Dispelling industrial prejudices

  • Jonathan P. Bowen
  • Michael G. Hinchey
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 873)


For whatever reason, formal methods remain one of the more contentious techniques in industrial software engineering. Despite some improvement in the uptake of formal methods, it is still the case that the vast majority of potential users of formal methods fail to become actual users. A paper by Hall in 1990 [31] examined a number of ‘myths’ concerning formal methods, assumed by some to be valid. This paper considers a few more beliefs held by many and presents some counter examples.


Formal Method Formal Development Requirement Elicitation Prototype Verification System IEEE Software 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Abrial, J.-R.: Assigning Meanings to Programs. Prentice Hall International Series in Computer Science, to appear.Google Scholar
  2. 2.
    Anderson, S. & Bruns, G.: The Formalization and Analysis of a Communication Protocol. In [35].Google Scholar
  3. 3.
    Austin, S. & Parkin, G.I.: Formal Methods: A Survey, National Physical Laboratory, Teddington, Middlesex TW11 0LW, UK, March 1993.Google Scholar
  4. 4.
    Barwise, J.: Mathematical Proofs of Computer System Correctness. Notices of the American Mathematical Society, 36(7):844–851, September 1989.Google Scholar
  5. 5.
    Boehm, B.W.: Software Engineering Economics, Prentice Hall, 1981.Google Scholar
  6. 6.
    Boehm, B.W.: A Spiral Model of Software Development and Maintenance. IEEE Computer, 21(5):61–72, May 1988.Google Scholar
  7. 7.
    Bowen, J.P.: Formal Methods in Safety-Critical Standards. In Proc. 1993 Software Engineering Standards Symposium (SESS'93), Brighton, UK, IEEE Computer Society Press, 1993, pp 168–177.Google Scholar
  8. 8.
    Bowen, J.P.: Select Z Bibliography. In [13], pp 359–396. Also available as Oxford University Computing Laboratory Technical Report PRG-TR-8-94, June 1994.Google Scholar
  9. 9.
    Bowen, J.P. et al: A ProCoS II Project Description: ESPRIT Basic Research project 7071, Bulletin of the European Association for Theoretical Computer Science (EATCS), 50:128–137, June 1993.Google Scholar
  10. 10.
    Bowen, J.P., Breuer, P.T. & Lano, K.C. Formal Specifications in Software Maintenance: From code to Z++ and back again. Information and Software Technology, 35(11/12):679–690, November/December 1993.Google Scholar
  11. 11.
    Bowen, J.P., Fränzle, M., Olderog, E-R. & Ravn, A.P.: Developing Correct Systems. In Proc. Fifth Euromicro Workshop on Real-Time Systems, Oulu, Finland, 22–24 June 1993. IEEE Computer Society Press, pp 176–187.Google Scholar
  12. 12.
    Bowen, J.P. & Gordon, M.J.C.: Z and HOL. In [13], pp 141–167.Google Scholar
  13. 13.
    Bowen, J.P. & Hall, J.A., editors: Z User Workshop, Cambridge 1994. Springer-Verlag, Workshops in Computing, 1994.Google Scholar
  14. 14.
    Bowen, J.P. & Hinchey, M.G.: Seven More Myths of Formal Methods. Oxford University Computing Laboratory Technical Report PRG-TR-7-94, June 1994.Google Scholar
  15. 15.
    Bowen, J.P. & Stavridou, V.: The Industrial Take-up of Formal Methods in Safety-Critical and Other Areas: A Perspective. In [59], pp 183–195.Google Scholar
  16. 16.
    Bowen, J.P. & Stavridou, V.: Safety-Critical Systems, Formal Methods and Standards. Software Engineering Journal, 8(4):189–209, July 1993.Google Scholar
  17. 17.
    Bowen, J.P. & Stavridou, V.: Formal Methods: Epideictic or Apodeictic? Software Engineering Journal, 9(1):2, January 1994.Google Scholar
