Monica Marcus 1 Motivation

Formal methods are broadly concerned with applying mathematically rigorous methods in all stages of development of computer-based systems (hardware or software), from specification to design, to implementation and subsequent maintenance. The goal of formal verification is to expose as many errors as possible, while checking whether, or proving that the implementation conforms to the specification. In the case of hardware systems, the design is verified and not the system itself. The design is actually code written in some hardware design language. It is important to perform the verification in the early stages of design when error discovery helps reduce significantly the cost of implementation. However, verification may be done also on the actual computer system (e.g. C or Java code implementing communication protocols). Through several refinement stages based on formal methods, the final implementation is likely to have fewer errors. There are other non-formal or semi-formal methods aimed at improving the correctness and quality of computer-based systems (e.g. simulation and testing). They are complementary to formal verification. Digital circuit designs, also large and complex concurrent, distributed systems are very challenging to formal verification. More generally, they belong to the class of reactive systems. Often such systems are safety critical. Even minor failures might cause financial catastrophes and even loss of human life. Many famous bugs with dramatic consequences are known. Some of these are the Pentium bug, the Mars Pathfinder problem, Ariane 5 failure. There are many industrial success stories of the use of formal verification. Companies like Intel, IBM, Synopsis, Motorola, Microsoft have been using formal verification for many years now. Many companies develop their own formal verification tools. Their efforts are directed toward integration of formal verification with simulation and testing technologies, in order to overcome the state explosion problem. While most people agree on the necessity of more reliable, bug-free systems, some still question the effectiveness of the formal methods developed so far. Teaching formal methods to undergraduate students may contribute greatly to a better and wider use of formal methods in general, and verification in particular. In turn, this will contribute to better software, with less errors.