Formal Methods

P reducing correct, reliable software in systems of ever increasing complexity is a problem with no immediate end in sight. The software industry suffers from a plague of bugs on a near-biblical scale. One promising technique in alleviating this problem is the application of formal methods that provide a rigorous mathematical basis to software development. When correctly applied, formal methods produce systems of the highest integrity and thus are especially recommended for securityand safety-critical systems. 1 3 Unfortunately, although projects based on formal methods are proliferating, the use of these methods is still more the exception than the rule,4 which results from many misconceptions regarding their costs, difficulties, and payoffs.5,6 Surveys of formal methods applied to large problems79in industry help dispel these misconceptions and show that formal methods projects can be completed on schedule and within budget. Moreover, these surveys show that formal methods projects produce correct software (and hardware) that is well structured, maintainable, and satisfies customer requirements. Representative case studies explain this in detail.‘O The subjective question “What makes a formal methods project successful?“cannot be definitively answered. However, through observations of many recently completed and in-progress projects-successful and otherwise-we’ve come up with ten “commandments” that, if adhered to, will greatly increase a project’s chances for success.