Formal methods for developing high assurance computer systems: Working group report

The Second International Workshop on Industrial-Strength Formal Techniques (WIFT'98) was held in October, 1998, in Boca Raton, Florida. At the workshop, four different discussion groups investigated various topics. This report summarizes the discussions conducted on the topic Formal Methods for Developing High Assurance Systems. The consensus of the group was that formal methods are mature enough to be applied in software development. The methods have proven their worth in numerous industrial projects, and there is little doubt that they have an important place in the software development process. Transferring formal methods technology to industry is largely a non-technical problem (it is often a culture clash) and the transfer is happening (slowly). The group agreed that there have been few major breakthroughs in formal methods usage since WIFT'95. The one notable exception is the increased use of model checking technology in microprocessor design. In the hardware community, the use of formal methods has moved into the rapid adoption stage, and some formal analysis tools have become part of the standard practice. The use of formal methods in software engineering is currently limited to the early adopters. The challenge for the software community for the next few years is to follow the lead of the hardware community by successfully transferring formal methods technology into the development of high-assurance software systems.