Ten commandments of formal methods

Abstract

Producing correct, reliable software in systems of ever increasing complexity is a problem with no immediate end in sight. The software industry suffers from a plague of bugs on a near-biblical scale. One promising technique in alleviating this problem is the application of formal methods that provide a rigorous mathematical basis to software development. When correctly applied, formal methods produce systems of the highest integrity and thus are especially recommended for security- and safety-critical systems. Unfortunately, although projects based on formal methods are proliferating, the use of these methods is still more the exception than the rule, which results from many misconceptions regarding their costs, difficulties, and payoffs. Surveys of formal methods applied to large problems in industry help dispel these misconceptions and show that formal methods projects can be completed on schedule and within budget. Moreover, these surveys show that formal methods projects produce correct software (and hardware) that is well structured, maintainable, and satisfies customer requirements. Through observations of many recently completed and in-progress projects we have come up with ten guidelines that, if adhered to, greatly increase a project's chances for success.