There have been few genuine success stories about industrial use of formal methods. Perhaps the best known and most celebrated is the use of Z by IBM (in collaboration with Oxford University's Programming Research Group) during the development of CICS/ESA (version 3.1). This work was rewarded with the prestigious Queen's Award for Technological Achievement in 1992 and is especially notable for two reasons: 1) because it is a commercial, rather than safety- or security-critical, system and 2) because the claims made about the effectiveness of Z are quantitative as well as qualitative. The most widely publicized claims are: less than half the normal number of customer-reported errors and a 9% savings in the total development costs of the release. This paper provides an independent assessment of the effectiveness of using Z on CICS based on the set of public domain documents. Using this evidence, we believe that the case study was important and valuable, but that the quantitative claims have not been substantiated. The intellectual arguments and rationale for formal methods are attractive, but their widespread commercial use is ultimately dependent upon more convincing quantitative demonstrations of effectiveness. Despite the pioneering efforts of IBM and PRG, there is still a need for rigorous, measurement-based case studies to assess when and how the methods are most effective. We describe how future similar case studies could be improved so that the results are more rigorous and conclusive.
[1]
Dan Craigen,et al.
Formal Methods Reality Check: Industrial Usage
,
1993,
FME.
[2]
Jonathan P. Bowen,et al.
Safety-critical systems, formal methods and standards
,
1993,
Softw. Eng. J..
[3]
Edsger W. Dijkstra,et al.
Guarded commands, nondeterminacy and formal derivation of programs
,
1975,
Commun. ACM.
[4]
Jonathan P. Bowen,et al.
Seven More Myths of Formal Methods
,
1994,
FME.
[5]
O. L. Davies,et al.
The Design and Analysis of Experiments
,
1953
.
[6]
B. P. Collins,et al.
Introducing formal methods, the CICS experience
,
1989
.
[7]
Robert L. Glass,et al.
Science and substance: a challenge to software engineers
,
1994,
IEEE Software.
[8]
Steve King,et al.
CICS Project Report: Experiences and Results from the use of Z in IBM
,
1991,
VDM Europe.
[9]
Mark Phillips.
CICS/ESA 3.1 Experiences
,
1989,
Z User Workshop.
[10]
B. Kitchenham,et al.
Case Studies for Method and Tool Evaluation
,
1995,
IEEE Softw..
[11]
Bernard De Neumann,et al.
Mathematical structures for software engineering
,
1991
.
[12]
Kate Finney,et al.
Mathematical Notation in Formal Specification: Too Difficult for the Masses?
,
1996,
IEEE Trans. Software Eng..