comments on formal methods application
play

Comments on Formal Methods Application: concrete example, many of - PDF document

May 15, 2023 •444 likes •514 views

IEEE TRANSACTIONS ON SOFTWARE ENGINEERING, VOL. 29, NO. 6, JUNE 2003 567 Comments on Formal Methods Application: concrete example, many of these principles come into sharp focus. Never have we read Christensen with more interest than in

  1. IEEE TRANSACTIONS ON SOFTWARE ENGINEERING, VOL. 29, NO. 6, JUNE 2003 567 Comments on “Formal Methods Application: concrete example, many of these principles come into sharp focus. Never have we read Christensen with more interest than in the An Empirical Tale of Software Development” context of the Sobel and Clarkson experiment! We hope that this note will help motivate computer scientists to study with renewed Daniel M. Berry and Walter F. Tichy interest the body of knowledge about experimental design. Abstract —We comment on the experimental design and the result of the paper 2 O VERVIEW OF P UBLISHED P APER mentioned in the title. Our purpose is to show interested readers examples of what In the following discussion, the published paper [5] by Sobel and can go wrong with experiments in software research and how to avoid the attending problems. Clarkson is referred to as “the TSE paper.” The personal pronoun “we” refers to the authors of the present note, i.e., Berry and Tichy, while the phrase “the investigators” refers to Sobel and Clarkson. 1 � In the TSE paper, the investigators describe an experiment in 1 I NTRODUCTION which two groups of mostly two-person teams of university E MPIRICAL studies and controlled experiments in particular have students were asked to develop running programs to meet the become an important tool for understanding the nature and requirements of a given problem, an elevator simulation problem. efficacy of software methods and tools. A positive trend in recent One group of teams developed formal specifications, the other did years has been that the number of papers with empirical data not. The investigators observe that the formal methods group’s published in IEEE Transactions on Software Engineering ( TSE ) and solutions are “far more correct than the nonformal solutions.” elsewhere has been increasing. This trend is motivated in part by Additional details appear in a second paper, hereafter called the the realization that, unlike in the early days of software research, “Inroads paper,” authored by only Sobel [4]. mere demonstration of a new tool or method is not enough. There The formal methods group consisted of undergraduate stu- is a bewildering variety of software engineering methods and the dents who had voluntarily participated in a formal methods relative merits of competing approaches are poorly understood. curriculum. This curriculum consisted of a course on formal Furthermore, the methods and their interactions with the real program derivation and a course on the axiomatic semantics of world of software development are too complicated to be under- data structures, both taught using a first-order-logic specification stood by theory alone. Actual observation of programmers in language, plus a course on object-oriented design including UML. realistic settings is beginning to go hand in hand with the The other group, the control group, consisted of undergraduate development of new methods and techniques, thus putting students whose training differed in that they did not take part in software research on a firm footing. the program derivation course, took a data structures course In this vein, it is heartening to see the experiment by Sobel and covering the same topics as the formal group except for the Clarkson [5]. The experiment collected evidence that “formal axiomatic semantics, and took the same course on OO-design. The methods students had increased complex problem solving skills” elevator programming task was an assignment in the OO-design and that “the use of formal analysis during software development course. There were additional courses to be taken later. produces ‘better’ programs.” Formal methods have a long history Both curricula taught the same material, in the same sequence, of theoretical research, but rigorous, empirical evaluation is scarce. by the same instructors, using the same examples, the same Pfleeger and Hatton published a case study [3] on formal methods programming assignments, and the same exams, except for formal with inconclusive results; their paper points to additional case methods. Thus, the investigators have tried to maintain the studies in this area. Sobel and Clarkson report on the first quasi equivalence of the two groups except for the experimental experiment on formal methods. treatment, the continual exposure to formal methods by the Unfortunately, the paper contains several subtle problems. The members of the formal methods group. reader unfamiliar with the basic principles of experimental The programming task used to assess the two groups was the psychology may easily miss them and interpret the results development of an elevator simulation. Each group divided into incorrectly. Not only do we wish to point out these problems, teams, each with two members on average. Each team was to but we also aim to illustrate what to look for when drawing develop a running solution as a homework assignment. Six teams conclusions from controlled experiments. We thus hope to help of the formal methods group and 11 teams of the control group handed in solutions that compiled properly. 2 Each team was both experimenters and readers of empirical software research to become more astute in regards to meaningful experimentation in encouraged to submit UML diagrams of its design. Each formal software research. method teams was asked to submit a formal specification of its Much has been written about experimental methodology; a solution. classic text is the book by Christensen [2]. The book covers a wide The investigators found that 100 percent of the programs produced by the formal method group teams passed all of a set of range of experimental principles, including control, experimental design, data collection, validity, ethics, and hypothesis testing. six test cases, while only 45.5 percent of the programs produced by the control group teams passed all of the same set of test cases. However, since the book is written for psychologists, it may appear This is the main result of the experiment and seen as strong dry and inaccessible to software researchers and practitioners. evidence of the power of formal methods. However, by using the experiment by Sobel and Clarkson as a Standardized ACT tests found no statistical difference between the abilities of students in the two groups at the beginning of the . D.M. Berry is with the School of Computer Science, University of curricula. The investigators conclude, therefore, that the two Waterloo, 200 University Ave., West Waterloo, Ontario N2L 3G1, populations, the students in the two groups, are alike in all aspects Canada. E-mail: dberry@haifa.math.uwaterloo.ca. except for the training in formal methods. . W.F. Tichy is with the Department of Informatics, University of Karlsruhe, 76128 Karlsruhe, Germany. E-mail: tichy@ira.uka.de. 1. This is a simplification because Clarkson was actually a student Manuscript received 12 July 2002; accepted 20 Feb. 2003. participating in the experiment. Recommended for acceptance by D. Rosenblum. 2. There is a discrepancy regarding the number of formal methods For information on obtaining reprints of this article, please send e-mail to: teams—it is four in the Inroads paper but six in the TSE paper. In personal tse@computer.org, and reference IEEECS Log Number 116936. communication, Clarkson asserted that the correct number is six.

