Correctness through formal methods
Explore formal methods in software engineering for software correctness, ensuring safety in critical systems and leveraging advanced techniques.
Software testing cannot guarantee freedom from errors - it only provides examples, not proof. This is exactly where formal methods come in: they enable mathematically validated statements about all possible system states, from simple type checkers to complete proof of correctness. The effort involved ranges from almost zero to a factor of 100 compared to development, but in safety-critical areas such as financial systems or automotive, this proof is indispensable.
Podcast Episode: Correctness through formal methods
In the latest episode of the Software Testing Podcast, we celebrate World Quality Week. I talk to Lars and Bianca about how to mathematically prove freedom from defects in software and which tools can help. Bianca uses examples from the financial and automotive industries to explain why certain systems require absolute freedom from errors. Lars complements the conversation with insights into formal methods and how they are applied in practice. One particularly interesting topic was how AI can support us in providing evidence.
“I can’t prove freedom from errors with tests. There are simply certain domains where I need freedom from errors and also proof.” - Lars Hupel, Bianca Lutz
Lars Hupel is Chief Evangelist for Digital Currencies at Giesecke+Devrient, an international security technology company. As part of this role, Lars holds and writes numerous talks, workshops and articles to make the technology behind digital currencies accessible to a wide audience. With a background as a software developer, Lars also contributes to product development and represents the company on various industry bodies. Lars holds a PhD in Logic and Verification from the Technical University of Munich and uses this knowledge to make Giesecke+Devrient’s products even more secure.
Bianca Lutz is a software architect at Active Group GmbH and works from Berlin. She was already interested in formal methods during her studies and worked with the proof assistant Isabelle/HOL. But she is also still enthusiastic about technical topics such as operating systems, especially embedded systems. She has been involved in various scientific publications, is a Linux kernel contributor and has published in Isabelle’s Archive of Formal Proofs as part of her thesis. After working in the insurance industry for several years, where she mainly dealt with legacy code, she switched to the functional programming camp in 2022.
Highlights der Episode
- Formal methods prove correctness for all cases, tests only provide examples.
- Type systems are the most lightweight formal method - already used by many today.
- Verification requires 10 to 100 lines of proof per line of code - effort must be appropriate.
- Formal methods must be considered early on, not thrown over the fence later.
- Proof assistants such as Isabelle generate human-readable proofs that machines are guaranteed to have checked.
Software quality and formal methods
Why flawlessness is important
In the field of software testing, absolute freedom from errors is difficult to guarantee. However, in certain industries - such as finance, automotive or medical technology - the requirements for freedom from errors are particularly high, as even small errors can have drastic consequences. For this reason, systems in such areas must be tested and validated with particular care.
The role of formal methods
Tests alone are often not enough to ensure complete correctness in safety-critical systems. Formal methods are used here and make it possible to provide mathematically rigorous proofs of the correctness of software. The use of proof assistants ensures that there are no logical gaps in the reasoning and checks. These methods complement conventional tests and increase the reliability of the results.
Practical applications and challenges
In practice, formal methods are often associated with considerable additional work. For example, it may be necessary to write up to ten lines of proof code for each line of regular code. Nevertheless, there are also less complex approaches such as type systems or model checkers, which are less comprehensive but still provide valuable insights and increase the quality of testing.
Automation and AI support
Automation and artificial intelligence (AI) are playing an increasingly important role in the creation of formal proofs. Some modern tools, such as Isabel, already use machine learning algorithms to generate proofs faster and significantly reduce manual effort. Such automated processes make the application of formal methods more efficient and accessible.
Conclusion and outlook
The combination of tests and formal methods is crucial to ensure the highest software quality. These techniques are not a stand-alone solution, but a valuable addition to traditional testing methods. Advances in the field of AI open up new opportunities to further develop these methods and make them even more widely applicable. The future therefore promises exciting developments in the interaction between AI and formal verification.
Frequently Asked Questions
Formal methods are systematic approaches to the specification, verification and validation of software. They include techniques such as model checking, formal specifications and theorematic checks. The benefit of these methods lies in the improvement of software quality, as they detect errors at an early stage and increase reliability. Through precise mathematical models, they enable clear communication between developers and stakeholders, which reduces misunderstandings and makes the development process more efficient.
Formal methods are crucial for software correctness as they use mathematical approaches to identify and correct errors in software. Through precise specifications and verification, they ensure that programs only perform the intended functions. This reduces the risk of bugs and increases reliability. Formal methods also enable systematic analysis and improve understanding of the software architecture. Overall, they make a significant contribution to quality assurance in software development.
Frequently used formal methods for software verification are model checking, theorem proving and abstract interpretation. These methods make it possible to analyze programs mathematically and systematically identify errors. Model checking checks models for certain properties, while theorem proving provides evidence for the correctness of programs. Abstract Interpretation analyzes programs by approximating their behavior. The use of formal methods increases the reliability of software, especially in safety-critical applications, as they enable precise and complete verification.
The main differences between model checking and theorem proving in the formal methods lie in their approach. Model checking systematically examines models to ensure that properties are satisfied, checking all possible states. Theorem Proving, on the other hand, uses logical deduction to derive properties from axioms and often requires manual intervention. While model checking is automated, theorem proving requires more interaction from the user. In addition, model checking is efficient for finite systems, while theorem proving can also be used for infinite structures.
When using formal methods, practical challenges arise such as the high level of effort required for modeling and specification, which is often time-consuming. In addition, understanding formal methods requires specialist knowledge, which makes it difficult to train employees. Complex systems can be difficult to verify, leading to incomplete analysis. Integrated development environments are often inadequate, which hinders the use of the methods. Finally, acceptance within the team can vary, which makes implementation even more difficult.
Formal methods are systematic approaches to the specification, verification and validation of software and systems. They use mathematical models to check the correctness of system behavior. Model checking is a key technique in this context, which automatically examines all possible states of a system to ensure that certain properties are fulfilled. This allows errors to be detected and eliminated at an early stage, which increases the reliability of software.
Formal methods are particularly advantageous in safety-critical software projects such as aviation, medical technology or the automotive industry. In these areas, freedom from errors is crucial, as mistakes can have serious consequences. Formal methods also increase the reliability and traceability of software in highly regulated areas such as the financial sector. They also support the development of complex systems where requirements need to be precisely defined and verified. Their application leads to higher software quality and security.
Formal methods use specialized software tools such as Coq, Isabelle, and Alloy to verify and model software. These tools help to create mathematically precise specifications and identify errors early on in the development process. In addition, tools such as TLA+ and Spin provide support for model checking and temporal logics. By using such software tools, developers significantly improve the reliability and security of their software projects, as formal methods work systematically and rigorously.
Temporal logics are formal methods that formulate statements about the temporal aspects of systems. They make it possible to derive behavior over time by using steps such as always, sometimes or until. Temporal logics are used in verification to ensure that systems fulfill certain temporal properties such as safety and liveness. This allows errors in software and hardware to be detected and rectified at an early stage, which increases the reliability of the systems.
Formal methods are mathematical techniques for specifying, verifying and analyzing software and systems. They provide precise rules and models to prove the correctness of programs and detect errors at an early stage. The use of formal languages increases clarity and comprehensibility. Formal methods help to understand complex systems and provide a secure foundation for critical applications, for example in aviation or medical technology.
Related Posts
Richard Seidl
•May 19, 2026
Why agentic engineering changes everything
Richard Seidl
•May 12, 2026