  18. 18.
    Boyer, R.S. & Moore, J.S.: A Computational Logic Handbook. Academic Press, 1988.Google Scholar
  19. 19.
    Coombes, A.C., Fitzgerald, J.S., McDermid, J.A., Saeed, A. & Spencer, L.: Formal Specification of an Aerospace System: The Attitude Monitor. In [35].Google Scholar
  20. 20.
    Craigen, D., Gerhart, S. & Ralston, T.: An International Survey of Industrial Applications of Formal Methods (Volume 1: Purpose, Approach, Analysis and Conclusions, Volume 2: Case Studies). Atomic Energy Control Board of Canada, U.S. National Institute of Standards and Technology, and U.S. Naval Research Laboratories, NIST GCR 93/626, 1993. Available from National Technical Information Service, 5285 Port Royal Road, Springfield, VA 22161, USA.Google Scholar
  21. 21.
    Craigen, D., Gerhart, S. & Ralston, T.: Applications of Formal Methods: Observations and Trends. In [35].Google Scholar
  22. 22.
    Dehbonei, B. & Mejia, F.: Formal Development of Safety-Critical Software Systems in Railways. In [35].Google Scholar
  23. 23.
    Dix, A.: Formal Methods for Interactive Systems. Academic Press, Computers and People Series, 1991.Google Scholar
  24. 24.
    Draper, C.: Practical Experiences of Z and SSADM. In Bowen, J.P. & Nicholls, J.E., editors: Z User Workshop, London 1992, Springer-Verlag, Workshops in Computing, 1993, pp 240–254.Google Scholar
  25. 25.
    Fitzgerald, J.S., Larsen, P.G., Brookes, T. & Magillian, P.: Developing a Security-Critical System using Formal and Conventional Methods. In [35].Google Scholar
  26. 26.
    Garlan, D. & Delisle, N.: Formal Development of a Software Architecture for a Family of Instrumentation Systems. In [35].Google Scholar
  27. 27.
    Goguen, J.A. & Winkler, T.: Introducing OBJ3. Technical Report SRI-CSL-88-9, Computer Science Laboratory, SRI International, 333 Ravenswood Ave., Menlo Park, CA 94025, USA, August 1988.Google Scholar
  28. 28.
    Gordon, M.J.C. & Melham, T.F., editors: Introduction to HOL: A theorem proving environment for higher order logic. Cambridge University Press, 1993.Google Scholar
  29. 29.
    Guaspari, D., Seager, M. & Stillerman, M.: Specifying the Kernel of a Secure Distributed Operating System. In [35].Google Scholar
  30. 30.
    Guttag, J.V. & Horning, J.J: Larch: Languages and Tools for Formal Specification, Springer-Verlag, Texts and Monographs in Computer Science, 1993.Google Scholar
  31. 31.
    Hall, J.A.: Seven Myths of Formal Methods. IEEE Software, 7(5):11–19, September 1990.Google Scholar
  32. 32.
    Hamilton, V. & Quinn, K.F.: A Case Study in the Use of Z within a Safety-Critical Software System. In [35].Google Scholar
  33. 33.
    Haughton, H. & Lano, K.: Formal Development of Safety-Critical Medical Systems. In [35].Google Scholar
  34. 34.
    He Jifeng, Page, I. & Bowen, J.P.: Towards a Provably Correct Hardware Implementation of Occam. In Milne, G.J. & Pierre, L., editors: Correct Hardware Design and Verification Methods, Springer-Verlag, LNCS 683, 1993, pp 214–225.Google Scholar
  35. 35.
    Hinchey, M.G. & Bowen, J.P., editors: Applications of Formal Methods. Prentice Hall International Series in Computer Science, to appear 1995.Google Scholar
  36. 36.
    Hoare, J.: Formal Development of CICS with B. In [35].Google Scholar
  37. 37.
    Hoare, C.A.R. & Gordon, M.J.C., editors: Mechanized Reasoning and Hardware Design. Prentice Hall International Series in Computer Science, 1992.Google Scholar
  38. 38.
    Knight, J. & Littlewood, B., editors: Special issue on Safety-Critical Systems. IEEE Software, January 1994.Google Scholar
