To what extend does the migration to using a formal method on an existing system require reworking existing artefacts ?

(re-phrasing of requirements, re-engineering of models, re-writing of test plans, etc.)

Main -> FAQ -> MF-QPAM-1


 * Theme: Migration to a Formalism (MF)
 * Role: PQAM

Answer
In this answer, we distinguish the set of artefacts coming upstream the use of formal methods, and the ones coming downstream of the use of formal methods. For the upstream artefact, the general answer is no, while for the downstream artefact, the general answer is yes, as the goal of formal methods is to detect every possible mistake in the analysed models. Not propagating detected errors would make the use of formal methods pointless.

One can also pipeline the deployment of formal methods, and use it exclusively on new developments.

1. Upstream artefacts
Formal methods work on models, which are defined in some mathematical notation that do not offer the same circumvention structures as natural languages. as such, they do not offer the same flexibility as human have in incorporating trends or compensating erroneous or incomplete documents. Deploying formal methods might therefore trigger the rewriting of requirements documents and other upstream documents. Consider for instance the use of the adverb "preferably" in a natural language specification; this adverb cannot be translated into formal concepts without interpreting its concrete meaning and implication in the considered system. Resolving such imprecision or incompleteness might lead to a partial rewriting of these documents. Engineers might therefore more eagerly report issues or require additional information about the existing documents. If this phenomenon happens, one might take on the opportunity to improve those documents.

As an example, consider the description of an algorithm in natural language, and its implementation. When one proceeds with the implementation, one will systematically question the description of the algorithm; possibly spotting incompleteness or ambiguity in it. Consider also the success story on Requirements Quality Improvements through Requirements Modelling. It illustrates a dramatic improvement in the quality of requirements document after the deployment of formal methods in subsequent steps of the development process.

2. Downstream artefacts
Through the development and analysis of formal models, engineers will probably be able to produce higher quality downstream artefact than the existing ones. There are two reasons for this:
 * First, formal methods will hopefully detect some bugs, which might be taken into account in the downstream artefacts
 * Second, developing the model will possibly gain in knowledge of the system, through the development of precise models, and be required to resolve some ambiguity in the upstream artefacts.

This is the expected effect of formal methods. A budget should therefore be considered for the correction of bugs in existing downwards artefacts.

Notice also that some artefacts might be generated by the use of formal methods, so that they might be discarded, possibly after a quality check of the newly generated artefacts.