Formal methods: practice and experience

Formal methods use mathematical models for analysis and verification at any part of the program life-cycle. We describe the state of the art in the industrial use of formal methods, concentrating on their increasing use at the earlier stages of specification and design. We do this by reporting on a new survey of industrial use, comparing the situation in 2009 with the most significant surveys carried out over the last 20 years. We describe some of the highlights of our survey by presenting a series of industrial projects, and we draw some observations from these surveys and records of experience. Based on this, we discuss the issues surrounding the industrial adoption of formal methods. Finally, we look to the future and describe the development of a Verified Software Repository, part of the worldwide Verified Software Initiative. We introduce the initial projects being used to populate the repository, and describe the challenges they address. Categories and Subject Descriptors: D.2.4 [Software Engineering]: Software/Program Verification--Assertion checkers, class invariants, correctness proofs, formal methods, model checking, programming by contract; F.3.1 [Logics and Meanings of Programs]: Specifying and Verifying and Reasoning about Programs--Assertions invariants, logics of programs, mechanical verification, pre- and post-conditions, specification techniques; F.4.1 [Mathematical Logic and Formal Languages]: Mathematical Logic--Mechanical theorem proving; 1.2.2 [Artificial Intelligence]: Automatic Programming--Program verification General Terms: Documentation, Experimentation, Management, Measurement, Reliability, Theory, Verification Additional Key Words and Phrases: Experimental software engineering, formal methods surveys, grand challenges, verified software initiative, verified software repository ACM Reference Format: Woodcock, J., Larsen, P.G. Bicarregui, J., and Fitzgerald, J. 2009. Formal methods: Practice and experience ACM Comput. Surv. 41, 4, Article 19(October 2009), 36 pages. DOI = 10.1145/1592434.1592436 http://doi.acm.org/10.1145/1592434.1592436