  39. 39.
    Larsen, P.G., Plat N. & Toetenel, H.: A Formal Semantics of Data Flow Diagrams. Formal Aspects of Computing, 6, 1994.Google Scholar
  40. 40.
    Leveson, N.G.: Software Safety in Embedded Computer Systems. Communications of the ACM, 34(2):34–46, February 1991.Google Scholar
  41. 41.
    Martin, A.: Encoding W: A Logic for Z in 2OBJ. In [59], pp 462–481.Google Scholar
  42. 42.
    Mataga, P. & Zave, P.: Multiparadigm Specification of an AT&T Switching System. In [35].Google Scholar
  43. 43.
    Mukherjee, P. & Wichmann, B.A.: Formal Specification of the STV Algorithm. In [35].Google Scholar
  44. 44.
    Owre, S., Rushby, J.M. and Shankar, N.: PVS: A Prototype Verification System. In Kapur, D., editor: Automated Deduction — CADE-11, Springer-Verlag, LNAI 607, 1992, pp 748–752.Google Scholar
  45. 45.
    Parnas, D.L.: Using Mathematical Descriptions in the Inspection of Safety-Critical Software. In [35].Google Scholar
  46. 46.
    Peleska, J., Hamer, U. & Hoercher, H.-M.: The Airbus A330/340 Cabin Communication System — A Z Application. In [35].Google Scholar
  47. 47.
    Plat, N., Durr, E.H. & de Boer, M.: CombiCom: Tracking and Tracing Rail Traffic using VDM++.In [35].Google Scholar
  48. 48.
    Polack, F. & Mander, K.C.: Software Quality Assurance using the SAZ Method. In [13], pp 230–249.Google Scholar
  49. 49.
    The RAISE Language Group: The RAISE Specification Language. Prentice Hall, BCS Practitioner Series, 1992.Google Scholar
  50. 50.
    Randell, G.P.: Data Flow Diagrams and CSP. DRA Memorandum 4520, Malvern, UK, February 1992.Google Scholar
  51. 51.
    Royce, W.W.: Managing the Development of Large Software Systems. In Proc. WESTCON'70, August 1970, reprinted in Proc. 9th International Conference on Software Engineering, IEEE Press, 1987.Google Scholar
  52. 52.
    Saaltink, M.: Z and Eves. In Nicholls, J.E., editor: Z User Workshop, York 1991, Springer-Verlag, Workshops in Computing, 1992, pp 233–242.Google Scholar
  53. 53.
    Semmens, L.T., France, R.B. & Docker, T.W.G.: Integrating Structured Analysis and Formal Specification Techniques. The Computer Journal, 36(6):600–610, December 1992.Google Scholar
  54. 54.
    Semmens, L.T. & Allen, P.M.: Using Yourdon and Z. In Nicholls, J.E., editor: Z User Workshop, Oxford 1990, Springer-Verlag, Workshops in Computing, 1991, pp 228–253.Google Scholar
  55. 55.
    Srivas, M., Miller, S. & Rushby, J.: Formal Verification of AAMP5: A Case Study in the Verification of a Commercial Microprocessor. In [35].Google Scholar
  56. 56.
    Weber-Wulff, D.: Selling Formal Methods to Industry. In [59], pp 671–678.Google Scholar
  57. 57.
    Wing, J.M: A Specifier's Introduction to Formal Methods. IEEE Computer, 23(9):8–24, September 1990.Google Scholar
  58. 58.
    Woodcock, J.C.P., Gardiner, P.H.B, & Hulance, J.R.: The Formal Specification in Z of Defence Standard 00-56. In [13], pp 9–28.Google Scholar
  59. 59.
    Woodcock, J.C.P. & Larsen, P.G., editors: FME'93: Industrial-Strength Formal Methods. Springer-Verlag, LNCS 670, 1993.Google Scholar
  60. 60.
    Young, W.D.: Verifying a Simple Real-Time System with Nqthm. In [35].Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 1994

Authors and Affiliations

  • Jonathan P. Bowen
    • 1
  • Michael G. Hinchey
    • 2
  1. 1.Programming Research Group Wolfson BuildingOxford University Computing LaboratoryOxfordUK
  2. 2.University of Cambridge Computer Laboratory New Museums SiteCambridgeUK

Personalised recommendations