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Testing security of CPS with Formal Methods Application (in progress) to industrial protocols IoS

Testing security of CPS with Formal Methods Application (in progress) to industrial protocols IoS

Testing security of CPS with Formal Methods Application (in progress) to industrial protocols IoS & IoT Roland Groz, Jean-Luc Richier, Maxime Puys, Laurent Mounier Univ. Grenoble Alpes LIG/Vasco + Vrimag/PACSS Kobe Universit

1.02k views • 33 slides
Formal Methods and Cryptography Lecture 24 1 Formal Methods 2 Formal Methods Logical

Formal Methods and Cryptography Lecture 24 1 Formal Methods 2 Formal Methods Logical

Formal Methods and Cryptography Lecture 24 1 Formal Methods 2 Formal Methods Logical foundations of computer science 2 Formal Methods Logical foundations of computer science A language that machines can understand 2 Formal Methods

1.22k views • 121 slides
Formal Methods Michael Collins. 18-849, Section B Spring 1999 Formal Methods Why

Formal Methods Michael Collins. 18-849, Section B Spring 1999 Formal Methods Why

Formal Methods Michael Collins. 18-849, Section B Spring 1999 Formal Methods Why Formalisms? Relationships Flaws Some systems Conclusions Why Formal Methods? We already can build systems. Roman Engineers built

671 views • 12 slides
Lecture Outline 1. The lecturer 2. Introduction to Formal Methods DD2452 Formal Methods 3.

Lecture Outline 1. The lecturer 2. Introduction to Formal Methods DD2452 Formal Methods 3.

Lecture Outline 1. The lecturer 2. Introduction to Formal Methods DD2452 Formal Methods 3. Course syllabus 4. Course objectives Introductory Lecture 5. Course organization 1. Lecturer 2. Formal Methods Name: Dilian Gurov Formal

56 views • 3 slides
Formal Methods and Cryptography Lecture 25 Formal Methods Formal Methods Logical foundations

Formal Methods and Cryptography Lecture 25 Formal Methods Formal Methods Logical foundations

Formal Methods and Cryptography Lecture 25 Formal Methods Formal Methods Logical foundations of computer science Formal Methods Logical foundations of computer science A language that machines can understand Formal Methods Logical

