Quote: more reliable elevator scheduler from formal methods than informal analysis; style also better; study using 20 teams [»sobeAE3_2002]

Quote: readable, precise documentation is required; e.g., as input to tools [»hoffDM_2001]

Quote: validated BOS's communication protocol with PROMELA and SPIN; identified an unsafe situation where only one door closed; intuitive chart of message sequence [»tretJ9_2001]

Quote: Lucent uses virtual finite-state machines (VFSM) to separate the control behavior of a software module from its data manipulation; formal, executable, early error checking, 50% fewer defects, automatic documentation [»florAR1_1997]

Quote: the VFSM validator exhaustively exercises a network of communicating VFSMs using the supertrace algorithm; found errors in three tested applications; widely used formal method [»florAR1_1997]

Quote: ten commandments for successful projects using formal methods [»boweJP4_1995]

Quote: use a small vocabulary for formal methods; easier to understand though longer, more abstract, little implementation bias; e.g., Hoare's CSP [»boweJP4_1995]

Quote: use a formal methods team with a traditional design team; catches specification errors early [»boweJP4_1995]

Quote: need a formal methods guru when using formal methods in a project [»boweJP4_1995]

Quote: the length of a Z specification corresponds to the testing and development effort; useful for scheduling [»tretJ9_2001]

Quote: use formal methods to verify a design instead of proving correctness; forces engineers to be precise about details; resolves differences of interpretation between implementers and testers [»tretJ9_2001]

Quote: formal methods should improve reuse; they clearly state requirements with high component integrity without implementation bias [»boweJP4_1995]

Quote: formal semantics for programming languages should play a fundamental role in software engineering [»parnDL10_1976]

Quote: Esterel's formal semantics is based on constructive causality [»benvA1_2003]

Quote: formal semantics enables compile-time optimization, analysis, and verification

Quote: algorithm for evaluating an applicative expression relative to an environment; first formalization of expression evaluation

Quote: operational semantics are good formal methods; intuitive, help implementers, simple, easy prototyping, easy integration [»degaP6_2001]

Quote: a meta-circular interpreter for expression evaluation defines each feature of the defined language via the corresponding feature of the defining language [»reynJC8_1972]

Quote: formalization of XML Schema using tree grammars; named types and structural types; matching and validation [»simeJ1_2003]

Quote: formalization of XML Schema used for XQuery and XPath specifications; one of the first

Quote: XQuery standardization unanimously accepted pure named typing due to its simplification of formal semantics [»simeJ1_2003]

QuoteRef: tennRD8_1976 ;;443 goes into Scott's formulations of semantic functions

Quote: BOS used formal Z specifications and natural language for detailed design; checked consistency, types, completeness; verified postconditions and invariants for highly critical subsystems [»tretJ9_2001]

Quote: formal methods do not help with conceptual models and high-level structuring; both require experience; formal specification gives a false feeling of confidence [»tretJ9_2001]

Quote: an automaton is a black box that answers "yes" or "no" to arbitrary, finite sequences of symbols from a fixed, finite alphabet [»rabiMO4_1959]

Quote: an automaton's operation is determined by finite, internal states; i.e., stable states of the machine at discrete time intervals; nothing else matters [»rabiMO4_1959]

Quote: one-tape, finite automaton are closed under backward tapes and complex products; forms a Boolean algebra of sets [»rabiMO4_1959]

Quote: nondeterministic automaton equivalent to finite automaton; many choices at each move, with at least one winning combination; simpler description with fewer internal states [»rabiMO4_1959]

Quote: finite automata do not support hierarchical design or concurrency; large, real-time systems are impossible to understand [»benvA9_1991]

Quote: Lucent uses virtual finite-state machines (VFSM) to separate the control behavior of a software module from its data manipulation; formal, executable, early error checking, 50% fewer defects, automatic documentation [»florAR1_1997]

Quote: formal design specification allows test construction concurrently with coding; ready to test when coding finished [»tretJ9_2001]

Quote: testers are effective reviewers of formal design specifications; they use the specifications to write their tests

Quote: secure DNS resolver in 10 lines of code; easier to understand than BIND's security policy [»jimT5_2000]

Quote: use combinators to find the value of a financial contract; compositional, abstract valuation semantics [»joneSP9_2000]

Quote: a financial contract has an acquisition date and an horizon or expiry date; (truncate t c) trims t's horizon to c [»joneSP9_2000]

Quote: contracts in terms of observables; i.e., time-varying, objective measurements; e.g., temperature in LA [»joneSP9_2000]

Quote: choose to acquire a financial contract (anytime u) or choose either contract (or) [»joneSP9_2000]

Quote: use scoped combinators in Haskell for block and unblocking asynchronous interrupts; formal semantics

Quote: the expression +/ in J is a tacit definition of summation; arguments are implicit; tacit definition is widely usable [»huiRKW8_1991]

Quote: the tacit function 'f g h' is a fork that applies g to the results of f and h; e.g, 'a (+ * -) b' is '(a+b)*(a-b)' [»huiRKW8_1991]

Quote: J's primitives are one or two letters, e.g., $y for shape of y, #y for count of y, x,:y append itemized x to itemized y, f^:n y apply f n times to y [»huiRKW8_1991]

Quote: APL has two function modifiers (reduction and cross product), but they can only combine with primitives [»backJ_1972]

Quote: use tables to specify the post-value of a variable for various combinations of pre-values [»parnDL12_1994]

Quote: can interrupt a purely-functional computation at any point; allows asynchronous exceptions [»marlS6_2001]

Quote: used formal methods for BOS, the automated control system for Rotterdam's movable dam; highest safety integrity level; completed on time and within budget [»tretJ9_2001]

Quote: validated BOS's communication protocol with PROMELA and SPIN; identified an unsafe situation where only one door closed; intuitive chart of message sequence [»tretJ9_2001]

Quote: formal methods were used successfully; all of the software engineers found them useful [»tretJ9_2001]

Quote: should have formalized the functional specification as well as the technical design; found problems, errors, ambiguities, and inconsistencies [»tretJ9_2001]

Quote: to produce an utterance one has to refer back to general rules and forward to specific rules while reconstructing the rules from continuity, context, and exceptions [»misrVN_1966]

Quote: formal methods are less understandable than actual program text

Quote: dealing with changed requirements is particularly painful for formal program development [»berrDM10_2002]

Quote: requirements and proofs are inherently global; a changed requirement may require redoing most of the proofs; verification gets dropped [»berrDM10_2002]

Quote: a simple error in Z can lead to a correct specification with a completely different meanings; e.g., forgetting a prime symbol ' to indicate the new state [»tretJ9_2001]