SOFTWARE TESTING, VERIFICATION AND RELIABILITY Softw. Test. Verif. Reliab. 2001; 11:181–195 (DOI: 10.1002/stvr.223) Teaching formal methods lite via testing Mark Utting ∗,† and Steve Reeves Department of Computer Science, The University of Waikato, Hamilton, New Zealand SUMMARY A new style of formal methods course is described, based on a pragmatic approach that emphasizes testing. The course introduces students to formal specification using Z, and shows how formal specification and testing can benefit each other, in both the validation and verification phases. It uses a tools-based approach, with practical work that reinforces formal specification techniques as well as traditional software engineering skills, such as unit and system testing, inspection and defensive programming with assertions. The two main results are to identify several practical uses of formal specifications that are not widely practised or taught, and to demonstrate that teaching them results in a more interesting and relevant formal methods course. Copyright  2001 John Wiley & Sons, Ltd. KEY WORDS: testing; specifications; assertions; teaching; formal methods 1. INTRODUCTION Like many other universities, The University of Waikato offers a course on formal methods as part of the undergraduate computer science curriculum. The course, entitled ‘Advanced Software Engineering’, is a compulsory subject in the software engineering programme of the four-year BCMS (Bachelor of Computing and Mathematical Sciences) degree and an optional subject in other programmes. It generally attracts about 20 to 25 students. Topics covered in the course usually include formal specification using Z [1], code verification using Floyd–Hoare logics [2] and simple forms of proof such as calculating preconditions, verifying invariants and proving simple safety properties. In 1997, the student evaluation results for the course showed that most students were disinterested in much of the content and many saw it as ‘irrelevant’ and ‘not practical’. Consequently, the course was redesigned to focus on practical applications of formal methods, as described in Sections 2 through 4. The redesigned course, based on this so-called ‘formal methods lite’ ∗ Correspondence to: Mark Utting, Department of Computer Science, School of Computing and Mathematical Sciences, The University of Waikato, Private Bag 3105, Hamilton, New Zealand. † E-mail: marku@cs.waikato.ac.nz Published online 18 May 2001 Copyright  2001 John Wiley & Sons, Ltd. Received 17 March 2000 Accepted 8 January 2001