1.67k views • 123 slides
Formal Methods for Database Application Evolution I l Dillig University of Texas at Austin

Formal Methods for Database Application Evolution I l Dillig University of Texas at Austin

Formal Methods for Database Application Evolution I l Dillig University of Texas at Austin VSTTE 2020 1 Database Applications DB application: program that interacts with underlying database Database applications are ubiquitous

1.07k views • 49 slides
Testing/Simulation Formal Analysis Real System Formal Model Partial coverage Complete coverage

Testing/Simulation Formal Analysis Real System Formal Model Partial coverage Complete coverage

Formal Methods Assurance for TTP John Rushby Computer Science Laboratory SRI International Menlo Park CA USA John Rushby, SR I Formal Methods Assurance for TTP: 1 Formal Methods for Analysis and Assurance: The Idea Testing/Simulation Formal

200 views • 6 slides
An Integrated Formal Methods Tool-Chain and its Application to Verifying a File System Model From

An Integrated Formal Methods Tool-Chain and its Application to Verifying a File System Model From

An Integrated Formal Methods Tool-Chain and its Application to Verifying a File System Model From Miguel A. Ferreira and Jos e N. Oliveira Thematic Seminar - Paper Recitation July 21, 2012 Skeleton Brief Introduction Tool-chain

272 views • 9 slides
Specifying circuit properties in PSL Formal methods Mathematical and logical methods used in

Specifying circuit properties in PSL Formal methods Mathematical and logical methods used in

Specifying circuit properties in PSL Formal methods Mathematical and logical methods used in system development Aim to increase confidence in riktighet of system Apply to both hardware and software 1 Formal methods Complement other

524 views • 25 slides
A Review of Formal Methods : 200514170 : (T4) (T4)

A Review of Formal Methods : 200514170 : (T4) (T4)

A Review of Formal Methods : 200514170 : (T4) (T4) Contents INTRODUCTION INTRODUCTION DEFINITION AND OVERVIEW OF FORMAL METHODS SPECIFICATION METHODS LIFE CYCLES AND

317 views • 19 slides
Requirements and Formal Methods Softw are Engineering Overview Overview on the RE process

Requirements and Formal Methods Softw are Engineering Overview Overview on the RE process

Requirements and Formal Methods Softw are Engineering Overview Overview on the RE process What are Formal Methods? Advantages and Disadvantages of Formal Methods Formal Methods in the Requirement Process Mathematical Formulas

561 views • 20 slides
Generating and Solving Symbolic Parity Games Gijs Kant Jaco van de Pol Formal Methods &

Generating and Solving Symbolic Parity Games Gijs Kant Jaco van de Pol Formal Methods &

Generating and Solving Symbolic Parity Games Gijs Kant Jaco van de Pol Formal Methods & Tools University of Twente The Netherlands Games 2012, Napoli, Italia 1 / 26 Motivation Application: formal verification of process algebraic

531 views • 26 slides
THEY DIDNT KNOW THEY WERE DOING MATHEMATICS INTRODUCING FORMAL METHODS USING REWRITING

THEY DIDNT KNOW THEY WERE DOING MATHEMATICS INTRODUCING FORMAL METHODS USING REWRITING

THEY DIDNT KNOW THEY WERE DOING MATHEMATICS INTRODUCING FORMAL METHODS USING REWRITING LOGIC Peter Olveczky University of Oslo FMfun19, December 3, 2019 OUTLINE How to introduce formal methods to undergraduates? Fun!

1.95k views • 171 slides
Formal Methods at Intel An Overview John Harrison Intel Corporation Second NASA Formal

Formal Methods at Intel An Overview John Harrison Intel Corporation Second NASA Formal

Formal Methods at Intel An Overview John Harrison Intel Corporation Second NASA Formal Methods Symposium NASA HQ, Washington DC 14th April 2010 (09:0010:00) 0 Table of contents Intels diverse verification problems Verifying

834 views • 45 slides
A Formal (proved) Approach to Discrete System Development Modeling J-R. Abrial September 2004

A Formal (proved) Approach to Discrete System Development Modeling J-R. Abrial September 2004

