Proving the value of formal methods

The record of successful applications of formal verification techniques is slowly growing. Our ultimate aim, however, is not to perform small pilot projects that show that verification is sometimes feasible in an industrial setting; our aim must be to integrate verification techniques into the software design cycle as a non−negotiable part of quality control. We take a snapshot of the state of the art in formal verification, and, for inspiration, compare it with other points in history where new technology threatened to replace old technology, only to discover how resilient an established practice can be. To keep a mild sense of perspective, we will also briefly consider how badly mistaken some of the advocates of new technology have sometimes been. Invited paper for FORTE94, 7th Int. Conference on Formal Description Techniques. To be held in Bern, Switzerland, October 1994. The difference between a thing that can break and a thing that can’t break is that when the thing that can’t break breaks then it can’t be fixed. (Hitchhiker’s Guide to the Galaxy, Book 5)