Can we ever be sure that our computer programs will work reliably? One approach to this problem is to attempt a mathematical proof of reliability, and this has led to the idea of Formal Methods
: if you have a formal, logical specification of the properties meant by 'working reliably', then perhaps you can give a formal mathematical proof that the program (presented as a formal text) satisfies them.
Of course, this is by no means trivial. Before we can even get started on a formal proof we must turn the informal ideas intended by 'working reliably' into a formal specification, and we also need a formal account of what it means to say that a program satisfies a specification (this amounts to a semantics of the programming language, an account of the meaning of programs). None the less, Formal Methods
are now routinely practised by a number of software producers.
The aim of this book is to present informal formal methods
, showing the benefits of the approach even without strict formality although we use logic as a notation for the specifications, we rely on informal semantics -- a programmer's ordinary intuitions about what small, linear stretches of code actually do -- and we use proofs to the level of rigour of ordinary mathematics.
This can, of course, serve as a first introduction to strict Formal Methods
, but it should really be seen much more broadly. The benefits of Formal Methods do not accrue just from the formality. The very effort of writing a specification prior to the coding focuses attention on what the user wants to get out of the program, as opposed to what the computer has to do, and the satisfaction proof, even if informal, expresses our idea of how the algorithm works. This does not require support tools, and the method -- which amounts really to methodical commenting -- is practicable in all programming tasks.
The book is divided into two complementary parts, the first on Programming and the second on Logic. Though they are both about logical reasoning, the first half concerns the ideas about programs that the reasoning is intended to capture, while the second half is more about the formal machinery. The distinction is somewhat analogous to that often seen in books about programming languages a first part is an introduction to programming using the language, and a second part is a formal report on it.
To read the book from scratch, one would most likely read the two parts in parallel, and this is in fact how the material was used for the computer science course
at Imperial College
. However, the division into two reasonably disjoint parts means that people who already have some background in logic can see the programming story told without interruption.