Method integration is the procedure of combining multiple methods to form a new technique. In the context of software engineering, this can involve combining specification techniques, rules and guidelines for design and implementation, and sequences of steps for managing an entire development. In current practice, method integration is often an ad-hoc process, where links between methods are defined on a case-by-case basis. In this dissertation, we examine an approach to formal method integration based on so-called heterogeneous notations: compositions of compatible notations. We set up a basis that can be used to formally define the meaning of compositions of formal and semiformal notations. Then, we examine how this basis can be used in combining methods used for system specification, design, and implementation. We demonst...

. This paper describes the theorem proving component of a larger software development environment for the ISO standardized specification language VDM-SL. This component is constructed as an instantiation of the generic theorem prover Isabelle with a VDM-SL variant of the Logic of Partial Functions (LPF). We describe the development of this instantiation, focusing on both the embedding of syntax and the automation of proof support, which is a challenge due to the three-valued nature of LPF. 1 Introduction This paper is about mechanizing proof support for VDM-SL, which is a formal notation for writing model-oriented specifications of software systems [13]. The history of VDM-SL dates back to the late 70's, and it is now one of the most widely used specification languages in industry and academia [15, 8]. Moreover, it has an ISO standard [16] and is supported by a tool, the IFAD VDM-SL Toolbox [9, 12], which is essential for the industrial adoption of a formal method. Currently the VDM-S...

Formal methods can be applied with different levels of rigor. The more rigorously used, the more confidence is obtained in a formal model of a computer system. However, rigorous development using formal verification requires skilled personnel and is costly. Based on our experience of introducing formal specification to some European industrial companies, e.g. British Aerospace [7] and Aerospatiale [3], we believe that a less rigorous approach using validation by testing is a complement to formal verification, which engineers can use cost-effectively early in their formal methods careers. When they become more confident with constructing formal models, it would be natural to take the next step and introduce verification. In this paper we illustrate how testing-based validation can be applied to the SAFER example used throughout [9]. 1 Introduction Historically, NASA's involvement in formal methods has concentrated on formal verification using mechanical theorem provers [1, 2, 9]. In te...

. This paper reports on the experiment PICGAL which aims to assess the benefits of using VDM to develop high reliability related software in the space industry in a practical way. The application used in this project is a code generator from a next generation environment to be used in the development of ground application software for boosters such as ARIANE V. The experiment is constructed as a parallel development of the code generator; using the conventional approach and using formal specification. This allows detailed measurements of the effects resulting from the introduction of VDM. This work is adding to the existing body of evidence of the effect of using a moderate amount of formal methods in an industrial context in a new critical domain. This paper provides an overview of the domain, the application and it shows how the formal specification has been structured. Finally, results and key lessons are presented. 1 Introduction AEROSPATIALE Espace & Defense is prime contractor o...

We report on a case study conducted at Dassault Electronique in order to assess the benefits of introducing formal specification and validation in an industrial context, using the ISO Standard VDM Specification Language (VDMSL) and a commercial toolset marketed by IFAD. The case study is based on a typical example from the terrestrial transportation domain, the door management system of a metro. It focuses on the suitability of the VDM technology for the early software development phases before detailed design, when requirements may be unstable and customer feedback is essential. Particular focus is put on the consistency-checking, animation and early prototyping facilities of the IFAD VDM tools. 1 Introduction Dassault Electronique (D.E.) is a major French provider of safety-critical systems for terrestrial transportation, space and military and commercial avionics. In these markets, the use of formal methods is often mandatory or encouraged, for example, the French RATP (R'egie Au...

Abstract. Our goal is to help the developers of computer-based systems to make informed design decisions on the basis of insights gained from the rigorous analysis of abstract system models. The early work on model-oriented specification has inspired the development of numerous formalisms and tools supporting modelling and analysis. There are also many stories of successful industrial application, often driven by a few champions possessing deep a priori understanding of formalisms. There are fewer cases of successful take-up or adoption of the technology in the long term. We argue that successful industrial adoption of this technology requires that potential users strike a balance between the effort expended in producing and analysing a model and insight gained. In order to support this balancing act, tools need to offer a range of levels of effort and insight. Further, educators need to recognise that training in formal development techniques must support this trade-off process. 1

reports are available via anonymous ftp, from svrc.it.uq.edu.au in the directory /pub/techreports. Abstracts and compressed postscript files are available via