3rd Irish Workshop on Formal Methods (IWFM)
1st - 2nd July 1999
Formal specification methods hold promise for bridging the wide gap between an intuitive idea for solving a problem by computer, and the executable program that attempts to do the job. The use of formalism is itself a good thing, allowing professionals to understand and analyze their work better. However, formal methods are an aid to human effort, not a panacea. Conventional software testing can be an ideal complement to formally directed development. Tests are concrete and immediately comprehensible to end users, and they are unlikely to miss mistakes because of a pernicious correlation with the formal work.
Research is needed on ways to make formal specifications and testing work together to realize the potential of both. Tests should serve to increase confidence that a formal method has been correctly applied. Such tests would free the developers from tedious checking of formalism details, and the success of only a few tests would have real significance for the software’s correctness.
As an example of a formalism/testing partnership, this talk describes joint work with Sergio Antoy  on automatically checking a conventional implementation of an abstract data type against its formal algebraic specification.