Teaching Systems for Formal Methods

The software systems that are primarily designed for learning formal specifications fall into two categories. The first category includes all the formal method tools that are claimed to be useful for learning. They are, in general, developed by researchers in the formal specification discipline. The second category includes systems which are principally developed for pedagogical purpose by researchers in the CBL systems discipline. Each category will be considered in turn.

3.4.1 Formal Method Tools for Teaching

The research literature related to the following software tools claims that they could be used for learning formal methods: Zbrowser (Mikusiak et al. 1995), ZAL/ZED (Morrey et al. 1993), VisualiZer (Yap 1999), and ZTC/ZANS (Jia 1995b, a). Basically, they offer an

environment for the users to actively learn a specific topic through trial and error. All of these tools demand significant tutor guidance for novices. Some of them, though primitive, do provide useful hints and feedback. The first three of these tools will be discussed in detail.

Zbrowser (Mikusiak et al. 1995) is principally a syntax-directed browser for Z. It lacks

data type checking, proof or refinement facilities. Primarily, Zbrowser is designed to overcome the second difficulty mentioned previously  complex notation and structure. The authors claim that it can be used as a teaching aid. There are features which do differentiate Zbrowser from many other tools for Z notation, such as the graphical representation for Z data types using the table metaphor; the efficient interfacing mechanism to reduce short-term memory loads such as paragraph expansion-contraction facilities; extended subject sensitive error reports; on-line context sensitive help facilities, and problem oriented examples. From a pedagogical point of view, all the above mentioned features make Zbrowser an efficient teaching aid. Zbrowser was evaluated with 40 subjects and the results show (not statistically) that the subjects using Zbrowser performed better than the control group, in both quality and comprehension of Z specifications.

ZAL. ZED is a typical formal specification editing tool which supports syntax and type checking and limited semantic checking with some context sensitive help facility. ZAL (Z Animation in LISP) is an animation tool that can generate a prototype in LISP, which demonstrates the functionality of the intended system at an early stage of the development process. ZAL primarily addresses the third difficulty mentioned previously, whilst ZED addresses the second difficulty. This package, Morrey e. al. (ibid.) maintain, encourages

and facilitates an exploratory (rather than declarative) approach to formal specification, and in turn supports the teaching process, since this allows students to use a ‘try and see’ approach. Although no formal evaluation is reported, the authors, based on the students’ feedback, provide empirical evaluation and assessment of the ZED/ZAL package as follows: “Preliminary results indicate that in addition to the benefits which ZAL provides of increasing students’ confidence in their ability to reason in a concrete way about their own specification, it has also provided a test-bed for exploration and experimentation”

(Morrey et al. 1993, p. 331).Formal specifications in Z can be transformed to LISP code

automatically. The learner can inspect the code and explore the real impact of their specifications. ZAD/ZEL utilizes the transformation technique (formal specification to program) for pedagogy. However, the construction process is largely undertaken by the system. Nevertheless, the ‘trial and error’ or ‘try and see’ approach allows the learners to actively examine, understand and develop an insight into the construction process.

VisualiZer (Yap 1999) is a visual environment used to create Z documents. It has significant features to specify data abstractions. With the exception of this, it does not have many interesting features, other than the graphical editing tools. Evaluation is not reported.

3.4.2 CBL Systems for Formal Methods

Despite the number of tools for aiding the development of specifications, surprisingly, there appears to be no reference in the literature for CBL systems for formal methods. MEMO-II (Forcheri et al. 1994) and FLUTE (Devedzic et al. 2000) are the only existing

CBL systems found to be related to this research. As noted by its authors, MEMO-II is intended for learning programming not for formal specification. It is an education oriented programming environment, which allows users to build programs from formal

specifications via interaction with the system. Forcheri et al. (1994) claim that learning to

program requires modelling capabilities. A programming problem may be modelled using two approaches. One is a computational model depending on a programming paradigm, and the other is an abstract model independent of any paradigms. Learning to construct abstract models helps software practitioners to switch effortlessly between different paradigms. MEMO-II follows the second approach; and additionally, Forcheri et al.

(1994) claim that it also offers facilities to map this abstract model into effective implementations.

MEMO-II guides novice programmers to build abstract models and experiment with them in different programming paradigms. The underlying formal method used in this system is an algebraic specification language. Firstly, MEMO-II provides a syntax supportive editing environment, within which a specification may be built interactively. Prototypes cannot be created automatically for all the specifications. Therefore, secondly, it automatically checks whether a prototype may be generated for this specification. The types of errors, if any, are explained in detail. Thirdly, it checks whether the specification owns and only owns the intended properties. This proof process is carried out automatically. Fourthly, the specification can be translated into a programming language in different paradigms (functional-LISP, procedural-C and logical-PROLOG). Finally, the resultant code can be executed within the Memo-II environment itself.

MEMO-II, in the same way as a formal method tool, provides a syntax sensitive editing/browsing environment, and validating, proving and animating capabilities with its own compiler. From a pedagogical point of view, it can be used as a learning system within which learners can study by experimenting and using suitable examples. However, learners are left to make their own comparisons between specifications and the resultant generated code. Nothing is mentioned about evaluating MEMO-II. In a similar way to ZAD/ZAL, MEMO-II also uses a transformation technique (from formal specification to computer program) for pedagogy. However, ZAD/ZEL uses it for learning formal specification, whereas MEMO-II uses it for computer programming. In order to learn a computer programming language, MEMO-II requires novices to learn a formal specification language, the syntax of which is equally or more complicated. Usually, formal methods are taught after programming. MEMO-II may also be useful for revising algebraic formal specification.

2000), although FLUTE is intended to teach formal languages, rather than formal methods per se. FLUTE operates in three modes: teaching, examination and consulting. The pedagogical module is responsible for selecting one of these modes, depending on the user’s choice. There are also student and explanation modules. FLUTE is more concerned about the underlying theoretical aspects of formal methods than its application to software engineering. It is more useful for computer science students than software engineering students or practitioners. The authors compare FLUTE with other ITSs, but no classroom evaluation is reported.

3.5 Summary

Learning formal methods and programming is considered challenging. Due to its high linkage with mathematics and logic, software tools are inevitable in the use of any formal methods. Some formal method tools, such as visual programming environments, provide suitable features for learning some aspects of formal methods. Besides, only one CBL system is designed to teach formal methods. Another system, although it is designed to learn programming, may be used to learn certain aspects of formal methods. For all that, there are still no systems designed to learn any object oriented formal methods.

Being formal notations, learning formal notation and computer programming have many common features. There are hundreds of CBL systems designed for programming. They are grouped under four headings. Firstly, Bug Finders employs a trial-and-error approach in teaching programming - coding and debugging, in contrast to abstraction and refinement. Feedback will be given only after the full program is submitted. Secondly, Intelligent Tutors can monitor each step and provide appropriate assistance at the right time. The system control may vary from model tracing to mentoring. Thirdly, Programming Environments offers an appropriate environment (it includes rich tools such as algorithm animation, data structure visualisation etc.) for the learner to build their own understanding. Fourthly, Intelligent Programming Environments include both features of rich interactive environment and adaptive assistance.