One of the touted advantages of formal methods is the ability to do proof. But examples of proofs as part of industrial formal methods projects are relatively hard to find. I describe here two of the large Z proof projects I have been involved in at Logica, one for the correctness of a High Integrity Compiler, one for security properties of a smartcard-based electronic purse. I also show how the entire specification and proof process is deeply affected by why something is being proved, what is being proved, and how the finished proof is to be presented. I finish off by describing, based on my experiences, what I believe to be the requirements for an industrial-strength Z proof tool.
More on the
@inproceedings(SS-NFMW3, author = "Susan Stepney", title = "A Tale of Two Proofs", crossref = "NFMW3" ) @proceedings(NFMW3, title = "BCS-FACS Third Northern Formal Methods Workshop, Ilkley, UK, September 1998", booktitle = "BCS-FACS Third Northern Formal Methods Workshop, Ilkley, UK, September 1998", series = "Electronic Workshops in Computing", year = 1998 )