A Formal (proved) Approach to Discrete System Development Modeling J-R. Abrial September 2004 Purpose of the Course - Giving some insights about Formal Methods - Showing that Formal Methods can be made practical - Illustrating Formal Methods

1.25k views • 112 slides
Formal Methods && Tools Group Stefania Gnesi F F F M&&T M&&T

Formal Methods && Tools Group Stefania Gnesi F F F M&&T M&&T

F F F Formal Methods && Tools Group Stefania Gnesi F F F M&&T M&&T M&&T June 27, 03 Formal Methods && Tools Group - ISTI CNR CAF - 1 F F F Outline Overview of the Formal Methods

276 views • 23 slides
OCE Working Group Informal Meeting 5 Options Regarding Future Development of the OCE gtr In

OCE Working Group Informal Meeting 5 Options Regarding Future Development of the OCE gtr In

OCE Working Group Informal Meeting 5 Options Regarding Future Development of the OCE gtr In Conjunction with the 54 th GRPE Geneva 5 June 2007 Overview Background on 5 Options Details of 5 Options Open Discussion OCE Group

534 views • 8 slides
Boosting Climate Education Mid-Review, 31.03.2020 Education Team A, Design for Government

Boosting Climate Education Mid-Review, 31.03.2020 Education Team A, Design for Government

Boosting Climate Education Mid-Review, 31.03.2020 Education Team A, Design for Government 2020 Who are we? Paula Ikonen Aybars Senyildiz Felix Zelck Zhiwen (Wen) Yap MA Creative Sustainability MA Creative Sustainability MA

574 views • 38 slides
Billy Spitzer New England Aquarium Why informal education? The 95% solution Who

Billy Spitzer New England Aquarium Why informal education? The 95% solution Who

Billy Spitzer New England Aquarium Why informal education? The 95% solution Who visits and why What they want Who they trust What they get A national network of informal science education centers and ocean scientists

157 views • 12 slides
1 Building a culture of great service Trends around the challenges: Employees are not

1 Building a culture of great service Trends around the challenges: Employees are not

Building a culture of great service BuildINg a CuLTURE of Great sErvice For With Joanie Hal es and Tabitha Mason Your Hosts: Building a culture of great service Joanie Hal es Tabitha Mason Trainer Managing Partner ZingTrain Cornman

607 views • 6 slides
BE PREPARED : SUPPORTING VOLUNTEERS for SUCCESS for Volunteer-run Arts Organizations Donna

BE PREPARED : SUPPORTING VOLUNTEERS for SUCCESS for Volunteer-run Arts Organizations Donna

BE PREPARED : SUPPORTING VOLUNTEERS for SUCCESS for Volunteer-run Arts Organizations Donna Lockhart The RETHINK Group Learning Objectives What does support for volunteers mean? And does it really make a difference to the

409 views • 26 slides
Characteriza racterization tion of Gr Group up-Stra Strate tegyp gyproof oof Me Mechan

Characteriza racterization tion of Gr Group up-Stra Strate tegyp gyproof oof Me Mechan

Characteriza racterization tion of Gr Group up-Stra Strate tegyp gyproof oof Me Mechan chanis isms ms for Facili ility ty Lo Locat cation ion in Str trictly ictly Convex vex Space ce Shengyu Zhao IIIS, Tsinghua University

502 views • 4 slides
The Maximum Carpool Matching Problem Gilad Kutiel gkutiel@cs.technion.ac.il CSR 2017 1/21 The

The Maximum Carpool Matching Problem Gilad Kutiel gkutiel@cs.technion.ac.il CSR 2017 1/21 The

The Maximum Carpool Matching Problem Gilad Kutiel gkutiel@cs.technion.ac.il CSR 2017 1/21 The Maximum Carpool Matching Problem (informal) A group of people want to carpool from point A to point B 2/21 The Maximum Carpool Matching Problem

1.44k views • 99 slides
Some Considera-ons for Southern Wide-Field Spectroscopy (SWFS)

Some Considera-ons for Southern Wide-Field Spectroscopy (SWFS)

Some Considera-ons for Southern Wide-Field Spectroscopy (SWFS) Josh Frieman Fermilab/U. Chicago Summarizing some discussions of an informal study group

454 views • 10 slides

More recommend