Pinnacles of software engineering: 25 years of formal methods

In this invited paper we review 25 years of propagating formal specification in software engineering. We will do so through outlining a paradigmatic approach to the practice of software engineering. For the sake of contrasting argument we shall claim that this approach stands in sharp contrast to classical engineering - and that there is little help to be obtained from classical engineering in securing the quality of the most important facets of software engineering! We shall be outlining a software engineering(1) practice in which formal techniques are applied in capturing the application domain void of any reference to requirements let alone software; and in then capturing requirements: Domain requirements (projected, instantiated, possibly extended and usually initialised from domain descriptions), interface requirements and machine requirements. The software engineering practice then goes on to design the software: First the architecture, then the program structure, etc. Throughout abstraction and modelling, hand-in-hand, are used in applicative (functional), imperative and process oriented descriptions, from loose specifications towards concrete, instantiated descriptions, using hierarchical as well as configurational modelling, denotational as well as computational modelling, and in structuring even small scale descriptions using appropriate modularisation concepts: Schemes, classes and objects. All the concepts spelled in this font are software engineering "program" description notions that have been honed over the years, starting in 1973 with VDM [Bekic et al. 1974; Bjorner and Jones 1978, 1982b] and continuing with RAISE [Group 1992, 1995]. The current status of our approach to software engineering, based on extensive, but not exclusive use of formal techniques, developed significantly during my years as UN Director of the UN University's International Institute for Software Technology (UNU/IIST) in Macau, 1992-1997. Many large scale software developments based on the domain/requirements/software design paradigm outlined here were systematically applied to the experimental development of software designs for the computing support of a number of diverse infrastructure components(2). Special boxes, scattered throughout the text, highlight 'pinnacle' contribution by named computer and computing scientists as well as by specific R&D projects.